Cleanup chart code

charts/ingress-nginx/templates/_helpers.tpl

@@ -114,6 +114,17 @@ Return the appropriate apiVersion for deployment.
 {{- end -}}
 {{- end -}}
 
+{{/*
+Return the appropriate apiVersion for daemonset.
+*/}}
+{{- define "daemonset.apiVersion" -}}
+{{- if semverCompare ">=1.9-0" .Capabilities.KubeVersion.GitVersion -}}
+{{- print "apps/v1" -}}
+{{- else -}}
+{{- print "v1/beta2" -}}
+{{- end -}}
+{{- end -}}
+
 {{/*
 Return the appropriate apiGroup for PodSecurityPolicy.
 */}}

charts/ingress-nginx/templates/admission-webhooks/job-patch/clusterrole.yaml

@@ -1,8 +1,8 @@
-{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled }}
+{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled -}}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
-  name:  {{ include "ingress-nginx.fullname" . }}-admission
+  name: {{ template "ingress-nginx.fullname" . }}-admission
   annotations:
     "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
     "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
@@ -22,6 +22,6 @@ rules:
     resources: ['podsecuritypolicies']
     verbs:     ['use']
     resourceNames:
-    - {{ include "ingress-nginx.fullname" . }}-admission
+    - {{ template "ingress-nginx.fullname" . }}-admission
 {{- end }}
 {{- end }}

charts/ingress-nginx/templates/admission-webhooks/job-patch/clusterrolebinding.yaml

@@ -1,8 +1,8 @@
-{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled }}
+{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled -}}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
-  name:  {{ include "ingress-nginx.fullname" . }}-admission
+  name:  {{ template "ingress-nginx.fullname" . }}-admission
   annotations:
     "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
     "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
@@ -12,9 +12,9 @@ metadata:
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: {{ include "ingress-nginx.fullname" . }}-admission
+  name: {{ template "ingress-nginx.fullname" . }}-admission
 subjects:
   - kind: ServiceAccount
-    name: {{ include "ingress-nginx.fullname" . }}-admission
+    name: {{ template "ingress-nginx.fullname" . }}-admission
     namespace: {{ .Release.Namespace }}
 {{- end }}

charts/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml

@@ -1,8 +1,8 @@
-{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled }}
+{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled -}}
 apiVersion: batch/v1
 kind: Job
 metadata:
-  name: {{ include "ingress-nginx.fullname" . }}-admission-create
+  name: {{ template "ingress-nginx.fullname" . }}-admission-create
   annotations:
     "helm.sh/hook": pre-install,pre-upgrade
     "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
@@ -16,10 +16,9 @@ spec:
 {{- end }}
   template:
     metadata:
-      name: {{ include "ingress-nginx.fullname" . }}-admission-create
+      name: {{ template "ingress-nginx.fullname" . }}-admission-create
-{{- with .Values.controller.admissionWebhooks.patch.podAnnotations }}
+    {{- if .Values.controller.admissionWebhooks.patch.podAnnotations }}
-      annotations:
+      annotations: {{ toYaml .Values.controller.admissionWebhooks.patch.podAnnotations | nindent 8 }}
-{{ toYaml .  | indent 8 }}
     {{- end }}
       labels:
         {{- include "ingress-nginx.labels" . | nindent 8 }}
@@ -38,10 +37,9 @@ spec:
             - --namespace={{ .Release.Namespace }}
             - --secret-name={{ template "ingress-nginx.fullname". }}-admission
       restartPolicy: OnFailure
-      serviceAccountName: {{ include "ingress-nginx.fullname" . }}-admission
+      serviceAccountName: {{ template "ingress-nginx.fullname" . }}-admission
-      {{- with .Values.controller.admissionWebhooks.patch.nodeSelector }}
+    {{- if .Values.controller.admissionWebhooks.patch.nodeSelector }}
-      nodeSelector:
+      nodeSelector: {{ toYaml .Values.controller.admissionWebhooks.patch.nodeSelector | nindent 8 }}
-{{ toYaml . | indent 8 }}
     {{- end }}
       securityContext:
         runAsNonRoot: true

charts/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml

@@ -1,8 +1,8 @@
-{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled }}
+{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled -}}
 apiVersion: batch/v1
 kind: Job
 metadata:
-  name: {{ include "ingress-nginx.fullname" . }}-admission-patch
+  name: {{ template "ingress-nginx.fullname" . }}-admission-patch
   annotations:
     "helm.sh/hook": post-install,post-upgrade
     "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
@@ -16,10 +16,9 @@ spec:
 {{- end }}
   template:
     metadata:
-      name:   {{ include "ingress-nginx.fullname" . }}-admission-patch
+      name: {{ template "ingress-nginx.fullname" . }}-admission-patch
-{{- with .Values.controller.admissionWebhooks.patch.podAnnotations }}
+    {{- if .Values.controller.admissionWebhooks.patch.podAnnotations }}
-      annotations:
+      annotations: {{ toYaml .Values.controller.admissionWebhooks.patch.podAnnotations | nindent 8 }}
-{{ toYaml .  | indent 8 }}
     {{- end }}
       labels:
         {{- include "ingress-nginx.labels" . | nindent 8 }}
@@ -34,16 +33,15 @@ spec:
           imagePullPolicy: {{ .Values.controller.admissionWebhooks.patch.pullPolicy }}
           args:
             - patch
-            - --webhook-name={{ include "ingress-nginx.fullname" . }}-admission
+            - --webhook-name={{ template "ingress-nginx.fullname" . }}-admission
             - --namespace={{ .Release.Namespace }}
             - --patch-mutating=false
             - --secret-name={{ template "ingress-nginx.fullname". }}-admission
             - --patch-failure-policy={{ .Values.controller.admissionWebhooks.failurePolicy }}
       restartPolicy: OnFailure
-      serviceAccountName: {{ include "ingress-nginx.fullname" . }}-admission
+      serviceAccountName: {{ template "ingress-nginx.fullname" . }}-admission
-      {{- with .Values.controller.admissionWebhooks.patch.nodeSelector }}
+    {{- if .Values.controller.admissionWebhooks.patch.nodeSelector }}
-      nodeSelector:
+      nodeSelector: {{ toYaml .Values.controller.admissionWebhooks.patch.nodeSelector | nindent 8 }}
-{{ toYaml . | indent 8 }}
     {{- end }}
       securityContext:
         runAsNonRoot: true

charts/ingress-nginx/templates/admission-webhooks/job-patch/psp.yaml

@@ -1,8 +1,8 @@
-{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled .Values.podSecurityPolicy.enabled }}
+{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled .Values.podSecurityPolicy.enabled -}}
 apiVersion: policy/v1beta1
 kind: PodSecurityPolicy
 metadata:
-  name: {{ include "ingress-nginx.fullname" . }}-admission
+  name: {{ template "ingress-nginx.fullname" . }}-admission
   annotations:
     "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
     "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded

charts/ingress-nginx/templates/admission-webhooks/job-patch/role.yaml

@@ -1,8 +1,8 @@
-{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled }}
+{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled -}}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
-  name:  {{ include "ingress-nginx.fullname" . }}-admission
+  name:  {{ template "ingress-nginx.fullname" . }}-admission
   annotations:
     "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
     "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded

charts/ingress-nginx/templates/admission-webhooks/job-patch/rolebinding.yaml

@@ -1,8 +1,8 @@
-{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled }}
+{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled -}}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
-  name:  {{ include "ingress-nginx.fullname" . }}-admission
+  name: {{ template "ingress-nginx.fullname" . }}-admission
   annotations:
     "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
     "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
@@ -12,9 +12,9 @@ metadata:
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: Role
-  name: {{ include "ingress-nginx.fullname" . }}-admission
+  name: {{ template "ingress-nginx.fullname" . }}-admission
 subjects:
   - kind: ServiceAccount
-    name: {{ include "ingress-nginx.fullname" . }}-admission
+    name: {{ template "ingress-nginx.fullname" . }}-admission
     namespace: {{ .Release.Namespace }}
 {{- end }}

charts/ingress-nginx/templates/admission-webhooks/job-patch/serviceaccount.yaml

@@ -1,8 +1,8 @@
-{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled }}
+{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled -}}
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  name:  {{ include "ingress-nginx.fullname" . }}-admission
+  name: {{ template "ingress-nginx.fullname" . }}-admission
   annotations:
     "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
     "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded

charts/ingress-nginx/templates/admission-webhooks/validating-webhook.yaml

@@ -1,11 +1,11 @@
-{{- if .Values.controller.admissionWebhooks.enabled }}
+{{- if .Values.controller.admissionWebhooks.enabled -}}
 apiVersion: admissionregistration.k8s.io/v1beta1
 kind: ValidatingWebhookConfiguration
 metadata:
   labels:
     {{- include "ingress-nginx.labels" . | nindent 4 }}
     app.kubernetes.io/component: admission-webhook
-  name: {{ include "ingress-nginx.fullname" . }}-admission
+  name: {{ template "ingress-nginx.fullname" . }}-admission
 webhooks:
   - name: validate.nginx.ingress.kubernetes.io
     rules:

charts/ingress-nginx/templates/clusterrole.yaml

@@ -1,4 +1,4 @@
-{{- if and (.Values.rbac.create) (not .Values.rbac.scope) -}}
+{{- if and .Values.rbac.create (not .Values.rbac.scope) -}}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
@@ -65,4 +65,4 @@ rules:
       - ingresses/status
     verbs:
       - update
-{{- end -}}
+{{- end }}

charts/ingress-nginx/templates/clusterrolebinding.yaml

@@ -1,16 +1,16 @@
-{{- if and (.Values.rbac.create) (not .Values.rbac.scope) -}}
+{{- if and .Values.rbac.create (not .Values.rbac.scope) -}}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
   labels:
     {{- include "ingress-nginx.labels" . | nindent 4 }}
-  name: {{ include "ingress-nginx.fullname" . }}
+  name: {{ template "ingress-nginx.fullname" . }}
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: {{ include "ingress-nginx.fullname" . }}
+  name: {{ template "ingress-nginx.fullname" . }}
 subjects:
   - kind: ServiceAccount
     name: {{ template "ingress-nginx.serviceAccountName" . }}
     namespace: {{ .Release.Namespace }}
-{{- end -}}
+{{- end }}

charts/ingress-nginx/templates/controller-configmap-addheaders.yaml

@@ -1,4 +1,4 @@
-{{- if .Values.controller.addHeaders }}
+{{- if .Values.controller.addHeaders -}}
 apiVersion: v1
 kind: ConfigMap
 metadata:
@@ -6,6 +6,5 @@ metadata:
     {{- include "ingress-nginx.labels" . | nindent 4 }}
     app.kubernetes.io/component: {{ .Values.controller.name | quote }}
   name: {{ include "ingress-nginx.fullname" . }}-custom-add-headers
-data:
+data: {{ toYaml .Values.controller.addHeaders | nindent 2 }}
-{{ toYaml .Values.controller.addHeaders | indent 2 }}
 {{- end }}

charts/ingress-nginx/templates/controller-configmap-proxyheaders.yaml

@@ -1,4 +1,4 @@
-{{- if or .Values.controller.proxySetHeaders .Values.controller.headers }}
+{{- if or .Values.controller.proxySetHeaders .Values.controller.headers -}}
 apiVersion: v1
 kind: ConfigMap
 metadata:

charts/ingress-nginx/templates/controller-configmap-tcp.yaml

@@ -1,13 +1,13 @@
-{{- if .Values.tcp }}
+{{- if .Values.tcp -}}
 apiVersion: v1
 kind: ConfigMap
 metadata:
   labels:
     {{- include "ingress-nginx.labels" . | nindent 4 }}
     app.kubernetes.io/component: {{ .Values.controller.name | quote }}
-  annotations:
+{{- if .Values.controller.tcp.annotations }}
-{{ toYaml .Values.controller.tcp.annotations | indent 4}}
+  annotations: {{ toYaml .Values.controller.tcp.annotations | nindent 4 }}
-  name: {{ include "ingress-nginx.fullname" . }}-tcp
+{{- end }}
-data:
+  name: {{ include "ingress-nginx.fullname" . }}-tcp
-{{ tpl (toYaml .Values.tcp) . | indent 2 }}
+data: {{ tpl (toYaml .Values.tcp) . | nindent 2 }}
 {{- end }}

charts/ingress-nginx/templates/controller-configmap-udp.yaml

@@ -1,13 +1,13 @@
-{{- if .Values.udp }}
+{{- if .Values.udp -}}
 apiVersion: v1
 kind: ConfigMap
 metadata:
   labels:
     {{- include "ingress-nginx.labels" . | nindent 4 }}
     app.kubernetes.io/component: {{ .Values.controller.name | quote }}
-  annotations:
+{{- if .Values.controller.udp.annotations }}
-{{ toYaml .Values.controller.udp.annotations | indent 4}}
+  annotations: {{ toYaml .Values.controller.udp.annotations | nindent 4 }}
-  name: {{ include "ingress-nginx.fullname" . }}-udp
+{{- end }}
-data:
+  name: {{ include "ingress-nginx.fullname" . }}-udp
-{{ tpl (toYaml .Values.udp) . | indent 2 }}
+data: {{ tpl (toYaml .Values.udp) . | nindent 2 }}
 {{- end }}

charts/ingress-nginx/templates/controller-configmap.yaml

@@ -1,12 +1,13 @@
-{{- if or .Values.controller.config (or (or .Values.controller.proxySetHeaders .Values.controller.headers) .Values.controller.addHeaders) }}
+{{- if or .Values.controller.config (or (or .Values.controller.proxySetHeaders .Values.controller.headers) .Values.controller.addHeaders) -}}
 apiVersion: v1
 kind: ConfigMap
 metadata:
   labels:
     {{- include "ingress-nginx.labels" . | nindent 4 }}
     app.kubernetes.io/component: {{ .Values.controller.name | quote }}
-  annotations:
+{{- if .Values.controller.configAnnotations }}
-{{ toYaml .Values.controller.configAnnotations | indent 4}}
+  annotations: {{ toYaml .Values.controller.configAnnotations | nindent 4 }}
+{{- end }}
   name: {{ template "ingress-nginx.controller.fullname" . }}
 data:
 {{- if .Values.controller.addHeaders }}
@@ -16,6 +17,6 @@ data:
   proxy-set-headers: {{ .Release.Namespace }}/{{ include "ingress-nginx.fullname" . }}-custom-proxy-headers
 {{- end }}
 {{- if .Values.controller.config }}
-{{ toYaml .Values.controller.config | indent 2 }}
+  {{ toYaml .Values.controller.config | nindent 2 }}
 {{- end }}
 {{- end }}

