DevFW-CICD/ingress-nginx-helm
16
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: Allows service name suffixes to be configurable;

Browse source 
This includes -internal, -admission and -metrics which are still the defaults
This commit is contained in:
Phil Nichol 2023-01-14 13:44:42 +00:00
parent ada114315e
commit d1b464f376
No known key found for this signature in database
GPG key ID: 998C1F11E05F7B14
20 changed files with 90 additions and 37 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
charts/ingress-nginx/README.md
View file

@ -290,6 +290,7 @@ Kubernetes: `>=1.20.0-0`
| controller.admissionWebhooks.service.annotations | object | `{}` | | | controller.admissionWebhooks.service.annotations | object | `{}` | |
| controller.admissionWebhooks.service.externalIPs | list | `[]` | | | controller.admissionWebhooks.service.externalIPs | list | `[]` | |
| controller.admissionWebhooks.service.loadBalancerSourceRanges | list | `[]` | | | controller.admissionWebhooks.service.loadBalancerSourceRanges | list | `[]` | |
| controller.admissionWebhooks.service.nameSuffix | string | `"admission"` | - Suffix to be used to name the admission webhook service |
| controller.admissionWebhooks.service.servicePort | int | `443` | | | controller.admissionWebhooks.service.servicePort | int | `443` | |
| controller.admissionWebhooks.service.type | string | `"ClusterIP"` | | | controller.admissionWebhooks.service.type | string | `"ClusterIP"` | |
| controller.affinity | object | `{}` | Affinity and anti-affinity rules for server scheduling to nodes # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity # | | controller.affinity | object | `{}` | Affinity and anti-affinity rules for server scheduling to nodes # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity # |
@ -377,6 +378,7 @@ Kubernetes: `>=1.20.0-0`
| controller.metrics.service.annotations | object | `{}` | | | controller.metrics.service.annotations | object | `{}` | |
| controller.metrics.service.externalIPs | list | `[]` | List of IP addresses at which the stats-exporter service is available # Ref: https://kubernetes.io/docs/user-guide/services/#external-ips # | | controller.metrics.service.externalIPs | list | `[]` | List of IP addresses at which the stats-exporter service is available # Ref: https://kubernetes.io/docs/user-guide/services/#external-ips # |
| controller.metrics.service.loadBalancerSourceRanges | list | `[]` | | | controller.metrics.service.loadBalancerSourceRanges | list | `[]` | |
| controller.metrics.service.nameSuffix | string | `"metrics"` | - Suffix to be used to name the metrics service |
| controller.metrics.service.servicePort | int | `10254` | | | controller.metrics.service.servicePort | int | `10254` | |
| controller.metrics.service.type | string | `"ClusterIP"` | | | controller.metrics.service.type | string | `"ClusterIP"` | |
| controller.metrics.serviceMonitor.additionalLabels | object | `{}` | | | controller.metrics.serviceMonitor.additionalLabels | object | `{}` | |
@ -427,6 +429,7 @@ Kubernetes: `>=1.20.0-0`
| controller.service.internal.annotations | object | `{}` | Annotations are mandatory for the load balancer to come up. Varies with the cloud service. | | controller.service.internal.annotations | object | `{}` | Annotations are mandatory for the load balancer to come up. Varies with the cloud service. |
| controller.service.internal.enabled | bool | `false` | Enables an additional internal load balancer (besides the external one). | | controller.service.internal.enabled | bool | `false` | Enables an additional internal load balancer (besides the external one). |
| controller.service.internal.loadBalancerSourceRanges | list | `[]` | Restrict access For LoadBalancer service. Defaults to 0.0.0.0/0. | | controller.service.internal.loadBalancerSourceRanges | list | `[]` | Restrict access For LoadBalancer service. Defaults to 0.0.0.0/0. |
| controller.service.internal.nameSuffix | string | `"internal"` | - Suffix to be used to name the internal service |
| controller.service.ipFamilies | list | `["IPv4"]` | List of IP families (e.g. IPv4, IPv6) assigned to the service. This field is usually assigned automatically based on cluster configuration and the ipFamilyPolicy field. # Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/ | | controller.service.ipFamilies | list | `["IPv4"]` | List of IP families (e.g. IPv4, IPv6) assigned to the service. This field is usually assigned automatically based on cluster configuration and the ipFamilyPolicy field. # Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/ |
| controller.service.ipFamilyPolicy | string | `"SingleStack"` | Represents the dual-stack-ness requested or required by this Service. Possible values are SingleStack, PreferDualStack or RequireDualStack. The ipFamilies and clusterIPs fields depend on the value of this field. # Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/ | | controller.service.ipFamilyPolicy | string | `"SingleStack"` | Represents the dual-stack-ness requested or required by this Service. Possible values are SingleStack, PreferDualStack or RequireDualStack. The ipFamilies and clusterIPs fields depend on the value of this field. # Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/ |
| controller.service.labels | object | `{}` | | | controller.service.labels | object | `{}` | |

