DevFW-CICD/ingress-nginx-helm
16
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Helm Service: Align internal to external. (#10239)

Browse source 
* Service: Align internal to external.

* Service: Remove redundant condition.
This commit is contained in:
Marco Ebert 2023-12-05 17:25:04 +01:00 committed by GitHub
parent 815a1c56a9
commit 7e54daa909
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 242 additions and 113 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

73
charts/ingress-nginx/README.md
View file

@ -415,35 +415,50 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu
| controller.scope.enabled | bool | `false` | Enable 'scope' or not | | controller.scope.enabled | bool | `false` | Enable 'scope' or not |
| controller.scope.namespace | string | `""` | Namespace to limit the controller to; defaults to $(POD_NAMESPACE) | | controller.scope.namespace | string | `""` | Namespace to limit the controller to; defaults to $(POD_NAMESPACE) |
| controller.scope.namespaceSelector | string | `""` | When scope.enabled == false, instead of watching all namespaces, we watching namespaces whose labels only match with namespaceSelector. Format like foo=bar. Defaults to empty, means watching all namespaces. | | controller.scope.namespaceSelector | string | `""` | When scope.enabled == false, instead of watching all namespaces, we watching namespaces whose labels only match with namespaceSelector. Format like foo=bar. Defaults to empty, means watching all namespaces. |
| controller.service.annotations | object | `{}` | Annotations are mandatory for the load balancer to come up. Varies with the cloud service. Values passed through helm tpl engine. | | controller.service.annotations | object | `{}` | Annotations to be added to the external controller service. See `controller.service.internal.annotations` for annotations to be added to the internal controller service. |
| controller.service.appProtocol | bool | `true` | If enabled is adding an appProtocol option for Kubernetes service. An appProtocol field replacing annotations that were using for setting a backend protocol. Here is an example for AWS: service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http It allows choosing the protocol for each backend specified in the Kubernetes service. See the following GitHub issue for more details about the purpose: https://github.com/kubernetes/kubernetes/issues/40244 Will be ignored for Kubernetes versions older than 1.20 # | | controller.service.appProtocol | bool | `true` | Declare the app protocol of the external HTTP and HTTPS listeners or not. Supersedes provider-specific annotations for declaring the backend protocol. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#application-protocol |
| controller.service.enableHttp | bool | `true` | | | controller.service.clusterIP | string | `""` | Pre-defined cluster internal IP address of the external controller service. Take care of collisions with existing services. This value is immutable. Set once, it can not be changed without deleting and re-creating the service. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address |
| controller.service.enableHttps | bool | `true` | | | controller.service.enableHttp | bool | `true` | Enable the HTTP listener on both controller services or not. |
| controller.service.enabled | bool | `true` | | | controller.service.enableHttps | bool | `true` | Enable the HTTPS listener on both controller services or not. |
| controller.service.external.enabled | bool | `true` | | | controller.service.enabled | bool | `true` | Enable controller services or not. This does not influence the creation of either the admission webhook or the metrics service. |
| controller.service.externalIPs | list | `[]` | List of IP addresses at which the controller services are available # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips # | | controller.service.external.enabled | bool | `true` | Enable the external controller service or not. Useful for internal-only deployments. |
| controller.service.internal.annotations | object | `{}` | Annotations are mandatory for the load balancer to come up. Varies with the cloud service. Values passed through helm tpl engine. | | controller.service.externalIPs | list | `[]` | List of node IP addresses at which the external controller service is available. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips |
| controller.service.internal.enabled | bool | `false` | Enables an additional internal load balancer (besides the external one). | | controller.service.externalTrafficPolicy | string | `""` | External traffic policy of the external controller service. Set to "Local" to preserve source IP on providers supporting it. Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip |
| controller.service.internal.loadBalancerIP | string | `""` | Used by cloud providers to connect the resulting internal LoadBalancer to a pre-existing static IP. Make sure to add to the service the needed annotation to specify the subnet which the static IP belongs to. For instance, `networking.gke.io/internal-load-balancer-subnet` for GCP and `service.beta.kubernetes.io/aws-load-balancer-subnets` for AWS. | | controller.service.internal.annotations | object | `{}` | Annotations to be added to the internal controller service. Mandatory for the internal controller service to be created. Varies with the cloud service. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer |
| controller.service.internal.loadBalancerSourceRanges | list | `[]` | Restrict access For LoadBalancer service. Defaults to 0.0.0.0/0. | | controller.service.internal.appProtocol | bool | `true` | Declare the app protocol of the internal HTTP and HTTPS listeners or not. Supersedes provider-specific annotations for declaring the backend protocol. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#application-protocol |
| controller.service.internal.ports | object | `{}` | Custom port mapping for internal service | | controller.service.internal.clusterIP | string | `""` | Pre-defined cluster internal IP address of the internal controller service. Take care of collisions with existing services. This value is immutable. Set once, it can not be changed without deleting and re-creating the service. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address |
| controller.service.internal.targetPorts | object | `{}` | Custom target port mapping for internal service | | controller.service.internal.enabled | bool | `false` | Enable the internal controller service or not. Remember to configure `controller.service.internal.annotations` when enabling this. |
| controller.service.internal.type | string | `""` | Type of the internal controller service. | | controller.service.internal.externalIPs | list | `[]` | List of node IP addresses at which the internal controller service is available. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips |
| controller.service.ipFamilies | list | `["IPv4"]` | List of IP families (e.g. IPv4, IPv6) assigned to the service. This field is usually assigned automatically based on cluster configuration and the ipFamilyPolicy field. # Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/ | | controller.service.internal.externalTrafficPolicy | string | `""` | External traffic policy of the internal controller service. Set to "Local" to preserve source IP on providers supporting it. Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip |
| controller.service.ipFamilyPolicy | string | `"SingleStack"` | Represents the dual-stack-ness requested or required by this Service. Possible values are SingleStack, PreferDualStack or RequireDualStack. The ipFamilies and clusterIPs fields depend on the value of this field. # Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/ | | controller.service.internal.ipFamilies | list | `["IPv4"]` | List of IP families (e.g. IPv4, IPv6) assigned to the internal controller service. This field is usually assigned automatically based on cluster configuration and the `ipFamilyPolicy` field. Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services |
| controller.service.labels | object | `{}` | | | controller.service.internal.ipFamilyPolicy | string | `"SingleStack"` | Represents the dual-stack capabilities of the internal controller service. Possible values are SingleStack, PreferDualStack or RequireDualStack. Fields `ipFamilies` and `clusterIP` depend on the value of this field. Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services |
| controller.service.loadBalancerClass | string | `""` | Used by cloud providers to select a load balancer implementation other than the cloud provider default. https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-class | | controller.service.internal.loadBalancerClass | string | `""` | Load balancer class of the internal controller service. Used by cloud providers to select a load balancer implementation other than the cloud provider default. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-class |
| controller.service.loadBalancerIP | string | `""` | Used by cloud providers to connect the resulting `LoadBalancer` to a pre-existing static IP according to https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer | | controller.service.internal.loadBalancerIP | string | `""` | Deprecated: Pre-defined IP address of the internal controller service. Used by cloud providers to connect the resulting load balancer service to a pre-existing static IP. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer |
| controller.service.loadBalancerSourceRanges | list | `[]` | | | controller.service.internal.loadBalancerSourceRanges | list | `[]` | Restrict access to the internal controller service. Values must be CIDRs. Allows any source address by default. |
| controller.service.nodePorts.http | string | `""` | | | controller.service.internal.nodePorts.http | string | `""` | Node port allocated for the internal HTTP listener. If left empty, the service controller allocates one from the configured node port range. |
| controller.service.nodePorts.https | string | `""` | | | controller.service.internal.nodePorts.https | string | `""` | Node port allocated for the internal HTTPS listener. If left empty, the service controller allocates one from the configured node port range. |
| controller.service.nodePorts.tcp | object | `{}` | | | controller.service.internal.nodePorts.tcp | object | `{}` | Node port mapping for internal TCP listeners. If left empty, the service controller allocates them from the configured node port range. Example: tcp: 8080: 30080 |
| controller.service.nodePorts.udp | object | `{}` | | | controller.service.internal.nodePorts.udp | object | `{}` | Node port mapping for internal UDP listeners. If left empty, the service controller allocates them from the configured node port range. Example: udp: 53: 30053 |
| controller.service.ports.http | int | `80` | | | controller.service.internal.ports | object | `{}` | |
| controller.service.ports.https | int | `443` | | | controller.service.internal.sessionAffinity | string | `""` | Session affinity of the internal controller service. Must be either "None" or "ClientIP" if set. Defaults to "None". Ref: https://kubernetes.io/docs/reference/networking/virtual-ips/#session-affinity |
| controller.service.targetPorts.http | string | `"http"` | | | controller.service.internal.targetPorts | object | `{}` | |
| controller.service.targetPorts.https | string | `"https"` | | | controller.service.internal.type | string | `""` | Type of the internal controller service. Defaults to the value of `controller.service.type`. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types |
| controller.service.type | string | `"LoadBalancer"` | | | controller.service.ipFamilies | list | `["IPv4"]` | List of IP families (e.g. IPv4, IPv6) assigned to the external controller service. This field is usually assigned automatically based on cluster configuration and the `ipFamilyPolicy` field. Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services |
| controller.service.ipFamilyPolicy | string | `"SingleStack"` | Represents the dual-stack capabilities of the external controller service. Possible values are SingleStack, PreferDualStack or RequireDualStack. Fields `ipFamilies` and `clusterIP` depend on the value of this field. Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services |
| controller.service.labels | object | `{}` | Labels to be added to both controller services. |
| controller.service.loadBalancerClass | string | `""` | Load balancer class of the external controller service. Used by cloud providers to select a load balancer implementation other than the cloud provider default. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-class |
| controller.service.loadBalancerIP | string | `""` | Deprecated: Pre-defined IP address of the external controller service. Used by cloud providers to connect the resulting load balancer service to a pre-existing static IP. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer |
| controller.service.loadBalancerSourceRanges | list | `[]` | Restrict access to the external controller service. Values must be CIDRs. Allows any source address by default. |
| controller.service.nodePorts.http | string | `""` | Node port allocated for the external HTTP listener. If left empty, the service controller allocates one from the configured node port range. |
| controller.service.nodePorts.https | string | `""` | Node port allocated for the external HTTPS listener. If left empty, the service controller allocates one from the configured node port range. |
| controller.service.nodePorts.tcp | object | `{}` | Node port mapping for external TCP listeners. If left empty, the service controller allocates them from the configured node port range. Example: tcp: 8080: 30080 |
| controller.service.nodePorts.udp | object | `{}` | Node port mapping for external UDP listeners. If left empty, the service controller allocates them from the configured node port range. Example: udp: 53: 30053 |
| controller.service.ports.http | int | `80` | Port the external HTTP listener is published with. |
| controller.service.ports.https | int | `443` | Port the external HTTPS listener is published with. |
| controller.service.sessionAffinity | string | `""` | Session affinity of the external controller service. Must be either "None" or "ClientIP" if set. Defaults to "None". Ref: https://kubernetes.io/docs/reference/networking/virtual-ips/#session-affinity |
| controller.service.targetPorts.http | string | `"http"` | Port of the ingress controller the external HTTP listener is mapped to. |
| controller.service.targetPorts.https | string | `"https"` | Port of the ingress controller the external HTTPS listener is mapped to. |
| controller.service.type | string | `"LoadBalancer"` | Type of the external controller service. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types |
| controller.shareProcessNamespace | bool | `false` | | | controller.shareProcessNamespace | bool | `false` | |
| controller.sysctls | object | `{}` | sysctls for controller pods # Ref: https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ | | controller.sysctls | object | `{}` | sysctls for controller pods # Ref: https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ |
| controller.tcp.annotations | object | `{}` | Annotations to be added to the tcp config configmap | | controller.tcp.annotations | object | `{}` | Annotations to be added to the tcp config configmap |

55
charts/ingress-nginx/templates/controller-service-internal.yaml
View file

@ -1,4 +1,4 @@
{{- if and .Values.controller.service.enabled .Values.controller.service.internal.enabled .Values.controller.service.internal.annotations}} {{- if and .Values.controller.service.enabled .Values.controller.service.internal.enabled .Values.controller.service.internal.annotations -}}
apiVersion: v1 apiVersion: v1
kind: Service kind: Service
metadata: metadata:
@ -15,9 +15,12 @@ metadata:
name: {{ include "ingress-nginx.controller.fullname" . }}-internal name: {{ include "ingress-nginx.controller.fullname" . }}-internal
namespace: {{ include "ingress-nginx.namespace" . }} namespace: {{ include "ingress-nginx.namespace" . }}
spec: spec:
type: "{{ .Values.controller.service.internal.type | default .Values.controller.service.type }}" type: {{ .Values.controller.service.internal.type | default .Values.controller.service.type }}
{{- if hasKey .Values.controller.service.internal "allocateLoadBalancerNodePorts" }} {{- if .Values.controller.service.internal.clusterIP }}
allocateLoadBalancerNodePorts: {{ .Values.controller.service.internal.allocateLoadBalancerNodePorts }} clusterIP: {{ .Values.controller.service.internal.clusterIP }}
{{- end }}
{{- if .Values.controller.service.internal.externalIPs }}
externalIPs: {{ toYaml .Values.controller.service.internal.externalIPs | nindent 4 }}
{{- end }} {{- end }}
{{- if .Values.controller.service.internal.loadBalancerIP }} {{- if .Values.controller.service.internal.loadBalancerIP }}
loadBalancerIP: {{ .Values.controller.service.internal.loadBalancerIP }} loadBalancerIP: {{ .Values.controller.service.internal.loadBalancerIP }}
@ -25,8 +28,28 @@ spec:
{{- if .Values.controller.service.internal.loadBalancerSourceRanges }} {{- if .Values.controller.service.internal.loadBalancerSourceRanges }}
loadBalancerSourceRanges: {{ toYaml .Values.controller.service.internal.loadBalancerSourceRanges | nindent 4 }} loadBalancerSourceRanges: {{ toYaml .Values.controller.service.internal.loadBalancerSourceRanges | nindent 4 }}
{{- end }} {{- end }}
{{- if .Values.controller.service.internal.loadBalancerClass }}
loadBalancerClass: {{ .Values.controller.service.internal.loadBalancerClass }}
{{- end }}
{{- if hasKey .Values.controller.service.internal "allocateLoadBalancerNodePorts" }}
allocateLoadBalancerNodePorts: {{ .Values.controller.service.internal.allocateLoadBalancerNodePorts }}
{{- end }}
{{- if .Values.controller.service.internal.externalTrafficPolicy }} {{- if .Values.controller.service.internal.externalTrafficPolicy }}
externalTrafficPolicy: {{ .Values.controller.service.internal.externalTrafficPolicy }} externalTrafficPolicy: {{ .Values.controller.service.internal.externalTrafficPolicy }}
{{- end }}
{{- if .Values.controller.service.internal.sessionAffinity }}
sessionAffinity: {{ .Values.controller.service.internal.sessionAffinity }}
{{- end }}
{{- if .Values.controller.service.internal.healthCheckNodePort }}
healthCheckNodePort: {{ .Values.controller.service.internal.healthCheckNodePort }}
{{- end }}
{{- if semverCompare ">=1.21.0-0" .Capabilities.KubeVersion.Version -}}
{{- if .Values.controller.service.internal.ipFamilyPolicy }}
ipFamilyPolicy: {{ .Values.controller.service.internal.ipFamilyPolicy }}
{{- end }}
{{- if .Values.controller.service.internal.ipFamilies }}
ipFamilies: {{ toYaml .Values.controller.service.internal.ipFamilies | nindent 4 }}
{{- end }}
{{- end }} {{- end }}
ports: ports:
{{- $setNodePorts := (or (eq .Values.controller.service.type "NodePort") (eq .Values.controller.service.type "LoadBalancer")) }} {{- $setNodePorts := (or (eq .Values.controller.service.type "NodePort") (eq .Values.controller.service.type "LoadBalancer")) }}
@ -35,11 +58,11 @@ spec:
port: {{ .Values.controller.service.internal.ports.http | default .Values.controller.service.ports.http }} port: {{ .Values.controller.service.internal.ports.http | default .Values.controller.service.ports.http }}
