From 8c8577cafc18c0b293c7186bb003d8a44a2d59ce Mon Sep 17 00:00:00 2001 From: jasine Date: Fri, 20 Oct 2023 00:08:40 +0800 Subject: [PATCH 1/5] feat: add namespace overrides --- charts/ingress-nginx/templates/NOTES.txt | 12 ++++++------ charts/ingress-nginx/templates/_helpers.tpl | 11 +++++++++++ .../templates/admission-webhooks/cert-manager.yaml | 12 ++++++------ .../job-patch/clusterrolebinding.yaml | 2 +- .../job-patch/job-createSecret.yaml | 2 +- .../job-patch/job-patchWebhook.yaml | 2 +- .../admission-webhooks/job-patch/networkpolicy.yaml | 2 +- .../templates/admission-webhooks/job-patch/role.yaml | 4 ++-- .../admission-webhooks/job-patch/rolebinding.yaml | 4 ++-- .../admission-webhooks/job-patch/serviceaccount.yaml | 2 +- .../admission-webhooks/validating-webhook.yaml | 2 +- .../ingress-nginx/templates/clusterrolebinding.yaml | 2 +- .../templates/controller-configmap-addheaders.yaml | 2 +- .../templates/controller-configmap-proxyheaders.yaml | 2 +- .../templates/controller-configmap-tcp.yaml | 2 +- .../templates/controller-configmap-udp.yaml | 2 +- .../templates/controller-configmap.yaml | 8 ++++---- .../templates/controller-daemonset.yaml | 2 +- .../templates/controller-deployment.yaml | 2 +- charts/ingress-nginx/templates/controller-hpa.yaml | 2 +- .../templates/controller-networkpolicy.yaml | 2 +- .../templates/controller-poddisruptionbudget.yaml | 2 +- charts/ingress-nginx/templates/controller-role.yaml | 2 +- .../templates/controller-rolebinding.yaml | 4 ++-- .../ingress-nginx/templates/controller-secret.yaml | 2 +- .../templates/controller-service-internal.yaml | 2 +- .../templates/controller-service-metrics.yaml | 2 +- .../templates/controller-service-webhook.yaml | 2 +- .../ingress-nginx/templates/controller-service.yaml | 2 +- .../templates/controller-serviceaccount.yaml | 2 +- .../templates/controller-servicemonitor.yaml | 4 ++-- .../templates/default-backend-deployment.yaml | 2 +- .../ingress-nginx/templates/default-backend-hpa.yaml | 2 +- .../templates/default-backend-networkpolicy.yaml | 2 +- .../default-backend-poddisruptionbudget.yaml | 2 +- .../templates/default-backend-role.yaml | 2 +- .../templates/default-backend-rolebinding.yaml | 4 ++-- .../templates/default-backend-service.yaml | 2 +- .../templates/default-backend-serviceaccount.yaml | 2 +- charts/ingress-nginx/values.yaml | 6 +++++- 40 files changed, 72 insertions(+), 57 deletions(-) diff --git a/charts/ingress-nginx/templates/NOTES.txt b/charts/ingress-nginx/templates/NOTES.txt index 9fe35c785..72267e13f 100644 --- a/charts/ingress-nginx/templates/NOTES.txt +++ b/charts/ingress-nginx/templates/NOTES.txt @@ -6,24 +6,24 @@ Get the application URL by running these commands: {{- if (not (empty .Values.controller.service.nodePorts.http)) }} export HTTP_NODE_PORT={{ .Values.controller.service.nodePorts.http }} {{- else }} - export HTTP_NODE_PORT=$(kubectl --namespace {{ .Release.Namespace }} get services -o jsonpath="{.spec.ports[0].nodePort}" {{ include "ingress-nginx.controller.fullname" . }}) + export HTTP_NODE_PORT=$(kubectl --namespace {{ include "ingress-nginx.namespace" . }} get services -o jsonpath="{.spec.ports[0].nodePort}" {{ include "ingress-nginx.controller.fullname" . }}) {{- end }} {{- if (not (empty .Values.controller.service.nodePorts.https)) }} export HTTPS_NODE_PORT={{ .Values.controller.service.nodePorts.https }} {{- else }} - export HTTPS_NODE_PORT=$(kubectl --namespace {{ .Release.Namespace }} get services -o jsonpath="{.spec.ports[1].nodePort}" {{ include "ingress-nginx.controller.fullname" . }}) + export HTTPS_NODE_PORT=$(kubectl --namespace {{ include "ingress-nginx.namespace" . }} get services -o jsonpath="{.spec.ports[1].nodePort}" {{ include "ingress-nginx.controller.fullname" . }}) {{- end }} - export NODE_IP=$(kubectl --namespace {{ .Release.Namespace }} get nodes -o jsonpath="{.items[0].status.addresses[1].address}") + export NODE_IP=$(kubectl --namespace {{ include "ingress-nginx.namespace" . }} get nodes -o jsonpath="{.items[0].status.addresses[1].address}") echo "Visit http://$NODE_IP:$HTTP_NODE_PORT to access your application via HTTP." echo "Visit https://$NODE_IP:$HTTPS_NODE_PORT to access your application via HTTPS." {{- else if contains "LoadBalancer" .Values.controller.service.type }} It may take a few minutes for the LoadBalancer IP to be available. -You can watch the status by running 'kubectl --namespace {{ .Release.Namespace }} get services -o wide -w {{ include "ingress-nginx.controller.fullname" . }}' +You can watch the status by running 'kubectl --namespace {{ include "ingress-nginx.namespace" . }} get services -o wide -w {{ include "ingress-nginx.controller.fullname" . }}' {{- else if contains "ClusterIP" .Values.controller.service.type }} Get the application URL by running these commands: - export POD_NAME=$(kubectl --namespace {{ .Release.Namespace }} get pods -o jsonpath="{.items[0].metadata.name}" -l "app={{ template "ingress-nginx.name" . }},component={{ .Values.controller.name }},release={{ .Release.Name }}") - kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:80 + export POD_NAME=$(kubectl --namespace {{ include "ingress-nginx.namespace" . }} get pods -o jsonpath="{.items[0].metadata.name}" -l "app={{ template "ingress-nginx.name" . }},component={{ .Values.controller.name }},release={{ .Release.Name }}") + kubectl --namespace {{ include "ingress-nginx.namespace" . }} port-forward $POD_NAME 8080:80 echo "Visit http://127.0.0.1:8080 to access your application." {{- end }} diff --git a/charts/ingress-nginx/templates/_helpers.tpl b/charts/ingress-nginx/templates/_helpers.tpl index 7206fe5ba..26c3693f2 100644 --- a/charts/ingress-nginx/templates/_helpers.tpl +++ b/charts/ingress-nginx/templates/_helpers.tpl @@ -30,6 +30,17 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this {{- end -}} {{- end -}} +{{/* +Allow the release namespace to be overridden for multi-namespace deployments in combined charts +*/}} +{{- define "ingress-nginx.namespace" -}} + {{- if .Values.namespaceOverride -}} + {{- .Values.namespaceOverride -}} + {{- else -}} + {{- .Release.Namespace -}} + {{- end -}} +{{- end -}} + {{/* Container SecurityContext. diff --git a/charts/ingress-nginx/templates/admission-webhooks/cert-manager.yaml b/charts/ingress-nginx/templates/admission-webhooks/cert-manager.yaml index 55fab471c..c174422cf 100644 --- a/charts/ingress-nginx/templates/admission-webhooks/cert-manager.yaml +++ b/charts/ingress-nginx/templates/admission-webhooks/cert-manager.yaml @@ -6,7 +6,7 @@ apiVersion: cert-manager.io/v1 kind: Issuer metadata: name: {{ include "ingress-nginx.fullname" . }}-self-signed-issuer - namespace: {{ .Release.Namespace }} + namespace: {{ include "ingress-nginx.namespace" . }} spec: selfSigned: {} --- @@ -15,7 +15,7 @@ apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: {{ include "ingress-nginx.fullname" . }}-root-cert - namespace: {{ .Release.Namespace }} + namespace: {{ include "ingress-nginx.namespace" . }} spec: secretName: {{ include "ingress-nginx.fullname" . }}-root-cert duration: {{ .Values.controller.admissionWebhooks.certManager.rootCert.duration | default "43800h0m0s" | quote }} @@ -32,7 +32,7 @@ apiVersion: cert-manager.io/v1 kind: Issuer metadata: name: {{ include "ingress-nginx.fullname" . }}-root-issuer - namespace: {{ .Release.Namespace }} + namespace: {{ include "ingress-nginx.namespace" . }} spec: ca: secretName: {{ include "ingress-nginx.fullname" . }}-root-cert @@ -43,7 +43,7 @@ apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: {{ include "ingress-nginx.fullname" . }}-admission - namespace: {{ .Release.Namespace }} + namespace: {{ include "ingress-nginx.namespace" . }} spec: secretName: {{ include "ingress-nginx.fullname" . }}-admission duration: {{ .Values.controller.admissionWebhooks.certManager.admissionCert.duration | default "8760h0m0s" | quote }} @@ -55,8 +55,8 @@ spec: {{- end }} dnsNames: - {{ include "ingress-nginx.controller.fullname" . }}-admission - - {{ include "ingress-nginx.controller.fullname" . }}-admission.{{ .Release.Namespace }} - - {{ include "ingress-nginx.controller.fullname" . }}-admission.{{ .Release.Namespace }}.svc + - {{ include "ingress-nginx.controller.fullname" . }}-admission.{{ include "ingress-nginx.namespace" . }} + - {{ include "ingress-nginx.controller.fullname" . }}-admission.{{ include "ingress-nginx.namespace" . }}.svc subject: organizations: - ingress-nginx-admission diff --git a/charts/ingress-nginx/templates/admission-webhooks/job-patch/clusterrolebinding.yaml b/charts/ingress-nginx/templates/admission-webhooks/job-patch/clusterrolebinding.yaml index 871953261..00081b50a 100644 --- a/charts/ingress-nginx/templates/admission-webhooks/job-patch/clusterrolebinding.yaml +++ b/charts/ingress-nginx/templates/admission-webhooks/job-patch/clusterrolebinding.yaml @@ -19,5 +19,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ include "ingress-nginx.fullname" . }}-admission - namespace: {{ .Release.Namespace | quote }} + namespace: {{ (include "ingress-nginx.namespace" .) | quote }} {{- end }} diff --git a/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml b/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml index d93433ecd..39608d264 100644 --- a/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml +++ b/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml @@ -3,7 +3,7 @@ apiVersion: batch/v1 kind: Job metadata: name: {{ include "ingress-nginx.fullname" . }}-admission-create - namespace: {{ .Release.Namespace }} + namespace: {{ include "ingress-nginx.namespace" . }} annotations: "helm.sh/hook": pre-install,pre-upgrade "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded diff --git a/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml b/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml index 0fa3ff9a2..b1b21cdaa 100644 --- a/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml +++ b/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml @@ -3,7 +3,7 @@ apiVersion: batch/v1 kind: Job metadata: name: {{ include "ingress-nginx.fullname" . }}-admission-patch - namespace: {{ .Release.Namespace }} + namespace: {{ include "ingress-nginx.namespace" . }} annotations: "helm.sh/hook": post-install,post-upgrade "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded diff --git a/charts/ingress-nginx/templates/admission-webhooks/job-patch/networkpolicy.yaml b/charts/ingress-nginx/templates/admission-webhooks/job-patch/networkpolicy.yaml index d59da7c9c..a1ae3c0ab 100644 --- a/charts/ingress-nginx/templates/admission-webhooks/job-patch/networkpolicy.yaml +++ b/charts/ingress-nginx/templates/admission-webhooks/job-patch/networkpolicy.yaml @@ -3,7 +3,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: {{ include "ingress-nginx.fullname" . }}-admission - namespace: {{ .Release.Namespace }} + namespace: {{ include "ingress-nginx.namespace" . }} annotations: "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded diff --git a/charts/ingress-nginx/templates/admission-webhooks/job-patch/role.yaml b/charts/ingress-nginx/templates/admission-webhooks/job-patch/role.yaml index ea7c20818..ef463100d 100644 --- a/charts/ingress-nginx/templates/admission-webhooks/job-patch/role.yaml +++ b/charts/ingress-nginx/templates/admission-webhooks/job-patch/role.yaml @@ -2,8 +2,8 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: {{ include "ingress-nginx.fullname" . }}-admission - namespace: {{ .Release.Namespace }} + name: {{ include "ingress-nginx.fullname" . }}-admission + namespace: {{ include "ingress-nginx.namespace" . }} annotations: "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded diff --git a/charts/ingress-nginx/templates/admission-webhooks/job-patch/rolebinding.yaml b/charts/ingress-nginx/templates/admission-webhooks/job-patch/rolebinding.yaml index 60c3f4ff0..7548a9f36 100644 --- a/charts/ingress-nginx/templates/admission-webhooks/job-patch/rolebinding.yaml +++ b/charts/ingress-nginx/templates/admission-webhooks/job-patch/rolebinding.yaml @@ -3,7 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: {{ include "ingress-nginx.fullname" . }}-admission - namespace: {{ .Release.Namespace }} + namespace: {{ include "ingress-nginx.namespace" . }} annotations: "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded @@ -20,5 +20,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ include "ingress-nginx.fullname" . }}-admission - namespace: {{ .Release.Namespace | quote }} + namespace: {{ (include "ingress-nginx.namespace" .) | quote }} {{- end }} diff --git a/charts/ingress-nginx/templates/admission-webhooks/job-patch/serviceaccount.yaml b/charts/ingress-nginx/templates/admission-webhooks/job-patch/serviceaccount.yaml index 00be54ec5..814aec91a 100644 --- a/charts/ingress-nginx/templates/admission-webhooks/job-patch/serviceaccount.yaml +++ b/charts/ingress-nginx/templates/admission-webhooks/job-patch/serviceaccount.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ include "ingress-nginx.fullname" . }}-admission - namespace: {{ .Release.Namespace }} + namespace: {{ include "ingress-nginx.namespace" . }} annotations: "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded diff --git a/charts/ingress-nginx/templates/admission-webhooks/validating-webhook.yaml b/charts/ingress-nginx/templates/admission-webhooks/validating-webhook.yaml index f27244dc9..da001e839 100644 --- a/charts/ingress-nginx/templates/admission-webhooks/validating-webhook.yaml +++ b/charts/ingress-nginx/templates/admission-webhooks/validating-webhook.yaml @@ -38,7 +38,7 @@ webhooks: - v1 clientConfig: service: - namespace: {{ .Release.Namespace | quote }} + namespace: {{ (include "ingress-nginx.namespace" .) | quote }} name: {{ include "ingress-nginx.controller.fullname" . }}-admission path: /networking/v1/ingresses {{- if .Values.controller.admissionWebhooks.timeoutSeconds }} diff --git a/charts/ingress-nginx/templates/clusterrolebinding.yaml b/charts/ingress-nginx/templates/clusterrolebinding.yaml index acbbd8b10..a38f84e80 100644 --- a/charts/ingress-nginx/templates/clusterrolebinding.yaml +++ b/charts/ingress-nginx/templates/clusterrolebinding.yaml @@ -15,5 +15,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ template "ingress-nginx.serviceAccountName" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ (include "ingress-nginx.namespace" .) | quote }} {{- end }} diff --git a/charts/ingress-nginx/templates/controller-configmap-addheaders.yaml b/charts/ingress-nginx/templates/controller-configmap-addheaders.yaml index dfd49a126..4e4bd1310 100644 --- a/charts/ingress-nginx/templates/controller-configmap-addheaders.yaml +++ b/charts/ingress-nginx/templates/controller-configmap-addheaders.yaml @@ -9,6 +9,6 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} name: {{ include "ingress-nginx.fullname" . }}-custom-add-headers - namespace: {{ .Release.Namespace }} + namespace: {{ include "ingress-nginx.namespace" . }} data: {{ toYaml .Values.controller.addHeaders | nindent 2 }} {{- end }} diff --git a/charts/ingress-nginx/templates/controller-configmap-proxyheaders.yaml b/charts/ingress-nginx/templates/controller-configmap-proxyheaders.yaml index 38feb721f..0a22600db 100644 --- a/charts/ingress-nginx/templates/controller-configmap-proxyheaders.yaml +++ b/charts/ingress-nginx/templates/controller-configmap-proxyheaders.yaml @@ -9,6 +9,6 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} name: {{ include "ingress-nginx.fullname" . }}-custom-proxy-headers - namespace: {{ .Release.Namespace }} + namespace: {{ include "ingress-nginx.namespace" . }} data: {{ toYaml .Values.controller.proxySetHeaders | nindent 2 }} {{- end }} diff --git a/charts/ingress-nginx/templates/controller-configmap-tcp.yaml b/charts/ingress-nginx/templates/controller-configmap-tcp.yaml index 0f6088ea9..131a9ad51 100644 --- a/charts/ingress-nginx/templates/controller-configmap-tcp.yaml +++ b/charts/ingress-nginx/templates/controller-configmap-tcp.yaml @@ -12,6 +12,6 @@ metadata: annotations: {{ toYaml .Values.controller.tcp.annotations | nindent 4 }} {{- end }} name: {{ include "ingress-nginx.fullname" . }}-tcp - namespace: {{ .Release.Namespace }} + namespace: {{ include "ingress-nginx.namespace" . }} data: {{ tpl (toYaml .Values.tcp) . | nindent 2 }} {{- end }} diff --git a/charts/ingress-nginx/templates/controller-configmap-udp.yaml b/charts/ingress-nginx/templates/controller-configmap-udp.yaml index 3772ec514..7137da9ad 100644 --- a/charts/ingress-nginx/templates/controller-configmap-udp.yaml +++ b/charts/ingress-nginx/templates/controller-configmap-udp.yaml @@ -12,6 +12,6 @@ metadata: annotations: {{ toYaml .Values.controller.udp.annotations | nindent 4 }} {{- end }} name: {{ include "ingress-nginx.fullname" . }}-udp - namespace: {{ .Release.Namespace }} + namespace: {{ include "ingress-nginx.namespace" . }} data: {{ tpl (toYaml .Values.udp) . | nindent 2 }} {{- end }} diff --git a/charts/ingress-nginx/templates/controller-configmap.yaml b/charts/ingress-nginx/templates/controller-configmap.yaml index 9ec2b8369..662a16204 100644 --- a/charts/ingress-nginx/templates/controller-configmap.yaml +++ b/charts/ingress-nginx/templates/controller-configmap.yaml @@ -11,17 +11,17 @@ metadata: annotations: {{ toYaml .Values.controller.configAnnotations | nindent 4 }} {{- end }} name: {{ include "ingress-nginx.controller.fullname" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "ingress-nginx.namespace" . }} data: allow-snippet-annotations: "{{ .Values.controller.allowSnippetAnnotations }}" {{- if .Values.controller.addHeaders }} - add-headers: {{ .Release.Namespace }}/{{ include "ingress-nginx.fullname" . }}-custom-add-headers + add-headers: {{ include "ingress-nginx.namespace" . }}/{{ include "ingress-nginx.fullname" . }}-custom-add-headers {{- end }} {{- if .Values.controller.proxySetHeaders }} - proxy-set-headers: {{ .Release.Namespace }}/{{ include "ingress-nginx.fullname" . }}-custom-proxy-headers + proxy-set-headers: {{ include "ingress-nginx.namespace" . }}/{{ include "ingress-nginx.fullname" . }}-custom-proxy-headers {{- end }} {{- if .Values.dhParam }} - ssl-dh-param: {{ .Release.Namespace }}/{{ include "ingress-nginx.controller.fullname" . }} + ssl-dh-param: {{ include "ingress-nginx.namespace" . }}/{{ include "ingress-nginx.controller.fullname" . }} {{- end }} {{- range $key, $value := .Values.controller.config }} {{- $key | nindent 2 }}: {{ $value | quote }} diff --git a/charts/ingress-nginx/templates/controller-daemonset.yaml b/charts/ingress-nginx/templates/controller-daemonset.yaml index 5d94eb2f5..7226e4436 100644 --- a/charts/ingress-nginx/templates/controller-daemonset.yaml +++ b/charts/ingress-nginx/templates/controller-daemonset.yaml @@ -10,7 +10,7 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} name: {{ include "ingress-nginx.controller.fullname" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "ingress-nginx.namespace" . }} {{- if .Values.controller.annotations }} annotations: {{ toYaml .Values.controller.annotations | nindent 4 }} {{- end }} diff --git a/charts/ingress-nginx/templates/controller-deployment.yaml b/charts/ingress-nginx/templates/controller-deployment.yaml index e23414ec9..1d9052e8f 100644 --- a/charts/ingress-nginx/templates/controller-deployment.yaml +++ b/charts/ingress-nginx/templates/controller-deployment.yaml @@ -10,7 +10,7 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} name: {{ include "ingress-nginx.controller.fullname" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "ingress-nginx.namespace" . }} {{- if .Values.controller.annotations }} annotations: {{ toYaml .Values.controller.annotations | nindent 4 }} {{- end }} diff --git a/charts/ingress-nginx/templates/controller-hpa.yaml b/charts/ingress-nginx/templates/controller-hpa.yaml index f212bc4f5..fba77e0dd 100644 --- a/charts/ingress-nginx/templates/controller-hpa.yaml +++ b/charts/ingress-nginx/templates/controller-hpa.yaml @@ -12,7 +12,7 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} name: {{ include "ingress-nginx.controller.fullname" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "ingress-nginx.namespace" . }} spec: scaleTargetRef: apiVersion: apps/v1 diff --git a/charts/ingress-nginx/templates/controller-networkpolicy.yaml b/charts/ingress-nginx/templates/controller-networkpolicy.yaml index 15d6012f7..e68f9916d 100644 --- a/charts/ingress-nginx/templates/controller-networkpolicy.yaml +++ b/charts/ingress-nginx/templates/controller-networkpolicy.yaml @@ -9,7 +9,7 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} name: {{ include "ingress-nginx.controller.fullname" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "ingress-nginx.namespace" . }} spec: podSelector: matchLabels: diff --git a/charts/ingress-nginx/templates/controller-poddisruptionbudget.yaml b/charts/ingress-nginx/templates/controller-poddisruptionbudget.yaml index 91be5801f..8cb7d4b97 100644 --- a/charts/ingress-nginx/templates/controller-poddisruptionbudget.yaml +++ b/charts/ingress-nginx/templates/controller-poddisruptionbudget.yaml @@ -9,7 +9,7 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} name: {{ include "ingress-nginx.controller.fullname" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "ingress-nginx.namespace" . }} {{- if .Values.controller.annotations }} annotations: {{ toYaml .Values.controller.annotations | nindent 4 }} {{- end }} diff --git a/charts/ingress-nginx/templates/controller-role.yaml b/charts/ingress-nginx/templates/controller-role.yaml index d1aa9aac7..f6217a29a 100644 --- a/charts/ingress-nginx/templates/controller-role.yaml +++ b/charts/ingress-nginx/templates/controller-role.yaml @@ -9,7 +9,7 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} name: {{ include "ingress-nginx.fullname" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "ingress-nginx.namespace" . }} rules: - apiGroups: - "" diff --git a/charts/ingress-nginx/templates/controller-rolebinding.yaml b/charts/ingress-nginx/templates/controller-rolebinding.yaml index e846a1183..cdd1ec225 100644 --- a/charts/ingress-nginx/templates/controller-rolebinding.yaml +++ b/charts/ingress-nginx/templates/controller-rolebinding.yaml @@ -9,7 +9,7 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} name: {{ include "ingress-nginx.fullname" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "ingress-nginx.namespace" . }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role @@ -17,5 +17,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ template "ingress-nginx.serviceAccountName" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ (include "ingress-nginx.namespace" .) | quote }} {{- end }} diff --git a/charts/ingress-nginx/templates/controller-secret.yaml b/charts/ingress-nginx/templates/controller-secret.yaml index f3744232f..f20f53469 100644 --- a/charts/ingress-nginx/templates/controller-secret.yaml +++ b/charts/ingress-nginx/templates/controller-secret.yaml @@ -9,7 +9,7 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} name: {{ include "ingress-nginx.controller.fullname" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "ingress-nginx.namespace" . }} data: dhparam.pem: {{ .Values.dhParam }} {{- end }} diff --git a/charts/ingress-nginx/templates/controller-service-internal.yaml b/charts/ingress-nginx/templates/controller-service-internal.yaml index 46c75fa52..b69a09f67 100644 --- a/charts/ingress-nginx/templates/controller-service-internal.yaml +++ b/charts/ingress-nginx/templates/controller-service-internal.yaml @@ -13,7 +13,7 @@ metadata: {{- toYaml .Values.controller.service.labels | nindent 4 }} {{- end }} name: {{ include "ingress-nginx.controller.fullname" . }}-internal - namespace: {{ .Release.Namespace }} + namespace: {{ include "ingress-nginx.namespace" . }} spec: type: "{{ .Values.controller.service.type }}" {{- if hasKey .Values.controller.service.internal "allocateLoadBalancerNodePorts" }} diff --git a/charts/ingress-nginx/templates/controller-service-metrics.yaml b/charts/ingress-nginx/templates/controller-service-metrics.yaml index b178401c9..7c153295f 100644 --- a/charts/ingress-nginx/templates/controller-service-metrics.yaml +++ b/charts/ingress-nginx/templates/controller-service-metrics.yaml @@ -12,7 +12,7 @@ metadata: {{- toYaml .Values.controller.metrics.service.labels | nindent 4 }} {{- end }} name: {{ include "ingress-nginx.controller.fullname" . }}-metrics - namespace: {{ .Release.Namespace }} + namespace: {{ include "ingress-nginx.namespace" . }} spec: type: {{ .Values.controller.metrics.service.type }} {{- if .Values.controller.metrics.service.clusterIP }} diff --git a/charts/ingress-nginx/templates/controller-service-webhook.yaml b/charts/ingress-nginx/templates/controller-service-webhook.yaml index 2aae24fcf..2d02e23aa 100644 --- a/charts/ingress-nginx/templates/controller-service-webhook.yaml +++ b/charts/ingress-nginx/templates/controller-service-webhook.yaml @@ -12,7 +12,7 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} name: {{ include "ingress-nginx.controller.fullname" . }}-admission - namespace: {{ .Release.Namespace }} + namespace: {{ include "ingress-nginx.namespace" . }} spec: type: {{ .Values.controller.admissionWebhooks.service.type }} {{- if .Values.controller.admissionWebhooks.service.clusterIP }} diff --git a/charts/ingress-nginx/templates/controller-service.yaml b/charts/ingress-nginx/templates/controller-service.yaml index 58d86b6d2..d81635014 100644 --- a/charts/ingress-nginx/templates/controller-service.yaml +++ b/charts/ingress-nginx/templates/controller-service.yaml @@ -13,7 +13,7 @@ metadata: {{- toYaml .Values.controller.service.labels | nindent 4 }} {{- end }} name: {{ include "ingress-nginx.controller.fullname" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "ingress-nginx.namespace" . }} spec: type: {{ .Values.controller.service.type }} {{- if hasKey .Values.controller.service "allocateLoadBalancerNodePorts" }} diff --git a/charts/ingress-nginx/templates/controller-serviceaccount.yaml b/charts/ingress-nginx/templates/controller-serviceaccount.yaml index e9e9f32ef..df83de3d0 100644 --- a/charts/ingress-nginx/templates/controller-serviceaccount.yaml +++ b/charts/ingress-nginx/templates/controller-serviceaccount.yaml @@ -9,7 +9,7 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} name: {{ template "ingress-nginx.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "ingress-nginx.namespace" . }} {{- if .Values.serviceAccount.annotations }} annotations: {{ toYaml .Values.serviceAccount.annotations | nindent 4 }} {{- end }} diff --git a/charts/ingress-nginx/templates/controller-servicemonitor.yaml b/charts/ingress-nginx/templates/controller-servicemonitor.yaml index 482fe7f3c..bf3734b73 100644 --- a/charts/ingress-nginx/templates/controller-servicemonitor.yaml +++ b/charts/ingress-nginx/templates/controller-servicemonitor.yaml @@ -6,7 +6,7 @@ metadata: {{- if .Values.controller.metrics.serviceMonitor.namespace }} namespace: {{ .Values.controller.metrics.serviceMonitor.namespace | quote }} {{- else }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "ingress-nginx.namespace" . }} {{- end }} labels: {{- include "ingress-nginx.labels" . | nindent 4 }} @@ -35,7 +35,7 @@ spec: {{- else }} namespaceSelector: matchNames: - - {{ .Release.Namespace }} + - {{ include "ingress-nginx.namespace" . }} {{- end }} {{- if .Values.controller.metrics.serviceMonitor.targetLabels }} targetLabels: diff --git a/charts/ingress-nginx/templates/default-backend-deployment.yaml b/charts/ingress-nginx/templates/default-backend-deployment.yaml index 87aced49d..44c3732b0 100644 --- a/charts/ingress-nginx/templates/default-backend-deployment.yaml +++ b/charts/ingress-nginx/templates/default-backend-deployment.yaml @@ -9,7 +9,7 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} name: {{ include "ingress-nginx.defaultBackend.fullname" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "ingress-nginx.namespace" . }} spec: selector: matchLabels: diff --git a/charts/ingress-nginx/templates/default-backend-hpa.yaml b/charts/ingress-nginx/templates/default-backend-hpa.yaml index faaf4fa75..699323897 100644 --- a/charts/ingress-nginx/templates/default-backend-hpa.yaml +++ b/charts/ingress-nginx/templates/default-backend-hpa.yaml @@ -12,7 +12,7 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} name: {{ include "ingress-nginx.defaultBackend.fullname" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "ingress-nginx.namespace" . }} spec: scaleTargetRef: apiVersion: apps/v1 diff --git a/charts/ingress-nginx/templates/default-backend-networkpolicy.yaml b/charts/ingress-nginx/templates/default-backend-networkpolicy.yaml index f3a012657..90b3c2ba0 100644 --- a/charts/ingress-nginx/templates/default-backend-networkpolicy.yaml +++ b/charts/ingress-nginx/templates/default-backend-networkpolicy.yaml @@ -9,7 +9,7 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} name: {{ include "ingress-nginx.defaultBackend.fullname" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "ingress-nginx.namespace" . }} spec: podSelector: matchLabels: diff --git a/charts/ingress-nginx/templates/default-backend-poddisruptionbudget.yaml b/charts/ingress-nginx/templates/default-backend-poddisruptionbudget.yaml index 00891cee5..f869e4530 100644 --- a/charts/ingress-nginx/templates/default-backend-poddisruptionbudget.yaml +++ b/charts/ingress-nginx/templates/default-backend-poddisruptionbudget.yaml @@ -10,7 +10,7 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} name: {{ include "ingress-nginx.defaultBackend.fullname" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "ingress-nginx.namespace" . }} spec: selector: matchLabels: diff --git a/charts/ingress-nginx/templates/default-backend-role.yaml b/charts/ingress-nginx/templates/default-backend-role.yaml index a2b457c36..dd7868aa0 100644 --- a/charts/ingress-nginx/templates/default-backend-role.yaml +++ b/charts/ingress-nginx/templates/default-backend-role.yaml @@ -9,7 +9,7 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} name: {{ include "ingress-nginx.fullname" . }}-backend - namespace: {{ .Release.Namespace }} + namespace: {{ include "ingress-nginx.namespace" . }} rules: - apiGroups: [{{ template "podSecurityPolicy.apiGroup" . }}] resources: ['podsecuritypolicies'] diff --git a/charts/ingress-nginx/templates/default-backend-rolebinding.yaml b/charts/ingress-nginx/templates/default-backend-rolebinding.yaml index dbaa516b9..70064e85e 100644 --- a/charts/ingress-nginx/templates/default-backend-rolebinding.yaml +++ b/charts/ingress-nginx/templates/default-backend-rolebinding.yaml @@ -9,7 +9,7 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} name: {{ include "ingress-nginx.fullname" . }}-backend - namespace: {{ .Release.Namespace }} + namespace: {{ include "ingress-nginx.namespace" . }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role @@ -17,5 +17,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ template "ingress-nginx.defaultBackend.serviceAccountName" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ (include "ingress-nginx.namespace" .) | quote }} {{- end }} diff --git a/charts/ingress-nginx/templates/default-backend-service.yaml b/charts/ingress-nginx/templates/default-backend-service.yaml index 5f1d09a95..2cccd6e9e 100644 --- a/charts/ingress-nginx/templates/default-backend-service.yaml +++ b/charts/ingress-nginx/templates/default-backend-service.yaml @@ -12,7 +12,7 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} name: {{ include "ingress-nginx.defaultBackend.fullname" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "ingress-nginx.namespace" . }} spec: type: {{ .Values.defaultBackend.service.type }} {{- if .Values.defaultBackend.service.clusterIP }} diff --git a/charts/ingress-nginx/templates/default-backend-serviceaccount.yaml b/charts/ingress-nginx/templates/default-backend-serviceaccount.yaml index b45a95ad2..2afaf0c04 100644 --- a/charts/ingress-nginx/templates/default-backend-serviceaccount.yaml +++ b/charts/ingress-nginx/templates/default-backend-serviceaccount.yaml @@ -9,6 +9,6 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} name: {{ template "ingress-nginx.defaultBackend.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "ingress-nginx.namespace" . }} automountServiceAccountToken: {{ .Values.defaultBackend.serviceAccount.automountServiceAccountToken }} {{- end }} diff --git a/charts/ingress-nginx/values.yaml b/charts/ingress-nginx/values.yaml index a10004661..ff6ab2988 100644 --- a/charts/ingress-nginx/values.yaml +++ b/charts/ingress-nginx/values.yaml @@ -7,6 +7,10 @@ # nameOverride: # fullnameOverride: +## Overrides for namespace +# See templates/_helpers.tpl +namespaceOverride: "" + ## Labels to apply to all resources ## commonLabels: {} @@ -707,7 +711,7 @@ controller: ## jobLabel: "app.kubernetes.io/name" namespace: "" namespaceSelector: {} - ## Default: scrape .Release.Namespace only + ## Default: scrape .Release.Namespace or namespaceOverride only ## To scrape all, use the following: ## namespaceSelector: ## any: true From e4ebc3de5772ef4aa8be3fd23ab592e8e7b1bd86 Mon Sep 17 00:00:00 2001 From: jasine Date: Fri, 20 Oct 2023 00:38:16 +0800 Subject: [PATCH 2/5] add value in readme --- charts/ingress-nginx/README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/charts/ingress-nginx/README.md b/charts/ingress-nginx/README.md index 342337d9e..7f79b84bc 100644 --- a/charts/ingress-nginx/README.md +++ b/charts/ingress-nginx/README.md @@ -233,6 +233,7 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu | Key | Type | Default | Description | |-----|------|---------|-------------| +| namespaceOverride | string | `""` | Override the deployment namespace, defaults to Release.Namespace | | commonLabels | object | `{}` | | | controller.addHeaders | object | `{}` | Will add custom headers before sending response traffic to the client according to: https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#add-headers | | controller.admissionWebhooks.annotations | object | `{}` | | From e6f07254fb45e837799c775aca9ce187054d345b Mon Sep 17 00:00:00 2001 From: jasine Date: Fri, 20 Oct 2023 00:48:37 +0800 Subject: [PATCH 3/5] fix: readme description --- charts/ingress-nginx/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/ingress-nginx/README.md b/charts/ingress-nginx/README.md index 7f79b84bc..f888a6101 100644 --- a/charts/ingress-nginx/README.md +++ b/charts/ingress-nginx/README.md @@ -233,7 +233,6 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu | Key | Type | Default | Description | |-----|------|---------|-------------| -| namespaceOverride | string | `""` | Override the deployment namespace, defaults to Release.Namespace | | commonLabels | object | `{}` | | | controller.addHeaders | object | `{}` | Will add custom headers before sending response traffic to the client according to: https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#add-headers | | controller.admissionWebhooks.annotations | object | `{}` | | @@ -498,6 +497,7 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu | defaultBackend.updateStrategy | object | `{}` | The update strategy to apply to the Deployment or DaemonSet # | | dhParam | string | `""` | A base64-encoded Diffie-Hellman parameter. This can be generated with: `openssl dhparam 4096 2> /dev/null | base64` # Ref: https://github.com/kubernetes/ingress-nginx/tree/main/docs/examples/customization/ssl-dh-param | | imagePullSecrets | list | `[]` | Optional array of imagePullSecrets containing private registry credentials # Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ | +| namespaceOverride | string | `""` | Override the deployment namespace, defaults to Release.Namespace | | podSecurityPolicy.enabled | bool | `false` | | | portNamePrefix | string | `""` | Prefix for TCP and UDP ports names in ingress controller service # Some cloud providers, like Yandex Cloud may have a requirements for a port name regex to support cloud load balancer integration | | rbac.create | bool | `true` | | From d9aac9e35f62a85335bdfc8e1edab14b897f6973 Mon Sep 17 00:00:00 2001 From: jasine Date: Fri, 20 Oct 2023 01:05:29 +0800 Subject: [PATCH 4/5] fix: description in value --- charts/ingress-nginx/README.md | 2 +- charts/ingress-nginx/values.yaml | 3 +-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/charts/ingress-nginx/README.md b/charts/ingress-nginx/README.md index f888a6101..13f619f3b 100644 --- a/charts/ingress-nginx/README.md +++ b/charts/ingress-nginx/README.md @@ -497,7 +497,7 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu | defaultBackend.updateStrategy | object | `{}` | The update strategy to apply to the Deployment or DaemonSet # | | dhParam | string | `""` | A base64-encoded Diffie-Hellman parameter. This can be generated with: `openssl dhparam 4096 2> /dev/null | base64` # Ref: https://github.com/kubernetes/ingress-nginx/tree/main/docs/examples/customization/ssl-dh-param | | imagePullSecrets | list | `[]` | Optional array of imagePullSecrets containing private registry credentials # Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ | -| namespaceOverride | string | `""` | Override the deployment namespace, defaults to Release.Namespace | +| namespaceOverride | string | `""` | Override the deployment namespace; defaults to .Release.Namespace | | podSecurityPolicy.enabled | bool | `false` | | | portNamePrefix | string | `""` | Prefix for TCP and UDP ports names in ingress controller service # Some cloud providers, like Yandex Cloud may have a requirements for a port name regex to support cloud load balancer integration | | rbac.create | bool | `true` | | diff --git a/charts/ingress-nginx/values.yaml b/charts/ingress-nginx/values.yaml index ff6ab2988..4150352b1 100644 --- a/charts/ingress-nginx/values.yaml +++ b/charts/ingress-nginx/values.yaml @@ -7,8 +7,7 @@ # nameOverride: # fullnameOverride: -## Overrides for namespace -# See templates/_helpers.tpl +# -- Override the deployment namespace; defaults to .Release.Namespace namespaceOverride: "" ## Labels to apply to all resources From bf5d30922f70f11284ae3ab243dc295fb4d4ddab Mon Sep 17 00:00:00 2001 From: jasine Date: Mon, 23 Oct 2023 01:21:32 +0800 Subject: [PATCH 5/5] fix: set max length and trim last "-" --- charts/ingress-nginx/templates/_helpers.tpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/ingress-nginx/templates/_helpers.tpl b/charts/ingress-nginx/templates/_helpers.tpl index 26c3693f2..df11e3f7a 100644 --- a/charts/ingress-nginx/templates/_helpers.tpl +++ b/charts/ingress-nginx/templates/_helpers.tpl @@ -35,7 +35,7 @@ Allow the release namespace to be overridden for multi-namespace deployments in */}} {{- define "ingress-nginx.namespace" -}} {{- if .Values.namespaceOverride -}} - {{- .Values.namespaceOverride -}} + {{- .Values.namespaceOverride | trunc 63 | trimSuffix "-" -}} {{- else -}} {{- .Release.Namespace -}} {{- end -}}