43
charts/ingress-nginx/templates/_helpers.tpl
View file

@ -85,6 +85,49 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this
{{- printf "%s-%s" (include "ingress-nginx.fullname" .) .Values.controller.name | trunc 63 | trimSuffix "-" -}} {{- printf "%s-%s" (include "ingress-nginx.fullname" .) .Values.controller.name | trunc 63 | trimSuffix "-" -}}
{{- end -}} {{- end -}}
{{/*
Create a name for the controller internal service.
We fail if longer than 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "ingress-nginx.controller.internal.servicename" -}}
{{- $name := printf "%s-%s" (include "ingress-nginx.controller.fullname" .) .Values.controller.service.internal.nameSuffix | trimSuffix "-" -}}
{{- if gt (len $name) 63 -}}
{{- fail (printf "Internal service name must be shorter than 63 characters. Got: %s" $name) -}}
{{- end -}}
{{- print $name -}}
{{- end -}}
{{/*
Create a name for the controller metrics service.
We fail if longer than 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "ingress-nginx.controller.metrics.servicename" -}}
{{- $name := printf "%s-%s" (include "ingress-nginx.controller.fullname" .) .Values.controller.metrics.service.nameSuffix | trimSuffix "-" -}}
{{- if gt (len $name) 63 -}}
{{- fail (printf "Metrics service name must be shorter than 63 characters. Got: %s" $name) -}}
{{- end -}}
{{- print $name -}}
{{- end -}}
{{/*
Create a name for the controller admission webhook service.
We fail if longer than 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "ingress-nginx.controller.admission.servicename" -}}
{{- $name := printf "%s-%s" (include "ingress-nginx.controller.fullname" .) .Values.controller.admissionWebhooks.service.nameSuffix | trimSuffix "-" -}}
{{- if gt (len $name) 63 -}}
{{- fail (printf "Admission webhook service name must be shorter than 63 characters. Got: %s" $name) -}}
{{- end -}}
{{- print $name -}}
{{- end -}}
{{/*
Create the short admission webhook name.
*/}}
{{- define "ingress-nginx.admission.name" -}}
{{- printf "%s-%s" (include "ingress-nginx.fullname" .) (.Values.controller.admissionWebhooks.service.nameSuffix | trimSuffix "-") -}}
{{- end -}}
{{/* {{/*
Construct a unique electionID. Construct a unique electionID.
Users can provide an override for an explicit electionID if they want via `.Values.controller.electionID` Users can provide an override for an explicit electionID if they want via `.Values.controller.electionID`

2
charts/ingress-nginx/templates/_params.tpl
View file

@ -7,7 +7,7 @@
{{- if .Values.controller.service.external.enabled }} {{- if .Values.controller.service.external.enabled }}
- --publish-service={{ template "ingress-nginx.controller.publishServicePath" . }} - --publish-service={{ template "ingress-nginx.controller.publishServicePath" . }}
{{- else if .Values.controller.service.internal.enabled }} {{- else if .Values.controller.service.internal.enabled }}
- --publish-service={{ template "ingress-nginx.controller.publishServicePath" . }}-internal - --publish-service={{ template "ingress-nginx.controller.publishServicePath" . }}-{{ .Values.controller.service.internal.nameSuffix | trimSuffix "-" }}
{{- end }} {{- end }}
{{- end }} {{- end }}
- --election-id={{ include "ingress-nginx.controller.electionID" . }} - --election-id={{ include "ingress-nginx.controller.electionID" . }}

10
charts/ingress-nginx/templates/admission-webhooks/cert-manager.yaml
View file

@ -42,10 +42,10 @@ spec:
apiVersion: cert-manager.io/v1 apiVersion: cert-manager.io/v1
kind: Certificate kind: Certificate
metadata: metadata:
name: {{ include "ingress-nginx.fullname" . }}-admission name: {{ include "ingress-nginx.admission.name" . }}
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
spec: spec:
secretName: {{ include "ingress-nginx.fullname" . }}-admission secretName: {{ include "ingress-nginx.admission.name" . }}
duration: {{ .Values.controller.admissionWebhooks.certManager.admissionCert.duration | default "8760h0m0s" | quote }} duration: {{ .Values.controller.admissionWebhooks.certManager.admissionCert.duration | default "8760h0m0s" | quote }}
issuerRef: issuerRef:
{{- if .Values.controller.admissionWebhooks.certManager.issuerRef }} {{- if .Values.controller.admissionWebhooks.certManager.issuerRef }}
@ -54,9 +54,9 @@ spec:
name: {{ include "ingress-nginx.fullname" . }}-root-issuer name: {{ include "ingress-nginx.fullname" . }}-root-issuer
{{- end }} {{- end }}
dnsNames: dnsNames:
- {{ include "ingress-nginx.controller.fullname" . }}-admission - {{ include "ingress-nginx.controller.metrics.servicename" . }}
- {{ include "ingress-nginx.controller.fullname" . }}-admission.{{ .Release.Namespace }} - {{ include "ingress-nginx.controller.metrics.servicename" . }}.{{ .Release.Namespace }}
- {{ include "ingress-nginx.controller.fullname" . }}-admission.{{ .Release.Namespace }}.svc - {{ include "ingress-nginx.controller.metrics.servicename" . }}.{{ .Release.Namespace }}.svc
subject: subject:
organizations: organizations:
- ingress-nginx-admission - ingress-nginx-admission

4
charts/ingress-nginx/templates/admission-webhooks/job-patch/clusterrole.yaml
View file

@ -2,7 +2,7 @@
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole kind: ClusterRole
metadata: metadata:
name: {{ include "ingress-nginx.fullname" . }}-admission name: {{ include "ingress-nginx.admission.name" . }}
annotations: annotations:
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
@ -28,7 +28,7 @@ rules:
{{- with .Values.controller.admissionWebhooks.existingPsp }} {{- with .Values.controller.admissionWebhooks.existingPsp }}
- {{ . }} - {{ . }}
{{- else }} {{- else }}
- {{ include "ingress-nginx.fullname" . }}-admission - {{ include "ingress-nginx.admission.name" . }}
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- end }} {{- end }}

6
charts/ingress-nginx/templates/admission-webhooks/job-patch/clusterrolebinding.yaml
View file

@ -2,7 +2,7 @@
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding kind: ClusterRoleBinding
metadata: metadata:
name: {{ include "ingress-nginx.fullname" . }}-admission name: {{ include "ingress-nginx.admission.name" . }}
annotations: annotations:
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
@ -15,9 +15,9 @@ metadata:
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
kind: ClusterRole kind: ClusterRole
name: {{ include "ingress-nginx.fullname" . }}-admission name: {{ include "ingress-nginx.admission.name" . }}
subjects: subjects:
- kind: ServiceAccount - kind: ServiceAccount
name: {{ include "ingress-nginx.fullname" . }}-admission name: {{ include "ingress-nginx.admission.name" . }}
namespace: {{ .Release.Namespace | quote }} namespace: {{ .Release.Namespace | quote }}
{{- end }} {{- end }}

