DevFW-CICD/ingress-nginx-helm
12
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Allow Helm Chart to customize admission webhook's annotations, timeoutSeconds, namespaceSelector, objectSelector and cert files locations

Browse source
This commit is contained in:
Kewei Ma 2020-10-01 16:07:42 -05:00
parent 524c3a50ea
commit c8294eaf4e
7 changed files with 26 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
charts/ingress-nginx/Chart.yaml
View file

@ -1,6 +1,6 @@
apiVersion: v1 apiVersion: v1
name: ingress-nginx name: ingress-nginx
version: 3.4.1 version: 3.5.0
appVersion: 0.40.2 appVersion: 0.40.2
home: https://github.com/kubernetes/ingress-nginx home: https://github.com/kubernetes/ingress-nginx
description: Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer description: Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer

12
charts/ingress-nginx/templates/admission-webhooks/validating-webhook.yaml
View file

@ -4,6 +4,9 @@
apiVersion: admissionregistration.k8s.io/v1 apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration kind: ValidatingWebhookConfiguration
metadata: metadata:
{{- if .Values.controller.admissionWebhooks.annotations }}
annotations: {{ toYaml .Values.controller.admissionWebhooks.annotations | nindent 4 }}
{{- end }}
labels: labels:
{{- include "ingress-nginx.labels" . | nindent 4 }} {{- include "ingress-nginx.labels" . | nindent 4 }}
app.kubernetes.io/component: admission-webhook app.kubernetes.io/component: admission-webhook
@ -31,4 +34,13 @@ webhooks:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
name: {{ include "ingress-nginx.controller.fullname" . }}-admission name: {{ include "ingress-nginx.controller.fullname" . }}-admission
path: /networking/v1beta1/ingresses path: /networking/v1beta1/ingresses
{{- if .Values.controller.admissionWebhooks.timeoutSeconds }}
timeoutSeconds: {{ .Values.controller.admissionWebhooks.timeoutSeconds }}
{{- end }}
{{- if .Values.controller.admissionWebhooks.namespaceSelector }}
namespaceSelector: {{ toYaml .Values.controller.admissionWebhooks.namespaceSelector | nindent 6 }}
{{- end }}
{{- if .Values.controller.admissionWebhooks.objectSelector }}
objectSelector: {{ toYaml .Values.controller.admissionWebhooks.objectSelector | nindent 6 }}
{{- end }}
{{- end }} {{- end }}

4
charts/ingress-nginx/templates/controller-daemonset.yaml
View file

@ -92,8 +92,8 @@ spec:
{{- end }} {{- end }}
{{- if .Values.controller.admissionWebhooks.enabled }} {{- if .Values.controller.admissionWebhooks.enabled }}
- --validating-webhook=:{{ .Values.controller.admissionWebhooks.port }} - --validating-webhook=:{{ .Values.controller.admissionWebhooks.port }}
- --validating-webhook-certificate=/usr/local/certificates/cert - --validating-webhook-certificate={{ .Values.controller.admissionWebhooks.certificate }}
- --validating-webhook-key=/usr/local/certificates/key - --validating-webhook-key={{ .Values.controller.admissionWebhooks.key }}
{{- end }} {{- end }}
{{- if .Values.controller.maxmindLicenseKey }} {{- if .Values.controller.maxmindLicenseKey }}
- --maxmind-license-key={{ .Values.controller.maxmindLicenseKey }} - --maxmind-license-key={{ .Values.controller.maxmindLicenseKey }}

4
charts/ingress-nginx/templates/controller-deployment.yaml
View file

@ -96,8 +96,8 @@ spec:
{{- end }} {{- end }}
{{- if .Values.controller.admissionWebhooks.enabled }} {{- if .Values.controller.admissionWebhooks.enabled }}
- --validating-webhook=:{{ .Values.controller.admissionWebhooks.port }} - --validating-webhook=:{{ .Values.controller.admissionWebhooks.port }}
- --validating-webhook-certificate=/usr/local/certificates/cert - --validating-webhook-certificate={{ .Values.controller.admissionWebhooks.certificate }}
- --validating-webhook-key=/usr/local/certificates/key - --validating-webhook-key={{ .Values.controller.admissionWebhooks.key }}
{{- end }} {{- end }}
{{- if .Values.controller.maxmindLicenseKey }} {{- if .Values.controller.maxmindLicenseKey }}
- --maxmind-license-key={{ .Values.controller.maxmindLicenseKey }} - --maxmind-license-key={{ .Values.controller.maxmindLicenseKey }}

6
charts/ingress-nginx/values.yaml
View file

@ -406,9 +406,15 @@ controller:
# command: ['sh', '-c', 'until nslookup myservice; do echo waiting for myservice; sleep 2; done;'] # command: ['sh', '-c', 'until nslookup myservice; do echo waiting for myservice; sleep 2; done;']
admissionWebhooks: admissionWebhooks:
annotations: {}
enabled: true enabled: true
failurePolicy: Fail failurePolicy: Fail
# timeoutSeconds: 10
port: 8443 port: 8443
certificate: "/usr/local/certificates/cert"
key: "/usr/local/certificates/key"
namespaceSelector: {}
objectSelector: {}
service: service:
annotations: {} annotations: {}

2
hack/generate-deploy-scripts.sh
View file

@ -53,7 +53,7 @@ $(cat ${OUTPUT_FILE})" > ${OUTPUT_FILE}
# Cloud - generic # Cloud - generic
OUTPUT_FILE="${DIR}/deploy/static/provider/cloud/deploy.yaml" OUTPUT_FILE="${DIR}/deploy/static/provider/cloud/deploy.yaml"
cat << EOF | helm template $RELEASE_NAME ${DIR}/charts/ingress-nginx --namespace $NAMESPACE --namespace $NAMESPACE --values - | $DIR/hack/add-namespace.py $NAMESPACE > ${OUTPUT_FILE} cat << EOF | helm template $RELEASE_NAME ${DIR}/charts/ingress-nginx --namespace $NAMESPACE --values - | $DIR/hack/add-namespace.py $NAMESPACE > ${OUTPUT_FILE}
controller: controller:
service: service:
type: LoadBalancer type: LoadBalancer

2
test/e2e-image/namespace-overlays/admission/values.yaml
View file

@ -25,6 +25,8 @@ controller:
admissionWebhooks: admissionWebhooks:
enabled: true enabled: true
certificate: "/usr/local/certificates/cert"
key: "/usr/local/certificates/key"
defaultBackend: defaultBackend:
enabled: false enabled: false