protocol: TCP protocol: TCP
targetPort: {{ .Values.controller.service.internal.targetPorts.http | default .Values.controller.service.targetPorts.http }} targetPort: {{ .Values.controller.service.internal.targetPorts.http | default .Values.controller.service.targetPorts.http }}
{{- if semverCompare ">=1.20" .Capabilities.KubeVersion.Version }} {{- if and (semverCompare ">=1.20" .Capabilities.KubeVersion.Version) (.Values.controller.service.internal.appProtocol) }}
appProtocol: http appProtocol: http
{{- end }} {{- end }}
{{- if (and $setNodePorts (not (empty .Values.controller.service.nodePorts.http))) }} {{- if (and $setNodePorts (not (empty .Values.controller.service.internal.nodePorts.http))) }}
nodePort: {{ .Values.controller.service.nodePorts.http }} nodePort: {{ .Values.controller.service.internal.nodePorts.http }}
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- if .Values.controller.service.enableHttps }} {{- if .Values.controller.service.enableHttps }}
@ -47,11 +70,11 @@ spec:
port: {{ .Values.controller.service.internal.ports.https | default .Values.controller.service.ports.https }} port: {{ .Values.controller.service.internal.ports.https | default .Values.controller.service.ports.https }}
protocol: TCP protocol: TCP
targetPort: {{ .Values.controller.service.internal.targetPorts.https | default .Values.controller.service.targetPorts.https }} targetPort: {{ .Values.controller.service.internal.targetPorts.https | default .Values.controller.service.targetPorts.https }}
{{- if semverCompare ">=1.20" .Capabilities.KubeVersion.Version }} {{- if and (semverCompare ">=1.20" .Capabilities.KubeVersion.Version) (.Values.controller.service.internal.appProtocol) }}
appProtocol: https appProtocol: https
{{- end }} {{- end }}
{{- if (and $setNodePorts (not (empty .Values.controller.service.nodePorts.https))) }} {{- if (and $setNodePorts (not (empty .Values.controller.service.internal.nodePorts.https))) }}
nodePort: {{ .Values.controller.service.nodePorts.https }} nodePort: {{ .Values.controller.service.internal.nodePorts.https }}
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- range $key, $value := .Values.tcp }} {{- range $key, $value := .Values.tcp }}
@ -59,9 +82,9 @@ spec:
port: {{ $key }} port: {{ $key }}
protocol: TCP protocol: TCP
targetPort: {{ if $.Values.portNamePrefix }}{{ $.Values.portNamePrefix }}-{{ end }}{{ $key }}-tcp targetPort: {{ if $.Values.portNamePrefix }}{{ $.Values.portNamePrefix }}-{{ end }}{{ $key }}-tcp
{{- if $.Values.controller.service.nodePorts.tcp }} {{- if $.Values.controller.service.internal.nodePorts.tcp }}
{{- if index $.Values.controller.service.nodePorts.tcp $key }} {{- if index $.Values.controller.service.internal.nodePorts.tcp $key }}
nodePort: {{ index $.Values.controller.service.nodePorts.tcp $key }} nodePort: {{ index $.Values.controller.service.internal.nodePorts.tcp $key }}
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- end }} {{- end }}
@ -70,9 +93,9 @@ spec:
port: {{ $key }} port: {{ $key }}
protocol: UDP protocol: UDP
targetPort: {{ if $.Values.portNamePrefix }}{{ $.Values.portNamePrefix }}-{{ end }}{{ $key }}-udp targetPort: {{ if $.Values.portNamePrefix }}{{ $.Values.portNamePrefix }}-{{ end }}{{ $key }}-udp
{{- if $.Values.controller.service.nodePorts.udp }} {{- if $.Values.controller.service.internal.nodePorts.udp }}
{{- if index $.Values.controller.service.nodePorts.udp $key }} {{- if index $.Values.controller.service.internal.nodePorts.udp $key }}
nodePort: {{ index $.Values.controller.service.nodePorts.udp $key }} nodePort: {{ index $.Values.controller.service.internal.nodePorts.udp $key }}
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- end }} {{- end }}

8
charts/ingress-nginx/templates/controller-service.yaml
View file

@ -16,9 +16,6 @@ metadata:
namespace: {{ include "ingress-nginx.namespace" . }} namespace: {{ include "ingress-nginx.namespace" . }}
spec: spec:
type: {{ .Values.controller.service.type }} type: {{ .Values.controller.service.type }}
{{- if hasKey .Values.controller.service "allocateLoadBalancerNodePorts" }}
allocateLoadBalancerNodePorts: {{ .Values.controller.service.allocateLoadBalancerNodePorts }}
{{- end }}
{{- if .Values.controller.service.clusterIP }} {{- if .Values.controller.service.clusterIP }}
clusterIP: {{ .Values.controller.service.clusterIP }} clusterIP: {{ .Values.controller.service.clusterIP }}
{{- end }} {{- end }}
@ -34,6 +31,9 @@ spec:
{{- if .Values.controller.service.loadBalancerClass }} {{- if .Values.controller.service.loadBalancerClass }}
loadBalancerClass: {{ .Values.controller.service.loadBalancerClass }} loadBalancerClass: {{ .Values.controller.service.loadBalancerClass }}
{{- end }} {{- end }}
{{- if hasKey .Values.controller.service "allocateLoadBalancerNodePorts" }}
allocateLoadBalancerNodePorts: {{ .Values.controller.service.allocateLoadBalancerNodePorts }}
{{- end }}
{{- if .Values.controller.service.externalTrafficPolicy }} {{- if .Values.controller.service.externalTrafficPolicy }}
externalTrafficPolicy: {{ .Values.controller.service.externalTrafficPolicy }} externalTrafficPolicy: {{ .Values.controller.service.externalTrafficPolicy }}
{{- end }} {{- end }}
@ -47,8 +47,6 @@ spec:
{{- if .Values.controller.service.ipFamilyPolicy }} {{- if .Values.controller.service.ipFamilyPolicy }}
ipFamilyPolicy: {{ .Values.controller.service.ipFamilyPolicy }} ipFamilyPolicy: {{ .Values.controller.service.ipFamilyPolicy }}
{{- end }} {{- end }}
{{- end }}
{{- if semverCompare ">=1.21.0-0" .Capabilities.KubeVersion.Version -}}
{{- if .Values.controller.service.ipFamilies }} {{- if .Values.controller.service.ipFamilies }}
ipFamilies: {{ toYaml .Values.controller.service.ipFamilies | nindent 4 }} ipFamilies: {{ toYaml .Values.controller.service.ipFamilies | nindent 4 }}
{{- end }} {{- end }}

219
charts/ingress-nginx/values.yaml
View file

@ -444,105 +444,198 @@ controller:
customTemplate: customTemplate:
configMapName: "" configMapName: ""
configMapKey: "" configMapKey: ""
service: service:
# -- Enable controller services or not. This does not influence the creation of either the admission webhook or the metrics service.
enabled: true enabled: true
# -- If enabled is adding an appProtocol option for Kubernetes service. An appProtocol field replacing annotations that were
# using for setting a backend protocol. Here is an example for AWS: service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http external:
# It allows choosing the protocol for each backend specified in the Kubernetes service. # -- Enable the external controller service or not. Useful for internal-only deployments.
# See the following GitHub issue for more details about the purpose: https://github.com/kubernetes/kubernetes/issues/40244 enabled: true
# Will be ignored for Kubernetes versions older than 1.20
## # -- Annotations to be added to the external controller service. See `controller.service.internal.annotations` for annotations to be added to the internal controller service.
appProtocol: true
# -- Annotations are mandatory for the load balancer to come up. Varies with the cloud service. Values passed through helm tpl engine.
annotations: {} annotations: {}
# -- Labels to be added to both controller services.
labels: {} labels: {}
# clusterIP: ""
# -- List of IP addresses at which the controller services are available # -- Type of the external controller service.
## Ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types
## type: LoadBalancer
# -- Pre-defined cluster internal IP address of the external controller service. Take care of collisions with existing services.
# This value is immutable. Set once, it can not be changed without deleting and re-creating the service.
# Ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address
clusterIP: ""
# -- List of node IP addresses at which the external controller service is available.
# Ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips
externalIPs: [] externalIPs: []
# -- Set to false to disable loadbalancer node port allocation
# See https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-nodeport-allocation # -- Deprecated: Pre-defined IP address of the external controller service. Used by cloud providers to connect the resulting load balancer service to a pre-existing static IP.
# allocateLoadBalancerNodePorts: true # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer
# -- Used by cloud providers to connect the resulting `LoadBalancer` to a pre-existing static IP according to https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer
loadBalancerIP: "" loadBalancerIP: ""
# -- Restrict access to the external controller service. Values must be CIDRs. Allows any source address by default.
loadBalancerSourceRanges: [] loadBalancerSourceRanges: []
# -- Used by cloud providers to select a load balancer implementation other than the cloud provider default. https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-class # -- Load balancer class of the external controller service. Used by cloud providers to select a load balancer implementation other than the cloud provider default.
# Ref: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-class
loadBalancerClass: "" loadBalancerClass: ""
enableHttp: true
enableHttps: true
## Set external traffic policy to: "Local" to preserve source IP on providers supporting it.
## Ref: https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-typeloadbalancer
# externalTrafficPolicy: ""
## Must be either "None" or "ClientIP" if set. Kubernetes will default to "None". # -- Enable node port allocation for the external controller service or not. Applies to type `LoadBalancer` only.
## Ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-nodeport-allocation
# sessionAffinity: "" # allocateLoadBalancerNodePorts: true
## Specifies the health check node port (numeric port number) for the service. If healthCheckNodePort isnt specified, # -- External traffic policy of the external controller service. Set to "Local" to preserve source IP on providers supporting it.
## the service controller allocates a port from your clusters NodePort range. # Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
## Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip externalTrafficPolicy: ""
# -- Session affinity of the external controller service. Must be either "None" or "ClientIP" if set. Defaults to "None".
# Ref: https://kubernetes.io/docs/reference/networking/virtual-ips/#session-affinity
sessionAffinity: ""
# -- Specifies the health check node port (numeric port number) for the external controller service.
# If not specified, the service controller allocates a port from your cluster's node port range.
# Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
# healthCheckNodePort: 0 # healthCheckNodePort: 0
# -- Represents the dual-stack-ness requested or required by this Service. Possible values are # -- Represents the dual-stack capabilities of the external controller service. Possible values are SingleStack, PreferDualStack or RequireDualStack.
# SingleStack, PreferDualStack or RequireDualStack. # Fields `ipFamilies` and `clusterIP` depend on the value of this field.
# The ipFamilies and clusterIPs fields depend on the value of this field. # Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services
## Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/ ipFamilyPolicy: SingleStack
ipFamilyPolicy: "SingleStack" # -- List of IP families (e.g. IPv4, IPv6) assigned to the external controller service. This field is usually assigned automatically based on cluster configuration and the `ipFamilyPolicy` field.
# -- List of IP families (e.g. IPv4, IPv6) assigned to the service. This field is usually assigned automatically # Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services
# based on cluster configuration and the ipFamilyPolicy field.
## Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/
ipFamilies: ipFamilies:
- IPv4 - IPv4
# -- Enable the HTTP listener on both controller services or not.
enableHttp: true
# -- Enable the HTTPS listener on both controller services or not.
enableHttps: true
ports: ports:
# -- Port the external HTTP listener is published with.
http: 80 http: 80
# -- Port the external HTTPS listener is published with.
https: 443 https: 443
targetPorts: targetPorts:
# -- Port of the ingress controller the external HTTP listener is mapped to.
http: http http: http
# -- Port of the ingress controller the external HTTPS listener is mapped to.
https: https https: https
type: LoadBalancer
## type: NodePort # -- Declare the app protocol of the external HTTP and HTTPS listeners or not. Supersedes provider-specific annotations for declaring the backend protocol.
## nodePorts: # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#application-protocol
## http: 32080 appProtocol: true
## https: 32443
## tcp:
## 8080: 32808
nodePorts: nodePorts:
# -- Node port allocated for the external HTTP listener. If left empty, the service controller allocates one from the configured node port range.
http: "" http: ""
# -- Node port allocated for the external HTTPS listener. If left empty, the service controller allocates one from the configured node port range.
https: "" https: ""
# -- Node port mapping for external TCP listeners. If left empty, the service controller allocates them from the configured node port range.
# Example:
# tcp:
# 8080: 30080
tcp: {} tcp: {}
# -- Node port mapping for external UDP listeners. If left empty, the service controller allocates them from the configured node port range.
# Example:
# udp:
# 53: 30053
udp: {} udp: {}
external:
enabled: true
internal: internal:
# -- Enables an additional internal load balancer (besides the external one). # -- Enable the internal controller service or not. Remember to configure `controller.service.internal.annotations` when enabling this.
enabled: false enabled: false
# -- Annotations are mandatory for the load balancer to come up. Varies with the cloud service. Values passed through helm tpl engine.
# -- Annotations to be added to the internal controller service. Mandatory for the internal controller service to be created. Varies with the cloud service.
# Ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
annotations: {} annotations: {}
# -- Set to false to disable loadbalancer node port allocation
# See https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-nodeport-allocation
# allocateLoadBalancerNodePorts: true
# -- Used by cloud providers to connect the resulting internal LoadBalancer to a pre-existing static IP. Make sure to add to the service the needed annotation to specify the subnet which the static IP belongs to. For instance, `networking.gke.io/internal-load-balancer-subnet` for GCP and `service.beta.kubernetes.io/aws-load-balancer-subnets` for AWS.
loadBalancerIP: ""
# -- Type of the internal controller service. # -- Type of the internal controller service.
# Defaults to the value of `controller.service.type`.
# Ref: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types
type: "" type: ""
# -- Restrict access For LoadBalancer service. Defaults to 0.0.0.0/0.
# -- Pre-defined cluster internal IP address of the internal controller service. Take care of collisions with existing services.