10
charts/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml
View file

@ -2,7 +2,7 @@
apiVersion: batch/v1 apiVersion: batch/v1
kind: Job kind: Job
metadata: metadata:
name: {{ include "ingress-nginx.fullname" . }}-admission-create name: {{ include "ingress-nginx.admission.name" . }}-create
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
annotations: annotations:
"helm.sh/hook": pre-install,pre-upgrade "helm.sh/hook": pre-install,pre-upgrade
@ -23,7 +23,7 @@ spec:
{{- end }} {{- end }}
template: template:
metadata: metadata:
name: {{ include "ingress-nginx.fullname" . }}-admission-create name: {{ include "ingress-nginx.admission.name" . }}-create
{{- if .Values.controller.admissionWebhooks.patch.podAnnotations }} {{- if .Values.controller.admissionWebhooks.patch.podAnnotations }}
annotations: {{ toYaml .Values.controller.admissionWebhooks.patch.podAnnotations | nindent 8 }} annotations: {{ toYaml .Values.controller.admissionWebhooks.patch.podAnnotations | nindent 8 }}
{{- end }} {{- end }}
@ -48,9 +48,9 @@ spec:
imagePullPolicy: {{ .Values.controller.admissionWebhooks.patch.image.pullPolicy }} imagePullPolicy: {{ .Values.controller.admissionWebhooks.patch.image.pullPolicy }}
args: args:
- create - create
- --host={{ include "ingress-nginx.controller.fullname" . }}-admission,{{ include "ingress-nginx.controller.fullname" . }}-admission.$(POD_NAMESPACE).svc - --host={{ include "ingress-nginx.controller.admission.servicename" . }},{{ include "ingress-nginx.controller.admission.servicename" . }}.$(POD_NAMESPACE).svc
- --namespace=$(POD_NAMESPACE) - --namespace=$(POD_NAMESPACE)
- --secret-name={{ include "ingress-nginx.fullname" . }}-admission - --secret-name={{ include "ingress-nginx.admission.name" . }}
env: env:
- name: POD_NAMESPACE - name: POD_NAMESPACE
valueFrom: valueFrom:
@ -66,7 +66,7 @@ spec:
resources: {{ toYaml .Values.controller.admissionWebhooks.createSecretJob.resources | nindent 12 }} resources: {{ toYaml .Values.controller.admissionWebhooks.createSecretJob.resources | nindent 12 }}
{{- end }} {{- end }}
restartPolicy: OnFailure restartPolicy: OnFailure
serviceAccountName: {{ include "ingress-nginx.fullname" . }}-admission serviceAccountName: {{ include "ingress-nginx.admission.name" . }}
{{- if .Values.controller.admissionWebhooks.patch.nodeSelector }} {{- if .Values.controller.admissionWebhooks.patch.nodeSelector }}
nodeSelector: {{ toYaml .Values.controller.admissionWebhooks.patch.nodeSelector | nindent 8 }} nodeSelector: {{ toYaml .Values.controller.admissionWebhooks.patch.nodeSelector | nindent 8 }}
{{- end }} {{- end }}

10
charts/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml
View file

@ -2,7 +2,7 @@
apiVersion: batch/v1 apiVersion: batch/v1
kind: Job kind: Job
metadata: metadata:
name: {{ include "ingress-nginx.fullname" . }}-admission-patch name: {{ include "ingress-nginx.admission.name" . }}-patch
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
annotations: annotations:
"helm.sh/hook": post-install,post-upgrade "helm.sh/hook": post-install,post-upgrade
@ -23,7 +23,7 @@ spec:
{{- end }} {{- end }}
template: template:
metadata: metadata:
name: {{ include "ingress-nginx.fullname" . }}-admission-patch name: {{ include "ingress-nginx.admission.name" . }}-patch
{{- if .Values.controller.admissionWebhooks.patch.podAnnotations }} {{- if .Values.controller.admissionWebhooks.patch.podAnnotations }}
annotations: {{ toYaml .Values.controller.admissionWebhooks.patch.podAnnotations | nindent 8 }} annotations: {{ toYaml .Values.controller.admissionWebhooks.patch.podAnnotations | nindent 8 }}
{{- end }} {{- end }}
@ -48,10 +48,10 @@ spec:
imagePullPolicy: {{ .Values.controller.admissionWebhooks.patch.image.pullPolicy }} imagePullPolicy: {{ .Values.controller.admissionWebhooks.patch.image.pullPolicy }}
args: args:
- patch - patch
- --webhook-name={{ include "ingress-nginx.fullname" . }}-admission - --webhook-name={{ include "ingress-nginx.admission.name" . }}
- --namespace=$(POD_NAMESPACE) - --namespace=$(POD_NAMESPACE)
- --patch-mutating=false - --patch-mutating=false
- --secret-name={{ include "ingress-nginx.fullname" . }}-admission - --secret-name={{ include "ingress-nginx.admission.name" . }}
- --patch-failure-policy={{ .Values.controller.admissionWebhooks.failurePolicy }} - --patch-failure-policy={{ .Values.controller.admissionWebhooks.failurePolicy }}
env: env:
- name: POD_NAMESPACE - name: POD_NAMESPACE
@ -68,7 +68,7 @@ spec:
resources: {{ toYaml .Values.controller.admissionWebhooks.patchWebhookJob.resources | nindent 12 }} resources: {{ toYaml .Values.controller.admissionWebhooks.patchWebhookJob.resources | nindent 12 }}
{{- end }} {{- end }}
restartPolicy: OnFailure restartPolicy: OnFailure
serviceAccountName: {{ include "ingress-nginx.fullname" . }}-admission serviceAccountName: {{ include "ingress-nginx.admission.name" . }}
{{- if .Values.controller.admissionWebhooks.patch.nodeSelector }} {{- if .Values.controller.admissionWebhooks.patch.nodeSelector }}
nodeSelector: {{ toYaml .Values.controller.admissionWebhooks.patch.nodeSelector | nindent 8 }} nodeSelector: {{ toYaml .Values.controller.admissionWebhooks.patch.nodeSelector | nindent 8 }}
{{- end }} {{- end }}

