diff --git a/charts/ingress-nginx/README.md b/charts/ingress-nginx/README.md index 00d85156e..6c56caf6a 100644 --- a/charts/ingress-nginx/README.md +++ b/charts/ingress-nginx/README.md @@ -290,6 +290,7 @@ Kubernetes: `>=1.20.0-0` | controller.admissionWebhooks.service.annotations | object | `{}` | | | controller.admissionWebhooks.service.externalIPs | list | `[]` | | | controller.admissionWebhooks.service.loadBalancerSourceRanges | list | `[]` | | +| controller.admissionWebhooks.service.nameSuffix | string | `"admission"` | - Suffix to be used to name the admission webhook service | | controller.admissionWebhooks.service.servicePort | int | `443` | | | controller.admissionWebhooks.service.type | string | `"ClusterIP"` | | | controller.affinity | object | `{}` | Affinity and anti-affinity rules for server scheduling to nodes # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity # | @@ -377,6 +378,7 @@ Kubernetes: `>=1.20.0-0` | controller.metrics.service.annotations | object | `{}` | | | controller.metrics.service.externalIPs | list | `[]` | List of IP addresses at which the stats-exporter service is available # Ref: https://kubernetes.io/docs/user-guide/services/#external-ips # | | controller.metrics.service.loadBalancerSourceRanges | list | `[]` | | +| controller.metrics.service.nameSuffix | string | `"metrics"` | - Suffix to be used to name the metrics service | | controller.metrics.service.servicePort | int | `10254` | | | controller.metrics.service.type | string | `"ClusterIP"` | | | controller.metrics.serviceMonitor.additionalLabels | object | `{}` | | @@ -427,6 +429,7 @@ Kubernetes: `>=1.20.0-0` | controller.service.internal.annotations | object | `{}` | Annotations are mandatory for the load balancer to come up. Varies with the cloud service. | | controller.service.internal.enabled | bool | `false` | Enables an additional internal load balancer (besides the external one). | | controller.service.internal.loadBalancerSourceRanges | list | `[]` | Restrict access For LoadBalancer service. Defaults to 0.0.0.0/0. | +| controller.service.internal.nameSuffix | string | `"internal"` | - Suffix to be used to name the internal service | | controller.service.ipFamilies | list | `["IPv4"]` | List of IP families (e.g. IPv4, IPv6) assigned to the service. This field is usually assigned automatically based on cluster configuration and the ipFamilyPolicy field. # Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/ | | controller.service.ipFamilyPolicy | string | `"SingleStack"` | Represents the dual-stack-ness requested or required by this Service. Possible values are SingleStack, PreferDualStack or RequireDualStack. The ipFamilies and clusterIPs fields depend on the value of this field. # Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/ | | controller.service.labels | object | `{}` | | diff --git a/charts/ingress-nginx/templates/_helpers.tpl b/charts/ingress-nginx/templates/_helpers.tpl index 7db5b2ca8..1b150f7ee 100644 --- a/charts/ingress-nginx/templates/_helpers.tpl +++ b/charts/ingress-nginx/templates/_helpers.tpl @@ -85,6 +85,49 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this {{- printf "%s-%s" (include "ingress-nginx.fullname" .) .Values.controller.name | trunc 63 | trimSuffix "-" -}} {{- end -}} +{{/* +Create a name for the controller internal service. +We fail if longer than 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "ingress-nginx.controller.internal.servicename" -}} +{{- $name := printf "%s-%s" (include "ingress-nginx.controller.fullname" .) .Values.controller.service.internal.nameSuffix | trimSuffix "-" -}} +{{- if gt (len $name) 63 -}} + {{- fail (printf "Internal service name must be shorter than 63 characters. Got: %s" $name) -}} +{{- end -}} +{{- print $name -}} +{{- end -}} + +{{/* +Create a name for the controller metrics service. +We fail if longer than 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "ingress-nginx.controller.metrics.servicename" -}} +{{- $name := printf "%s-%s" (include "ingress-nginx.controller.fullname" .) .Values.controller.metrics.service.nameSuffix | trimSuffix "-" -}} +{{- if gt (len $name) 63 -}} + {{- fail (printf "Metrics service name must be shorter than 63 characters. Got: %s" $name) -}} +{{- end -}} +{{- print $name -}} +{{- end -}} + +{{/* +Create a name for the controller admission webhook service. +We fail if longer than 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "ingress-nginx.controller.admission.servicename" -}} +{{- $name := printf "%s-%s" (include "ingress-nginx.controller.fullname" .) .Values.controller.admissionWebhooks.service.nameSuffix | trimSuffix "-" -}} +{{- if gt (len $name) 63 -}} + {{- fail (printf "Admission webhook service name must be shorter than 63 characters. Got: %s" $name) -}} +{{- end -}} +{{- print $name -}} +{{- end -}} + +{{/* +Create the short admission webhook name. +*/}} +{{- define "ingress-nginx.admission.name" -}} +{{- printf "%s-%s" (include "ingress-nginx.fullname" .) (.Values.controller.admissionWebhooks.service.nameSuffix | trimSuffix "-") -}} +{{- end -}} + {{/* Construct a unique electionID. Users can provide an override for an explicit electionID if they want via `.Values.controller.electionID` diff --git a/charts/ingress-nginx/templates/_params.tpl b/charts/ingress-nginx/templates/_params.tpl index 66c581fa6..cdda63891 100644 --- a/charts/ingress-nginx/templates/_params.tpl +++ b/charts/ingress-nginx/templates/_params.tpl @@ -7,7 +7,7 @@ {{- if .Values.controller.service.external.enabled }} - --publish-service={{ template "ingress-nginx.controller.publishServicePath" . }} {{- else if .Values.controller.service.internal.enabled }} -- --publish-service={{ template "ingress-nginx.controller.publishServicePath" . }}-internal +- --publish-service={{ template "ingress-nginx.controller.publishServicePath" . }}-{{ .Values.controller.service.internal.nameSuffix | trimSuffix "-" }} {{- end }} {{- end }} - --election-id={{ include "ingress-nginx.controller.electionID" . }} diff --git a/charts/ingress-nginx/templates/admission-webhooks/cert-manager.yaml b/charts/ingress-nginx/templates/admission-webhooks/cert-manager.yaml index 55fab471c..566ec4d5b 100644 --- a/charts/ingress-nginx/templates/admission-webhooks/cert-manager.yaml +++ b/charts/ingress-nginx/templates/admission-webhooks/cert-manager.yaml @@ -42,10 +42,10 @@ spec: apiVersion: cert-manager.io/v1 kind: Certificate metadata: - name: {{ include "ingress-nginx.fullname" . }}-admission + name: {{ include "ingress-nginx.admission.name" . }} namespace: {{ .Release.Namespace }} spec: - secretName: {{ include "ingress-nginx.fullname" . }}-admission + secretName: {{ include "ingress-nginx.admission.name" . }} duration: {{ .Values.controller.admissionWebhooks.certManager.admissionCert.duration | default "8760h0m0s" | quote }} issuerRef: {{- if .Values.controller.admissionWebhooks.certManager.issuerRef }} @@ -54,9 +54,9 @@ spec: name: {{ include "ingress-nginx.fullname" . }}-root-issuer {{- end }} dnsNames: - - {{ include "ingress-nginx.controller.fullname" . }}-admission - - {{ include "ingress-nginx.controller.fullname" . }}-admission.{{ .Release.Namespace }} - - {{ include "ingress-nginx.controller.fullname" . }}-admission.{{ .Release.Namespace }}.svc + - {{ include "ingress-nginx.controller.metrics.servicename" . }} + - {{ include "ingress-nginx.controller.metrics.servicename" . }}.{{ .Release.Namespace }} + - {{ include "ingress-nginx.controller.metrics.servicename" . }}.{{ .Release.Namespace }}.svc subject: organizations: - ingress-nginx-admission diff --git a/charts/ingress-nginx/templates/admission-webhooks/job-patch/clusterrole.yaml b/charts/ingress-nginx/templates/admission-webhooks/job-patch/clusterrole.yaml index f9ec70974..d6046c04c 100644 --- a/charts/ingress-nginx/templates/admission-webhooks/job-patch/clusterrole.yaml +++ b/charts/ingress-nginx/templates/admission-webhooks/job-patch/clusterrole.yaml @@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: {{ include "ingress-nginx.fullname" . }}-admission + name: {{ include "ingress-nginx.admission.name" . }} annotations: "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded @@ -28,7 +28,7 @@ rules: {{- with .Values.controller.admissionWebhooks.existingPsp }} - {{ . }} {{- else }} - - {{ include "ingress-nginx.fullname" . }}-admission + - {{ include "ingress-nginx.admission.name" . }} {{- end }} {{- end }} {{- end }} diff --git a/charts/ingress-nginx/templates/admission-webhooks/job-patch/clusterrolebinding.yaml b/charts/ingress-nginx/templates/admission-webhooks/job-patch/clusterrolebinding.yaml index 871953261..fb39f70e5 100644 --- a/charts/ingress-nginx/templates/admission-webhooks/job-patch/clusterrolebinding.yaml +++ b/charts/ingress-nginx/templates/admission-webhooks/job-patch/clusterrolebinding.yaml @@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: {{ include "ingress-nginx.fullname" . }}-admission + name: {{ include "ingress-nginx.admission.name" . }} annotations: "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded @@ -15,9 +15,9 @@ metadata: roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: {{ include "ingress-nginx.fullname" . }}-admission + name: {{ include "ingress-nginx.admission.name" . }} subjects: - kind: ServiceAccount - name: {{ include "ingress-nginx.fullname" . }}-admission + name: {{ include "ingress-nginx.admission.name" . }} namespace: {{ .Release.Namespace | quote }} {{- end }} diff --git a/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml b/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml index d93433ecd..ec3b3fd96 100644 --- a/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml +++ b/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml @@ -2,7 +2,7 @@ apiVersion: batch/v1 kind: Job metadata: - name: {{ include "ingress-nginx.fullname" . }}-admission-create + name: {{ include "ingress-nginx.admission.name" . }}-create namespace: {{ .Release.Namespace }} annotations: "helm.sh/hook": pre-install,pre-upgrade @@ -23,7 +23,7 @@ spec: {{- end }} template: metadata: - name: {{ include "ingress-nginx.fullname" . }}-admission-create + name: {{ include "ingress-nginx.admission.name" . }}-create {{- if .Values.controller.admissionWebhooks.patch.podAnnotations }} annotations: {{ toYaml .Values.controller.admissionWebhooks.patch.podAnnotations | nindent 8 }} {{- end }} @@ -48,9 +48,9 @@ spec: imagePullPolicy: {{ .Values.controller.admissionWebhooks.patch.image.pullPolicy }} args: - create - - --host={{ include "ingress-nginx.controller.fullname" . }}-admission,{{ include "ingress-nginx.controller.fullname" . }}-admission.$(POD_NAMESPACE).svc + - --host={{ include "ingress-nginx.controller.admission.servicename" . }},{{ include "ingress-nginx.controller.admission.servicename" . }}.$(POD_NAMESPACE).svc - --namespace=$(POD_NAMESPACE) - - --secret-name={{ include "ingress-nginx.fullname" . }}-admission + - --secret-name={{ include "ingress-nginx.admission.name" . }} env: - name: POD_NAMESPACE valueFrom: @@ -66,7 +66,7 @@ spec: resources: {{ toYaml .Values.controller.admissionWebhooks.createSecretJob.resources | nindent 12 }} {{- end }} restartPolicy: OnFailure - serviceAccountName: {{ include "ingress-nginx.fullname" . }}-admission + serviceAccountName: {{ include "ingress-nginx.admission.name" . }} {{- if .Values.controller.admissionWebhooks.patch.nodeSelector }} nodeSelector: {{ toYaml .Values.controller.admissionWebhooks.patch.nodeSelector | nindent 8 }} {{- end }} diff --git a/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml b/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml index 0fa3ff9a2..c2a3d120a 100644 --- a/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml +++ b/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml @@ -2,7 +2,7 @@ apiVersion: batch/v1 kind: Job metadata: - name: {{ include "ingress-nginx.fullname" . }}-admission-patch + name: {{ include "ingress-nginx.admission.name" . }}-patch namespace: {{ .Release.Namespace }} annotations: "helm.sh/hook": post-install,post-upgrade @@ -23,7 +23,7 @@ spec: {{- end }} template: metadata: - name: {{ include "ingress-nginx.fullname" . }}-admission-patch + name: {{ include "ingress-nginx.admission.name" . }}-patch {{- if .Values.controller.admissionWebhooks.patch.podAnnotations }} annotations: {{ toYaml .Values.controller.admissionWebhooks.patch.podAnnotations | nindent 8 }} {{- end }} @@ -48,10 +48,10 @@ spec: imagePullPolicy: {{ .Values.controller.admissionWebhooks.patch.image.pullPolicy }} args: - patch - - --webhook-name={{ include "ingress-nginx.fullname" . }}-admission + - --webhook-name={{ include "ingress-nginx.admission.name" . }} - --namespace=$(POD_NAMESPACE) - --patch-mutating=false - - --secret-name={{ include "ingress-nginx.fullname" . }}-admission + - --secret-name={{ include "ingress-nginx.admission.name" . }} - --patch-failure-policy={{ .Values.controller.admissionWebhooks.failurePolicy }} env: - name: POD_NAMESPACE @@ -68,7 +68,7 @@ spec: resources: {{ toYaml .Values.controller.admissionWebhooks.patchWebhookJob.resources | nindent 12 }} {{- end }} restartPolicy: OnFailure - serviceAccountName: {{ include "ingress-nginx.fullname" . }}-admission + serviceAccountName: {{ include "ingress-nginx.admission.name" . }} {{- if .Values.controller.admissionWebhooks.patch.nodeSelector }} nodeSelector: {{ toYaml .Values.controller.admissionWebhooks.patch.nodeSelector | nindent 8 }} {{- end }} diff --git a/charts/ingress-nginx/templates/admission-webhooks/job-patch/networkpolicy.yaml b/charts/ingress-nginx/templates/admission-webhooks/job-patch/networkpolicy.yaml index 08b32257c..0841ca104 100644 --- a/charts/ingress-nginx/templates/admission-webhooks/job-patch/networkpolicy.yaml +++ b/charts/ingress-nginx/templates/admission-webhooks/job-patch/networkpolicy.yaml @@ -2,7 +2,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: - name: {{ include "ingress-nginx.fullname" . }}-admission + name: {{ include "ingress-nginx.admission.name" . }} namespace: {{ .Release.Namespace }} annotations: "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade diff --git a/charts/ingress-nginx/templates/admission-webhooks/job-patch/psp.yaml b/charts/ingress-nginx/templates/admission-webhooks/job-patch/psp.yaml index e19c95572..53c497fa6 100644 --- a/charts/ingress-nginx/templates/admission-webhooks/job-patch/psp.yaml +++ b/charts/ingress-nginx/templates/admission-webhooks/job-patch/psp.yaml @@ -3,7 +3,7 @@ apiVersion: policy/v1beta1 kind: PodSecurityPolicy metadata: - name: {{ include "ingress-nginx.fullname" . }}-admission + name: {{ include "ingress-nginx.admission.name" . }} annotations: "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded diff --git a/charts/ingress-nginx/templates/admission-webhooks/job-patch/role.yaml b/charts/ingress-nginx/templates/admission-webhooks/job-patch/role.yaml index ea7c20818..4eb9149e5 100644 --- a/charts/ingress-nginx/templates/admission-webhooks/job-patch/role.yaml +++ b/charts/ingress-nginx/templates/admission-webhooks/job-patch/role.yaml @@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: {{ include "ingress-nginx.fullname" . }}-admission + name: {{ include "ingress-nginx.admission.name" . }} namespace: {{ .Release.Namespace }} annotations: "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade diff --git a/charts/ingress-nginx/templates/admission-webhooks/job-patch/rolebinding.yaml b/charts/ingress-nginx/templates/admission-webhooks/job-patch/rolebinding.yaml index 60c3f4ff0..c34972ad5 100644 --- a/charts/ingress-nginx/templates/admission-webhooks/job-patch/rolebinding.yaml +++ b/charts/ingress-nginx/templates/admission-webhooks/job-patch/rolebinding.yaml @@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: {{ include "ingress-nginx.fullname" . }}-admission + name: {{ include "ingress-nginx.admission.name" . }} namespace: {{ .Release.Namespace }} annotations: "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade @@ -16,9 +16,9 @@ metadata: roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: {{ include "ingress-nginx.fullname" . }}-admission + name: {{ include "ingress-nginx.admission.name" . }} subjects: - kind: ServiceAccount - name: {{ include "ingress-nginx.fullname" . }}-admission + name: {{ include "ingress-nginx.admission.name" . }} namespace: {{ .Release.Namespace | quote }} {{- end }} diff --git a/charts/ingress-nginx/templates/admission-webhooks/job-patch/serviceaccount.yaml b/charts/ingress-nginx/templates/admission-webhooks/job-patch/serviceaccount.yaml index 00be54ec5..3b5b6a023 100644 --- a/charts/ingress-nginx/templates/admission-webhooks/job-patch/serviceaccount.yaml +++ b/charts/ingress-nginx/templates/admission-webhooks/job-patch/serviceaccount.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: ServiceAccount metadata: - name: {{ include "ingress-nginx.fullname" . }}-admission + name: {{ include "ingress-nginx.admission.name" . }} namespace: {{ .Release.Namespace }} annotations: "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade diff --git a/charts/ingress-nginx/templates/admission-webhooks/validating-webhook.yaml b/charts/ingress-nginx/templates/admission-webhooks/validating-webhook.yaml index f27244dc9..3412c4fc5 100644 --- a/charts/ingress-nginx/templates/admission-webhooks/validating-webhook.yaml +++ b/charts/ingress-nginx/templates/admission-webhooks/validating-webhook.yaml @@ -6,8 +6,8 @@ kind: ValidatingWebhookConfiguration metadata: annotations: {{- if .Values.controller.admissionWebhooks.certManager.enabled }} - certmanager.k8s.io/inject-ca-from: {{ printf "%s/%s-admission" .Release.Namespace (include "ingress-nginx.fullname" .) | quote }} - cert-manager.io/inject-ca-from: {{ printf "%s/%s-admission" .Release.Namespace (include "ingress-nginx.fullname" .) | quote }} + certmanager.k8s.io/inject-ca-from: {{ printf "%s/%s" .Release.Namespace (include "ingress-nginx.admission.name" .) | quote }} + cert-manager.io/inject-ca-from: {{ printf "%s/%s" .Release.Namespace (include "ingress-nginx.admission.name" .) | quote }} {{- end }} {{- if .Values.controller.admissionWebhooks.annotations }} {{- toYaml .Values.controller.admissionWebhooks.annotations | nindent 4 }} @@ -18,7 +18,7 @@ metadata: {{- with .Values.controller.admissionWebhooks.labels }} {{- toYaml . | nindent 4 }} {{- end }} - name: {{ include "ingress-nginx.fullname" . }}-admission + name: {{ include "ingress-nginx.admission.name" . }} webhooks: - name: validate.nginx.ingress.kubernetes.io matchPolicy: Equivalent @@ -39,7 +39,7 @@ webhooks: clientConfig: service: namespace: {{ .Release.Namespace | quote }} - name: {{ include "ingress-nginx.controller.fullname" . }}-admission + name: {{ include "ingress-nginx.controller.admission.servicename" . }} path: /networking/v1/ingresses {{- if .Values.controller.admissionWebhooks.timeoutSeconds }} timeoutSeconds: {{ .Values.controller.admissionWebhooks.timeoutSeconds }} diff --git a/charts/ingress-nginx/templates/controller-daemonset.yaml b/charts/ingress-nginx/templates/controller-daemonset.yaml index e6721566b..3a8180c44 100644 --- a/charts/ingress-nginx/templates/controller-daemonset.yaml +++ b/charts/ingress-nginx/templates/controller-daemonset.yaml @@ -224,7 +224,7 @@ spec: {{- if .Values.controller.admissionWebhooks.enabled }} - name: webhook-cert secret: - secretName: {{ include "ingress-nginx.fullname" . }}-admission + secretName: {{ include "ingress-nginx.admission.name" . }} {{- if .Values.controller.admissionWebhooks.certManager.enabled }} items: - key: tls.crt diff --git a/charts/ingress-nginx/templates/controller-deployment.yaml b/charts/ingress-nginx/templates/controller-deployment.yaml index 9f1cf70db..55b704a6b 100644 --- a/charts/ingress-nginx/templates/controller-deployment.yaml +++ b/charts/ingress-nginx/templates/controller-deployment.yaml @@ -227,7 +227,7 @@ spec: {{- if .Values.controller.admissionWebhooks.enabled }} - name: webhook-cert secret: - secretName: {{ include "ingress-nginx.fullname" . }}-admission + secretName: {{ include "ingress-nginx.admission.name" . }} {{- if .Values.controller.admissionWebhooks.certManager.enabled }} items: - key: tls.crt diff --git a/charts/ingress-nginx/templates/controller-service-internal.yaml b/charts/ingress-nginx/templates/controller-service-internal.yaml index aae3e155e..968fc9f05 100644 --- a/charts/ingress-nginx/templates/controller-service-internal.yaml +++ b/charts/ingress-nginx/templates/controller-service-internal.yaml @@ -12,7 +12,7 @@ metadata: {{- if .Values.controller.service.labels }} {{- toYaml .Values.controller.service.labels | nindent 4 }} {{- end }} - name: {{ include "ingress-nginx.controller.fullname" . }}-internal + name: {{ include "ingress-nginx.controller.internal.servicename" . }} namespace: {{ .Release.Namespace }} spec: type: "{{ .Values.controller.service.type }}" diff --git a/charts/ingress-nginx/templates/controller-service-metrics.yaml b/charts/ingress-nginx/templates/controller-service-metrics.yaml index b178401c9..3ae434563 100644 --- a/charts/ingress-nginx/templates/controller-service-metrics.yaml +++ b/charts/ingress-nginx/templates/controller-service-metrics.yaml @@ -11,7 +11,7 @@ metadata: {{- if .Values.controller.metrics.service.labels }} {{- toYaml .Values.controller.metrics.service.labels | nindent 4 }} {{- end }} - name: {{ include "ingress-nginx.controller.fullname" . }}-metrics + name: {{ include "ingress-nginx.controller.metrics.servicename" . }} namespace: {{ .Release.Namespace }} spec: type: {{ .Values.controller.metrics.service.type }} diff --git a/charts/ingress-nginx/templates/controller-service-webhook.yaml b/charts/ingress-nginx/templates/controller-service-webhook.yaml index 2aae24fcf..f17cbff00 100644 --- a/charts/ingress-nginx/templates/controller-service-webhook.yaml +++ b/charts/ingress-nginx/templates/controller-service-webhook.yaml @@ -11,7 +11,7 @@ metadata: {{- with .Values.controller.labels }} {{- toYaml . | nindent 4 }} {{- end }} - name: {{ include "ingress-nginx.controller.fullname" . }}-admission + name: {{ include "ingress-nginx.controller.admission.servicename" . }} namespace: {{ .Release.Namespace }} spec: type: {{ .Values.controller.admissionWebhooks.service.type }} diff --git a/charts/ingress-nginx/values.yaml b/charts/ingress-nginx/values.yaml index a7fab0fe9..2caa406fa 100644 --- a/charts/ingress-nginx/values.yaml +++ b/charts/ingress-nginx/values.yaml @@ -538,6 +538,9 @@ controller: ## Ref: https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-typeloadbalancer # externalTrafficPolicy: "" + # --- Suffix to be used to name the internal service + nameSuffix: internal + # shareProcessNamespace enables process namespace sharing within the pod. # This can be used for example to signal log rotation using `kill -USR1` from a sidecar. shareProcessNamespace: false @@ -634,6 +637,8 @@ controller: externalIPs: [] # loadBalancerIP: "" loadBalancerSourceRanges: [] + # --- Suffix to be used to name the admission webhook service + nameSuffix: admission servicePort: 443 type: ClusterIP @@ -710,6 +715,8 @@ controller: # loadBalancerIP: "" loadBalancerSourceRanges: [] + # --- Suffix to be used to name the metrics service + nameSuffix: metrics servicePort: 10254 type: ClusterIP # externalTrafficPolicy: ""