diff --git a/charts/ingress-nginx/templates/_helpers.tpl b/charts/ingress-nginx/templates/_helpers.tpl index c1200a238..dc7f15564 100644 --- a/charts/ingress-nginx/templates/_helpers.tpl +++ b/charts/ingress-nginx/templates/_helpers.tpl @@ -114,6 +114,17 @@ Return the appropriate apiVersion for deployment. {{- end -}} {{- end -}} +{{/* +Return the appropriate apiVersion for daemonset. +*/}} +{{- define "daemonset.apiVersion" -}} +{{- if semverCompare ">=1.9-0" .Capabilities.KubeVersion.GitVersion -}} +{{- print "apps/v1" -}} +{{- else -}} +{{- print "v1/beta2" -}} +{{- end -}} +{{- end -}} + {{/* Return the appropriate apiGroup for PodSecurityPolicy. */}} diff --git a/charts/ingress-nginx/templates/admission-webhooks/job-patch/clusterrole.yaml b/charts/ingress-nginx/templates/admission-webhooks/job-patch/clusterrole.yaml index 8629369dc..4aba6bb59 100644 --- a/charts/ingress-nginx/templates/admission-webhooks/job-patch/clusterrole.yaml +++ b/charts/ingress-nginx/templates/admission-webhooks/job-patch/clusterrole.yaml @@ -1,8 +1,8 @@ -{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled }} +{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled -}} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: {{ include "ingress-nginx.fullname" . }}-admission + name: {{ template "ingress-nginx.fullname" . }}-admission annotations: "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded @@ -22,6 +22,6 @@ rules: resources: ['podsecuritypolicies'] verbs: ['use'] resourceNames: - - {{ include "ingress-nginx.fullname" . }}-admission + - {{ template "ingress-nginx.fullname" . }}-admission {{- end }} {{- end }} diff --git a/charts/ingress-nginx/templates/admission-webhooks/job-patch/clusterrolebinding.yaml b/charts/ingress-nginx/templates/admission-webhooks/job-patch/clusterrolebinding.yaml index 163833e87..133911f2b 100644 --- a/charts/ingress-nginx/templates/admission-webhooks/job-patch/clusterrolebinding.yaml +++ b/charts/ingress-nginx/templates/admission-webhooks/job-patch/clusterrolebinding.yaml @@ -1,8 +1,8 @@ -{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled }} +{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled -}} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: {{ include "ingress-nginx.fullname" . }}-admission + name: {{ template "ingress-nginx.fullname" . }}-admission annotations: "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded @@ -12,9 +12,9 @@ metadata: roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: {{ include "ingress-nginx.fullname" . }}-admission + name: {{ template "ingress-nginx.fullname" . }}-admission subjects: - kind: ServiceAccount - name: {{ include "ingress-nginx.fullname" . }}-admission + name: {{ template "ingress-nginx.fullname" . }}-admission namespace: {{ .Release.Namespace }} {{- end }} diff --git a/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml b/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml index 209c1a24b..c3aeebe4a 100644 --- a/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml +++ b/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml @@ -1,8 +1,8 @@ -{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled }} +{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled -}} apiVersion: batch/v1 kind: Job metadata: - name: {{ include "ingress-nginx.fullname" . }}-admission-create + name: {{ template "ingress-nginx.fullname" . }}-admission-create annotations: "helm.sh/hook": pre-install,pre-upgrade "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded @@ -10,24 +10,23 @@ metadata: {{- include "ingress-nginx.labels" . | nindent 4 }} app.kubernetes.io/component: admission-webhook spec: - {{- if .Capabilities.APIVersions.Has "batch/v1alpha1" }} +{{- if .Capabilities.APIVersions.Has "batch/v1alpha1" }} # Alpha feature since k8s 1.12 ttlSecondsAfterFinished: 0 - {{- end }} +{{- end }} template: metadata: - name: {{ include "ingress-nginx.fullname" . }}-admission-create -{{- with .Values.controller.admissionWebhooks.patch.podAnnotations }} - annotations: -{{ toYaml . | indent 8 }} -{{- end }} + name: {{ template "ingress-nginx.fullname" . }}-admission-create + {{- if .Values.controller.admissionWebhooks.patch.podAnnotations }} + annotations: {{ toYaml .Values.controller.admissionWebhooks.patch.podAnnotations | nindent 8 }} + {{- end }} labels: {{- include "ingress-nginx.labels" . | nindent 8 }} app.kubernetes.io/component: admission-webhook spec: - {{- if .Values.controller.admissionWebhooks.patch.priorityClassName }} + {{- if .Values.controller.admissionWebhooks.patch.priorityClassName }} priorityClassName: {{ .Values.controller.admissionWebhooks.patch.priorityClassName }} - {{- end }} + {{- end }} containers: - name: create image: {{ .Values.controller.admissionWebhooks.patch.image.repository }}:{{ .Values.controller.admissionWebhooks.patch.image.tag }} @@ -38,11 +37,10 @@ spec: - --namespace={{ .Release.Namespace }} - --secret-name={{ template "ingress-nginx.fullname". }}-admission restartPolicy: OnFailure - serviceAccountName: {{ include "ingress-nginx.fullname" . }}-admission - {{- with .Values.controller.admissionWebhooks.patch.nodeSelector }} - nodeSelector: -{{ toYaml . | indent 8 }} - {{- end }} + serviceAccountName: {{ template "ingress-nginx.fullname" . }}-admission + {{- if .Values.controller.admissionWebhooks.patch.nodeSelector }} + nodeSelector: {{ toYaml .Values.controller.admissionWebhooks.patch.nodeSelector | nindent 8 }} + {{- end }} securityContext: runAsNonRoot: true runAsUser: 2000 diff --git a/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml b/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml index 13b3b3023..7daf5f996 100644 --- a/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml +++ b/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml @@ -1,8 +1,8 @@ -{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled }} +{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled -}} apiVersion: batch/v1 kind: Job metadata: - name: {{ include "ingress-nginx.fullname" . }}-admission-patch + name: {{ template "ingress-nginx.fullname" . }}-admission-patch annotations: "helm.sh/hook": post-install,post-upgrade "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded @@ -10,41 +10,39 @@ metadata: {{- include "ingress-nginx.labels" . | nindent 4 }} app.kubernetes.io/component: admission-webhook spec: - {{- if .Capabilities.APIVersions.Has "batch/v1alpha1" }} +{{- if .Capabilities.APIVersions.Has "batch/v1alpha1" }} # Alpha feature since k8s 1.12 ttlSecondsAfterFinished: 0 - {{- end }} +{{- end }} template: metadata: - name: {{ include "ingress-nginx.fullname" . }}-admission-patch -{{- with .Values.controller.admissionWebhooks.patch.podAnnotations }} - annotations: -{{ toYaml . | indent 8 }} -{{- end }} + name: {{ template "ingress-nginx.fullname" . }}-admission-patch + {{- if .Values.controller.admissionWebhooks.patch.podAnnotations }} + annotations: {{ toYaml .Values.controller.admissionWebhooks.patch.podAnnotations | nindent 8 }} + {{- end }} labels: {{- include "ingress-nginx.labels" . | nindent 8 }} app.kubernetes.io/component: admission-webhook spec: - {{- if .Values.controller.admissionWebhooks.patch.priorityClassName }} + {{- if .Values.controller.admissionWebhooks.patch.priorityClassName }} priorityClassName: {{ .Values.controller.admissionWebhooks.patch.priorityClassName }} - {{- end }} + {{- end }} containers: - name: patch image: {{ .Values.controller.admissionWebhooks.patch.image.repository }}:{{ .Values.controller.admissionWebhooks.patch.image.tag }} imagePullPolicy: {{ .Values.controller.admissionWebhooks.patch.pullPolicy }} args: - patch - - --webhook-name={{ include "ingress-nginx.fullname" . }}-admission + - --webhook-name={{ template "ingress-nginx.fullname" . }}-admission - --namespace={{ .Release.Namespace }} - --patch-mutating=false - --secret-name={{ template "ingress-nginx.fullname". }}-admission - --patch-failure-policy={{ .Values.controller.admissionWebhooks.failurePolicy }} restartPolicy: OnFailure - serviceAccountName: {{ include "ingress-nginx.fullname" . }}-admission - {{- with .Values.controller.admissionWebhooks.patch.nodeSelector }} - nodeSelector: -{{ toYaml . | indent 8 }} - {{- end }} + serviceAccountName: {{ template "ingress-nginx.fullname" . }}-admission + {{- if .Values.controller.admissionWebhooks.patch.nodeSelector }} + nodeSelector: {{ toYaml .Values.controller.admissionWebhooks.patch.nodeSelector | nindent 8 }} + {{- end }} securityContext: runAsNonRoot: true runAsUser: 2000 diff --git a/charts/ingress-nginx/templates/admission-webhooks/job-patch/psp.yaml b/charts/ingress-nginx/templates/admission-webhooks/job-patch/psp.yaml index cf5644af6..651656067 100644 --- a/charts/ingress-nginx/templates/admission-webhooks/job-patch/psp.yaml +++ b/charts/ingress-nginx/templates/admission-webhooks/job-patch/psp.yaml @@ -1,8 +1,8 @@ -{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled .Values.podSecurityPolicy.enabled }} +{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled .Values.podSecurityPolicy.enabled -}} apiVersion: policy/v1beta1 kind: PodSecurityPolicy metadata: - name: {{ include "ingress-nginx.fullname" . }}-admission + name: {{ template "ingress-nginx.fullname" . }}-admission annotations: "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded diff --git a/charts/ingress-nginx/templates/admission-webhooks/job-patch/role.yaml b/charts/ingress-nginx/templates/admission-webhooks/job-patch/role.yaml index 30fa6361c..c42e4588f 100644 --- a/charts/ingress-nginx/templates/admission-webhooks/job-patch/role.yaml +++ b/charts/ingress-nginx/templates/admission-webhooks/job-patch/role.yaml @@ -1,8 +1,8 @@ -{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled }} +{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled -}} apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: {{ include "ingress-nginx.fullname" . }}-admission + name: {{ template "ingress-nginx.fullname" . }}-admission annotations: "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded diff --git a/charts/ingress-nginx/templates/admission-webhooks/job-patch/rolebinding.yaml b/charts/ingress-nginx/templates/admission-webhooks/job-patch/rolebinding.yaml index 06413f1ec..d3dc6f689 100644 --- a/charts/ingress-nginx/templates/admission-webhooks/job-patch/rolebinding.yaml +++ b/charts/ingress-nginx/templates/admission-webhooks/job-patch/rolebinding.yaml @@ -1,8 +1,8 @@ -{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled }} +{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled -}} apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: {{ include "ingress-nginx.fullname" . }}-admission + name: {{ template "ingress-nginx.fullname" . }}-admission annotations: "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded @@ -12,9 +12,9 @@ metadata: roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: {{ include "ingress-nginx.fullname" . }}-admission + name: {{ template "ingress-nginx.fullname" . }}-admission subjects: - kind: ServiceAccount - name: {{ include "ingress-nginx.fullname" . }}-admission + name: {{ template "ingress-nginx.fullname" . }}-admission namespace: {{ .Release.Namespace }} {{- end }} diff --git a/charts/ingress-nginx/templates/admission-webhooks/job-patch/serviceaccount.yaml b/charts/ingress-nginx/templates/admission-webhooks/job-patch/serviceaccount.yaml index 04088bee8..280c142b1 100644 --- a/charts/ingress-nginx/templates/admission-webhooks/job-patch/serviceaccount.yaml +++ b/charts/ingress-nginx/templates/admission-webhooks/job-patch/serviceaccount.yaml @@ -1,8 +1,8 @@ -{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled }} +{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled -}} apiVersion: v1 kind: ServiceAccount metadata: - name: {{ include "ingress-nginx.fullname" . }}-admission + name: {{ template "ingress-nginx.fullname" . }}-admission annotations: "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded diff --git a/charts/ingress-nginx/templates/admission-webhooks/validating-webhook.yaml b/charts/ingress-nginx/templates/admission-webhooks/validating-webhook.yaml index 693daf04d..9a408762e 100644 --- a/charts/ingress-nginx/templates/admission-webhooks/validating-webhook.yaml +++ b/charts/ingress-nginx/templates/admission-webhooks/validating-webhook.yaml @@ -1,11 +1,11 @@ -{{- if .Values.controller.admissionWebhooks.enabled }} +{{- if .Values.controller.admissionWebhooks.enabled -}} apiVersion: admissionregistration.k8s.io/v1beta1 kind: ValidatingWebhookConfiguration metadata: labels: {{- include "ingress-nginx.labels" . | nindent 4 }} app.kubernetes.io/component: admission-webhook - name: {{ include "ingress-nginx.fullname" . }}-admission + name: {{ template "ingress-nginx.fullname" . }}-admission webhooks: - name: validate.nginx.ingress.kubernetes.io rules: diff --git a/charts/ingress-nginx/templates/clusterrole.yaml b/charts/ingress-nginx/templates/clusterrole.yaml index 63f97e264..fe7c5f511 100644 --- a/charts/ingress-nginx/templates/clusterrole.yaml +++ b/charts/ingress-nginx/templates/clusterrole.yaml @@ -1,4 +1,4 @@ -{{- if and (.Values.rbac.create) (not .Values.rbac.scope) -}} +{{- if and .Values.rbac.create (not .Values.rbac.scope) -}} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -65,4 +65,4 @@ rules: - ingresses/status verbs: - update -{{- end -}} +{{- end }} diff --git a/charts/ingress-nginx/templates/clusterrolebinding.yaml b/charts/ingress-nginx/templates/clusterrolebinding.yaml index f4bb8dea0..8ed962e19 100644 --- a/charts/ingress-nginx/templates/clusterrolebinding.yaml +++ b/charts/ingress-nginx/templates/clusterrolebinding.yaml @@ -1,16 +1,16 @@ -{{- if and (.Values.rbac.create) (not .Values.rbac.scope) -}} +{{- if and .Values.rbac.create (not .Values.rbac.scope) -}} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: labels: {{- include "ingress-nginx.labels" . | nindent 4 }} - name: {{ include "ingress-nginx.fullname" . }} + name: {{ template "ingress-nginx.fullname" . }} roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: {{ include "ingress-nginx.fullname" . }} + name: {{ template "ingress-nginx.fullname" . }} subjects: - kind: ServiceAccount name: {{ template "ingress-nginx.serviceAccountName" . }} namespace: {{ .Release.Namespace }} -{{- end -}} +{{- end }} diff --git a/charts/ingress-nginx/templates/addheaders-configmap.yaml b/charts/ingress-nginx/templates/controller-configmap-addheaders.yaml similarity index 71% rename from charts/ingress-nginx/templates/addheaders-configmap.yaml rename to charts/ingress-nginx/templates/controller-configmap-addheaders.yaml index 88069239c..0322cb9c7 100644 --- a/charts/ingress-nginx/templates/addheaders-configmap.yaml +++ b/charts/ingress-nginx/templates/controller-configmap-addheaders.yaml @@ -1,4 +1,4 @@ -{{- if .Values.controller.addHeaders }} +{{- if .Values.controller.addHeaders -}} apiVersion: v1 kind: ConfigMap metadata: @@ -6,6 +6,5 @@ metadata: {{- include "ingress-nginx.labels" . | nindent 4 }} app.kubernetes.io/component: {{ .Values.controller.name | quote }} name: {{ include "ingress-nginx.fullname" . }}-custom-add-headers -data: -{{ toYaml .Values.controller.addHeaders | indent 2 }} +data: {{ toYaml .Values.controller.addHeaders | nindent 2 }} {{- end }} diff --git a/charts/ingress-nginx/templates/proxyheaders-configmap.yaml b/charts/ingress-nginx/templates/controller-configmap-proxyheaders.yaml similarity index 97% rename from charts/ingress-nginx/templates/proxyheaders-configmap.yaml rename to charts/ingress-nginx/templates/controller-configmap-proxyheaders.yaml index 260384343..44c2bd23d 100644 --- a/charts/ingress-nginx/templates/proxyheaders-configmap.yaml +++ b/charts/ingress-nginx/templates/controller-configmap-proxyheaders.yaml @@ -1,4 +1,4 @@ -{{- if or .Values.controller.proxySetHeaders .Values.controller.headers }} +{{- if or .Values.controller.proxySetHeaders .Values.controller.headers -}} apiVersion: v1 kind: ConfigMap metadata: diff --git a/charts/ingress-nginx/templates/tcp-configmap.yaml b/charts/ingress-nginx/templates/controller-configmap-tcp.yaml similarity index 54% rename from charts/ingress-nginx/templates/tcp-configmap.yaml rename to charts/ingress-nginx/templates/controller-configmap-tcp.yaml index 361fc4e5a..fcfb52941 100644 --- a/charts/ingress-nginx/templates/tcp-configmap.yaml +++ b/charts/ingress-nginx/templates/controller-configmap-tcp.yaml @@ -1,13 +1,13 @@ -{{- if .Values.tcp }} +{{- if .Values.tcp -}} apiVersion: v1 kind: ConfigMap metadata: labels: {{- include "ingress-nginx.labels" . | nindent 4 }} app.kubernetes.io/component: {{ .Values.controller.name | quote }} - annotations: -{{ toYaml .Values.controller.tcp.annotations | indent 4}} - name: {{ include "ingress-nginx.fullname" . }}-tcp -data: -{{ tpl (toYaml .Values.tcp) . | indent 2 }} +{{- if .Values.controller.tcp.annotations }} + annotations: {{ toYaml .Values.controller.tcp.annotations | nindent 4 }} +{{- end }} + name: {{ include "ingress-nginx.fullname" . }}-tcp +data: {{ tpl (toYaml .Values.tcp) . | nindent 2 }} {{- end }} diff --git a/charts/ingress-nginx/templates/udp-configmap.yaml b/charts/ingress-nginx/templates/controller-configmap-udp.yaml similarity index 54% rename from charts/ingress-nginx/templates/udp-configmap.yaml rename to charts/ingress-nginx/templates/controller-configmap-udp.yaml index 8c06dcee9..0061af60b 100644 --- a/charts/ingress-nginx/templates/udp-configmap.yaml +++ b/charts/ingress-nginx/templates/controller-configmap-udp.yaml @@ -1,13 +1,13 @@ -{{- if .Values.udp }} +{{- if .Values.udp -}} apiVersion: v1 kind: ConfigMap metadata: labels: {{- include "ingress-nginx.labels" . | nindent 4 }} app.kubernetes.io/component: {{ .Values.controller.name | quote }} - annotations: -{{ toYaml .Values.controller.udp.annotations | indent 4}} - name: {{ include "ingress-nginx.fullname" . }}-udp -data: -{{ tpl (toYaml .Values.udp) . | indent 2 }} +{{- if .Values.controller.udp.annotations }} + annotations: {{ toYaml .Values.controller.udp.annotations | nindent 4 }} +{{- end }} + name: {{ include "ingress-nginx.fullname" . }}-udp +data: {{ tpl (toYaml .Values.udp) . | nindent 2 }} {{- end }} diff --git a/charts/ingress-nginx/templates/controller-configmap.yaml b/charts/ingress-nginx/templates/controller-configmap.yaml index f257236ae..94f139d10 100644 --- a/charts/ingress-nginx/templates/controller-configmap.yaml +++ b/charts/ingress-nginx/templates/controller-configmap.yaml @@ -1,12 +1,13 @@ -{{- if or .Values.controller.config (or (or .Values.controller.proxySetHeaders .Values.controller.headers) .Values.controller.addHeaders) }} +{{- if or .Values.controller.config (or (or .Values.controller.proxySetHeaders .Values.controller.headers) .Values.controller.addHeaders) -}} apiVersion: v1 kind: ConfigMap metadata: labels: {{- include "ingress-nginx.labels" . | nindent 4 }} app.kubernetes.io/component: {{ .Values.controller.name | quote }} - annotations: -{{ toYaml .Values.controller.configAnnotations | indent 4}} +{{- if .Values.controller.configAnnotations }} + annotations: {{ toYaml .Values.controller.configAnnotations | nindent 4 }} +{{- end }} name: {{ template "ingress-nginx.controller.fullname" . }} data: {{- if .Values.controller.addHeaders }} @@ -16,6 +17,6 @@ data: proxy-set-headers: {{ .Release.Namespace }}/{{ include "ingress-nginx.fullname" . }}-custom-proxy-headers {{- end }} {{- if .Values.controller.config }} -{{ toYaml .Values.controller.config | indent 2 }} + {{ toYaml .Values.controller.config | nindent 2 }} {{- end }} {{- end }} diff --git a/charts/ingress-nginx/templates/controller-daemonset.yaml b/charts/ingress-nginx/templates/controller-daemonset.yaml index b2fd115f4..4d369dd98 100644 --- a/charts/ingress-nginx/templates/controller-daemonset.yaml +++ b/charts/ingress-nginx/templates/controller-daemonset.yaml @@ -1,63 +1,56 @@ -{{- if or (eq .Values.controller.kind "DaemonSet") (eq .Values.controller.kind "Both") }} -{{- $useHostPort := .Values.controller.daemonset.useHostPort -}} -{{- $hostPorts := .Values.controller.daemonset.hostPorts -}} -apiVersion: {{ template "deployment.apiVersion" . }} +{{- if or (eq .Values.controller.kind "DaemonSet") (eq .Values.controller.kind "Both") -}} +apiVersion: {{ template "daemonset.apiVersion" . }} kind: DaemonSet metadata: labels: {{- include "ingress-nginx.labels" . | nindent 4 }} app.kubernetes.io/component: {{ .Values.controller.name | quote }} name: {{ template "ingress-nginx.controller.fullname" . }} - annotations: -{{ toYaml .Values.controller.deploymentAnnotations | indent 4}} +{{- if .Values.controller.daemonsetAnnotations }} + annotations: {{ toYaml .Values.controller.daemonsetAnnotations | nindent 4 }} +{{- end }} spec: selector: matchLabels: {{- include "ingress-nginx.selectorLabels" . | nindent 6 }} app.kubernetes.io/component: {{ .Values.controller.name | quote }} revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} - updateStrategy: -{{ toYaml .Values.controller.updateStrategy | indent 4 }} +{{- if .Values.controller.updateStrategy }} + updateStrategy: {{ toYaml .Values.controller.updateStrategy | nindent 4 }} +{{- end }} minReadySeconds: {{ .Values.controller.minReadySeconds }} template: metadata: - {{- if .Values.controller.podAnnotations }} - annotations: - {{- range $key, $value := .Values.controller.podAnnotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} - {{- end }} + {{- if .Values.controller.podAnnotations }} + annotations: {{ toYaml .Values.controller.podAnnotations | nindent 8 }} + {{- end }} labels: {{- include "ingress-nginx.selectorLabels" . | nindent 8 }} app.kubernetes.io/component: {{ .Values.controller.name | quote }} - {{- if .Values.controller.podLabels }} -{{ toYaml .Values.controller.podLabels | indent 8}} - {{- end }} + {{- if .Values.controller.podLabels }} + {{- toYaml .Values.controller.podLabels | nindent 8 }} + {{- end }} spec: -{{- if .Values.controller.dnsConfig }} - dnsConfig: -{{ toYaml .Values.controller.dnsConfig | indent 8 }} -{{- end }} + {{- if .Values.controller.dnsConfig }} + dnsConfig: {{ toYaml .Values.controller.dnsConfig | nindent 8 }} + {{- end }} dnsPolicy: {{ .Values.controller.dnsPolicy }} - {{- if .Values.imagePullSecrets }} - imagePullSecrets: -{{ toYaml .Values.imagePullSecrets | indent 8 }} - {{- end }} -{{- if .Values.controller.priorityClassName }} - priorityClassName: "{{ .Values.controller.priorityClassName }}" -{{- end }} - {{- if .Values.controller.podSecurityContext }} - securityContext: -{{ toYaml .Values.controller.podSecurityContext | indent 8 }} - {{- end }} + {{- if .Values.imagePullSecrets }} + imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 8 }} + {{- end }} + {{- if .Values.controller.priorityClassName }} + priorityClassName: {{ .Values.controller.priorityClassName }} + {{- end }} + {{- if .Values.controller.podSecurityContext }} + securityContext: {{ toYaml .Values.controller.podSecurityContext | nindent 8 }} + {{- end }} containers: - name: {{ template "ingress-nginx.name" . }}-{{ .Values.controller.name }} - image: "{{ .Values.controller.image.repository }}:{{ .Values.controller.image.tag }}" - imagePullPolicy: "{{ .Values.controller.image.pullPolicy }}" - {{- if .Values.controller.lifecycle }} - lifecycle: -{{ toYaml .Values.controller.lifecycle | indent 12 }} - {{- end }} + image: {{ .Values.controller.image.repository }}:{{ .Values.controller.image.tag }} + imagePullPolicy: {{ .Values.controller.image.pullPolicy }} + {{- if .Values.controller.lifecycle }} + lifecycle: {{ toYaml .Values.controller.lifecycle | nindent 12 }} + {{- end }} args: - /nginx-ingress-controller {{- if .Values.defaultBackend.enabled }} @@ -92,7 +85,7 @@ spec: {{- if .Values.controller.scope.enabled }} - --watch-namespace={{ default .Release.Namespace .Values.controller.scope.namespace }} {{- end }} - {{- if and (.Values.controller.reportNodeInternalIp) (.Values.controller.hostNetwork)}} + {{- if and .Values.controller.reportNodeInternalIp .Values.controller.hostNetwork }} - --report-node-internal-ip-address={{ .Values.controller.reportNodeInternalIp }} {{- end }} {{- if .Values.controller.admissionWebhooks.enabled }} @@ -110,7 +103,7 @@ spec: - --{{ $key }} {{- end }} {{- end }} - {{- if (semverCompare ">=0.16.0" .Values.controller.image.tag) }} + {{- if (semverCompare ">=0.16.0" .Values.controller.image.tag) }} securityContext: capabilities: drop: @@ -119,7 +112,7 @@ spec: - NET_BIND_SERVICE runAsUser: {{ .Values.controller.image.runAsUser }} allowPrivilegeEscalation: {{ .Values.controller.image.allowPrivilegeEscalation }} - {{- end }} + {{- end }} env: - name: POD_NAME valueFrom: @@ -130,7 +123,7 @@ spec: fieldRef: fieldPath: metadata.namespace {{- if .Values.controller.extraEnvs }} -{{ toYaml .Values.controller.extraEnvs | indent 12 }} + {{- toYaml .Values.controller.extraEnvs | nindent 12 }} {{- end }} livenessProbe: httpGet: @@ -142,13 +135,23 @@ spec: timeoutSeconds: {{ .Values.controller.livenessProbe.timeoutSeconds }} successThreshold: {{ .Values.controller.livenessProbe.successThreshold }} failureThreshold: {{ .Values.controller.livenessProbe.failureThreshold }} + readinessProbe: + httpGet: + path: /healthz + port: {{ .Values.controller.readinessProbe.port }} + scheme: HTTP + initialDelaySeconds: {{ .Values.controller.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.controller.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.controller.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }} ports: {{- range $key, $value := .Values.controller.containerPort }} - name: {{ $key }} containerPort: {{ $value }} protocol: TCP - {{- if $useHostPort }} - hostPort: {{ index $hostPorts $key | default $value }} + {{- if $.Values.controller.daemonset.useHostPort }} + hostPort: {{ index $.Values.controller.daemonset.hostPorts $key | default $value }} {{- end }} {{- end }} {{- if .Values.controller.metrics.enabled }} @@ -162,88 +165,77 @@ spec: protocol: TCP {{- end }} {{- range $key, $value := .Values.tcp }} - - name: "{{ $key }}-tcp" + - name: {{ $key }}-tcp containerPort: {{ $key }} protocol: TCP - {{- if $useHostPort }} + {{- if $.Values.controller.daemonset.useHostPort }} hostPort: {{ $key }} {{- end }} {{- end }} {{- range $key, $value := .Values.udp }} - - name: "{{ $key }}-udp" + - name: {{ $key }}-udp containerPort: {{ $key }} protocol: UDP - {{- if $useHostPort }} + {{- if $.Values.controller.daemonset.useHostPort }} hostPort: {{ $key }} {{- end }} {{- end }} - readinessProbe: - httpGet: - path: /healthz - port: {{ .Values.controller.readinessProbe.port }} - scheme: HTTP - initialDelaySeconds: {{ .Values.controller.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.controller.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.controller.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }} -{{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled) }} + {{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled) }} volumeMounts: -{{- end }} -{{- if .Values.controller.customTemplate.configMapName }} + {{- if .Values.controller.customTemplate.configMapName }} - mountPath: /etc/nginx/template name: nginx-template-volume readOnly: true -{{- end }} -{{- if .Values.controller.admissionWebhooks.enabled }} + {{- end }} + {{- if .Values.controller.admissionWebhooks.enabled }} - name: webhook-cert - mountPath: "/usr/local/certificates/" + mountPath: /usr/local/certificates/ readOnly: true -{{- end }} -{{- if .Values.controller.extraVolumeMounts }} -{{ toYaml .Values.controller.extraVolumeMounts | indent 12}} -{{- end }} - resources: -{{ toYaml .Values.controller.resources | indent 12 }} -{{- if .Values.controller.extraContainers }} -{{ toYaml .Values.controller.extraContainers | indent 8}} -{{- end }} -{{- if .Values.controller.extraInitContainers }} - initContainers: -{{ toYaml .Values.controller.extraInitContainers | indent 8}} -{{- end }} + {{- end }} + {{- if .Values.controller.extraVolumeMounts }} + {{- toYaml .Values.controller.extraVolumeMounts | nindent 12 }} + {{- end }} + {{- end }} + {{- if .Values.controller.resources }} + resources: {{ toYaml .Values.controller.resources | nindent 12 }} + {{- end }} + {{- if .Values.controller.extraContainers }} + {{ toYaml .Values.controller.extraContainers | nindent 8 }} + {{- end }} + {{- if .Values.controller.extraInitContainers }} + initContainers: {{ toYaml .Values.controller.extraInitContainers | nindent 8 }} + {{- end }} + {{- if .Values.controller.hostNetwork }} hostNetwork: {{ .Values.controller.hostNetwork }} + {{- end }} {{- if .Values.controller.nodeSelector }} - nodeSelector: -{{ toYaml .Values.controller.nodeSelector | indent 8 }} + nodeSelector: {{ toYaml .Values.controller.nodeSelector | nindent 8 }} {{- end }} {{- if .Values.controller.tolerations }} - tolerations: -{{ toYaml .Values.controller.tolerations | indent 8 }} + tolerations: {{ toYaml .Values.controller.tolerations | nindent 8 }} {{- end }} {{- if .Values.controller.affinity }} - affinity: -{{ toYaml .Values.controller.affinity | indent 8 }} + affinity: {{ toYaml .Values.controller.affinity | nindent 8 }} {{- end }} serviceAccountName: {{ template "ingress-nginx.serviceAccountName" . }} - terminationGracePeriodSeconds: 60 -{{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled .Values.controller.extraVolumes) }} + terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }} + {{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled .Values.controller.extraVolumes) }} volumes: -{{- end }} -{{- if .Values.controller.customTemplate.configMapName }} + {{- if .Values.controller.customTemplate.configMapName }} - name: nginx-template-volume configMap: name: {{ .Values.controller.customTemplate.configMapName }} items: - key: {{ .Values.controller.customTemplate.configMapKey }} path: nginx.tmpl -{{- end }} -{{- if .Values.controller.admissionWebhooks.enabled }} + {{- end }} + {{- if .Values.controller.admissionWebhooks.enabled }} - name: webhook-cert secret: secretName: {{ template "ingress-nginx.fullname". }}-admission -{{- end }} -{{- if .Values.controller.extraVolumes }} -{{ toYaml .Values.controller.extraVolumes | indent 8}} -{{- end }} + {{- end }} + {{- if .Values.controller.extraVolumes }} + {{ toYaml .Values.controller.extraVolumes | nindent 8 }} + {{- end }} + {{- end }} {{- end }} diff --git a/charts/ingress-nginx/templates/controller-deployment.yaml b/charts/ingress-nginx/templates/controller-deployment.yaml index 32dc96fe7..bbe05097b 100644 --- a/charts/ingress-nginx/templates/controller-deployment.yaml +++ b/charts/ingress-nginx/templates/controller-deployment.yaml @@ -1,4 +1,4 @@ -{{- if or (eq .Values.controller.kind "Deployment") (eq .Values.controller.kind "Both") }} +{{- if or (eq .Values.controller.kind "Deployment") (eq .Values.controller.kind "Both") -}} apiVersion: {{ template "deployment.apiVersion" . }} kind: Deployment metadata: @@ -6,8 +6,9 @@ metadata: {{- include "ingress-nginx.labels" . | nindent 4 }} app.kubernetes.io/component: {{ .Values.controller.name | quote }} name: {{ template "ingress-nginx.controller.fullname" . }} - annotations: -{{ toYaml .Values.controller.deploymentAnnotations | indent 4}} +{{- if .Values.controller.deploymentAnnotations }} + annotations: {{ toYaml .Values.controller.deploymentAnnotations | nindent 4 }} +{{- end }} spec: selector: matchLabels: @@ -17,48 +18,42 @@ spec: replicas: {{ .Values.controller.replicaCount }} {{- end }} revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} - strategy: -{{ toYaml .Values.controller.updateStrategy | indent 4 }} +{{- if .Values.controller.updateStrategy }} + strategy: {{ toYaml .Values.controller.updateStrategy | nindent 4 }} +{{- end }} minReadySeconds: {{ .Values.controller.minReadySeconds }} template: metadata: - {{- if .Values.controller.podAnnotations }} - annotations: - {{- range $key, $value := .Values.controller.podAnnotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} - {{- end }} + {{- if .Values.controller.podAnnotations }} + annotations: {{ toYaml .Values.controller.podAnnotations | nindent 8 }} + {{- end }} labels: {{- include "ingress-nginx.selectorLabels" . | nindent 8 }} app.kubernetes.io/component: {{ .Values.controller.name | quote }} - {{- if .Values.controller.podLabels }} -{{ toYaml .Values.controller.podLabels | indent 8 }} - {{- end }} + {{- if .Values.controller.podLabels }} + {{- toYaml .Values.controller.podLabels | nindent 8 }} + {{- end }} spec: -{{- if .Values.controller.dnsConfig }} - dnsConfig: -{{ toYaml .Values.controller.dnsConfig | indent 8 }} -{{- end }} + {{- if .Values.controller.dnsConfig }} + dnsConfig: {{ toYaml .Values.controller.dnsConfig | nindent 8 }} + {{- end }} dnsPolicy: {{ .Values.controller.dnsPolicy }} - {{- if .Values.imagePullSecrets }} - imagePullSecrets: -{{ toYaml .Values.imagePullSecrets | indent 8 }} - {{- end }} -{{- if .Values.controller.priorityClassName }} - priorityClassName: "{{ .Values.controller.priorityClassName }}" -{{- end }} - {{- if .Values.controller.podSecurityContext }} - securityContext: -{{ toYaml .Values.controller.podSecurityContext | indent 8 }} - {{- end }} + {{- if .Values.imagePullSecrets }} + imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 8 }} + {{- end }} + {{- if .Values.controller.priorityClassName }} + priorityClassName: {{ .Values.controller.priorityClassName }} + {{- end }} + {{- if .Values.controller.podSecurityContext }} + securityContext: {{ toYaml .Values.controller.podSecurityContext | nindent 8 }} + {{- end }} containers: - name: {{ template "ingress-nginx.name" . }}-{{ .Values.controller.name }} - image: "{{ .Values.controller.image.repository }}:{{ .Values.controller.image.tag }}" - imagePullPolicy: "{{ .Values.controller.image.pullPolicy }}" - {{- if .Values.controller.lifecycle }} - lifecycle: -{{ toYaml .Values.controller.lifecycle | indent 12 }} - {{- end }} + image: {{ .Values.controller.image.repository }}:{{ .Values.controller.image.tag }} + imagePullPolicy: {{ .Values.controller.image.pullPolicy }} + {{- if .Values.controller.lifecycle }} + lifecycle: {{ toYaml .Values.controller.lifecycle | nindent 12 }} + {{- end }} args: - /nginx-ingress-controller {{- if .Values.defaultBackend.enabled }} @@ -93,7 +88,7 @@ spec: {{- if .Values.controller.scope.enabled }} - --watch-namespace={{ default .Release.Namespace .Values.controller.scope.namespace }} {{- end }} - {{- if and (.Values.controller.reportNodeInternalIp) (.Values.controller.hostNetwork) }} + {{- if and .Values.controller.reportNodeInternalIp .Values.controller.hostNetwork }} - --report-node-internal-ip-address={{ .Values.controller.reportNodeInternalIp }} {{- end }} {{- if .Values.controller.admissionWebhooks.enabled }} @@ -111,7 +106,7 @@ spec: - --{{ $key }} {{- end }} {{- end }} - {{- if (semverCompare ">=0.16.0" .Values.controller.image.tag) }} + {{- if (semverCompare ">=0.16.0" .Values.controller.image.tag) }} securityContext: capabilities: drop: @@ -120,7 +115,7 @@ spec: - NET_BIND_SERVICE runAsUser: {{ .Values.controller.image.runAsUser }} allowPrivilegeEscalation: {{ .Values.controller.image.allowPrivilegeEscalation }} - {{- end }} + {{- end }} env: - name: POD_NAME valueFrom: @@ -131,7 +126,7 @@ spec: fieldRef: fieldPath: metadata.namespace {{- if .Values.controller.extraEnvs }} -{{ toYaml .Values.controller.extraEnvs | indent 12 }} + {{- toYaml .Values.controller.extraEnvs | nindent 12 }} {{- end }} livenessProbe: httpGet: @@ -143,6 +138,16 @@ spec: timeoutSeconds: {{ .Values.controller.livenessProbe.timeoutSeconds }} successThreshold: {{ .Values.controller.livenessProbe.successThreshold }} failureThreshold: {{ .Values.controller.livenessProbe.failureThreshold }} + readinessProbe: + httpGet: + path: /healthz + port: {{ .Values.controller.readinessProbe.port }} + scheme: HTTP + initialDelaySeconds: {{ .Values.controller.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.controller.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.controller.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }} ports: {{- range $key, $value := .Values.controller.containerPort }} - name: {{ $key }} @@ -160,82 +165,71 @@ spec: protocol: TCP {{- end }} {{- range $key, $value := .Values.tcp }} - - name: "{{ $key }}-tcp" + - name: {{ $key }}-tcp containerPort: {{ $key }} protocol: TCP {{- end }} {{- range $key, $value := .Values.udp }} - - name: "{{ $key }}-udp" + - name: {{ $key }}-udp containerPort: {{ $key }} protocol: UDP {{- end }} - readinessProbe: - httpGet: - path: /healthz - port: {{ .Values.controller.readinessProbe.port }} - scheme: HTTP - initialDelaySeconds: {{ .Values.controller.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.controller.