2
charts/ingress-nginx/templates/admission-webhooks/job-patch/networkpolicy.yaml
View file

@ -2,7 +2,7 @@
apiVersion: networking.k8s.io/v1 apiVersion: networking.k8s.io/v1
kind: NetworkPolicy kind: NetworkPolicy
metadata: metadata:
name: {{ include "ingress-nginx.fullname" . }}-admission name: {{ include "ingress-nginx.admission.name" . }}
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
annotations: annotations:
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade

2
charts/ingress-nginx/templates/admission-webhooks/job-patch/psp.yaml
View file

@ -3,7 +3,7 @@
apiVersion: policy/v1beta1 apiVersion: policy/v1beta1
kind: PodSecurityPolicy kind: PodSecurityPolicy
metadata: metadata:
name: {{ include "ingress-nginx.fullname" . }}-admission name: {{ include "ingress-nginx.admission.name" . }}
annotations: annotations:
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded

2
charts/ingress-nginx/templates/admission-webhooks/job-patch/role.yaml
View file

@ -2,7 +2,7 @@
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: Role kind: Role
metadata: metadata:
name: {{ include "ingress-nginx.fullname" . }}-admission name: {{ include "ingress-nginx.admission.name" . }}
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
annotations: annotations:
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade

6
charts/ingress-nginx/templates/admission-webhooks/job-patch/rolebinding.yaml
View file

@ -2,7 +2,7 @@
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding kind: RoleBinding
metadata: metadata:
name: {{ include "ingress-nginx.fullname" . }}-admission name: {{ include "ingress-nginx.admission.name" . }}
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
annotations: annotations:
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
@ -16,9 +16,9 @@ metadata:
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
kind: Role kind: Role
name: {{ include "ingress-nginx.fullname" . }}-admission name: {{ include "ingress-nginx.admission.name" . }}
subjects: subjects:
- kind: ServiceAccount - kind: ServiceAccount
name: {{ include "ingress-nginx.fullname" . }}-admission name: {{ include "ingress-nginx.admission.name" . }}
namespace: {{ .Release.Namespace | quote }} namespace: {{ .Release.Namespace | quote }}
{{- end }} {{- end }}

2
charts/ingress-nginx/templates/admission-webhooks/job-patch/serviceaccount.yaml
View file

@ -2,7 +2,7 @@
apiVersion: v1 apiVersion: v1
kind: ServiceAccount kind: ServiceAccount
metadata: metadata:
name: {{ include "ingress-nginx.fullname" . }}-admission name: {{ include "ingress-nginx.admission.name" . }}
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
annotations: annotations:
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade

8
charts/ingress-nginx/templates/admission-webhooks/validating-webhook.yaml
View file

@ -6,8 +6,8 @@ kind: ValidatingWebhookConfiguration
metadata: metadata:
annotations: annotations:
{{- if .Values.controller.admissionWebhooks.certManager.enabled }} {{- if .Values.controller.admissionWebhooks.certManager.enabled }}
certmanager.k8s.io/inject-ca-from: {{ printf "%s/%s-admission" .Release.Namespace (include "ingress-nginx.fullname" .) | quote }} certmanager.k8s.io/inject-ca-from: {{ printf "%s/%s" .Release.Namespace (include "ingress-nginx.admission.name" .) | quote }}
cert-manager.io/inject-ca-from: {{ printf "%s/%s-admission" .Release.Namespace (include "ingress-nginx.fullname" .) | quote }} cert-manager.io/inject-ca-from: {{ printf "%s/%s" .Release.Namespace (include "ingress-nginx.admission.name" .) | quote }}
{{- end }} {{- end }}
{{- if .Values.controller.admissionWebhooks.annotations }} {{- if .Values.controller.admissionWebhooks.annotations }}
{{- toYaml .Values.controller.admissionWebhooks.annotations | nindent 4 }} {{- toYaml .Values.controller.admissionWebhooks.annotations | nindent 4 }}
@ -18,7 +18,7 @@ metadata:
{{- with .Values.controller.admissionWebhooks.labels }} {{- with .Values.controller.admissionWebhooks.labels }}
{{- toYaml . | nindent 4 }} {{- toYaml . | nindent 4 }}
{{- end }} {{- end }}
name: {{ include "ingress-nginx.fullname" . }}-admission name: {{ include "ingress-nginx.admission.name" . }}
webhooks: webhooks:
- name: validate.nginx.ingress.kubernetes.io - name: validate.nginx.ingress.kubernetes.io
matchPolicy: Equivalent matchPolicy: Equivalent
@ -39,7 +39,7 @@ webhooks:
clientConfig: clientConfig:
service: service:
namespace: {{ .Release.Namespace | quote }} namespace: {{ .Release.Namespace | quote }}
name: {{ include "ingress-nginx.controller.fullname" . }}-admission name: {{ include "ingress-nginx.controller.admission.servicename" . }}
path: /networking/v1/ingresses path: /networking/v1/ingresses
{{- if .Values.controller.admissionWebhooks.timeoutSeconds }} {{- if .Values.controller.admissionWebhooks.timeoutSeconds }}
timeoutSeconds: {{ .Values.controller.admissionWebhooks.timeoutSeconds }} timeoutSeconds: {{ .Values.controller.admissionWebhooks.timeoutSeconds }}