charts/ingress-nginx/templates/controller-daemonset.yaml

@@ -1,62 +1,55 @@
-{{- if or (eq .Values.controller.kind "DaemonSet") (eq .Values.controller.kind "Both") }}
+{{- if or (eq .Values.controller.kind "DaemonSet") (eq .Values.controller.kind "Both") -}}
-{{- $useHostPort := .Values.controller.daemonset.useHostPort -}}
+apiVersion: {{ template "daemonset.apiVersion" . }}
-{{- $hostPorts := .Values.controller.daemonset.hostPorts -}}
-apiVersion: {{ template "deployment.apiVersion" . }}
 kind: DaemonSet
 metadata:
   labels:
     {{- include "ingress-nginx.labels" . | nindent 4 }}
     app.kubernetes.io/component: {{ .Values.controller.name | quote }}
   name: {{ template "ingress-nginx.controller.fullname" . }}
-  annotations:
+{{- if .Values.controller.daemonsetAnnotations }}
-{{ toYaml .Values.controller.deploymentAnnotations | indent 4}}
+  annotations: {{ toYaml .Values.controller.daemonsetAnnotations | nindent 4 }}
+{{- end }}
 spec:
   selector:
     matchLabels:
       {{- include "ingress-nginx.selectorLabels" . | nindent 6 }}
       app.kubernetes.io/component: {{ .Values.controller.name | quote }}
   revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
-  updateStrategy:
+{{- if .Values.controller.updateStrategy }}
-{{ toYaml .Values.controller.updateStrategy | indent 4 }}
+  updateStrategy: {{ toYaml .Values.controller.updateStrategy | nindent 4 }}
+{{- end }}
   minReadySeconds: {{ .Values.controller.minReadySeconds }}
   template:
     metadata:
     {{- if .Values.controller.podAnnotations }}
-      annotations:
+      annotations: {{ toYaml .Values.controller.podAnnotations | nindent 8 }}
-      {{- range $key, $value := .Values.controller.podAnnotations }}
-        {{ $key }}: {{ $value | quote }}
-      {{- end }}
     {{- end }}
       labels:
         {{- include "ingress-nginx.selectorLabels" . | nindent 8 }}
         app.kubernetes.io/component: {{ .Values.controller.name | quote }}
       {{- if .Values.controller.podLabels }}
-{{ toYaml .Values.controller.podLabels | indent 8}}
+        {{- toYaml .Values.controller.podLabels | nindent 8 }}
       {{- end }}
     spec:
     {{- if .Values.controller.dnsConfig }}
-      dnsConfig:
+      dnsConfig: {{ toYaml .Values.controller.dnsConfig | nindent 8 }}
-{{ toYaml .Values.controller.dnsConfig | indent 8 }}
     {{- end }}
       dnsPolicy: {{ .Values.controller.dnsPolicy }}
     {{- if .Values.imagePullSecrets }}
-      imagePullSecrets:
+      imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 8 }}
-{{ toYaml .Values.imagePullSecrets | indent 8 }}
     {{- end }}
     {{- if .Values.controller.priorityClassName }}
-      priorityClassName: "{{ .Values.controller.priorityClassName }}"
+      priorityClassName: {{ .Values.controller.priorityClassName }}
     {{- end }}
     {{- if .Values.controller.podSecurityContext }}
-      securityContext:
+      securityContext: {{ toYaml .Values.controller.podSecurityContext | nindent 8 }}
-{{ toYaml .Values.controller.podSecurityContext | indent 8 }}
     {{- end }}
       containers:
         - name: {{ template "ingress-nginx.name" . }}-{{ .Values.controller.name }}
-          image: "{{ .Values.controller.image.repository }}:{{ .Values.controller.image.tag }}"
+          image: {{ .Values.controller.image.repository }}:{{ .Values.controller.image.tag }}
-          imagePullPolicy: "{{ .Values.controller.image.pullPolicy }}"
+          imagePullPolicy: {{ .Values.controller.image.pullPolicy }}
         {{- if .Values.controller.lifecycle }}
-          lifecycle:
+          lifecycle: {{ toYaml .Values.controller.lifecycle | nindent 12 }}
-{{ toYaml .Values.controller.lifecycle | indent 12 }}
         {{- end }}
           args:
             - /nginx-ingress-controller
@@ -92,7 +85,7 @@ spec:
           {{- if .Values.controller.scope.enabled }}
             - --watch-namespace={{ default .Release.Namespace .Values.controller.scope.namespace }}
           {{- end }}
-          {{- if and (.Values.controller.reportNodeInternalIp) (.Values.controller.hostNetwork)}}
+          {{- if and .Values.controller.reportNodeInternalIp .Values.controller.hostNetwork }}
             - --report-node-internal-ip-address={{ .Values.controller.reportNodeInternalIp }}
           {{- end }}
           {{- if .Values.controller.admissionWebhooks.enabled }}
@@ -130,7 +123,7 @@ spec:
                 fieldRef:
                   fieldPath: metadata.namespace
           {{- if .Values.controller.extraEnvs }}
-{{ toYaml .Values.controller.extraEnvs | indent 12 }}
+            {{- toYaml .Values.controller.extraEnvs | nindent 12 }}
           {{- end }}
           livenessProbe:
             httpGet:
@@ -142,13 +135,23 @@ spec:
             timeoutSeconds: {{ .Values.controller.livenessProbe.timeoutSeconds }}
             successThreshold: {{ .Values.controller.livenessProbe.successThreshold }}
             failureThreshold: {{ .Values.controller.livenessProbe.failureThreshold }}
+          readinessProbe:
+            httpGet:
+              path: /healthz
+              port: {{ .Values.controller.readinessProbe.port }}
+              scheme: HTTP
+            initialDelaySeconds: {{ .Values.controller.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.controller.readinessProbe.periodSeconds }}
+            timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }}
+            successThreshold: {{ .Values.controller.readinessProbe.successThreshold }}
+            failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }}
           ports:
           {{- range $key, $value := .Values.controller.containerPort }}
             - name: {{ $key }}
               containerPort: {{ $value }}
               protocol: TCP
-              {{- if $useHostPort }}
+              {{- if $.Values.controller.daemonset.useHostPort }}
-              hostPort: {{ index $hostPorts $key | default $value }}
+              hostPort: {{ index $.Values.controller.daemonset.hostPorts $key | default $value }}
               {{- end }}
           {{- end }}
           {{- if .Values.controller.metrics.enabled }}
@@ -162,34 +165,23 @@ spec:
               protocol: TCP
           {{- end }}
           {{- range $key, $value := .Values.tcp }}
-            - name: "{{ $key }}-tcp"
+            - name: {{ $key }}-tcp
               containerPort: {{ $key }}
               protocol: TCP
-              {{- if $useHostPort }}
+              {{- if $.Values.controller.daemonset.useHostPort }}
               hostPort: {{ $key }}
               {{- end }}
           {{- end }}
           {{- range $key, $value := .Values.udp }}
-            - name: "{{ $key }}-udp"
+            - name: {{ $key }}-udp
               containerPort: {{ $key }}
               protocol: UDP
-              {{- if $useHostPort }}
+              {{- if $.Values.controller.daemonset.useHostPort }}
               hostPort: {{ $key }}
               {{- end }}
           {{- end }}
-          readinessProbe:
-            httpGet:
-              path: /healthz
-              port: {{ .Values.controller.readinessProbe.port }}
-              scheme: HTTP
-            initialDelaySeconds: {{ .Values.controller.readinessProbe.initialDelaySeconds }}
-            periodSeconds: {{ .Values.controller.readinessProbe.periodSeconds }}
-            timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }}
-            successThreshold: {{ .Values.controller.readinessProbe.successThreshold }}
-            failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }}
         {{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled) }}
           volumeMounts:
-{{- end }}
           {{- if .Values.controller.customTemplate.configMapName }}
             - mountPath: /etc/nginx/template
               name: nginx-template-volume
@@ -197,39 +189,38 @@ spec:
           {{- end }}
           {{- if .Values.controller.admissionWebhooks.enabled }}
             - name: webhook-cert
-              mountPath: "/usr/local/certificates/"
+              mountPath: /usr/local/certificates/
               readOnly: true
           {{- end }}
           {{- if .Values.controller.extraVolumeMounts }}
-{{ toYaml .Values.controller.extraVolumeMounts | indent 12}}
+            {{- toYaml .Values.controller.extraVolumeMounts | nindent 12 }}
+          {{- end }}
+        {{- end }}
+        {{- if .Values.controller.resources }}
+          resources: {{ toYaml .Values.controller.resources | nindent 12 }}
         {{- end }}
-          resources:
-{{ toYaml .Values.controller.resources | indent 12 }}
       {{- if .Values.controller.extraContainers }}
-{{ toYaml .Values.controller.extraContainers | indent 8}}
+        {{ toYaml .Values.controller.extraContainers | nindent 8 }}
       {{- end }}
     {{- if .Values.controller.extraInitContainers }}
-      initContainers:
+      initContainers: {{ toYaml .Values.controller.extraInitContainers | nindent 8 }}
-{{ toYaml .Values.controller.extraInitContainers | indent 8}}
     {{- end }}
+    {{- if .Values.controller.hostNetwork }}
       hostNetwork: {{ .Values.controller.hostNetwork }}
+    {{- end }}
     {{- if .Values.controller.nodeSelector }}
-      nodeSelector:
+      nodeSelector: {{ toYaml .Values.controller.nodeSelector | nindent 8 }}
-{{ toYaml .Values.controller.nodeSelector | indent 8 }}
     {{- end }}
     {{- if .Values.controller.tolerations }}
-      tolerations:
+      tolerations: {{ toYaml .Values.controller.tolerations | nindent 8 }}
-{{ toYaml .Values.controller.tolerations | indent 8 }}
     {{- end }}
     {{- if .Values.controller.affinity }}
-      affinity:
+      affinity: {{ toYaml .Values.controller.affinity | nindent 8 }}
-{{ toYaml .Values.controller.affinity | indent 8 }}
     {{- end }}
       serviceAccountName: {{ template "ingress-nginx.serviceAccountName" . }}
-      terminationGracePeriodSeconds: 60
+      terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }}
     {{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled .Values.controller.extraVolumes) }}
       volumes:
-{{- end }}
       {{- if .Values.controller.customTemplate.configMapName }}
         - name: nginx-template-volume
           configMap:
@@ -244,6 +235,7 @@ spec:
             secretName: {{ template "ingress-nginx.fullname". }}-admission
       {{- end }}
       {{- if .Values.controller.extraVolumes }}
-{{ toYaml .Values.controller.extraVolumes | indent 8}}
+        {{ toYaml .Values.controller.extraVolumes | nindent 8 }}
+      {{- end }}
     {{- end }}
 {{- end }}

charts/ingress-nginx/templates/controller-deployment.yaml

@@ -1,4 +1,4 @@
-{{- if or (eq .Values.controller.kind "Deployment") (eq .Values.controller.kind "Both") }}
+{{- if or (eq .Values.controller.kind "Deployment") (eq .Values.controller.kind "Both") -}}
 apiVersion: {{ template "deployment.apiVersion" . }}
 kind: Deployment
 metadata:
@@ -6,8 +6,9 @@ metadata:
     {{- include "ingress-nginx.labels" . | nindent 4 }}
     app.kubernetes.io/component: {{ .Values.controller.name | quote }}
   name: {{ template "ingress-nginx.controller.fullname" . }}
-  annotations:
+{{- if .Values.controller.deploymentAnnotations }}
-{{ toYaml .Values.controller.deploymentAnnotations | indent 4}}
+  annotations: {{ toYaml .Values.controller.deploymentAnnotations | nindent 4 }}
+{{- end }}
 spec:
   selector:
     matchLabels:
@@ -17,47 +18,41 @@ spec:
   replicas: {{ .Values.controller.replicaCount }}
 {{- end }}
   revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
-  strategy:
+{{- if .Values.controller.updateStrategy }}
-{{ toYaml .Values.controller.updateStrategy | indent 4 }}
+  strategy: {{ toYaml .Values.controller.updateStrategy | nindent 4 }}
+{{- end }}
   minReadySeconds: {{ .Values.controller.minReadySeconds }}
   template:
     metadata:
     {{- if .Values.controller.podAnnotations }}
-      annotations:
+      annotations: {{ toYaml .Values.controller.podAnnotations | nindent 8 }}
-      {{- range $key, $value := .Values.controller.podAnnotations }}
-        {{ $key }}: {{ $value | quote }}
-      {{- end }}
     {{- end }}
       labels:
         {{- include "ingress-nginx.selectorLabels" . | nindent 8 }}
         app.kubernetes.io/component: {{ .Values.controller.name | quote }}
       {{- if .Values.controller.podLabels }}
-{{ toYaml .Values.controller.podLabels | indent 8 }}
+        {{- toYaml .Values.controller.podLabels | nindent 8 }}
       {{- end }}
     spec:
     {{- if .Values.controller.dnsConfig }}
-      dnsConfig:
+      dnsConfig: {{ toYaml .Values.controller.dnsConfig | nindent 8 }}
-{{ toYaml .Values.controller.dnsConfig | indent 8 }}
     {{- end }}
       dnsPolicy: {{ .Values.controller.dnsPolicy }}
     {{- if .Values.imagePullSecrets }}
-      imagePullSecrets:
+      imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 8 }}
-{{ toYaml .Values.imagePullSecrets | indent 8 }}
     {{- end }}
     {{- if .Values.controller.priorityClassName }}
-      priorityClassName: "{{ .Values.controller.priorityClassName }}"
+      priorityClassName: {{ .Values.controller.priorityClassName }}
     {{- end }}
     {{- if .Values.controller.podSecurityContext }}
-      securityContext:
+      securityContext: {{ toYaml .Values.controller.podSecurityContext | nindent 8 }}
-{{ toYaml .Values.controller.podSecurityContext | indent 8 }}
     {{- end }}
       containers:
         - name: {{ template "ingress-nginx.name" . }}-{{ .Values.controller.name }}
-          image: "{{ .Values.controller.image.repository }}:{{ .Values.controller.image.tag }}"
+          image: {{ .Values.controller.image.repository }}:{{ .Values.controller.image.tag }}
-          imagePullPolicy: "{{ .Values.controller.image.pullPolicy }}"
+          imagePullPolicy: {{ .Values.controller.image.pullPolicy }}
         {{- if .Values.controller.lifecycle }}
-          lifecycle:
+          lifecycle: {{ toYaml .Values.controller.lifecycle | nindent 12 }}
-{{ toYaml .Values.controller.lifecycle | indent 12 }}
         {{- end }}
           args:
             - /nginx-ingress-controller
@@ -93,7 +88,7 @@ spec:
           {{- if .Values.controller.scope.enabled }}
             - --watch-namespace={{ default .Release.Namespace .Values.controller.scope.namespace }}
           {{- end }}
-          {{- if and (.Values.controller.reportNodeInternalIp) (.Values.controller.hostNetwork) }}
+          {{- if and .Values.controller.reportNodeInternalIp .Values.controller.hostNetwork }}
             - --report-node-internal-ip-address={{ .Values.controller.reportNodeInternalIp }}
           {{- end }}
           {{- if .Values.controller.admissionWebhooks.enabled }}
@@ -131,7 +126,7 @@ spec:
                 fieldRef:
                   fieldPath: metadata.namespace
           {{- if .Values.controller.extraEnvs }}
-{{ toYaml .Values.controller.extraEnvs | indent 12 }}
+            {{- toYaml .Values.controller.extraEnvs | nindent 12 }}
           {{- end }}
           livenessProbe:
             httpGet:
@@ -143,6 +138,16 @@ spec:
             timeoutSeconds: {{ .Values.controller.livenessProbe.timeoutSeconds }}
             successThreshold: {{ .Values.controller.livenessProbe.successThreshold }}
             failureThreshold: {{ .Values.controller.livenessProbe.failureThreshold }}
+          readinessProbe:
+            httpGet:
+              path: /healthz
+              port: {{ .Values.controller.readinessProbe.port }}
+              scheme: HTTP
+            initialDelaySeconds: {{ .Values.controller.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.controller.readinessProbe.periodSeconds }}
+            timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }}
+            successThreshold: {{ .Values.controller.readinessProbe.successThreshold }}
+            failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }}
           ports:
           {{- range $key, $value := .Values.controller.containerPort }}
             - name: {{ $key }}
@@ -160,28 +165,17 @@ spec:
               protocol: TCP
           {{- end }}
           {{- range $key, $value := .Values.tcp }}
-            - name: "{{ $key }}-tcp"
+            - name: {{ $key }}-tcp
               containerPort: {{ $key }}
               protocol: TCP
           {{- end }}
           {{- range $key, $value := .Values.udp }}
-            - name: "{{ $key }}-udp"
+            - name: {{ $key }}-udp
               containerPort: {{ $key }}
               protocol: UDP
           {{- end }}
-          readinessProbe:
-            httpGet:
-              path: /healthz
-              port: {{ .Values.controller.readinessProbe.port }}
-              scheme: HTTP
-            initialDelaySeconds: {{ .Values.controller.readinessProbe.initialDelaySeconds }}
-            periodSeconds: {{ .Values.controller.readinessProbe.periodSeconds }}
-            timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }}
-            successThreshold: {{ .Values.controller.readinessProbe.successThreshold }}
-            failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }}
         {{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled) }}
           volumeMounts:
-{{- end }}
           {{- if .Values.controller.customTemplate.configMapName }}
             - mountPath: /etc/nginx/template
               name: nginx-template-volume
@@ -189,39 +183,38 @@ spec:
           {{- end }}
           {{- if .Values.controller.admissionWebhooks.enabled }}
             - name: webhook-cert
-              mountPath: "/usr/local/certificates/"
+              mountPath: /usr/local/certificates/
               readOnly: true
           {{- end }}
           {{- if .Values.controller.extraVolumeMounts }}
-{{ toYaml .Values.controller.extraVolumeMounts | indent 12}}
+            {{- toYaml .Values.controller.extraVolumeMounts | nindent 12 }}
+          {{- end }}
+        {{- end }}
+        {{- if .Values.controller.resources }}
+          resources: {{ toYaml .Values.controller.resources | nindent 12 }}
         {{- end }}
-          resources:
-{{ toYaml .Values.controller.resources | indent 12 }}
       {{- if .Values.controller.extraContainers }}
-{{ toYaml .Values.controller.extraContainers | indent 8}}
+        {{ toYaml .Values.controller.extraContainers | nindent 8 }}
       {{- end }}
     {{- if .Values.controller.extraInitContainers }}
-      initContainers:
+      initContainers: {{ toYaml .Values.controller.extraInitContainers | nindent 8 }}
-{{ toYaml .Values.controller.extraInitContainers | indent 8}}
     {{- end }}
+    {{- if .Values.controller.hostNetwork }}
       hostNetwork: {{ .Values.controller.hostNetwork }}
+    {{- end }}
     {{- if .Values.controller.nodeSelector }}
-      nodeSelector:
+      nodeSelector: {{ toYaml .Values.controller.nodeSelector | nindent 8 }}
-{{ toYaml .Values.controller.nodeSelector | indent 8 }}
     {{- end }}
     {{- if .Values.controller.tolerations }}
-      tolerations:
+      tolerations: {{ toYaml .Values.controller.tolerations | nindent 8 }}
-{{ toYaml .Values.controller.tolerations | indent 8 }}
     {{- end }}
     {{- if .Values.controller.affinity }}
-      affinity:
+      affinity: {{ toYaml .Values.controller.affinity | nindent 8 }}
-{{ toYaml .Values.controller.affinity | indent 8 }}
     {{- end }}
       serviceAccountName: {{ template "ingress-nginx.serviceAccountName" . }}
       terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }}
     {{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled .Values.controller.extraVolumes) }}
       volumes:
-{{- end }}
       {{- if .Values.controller.customTemplate.configMapName }}
         - name: nginx-template-volume
           configMap:
@@ -236,6 +229,7 @@ spec:
             secretName: {{ template "ingress-nginx.fullname". }}-admission
       {{- end }}
       {{- if .Values.controller.extraVolumes }}
-{{ toYaml .Values.controller.extraVolumes | indent 8}}
+        {{ toYaml .Values.controller.extraVolumes | nindent 8 }}
+      {{- end }}
     {{- end }}
 {{- end }}

