diff --git a/charts/ingress-nginx/README.md b/charts/ingress-nginx/README.md index f7ea20199..cd181f76e 100644 --- a/charts/ingress-nginx/README.md +++ b/charts/ingress-nginx/README.md @@ -255,7 +255,6 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu | controller.admissionWebhooks.patch.image.digest | string | `"sha256:a320a50cc91bd15fd2d6fa6de58bd98c1bd64b9a6f926ce23a600d87043455a3"` | | | controller.admissionWebhooks.patch.image.image | string | `"ingress-nginx/kube-webhook-certgen"` | | | controller.admissionWebhooks.patch.image.pullPolicy | string | `"IfNotPresent"` | | -| controller.admissionWebhooks.patch.image.registry | string | `"registry.k8s.io"` | | | controller.admissionWebhooks.patch.image.tag | string | `"v1.4.3"` | | | controller.admissionWebhooks.patch.labels | object | `{}` | Labels to be added to patch job resources | | controller.admissionWebhooks.patch.networkPolicy.enabled | bool | `false` | Enable 'networkPolicy' or not | @@ -328,7 +327,6 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu | controller.image.image | string | `"ingress-nginx/controller"` | | | controller.image.pullPolicy | string | `"IfNotPresent"` | | | controller.image.readOnlyRootFilesystem | bool | `false` | | -| controller.image.registry | string | `"registry.k8s.io"` | | | controller.image.runAsGroup | int | `82` | This value must not be changed using the official image. uid=101(www-data) gid=82(www-data) groups=82(www-data) | | controller.image.runAsNonRoot | bool | `true` | | | controller.image.runAsUser | int | `101` | This value must not be changed using the official image. uid=101(www-data) gid=82(www-data) groups=82(www-data) | @@ -491,7 +489,6 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu | defaultBackend.image.image | string | `"defaultbackend-amd64"` | | | defaultBackend.image.pullPolicy | string | `"IfNotPresent"` | | | defaultBackend.image.readOnlyRootFilesystem | bool | `true` | | -| defaultBackend.image.registry | string | `"registry.k8s.io"` | | | defaultBackend.image.runAsGroup | int | `65534` | | | defaultBackend.image.runAsNonRoot | bool | `true` | | | defaultBackend.image.runAsUser | int | `65534` | | @@ -533,6 +530,7 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu | defaultBackend.unhealthyPodEvictionPolicy | string | `""` | Eviction policy for unhealthy pods guarded by PodDisruptionBudget. Ref: https://kubernetes.io/blog/2023/01/06/unhealthy-pod-eviction-policy-for-pdbs/ | | defaultBackend.updateStrategy | object | `{}` | The update strategy to apply to the Deployment or DaemonSet # | | dhParam | string | `""` | A base64-encoded Diffie-Hellman parameter. This can be generated with: `openssl dhparam 4096 2> /dev/null | base64` # Ref: https://github.com/kubernetes/ingress-nginx/tree/main/docs/examples/customization/ssl-dh-param | +| global.image.registry | string | `"registry.k8s.io"` | Registry host to pull images from. | | imagePullSecrets | list | `[]` | Optional array of imagePullSecrets containing private registry credentials # Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ | | namespaceOverride | string | `""` | Override the deployment namespace; defaults to .Release.Namespace | | portNamePrefix | string | `""` | Prefix for TCP and UDP ports names in ingress controller service # Some cloud providers, like Yandex Cloud may have a requirements for a port name regex to support cloud load balancer integration | diff --git a/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml b/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml index 176616467..af3ea12a3 100644 --- a/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml +++ b/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml @@ -42,7 +42,7 @@ spec: {{- end }} containers: - name: create - {{- with .Values.controller.admissionWebhooks.patch.image }} + {{- with (merge .Values.controller.admissionWebhooks.patch.image .Values.global.image) }} image: {{ if .repository }}{{ .repository }}{{ else }}{{ .registry }}/{{ .image }}{{ end }}:{{ .tag }}{{ if .digest }}@{{ .digest }}{{ end }} {{- end }} imagePullPolicy: {{ .Values.controller.admissionWebhooks.patch.image.pullPolicy }} diff --git a/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml b/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml index f7d44a24d..87dd2c251 100644 --- a/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml +++ b/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml @@ -42,7 +42,7 @@ spec: {{- end }} containers: - name: patch - {{- with .Values.controller.admissionWebhooks.patch.image }} + {{- with (merge .Values.controller.admissionWebhooks.patch.image .Values.global.image) }} image: {{ if .repository }}{{ .repository }}{{ else }}{{ .registry }}/{{ .image }}{{ end }}:{{ .tag }}{{ if .digest }}@{{ .digest }}{{ end }} {{- end }} imagePullPolicy: {{ .Values.controller.admissionWebhooks.patch.image.pullPolicy }} diff --git a/charts/ingress-nginx/templates/controller-daemonset.yaml b/charts/ingress-nginx/templates/controller-daemonset.yaml index b8f9c331c..fd1b13284 100644 --- a/charts/ingress-nginx/templates/controller-daemonset.yaml +++ b/charts/ingress-nginx/templates/controller-daemonset.yaml @@ -75,7 +75,7 @@ spec: {{- end }} containers: - name: {{ .Values.controller.containerName }} - {{- with .Values.controller.image }} + {{- with (merge .Values.controller.image .Values.global.image) }} image: {{ if .repository }}{{ .repository }}{{ else }}{{ .registry }}/{{ include "ingress-nginx.image" . }}{{ end }}:{{ .tag }}{{ include "ingress-nginx.imageDigest" . }} {{- end }} imagePullPolicy: {{ .Values.controller.image.pullPolicy }} @@ -182,7 +182,7 @@ spec: {{- if .Values.controller.extraModules }} {{- range .Values.controller.extraModules }} {{- $containerSecurityContext := .containerSecurityContext | default $.Values.controller.containerSecurityContext }} - {{- include "extraModules" (dict "name" .name "image" .image "containerSecurityContext" $containerSecurityContext "resources" .resources) | nindent 8 }} + {{- include "extraModules" (dict "name" .name "image" (merge .image $.Values.global.image) "containerSecurityContext" $containerSecurityContext "resources" .resources) | nindent 8 }} {{- end }} {{- end }} {{- end }} diff --git a/charts/ingress-nginx/templates/controller-deployment.yaml b/charts/ingress-nginx/templates/controller-deployment.yaml index 286ec06b3..cc41bfbc7 100644 --- a/charts/ingress-nginx/templates/controller-deployment.yaml +++ b/charts/ingress-nginx/templates/controller-deployment.yaml @@ -81,7 +81,7 @@ spec: {{- end }} containers: - name: {{ .Values.controller.containerName }} - {{- with .Values.controller.image }} + {{- with (merge .Values.controller.image .Values.global.image) }} image: {{ if .repository }}{{ .repository }}{{ else }}{{ .registry }}/{{ include "ingress-nginx.image" . }}{{ end }}:{{ .tag }}{{ include "ingress-nginx.imageDigest" . }} {{- end }} imagePullPolicy: {{ .Values.controller.image.pullPolicy }} @@ -188,7 +188,7 @@ spec: {{- if .Values.controller.extraModules }} {{- range .Values.controller.extraModules }} {{- $containerSecurityContext := .containerSecurityContext | default $.Values.controller.containerSecurityContext }} - {{- include "extraModules" (dict "name" .name "image" .image "containerSecurityContext" $containerSecurityContext "resources" .resources) | nindent 8 }} + {{- include "extraModules" (dict "name" .name "image" (merge .image $.Values.global.image) "containerSecurityContext" $containerSecurityContext "resources" .resources) | nindent 8 }} {{- end }} {{- end }} {{- end }} diff --git a/charts/ingress-nginx/templates/default-backend-deployment.yaml b/charts/ingress-nginx/templates/default-backend-deployment.yaml index 6755e2378..f7d9de121 100644 --- a/charts/ingress-nginx/templates/default-backend-deployment.yaml +++ b/charts/ingress-nginx/templates/default-backend-deployment.yaml @@ -50,7 +50,7 @@ spec: {{- end }} containers: - name: {{ template "ingress-nginx.name" . }}-default-backend - {{- with .Values.defaultBackend.image }} + {{- with (merge .Values.defaultBackend.image .Values.global.image) }} image: {{ if .repository }}{{ .repository }}{{ else }}{{ .registry }}/{{ .image }}{{ end }}:{{ .tag }}{{ if .digest }}@{{ .digest }}{{ end }} {{- end }} imagePullPolicy: {{ .Values.defaultBackend.image.pullPolicy }} diff --git a/charts/ingress-nginx/tests/controller-daemonset_test.yaml b/charts/ingress-nginx/tests/controller-daemonset_test.yaml index 0e7b79e95..c28c6ee0d 100644 --- a/charts/ingress-nginx/tests/controller-daemonset_test.yaml +++ b/charts/ingress-nginx/tests/controller-daemonset_test.yaml @@ -148,6 +148,17 @@ tests: path: spec.template.spec.containers[0].securityContext.runAsGroup value: 1000 + - it: should create a DaemonSet with a custom registry if `global.image.registry` is set + set: + global.image.registry: custom.registry.io + controller.kind: DaemonSet + controller.image.tag: v1.0.0-dev + controller.image.digest: sha256:faa2d18687f734994b6bd9e309e7a73852a81c30e1b8f63165fcd4f0a087e3cd + asserts: + - equal: + path: spec.template.spec.containers[0].image + value: custom.registry.io/ingress-nginx/controller:v1.0.0-dev@sha256:faa2d18687f734994b6bd9e309e7a73852a81c30e1b8f63165fcd4f0a087e3cd + - it: should create a DaemonSet with a custom registry if `controller.image.registry` is set set: controller.kind: DaemonSet diff --git a/charts/ingress-nginx/tests/controller-deployment_test.yaml b/charts/ingress-nginx/tests/controller-deployment_test.yaml index 1954b7ec9..2c57636fb 100644 --- a/charts/ingress-nginx/tests/controller-deployment_test.yaml +++ b/charts/ingress-nginx/tests/controller-deployment_test.yaml @@ -169,6 +169,16 @@ tests: path: spec.template.spec.containers[0].securityContext.runAsGroup value: 1000 + - it: should create a Deployment with a custom registry if `global.image.registry` is set + set: + global.image.registry: custom.registry.io + controller.image.tag: v1.0.0-dev + controller.image.digest: sha256:faa2d18687f734994b6bd9e309e7a73852a81c30e1b8f63165fcd4f0a087e3cd + asserts: + - equal: + path: spec.template.spec.containers[0].image + value: custom.registry.io/ingress-nginx/controller:v1.0.0-dev@sha256:faa2d18687f734994b6bd9e309e7a73852a81c30e1b8f63165fcd4f0a087e3cd + - it: should create a Deployment with a custom registry if `controller.image.registry` is set set: controller.image.registry: custom.registry.io diff --git a/charts/ingress-nginx/tests/default-backend-deployment_test.yaml b/charts/ingress-nginx/tests/default-backend-deployment_test.yaml index e90e6f944..c3fa33968 100644 --- a/charts/ingress-nginx/tests/default-backend-deployment_test.yaml +++ b/charts/ingress-nginx/tests/default-backend-deployment_test.yaml @@ -145,6 +145,17 @@ tests: path: spec.template.spec.containers[0].securityContext.runAsGroup value: 1000 + - it: should create a Deployment with a custom registry if `global.image.registry` is set + set: + global.image.registry: custom.registry.io + defaultBackend.enabled: true + defaultBackend.image.tag: v1.0.0-dev + defaultBackend.image.digest: sha256:faa2d18687f734994b6bd9e309e7a73852a81c30e1b8f63165fcd4f0a087e3cd + asserts: + - equal: + path: spec.template.spec.containers[0].image + value: custom.registry.io/defaultbackend-amd64:v1.0.0-dev@sha256:faa2d18687f734994b6bd9e309e7a73852a81c30e1b8f63165fcd4f0a087e3cd + - it: should create a Deployment with a custom registry if `defaultBackend.image.registry` is set set: defaultBackend.enabled: true diff --git a/charts/ingress-nginx/values.yaml b/charts/ingress-nginx/values.yaml index dd3faba59..50a41f2f0 100644 --- a/charts/ingress-nginx/values.yaml +++ b/charts/ingress-nginx/values.yaml @@ -2,6 +2,11 @@ ## Ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/index.md ## +global: + image: + # -- Registry host to pull images from. + registry: registry.k8s.io + ## Overrides for generated resource names # See templates/_helpers.tpl # nameOverride: @@ -21,7 +26,7 @@ controller: image: ## Keep false as default for now! chroot: false - registry: registry.k8s.io + # registry: registry.k8s.io image: ingress-nginx/controller ## for backwards compatibility consider setting the full image url via the repository value below ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail @@ -686,7 +691,7 @@ controller: extraModules: [] # - name: mytestmodule # image: - # registry: registry.k8s.io + # # registry: registry.k8s.io # image: ingress-nginx/mytestmodule # ## for backwards compatibility consider setting the full image url via the repository value below # ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail @@ -785,7 +790,7 @@ controller: patch: enabled: true image: - registry: registry.k8s.io + # registry: registry.k8s.io image: ingress-nginx/kube-webhook-certgen ## for backwards compatibility consider setting the full image url via the repository value below ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail @@ -942,7 +947,7 @@ defaultBackend: enabled: false name: defaultbackend image: - registry: registry.k8s.io + # registry: registry.k8s.io image: defaultbackend-amd64 ## for backwards compatibility consider setting the full image url via the repository value below ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail