Allow Helm Chart to customize admission webhook's annotations, timeoutSeconds, namespaceSelector, objectSelector and cert files locations

2020-10-01 16:07:42 -05:00 · 2020-10-01 16:07:42 -05:00 · c8294eaf4e
commit c8294eaf4e
parent 524c3a50ea
7 changed files with 26 additions and 6 deletions
--- a/charts/ingress-nginx/Chart.yaml
+++ b/charts/ingress-nginx/Chart.yaml
@ -1,6 +1,6 @@
 apiVersion: v1
 name: ingress-nginx
-version: 3.4.1
+version: 3.5.0
 appVersion: 0.40.2
 home: https://github.com/kubernetes/ingress-nginx
 description: Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer
--- a/charts/ingress-nginx/templates/admission-webhooks/validating-webhook.yaml
+++ b/charts/ingress-nginx/templates/admission-webhooks/validating-webhook.yaml
@ -4,6 +4,9 @@
 apiVersion: admissionregistration.k8s.io/v1
 kind: ValidatingWebhookConfiguration
 metadata:
+  {{- if .Values.controller.admissionWebhooks.annotations }}
+  annotations: {{ toYaml .Values.controller.admissionWebhooks.annotations | nindent 4 }}
+  {{- end }}
  labels:
    {{- include "ingress-nginx.labels" . | nindent 4 }}
    app.kubernetes.io/component: admission-webhook
@ -31,4 +34,13 @@ webhooks:
        namespace: {{ .Release.Namespace }}
        name: {{ include "ingress-nginx.controller.fullname" . }}-admission
        path: /networking/v1beta1/ingresses
+    {{- if .Values.controller.admissionWebhooks.timeoutSeconds }}
+    timeoutSeconds: {{ .Values.controller.admissionWebhooks.timeoutSeconds }}
+    {{- end }}
+    {{- if .Values.controller.admissionWebhooks.namespaceSelector }}
+    namespaceSelector: {{ toYaml .Values.controller.admissionWebhooks.namespaceSelector | nindent 6 }}
+    {{- end }}
+    {{- if .Values.controller.admissionWebhooks.objectSelector }}
+    objectSelector: {{ toYaml .Values.controller.admissionWebhooks.objectSelector | nindent 6 }}
+    {{- end }}
 {{- end }}
--- a/charts/ingress-nginx/templates/controller-daemonset.yaml
+++ b/charts/ingress-nginx/templates/controller-daemonset.yaml
@ -92,8 +92,8 @@ spec:
          {{- end }}
          {{- if .Values.controller.admissionWebhooks.enabled }}
            - --validating-webhook=:{{ .Values.controller.admissionWebhooks.port }}
-            - --validating-webhook-certificate=/usr/local/certificates/cert
-            - --validating-webhook-key=/usr/local/certificates/key
+            - --validating-webhook-certificate={{ .Values.controller.admissionWebhooks.certificate }}
+            - --validating-webhook-key={{ .Values.controller.admissionWebhooks.key }}
          {{- end }}
          {{- if .Values.controller.maxmindLicenseKey }}
            - --maxmind-license-key={{ .Values.controller.maxmindLicenseKey }}
--- a/charts/ingress-nginx/templates/controller-deployment.yaml
+++ b/charts/ingress-nginx/templates/controller-deployment.yaml
@ -96,8 +96,8 @@ spec:
          {{- end }}
          {{- if .Values.controller.admissionWebhooks.enabled }}
            - --validating-webhook=:{{ .Values.controller.admissionWebhooks.port }}
-            - --validating-webhook-certificate=/usr/local/certificates/cert
-            - --validating-webhook-key=/usr/local/certificates/key
+            - --validating-webhook-certificate={{ .Values.controller.admissionWebhooks.certificate }}
+            - --validating-webhook-key={{ .Values.controller.admissionWebhooks.key }}
          {{- end }}
          {{- if .Values.controller.maxmindLicenseKey }}
            - --maxmind-license-key={{ .Values.controller.maxmindLicenseKey }}
--- a/charts/ingress-nginx/values.yaml
+++ b/charts/ingress-nginx/values.yaml
@ -406,9 +406,15 @@ controller:
  #   command: ['sh', '-c', 'until nslookup myservice; do echo waiting for myservice; sleep 2; done;']

  admissionWebhooks:
+    annotations: {}
    enabled: true
    failurePolicy: Fail
+    # timeoutSeconds: 10
    port: 8443
+    certificate: "/usr/local/certificates/cert"
+    key: "/usr/local/certificates/key"
+    namespaceSelector: {}
+    objectSelector: {}

    service:
      annotations: {}
--- a/hack/generate-deploy-scripts.sh
+++ b/hack/generate-deploy-scripts.sh
@ -53,7 +53,7 @@ $(cat ${OUTPUT_FILE})" > ${OUTPUT_FILE}

 # Cloud - generic
 OUTPUT_FILE="${DIR}/deploy/static/provider/cloud/deploy.yaml"
-cat << EOF | helm template $RELEASE_NAME ${DIR}/charts/ingress-nginx --namespace $NAMESPACE --namespace $NAMESPACE --values - | $DIR/hack/add-namespace.py $NAMESPACE > ${OUTPUT_FILE}
+cat << EOF | helm template $RELEASE_NAME ${DIR}/charts/ingress-nginx --namespace $NAMESPACE --values - | $DIR/hack/add-namespace.py $NAMESPACE > ${OUTPUT_FILE}
 controller:
  service:
    type: LoadBalancer
--- a/test/e2e-image/namespace-overlays/admission/values.yaml
+++ b/test/e2e-image/namespace-overlays/admission/values.yaml
@ -25,6 +25,8 @@ controller:

  admissionWebhooks:
    enabled: true
+    certificate: "/usr/local/certificates/cert"
+    key: "/usr/local/certificates/key"

 defaultBackend:
  enabled: false