From c273589a2bc1ec9fd5eaad9da5ebcaf58131fa03 Mon Sep 17 00:00:00 2001
From: Marco Ebert <marco_ebert@icloud.com>
Date: Fri, 27 Sep 2024 16:00:06 +0200
Subject: [PATCH] Chart: Rework Controller Deployment/DaemonSet Extra Modules
 values.

---
 ...roller-daemonset-extra-modules-values.yaml | 30 +++++++++++++++++++
 ...oller-deployment-extra-modules-values.yaml | 30 +++++++++++++++++++
 .../ci/daemonset-extra-modules.yaml           | 13 --------
 ...modules-default-container-sec-context.yaml | 15 ----------
 ...odules-specific-container-sec-context.yaml | 15 ----------
 .../ci/deployment-extra-modules.yaml          | 13 --------
 6 files changed, 60 insertions(+), 56 deletions(-)
 create mode 100644 charts/ingress-nginx/ci/controller-daemonset-extra-modules-values.yaml
 create mode 100644 charts/ingress-nginx/ci/controller-deployment-extra-modules-values.yaml
 delete mode 100644 charts/ingress-nginx/ci/daemonset-extra-modules.yaml
 delete mode 100644 charts/ingress-nginx/ci/deployment-extra-modules-default-container-sec-context.yaml
 delete mode 100644 charts/ingress-nginx/ci/deployment-extra-modules-specific-container-sec-context.yaml
 delete mode 100644 charts/ingress-nginx/ci/deployment-extra-modules.yaml

diff --git a/charts/ingress-nginx/ci/controller-daemonset-extra-modules-values.yaml b/charts/ingress-nginx/ci/controller-daemonset-extra-modules-values.yaml
new file mode 100644
index 000000000..edf12e77e
--- /dev/null
+++ b/charts/ingress-nginx/ci/controller-daemonset-extra-modules-values.yaml
@@ -0,0 +1,30 @@
+controller:
+  image:
+    repository: ingress-controller/controller
+    tag: 1.0.0-dev
+    digest: null
+
+  service:
+    type: ClusterIP
+
+  kind: DaemonSet
+
+  extraModules:
+  - name: opentelemetry
+    image:
+      registry: registry.k8s.io
+      image: ingress-nginx/opentelemetry-1.25.3
+      tag: v20240813-b933310d
+      digest: sha256:f7604ac0547ed64d79b98d92133234e66c2c8aade3c1f4809fed5eec1fb7f922
+      distroless: true
+    containerSecurityContext:
+      runAsNonRoot: true
+      runAsUser: 65532
+      runAsGroup: 65532
+      allowPrivilegeEscalation: false
+      seccompProfile:
+        type: RuntimeDefault
+      capabilities:
+        drop:
+        - ALL
+      readOnlyRootFilesystem: true
diff --git a/charts/ingress-nginx/ci/controller-deployment-extra-modules-values.yaml b/charts/ingress-nginx/ci/controller-deployment-extra-modules-values.yaml
new file mode 100644
index 000000000..d4083cc37
--- /dev/null
+++ b/charts/ingress-nginx/ci/controller-deployment-extra-modules-values.yaml
@@ -0,0 +1,30 @@
+controller:
+  image:
+    repository: ingress-controller/controller
+    tag: 1.0.0-dev
+    digest: null
+
+  service:
+    type: ClusterIP
+
+  kind: Deployment
+
+  extraModules:
+  - name: opentelemetry
+    image:
+      registry: registry.k8s.io
+      image: ingress-nginx/opentelemetry-1.25.3
+      tag: v20240813-b933310d
+      digest: sha256:f7604ac0547ed64d79b98d92133234e66c2c8aade3c1f4809fed5eec1fb7f922
+      distroless: true
+    containerSecurityContext:
+      runAsNonRoot: true
+      runAsUser: 65532
+      runAsGroup: 65532
+      allowPrivilegeEscalation: false
+      seccompProfile:
+        type: RuntimeDefault
+      capabilities:
+        drop:
+        - ALL
+      readOnlyRootFilesystem: true
diff --git a/charts/ingress-nginx/ci/daemonset-extra-modules.yaml b/charts/ingress-nginx/ci/daemonset-extra-modules.yaml
deleted file mode 100644
index 52a32fcbd..000000000
--- a/charts/ingress-nginx/ci/daemonset-extra-modules.yaml
+++ /dev/null
@@ -1,13 +0,0 @@
-controller:
-  kind: DaemonSet
-  image:
-    repository: ingress-controller/controller
-    tag: 1.0.0-dev
-  service:
-    type: ClusterIP
-  extraModules:
-    - name: opentelemetry
-      image:
-        registry: registry.k8s.io
-        image: busybox
-        tag: latest
diff --git a/charts/ingress-nginx/ci/deployment-extra-modules-default-container-sec-context.yaml b/charts/ingress-nginx/ci/deployment-extra-modules-default-container-sec-context.yaml
deleted file mode 100644
index 91b1b98a8..000000000
--- a/charts/ingress-nginx/ci/deployment-extra-modules-default-container-sec-context.yaml
+++ /dev/null
@@ -1,15 +0,0 @@
-controller:
-  image:
-    repository: ingress-controller/controller
-    tag: 1.0.0-dev
-    digest: null
-  service:
-    type: ClusterIP
-  containerSecurityContext:
-    allowPrivilegeEscalation: false
-  extraModules:
-    - name: opentelemetry
-      image:
-        registry: registry.k8s.io
-        image: busybox
-        tag: latest
diff --git a/charts/ingress-nginx/ci/deployment-extra-modules-specific-container-sec-context.yaml b/charts/ingress-nginx/ci/deployment-extra-modules-specific-container-sec-context.yaml
deleted file mode 100644
index b6013c7d0..000000000
--- a/charts/ingress-nginx/ci/deployment-extra-modules-specific-container-sec-context.yaml
+++ /dev/null
@@ -1,15 +0,0 @@
-controller:
-  image:
-    repository: ingress-controller/controller
-    tag: 1.0.0-dev
-    digest: null
-  service:
-    type: ClusterIP
-  extraModules:
-    - name: opentelemetry
-      image:
-        registry: registry.k8s.io
-        image: busybox
-        tag: latest
-      containerSecurityContext:
-        allowPrivilegeEscalation: false
diff --git a/charts/ingress-nginx/ci/deployment-extra-modules.yaml b/charts/ingress-nginx/ci/deployment-extra-modules.yaml
deleted file mode 100644
index 2fbe1cc01..000000000
--- a/charts/ingress-nginx/ci/deployment-extra-modules.yaml
+++ /dev/null
@@ -1,13 +0,0 @@
-controller:
-  image:
-    repository: ingress-controller/controller
-    tag: 1.0.0-dev
-    digest: null
-  service:
-    type: ClusterIP
-  extraModules:
-    - name: opentelemetry
-      image:
-        registry: registry.k8s.io
-        image: busybox
-        tag: latest