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.controller.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }} -{{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled) }} + {{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled) }} volumeMounts: -{{- end }} -{{- if .Values.controller.customTemplate.configMapName }} + {{- if .Values.controller.customTemplate.configMapName }} - mountPath: /etc/nginx/template name: nginx-template-volume readOnly: true -{{- end }} -{{- if .Values.controller.admissionWebhooks.enabled }} + {{- end }} + {{- if .Values.controller.admissionWebhooks.enabled }} - name: webhook-cert - mountPath: "/usr/local/certificates/" + mountPath: /usr/local/certificates/ readOnly: true -{{- end }} -{{- if .Values.controller.extraVolumeMounts }} -{{ toYaml .Values.controller.extraVolumeMounts | indent 12}} -{{- end }} - resources: -{{ toYaml .Values.controller.resources | indent 12 }} -{{- if .Values.controller.extraContainers }} -{{ toYaml .Values.controller.extraContainers | indent 8}} -{{- end }} -{{- if .Values.controller.extraInitContainers }} - initContainers: -{{ toYaml .Values.controller.extraInitContainers | indent 8}} -{{- end }} + {{- end }} + {{- if .Values.controller.extraVolumeMounts }} + {{- toYaml .Values.controller.extraVolumeMounts | nindent 12 }} + {{- end }} + {{- end }} + {{- if .Values.controller.resources }} + resources: {{ toYaml .Values.controller.resources | nindent 12 }} + {{- end }} + {{- if .Values.controller.extraContainers }} + {{ toYaml .Values.controller.extraContainers | nindent 8 }} + {{- end }} + {{- if .Values.controller.extraInitContainers }} + initContainers: {{ toYaml .Values.controller.extraInitContainers | nindent 8 }} + {{- end }} + {{- if .Values.controller.hostNetwork }} hostNetwork: {{ .Values.controller.hostNetwork }} + {{- end }} {{- if .Values.controller.nodeSelector }} - nodeSelector: -{{ toYaml .Values.controller.nodeSelector | indent 8 }} + nodeSelector: {{ toYaml .Values.controller.nodeSelector | nindent 8 }} {{- end }} {{- if .Values.controller.tolerations }} - tolerations: -{{ toYaml .Values.controller.tolerations | indent 8 }} + tolerations: {{ toYaml .Values.controller.tolerations | nindent 8 }} {{- end }} {{- if .Values.controller.affinity }} - affinity: -{{ toYaml .Values.controller.affinity | indent 8 }} + affinity: {{ toYaml .Values.controller.affinity | nindent 8 }} {{- end }} serviceAccountName: {{ template "ingress-nginx.serviceAccountName" . }} terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }} -{{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled .Values.controller.extraVolumes) }} + {{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled .Values.controller.extraVolumes) }} volumes: -{{- end }} -{{- if .Values.controller.customTemplate.configMapName }} + {{- if .Values.controller.customTemplate.configMapName }} - name: nginx-template-volume configMap: name: {{ .Values.controller.customTemplate.configMapName }} items: - key: {{ .Values.controller.customTemplate.configMapKey }} path: nginx.tmpl -{{- end }} -{{- if .Values.controller.admissionWebhooks.enabled }} + {{- end }} + {{- if .Values.controller.admissionWebhooks.enabled }} - name: webhook-cert secret: secretName: {{ template "ingress-nginx.fullname". }}-admission -{{- end }} -{{- if .Values.controller.extraVolumes }} -{{ toYaml .Values.controller.extraVolumes | indent 8}} -{{- end }} + {{- end }} + {{- if .Values.controller.extraVolumes }} + {{ toYaml .Values.controller.extraVolumes | nindent 8 }} + {{- end }} + {{- end }} {{- end }} diff --git a/charts/ingress-nginx/templates/controller-hpa.yaml b/charts/ingress-nginx/templates/controller-hpa.yaml index 7b7d8e2fa..50e41ac38 100644 --- a/charts/ingress-nginx/templates/controller-hpa.yaml +++ b/charts/ingress-nginx/templates/controller-hpa.yaml @@ -1,5 +1,4 @@ -{{- if or (eq .Values.controller.kind "Deployment") (eq .Values.controller.kind "Both") }} -{{- if .Values.controller.autoscaling.enabled }} +{{- if and .Values.controller.autoscaling.enabled (or (eq .Values.controller.kind "Deployment") (eq .Values.controller.kind "Both")) -}} apiVersion: autoscaling/v2beta1 kind: HorizontalPodAutoscaler metadata: @@ -15,17 +14,16 @@ spec: minReplicas: {{ .Values.controller.autoscaling.minReplicas }} maxReplicas: {{ .Values.controller.autoscaling.maxReplicas }} metrics: -{{- with .Values.controller.autoscaling.targetCPUUtilizationPercentage }} + {{- with .Values.controller.autoscaling.targetCPUUtilizationPercentage }} - type: Resource resource: name: cpu targetAverageUtilization: {{ . }} -{{- end }} -{{- with .Values.controller.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} + {{- with .Values.controller.autoscaling.targetMemoryUtilizationPercentage }} - type: Resource resource: name: memory targetAverageUtilization: {{ . }} -{{- end }} -{{- end }} + {{- end }} {{- end }} diff --git a/charts/ingress-nginx/templates/controller-poddisruptionbudget.yaml b/charts/ingress-nginx/templates/controller-poddisruptionbudget.yaml index 5bbbb9eda..0a47a62d3 100644 --- a/charts/ingress-nginx/templates/controller-poddisruptionbudget.yaml +++ b/charts/ingress-nginx/templates/controller-poddisruptionbudget.yaml @@ -1,4 +1,4 @@ -{{- if or (and .Values.controller.autoscaling.enabled (gt (.Values.controller.autoscaling.minReplicas | int) 1)) (gt (.Values.controller.replicaCount | int) 1) }} +{{- if or (and .Values.controller.autoscaling.enabled (gt (.Values.controller.autoscaling.minReplicas | int) 1)) (gt (.Values.controller.replicaCount | int) 1) -}} apiVersion: policy/v1beta1 kind: PodDisruptionBudget metadata: diff --git a/charts/ingress-nginx/templates/controller-prometheusrules.yaml b/charts/ingress-nginx/templates/controller-prometheusrules.yaml index b74170de7..f458992fd 100644 --- a/charts/ingress-nginx/templates/controller-prometheusrules.yaml +++ b/charts/ingress-nginx/templates/controller-prometheusrules.yaml @@ -1,21 +1,21 @@ -{{- if and .Values.controller.metrics.enabled .Values.controller.metrics.prometheusRule.enabled }} +{{- if and .Values.controller.metrics.enabled .Values.controller.metrics.prometheusRule.enabled -}} apiVersion: monitoring.coreos.com/v1 kind: PrometheusRule metadata: name: {{ template "ingress-nginx.controller.fullname" . }} - {{- if .Values.controller.metrics.prometheusRule.namespace }} +{{- if .Values.controller.metrics.prometheusRule.namespace }} namespace: {{ .Values.controller.metrics.prometheusRule.namespace }} - {{- end }} +{{- end }} labels: {{- include "ingress-nginx.labels" . | nindent 4 }} app.kubernetes.io/component: {{ .Values.controller.name | quote }} - {{- if .Values.controller.metrics.prometheusRule.additionalLabels }} -{{ toYaml .Values.controller.metrics.prometheusRule.additionalLabels | indent 4 }} - {{- end }} -spec: - {{- with .Values.controller.metrics.prometheusRule.rules }} - groups: - - name: {{ template "ingress-nginx.name" $ }} - rules: {{- toYaml . | nindent 4 }} + {{- if .Values.controller.metrics.prometheusRule.additionalLabels }} + {{- toYaml .Values.controller.metrics.prometheusRule.additionalLabels | nindent 4 }} {{- end }} +spec: +{{- if .Values.controller.metrics.prometheusRule.rules }} + groups: + - name: {{ template "ingress-nginx.name" . }} + rules: {{- toYaml .Values.controller.metrics.prometheusRule.rules | nindent 4 }} +{{- end }} {{- end }} diff --git a/charts/ingress-nginx/templates/controller-psp.yaml b/charts/ingress-nginx/templates/controller-psp.yaml index 34101e17f..7d540b315 100644 --- a/charts/ingress-nginx/templates/controller-psp.yaml +++ b/charts/ingress-nginx/templates/controller-psp.yaml @@ -1,8 +1,8 @@ -{{- if .Values.podSecurityPolicy.enabled}} +{{- if .Values.podSecurityPolicy.enabled -}} apiVersion: {{ template "podSecurityPolicy.apiVersion" . }} kind: PodSecurityPolicy metadata: - name: {{ include "ingress-nginx.fullname" . }} + name: {{ template "ingress-nginx.fullname" . }} labels: {{- include "ingress-nginx.labels" . | nindent 4 }} app.kubernetes.io/component: {{ .Values.controller.name | quote }} @@ -18,7 +18,9 @@ spec: #- 'projected' - 'secret' #- 'downwardAPI' +{{- if .Values.controller.hostNetwork }} hostNetwork: {{ .Values.controller.hostNetwork }} +{{- end }} {{- if or .Values.controller.hostNetwork .Values.controller.daemonset.useHostPort }} hostPorts: {{- if .Values.controller.hostNetwork }} diff --git a/charts/ingress-nginx/templates/controller-role.yaml b/charts/ingress-nginx/templates/controller-role.yaml index 8dcf3348e..7fd8da43f 100644 --- a/charts/ingress-nginx/templates/controller-role.yaml +++ b/charts/ingress-nginx/templates/controller-role.yaml @@ -5,7 +5,7 @@ metadata: labels: {{- include "ingress-nginx.labels" . | nindent 4 }} app.kubernetes.io/component: {{ .Values.controller.name | quote }} - name: {{ include "ingress-nginx.fullname" . }} + name: {{ template "ingress-nginx.fullname" . }} rules: - apiGroups: - "" @@ -80,10 +80,9 @@ rules: - create - patch {{- if .Values.podSecurityPolicy.enabled }} - - apiGroups: ['{{ template "podSecurityPolicy.apiGroup" . }}'] + - apiGroups: [{{ template "podSecurityPolicy.apiGroup" . }}] resources: ['podsecuritypolicies'] verbs: ['use'] - resourceNames: [{{ include "ingress-nginx.fullname" . }}] + resourceNames: [{{ template "ingress-nginx.fullname" . }}] +{{- end }} {{- end }} - -{{- end -}} diff --git a/charts/ingress-nginx/templates/controller-rolebinding.yaml b/charts/ingress-nginx/templates/controller-rolebinding.yaml index 539e53d49..ed3087a67 100644 --- a/charts/ingress-nginx/templates/controller-rolebinding.yaml +++ b/charts/ingress-nginx/templates/controller-rolebinding.yaml @@ -5,13 +5,13 @@ metadata: labels: {{- include "ingress-nginx.labels" . | nindent 4 }} app.kubernetes.io/component: {{ .Values.controller.name | quote }} - name: {{ include "ingress-nginx.fullname" . }} + name: {{ template "ingress-nginx.fullname" . }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: {{ include "ingress-nginx.fullname" . }} + name: {{ template "ingress-nginx.fullname" . }} subjects: - kind: ServiceAccount name: {{ template "ingress-nginx.serviceAccountName" . }} namespace: {{ .Release.Namespace }} -{{- end -}} +{{- end }} diff --git a/charts/ingress-nginx/templates/controller-metrics-service.yaml b/charts/ingress-nginx/templates/controller-service-metrics.yaml similarity index 50% rename from charts/ingress-nginx/templates/controller-metrics-service.yaml rename to charts/ingress-nginx/templates/controller-service-metrics.yaml index 7e0807295..96aa1ce1a 100644 --- a/charts/ingress-nginx/templates/controller-metrics-service.yaml +++ b/charts/ingress-nginx/templates/controller-service-metrics.yaml @@ -1,36 +1,30 @@ -{{- if .Values.controller.metrics.enabled }} +{{- if .Values.controller.metrics.enabled -}} apiVersion: v1 kind: Service metadata: {{- if .Values.controller.metrics.service.annotations }} - annotations: - {{- range $key, $value := .Values.controller.metrics.service.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} + annotations: {{ toYaml .Values.controller.metrics.service.annotations | nindent 4 }} {{- end }} labels: -{{- if .Values.controller.metrics.service.labels }} -{{ toYaml .Values.controller.metrics.service.labels | indent 4 }} -{{- end }} {{- include "ingress-nginx.labels" . | nindent 4 }} app.kubernetes.io/component: {{ .Values.controller.name | quote }} + {{- if .Values.controller.metrics.service.labels }} + {{- toYaml .Values.controller.metrics.service.labels | nindent 4 }} + {{- end }} name: {{ template "ingress-nginx.controller.fullname" . }}-metrics spec: -{{- if not .Values.controller.metrics.service.omitClusterIP }} - {{- with .Values.controller.metrics.service.clusterIP }} - clusterIP: {{ if eq "-" . }}""{{ else }}{{ . | quote }}{{ end }} - {{- end }} + type: {{ .Values.controller.metrics.service.type }} +{{- if .Values.controller.metrics.service.clusterIP }} + clusterIP: {{ .Values.controller.metrics.service.clusterIP }} {{- end }} {{- if .Values.controller.metrics.service.externalIPs }} - externalIPs: -{{ toYaml .Values.controller.metrics.service.externalIPs | indent 4 }} + externalIPs: {{ toYaml .Values.controller.metrics.service.externalIPs | nindent 4 }} {{- end }} {{- if .Values.controller.metrics.service.loadBalancerIP }} - loadBalancerIP: "{{ .Values.controller.metrics.service.loadBalancerIP }}" + loadBalancerIP: {{ .Values.controller.metrics.service.loadBalancerIP }} {{- end }} {{- if .Values.controller.metrics.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: -{{ toYaml .Values.controller.metrics.service.loadBalancerSourceRanges | indent 4 }} + loadBalancerSourceRanges: {{ toYaml .Values.controller.metrics.service.loadBalancerSourceRanges | nindent 4 }} {{- end }} ports: - name: metrics @@ -39,5 +33,4 @@ spec: selector: {{- include "ingress-nginx.selectorLabels" . | nindent 4 }} app.kubernetes.io/component: {{ .Values.controller.name | quote }} - type: "{{ .Values.controller.metrics.service.type }}" {{- end }} diff --git a/charts/ingress-nginx/templates/controller-webhook-service.yaml b/charts/ingress-nginx/templates/controller-service-webhook.yaml similarity index 50% rename from charts/ingress-nginx/templates/controller-webhook-service.yaml rename to charts/ingress-nginx/templates/controller-service-webhook.yaml index 2d95aa110..39fd3440b 100644 --- a/charts/ingress-nginx/templates/controller-webhook-service.yaml +++ b/charts/ingress-nginx/templates/controller-service-webhook.yaml @@ -1,33 +1,27 @@ -{{- if .Values.controller.admissionWebhooks.enabled }} +{{- if .Values.controller.admissionWebhooks.enabled -}} apiVersion: v1 kind: Service metadata: {{- if .Values.controller.admissionWebhooks.service.annotations }} - annotations: - {{- range $key, $value := .Values.controller.admissionWebhooks.service.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} + annotations: {{ toYaml .Values.controller.admissionWebhooks.service.annotations | nindent 4 }} {{- end }} labels: {{- include "ingress-nginx.labels" . | nindent 4 }} app.kubernetes.io/component: {{ .Values.controller.name | quote }} name: {{ template "ingress-nginx.controller.fullname" . }}-admission spec: -{{- if not .Values.controller.admissionWebhooks.service.omitClusterIP }} - {{- with .Values.controller.admissionWebhooks.service.clusterIP }} - clusterIP: {{ if eq "-" . }}""{{ else }}{{ . | quote }}{{ end }} - {{- end }} + type: {{ .Values.controller.admissionWebhooks.service.type }} +{{- if .Values.controller.admissionWebhooks.service.clusterIP }} + clusterIP: {{ .Values.controller.admissionWebhooks.service.clusterIP }} {{- end }} {{- if .Values.controller.admissionWebhooks.service.externalIPs }} - externalIPs: -{{ toYaml .Values.controller.admissionWebhooks.service.externalIPs | indent 4 }} + externalIPs: {{ toYaml .Values.controller.admissionWebhooks.service.externalIPs | nindent 4 }} {{- end }} {{- if .Values.controller.admissionWebhooks.service.loadBalancerIP }} - loadBalancerIP: "{{ .Values.controller.admissionWebhooks.service.loadBalancerIP }}" + loadBalancerIP: {{ .Values.controller.admissionWebhooks.service.loadBalancerIP }} {{- end }} {{- if .Values.controller.admissionWebhooks.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: -{{ toYaml .Values.controller.admissionWebhooks.service.loadBalancerSourceRanges | indent 4 }} + loadBalancerSourceRanges: {{ toYaml .Values.controller.admissionWebhooks.service.loadBalancerSourceRanges | nindent 4 }} {{- end }} ports: - name: https-webhook @@ -36,5 +30,4 @@ spec: selector: {{- include "ingress-nginx.selectorLabels" . | nindent 4 }} app.kubernetes.io/component: {{ .Values.controller.name | quote }} - type: "{{ .Values.controller.admissionWebhooks.service.type }}" {{- end }} diff --git a/charts/ingress-nginx/templates/controller-service.yaml b/charts/ingress-nginx/templates/controller-service.yaml index 3ccf3a865..77c1dbcbd 100644 --- a/charts/ingress-nginx/templates/controller-service.yaml +++ b/charts/ingress-nginx/templates/controller-service.yaml @@ -1,90 +1,83 @@ -{{- if .Values.controller.service.enabled }} +{{- if .Values.controller.service.enabled -}} apiVersion: v1 kind: Service metadata: {{- if .Values.controller.service.annotations }} - annotations: - {{- range $key, $value := .Values.controller.service.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} + annotations: {{ toYaml .Values.controller.service.annotations | nindent 4 }} {{- end }} labels: -{{- if .Values.controller.service.labels }} -{{ toYaml .Values.controller.service.labels | indent 4 }} -{{- end }} {{- include "ingress-nginx.labels" . | nindent 4 }} app.kubernetes.io/component: {{ .Values.controller.name | quote }} + {{- if .Values.controller.service.labels }} + {{- toYaml .Values.controller.service.labels | nindent 4 }} + {{- end }} name: {{ template "ingress-nginx.controller.fullname" . }} spec: -{{- if not .Values.controller.service.omitClusterIP }} - {{- with .Values.controller.service.clusterIP }} - clusterIP: {{ if eq "-" . }}""{{ else }}{{ . | quote }}{{ end }} - {{- end }} + type: {{ .Values.controller.service.type }} +{{- if .Values.controller.service.clusterIP }} + clusterIP: {{ .Values.controller.service.clusterIP }} {{- end }} {{- if .Values.controller.service.externalIPs }} - externalIPs: -{{ toYaml .Values.controller.service.externalIPs | indent 4 }} + externalIPs: {{ toYaml .Values.controller.service.externalIPs | nindent 4 }} {{- end }} {{- if .Values.controller.service.loadBalancerIP }} - loadBalancerIP: "{{ .Values.controller.service.loadBalancerIP }}" + loadBalancerIP: {{ .Values.controller.service.loadBalancerIP }} {{- end }} {{- if .Values.controller.