DevFW-CICD/ingress-nginx-helm
16
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge 87039752a9 into de1a4c463c

Browse source
This commit is contained in:
mruzicka 2025-02-17 09:50:35 -08:00 committed by GitHub
commit c971d9dc74
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 19 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
charts/ingress-nginx/README.md
View file

@ -255,8 +255,10 @@ metadata:
| controller.addHeaders | object | `{}` | Will add custom headers before sending response traffic to the client according to: https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#add-headers | | controller.addHeaders | object | `{}` | Will add custom headers before sending response traffic to the client according to: https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#add-headers |
| controller.admissionWebhooks.annotations | object | `{}` | | | controller.admissionWebhooks.annotations | object | `{}` | |
| controller.admissionWebhooks.certManager.admissionCert.duration | string | `""` | | | controller.admissionWebhooks.certManager.admissionCert.duration | string | `""` | |
| controller.admissionWebhooks.certManager.admissionCert.extraConfig | object | `{"privateKey":{"algorithm":"ECDSA","size":256}}` | Extra configuration for the admission webhook certificate. Can contain anything a cert-manager's [`CertificateSpec`](https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.CertificateSpec) can. |
| controller.admissionWebhooks.certManager.enabled | bool | `false` | | | controller.admissionWebhooks.certManager.enabled | bool | `false` | |
| controller.admissionWebhooks.certManager.rootCert.duration | string | `""` | | | controller.admissionWebhooks.certManager.rootCert.duration | string | `""` | |
| controller.admissionWebhooks.certManager.rootCert.extraConfig | object | `{"privateKey":{"algorithm":"ECDSA","size":256}}` | Extra configuration for the admission webhook CA certificate. Can contain anything a cert-manager's [`CertificateSpec`](https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.CertificateSpec) can. |
| controller.admissionWebhooks.certificate | string | `"/usr/local/certificates/cert"` | | | controller.admissionWebhooks.certificate | string | `"/usr/local/certificates/cert"` | |
| controller.admissionWebhooks.createSecretJob.name | string | `"create"` | | | controller.admissionWebhooks.createSecretJob.name | string | `"create"` | |
| controller.admissionWebhooks.createSecretJob.resources | object | `{}` | | | controller.admissionWebhooks.createSecretJob.resources | object | `{}` | |

6
charts/ingress-nginx/templates/admission-webhooks/cert-manager.yaml
View file

@ -26,6 +26,9 @@ spec:
subject: subject:
organizations: organizations:
- ingress-nginx - ingress-nginx
{{- with .Values.controller.admissionWebhooks.certManager.rootCert.extraConfig }}
{{- toYaml . | nindent 2 }}
{{- end }}
--- ---
# Create an Issuer that uses the above generated CA certificate to issue certs # Create an Issuer that uses the above generated CA certificate to issue certs
apiVersion: cert-manager.io/v1 apiVersion: cert-manager.io/v1
@ -60,4 +63,7 @@ spec:
subject: subject:
organizations: organizations:
- ingress-nginx-admission - ingress-nginx-admission
{{- with .Values.controller.admissionWebhooks.certManager.admissionCert.extraConfig }}
{{- toYaml . | nindent 2 }}
{{- end }}
{{- end -}} {{- end -}}

11
charts/ingress-nginx/values.yaml
View file

@ -853,12 +853,23 @@ controller:
rootCert: rootCert:
# default to be 5y # default to be 5y
duration: "" duration: ""
# -- Extra configuration for the admission webhook CA certificate. Can contain anything a cert-manager's [`CertificateSpec`](https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.CertificateSpec) can.
extraConfig:
privateKey:
algorithm: ECDSA
size: 256
admissionCert: admissionCert:
# default to be 1y # default to be 1y
duration: "" duration: ""
# issuerRef: # issuerRef:
# name: "issuer" # name: "issuer"
# kind: "ClusterIssuer" # kind: "ClusterIssuer"
# -- Extra configuration for the admission webhook certificate. Can contain anything a cert-manager's [`CertificateSpec`](https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.CertificateSpec) can.
extraConfig:
privateKey:
algorithm: ECDSA
size: 256
metrics: metrics:
port: 10254 port: 10254
portName: metrics portName: metrics