diff --git a/charts/ingress-nginx/README.md b/charts/ingress-nginx/README.md index 3daab87dc..a9c40e88b 100644 --- a/charts/ingress-nginx/README.md +++ b/charts/ingress-nginx/README.md @@ -251,7 +251,6 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu | controller.admissionWebhooks.labels | object | `{}` | Labels to be added to admission webhooks | | controller.admissionWebhooks.name | string | `"admission"` | | | controller.admissionWebhooks.namespaceSelector | object | `{}` | | -| controller.admissionWebhooks.networkPolicyEnabled | bool | `false` | | | controller.admissionWebhooks.objectSelector | object | `{}` | | | controller.admissionWebhooks.patch.enabled | bool | `true` | | | controller.admissionWebhooks.patch.image.digest | string | `"sha256:a7943503b45d552785aa3b5e457f169a5661fb94d82b8a3373bcd9ebaf9aac80"` | | @@ -260,6 +259,7 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu | controller.admissionWebhooks.patch.image.registry | string | `"registry.k8s.io"` | | | controller.admissionWebhooks.patch.image.tag | string | `"v20231011-8b53cabe0"` | | | controller.admissionWebhooks.patch.labels | object | `{}` | Labels to be added to patch job resources | +| controller.admissionWebhooks.patch.networkPolicy.enabled | bool | `false` | Enable 'networkPolicy' or not | | controller.admissionWebhooks.patch.nodeSelector."kubernetes.io/os" | string | `"linux"` | | | controller.admissionWebhooks.patch.podAnnotations | object | `{}` | | | controller.admissionWebhooks.patch.priorityClassName | string | `""` | Provide a priority class name to the webhook patching job # | diff --git a/charts/ingress-nginx/templates/admission-webhooks/job-patch/networkpolicy.yaml b/charts/ingress-nginx/templates/admission-webhooks/job-patch/networkpolicy.yaml index f6fce5df5..a8f38df96 100644 --- a/charts/ingress-nginx/templates/admission-webhooks/job-patch/networkpolicy.yaml +++ b/charts/ingress-nginx/templates/admission-webhooks/job-patch/networkpolicy.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.networkPolicyEnabled .Values.controller.admissionWebhooks.patch.enabled (not .Values.controller.admissionWebhooks.certManager.enabled) -}} +{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled .Values.controller.admissionWebhooks.patch.networkPolicy.enabled (not .Values.controller.admissionWebhooks.certManager.enabled) -}} apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: diff --git a/charts/ingress-nginx/values.yaml b/charts/ingress-nginx/values.yaml index 2fba7e219..7f633b47a 100644 --- a/charts/ingress-nginx/values.yaml +++ b/charts/ingress-nginx/values.yaml @@ -622,7 +622,6 @@ controller: labels: {} # -- Use an existing PSP instead of creating one existingPsp: "" - networkPolicyEnabled: false service: annotations: {} # clusterIP: "" @@ -662,6 +661,10 @@ controller: ## priorityClassName: "" podAnnotations: {} + # NetworkPolicy for webhook patch + networkPolicy: + # -- Enable 'networkPolicy' or not + enabled: false nodeSelector: kubernetes.io/os: linux tolerations: []