charts/ingress-nginx/templates/controller-hpa.yaml

@@ -1,5 +1,4 @@
-{{- if or (eq .Values.controller.kind "Deployment") (eq .Values.controller.kind "Both") }}
+{{- if and .Values.controller.autoscaling.enabled (or (eq .Values.controller.kind "Deployment") (eq .Values.controller.kind "Both")) -}}
-{{- if .Values.controller.autoscaling.enabled }}
 apiVersion: autoscaling/v2beta1
 kind: HorizontalPodAutoscaler
 metadata:
@@ -28,4 +27,3 @@ spec:
         targetAverageUtilization: {{ . }}
   {{- end }}
 {{- end }}
-{{- end }}

charts/ingress-nginx/templates/controller-poddisruptionbudget.yaml

@@ -1,4 +1,4 @@
-{{- if or (and .Values.controller.autoscaling.enabled (gt (.Values.controller.autoscaling.minReplicas | int) 1)) (gt (.Values.controller.replicaCount | int) 1) }}
+{{- if or (and .Values.controller.autoscaling.enabled (gt (.Values.controller.autoscaling.minReplicas | int) 1)) (gt (.Values.controller.replicaCount | int) 1) -}}
 apiVersion: policy/v1beta1
 kind: PodDisruptionBudget
 metadata:

charts/ingress-nginx/templates/controller-prometheusrules.yaml

@@ -1,4 +1,4 @@
-{{- if and .Values.controller.metrics.enabled .Values.controller.metrics.prometheusRule.enabled }}
+{{- if and .Values.controller.metrics.enabled .Values.controller.metrics.prometheusRule.enabled -}}
 apiVersion: monitoring.coreos.com/v1
 kind: PrometheusRule
 metadata:
@@ -10,12 +10,12 @@ metadata:
     {{- include "ingress-nginx.labels" . | nindent 4 }}
     app.kubernetes.io/component: {{ .Values.controller.name | quote }}
   {{- if .Values.controller.metrics.prometheusRule.additionalLabels }}
-{{ toYaml .Values.controller.metrics.prometheusRule.additionalLabels | indent 4 }}
+    {{- toYaml .Values.controller.metrics.prometheusRule.additionalLabels | nindent 4 }}
   {{- end }}
 spec:
-  {{- with .Values.controller.metrics.prometheusRule.rules }}
+{{- if .Values.controller.metrics.prometheusRule.rules }}
   groups:
-  - name: {{ template "ingress-nginx.name" $ }}
+  - name: {{ template "ingress-nginx.name" . }}
-    rules: {{- toYaml . | nindent 4 }}
+    rules: {{- toYaml .Values.controller.metrics.prometheusRule.rules | nindent 4 }}
 {{- end }}
 {{- end }}

charts/ingress-nginx/templates/controller-psp.yaml

@@ -1,8 +1,8 @@
-{{- if .Values.podSecurityPolicy.enabled}}
+{{- if .Values.podSecurityPolicy.enabled -}}
 apiVersion: {{ template "podSecurityPolicy.apiVersion" . }}
 kind: PodSecurityPolicy
 metadata:
-  name: {{ include "ingress-nginx.fullname" . }}
+  name: {{ template "ingress-nginx.fullname" . }}
   labels:
     {{- include "ingress-nginx.labels" . | nindent 4 }}
     app.kubernetes.io/component: {{ .Values.controller.name | quote }}
@@ -18,7 +18,9 @@ spec:
     #- 'projected'
     - 'secret'
     #- 'downwardAPI'
+{{- if .Values.controller.hostNetwork }}
   hostNetwork: {{ .Values.controller.hostNetwork }}
+{{- end }}
 {{- if or .Values.controller.hostNetwork .Values.controller.daemonset.useHostPort }}
   hostPorts:
 {{- if .Values.controller.hostNetwork }}

charts/ingress-nginx/templates/controller-role.yaml

@@ -5,7 +5,7 @@ metadata:
   labels:
     {{- include "ingress-nginx.labels" . | nindent 4 }}
     app.kubernetes.io/component: {{ .Values.controller.name | quote }}
-  name: {{ include "ingress-nginx.fullname" . }}
+  name: {{ template "ingress-nginx.fullname" . }}
 rules:
   - apiGroups:
       - ""
@@ -80,10 +80,9 @@ rules:
       - create
       - patch
 {{- if .Values.podSecurityPolicy.enabled }}
-  - apiGroups:      ['{{ template "podSecurityPolicy.apiGroup" . }}']
+  - apiGroups:      [{{ template "podSecurityPolicy.apiGroup" . }}]
     resources:      ['podsecuritypolicies']
     verbs:          ['use']
-    resourceNames:  [{{ include "ingress-nginx.fullname" . }}]
+    resourceNames:  [{{ template "ingress-nginx.fullname" . }}]
+{{- end }}
 {{- end }}
-
-{{- end -}}

charts/ingress-nginx/templates/controller-rolebinding.yaml

@@ -5,13 +5,13 @@ metadata:
   labels:
     {{- include "ingress-nginx.labels" . | nindent 4 }}
     app.kubernetes.io/component: {{ .Values.controller.name | quote }}
-  name: {{ include "ingress-nginx.fullname" . }}
+  name: {{ template "ingress-nginx.fullname" . }}
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: Role
-  name: {{ include "ingress-nginx.fullname" . }}
+  name: {{ template "ingress-nginx.fullname" . }}
 subjects:
   - kind: ServiceAccount
     name: {{ template "ingress-nginx.serviceAccountName" . }}
     namespace: {{ .Release.Namespace }}
-{{- end -}}
+{{- end }}

charts/ingress-nginx/templates/controller-service-metrics.yaml

@@ -1,36 +1,30 @@
-{{- if .Values.controller.metrics.enabled }}
+{{- if .Values.controller.metrics.enabled -}}
 apiVersion: v1
 kind: Service
 metadata:
 {{- if .Values.controller.metrics.service.annotations }}
-  annotations:
+  annotations: {{ toYaml .Values.controller.metrics.service.annotations | nindent 4 }}
-  {{- range $key, $value := .Values.controller.metrics.service.annotations }}
-    {{ $key }}: {{ $value | quote }}
-  {{- end }}
 {{- end }}
   labels:
-{{- if .Values.controller.metrics.service.labels }}
-{{ toYaml .Values.controller.metrics.service.labels | indent 4 }}
-{{- end }}
     {{- include "ingress-nginx.labels" . | nindent 4 }}
     app.kubernetes.io/component: {{ .Values.controller.name | quote }}
+  {{- if .Values.controller.metrics.service.labels }}
+    {{- toYaml .Values.controller.metrics.service.labels | nindent 4 }}
+  {{- end }}
   name: {{ template "ingress-nginx.controller.fullname" . }}-metrics
 spec:
-{{- if not .Values.controller.metrics.service.omitClusterIP }}
+  type: {{ .Values.controller.metrics.service.type }}
-  {{- with .Values.controller.metrics.service.clusterIP }}
+{{- if .Values.controller.metrics.service.clusterIP }}
-  clusterIP: {{ if eq "-" . }}""{{ else }}{{ . | quote }}{{ end }}
+  clusterIP: {{ .Values.controller.metrics.service.clusterIP }}
-  {{- end }}
 {{- end }}
 {{- if .Values.controller.metrics.service.externalIPs }}
-  externalIPs:
+  externalIPs: {{ toYaml .Values.controller.metrics.service.externalIPs | nindent 4 }}
-{{ toYaml .Values.controller.metrics.service.externalIPs | indent 4 }}
 {{- end }}
 {{- if .Values.controller.metrics.service.loadBalancerIP }}
-  loadBalancerIP: "{{ .Values.controller.metrics.service.loadBalancerIP }}"
+  loadBalancerIP: {{ .Values.controller.metrics.service.loadBalancerIP }}
 {{- end }}
 {{- if .Values.controller.metrics.service.loadBalancerSourceRanges }}
-  loadBalancerSourceRanges:
+  loadBalancerSourceRanges: {{ toYaml .Values.controller.metrics.service.loadBalancerSourceRanges | nindent 4 }}
-{{ toYaml .Values.controller.metrics.service.loadBalancerSourceRanges | indent 4 }}
 {{- end }}
   ports:
     - name: metrics
@@ -39,5 +33,4 @@ spec:
   selector:
     {{- include "ingress-nginx.selectorLabels" . | nindent 4 }}
     app.kubernetes.io/component: {{ .Values.controller.name | quote }}
-  type: "{{ .Values.controller.metrics.service.type }}"
 {{- end }}

charts/ingress-nginx/templates/controller-service-webhook.yaml

@@ -1,33 +1,27 @@
-{{- if .Values.controller.admissionWebhooks.enabled }}
+{{- if .Values.controller.admissionWebhooks.enabled -}}
 apiVersion: v1
 kind: Service
 metadata:
 {{- if .Values.controller.admissionWebhooks.service.annotations }}
-  annotations:
+  annotations: {{ toYaml .Values.controller.admissionWebhooks.service.annotations | nindent 4 }}
-  {{- range $key, $value := .Values.controller.admissionWebhooks.service.annotations }}
-    {{ $key }}: {{ $value | quote }}
-  {{- end }}
 {{- end }}
   labels:
     {{- include "ingress-nginx.labels" . | nindent 4 }}
     app.kubernetes.io/component: {{ .Values.controller.name | quote }}
   name: {{ template "ingress-nginx.controller.fullname" . }}-admission
 spec:
-{{- if not .Values.controller.admissionWebhooks.service.omitClusterIP }}
+  type: {{ .Values.controller.admissionWebhooks.service.type }}
-  {{- with .Values.controller.admissionWebhooks.service.clusterIP }}
+{{- if .Values.controller.admissionWebhooks.service.clusterIP }}
-  clusterIP: {{ if eq "-" . }}""{{ else }}{{ . | quote }}{{ end }}
+  clusterIP: {{ .Values.controller.admissionWebhooks.service.clusterIP }}
-  {{- end }}
 {{- end }}
 {{- if .Values.controller.admissionWebhooks.service.externalIPs }}
-  externalIPs:
+  externalIPs: {{ toYaml .Values.controller.admissionWebhooks.service.externalIPs | nindent 4 }}
-{{ toYaml .Values.controller.admissionWebhooks.service.externalIPs | indent 4 }}
 {{- end }}
 {{- if .Values.controller.admissionWebhooks.service.loadBalancerIP }}
-  loadBalancerIP: "{{ .Values.controller.admissionWebhooks.service.loadBalancerIP }}"
+  loadBalancerIP: {{ .Values.controller.admissionWebhooks.service.loadBalancerIP }}
 {{- end }}
 {{- if .Values.controller.admissionWebhooks.service.loadBalancerSourceRanges }}
-  loadBalancerSourceRanges:
+  loadBalancerSourceRanges: {{ toYaml .Values.controller.admissionWebhooks.service.loadBalancerSourceRanges | nindent 4 }}
-{{ toYaml .Values.controller.admissionWebhooks.service.loadBalancerSourceRanges | indent 4 }}
 {{- end }}
   ports:
     - name: https-webhook
@@ -36,5 +30,4 @@ spec:
   selector:
     {{- include "ingress-nginx.selectorLabels" . | nindent 4 }}
     app.kubernetes.io/component: {{ .Values.controller.name | quote }}
-  type: "{{ .Values.controller.admissionWebhooks.service.type }}"
 {{- end }}

charts/ingress-nginx/templates/controller-service.yaml

@@ -1,44 +1,38 @@
-{{- if .Values.controller.service.enabled }}
+{{- if .Values.controller.service.enabled -}}
 apiVersion: v1
 kind: Service
 metadata:
 {{- if .Values.controller.service.annotations }}
-  annotations:
+  annotations: {{ toYaml .Values.controller.service.annotations | nindent 4 }}
-  {{- range $key, $value := .Values.controller.service.annotations }}
-    {{ $key }}: {{ $value | quote }}
-  {{- end }}
 {{- end }}
   labels:
-{{- if .Values.controller.service.labels }}
-{{ toYaml .Values.controller.service.labels | indent 4 }}
-{{- end }}
     {{- include "ingress-nginx.labels" . | nindent 4 }}
     app.kubernetes.io/component: {{ .Values.controller.name | quote }}
+  {{- if .Values.controller.service.labels }}
+    {{- toYaml .Values.controller.service.labels | nindent 4 }}
+  {{- end }}
   name: {{ template "ingress-nginx.controller.fullname" . }}
 spec:
-{{- if not .Values.controller.service.omitClusterIP }}
+  type: {{ .Values.controller.service.type }}
-  {{- with .Values.controller.service.clusterIP }}
+{{- if .Values.controller.service.clusterIP }}
-  clusterIP: {{ if eq "-" . }}""{{ else }}{{ . | quote }}{{ end }}
+  clusterIP: {{ .Values.controller.service.clusterIP }}
-  {{- end }}
 {{- end }}
 {{- if .Values.controller.service.externalIPs }}
-  externalIPs:
+  externalIPs: {{ toYaml .Values.controller.service.externalIPs | nindent 4 }}
-{{ toYaml .Values.controller.service.externalIPs | indent 4 }}
 {{- end }}
 {{- if .Values.controller.service.loadBalancerIP }}
-  loadBalancerIP: "{{ .Values.controller.service.loadBalancerIP }}"
+  loadBalancerIP: {{ .Values.controller.service.loadBalancerIP }}
 {{- end }}
 {{- if .Values.controller.service.loadBalancerSourceRanges }}
-  loadBalancerSourceRanges:
+  loadBalancerSourceRanges: {{ toYaml .Values.controller.service.loadBalancerSourceRanges | nindent 4 }}
-{{ toYaml .Values.controller.service.loadBalancerSourceRanges | indent 4 }}
 {{- end }}
-{{- if and (semverCompare ">=1.7-0" .Capabilities.KubeVersion.GitVersion) (.Values.controller.service.externalTrafficPolicy) }}
+{{- if and .Values.controller.service.externalTrafficPolicy (semverCompare ">=1.7-0" .Capabilities.KubeVersion.GitVersion) }}
-  externalTrafficPolicy: "{{ .Values.controller.service.externalTrafficPolicy }}"
+  externalTrafficPolicy: {{ .Values.controller.service.externalTrafficPolicy }}
 {{- end }}
 {{- if .Values.controller.service.sessionAffinity }}
-  sessionAffinity: "{{ .Values.controller.service.sessionAffinity }}"
+  sessionAffinity: {{ .Values.controller.service.sessionAffinity }}
 {{- end }}
-{{- if and (semverCompare ">=1.7-0" .Capabilities.KubeVersion.GitVersion) (.Values.controller.service.healthCheckNodePort) }}
+{{- if and .Values.controller.service.healthCheckNodePort (semverCompare ">=1.7-0" .Capabilities.KubeVersion.GitVersion) }}
   healthCheckNodePort: {{ .Values.controller.service.healthCheckNodePort }}
 {{- end }}
   ports:
@@ -62,10 +56,10 @@ spec:
     {{- end }}
   {{- end }}
   {{- range $key, $value := .Values.tcp }}
-    - name: "{{ $key }}-tcp"
+    - name: {{ $key }}-tcp
       port: {{ $key }}
       protocol: TCP
-      targetPort: "{{ $key }}-tcp"
+      targetPort: {{ $key }}-tcp
     {{- if $.Values.controller.service.nodePorts.tcp }}
     {{- if index $.Values.controller.service.nodePorts.tcp $key }}
       nodePort: {{ index $.Values.controller.service.nodePorts.tcp $key }}
@@ -73,10 +67,10 @@ spec:
     {{- end }}
   {{- end }}
   {{- range $key, $value := .Values.udp }}
-    - name: "{{ $key }}-udp"
+    - name: {{ $key }}-udp
       port: {{ $key }}
       protocol: UDP
-      targetPort: "{{ $key }}-udp"
+      targetPort: {{ $key }}-udp
     {{- if $.Values.controller.service.nodePorts.udp }}
     {{- if index $.Values.controller.service.nodePorts.udp $key }}
       nodePort: {{ index $.Values.controller.service.nodePorts.udp $key }}
@@ -86,5 +80,4 @@ spec:
   selector:
     {{- include "ingress-nginx.selectorLabels" . | nindent 4 }}
     app.kubernetes.io/component: {{ .Values.controller.name | quote }}
-  type: "{{ .Values.controller.service.type }}"
 {{- end }}