# This value is immutable. Set once, it can not be changed without deleting and re-creating the service.
# Ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address
clusterIP: ""
# -- List of node IP addresses at which the internal controller service is available.
# Ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips
externalIPs: []
# -- Deprecated: Pre-defined IP address of the internal controller service. Used by cloud providers to connect the resulting load balancer service to a pre-existing static IP.
# Ref: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer
loadBalancerIP: ""
# -- Restrict access to the internal controller service. Values must be CIDRs. Allows any source address by default.
loadBalancerSourceRanges: [] loadBalancerSourceRanges: []
## Set external traffic policy to: "Local" to preserve source IP on # -- Load balancer class of the internal controller service. Used by cloud providers to select a load balancer implementation other than the cloud provider default.
## providers supporting it # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-class
## Ref: https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-typeloadbalancer loadBalancerClass: ""
# externalTrafficPolicy: ""
# -- Enable node port allocation for the internal controller service or not. Applies to type `LoadBalancer` only.
# Ref: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-nodeport-allocation
# allocateLoadBalancerNodePorts: true
# -- External traffic policy of the internal controller service. Set to "Local" to preserve source IP on providers supporting it.
# Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
externalTrafficPolicy: ""
# -- Session affinity of the internal controller service. Must be either "None" or "ClientIP" if set. Defaults to "None".
# Ref: https://kubernetes.io/docs/reference/networking/virtual-ips/#session-affinity
sessionAffinity: ""
# -- Specifies the health check node port (numeric port number) for the internal controller service.
# If not specified, the service controller allocates a port from your cluster's node port range.
# Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
# healthCheckNodePort: 0
# -- Represents the dual-stack capabilities of the internal controller service. Possible values are SingleStack, PreferDualStack or RequireDualStack.
# Fields `ipFamilies` and `clusterIP` depend on the value of this field.
# Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services
ipFamilyPolicy: SingleStack
# -- List of IP families (e.g. IPv4, IPv6) assigned to the internal controller service. This field is usually assigned automatically based on cluster configuration and the `ipFamilyPolicy` field.
# Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services
ipFamilies:
- IPv4
# -- Custom port mapping for internal service
ports: {} ports: {}
# http: 80 # -- Port the internal HTTP listener is published with.
# https: 443 # Defaults to the value of `controller.service.ports.http`.
# http: 80
# -- Port the internal HTTPS listener is published with.
# Defaults to the value of `controller.service.ports.https`.
# https: 443
# -- Custom target port mapping for internal service
targetPorts: {} targetPorts: {}
# http: http # -- Port of the ingress controller the internal HTTP listener is mapped to.
# https: https # Defaults to the value of `controller.service.targetPorts.http`.
# http: http
# -- Port of the ingress controller the internal HTTPS listener is mapped to.
# Defaults to the value of `controller.service.targetPorts.https`.
# https: https
# -- Declare the app protocol of the internal HTTP and HTTPS listeners or not. Supersedes provider-specific annotations for declaring the backend protocol.
# Ref: https://kubernetes.io/docs/concepts/services-networking/service/#application-protocol
appProtocol: true
nodePorts:
# -- Node port allocated for the internal HTTP listener. If left empty, the service controller allocates one from the configured node port range.
http: ""
# -- Node port allocated for the internal HTTPS listener. If left empty, the service controller allocates one from the configured node port range.
https: ""
# -- Node port mapping for internal TCP listeners. If left empty, the service controller allocates them from the configured node port range.
# Example:
# tcp:
# 8080: 30080
tcp: {}
# -- Node port mapping for internal UDP listeners. If left empty, the service controller allocates them from the configured node port range.
# Example:
# udp:
# 53: 30053
udp: {}
# shareProcessNamespace enables process namespace sharing within the pod. # shareProcessNamespace enables process namespace sharing within the pod.
# This can be used for example to signal log rotation using `kill -USR1` from a sidecar. # This can be used for example to signal log rotation using `kill -USR1` from a sidecar.
shareProcessNamespace: false shareProcessNamespace: false