From 59b16c4e92d23df18a05317bd4044bcec6ab0151 Mon Sep 17 00:00:00 2001 From: Philipp Strube Date: Wed, 29 Jul 2020 11:08:51 +0200 Subject: [PATCH] Use Env expansion for namespace in args When deploying the controller to a custom namespace, users have to overwrite the namespace attribute as well as the hardcoded namespace values in a number of args for the Deployment and the admission controller Jobs. Instead, this commit, uses the namespace name from the DownwardAPI, and allows users to simply change the namespace attribute without having to worry about the container args. --- charts/ingress-nginx/templates/_helpers.tpl | 2 +- .../admission-webhooks/job-patch/job-createSecret.yaml | 9 +++++++-- .../admission-webhooks/job-patch/job-patchWebhook.yaml | 7 ++++++- .../ingress-nginx/templates/controller-deployment.yaml | 10 +++++----- 4 files changed, 19 insertions(+), 9 deletions(-) diff --git a/charts/ingress-nginx/templates/_helpers.tpl b/charts/ingress-nginx/templates/_helpers.tpl index c5d221bee..d516a593c 100644 --- a/charts/ingress-nginx/templates/_helpers.tpl +++ b/charts/ingress-nginx/templates/_helpers.tpl @@ -48,7 +48,7 @@ Users can provide an override for an explicit service they want bound via `.Valu */}} {{- define "ingress-nginx.controller.publishServicePath" -}} -{{- $defServiceName := printf "%s/%s" .Release.Namespace (include "ingress-nginx.controller.fullname" .) -}} +{{- $defServiceName := printf "%s/%s" "$(POD_NAMESPACE)" (include "ingress-nginx.controller.fullname" .) -}} {{- $servicePath := default $defServiceName .Values.controller.publishService.pathOverride }} {{- print $servicePath | trimSuffix "-" -}} {{- end -}} diff --git a/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml b/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml index 8f5e0b36c..d9ca4607c 100644 --- a/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml +++ b/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml @@ -38,9 +38,14 @@ spec: imagePullPolicy: {{ .Values.controller.admissionWebhooks.patch.image.pullPolicy }} args: - create - - --host={{ include "ingress-nginx.controller.fullname" . }}-admission,{{ include "ingress-nginx.controller.fullname" . }}-admission.{{ .Release.Namespace }}.svc - - --namespace={{ .Release.Namespace }} + - --host={{ include "ingress-nginx.controller.fullname" . }}-admission,{{ include "ingress-nginx.controller.fullname" . }}-admission.$(POD_NAMESPACE).svc + - --namespace=$(POD_NAMESPACE) - --secret-name={{ include "ingress-nginx.fullname" . }}-admission + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace restartPolicy: OnFailure serviceAccountName: {{ include "ingress-nginx.fullname" . }}-admission {{- if .Values.controller.admissionWebhooks.patch.nodeSelector }} diff --git a/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml b/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml index 9e7b53b73..d297854cb 100644 --- a/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml +++ b/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml @@ -39,10 +39,15 @@ spec: args: - patch - --webhook-name={{ include "ingress-nginx.fullname" . }}-admission - - --namespace={{ .Release.Namespace }} + - --namespace=$(POD_NAMESPACE) - --patch-mutating=false - --secret-name={{ include "ingress-nginx.fullname" . }}-admission - --patch-failure-policy={{ .Values.controller.admissionWebhooks.failurePolicy }} + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace restartPolicy: OnFailure serviceAccountName: {{ include "ingress-nginx.fullname" . }}-admission {{- if .Values.controller.admissionWebhooks.patch.nodeSelector }} diff --git a/charts/ingress-nginx/templates/controller-deployment.yaml b/charts/ingress-nginx/templates/controller-deployment.yaml index e9d5eaf28..a18fc38c6 100644 --- a/charts/ingress-nginx/templates/controller-deployment.yaml +++ b/charts/ingress-nginx/templates/controller-deployment.yaml @@ -71,22 +71,22 @@ spec: args: - /nginx-ingress-controller {{- if .Values.defaultBackend.enabled }} - - --default-backend-service={{ .Release.Namespace }}/{{ include "ingress-nginx.defaultBackend.fullname" . }} + - --default-backend-service=$(POD_NAMESPACE)/{{ include "ingress-nginx.defaultBackend.fullname" . }} {{- end }} {{- if .Values.controller.publishService.enabled }} - --publish-service={{ template "ingress-nginx.controller.publishServicePath" . }} {{- end }} - --election-id={{ .Values.controller.electionID }} - --ingress-class={{ .Values.controller.ingressClass }} - - --configmap={{ .Release.Namespace }}/{{ include "ingress-nginx.controller.fullname" . }} + - --configmap=$(POD_NAMESPACE)/{{ include "ingress-nginx.controller.fullname" . }} {{- if .Values.tcp }} - - --tcp-services-configmap={{ .Release.Namespace }}/{{ include "ingress-nginx.fullname" . }}-tcp + - --tcp-services-configmap=$(POD_NAMESPACE)/{{ include "ingress-nginx.fullname" . }}-tcp {{- end }} {{- if .Values.udp }} - - --udp-services-configmap={{ .Release.Namespace }}/{{ include "ingress-nginx.fullname" . }}-udp + - --udp-services-configmap=$(POD_NAMESPACE)/{{ include "ingress-nginx.fullname" . }}-udp {{- end }} {{- if .Values.controller.scope.enabled }} - - --watch-namespace={{ default .Release.Namespace .Values.controller.scope.namespace }} + - --watch-namespace={{ default "$(POD_NAMESPACE)" .Values.controller.scope.namespace }} {{- end }} {{- if and .Values.controller.reportNodeInternalIp .Values.controller.hostNetwork }} - --report-node-internal-ip-address={{ .Values.controller.reportNodeInternalIp }}