charts/ingress-nginx/templates/controller-serviceaccount.yaml

@@ -6,4 +6,4 @@ metadata:
     {{- include "ingress-nginx.labels" . | nindent 4 }}
     app.kubernetes.io/component: {{ .Values.controller.name | quote }}
   name: {{ template "ingress-nginx.serviceAccountName" . }}
-{{- end -}}
+{{- end }}

charts/ingress-nginx/templates/controller-servicemonitor.yaml

@@ -1,4 +1,4 @@
-{{- if and .Values.controller.metrics.enabled .Values.controller.metrics.serviceMonitor.enabled }}
+{{- if and .Values.controller.metrics.enabled .Values.controller.metrics.serviceMonitor.enabled -}}
 apiVersion: monitoring.coreos.com/v1
 kind: ServiceMonitor
 metadata:
@@ -10,7 +10,7 @@ metadata:
     {{- include "ingress-nginx.labels" . | nindent 4 }}
     app.kubernetes.io/component: {{ .Values.controller.name | quote }}
   {{- if .Values.controller.metrics.serviceMonitor.additionalLabels }}
-{{ toYaml .Values.controller.metrics.serviceMonitor.additionalLabels | indent 4 }}
+    {{- toYaml .Values.controller.metrics.serviceMonitor.additionalLabels | nindent 4 }}
   {{- end }}
 spec:
   endpoints:
@@ -20,8 +20,7 @@ spec:
       honorLabels: true
     {{- end }}
 {{- if .Values.controller.metrics.serviceMonitor.namespaceSelector }}
-  namespaceSelector:
+  namespaceSelector: {{ toYaml .Values.controller.metrics.serviceMonitor.namespaceSelector | nindent 4 }}
-{{ toYaml .Values.controller.metrics.serviceMonitor.namespaceSelector | indent 4 -}}
 {{ else }}
   namespaceSelector:
     matchNames:

charts/ingress-nginx/templates/default-backend-deployment.yaml

@@ -1,4 +1,4 @@
-{{- if .Values.defaultBackend.enabled }}
+{{- if .Values.defaultBackend.enabled -}}
 apiVersion: {{ template "deployment.apiVersion" . }}
 kind: Deployment
 metadata:
@@ -16,33 +16,29 @@ spec:
   template:
     metadata:
     {{- if .Values.defaultBackend.podAnnotations }}
-      annotations:
+      annotations: {{ toYaml .Values.defaultBackend.podAnnotations | nindent 8 }}
-      {{- range $key, $value := .Values.defaultBackend.podAnnotations }}
-        {{ $key }}: {{ $value | quote }}
-      {{- end }}
     {{- end }}
       labels:
         {{- include "ingress-nginx.selectorLabels" . | nindent 8 }}
         app.kubernetes.io/component: {{ .Values.defaultBackend.name | quote }}
       {{- if .Values.defaultBackend.podLabels }}
-{{ toYaml .Values.defaultBackend.podLabels | indent 8 }}
+        {{- toYaml .Values.defaultBackend.podLabels | nindent 8 }}
       {{- end }}
     spec:
     {{- if .Values.imagePullSecrets }}
-      imagePullSecrets:
+      imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 8 }}
-{{ toYaml .Values.imagePullSecrets | indent 8 }}
     {{- end }}
     {{- if .Values.defaultBackend.priorityClassName }}
-      priorityClassName: "{{ .Values.defaultBackend.priorityClassName }}"
+      priorityClassName: {{ .Values.defaultBackend.priorityClassName }}
     {{- end }}
     {{- if .Values.defaultBackend.podSecurityContext }}
-      securityContext:
+      securityContext: {{ toYaml .Values.defaultBackend.podSecurityContext | nindent 8 }}
-{{ toYaml .Values.defaultBackend.podSecurityContext | indent 8 }}
     {{- end }}
       containers:
         - name: {{ template "ingress-nginx.name" . }}-{{ .Values.defaultBackend.name }}
-          image: "{{ .Values.defaultBackend.image.repository }}:{{ .Values.defaultBackend.image.tag }}"
+          image: {{ .Values.defaultBackend.image.repository }}:{{ .Values.defaultBackend.image.tag }}
-          imagePullPolicy: "{{ .Values.defaultBackend.image.pullPolicy }}"
+          imagePullPolicy: {{ .Values.defaultBackend.image.pullPolicy }}
+        {{- if .Values.defaultBackend.extraArgs }}
           args:
           {{- range $key, $value := .Values.defaultBackend.extraArgs }}
             {{- if $value }}
@@ -51,11 +47,11 @@ spec:
             - --{{ $key }}
             {{- end }}
           {{- end }}
+        {{- end }}
           securityContext:
             runAsUser: {{ .Values.defaultBackend.image.runAsUser }}
         {{- if .Values.defaultBackend.extraEnvs }}
-          env:
+          env: {{ toYaml .Values.defaultBackend.extraEnvs | nindent 12 }}
-{{ toYaml .Values.defaultBackend.extraEnvs | indent 12 }}
         {{- end }}
           livenessProbe:
             httpGet:
@@ -81,20 +77,18 @@ spec:
             - name: http
               containerPort: {{ .Values.defaultBackend.port }}
               protocol: TCP
-          resources:
+        {{- if .Values.defaultBackend.resources }}
-{{ toYaml .Values.defaultBackend.resources | indent 12 }}
+          resources: {{ toYaml .Values.defaultBackend.resources | nindent 12 }}
+        {{- end }}
     {{- if .Values.defaultBackend.nodeSelector }}
-      nodeSelector:
+      nodeSelector: {{ toYaml .Values.defaultBackend.nodeSelector | nindent 8 }}
-{{ toYaml .Values.defaultBackend.nodeSelector | indent 8 }}
     {{- end }}
       serviceAccountName: {{ template "ingress-nginx.defaultBackend.serviceAccountName" . }}
     {{- if .Values.defaultBackend.tolerations }}
-      tolerations:
+      tolerations: {{ toYaml .Values.defaultBackend.tolerations | nindent 8 }}
-{{ toYaml .Values.defaultBackend.tolerations | indent 8 }}
     {{- end }}
     {{- if .Values.defaultBackend.affinity }}
-      affinity:
+      affinity: {{ toYaml .Values.defaultBackend.affinity | nindent 8 }}
-{{ toYaml .Values.defaultBackend.affinity | indent 8 }}
     {{- end }}
       terminationGracePeriodSeconds: 60
 {{- end }}

charts/ingress-nginx/templates/default-backend-poddisruptionbudget.yaml

@@ -1,4 +1,4 @@
-{{- if gt (.Values.defaultBackend.replicaCount | int) 1 }}
+{{- if gt (.Values.defaultBackend.replicaCount | int) 1 -}}
 apiVersion: policy/v1beta1
 kind: PodDisruptionBudget
 metadata:

charts/ingress-nginx/templates/default-backend-psp.yaml

@@ -2,7 +2,7 @@
 apiVersion: {{ template "podSecurityPolicy.apiVersion" . }}
 kind: PodSecurityPolicy
 metadata:
-  name: {{ include "ingress-nginx.fullname" . }}-backend
+  name: {{ template "ingress-nginx.fullname" . }}-backend
   labels:
     {{- include "ingress-nginx.labels" . | nindent 4 }}
     app.kubernetes.io/component: {{ .Values.defaultBackend.name | quote }}
@@ -30,4 +30,4 @@ spec:
   - projected
   - secret
   - downwardAPI
-{{- end -}}
+{{- end }}

charts/ingress-nginx/templates/default-backend-role.yaml

@@ -5,10 +5,10 @@ metadata:
   labels:
     {{- include "ingress-nginx.labels" . | nindent 4 }}
     app.kubernetes.io/component: {{ .Values.defaultBackend.name | quote }}
-  name: {{ include "ingress-nginx.fullname" . }}-backend
+  name: {{ template "ingress-nginx.fullname" . }}-backend
 rules:
-  - apiGroups:      ['{{ template "podSecurityPolicy.apiGroup" . }}']
+  - apiGroups:      [{{ template "podSecurityPolicy.apiGroup" . }}]
     resources:      ['podsecuritypolicies']
     verbs:          ['use']
-    resourceNames:  [{{ include "ingress-nginx.fullname" . }}-backend]
+    resourceNames:  [{{ template "ingress-nginx.fullname" . }}-backend]
-{{- end -}}
+{{- end }}

charts/ingress-nginx/templates/default-backend-rolebinding.yaml

@@ -14,4 +14,4 @@ subjects:
   - kind: ServiceAccount
     name: {{ template "ingress-nginx.defaultBackend.serviceAccountName" . }}
     namespace: {{ .Release.Namespace }}
-{{- end -}}
+{{- end }}

charts/ingress-nginx/templates/default-backend-service.yaml

@@ -1,33 +1,27 @@
-{{- if .Values.defaultBackend.enabled }}
+{{- if .Values.defaultBackend.enabled -}}
 apiVersion: v1
 kind: Service
 metadata:
 {{- if .Values.defaultBackend.service.annotations }}
-  annotations:
+  annotations: {{ toYaml .Values.defaultBackend.service.annotations | nindent 4 }}
-  {{- range $key, $value := .Values.defaultBackend.service.annotations }}
-    {{ $key }}: {{ $value | quote }}
-  {{- end }}
 {{- end }}
   labels:
     {{- include "ingress-nginx.labels" . | nindent 4 }}
     app.kubernetes.io/component: {{ .Values.defaultBackend.name | quote }}
   name: {{ template "ingress-nginx.defaultBackend.fullname" . }}
 spec:
-{{- if not .Values.defaultBackend.service.omitClusterIP }}
+  type: {{ .Values.defaultBackend.service.type }}
-  {{- with .Values.defaultBackend.service.clusterIP }}
+{{- if .Values.defaultBackend.service.clusterIP }}
-  clusterIP: {{ if eq "-" . }}""{{ else }}{{ . | quote }}{{ end }}
+  clusterIP: {{ .Values.defaultBackend.service.clusterIP }}
-  {{- end }}
 {{- end }}
 {{- if .Values.defaultBackend.service.externalIPs }}
-  externalIPs:
+  externalIPs: {{ toYaml .Values.defaultBackend.service.externalIPs | nindent 4 }}
-{{ toYaml .Values.defaultBackend.service.externalIPs | indent 4 }}
 {{- end }}
 {{- if .Values.defaultBackend.service.loadBalancerIP }}
-  loadBalancerIP: "{{ .Values.defaultBackend.service.loadBalancerIP }}"
+  loadBalancerIP: {{ .Values.defaultBackend.service.loadBalancerIP }}
 {{- end }}
 {{- if .Values.defaultBackend.service.loadBalancerSourceRanges }}
-  loadBalancerSourceRanges:
+  loadBalancerSourceRanges: {{ toYaml .Values.defaultBackend.service.loadBalancerSourceRanges | nindent 4 }}
-{{ toYaml .Values.defaultBackend.service.loadBalancerSourceRanges | indent 4 }}
 {{- end }}
   ports:
     - name: http
@@ -37,5 +31,4 @@ spec:
   selector:
     {{- include "ingress-nginx.selectorLabels" . | nindent 4 }}
     app.kubernetes.io/component: {{ .Values.defaultBackend.name | quote }}
-  type: "{{ .Values.defaultBackend.service.type }}"
 {{- end }}

charts/ingress-nginx/templates/default-backend-serviceaccount.yaml

@@ -1,4 +1,4 @@
-{{- if and .Values.defaultBackend.enabled  .Values.defaultBackend.serviceAccount.create }}
+{{- if and .Values.defaultBackend.enabled  .Values.defaultBackend.serviceAccount.create -}}
 apiVersion: v1
 kind: ServiceAccount
 metadata:

charts/ingress-nginx/values.yaml

@@ -133,6 +133,10 @@ controller:
   ##
   deploymentAnnotations: {}
 
+  ## Annotations to be added to the controller daemonset
+  ##
+  daemonsetAnnotations: {}
+
   # The update strategy to apply to the Deployment or DaemonSet
   ##
   updateStrategy: {}
@@ -242,8 +246,6 @@ controller:
 
     annotations: {}
     labels: {}
-    ## Deprecated, instead simply do not provide a clusterIP value
-    omitClusterIP: false
     # clusterIP: ""
 
     ## List of IP addresses at which the controller services are available
@@ -251,7 +253,7 @@ controller:
     ##
     externalIPs: []
 
-    loadBalancerIP: ""
+    # loadBalancerIP: ""
     loadBalancerSourceRanges: []
 
     enableHttp: true
@@ -260,13 +262,16 @@ controller:
     ## Set external traffic policy to: "Local" to preserve source IP on
     ## providers supporting it
     ## Ref: https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-typeloadbalancer
-    externalTrafficPolicy: ""
+    # externalTrafficPolicy: ""
 
     # Must be either "None" or "ClientIP" if set. Kubernetes will default to "None".
     # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
-    sessionAffinity: ""
+    # sessionAffinity: ""
 
-    healthCheckNodePort: 0
+    # specifies the health check node port (numeric port number) for the service. If healthCheckNodePort isn’t specified,
+    # the service controller allocates a port from your cluster’s NodePort range.
+    # Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
+    # healthCheckNodePort: 0
 
     ports:
       http: 80
@@ -337,11 +342,9 @@ controller:
 
     service:
       annotations: {}
-      ## Deprecated, instead simply do not provide a clusterIP value
-      omitClusterIP: false
       # clusterIP: ""
       externalIPs: []
-      loadBalancerIP: ""
+      # loadBalancerIP: ""
       loadBalancerSourceRanges: []
       servicePort: 443
       type: ClusterIP
@@ -368,8 +371,6 @@ controller:
       # prometheus.io/scrape: "true"
       # prometheus.io/port: "10254"
 
-      ## Deprecated, instead simply do not provide a clusterIP value
-      omitClusterIP: false
       # clusterIP: ""
 
       ## List of IP addresses at which the stats-exporter service is available
@@ -377,7 +378,7 @@ controller:
       ##
       externalIPs: []
 
-      loadBalancerIP: ""
+      # loadBalancerIP: ""
       loadBalancerSourceRanges: []
       servicePort: 9913
       type: ClusterIP
@@ -397,7 +398,7 @@ controller:
     prometheusRule:
       enabled: false
       additionalLabels: {}
-      namespace: ""
+      # namespace: ""
       rules: []
         # # These are just examples rules, please adapt them to your needs
         # - alert: TooMany500s
@@ -516,8 +517,7 @@ defaultBackend:
 
   service:
     annotations: {}
-    ## Deprecated, instead simply do not provide a clusterIP value
+
-    omitClusterIP: false
     # clusterIP: ""
 
     ## List of IP addresses at which the default backend service is available
@@ -525,7 +525,7 @@ defaultBackend:
     ##
     externalIPs: []
 
-    loadBalancerIP: ""
+    # loadBalancerIP: ""
     loadBalancerSourceRanges: []
     servicePort: 80
     type: ClusterIP