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: -{{ toYaml .Values.controller.service.loadBalancerSourceRanges | indent 4 }} + loadBalancerSourceRanges: {{ toYaml .Values.controller.service.loadBalancerSourceRanges | nindent 4 }} {{- end }} -{{- if and (semverCompare ">=1.7-0" .Capabilities.KubeVersion.GitVersion) (.Values.controller.service.externalTrafficPolicy) }} - externalTrafficPolicy: "{{ .Values.controller.service.externalTrafficPolicy }}" +{{- if and .Values.controller.service.externalTrafficPolicy (semverCompare ">=1.7-0" .Capabilities.KubeVersion.GitVersion) }} + externalTrafficPolicy: {{ .Values.controller.service.externalTrafficPolicy }} {{- end }} {{- if .Values.controller.service.sessionAffinity }} - sessionAffinity: "{{ .Values.controller.service.sessionAffinity }}" + sessionAffinity: {{ .Values.controller.service.sessionAffinity }} {{- end }} -{{- if and (semverCompare ">=1.7-0" .Capabilities.KubeVersion.GitVersion) (.Values.controller.service.healthCheckNodePort) }} +{{- if and .Values.controller.service.healthCheckNodePort (semverCompare ">=1.7-0" .Capabilities.KubeVersion.GitVersion) }} healthCheckNodePort: {{ .Values.controller.service.healthCheckNodePort }} {{- end }} ports: - {{- $setNodePorts := (or (eq .Values.controller.service.type "NodePort") (eq .Values.controller.service.type "LoadBalancer")) }} - {{- if .Values.controller.service.enableHttp }} + {{- $setNodePorts := (or (eq .Values.controller.service.type "NodePort") (eq .Values.controller.service.type "LoadBalancer")) }} + {{- if .Values.controller.service.enableHttp }} - name: http port: {{ .Values.controller.service.ports.http }} protocol: TCP targetPort: {{ .Values.controller.service.targetPorts.http }} - {{- if (and $setNodePorts (not (empty .Values.controller.service.nodePorts.http))) }} + {{- if (and $setNodePorts (not (empty .Values.controller.service.nodePorts.http))) }} nodePort: {{ .Values.controller.service.nodePorts.http }} - {{- end }} {{- end }} - {{- if .Values.controller.service.enableHttps }} + {{- end }} + {{- if .Values.controller.service.enableHttps }} - name: https port: {{ .Values.controller.service.ports.https }} protocol: TCP targetPort: {{ .Values.controller.service.targetPorts.https }} - {{- if (and $setNodePorts (not (empty .Values.controller.service.nodePorts.https))) }} + {{- if (and $setNodePorts (not (empty .Values.controller.service.nodePorts.https))) }} nodePort: {{ .Values.controller.service.nodePorts.https }} - {{- end }} {{- end }} + {{- end }} {{- range $key, $value := .Values.tcp }} - - name: "{{ $key }}-tcp" + - name: {{ $key }}-tcp port: {{ $key }} protocol: TCP - targetPort: "{{ $key }}-tcp" - {{- if $.Values.controller.service.nodePorts.tcp }} - {{- if index $.Values.controller.service.nodePorts.tcp $key }} + targetPort: {{ $key }}-tcp + {{- if $.Values.controller.service.nodePorts.tcp }} + {{- if index $.Values.controller.service.nodePorts.tcp $key }} nodePort: {{ index $.Values.controller.service.nodePorts.tcp $key }} - {{- end }} - {{- end }} + {{- end }} + {{- end }} {{- end }} {{- range $key, $value := .Values.udp }} - - name: "{{ $key }}-udp" + - name: {{ $key }}-udp port: {{ $key }} protocol: UDP - targetPort: "{{ $key }}-udp" - {{- if $.Values.controller.service.nodePorts.udp }} - {{- if index $.Values.controller.service.nodePorts.udp $key }} + targetPort: {{ $key }}-udp + {{- if $.Values.controller.service.nodePorts.udp }} + {{- if index $.Values.controller.service.nodePorts.udp $key }} nodePort: {{ index $.Values.controller.service.nodePorts.udp $key }} - {{- end }} - {{- end }} + {{- end }} + {{- end }} {{- end }} selector: {{- include "ingress-nginx.selectorLabels" . | nindent 4 }} app.kubernetes.io/component: {{ .Values.controller.name | quote }} - type: "{{ .Values.controller.service.type }}" {{- end }} diff --git a/charts/ingress-nginx/templates/controller-serviceaccount.yaml b/charts/ingress-nginx/templates/controller-serviceaccount.yaml index bb466c65d..f2d7c2c65 100644 --- a/charts/ingress-nginx/templates/controller-serviceaccount.yaml +++ b/charts/ingress-nginx/templates/controller-serviceaccount.yaml @@ -6,4 +6,4 @@ metadata: {{- include "ingress-nginx.labels" . | nindent 4 }} app.kubernetes.io/component: {{ .Values.controller.name | quote }} name: {{ template "ingress-nginx.serviceAccountName" . }} -{{- end -}} +{{- end }} diff --git a/charts/ingress-nginx/templates/controller-servicemonitor.yaml b/charts/ingress-nginx/templates/controller-servicemonitor.yaml index e4be620eb..ff71ea06a 100644 --- a/charts/ingress-nginx/templates/controller-servicemonitor.yaml +++ b/charts/ingress-nginx/templates/controller-servicemonitor.yaml @@ -1,32 +1,31 @@ -{{- if and .Values.controller.metrics.enabled .Values.controller.metrics.serviceMonitor.enabled }} +{{- if and .Values.controller.metrics.enabled .Values.controller.metrics.serviceMonitor.enabled -}} apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: {{ template "ingress-nginx.controller.fullname" . }} - {{- if .Values.controller.metrics.serviceMonitor.namespace }} +{{- if .Values.controller.metrics.serviceMonitor.namespace }} namespace: {{ .Values.controller.metrics.serviceMonitor.namespace }} - {{- end }} +{{- end }} labels: {{- include "ingress-nginx.labels" . | nindent 4 }} app.kubernetes.io/component: {{ .Values.controller.name | quote }} - {{- if .Values.controller.metrics.serviceMonitor.additionalLabels }} -{{ toYaml .Values.controller.metrics.serviceMonitor.additionalLabels | indent 4 }} - {{- end }} + {{- if .Values.controller.metrics.serviceMonitor.additionalLabels }} + {{- toYaml .Values.controller.metrics.serviceMonitor.additionalLabels | nindent 4 }} + {{- end }} spec: endpoints: - port: metrics interval: {{ .Values.controller.metrics.serviceMonitor.scrapeInterval }} - {{- if .Values.controller.metrics.serviceMonitor.honorLabels }} + {{- if .Values.controller.metrics.serviceMonitor.honorLabels }} honorLabels: true - {{- end }} - {{- if .Values.controller.metrics.serviceMonitor.namespaceSelector }} - namespaceSelector: -{{ toYaml .Values.controller.metrics.serviceMonitor.namespaceSelector | indent 4 -}} - {{ else }} + {{- end }} +{{- if .Values.controller.metrics.serviceMonitor.namespaceSelector }} + namespaceSelector: {{ toYaml .Values.controller.metrics.serviceMonitor.namespaceSelector | nindent 4 }} +{{ else }} namespaceSelector: matchNames: - {{ .Release.Namespace }} - {{- end }} +{{- end }} selector: matchLabels: {{- include "ingress-nginx.selectorLabels" . | nindent 6 }} diff --git a/charts/ingress-nginx/templates/default-backend-deployment.yaml b/charts/ingress-nginx/templates/default-backend-deployment.yaml index 39c12f3ee..0c64e5305 100644 --- a/charts/ingress-nginx/templates/default-backend-deployment.yaml +++ b/charts/ingress-nginx/templates/default-backend-deployment.yaml @@ -1,4 +1,4 @@ -{{- if .Values.defaultBackend.enabled }} +{{- if .Values.defaultBackend.enabled -}} apiVersion: {{ template "deployment.apiVersion" . }} kind: Deployment metadata: @@ -16,33 +16,29 @@ spec: template: metadata: {{- if .Values.defaultBackend.podAnnotations }} - annotations: - {{- range $key, $value := .Values.defaultBackend.podAnnotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} + annotations: {{ toYaml .Values.defaultBackend.podAnnotations | nindent 8 }} {{- end }} labels: {{- include "ingress-nginx.selectorLabels" . | nindent 8 }} app.kubernetes.io/component: {{ .Values.defaultBackend.name | quote }} - {{- if .Values.defaultBackend.podLabels }} -{{ toYaml .Values.defaultBackend.podLabels | indent 8 }} - {{- end }} + {{- if .Values.defaultBackend.podLabels }} + {{- toYaml .Values.defaultBackend.podLabels | nindent 8 }} + {{- end }} spec: - {{- if .Values.imagePullSecrets }} - imagePullSecrets: -{{ toYaml .Values.imagePullSecrets | indent 8 }} - {{- end }} -{{- if .Values.defaultBackend.priorityClassName }} - priorityClassName: "{{ .Values.defaultBackend.priorityClassName }}" -{{- end }} - {{- if .Values.defaultBackend.podSecurityContext }} - securityContext: -{{ toYaml .Values.defaultBackend.podSecurityContext | indent 8 }} - {{- end }} + {{- if .Values.imagePullSecrets }} + imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 8 }} + {{- end }} + {{- if .Values.defaultBackend.priorityClassName }} + priorityClassName: {{ .Values.defaultBackend.priorityClassName }} + {{- end }} + {{- if .Values.defaultBackend.podSecurityContext }} + securityContext: {{ toYaml .Values.defaultBackend.podSecurityContext | nindent 8 }} + {{- end }} containers: - name: {{ template "ingress-nginx.name" . }}-{{ .Values.defaultBackend.name }} - image: "{{ .Values.defaultBackend.image.repository }}:{{ .Values.defaultBackend.image.tag }}" - imagePullPolicy: "{{ .Values.defaultBackend.image.pullPolicy }}" + image: {{ .Values.defaultBackend.image.repository }}:{{ .Values.defaultBackend.image.tag }} + imagePullPolicy: {{ .Values.defaultBackend.image.pullPolicy }} + {{- if .Values.defaultBackend.extraArgs }} args: {{- range $key, $value := .Values.defaultBackend.extraArgs }} {{- if $value }} @@ -51,12 +47,12 @@ spec: - --{{ $key }} {{- end }} {{- end }} + {{- end }} securityContext: runAsUser: {{ .Values.defaultBackend.image.runAsUser }} - {{- if .Values.defaultBackend.extraEnvs }} - env: -{{ toYaml .Values.defaultBackend.extraEnvs | indent 12 }} - {{- end }} + {{- if .Values.defaultBackend.extraEnvs }} + env: {{ toYaml .Values.defaultBackend.extraEnvs | nindent 12 }} + {{- end }} livenessProbe: httpGet: path: /healthz @@ -81,20 +77,18 @@ spec: - name: http containerPort: {{ .Values.defaultBackend.port }} protocol: TCP - resources: -{{ toYaml .Values.defaultBackend.resources | indent 12 }} + {{- if .Values.defaultBackend.resources }} + resources: {{ toYaml .Values.defaultBackend.resources | nindent 12 }} + {{- end }} {{- if .Values.defaultBackend.nodeSelector }} - nodeSelector: -{{ toYaml .Values.defaultBackend.nodeSelector | indent 8 }} + nodeSelector: {{ toYaml .Values.defaultBackend.nodeSelector | nindent 8 }} {{- end }} serviceAccountName: {{ template "ingress-nginx.defaultBackend.serviceAccountName" . }} {{- if .Values.defaultBackend.tolerations }} - tolerations: -{{ toYaml .Values.defaultBackend.tolerations | indent 8 }} + tolerations: {{ toYaml .Values.defaultBackend.tolerations | nindent 8 }} {{- end }} {{- if .Values.defaultBackend.affinity }} - affinity: -{{ toYaml .Values.defaultBackend.affinity | indent 8 }} + affinity: {{ toYaml .Values.defaultBackend.affinity | nindent 8 }} {{- end }} terminationGracePeriodSeconds: 60 {{- end }} diff --git a/charts/ingress-nginx/templates/default-backend-poddisruptionbudget.yaml b/charts/ingress-nginx/templates/default-backend-poddisruptionbudget.yaml index a82320e8c..f488b5aa1 100644 --- a/charts/ingress-nginx/templates/default-backend-poddisruptionbudget.yaml +++ b/charts/ingress-nginx/templates/default-backend-poddisruptionbudget.yaml @@ -1,4 +1,4 @@ -{{- if gt (.Values.defaultBackend.replicaCount | int) 1 }} +{{- if gt (.Values.defaultBackend.replicaCount | int) 1 -}} apiVersion: policy/v1beta1 kind: PodDisruptionBudget metadata: diff --git a/charts/ingress-nginx/templates/default-backend-psp.yaml b/charts/ingress-nginx/templates/default-backend-psp.yaml index 36458f9ef..a47cd2451 100644 --- a/charts/ingress-nginx/templates/default-backend-psp.yaml +++ b/charts/ingress-nginx/templates/default-backend-psp.yaml @@ -2,7 +2,7 @@ apiVersion: {{ template "podSecurityPolicy.apiVersion" . }} kind: PodSecurityPolicy metadata: - name: {{ include "ingress-nginx.fullname" . }}-backend + name: {{ template "ingress-nginx.fullname" . }}-backend labels: {{- include "ingress-nginx.labels" . | nindent 4 }} app.kubernetes.io/component: {{ .Values.defaultBackend.name | quote }} @@ -30,4 +30,4 @@ spec: - projected - secret - downwardAPI -{{- end -}} +{{- end }} diff --git a/charts/ingress-nginx/templates/default-backend-role.yaml b/charts/ingress-nginx/templates/default-backend-role.yaml index fa102a4e0..58179c937 100644 --- a/charts/ingress-nginx/templates/default-backend-role.yaml +++ b/charts/ingress-nginx/templates/default-backend-role.yaml @@ -5,10 +5,10 @@ metadata: labels: {{- include "ingress-nginx.labels" . | nindent 4 }} app.kubernetes.io/component: {{ .Values.defaultBackend.name | quote }} - name: {{ include "ingress-nginx.fullname" . }}-backend + name: {{ template "ingress-nginx.fullname" . }}-backend rules: - - apiGroups: ['{{ template "podSecurityPolicy.apiGroup" . }}'] + - apiGroups: [{{ template "podSecurityPolicy.apiGroup" . }}] resources: ['podsecuritypolicies'] verbs: ['use'] - resourceNames: [{{ include "ingress-nginx.fullname" . }}-backend] -{{- end -}} + resourceNames: [{{ template "ingress-nginx.fullname" . }}-backend] +{{- end }} diff --git a/charts/ingress-nginx/templates/default-backend-rolebinding.yaml b/charts/ingress-nginx/templates/default-backend-rolebinding.yaml index a5eb0d96f..3639a097e 100644 --- a/charts/ingress-nginx/templates/default-backend-rolebinding.yaml +++ b/charts/ingress-nginx/templates/default-backend-rolebinding.yaml @@ -14,4 +14,4 @@ subjects: - kind: ServiceAccount name: {{ template "ingress-nginx.defaultBackend.serviceAccountName" . }} namespace: {{ .Release.Namespace }} -{{- end -}} +{{- end }} diff --git a/charts/ingress-nginx/templates/default-backend-service.yaml b/charts/ingress-nginx/templates/default-backend-service.yaml index 433db7f95..1fe015cf9 100644 --- a/charts/ingress-nginx/templates/default-backend-service.yaml +++ b/charts/ingress-nginx/templates/default-backend-service.yaml @@ -1,33 +1,27 @@ -{{- if .Values.defaultBackend.enabled }} +{{- if .Values.defaultBackend.enabled -}} apiVersion: v1 kind: Service metadata: {{- if .Values.defaultBackend.service.annotations }} - annotations: - {{- range $key, $value := .Values.defaultBackend.service.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} + annotations: {{ toYaml .Values.defaultBackend.service.annotations | nindent 4 }} {{- end }} labels: {{- include "ingress-nginx.labels" . | nindent 4 }} app.kubernetes.io/component: {{ .Values.defaultBackend.name | quote }} name: {{ template "ingress-nginx.defaultBackend.fullname" . }} spec: -{{- if not .Values.defaultBackend.service.omitClusterIP }} - {{- with .Values.defaultBackend.service.clusterIP }} - clusterIP: {{ if eq "-" . }}""{{ else }}{{ . | quote }}{{ end }} - {{- end }} + type: {{ .Values.defaultBackend.service.type }} +{{- if .Values.defaultBackend.service.clusterIP }} + clusterIP: {{ .Values.defaultBackend.service.clusterIP }} {{- end }} {{- if .Values.defaultBackend.service.externalIPs }} - externalIPs: -{{ toYaml .Values.defaultBackend.service.externalIPs | indent 4 }} + externalIPs: {{ toYaml .Values.defaultBackend.service.externalIPs | nindent 4 }} {{- end }} {{- if .Values.defaultBackend.service.loadBalancerIP }} - loadBalancerIP: "{{ .Values.defaultBackend.service.loadBalancerIP }}" + loadBalancerIP: {{ .Values.defaultBackend.service.loadBalancerIP }} {{- end }} {{- if .Values.defaultBackend.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: -{{ toYaml .Values.defaultBackend.service.loadBalancerSourceRanges | indent 4 }} + loadBalancerSourceRanges: {{ toYaml .Values.defaultBackend.service.loadBalancerSourceRanges | nindent 4 }} {{- end }} ports: - name: http @@ -37,5 +31,4 @@ spec: selector: {{- include "ingress-nginx.selectorLabels" . | nindent 4 }} app.kubernetes.io/component: {{ .Values.defaultBackend.name | quote }} - type: "{{ .Values.defaultBackend.service.type }}" {{- end }} diff --git a/charts/ingress-nginx/templates/default-backend-serviceaccount.yaml b/charts/ingress-nginx/templates/default-backend-serviceaccount.yaml index 814a46446..8a2e9ede3 100644 --- a/charts/ingress-nginx/templates/default-backend-serviceaccount.yaml +++ b/charts/ingress-nginx/templates/default-backend-serviceaccount.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.defaultBackend.enabled .Values.defaultBackend.serviceAccount.create }} +{{- if and .Values.defaultBackend.enabled .Values.defaultBackend.serviceAccount.create -}} apiVersion: v1 kind: ServiceAccount metadata: diff --git a/charts/ingress-nginx/values.yaml b/charts/ingress-nginx/values.yaml index 792827956..5141a63c4 100644 --- a/charts/ingress-nginx/values.yaml +++ b/charts/ingress-nginx/values.yaml @@ -133,6 +133,10 @@ controller: ## deploymentAnnotations: {} + ## Annotations to be added to the controller daemonset + ## + daemonsetAnnotations: {} + # The update strategy to apply to the Deployment or DaemonSet ## updateStrategy: {} @@ -242,8 +246,6 @@ controller: annotations: {} labels: {} - ## Deprecated, instead simply do not provide a clusterIP value - omitClusterIP: false # clusterIP: "" ## List of IP addresses at which the controller services are available @@ -251,7 +253,7 @@ controller: ## externalIPs: [] - loadBalancerIP: "" + # loadBalancerIP: "" loadBalancerSourceRanges: [] enableHttp: true @@ -260,13 +262,16 @@ controller: ## Set external traffic policy to: "Local" to preserve source IP on ## providers supporting it ## Ref: https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-typeloadbalancer - externalTrafficPolicy: "" + # externalTrafficPolicy: "" # Must be either "None" or "ClientIP" if set. Kubernetes will default to "None". # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - sessionAffinity: "" + # sessionAffinity: "" - healthCheckNodePort: 0 + # specifies the health check node port (numeric port number) for the service. If healthCheckNodePort isn’t specified, + # the service controller allocates a port from your cluster’s NodePort range. + # Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + # healthCheckNodePort: 0 ports: http: 80 @@ -337,11 +342,9 @@ controller: service: annotations: {} - ## Deprecated, instead simply do not provide a clusterIP value - omitClusterIP: false # clusterIP: "" externalIPs: [] - loadBalancerIP: "" + # loadBalancerIP: "" loadBalancerSourceRanges: [] servicePort: 443 type: ClusterIP @@ -368,8 +371,6 @@ controller: # prometheus.io/scrape: "true" # prometheus.io/port: "10254" - ## Deprecated, instead simply do not provide a clusterIP value - omitClusterIP: false # clusterIP: "" ## List of IP addresses at which the stats-exporter service is available @@ -377,7 +378,7 @@ controller: ## externalIPs: [] - loadBalancerIP: "" + # loadBalancerIP: "" loadBalancerSourceRanges: [] servicePort: 9913 type: ClusterIP @@ -397,7 +398,7 @@ controller: prometheusRule: enabled: false additionalLabels: {} - namespace: "" + # namespace: "" rules: [] # # These are just examples rules, please adapt them to your needs # - alert: TooMany500s @@ -516,8 +517,7 @@ defaultBackend: service: annotations: {} - ## Deprecated, instead simply do not provide a clusterIP value - omitClusterIP: false + # clusterIP: "" ## List of IP addresses at which the default backend service is available @@ -525,7 +525,7 @@ defaultBackend: ## externalIPs: [] - loadBalancerIP: "" + # loadBalancerIP: "" loadBalancerSourceRanges: [] servicePort: 80 type: ClusterIP