From c61ebc788095dc6e8340b81e2e87e487fe13b909 Mon Sep 17 00:00:00 2001 From: Gerald Pape Date: Wed, 17 Apr 2024 16:02:51 +0200 Subject: [PATCH] Add helm values.schema.json Signed-off-by: Gerald Pape --- .github/workflows/ci.yaml | 16 +- MANUAL_RELEASE.md | 16 +- charts/ingress-nginx/README.md | 12 +- charts/ingress-nginx/values.schema.json | 1633 +++++++++++++++++ charts/ingress-nginx/values.yaml | 391 +++- .../namespace-overlays/admission/values.yaml | 4 +- .../forwarded-port-headers/values.yaml | 4 +- .../namespace-selector/values.yaml | 4 +- .../validations/values.yaml | 4 +- 9 files changed, 2054 insertions(+), 30 deletions(-) create mode 100644 charts/ingress-nginx/values.schema.json diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index d240181c3..d8d95a8ff 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -64,6 +64,7 @@ jobs: - 'NGINX_BASE' charts: - 'charts/ingress-nginx/Chart.yaml' + - 'charts/ingress-nginx/values.schema.json' - 'charts/ingress-nginx/**/*' - 'NGINX_BASE' baseimage: @@ -94,7 +95,7 @@ jobs: - name: Run test run: make test - + verify-docs: name: Verify Doc generation runs-on: ubuntu-latest @@ -227,13 +228,24 @@ jobs: - name: Run chart-testing (lint) run: ct lint --config ./.ct.yaml + - name: Run helm-schema + run: | + GOBIN=$PWD GO111MODULE=on go install github.com/dadav/helm-schema/cmd/helm-schema@0.12.0 + ./helm-schema --chart-search-root=${GITHUB_WORKSPACE}/charts --skip-auto-generation title,description,required,default,additionalProperties + DIFF=$(git diff ${GITHUB_WORKSPACE}/charts/ingress-nginx/values.schema.json) + if [ ! -z "$DIFF" ]; then + echo "Please use dadav/helm-schema in your clone, of your fork, of the project, and commit a updated values.schema.json for the chart. https://github.com/kubernetes/ingress-nginx/blob/main/MANUAL_RELEASE.md#d-edit-the-valuesyaml-and-run-helm-schema-and-helm-docs" + fi + git diff --exit-code + rm -f ./helm-schema + - name: Run helm-docs run: | GOBIN=$PWD GO111MODULE=on go install github.com/norwoodj/helm-docs/cmd/helm-docs@v1.11.0 ./helm-docs --chart-search-root=${GITHUB_WORKSPACE}/charts DIFF=$(git diff ${GITHUB_WORKSPACE}/charts/ingress-nginx/README.md) if [ ! -z "$DIFF" ]; then - echo "Please use helm-docs in your clone, of your fork, of the project, and commit a updated README.md for the chart. https://github.com/kubernetes/ingress-nginx/blob/main/RELEASE.md#d-edit-the-valuesyaml-and-run-helm-docs" + echo "Please use helm-docs in your clone, of your fork, of the project, and commit a updated README.md for the chart. https://github.com/kubernetes/ingress-nginx/blob/main/MANUAL_RELEASE.md#d-edit-the-valuesyaml-and-run-helm-schema-and-helm-docs" fi git diff --exit-code rm -f ./helm-docs diff --git a/MANUAL_RELEASE.md b/MANUAL_RELEASE.md index d7144b85d..e2f1d97de 100644 --- a/MANUAL_RELEASE.md +++ b/MANUAL_RELEASE.md @@ -181,17 +181,17 @@ Promoting the images basically means that images, that were pushed to staging co - If you save the output of above command to a file called prlist.txt. It looks somewhat like this ; ``` - % cat ~/Downloads/prlist.txt + % cat ~/Downloads/prlist.txt 8129 fix syntax in docs for multi-tls example 8120 Update go in runner and release v1.1.1 8119 Update to go v1.17.6 8118 Remove deprecated libraries, update other libs 8117 Fix codegen errors - 8115 chart/ghaction: set the correct permission to have access to push a release + 8115 chart/ghaction: set the correct permission to have access to push a release .... ``` You can delete the lines, that refer to PRs of the release process itself. We only need to list the feature/bugfix PRs. You can also delete the lines that are housekeeping or not really worth mentioning in the changelog. - - you use some easy automation in bash/python/other, to get the PR-List that can be used in the changelog. For example, its possible to use a bash scripty way, seen below, to convert those plaintext PR numbers into clickable links. + - you use some easy automation in bash/python/other, to get the PR-List that can be used in the changelog. For example, its possible to use a bash scripty way, seen below, to convert those plaintext PR numbers into clickable links. ``` #!/usr/bin/bash @@ -225,20 +225,22 @@ Promoting the images basically means that images, that were pushed to staging co prlist_to_changelog.sh ~/Downloads/prlist.txt | tee ~/Downloads//changelog_content.txt ``` -### d. Edit the values.yaml and run helm-docs +### d. Edit the values.yaml and run helm-schema and helm-docs - [Fields to edit in values.yaml](https://github.com/kubernetes/ingress-nginx/blob/main/charts/ingress-nginx/values.yaml) - tag - digest - - [helm-docs](https://github.com/norwoodj/helm-docs) is a tool that generates the README.md for a helm-chart automatically. In the CI pipeline workflow of github actions (/.github/workflows/ci.yaml), you can see how helm-docs is used. But the CI pipeline is not designed to make commits back into the project. So we need to run helm-docs manually, and check in the resulting autogenerated README.md at the path /charts/ingress-nginx/README.md + - [helm-docs](https://github.com/norwoodj/helm-docs) and [helm-schema](https://github.com/dadav/helm-schema) are tools that generates the README.md and values.schema.json for a helm-chart automatically. In the CI pipeline workflow of github actions (/.github/workflows/ci.yaml), you can see how helm-docs and helm-schema are used. But the CI pipeline is not designed to make commits back into the project. So we need to run helm-docs and helm-schema manually, and check in the resulting autogenerated README.md and values.schema.json files located at the path /charts/ingress-nginx/ ``` GOBIN=$PWD GO111MODULE=on go install github.com/norwoodj/helm-docs/cmd/helm-docs@v1.11.0 + GOBIN=$PWD GO111MODULE=on go install github.com/dadav/helm-schema/cmd/helm-schema@0.12.0 + ./helm-schema --chart-search-root=${GITHUB_WORKSPACE}/charts --skip-auto-generation title,description,required,default,additionalProperties ./helm-docs --chart-search-root=${GITHUB_WORKSPACE}/charts git diff --exit-code - rm -f ./helm-docs + rm -f ./helm-docs ./helm-schema ``` - Watchout for mistakes like leaving the helm-docs executable in your clone workspace or not checking the new README.md manually etc. + Watchout for mistakes like leaving the executables in your clone workspace or not checking the updated files manually etc. ### e. Edit the static manifests diff --git a/charts/ingress-nginx/README.md b/charts/ingress-nginx/README.md index 381ff3a6b..2ea711dd3 100644 --- a/charts/ingress-nginx/README.md +++ b/charts/ingress-nginx/README.md @@ -322,7 +322,7 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu | controller.hostPort.enabled | bool | `false` | Enable 'hostPort' or not | | controller.hostPort.ports.http | int | `80` | 'hostPort' http port | | controller.hostPort.ports.https | int | `443` | 'hostPort' https port | -| controller.hostname | object | `{}` | Optionally customize the pod hostname. | +| controller.hostname | string | `""` | Optionally customize the pod hostname. | | controller.image.allowPrivilegeEscalation | bool | `false` | | | controller.image.chroot | bool | `false` | | | controller.image.digest | string | `"sha256:d5f8217feeac4887cb1ed21f27c2674e58be06bd8f5184cacea2a69abaf78dce"` | | @@ -452,8 +452,8 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu | controller.service.internal.loadBalancerClass | string | `""` | Load balancer class of the internal controller service. Used by cloud providers to select a load balancer implementation other than the cloud provider default. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-class | | controller.service.internal.loadBalancerIP | string | `""` | Deprecated: Pre-defined IP address of the internal controller service. Used by cloud providers to connect the resulting load balancer service to a pre-existing static IP. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer | | controller.service.internal.loadBalancerSourceRanges | list | `[]` | Restrict access to the internal controller service. Values must be CIDRs. Allows any source address by default. | -| controller.service.internal.nodePorts.http | string | `""` | Node port allocated for the internal HTTP listener. If left empty, the service controller allocates one from the configured node port range. | -| controller.service.internal.nodePorts.https | string | `""` | Node port allocated for the internal HTTPS listener. If left empty, the service controller allocates one from the configured node port range. | +| controller.service.internal.nodePorts.http | int | `0` | Node port allocated for the internal HTTP listener. If left empty, the service controller allocates one from the configured node port range. | +| controller.service.internal.nodePorts.https | int | `0` | Node port allocated for the internal HTTPS listener. If left empty, the service controller allocates one from the configured node port range. | | controller.service.internal.nodePorts.tcp | object | `{}` | Node port mapping for internal TCP listeners. If left empty, the service controller allocates them from the configured node port range. Example: tcp: 8080: 30080 | | controller.service.internal.nodePorts.udp | object | `{}` | Node port mapping for internal UDP listeners. If left empty, the service controller allocates them from the configured node port range. Example: udp: 53: 30053 | | controller.service.internal.ports | object | `{}` | | @@ -466,13 +466,13 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu | controller.service.loadBalancerClass | string | `""` | Load balancer class of the external controller service. Used by cloud providers to select a load balancer implementation other than the cloud provider default. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-class | | controller.service.loadBalancerIP | string | `""` | Deprecated: Pre-defined IP address of the external controller service. Used by cloud providers to connect the resulting load balancer service to a pre-existing static IP. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer | | controller.service.loadBalancerSourceRanges | list | `[]` | Restrict access to the external controller service. Values must be CIDRs. Allows any source address by default. | -| controller.service.nodePorts.http | string | `""` | Node port allocated for the external HTTP listener. If left empty, the service controller allocates one from the configured node port range. | -| controller.service.nodePorts.https | string | `""` | Node port allocated for the external HTTPS listener. If left empty, the service controller allocates one from the configured node port range. | +| controller.service.nodePorts.http | int | `0` | Node port allocated for the external HTTP listener. If left empty, the service controller allocates one from the configured node port range. | +| controller.service.nodePorts.https | int | `0` | Node port allocated for the external HTTPS listener. If left empty, the service controller allocates one from the configured node port range. | | controller.service.nodePorts.tcp | object | `{}` | Node port mapping for external TCP listeners. If left empty, the service controller allocates them from the configured node port range. Example: tcp: 8080: 30080 | | controller.service.nodePorts.udp | object | `{}` | Node port mapping for external UDP listeners. If left empty, the service controller allocates them from the configured node port range. Example: udp: 53: 30053 | | controller.service.ports.http | int | `80` | Port the external HTTP listener is published with. | | controller.service.ports.https | int | `443` | Port the external HTTPS listener is published with. | -| controller.service.sessionAffinity | string | `""` | Session affinity of the external controller service. Must be either "None" or "ClientIP" if set. Defaults to "None". Ref: https://kubernetes.io/docs/reference/networking/virtual-ips/#session-affinity | +| controller.service.sessionAffinity | string | `"None"` | Session affinity of the external controller service. Must be either "None" or "ClientIP" if set. Defaults to "None". Ref: https://kubernetes.io/docs/reference/networking/virtual-ips/#session-affinity | | controller.service.targetPorts.http | string | `"http"` | Port of the ingress controller the external HTTP listener is mapped to. | | controller.service.targetPorts.https | string | `"https"` | Port of the ingress controller the external HTTPS listener is mapped to. | | controller.service.type | string | `"LoadBalancer"` | Type of the external controller service. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types | diff --git a/charts/ingress-nginx/values.schema.json b/charts/ingress-nginx/values.schema.json new file mode 100644 index 000000000..a6e87f36b --- /dev/null +++ b/charts/ingress-nginx/values.schema.json @@ -0,0 +1,1633 @@ +{ + "properties": { + "commonLabels": { + "type": "object" + }, + "controller": { + "properties": { + "addHeaders": { + "type": "object" + }, + "admissionWebhooks": { + "properties": { + "annotations": { + "type": "object" + }, + "certManager": { + "properties": { + "admissionCert": { + "properties": { + "duration": { + "type": "string" + } + }, + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "rootCert": { + "properties": { + "duration": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "certificate": { + "type": "string" + }, + "createSecretJob": { + "properties": { + "name": { + "type": "string" + }, + "resources": { + "additionalProperties": false, + "patternProperties": { + "(^limits$)|(^requests$)": { + "additionalProperties": false, + "patternProperties": { + "(^cpu$)|(^memory$)|(ephemeral-storage$)|(hugepages-.+$)": { + "type": [ + "string", + "integer" + ] + } + }, + "type": "object" + } + }, + "type": "object" + }, + "securityContext": { + "$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.29.3/_definitions.json#/definitions/io.k8s.api.core.v1.SecurityContext" + } + }, + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "existingPsp": { + "type": "string" + }, + "extraEnvs": { + "items": { + "$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.29.3/_definitions.json#/definitions/io.k8s.api.core.v1.EnvVar" + }, + "type": "array" + }, + "failurePolicy": { + "enum": [ + "Fail", + "Ignore" + ] + }, + "key": { + "type": "string" + }, + "labels": { + "type": "object" + }, + "name": { + "type": "string" + }, + "namespaceSelector": { + "anyOf": [ + { + "$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.29.3/_definitions.json#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector" + }, + { + "additionalProperties": false, + "type": "object" + } + ] + }, + "objectSelector": { + "anyOf": [ + { + "$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.29.3/_definitions.json#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector" + }, + { + "additionalProperties": false, + "type": "object" + } + ] + }, + "patch": { + "properties": { + "enabled": { + "type": "boolean" + }, + "image": { + "properties": { + "digest": { + "type": "string" + }, + "image": { + "type": "string" + }, + "pullPolicy": { + "enum": [ + "IfNotPresent", + "Always", + "Never" + ] + }, + "registry": { + "type": "string" + }, + "tag": { + "type": "string" + } + }, + "type": "object" + }, + "labels": { + "type": "object" + }, + "networkPolicy": { + "properties": { + "enabled": { + "type": "boolean" + } + }, + "type": "object" + }, + "nodeSelector": { + "properties": { + "kubernetes.io/os": { + "type": "string" + } + }, + "type": "object" + }, + "podAnnotations": { + "type": "object" + }, + "priorityClassName": { + "type": "string" + }, + "rbac": { + "properties": { + "create": { + "type": "boolean" + } + }, + "type": "object" + }, + "securityContext": { + "$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.29.3/_definitions.json#/definitions/io.k8s.api.core.v1.SecurityContext" + }, + "serviceAccount": { + "properties": { + "automountServiceAccountToken": { + "type": "boolean" + }, + "create": { + "type": "boolean" + }, + "name": { + "type": "string" + } + }, + "type": "object" + }, + "tolerations": { + "items": { + "additionalProperties": false, + "properties": { + "effect": { + "enum": [ + "NoSchedule", + "PreferNoSchedule", + "NoExecute" + ] + }, + "key": { + "type": "string" + }, + "operator": { + "enum": [ + "Equal", + "Exists" + ] + }, + "tolerationSeconds": { + "type": "integer" + }, + "value": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "patchWebhookJob": { + "properties": { + "name": { + "type": "string" + }, + "resources": { + "additionalProperties": false, + "patternProperties": { + "(^limits$)|(^requests$)": { + "additionalProperties": false, + "patternProperties": { + "(^cpu$)|(^memory$)|(ephemeral-storage$)|(hugepages-.+$)": { + "type": [ + "string", + "integer" + ] + } + }, + "type": "object" + } + }, + "type": "object" + }, + "securityContext": { + "$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.29.3/_definitions.json#/definitions/io.k8s.api.core.v1.SecurityContext" + } + }, + "type": "object" + }, + "port": { + "type": "integer" + }, + "service": { + "properties": { + "annotations": { + "type": "object" + }, + "externalIPs": { + "items": {}, + "type": "array" + }, + "loadBalancerSourceRanges": { + "items": {}, + "type": "array" + }, + "servicePort": { + "type": "integer" + }, + "type": { + "enum": [ + "ClusterIP", + "NodePort", + "LoadBalancer" + ] + } + }, + "type": "object" + } + }, + "type": "object" + }, + "affinity": { + "$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.29.3/_definitions.json#/definitions/io.k8s.api.core.v1.Affinity" + }, + "allowSnippetAnnotations": { + "type": "boolean" + }, + "annotations": { + "type": "object" + }, + "autoscaling": { + "properties": { + "annotations": { + "type": "object" + }, + "behavior": { + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "maxReplicas": { + "type": "integer" + }, + "minReplicas": { + "type": "integer" + }, + "targetCPUUtilizationPercentage": { + "type": "integer" + }, + "targetMemoryUtilizationPercentage": { + "type": "integer" + } + }, + "type": "object" + }, + "autoscalingTemplate": { + "items": {}, + "type": "array" + }, + "config": { + "type": "object" + }, + "configAnnotations": { + "type": "object" + }, + "configMapNamespace": { + "type": "string" + }, + "containerName": { + "type": "string" + }, + "containerPort": { + "properties": { + "http": { + "type": "integer" + }, + "https": { + "type": "integer" + } + }, + "type": "object" + }, + "containerSecurityContext": { + "$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.29.3/_definitions.json#/definitions/io.k8s.api.core.v1.SecurityContext" + }, + "customTemplate": { + "properties": { + "configMapKey": { + "type": "string" + }, + "configMapName": { + "type": "string" + } + }, + "type": "object" + }, + "disableLeaderElection": { + "type": "boolean" + }, + "dnsConfig": { + "type": "object" + }, + "dnsPolicy": { + "enum": [ + "ClusterFirst", + "ClusterFirstWithHostNet", + "Default", + "None" + ] + }, + "electionID": { + "type": "string" + }, + "electionTTL": { + "type": "string" + }, + "enableAnnotationValidations": { + "type": "boolean" + }, + "enableMimalloc": { + "type": "boolean" + }, + "enableTopologyAwareRouting": { + "type": "boolean" + }, + "existingPsp": { + "type": "string" + }, + "extraArgs": { + "type": "object" + }, + "extraContainers": { + "items": { + "$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.29.3/_definitions.json#/definitions/io.k8s.api.core.v1.Container" + }, + "type": "array" + }, + "extraEnvs": { + "items": { + "$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.29.3/_definitions.json#/definitions/io.k8s.api.core.v1.EnvVar" + }, + "type": "array" + }, + "extraInitContainers": { + "items": { + "$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.29.3/_definitions.json#/definitions/io.k8s.api.core.v1.Container" + }, + "type": "array" + }, + "extraModules": { + "items": {}, + "type": "array" + }, + "extraVolumeMounts": { + "items": {}, + "type": "array" + }, + "extraVolumes": { + "items": {}, + "type": "array" + }, + "healthCheckHost": { + "type": "string" + }, + "healthCheckPath": { + "type": "string" + }, + "hostAliases": { + "items": { + "properties": { + "hostnames": { + "items": { + "type": "string" + }, + "type": "array" + }, + "ip": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "hostNetwork": { + "type": "boolean" + }, + "hostPort": { + "properties": { + "enabled": { + "type": "boolean" + }, + "ports": { + "properties": { + "http": { + "type": "integer" + }, + "https": { + "type": "integer" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "hostname": { + "type": "string" + }, + "image": { + "properties": { + "allowPrivilegeEscalation": { + "type": "boolean" + }, + "chroot": { + "type": "boolean" + }, + "digest": { + "type": "string" + }, + "digestChroot": { + "type": "string" + }, + "image": { + "type": "string" + }, + "pullPolicy": { + "enum": [ + "IfNotPresent", + "Always", + "Never" + ] + }, + "readOnlyRootFilesystem": { + "type": "boolean" + }, + "registry": { + "type": "string" + }, + "runAsGroup": { + "type": "integer" + }, + "runAsNonRoot": { + "type": "boolean" + }, + "runAsUser": { + "type": "integer" + }, + "seccompProfile": { + "properties": { + "type": { + "enum": [ + "RuntimeDefault", + "Localhost", + "Unconfined" + ] + } + }, + "type": "object" + }, + "tag": { + "type": "string" + } + }, + "type": "object" + }, + "ingressClass": { + "type": "string" + }, + "ingressClassByName": { + "type": "boolean" + }, + "ingressClassResource": { + "properties": { + "aliases": { + "items": {}, + "type": "array" + }, + "annotations": { + "type": "object" + }, + "controllerValue": { + "type": "string" + }, + "default": { + "type": "boolean" + }, + "enabled": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "parameters": { + "additionalProperties": false, + "properties": { + "apiGroup": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "keda": { + "properties": { + "apiVersion": { + "type": "string" + }, + "behavior": { + "type": "object" + }, + "cooldownPeriod": { + "type": "integer" + }, + "enabled": { + "type": "boolean" + }, + "maxReplicas": { + "type": "integer" + }, + "minReplicas": { + "type": "integer" + }, + "pollingInterval": { + "type": "integer" + }, + "restoreToOriginalReplicaCount": { + "type": "boolean" + }, + "scaledObject": { + "properties": { + "annotations": { + "type": "object" + } + }, + "type": "object" + }, + "triggers": { + "items": {}, + "type": "array" + } + }, + "type": "object" + }, + "kind": { + "enum": [ + "Deployment", + "DaemonSet" + ] + }, + "labels": { + "type": "object" + }, + "lifecycle": { + "properties": { + "preStop": { + "properties": { + "exec": { + "properties": { + "command": { + "items": { + "anyOf": [ + { + "type": "string" + } + ] + }, + "type": "array" + } + }, + "type": "object" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "livenessProbe": { + "$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.29.3/_definitions.json#/definitions/io.k8s.api.core.v1.Probe" + }, + "maxmindLicenseKey": { + "type": "string" + }, + "metrics": { + "properties": { + "enabled": { + "type": "boolean" + }, + "port": { + "type": "integer" + }, + "portName": { + "type": "string" + }, + "prometheusRule": { + "properties": { + "additionalLabels": { + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "rules": { + "items": {}, + "type": "array" + } + }, + "type": "object" + }, + "service": { + "properties": { + "annotations": { + "type": "object" + }, + "externalIPs": { + "items": {}, + "type": "array" + }, + "labels": { + "type": "object" + }, + "loadBalancerSourceRanges": { + "items": {}, + "type": "array" + }, + "servicePort": { + "type": "integer" + }, + "type": { + "enum": [ + "ClusterIP", + "NodePort", + "LoadBalancer" + ] + } + }, + "type": "object" + }, + "serviceMonitor": { + "properties": { + "additionalLabels": { + "type": "object" + }, + "annotations": { + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "metricRelabelings": { + "items": {}, + "type": "array" + }, + "namespace": { + "type": "string" + }, + "namespaceSelector": { + "type": "object" + }, + "relabelings": { + "items": {}, + "type": "array" + }, + "scrapeInterval": { + "type": "string" + }, + "targetLabels": { + "items": {}, + "type": "array" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "minAvailable": { + "type": "integer" + }, + "minReadySeconds": { + "type": "integer" + }, + "name": { + "type": "string" + }, + "networkPolicy": { + "properties": { + "enabled": { + "type": "boolean" + } + }, + "type": "object" + }, + "nodeSelector": { + "properties": { + "kubernetes.io/os": { + "type": "string" + } + }, + "type": "object" + }, + "opentelemetry": { + "properties": { + "containerSecurityContext": { + "$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.29.3/_definitions.json#/definitions/io.k8s.api.core.v1.SecurityContext" + }, + "enabled": { + "type": "boolean" + }, + "image": { + "properties": { + "digest": { + "type": "string" + }, + "distroless": { + "type": "boolean" + }, + "image": { + "type": "string" + }, + "registry": { + "type": "string" + }, + "tag": { + "type": "string" + } + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "resources": { + "additionalProperties": false, + "patternProperties": { + "(^limits$)|(^requests$)": { + "additionalProperties": false, + "patternProperties": { + "(^cpu$)|(^memory$)|(ephemeral-storage$)|(hugepages-.+$)": { + "type": [ + "string", + "integer" + ] + } + }, + "type": "object" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "podAnnotations": { + "type": "object" + }, + "podLabels": { + "type": "object" + }, + "podSecurityContext": { + "$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.29.3/_definitions.json#/definitions/io.k8s.api.core.v1.PodSecurityContext" + }, + "priorityClassName": { + "type": "string" + }, + "proxySetHeaders": { + "type": "object" + }, + "publishService": { + "properties": { + "enabled": { + "type": "boolean" + }, + "pathOverride": { + "type": "string" + } + }, + "type": "object" + }, + "readinessProbe": { + "$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.29.3/_definitions.json#/definitions/io.k8s.api.core.v1.Probe" + }, + "replicaCount": { + "type": "integer" + }, + "reportNodeInternalIp": { + "type": "boolean" + }, + "resources": { + "additionalProperties": false, + "patternProperties": { + "(^limits$)|(^requests$)": { + "additionalProperties": false, + "patternProperties": { + "(^cpu$)|(^memory$)|(ephemeral-storage$)|(hugepages-.+$)": { + "type": [ + "string", + "integer" + ] + } + }, + "type": "object" + } + }, + "type": "object" + }, + "scope": { + "properties": { + "enabled": { + "type": "boolean" + }, + "namespace": { + "type": "string" + }, + "namespaceSelector": { + "type": "string" + } + }, + "type": "object" + }, + "service": { + "properties": { + "annotations": { + "type": "object" + }, + "appProtocol": { + "type": "boolean" + }, + "clusterIP": { + "type": "string" + }, + "enableHttp": { + "type": "boolean" + }, + "enableHttps": { + "type": "boolean" + }, + "enabled": { + "type": "boolean" + }, + "external": { + "properties": { + "enabled": { + "type": "boolean" + } + }, + "type": "object" + }, + "externalIPs": { + "items": {}, + "type": "array" + }, + "externalTrafficPolicy": { + "enum": [ + "Cluster", + "Local", + "" + ] + }, + "internal": { + "properties": { + "annotations": { + "type": "object" + }, + "appProtocol": { + "type": "boolean" + }, + "clusterIP": { + "type": "string" + }, + "enabled": { + "type": "boolean" + }, + "externalIPs": { + "items": {}, + "type": "array" + }, + "externalTrafficPolicy": { + "enum": [ + "Cluster", + "Local", + "" + ] + }, + "ipFamilies": { + "items": { + "enum": [ + "IPv4", + "IPv6" + ] + }, + "type": "array" + }, + "ipFamilyPolicy": { + "enum": [ + "SingleStack", + "PreferDualStack", + "RequireDualStack" + ] + }, + "loadBalancerClass": { + "type": "string" + }, + "loadBalancerIP": { + "type": "string" + }, + "loadBalancerSourceRanges": { + "items": {}, + "type": "array" + }, + "nodePorts": { + "properties": { + "http": { + "type": "integer" + }, + "https": { + "type": "integer" + }, + "tcp": { + "type": "object" + }, + "udp": { + "type": "object" + } + }, + "type": "object" + }, + "ports": { + "properties": { + "http": { + "type": "integer" + }, + "https": { + "type": "integer" + } + }, + "type": "object" + }, + "sessionAffinity": { + "enum": [ + "ClientIP", + "None", + "" + ] + }, + "targetPorts": { + "properties": { + "http": { + "type": [ + "integer", + "string" + ] + }, + "https": { + "type": [ + "integer", + "string" + ] + } + }, + "type": "object" + }, + "type": { + "enum": [ + "ClusterIP", + "NodePort", + "LoadBalancer", + "" + ] + } + }, + "type": "object" + }, + "ipFamilies": { + "items": { + "enum": [ + "IPv4", + "IPv6" + ] + }, + "type": "array" + }, + "ipFamilyPolicy": { + "enum": [ + "SingleStack", + "PreferDualStack", + "RequireDualStack" + ] + }, + "labels": { + "type": "object" + }, + "loadBalancerClass": { + "type": "string" + }, + "loadBalancerIP": { + "type": "string" + }, + "loadBalancerSourceRanges": { + "items": { + "type": "string" + }, + "type": "array" + }, + "nodePorts": { + "properties": { + "http": { + "type": "integer" + }, + "https": { + "type": "integer" + }, + "tcp": { + "type": "object" + }, + "udp": { + "type": "object" + } + }, + "type": "object" + }, + "ports": { + "properties": { + "http": { + "type": "integer" + }, + "https": { + "type": "integer" + } + }, + "type": "object" + }, + "sessionAffinity": { + "enum": [ + "ClientIP", + "None" + ] + }, + "targetPorts": { + "properties": { + "http": { + "type": [ + "integer", + "string" + ] + }, + "https": { + "type": [ + "integer", + "string" + ] + } + }, + "type": "object" + }, + "type": { + "enum": [ + "ClusterIP", + "NodePort", + "LoadBalancer" + ] + } + }, + "type": "object" + }, + "shareProcessNamespace": { + "type": "boolean" + }, + "sysctls": { + "type": "object" + }, + "tcp": { + "properties": { + "annotations": { + "type": "object" + }, + "configMapNamespace": { + "type": "string" + } + }, + "type": "object" + }, + "terminationGracePeriodSeconds": { + "type": "integer" + }, + "tolerations": { + "items": { + "additionalProperties": false, + "properties": { + "effect": { + "enum": [ + "NoSchedule", + "PreferNoSchedule", + "NoExecute" + ] + }, + "key": { + "type": "string" + }, + "operator": { + "enum": [ + "Equal", + "Exists" + ] + }, + "tolerationSeconds": { + "type": "integer" + }, + "value": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "topologySpreadConstraints": { + "items": { + "$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.29.3/_definitions.json#/definitions/io.k8s.api.core.v1.TopologySpreadConstraint" + }, + "type": "array" + }, + "udp": { + "properties": { + "annotations": { + "type": "object" + }, + "configMapNamespace": { + "type": "string" + } + }, + "type": "object" + }, + "updateStrategy": { + "additionalProperties": false, + "properties": { + "rollingUpdate": { + "additionalProperties": false, + "properties": { + "maxSurge": { + "type": [ + "string", + "integer" + ] + }, + "maxUnavailable": { + "type": [ + "string", + "integer" + ] + } + }, + "type": "object" + }, + "type": { + "enum": [ + "Recreate", + "RollingUpdate", + "OnDelete" + ] + } + }, + "type": "object" + }, + "watchIngressWithoutClass": { + "type": "boolean" + } + }, + "type": "object" + }, + "defaultBackend": { + "properties": { + "affinity": { + "$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.29.3/_definitions.json#/definitions/io.k8s.api.core.v1.Affinity" + }, + "autoscaling": { + "properties": { + "annotations": { + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "maxReplicas": { + "type": "integer" + }, + "minReplicas": { + "type": "integer" + }, + "targetCPUUtilizationPercentage": { + "type": "integer" + }, + "targetMemoryUtilizationPercentage": { + "type": "integer" + } + }, + "type": "object" + }, + "containerSecurityContext": { + "$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.29.3/_definitions.json#/definitions/io.k8s.api.core.v1.SecurityContext" + }, + "enabled": { + "type": "boolean" + }, + "existingPsp": { + "type": "string" + }, + "extraArgs": { + "type": "object" + }, + "extraConfigMaps": { + "items": { + "additionalProperties": false, + "properties": { + "data": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "name": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "extraEnvs": { + "items": { + "$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.29.3/_definitions.json#/definitions/io.k8s.api.core.v1.EnvVar" + }, + "type": "array" + }, + "extraVolumeMounts": { + "items": { + "$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.29.3/_definitions.json#/definitions/io.k8s.api.core.v1.VolumeMount" + }, + "type": "array" + }, + "extraVolumes": { + "items": { + "$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.29.3/_definitions.json#/definitions/io.k8s.api.core.v1.Volume" + }, + "type": "array" + }, + "image": { + "properties": { + "allowPrivilegeEscalation": { + "type": "boolean" + }, + "image": { + "type": "string" + }, + "pullPolicy": { + "enum": [ + "IfNotPresent", + "Always", + "Never" + ] + }, + "readOnlyRootFilesystem": { + "type": "boolean" + }, + "registry": { + "type": "string" + }, + "runAsGroup": { + "type": "integer" + }, + "runAsNonRoot": { + "type": "boolean" + }, + "runAsUser": { + "type": "integer" + }, + "seccompProfile": { + "properties": { + "type": { + "type": "string" + } + }, + "type": "object" + }, + "tag": { + "type": "string" + } + }, + "type": "object" + }, + "labels": { + "type": "object" + }, + "livenessProbe": { + "$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.29.3/_definitions.json#/definitions/io.k8s.api.core.v1.Probe" + }, + "minAvailable": { + "type": "integer" + }, + "minReadySeconds": { + "type": "integer" + }, + "name": { + "type": "string" + }, + "networkPolicy": { + "properties": { + "enabled": { + "type": "boolean" + } + }, + "type": "object" + }, + "nodeSelector": { + "properties": { + "kubernetes.io/os": { + "type": "string" + } + }, + "type": "object" + }, + "podAnnotations": { + "type": "object" + }, + "podLabels": { + "type": "object" + }, + "podSecurityContext": { + "$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.29.3/_definitions.json#/definitions/io.k8s.api.core.v1.PodSecurityContext" + }, + "port": { + "type": "integer" + }, + "priorityClassName": { + "type": "string" + }, + "readinessProbe": { + "$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.29.3/_definitions.json#/definitions/io.k8s.api.core.v1.Probe" + }, + "replicaCount": { + "type": "integer" + }, + "resources": { + "additionalProperties": false, + "patternProperties": { + "(^limits$)|(^requests$)": { + "additionalProperties": false, + "patternProperties": { + "(^cpu$)|(^memory$)|(ephemeral-storage$)|(hugepages-.+$)": { + "type": [ + "string", + "integer" + ] + } + }, + "type": "object" + } + }, + "type": "object" + }, + "service": { + "properties": { + "annotations": { + "type": "object" + }, + "externalIPs": { + "items": {}, + "type": "array" + }, + "loadBalancerSourceRanges": { + "items": {}, + "type": "array" + }, + "servicePort": { + "type": "integer" + }, + "type": { + "enum": [ + "ClusterIP", + "NodePort", + "LoadBalancer" + ] + } + }, + "type": "object" + }, + "serviceAccount": { + "properties": { + "automountServiceAccountToken": { + "type": "boolean" + }, + "create": { + "type": "boolean" + }, + "name": { + "type": "string" + } + }, + "type": "object" + }, + "tolerations": { + "items": { + "additionalProperties": false, + "properties": { + "effect": { + "enum": [ + "NoSchedule", + "PreferNoSchedule", + "NoExecute" + ] + }, + "key": { + "type": "string" + }, + "operator": { + "enum": [ + "Equal", + "Exists" + ] + }, + "tolerationSeconds": { + "type": "integer" + }, + "value": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "topologySpreadConstraints": { + "items": { + "$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.29.3/_definitions.json#/definitions/io.k8s.api.core.v1.TopologySpreadConstraint" + }, + "type": "array" + }, + "updateStrategy": { + "additionalProperties": false, + "properties": { + "rollingUpdate": { + "additionalProperties": false, + "properties": { + "maxSurge": { + "type": [ + "string", + "integer" + ] + }, + "maxUnavailable": { + "type": [ + "string", + "integer" + ] + } + }, + "type": "object" + }, + "type": { + "enum": [ + "Recreate", + "RollingUpdate", + "OnDelete" + ] + } + }, + "type": "object" + } + }, + "type": "object" + }, + "dhParam": { + "type": "string" + }, + "global": { + "type": "object" + }, + "imagePullSecrets": { + "items": { + "additionalProperties": false, + "properties": { + "name": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "namespaceOverride": { + "type": "string" + }, + "podSecurityPolicy": { + "properties": { + "enabled": { + "type": "boolean" + } + }, + "type": "object" + }, + "portNamePrefix": { + "type": "string" + }, + "rbac": { + "properties": { + "create": { + "type": "boolean" + }, + "scope": { + "type": "boolean" + } + }, + "type": "object" + }, + "revisionHistoryLimit": { + "type": "integer" + }, + "serviceAccount": { + "properties": { + "annotations": { + "type": "object" + }, + "automountServiceAccountToken": { + "type": "boolean" + }, + "create": { + "type": "boolean" + }, + "name": { + "type": "string" + } + }, + "type": "object" + }, + "tcp": { + "type": "object" + }, + "udp": { + "type": "object" + } + }, + "$schema": "http://json-schema.org/draft-07/schema#", + "type": "object" +} \ No newline at end of file diff --git a/charts/ingress-nginx/values.yaml b/charts/ingress-nginx/values.yaml index eee537ffe..2d7903bfc 100644 --- a/charts/ingress-nginx/values.yaml +++ b/charts/ingress-nginx/values.yaml @@ -29,6 +29,9 @@ controller: tag: "v1.11.2" digest: sha256:d5f8217feeac4887cb1ed21f27c2674e58be06bd8f5184cacea2a69abaf78dce digestChroot: sha256:21b55a2f0213a18b91612a8c0850167e00a8e34391fd595139a708f9c047e7a8 + # @schema + # enum: [IfNotPresent, Always, Never] + # @schema pullPolicy: IfNotPresent runAsNonRoot: true # -- This value must not be changed using the official image. @@ -39,6 +42,9 @@ controller: runAsGroup: 82 allowPrivilegeEscalation: false seccompProfile: + # @schema + # enum: [RuntimeDefault, Localhost, Unconfined] + # @schema type: RuntimeDefault readOnlyRootFilesystem: false # -- Use an existing PSP instead of creating one @@ -60,6 +66,18 @@ controller: addHeaders: {} # -- Optionally customize the pod dnsConfig. dnsConfig: {} + # @schema + # type: array + # items: + # type: object + # properties: + # ip: + # type: string + # hostnames: + # type: array + # items: + # type: string + # @schema # -- Optionally customize the pod hostAliases. hostAliases: [] # - ip: 127.0.0.1 @@ -71,7 +89,10 @@ controller: # - foo.remote # - bar.remote # -- Optionally customize the pod hostname. - hostname: {} + hostname: "" + # @schema + # enum: [ClusterFirst, ClusterFirstWithHostNet, Default, None] + # @schema # -- Optionally change this to ClusterFirstWithHostNet in case you have 'hostNetwork: true'. # By default, while using host network, name resolution uses the host's DNS. If you wish nginx-controller # to keep resolving names inside the k8s network, use ClusterFirstWithHostNet. @@ -142,6 +163,17 @@ controller: # aliases: # - nginx-alias-1 # - nginx-alias-2 + # @schema + # type: object + # additionalProperties: false + # properties: + # apiGroup: + # type: string + # kind: + # type: string + # name: + # type: string + # @schema # -- A link to a custom resource containing additional configuration for the controller. # This is optional if the controller consuming this IngressClass does not require additional parameters. # Ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class @@ -157,6 +189,9 @@ controller: podLabels: {} # key: value + # @schema + # $ref: https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.29.3/_definitions.json#/definitions/io.k8s.api.core.v1.PodSecurityContext + # @schema # -- Security context for controller pods podSecurityContext: {} # -- sysctls for controller pods @@ -164,6 +199,9 @@ controller: sysctls: {} # sysctls: # "net.core.somaxconn": "8192" + # @schema + # $ref: https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.29.3/_definitions.json#/definitions/io.k8s.api.core.v1.SecurityContext + # @schema # -- Security context for controller containers containerSecurityContext: {} # -- Allows customization of the source of the IP address or FQDN to report @@ -209,6 +247,11 @@ controller: ## length-buckets: "10,20,30,40,50,60,70,80,90,100" ## size-buckets: "10,100,1000,10000,100000,1e+06,1e+07" + # @schema + # type: array + # items: + # $ref: https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.29.3/_definitions.json#/definitions/io.k8s.api.core.v1.EnvVar + # @schema # -- Additional environment variables to set extraEnvs: [] # extraEnvs: @@ -218,6 +261,9 @@ controller: # key: FOO # name: secret-resource + # @schema + # enum: [Deployment, DaemonSet] + # @schema # -- Use a `DaemonSet` or `Deployment` kind: Deployment # -- Annotations to be added to the controller Deployment or DaemonSet @@ -231,6 +277,21 @@ controller: # keel.sh/policy: patch # keel.sh/trigger: poll + # @schema + # type: object + # additionalProperties: false + # properties: + # type: + # enum: [Recreate, RollingUpdate, OnDelete] + # rollingUpdate: + # type: object + # additionalProperties: false + # properties: + # maxSurge: + # type: [string, integer] + # maxUnavailable: + # type: [string, integer] + # @schema # -- The update strategy to apply to the Deployment or DaemonSet ## updateStrategy: {} @@ -241,6 +302,23 @@ controller: # -- `minReadySeconds` to avoid killing pods before we are ready ## minReadySeconds: 0 + # @schema + # type: array + # items: + # additionalProperties: false + # type: object + # properties: + # effect: + # enum: [NoSchedule, PreferNoSchedule, NoExecute] + # key: + # type: string + # operator: + # enum: [Equal, Exists] + # tolerationSeconds: + # type: integer + # value: + # type: string + # @schema # -- Node tolerations for server scheduling to nodes with taints ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ ## @@ -250,6 +328,9 @@ controller: # value: "value" # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)" + # @schema + # $ref: https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.29.3/_definitions.json#/definitions/io.k8s.api.core.v1.Affinity + # @schema # -- Affinity and anti-affinity rules for server scheduling to nodes ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity ## @@ -294,6 +375,11 @@ controller: # - controller # topologyKey: kubernetes.io/hostname + # @schema + # type: array + # items: + # $ref: https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.29.3/_definitions.json#/definitions/io.k8s.api.core.v1.TopologySpreadConstraint + # @schema # -- Topology spread constraints rely on node labels to identify the topology domain(s) that each Node is in. ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ ## @@ -324,6 +410,9 @@ controller: ## nodeSelector: kubernetes.io/os: linux + # @schema + # $ref: https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.29.3/_definitions.json#/definitions/io.k8s.api.core.v1.Probe + # @schema ## Liveness and readiness probe values ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes ## @@ -349,6 +438,9 @@ controller: timeoutSeconds: 1 successThreshold: 1 failureThreshold: 5 + # @schema + # $ref: https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.29.3/_definitions.json#/definitions/io.k8s.api.core.v1.Probe + # @schema readinessProbe: httpGet: # should match container.healthCheckPath @@ -381,6 +473,17 @@ controller: ## ref: https://github.com/kubernetes/ingress-nginx/issues/4735#issuecomment-551204903 ## Ideally, there should be no limits. ## https://engineering.indeedblog.com/blog/2019/12/cpu-throttling-regression-fix/ + # @schema + # type: object + # additionalProperties: false + # properties: {} + # patternProperties: + # "(^limits$)|(^requests$)": + # additionalProperties: false + # type: object + # patternProperties: + # "(^cpu$)|(^memory$)|(ephemeral-storage$)|(hugepages-.+$)": { type: [string, integer] } + # @schema resources: ## limits: ## cpu: 100m @@ -479,6 +582,9 @@ controller: annotations: {} # -- Labels to be added to both controller services. labels: {} + # @schema + # enum: [ClusterIP, NodePort, LoadBalancer] + # @schema # -- Type of the external controller service. # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types type: LoadBalancer @@ -492,6 +598,11 @@ controller: # -- Deprecated: Pre-defined IP address of the external controller service. Used by cloud providers to connect the resulting load balancer service to a pre-existing static IP. # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer loadBalancerIP: "" + # @schema + # type: array + # items: + # type: string + # @schema # -- Restrict access to the external controller service. Values must be CIDRs. Allows any source address by default. loadBalancerSourceRanges: [] # -- Load balancer class of the external controller service. Used by cloud providers to select a load balancer implementation other than the cloud provider default. @@ -501,21 +612,35 @@ controller: # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-nodeport-allocation # allocateLoadBalancerNodePorts: true + # @schema + # enum: [Cluster, Local, ""] + # @schema # -- External traffic policy of the external controller service. Set to "Local" to preserve source IP on providers supporting it. # Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip externalTrafficPolicy: "" + # @schema + # enum: [ClientIP, None] + # @schema # -- Session affinity of the external controller service. Must be either "None" or "ClientIP" if set. Defaults to "None". # Ref: https://kubernetes.io/docs/reference/networking/virtual-ips/#session-affinity - sessionAffinity: "" + sessionAffinity: "None" # -- Specifies the health check node port (numeric port number) for the external controller service. # If not specified, the service controller allocates a port from your cluster's node port range. # Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip # healthCheckNodePort: 0 + # @schema + # enum: [SingleStack, PreferDualStack, RequireDualStack] + # @schema # -- Represents the dual-stack capabilities of the external controller service. Possible values are SingleStack, PreferDualStack or RequireDualStack. # Fields `ipFamilies` and `clusterIP` depend on the value of this field. # Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services ipFamilyPolicy: SingleStack + # @schema + # type: array + # items: + # enum: [IPv4, IPv6] + # @schema # -- List of IP families (e.g. IPv4, IPv6) assigned to the external controller service. This field is usually assigned automatically based on cluster configuration and the `ipFamilyPolicy` field. # Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services ipFamilies: @@ -530,8 +655,14 @@ controller: # -- Port the external HTTPS listener is published with. https: 443 targetPorts: + # @schema + # type: [integer, string] + # @schema # -- Port of the ingress controller the external HTTP listener is mapped to. http: http + # @schema + # type: [integer, string] + # @schema # -- Port of the ingress controller the external HTTPS listener is mapped to. https: https # -- Declare the app protocol of the external HTTP and HTTPS listeners or not. Supersedes provider-specific annotations for declaring the backend protocol. @@ -539,9 +670,9 @@ controller: appProtocol: true nodePorts: # -- Node port allocated for the external HTTP listener. If left empty, the service controller allocates one from the configured node port range. - http: "" + http: 0 # -- Node port allocated for the external HTTPS listener. If left empty, the service controller allocates one from the configured node port range. - https: "" + https: 0 # -- Node port mapping for external TCP listeners. If left empty, the service controller allocates them from the configured node port range. # Example: # tcp: @@ -558,6 +689,9 @@ controller: # -- Annotations to be added to the internal controller service. Mandatory for the internal controller service to be created. Varies with the cloud service. # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer annotations: {} + # @schema + # enum: [ClusterIP, NodePort, LoadBalancer, ""] + # @schema # -- Type of the internal controller service. # Defaults to the value of `controller.service.type`. # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types @@ -581,9 +715,15 @@ controller: # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-nodeport-allocation # allocateLoadBalancerNodePorts: true + # @schema + # enum: [Cluster, Local, ""] + # @schema # -- External traffic policy of the internal controller service. Set to "Local" to preserve source IP on providers supporting it. # Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip externalTrafficPolicy: "" + # @schema + # enum: [ClientIP, None, ""] + # @schema # -- Session affinity of the internal controller service. Must be either "None" or "ClientIP" if set. Defaults to "None". # Ref: https://kubernetes.io/docs/reference/networking/virtual-ips/#session-affinity sessionAffinity: "" @@ -592,14 +732,30 @@ controller: # Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip # healthCheckNodePort: 0 + # @schema + # enum: [SingleStack, PreferDualStack, RequireDualStack] + # @schema # -- Represents the dual-stack capabilities of the internal controller service. Possible values are SingleStack, PreferDualStack or RequireDualStack. # Fields `ipFamilies` and `clusterIP` depend on the value of this field. # Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services ipFamilyPolicy: SingleStack + # @schema + # type: array + # items: + # enum: [IPv4, IPv6] + # @schema # -- List of IP families (e.g. IPv4, IPv6) assigned to the internal controller service. This field is usually assigned automatically based on cluster configuration and the `ipFamilyPolicy` field. # Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services ipFamilies: - IPv4 + # @schema + # type: object + # properties: + # http: + # type: integer + # https: + # type: integer + # @schema ports: {} # -- Port the internal HTTP listener is published with. # Defaults to the value of `controller.service.ports.http`. @@ -608,6 +764,14 @@ controller: # Defaults to the value of `controller.service.ports.https`. # https: 443 + # @schema + # type: object + # properties: + # http: + # type: [integer, string] + # https: + # type: [integer, string] + # @schema targetPorts: {} # -- Port of the ingress controller the internal HTTP listener is mapped to. # Defaults to the value of `controller.service.targetPorts.http`. @@ -621,9 +785,9 @@ controller: appProtocol: true nodePorts: # -- Node port allocated for the internal HTTP listener. If left empty, the service controller allocates one from the configured node port range. - http: "" + http: 0 # -- Node port allocated for the internal HTTPS listener. If left empty, the service controller allocates one from the configured node port range. - https: "" + https: 0 # -- Node port mapping for internal TCP listeners. If left empty, the service controller allocates them from the configured node port range. # Example: # tcp: @@ -637,6 +801,11 @@ controller: # shareProcessNamespace enables process namespace sharing within the pod. # This can be used for example to signal log rotation using `kill -USR1` from a sidecar. shareProcessNamespace: false + # @schema + # type: array + # items: + # $ref: https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.29.3/_definitions.json#/definitions/io.k8s.api.core.v1.Container + # @schema # -- Additional containers to be added to the controller pod. # See https://github.com/lemonldap-ng-controller/lemonldap-ng-controller as example. extraContainers: [] @@ -671,6 +840,11 @@ controller: # - name: copy-portal-skins # emptyDir: {} + # @schema + # type: array + # items: + # $ref: https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.29.3/_definitions.json#/definitions/io.k8s.api.core.v1.Container + # @schema # -- Containers, which are run before the app containers are started. extraInitContainers: [] # - name: init-myservice @@ -718,6 +892,9 @@ controller: tag: v20240813-b933310d digest: sha256:f7604ac0547ed64d79b98d92133234e66c2c8aade3c1f4809fed5eec1fb7f922 distroless: true + # @schema + # $ref: https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.29.3/_definitions.json#/definitions/io.k8s.api.core.v1.SecurityContext + # @schema containerSecurityContext: runAsNonRoot: true # -- The image's default user, inherited from its base image `cgr.dev/chainguard/static`. @@ -730,6 +907,17 @@ controller: drop: - ALL readOnlyRootFilesystem: true + # @schema + # type: object + # additionalProperties: false + # properties: {} + # patternProperties: + # "(^limits$)|(^requests$)": + # additionalProperties: false + # type: object + # patternProperties: + # "(^cpu$)|(^memory$)|(ephemeral-storage$)|(hugepages-.+$)": { type: [string, integer] } + # @schema resources: {} admissionWebhooks: name: admission @@ -740,6 +928,11 @@ controller: ## These annotations will be added to the ValidatingWebhookConfiguration and ## the Jobs Spec of the admission webhooks. enabled: true + # @schema + # type: array + # items: + # $ref: https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.29.3/_definitions.json#/definitions/io.k8s.api.core.v1.EnvVar + # @schema # -- Additional environment variables to set extraEnvs: [] # extraEnvs: @@ -748,13 +941,30 @@ controller: # secretKeyRef: # key: FOO # name: secret-resource + # @schema + # enum: [Fail, Ignore] + # @schema # -- Admission Webhook failure policy to use failurePolicy: Fail # timeoutSeconds: 10 port: 8443 certificate: "/usr/local/certificates/cert" key: "/usr/local/certificates/key" + # @schema + # anyOf: + # - $ref: https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.29.3/_definitions.json#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector + # - type: object + # additionalProperties: false + # properties: {} + # @schema namespaceSelector: {} + # @schema + # anyOf: + # - $ref: https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.29.3/_definitions.json#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector + # - type: object + # additionalProperties: false + # properties: {} + # @schema objectSelector: {} # -- Labels to be added to admission webhooks labels: {} @@ -767,9 +977,15 @@ controller: # loadBalancerIP: "" loadBalancerSourceRanges: [] servicePort: 443 + # @schema + # enum: [ClusterIP, NodePort, LoadBalancer] + # @schema type: ClusterIP createSecretJob: name: create + # @schema + # $ref: https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.29.3/_definitions.json#/definitions/io.k8s.api.core.v1.SecurityContext + # @schema # -- Security context for secret creation containers securityContext: runAsNonRoot: true @@ -782,6 +998,17 @@ controller: drop: - ALL readOnlyRootFilesystem: true + # @schema + # type: object + # additionalProperties: false + # properties: {} + # patternProperties: + # "(^limits$)|(^requests$)": + # additionalProperties: false + # type: object + # patternProperties: + # "(^cpu$)|(^memory$)|(ephemeral-storage$)|(hugepages-.+$)": { type: [string, integer] } + # @schema resources: {} # limits: # cpu: 10m @@ -791,6 +1018,9 @@ controller: # memory: 20Mi patchWebhookJob: name: patch + # @schema + # $ref: https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.29.3/_definitions.json#/definitions/io.k8s.api.core.v1.SecurityContext + # @schema # -- Security context for webhook patch containers securityContext: runAsNonRoot: true @@ -803,6 +1033,17 @@ controller: drop: - ALL readOnlyRootFilesystem: true + # @schema + # type: object + # additionalProperties: false + # properties: {} + # patternProperties: + # "(^limits$)|(^requests$)": + # additionalProperties: false + # type: object + # patternProperties: + # "(^cpu$)|(^memory$)|(ephemeral-storage$)|(hugepages-.+$)": { type: [string, integer] } + # @schema resources: {} patch: enabled: true @@ -814,6 +1055,9 @@ controller: ## repository: tag: v1.4.3 digest: sha256:a320a50cc91bd15fd2d6fa6de58bd98c1bd64b9a6f926ce23a600d87043455a3 + # @schema + # enum: [IfNotPresent, Always, Never] + # @schema pullPolicy: IfNotPresent # -- Provide a priority class name to the webhook patching job ## @@ -825,9 +1069,29 @@ controller: enabled: false nodeSelector: kubernetes.io/os: linux + # @schema + # type: array + # items: + # additionalProperties: false + # type: object + # properties: + # effect: + # enum: [NoSchedule, PreferNoSchedule, NoExecute] + # key: + # type: string + # operator: + # enum: [Equal, Exists] + # tolerationSeconds: + # type: integer + # value: + # type: string + # @schema tolerations: [] # -- Labels to be added to patch job resources labels: {} + # @schema + # $ref: https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.29.3/_definitions.json#/definitions/io.k8s.api.core.v1.SecurityContext + # @schema # -- Security context for secret creation & webhook patch pods securityContext: {} # -- Admission webhook patch job RBAC @@ -875,6 +1139,9 @@ controller: # loadBalancerIP: "" loadBalancerSourceRanges: [] servicePort: 10254 + # @schema + # enum: [ClusterIP, NodePort, LoadBalancer] + # @schema type: ClusterIP # externalTrafficPolicy: "" # nodePort: "" @@ -967,6 +1234,9 @@ defaultBackend: ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail ## repository: tag: "1.5" + # @schema + # enum: [IfNotPresent, Always, Never] + # @schema pullPolicy: IfNotPresent runAsNonRoot: true # nobody user -> uid 65534 @@ -983,9 +1253,17 @@ defaultBackend: create: true name: "" automountServiceAccountToken: true + # @schema + # type: array + # items: + # $ref: https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.29.3/_definitions.json#/definitions/io.k8s.api.core.v1.EnvVar + # @schema # -- Additional environment variables to set for defaultBackend pods extraEnvs: [] port: 8080 + # @schema + # $ref: https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.29.3/_definitions.json#/definitions/io.k8s.api.core.v1.Probe + # @schema ## Readiness and liveness probes for default backend ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ ## @@ -995,12 +1273,30 @@ defaultBackend: periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 + # @schema + # $ref: https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.29.3/_definitions.json#/definitions/io.k8s.api.core.v1.Probe + # @schema readinessProbe: failureThreshold: 6 initialDelaySeconds: 0 periodSeconds: 5 successThreshold: 1 timeoutSeconds: 5 + # @schema + # type: object + # additionalProperties: false + # properties: + # type: + # enum: [Recreate, RollingUpdate, OnDelete] + # rollingUpdate: + # type: object + # additionalProperties: false + # properties: + # maxSurge: + # type: [string, integer] + # maxUnavailable: + # type: [string, integer] + # @schema # -- The update strategy to apply to the Deployment or DaemonSet ## updateStrategy: {} @@ -1011,6 +1307,23 @@ defaultBackend: # -- `minReadySeconds` to avoid killing pods before we are ready ## minReadySeconds: 0 + # @schema + # type: array + # items: + # additionalProperties: false + # type: object + # properties: + # effect: + # enum: [NoSchedule, PreferNoSchedule, NoExecute] + # key: + # type: string + # operator: + # enum: [Equal, Exists] + # tolerationSeconds: + # type: integer + # value: + # type: string + # @schema # -- Node tolerations for server scheduling to nodes with taints ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ ## @@ -1020,6 +1333,9 @@ defaultBackend: # value: "value" # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)" + # @schema + # $ref: https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.29.3/_definitions.json#/definitions/io.k8s.api.core.v1.Affinity + # @schema # -- Affinity and anti-affinity rules for server scheduling to nodes ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity affinity: {} @@ -1063,6 +1379,11 @@ defaultBackend: # - default-backend # topologyKey: kubernetes.io/hostname + # @schema + # type: array + # items: + # $ref: https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.29.3/_definitions.json#/definitions/io.k8s.api.core.v1.TopologySpreadConstraint + # @schema # -- Topology spread constraints rely on node labels to identify the topology domain(s) that each Node is in. # Ref.: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ topologySpreadConstraints: [] @@ -1082,8 +1403,14 @@ defaultBackend: # topologyKey: kubernetes.io/hostname # maxSkew: 1 # whenUnsatisfiable: ScheduleAnyway + # @schema + # $ref: https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.29.3/_definitions.json#/definitions/io.k8s.api.core.v1.PodSecurityContext + # @schema # -- Security context for default backend pods podSecurityContext: {} + # @schema + # $ref: https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.29.3/_definitions.json#/definitions/io.k8s.api.core.v1.SecurityContext + # @schema # -- Security context for default backend containers containerSecurityContext: {} # -- Labels to add to the pod container metadata @@ -1100,6 +1427,17 @@ defaultBackend: podAnnotations: {} replicaCount: 1 minAvailable: 1 + # @schema + # type: object + # additionalProperties: false + # properties: {} + # patternProperties: + # "(^limits$)|(^requests$)": + # additionalProperties: false + # type: object + # patternProperties: + # "(^cpu$)|(^memory$)|(ephemeral-storage$)|(hugepages-.+$)": { type: [string, integer] } + # @schema resources: {} # limits: # cpu: 10m @@ -1108,16 +1446,43 @@ defaultBackend: # cpu: 10m # memory: 20Mi + # @schema + # type: array + # items: + # $ref: https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.29.3/_definitions.json#/definitions/io.k8s.api.core.v1.VolumeMount + # @schema extraVolumeMounts: [] ## Additional volumeMounts to the default backend container. # - name: copy-portal-skins - # mountPath: /var/lib/lemonldap-ng/portal/skins + # mountPath: /var/lib/lemonldap-ng/portal/skins + # @schema + # type: array + # items: + # $ref: https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.29.3/_definitions.json#/definitions/io.k8s.api.core.v1.Volume + # @schema extraVolumes: [] ## Additional volumes to the default backend pod. # - name: copy-portal-skins # emptyDir: {} + # @schema + # type: array + # items: + # type: object + # additionalProperties: false + # properties: + # name: + # type: string + # labels: + # type: object + # additionalProperties: + # type: string + # data: + # type: object + # additionalProperties: + # type: string + # @schema extraConfigMaps: [] ## Additional configmaps to the default backend pod. # - name: my-extra-configmap-1 @@ -1155,6 +1520,9 @@ defaultBackend: # loadBalancerIP: "" loadBalancerSourceRanges: [] servicePort: 80 + # @schema + # enum: [ClusterIP, NodePort, LoadBalancer] + # @schema type: ClusterIP priorityClassName: "" # -- Labels to be added to the default backend resources @@ -1173,6 +1541,15 @@ serviceAccount: automountServiceAccountToken: true # -- Annotations for the controller service account annotations: {} +# @schema +# type: array +# items: +# additionalProperties: false +# type: object +# properties: +# name: +# type: string +# @schema # -- Optional array of imagePullSecrets containing private registry credentials ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ imagePullSecrets: [] diff --git a/test/e2e-image/namespace-overlays/admission/values.yaml b/test/e2e-image/namespace-overlays/admission/values.yaml index d423217db..3813641a1 100644 --- a/test/e2e-image/namespace-overlays/admission/values.yaml +++ b/test/e2e-image/namespace-overlays/admission/values.yaml @@ -8,8 +8,8 @@ controller: digest: digestChroot: containerPort: - http: "1080" - https: "1443" + http: 1080 + https: 1443 extraArgs: http-port: "1080" diff --git a/test/e2e-image/namespace-overlays/forwarded-port-headers/values.yaml b/test/e2e-image/namespace-overlays/forwarded-port-headers/values.yaml index 68b4a074c..d5c855788 100644 --- a/test/e2e-image/namespace-overlays/forwarded-port-headers/values.yaml +++ b/test/e2e-image/namespace-overlays/forwarded-port-headers/values.yaml @@ -8,8 +8,8 @@ controller: digest: digestChroot: containerPort: - http: "1080" - https: "1443" + http: 1080 + https: 1443 extraArgs: http-port: "1080" diff --git a/test/e2e-image/namespace-overlays/namespace-selector/values.yaml b/test/e2e-image/namespace-overlays/namespace-selector/values.yaml index 2c8957f66..f9ad8b4a7 100644 --- a/test/e2e-image/namespace-overlays/namespace-selector/values.yaml +++ b/test/e2e-image/namespace-overlays/namespace-selector/values.yaml @@ -8,8 +8,8 @@ controller: digest: digestChroot: containerPort: - http: "1080" - https: "1443" + http: 1080 + https: 1443 extraArgs: http-port: "1080" diff --git a/test/e2e-image/namespace-overlays/validations/values.yaml b/test/e2e-image/namespace-overlays/validations/values.yaml index d423217db..3813641a1 100644 --- a/test/e2e-image/namespace-overlays/validations/values.yaml +++ b/test/e2e-image/namespace-overlays/validations/values.yaml @@ -8,8 +8,8 @@ controller: digest: digestChroot: containerPort: - http: "1080" - https: "1443" + http: 1080 + https: 1443 extraArgs: http-port: "1080"