DevFW-CICD/ingress-nginx-helm
12
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

update OpenTelemetry image (#9308)

Browse source 
* update OpenTelemetry image

* review comment

* helm-docs

* clean
This commit is contained in:
Ehsan Saei 2022-12-05 09:55:02 +01:00 committed by GitHub
parent 3aa53aaf5b
commit 3474c33e15
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 37 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
charts/ingress-nginx/README.md
View file

@ -372,6 +372,9 @@ Kubernetes: `>=1.20.0-0`
| controller.minReadySeconds | int | `0` | `minReadySeconds` to avoid killing pods before we are ready # | | controller.minReadySeconds | int | `0` | `minReadySeconds` to avoid killing pods before we are ready # |
| controller.name | string | `"controller"` | | | controller.name | string | `"controller"` | |
| controller.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node labels for controller pod assignment # Ref: https://kubernetes.io/docs/user-guide/node-selection/ # | | controller.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node labels for controller pod assignment # Ref: https://kubernetes.io/docs/user-guide/node-selection/ # |
| controller.opentelemetry.containerSecurityContext.allowPrivilegeEscalation | bool | `false` | |
| controller.opentelemetry.enabled | bool | `false` | |
| controller.opentelemetry.image | string | `"registry.k8s.io/ingress-nginx/opentelemetry:v20221114-controller-v1.5.1-6-ga66ee73c5@sha256:41076fd9fb4255677c1a3da1ac3fc41477f06eba3c7ebf37ffc8f734dad51d7c"` | |
| controller.podAnnotations | object | `{}` | Annotations to be added to controller pods # | | controller.podAnnotations | object | `{}` | Annotations to be added to controller pods # |
| controller.podLabels | object | `{}` | Labels to add to the pod container metadata | | controller.podLabels | object | `{}` | Labels to add to the pod container metadata |
| controller.podSecurityContext | object | `{}` | Security Context policies for controller pods | | controller.podSecurityContext | object | `{}` | Security Context policies for controller pods |

17
charts/ingress-nginx/templates/_helpers.tpl
View file

@ -193,3 +193,20 @@ IngressClass parameters.
{{ toYaml .Values.controller.ingressClassResource.parameters | indent 4}} {{ toYaml .Values.controller.ingressClassResource.parameters | indent 4}}
{{ end }} {{ end }}
{{- end -}} {{- end -}}
{{/*
Extra modules.
*/}}
{{- define "extraModules" -}}
- name: {{ .name }}
image: {{ .image }}
command: ['sh', '-c', '/usr/local/bin/init_module.sh']
{{- if (.containerSecurityContext) }}
securityContext: {{ .containerSecurityContext | toYaml | nindent 4 }}
{{- end }}
volumeMounts:
- name: {{ toYaml "modules"}}
mountPath: {{ toYaml "/modules_mount"}}
{{- end -}}

25
charts/ingress-nginx/templates/controller-deployment.yaml
View file

@ -147,9 +147,9 @@ spec:
hostPort: {{ $key }} hostPort: {{ $key }}
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled .Values.controller.extraModules) }} {{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled .Values.controller.extraModules .Values.controller.opentelemetry.enabled) }}
volumeMounts: volumeMounts:
{{- if .Values.controller.extraModules }} {{- if (or .Values.controller.extraModules .Values.controller.opentelemetry.enabled) }}
- name: modules - name: modules
{{ if .Values.controller.image.chroot }} {{ if .Values.controller.image.chroot }}
mountPath: /chroot/modules_mount mountPath: /chroot/modules_mount
@ -177,24 +177,21 @@ spec:
{{- if .Values.controller.extraContainers }} {{- if .Values.controller.extraContainers }}
{{ toYaml .Values.controller.extraContainers | nindent 8 }} {{ toYaml .Values.controller.extraContainers | nindent 8 }}
{{- end }} {{- end }}
{{- if (or .Values.controller.extraInitContainers .Values.controller.extraModules) }} {{- if (or .Values.controller.extraInitContainers .Values.controller.extraModules .Values.controller.opentelemetry.enabled) }}
initContainers: initContainers:
{{- if .Values.controller.extraInitContainers }} {{- if .Values.controller.extraInitContainers }}
{{ toYaml .Values.controller.extraInitContainers | nindent 8 }} {{ toYaml .Values.controller.extraInitContainers | nindent 8 }}
{{- end }} {{- end }}
{{- if .Values.controller.extraModules }} {{- if .Values.controller.extraModules }}
{{- range .Values.controller.extraModules }} {{- range .Values.controller.extraModules }}
- name: {{ .name }} {{ $containerSecurityContext := .containerSecurityContext | default $.Values.controller.containerSecurityContext }}
image: {{ .image }} {{- include "extraModules" (dict "name" .name "image" .image "containerSecurityContext" $containerSecurityContext | nindent 8) }}
command: ['sh', '-c', '/usr/local/bin/init_module.sh']
{{- if (or $.Values.controller.containerSecurityContext .containerSecurityContext) }}
securityContext: {{ .containerSecurityContext | default $.Values.controller.containerSecurityContext | toYaml | nindent 14 }}
{{- end }}
volumeMounts:
- name: modules
mountPath: /modules_mount
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- if .Values.controller.opentelemetry.enabled}}
{{ $otelContainerSecurityContext := $.Values.controller.opentelemetry.containerSecurityContext | default $.Values.controller.containerSecurityContext }}
{{- include "extraModules" (dict "name" "opentelemetry" "image" .Values.controller.opentelemetry.image "containerSecurityContext" $otelContainerSecurityContext) | nindent 8}}
{{- end}}
{{- end }} {{- end }}
{{- if .Values.controller.hostNetwork }} {{- if .Values.controller.hostNetwork }}
hostNetwork: {{ .Values.controller.hostNetwork }} hostNetwork: {{ .Values.controller.hostNetwork }}
@ -213,9 +210,9 @@ spec:
{{- end }} {{- end }}
serviceAccountName: {{ template "ingress-nginx.serviceAccountName" . }} serviceAccountName: {{ template "ingress-nginx.serviceAccountName" . }}
terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }} terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }}
{{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled .Values.controller.extraVolumes .Values.controller.extraModules) }} {{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled .Values.controller.extraVolumes .Values.controller.extraModules .Values.controller.opentelemetry.enabled) }}
volumes: volumes:
{{- if .Values.controller.extraModules }} {{- if (or .Values.controller.extraModules .Values.controller.opentelemetry.enabled)}}
- name: modules - name: modules
emptyDir: {} emptyDir: {}
{{- end }} {{- end }}

8
charts/ingress-nginx/values.yaml
View file

@ -583,8 +583,6 @@ controller:
# -- Modules, which are mounted into the core nginx image. See values.yaml for a sample to add opentelemetry module # -- Modules, which are mounted into the core nginx image. See values.yaml for a sample to add opentelemetry module
extraModules: [] extraModules: []
# - name: opentelemetry
# image: registry.k8s.io/ingress-nginx/opentelemetry:v20220906-g981ce38a7@sha256:aa079daa7efd93aa830e26483a49a6343354518360929494bad1d0ad3303142e
# containerSecurityContext: # containerSecurityContext:
# allowPrivilegeEscalation: false # allowPrivilegeEscalation: false
# #
@ -592,6 +590,12 @@ controller:
# will be executed as initContainers, to move its config files within the # will be executed as initContainers, to move its config files within the
# mounted volume. # mounted volume.
opentelemetry:
enabled: false
image: registry.k8s.io/ingress-nginx/opentelemetry:v20221114-controller-v1.5.1-6-ga66ee73c5@sha256:41076fd9fb4255677c1a3da1ac3fc41477f06eba3c7ebf37ffc8f734dad51d7c
containerSecurityContext:
allowPrivilegeEscalation: false
admissionWebhooks: admissionWebhooks:
annotations: {} annotations: {}
# ignore-check.kube-linter.io/no-read-only-rootfs: "This deployment needs write access to root filesystem". # ignore-check.kube-linter.io/no-read-only-rootfs: "This deployment needs write access to root filesystem".