2
charts/ingress-nginx/templates/controller-daemonset.yaml
View file

@ -224,7 +224,7 @@ spec:
{{- if .Values.controller.admissionWebhooks.enabled }} {{- if .Values.controller.admissionWebhooks.enabled }}
- name: webhook-cert - name: webhook-cert
secret: secret:
secretName: {{ include "ingress-nginx.fullname" . }}-admission secretName: {{ include "ingress-nginx.admission.name" . }}
{{- if .Values.controller.admissionWebhooks.certManager.enabled }} {{- if .Values.controller.admissionWebhooks.certManager.enabled }}
items: items:
- key: tls.crt - key: tls.crt

2
charts/ingress-nginx/templates/controller-deployment.yaml
View file

@ -227,7 +227,7 @@ spec:
{{- if .Values.controller.admissionWebhooks.enabled }} {{- if .Values.controller.admissionWebhooks.enabled }}
- name: webhook-cert - name: webhook-cert
secret: secret:
secretName: {{ include "ingress-nginx.fullname" . }}-admission secretName: {{ include "ingress-nginx.admission.name" . }}
{{- if .Values.controller.admissionWebhooks.certManager.enabled }} {{- if .Values.controller.admissionWebhooks.certManager.enabled }}
items: items:
- key: tls.crt - key: tls.crt

2
charts/ingress-nginx/templates/controller-service-internal.yaml
View file

@ -12,7 +12,7 @@ metadata:
{{- if .Values.controller.service.labels }} {{- if .Values.controller.service.labels }}
{{- toYaml .Values.controller.service.labels | nindent 4 }} {{- toYaml .Values.controller.service.labels | nindent 4 }}
{{- end }} {{- end }}
name: {{ include "ingress-nginx.controller.fullname" . }}-internal name: {{ include "ingress-nginx.controller.internal.servicename" . }}
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
spec: spec:
type: "{{ .Values.controller.service.type }}" type: "{{ .Values.controller.service.type }}"

2
charts/ingress-nginx/templates/controller-service-metrics.yaml
View file

@ -11,7 +11,7 @@ metadata:
{{- if .Values.controller.metrics.service.labels }} {{- if .Values.controller.metrics.service.labels }}
{{- toYaml .Values.controller.metrics.service.labels | nindent 4 }} {{- toYaml .Values.controller.metrics.service.labels | nindent 4 }}
{{- end }} {{- end }}
name: {{ include "ingress-nginx.controller.fullname" . }}-metrics name: {{ include "ingress-nginx.controller.metrics.servicename" . }}
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
spec: spec:
type: {{ .Values.controller.metrics.service.type }} type: {{ .Values.controller.metrics.service.type }}

2
charts/ingress-nginx/templates/controller-service-webhook.yaml
View file

@ -11,7 +11,7 @@ metadata:
{{- with .Values.controller.labels }} {{- with .Values.controller.labels }}
{{- toYaml . | nindent 4 }} {{- toYaml . | nindent 4 }}
{{- end }} {{- end }}
name: {{ include "ingress-nginx.controller.fullname" . }}-admission name: {{ include "ingress-nginx.controller.admission.servicename" . }}
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
spec: spec:
type: {{ .Values.controller.admissionWebhooks.service.type }} type: {{ .Values.controller.admissionWebhooks.service.type }}

7
charts/ingress-nginx/values.yaml
View file

@ -538,6 +538,9 @@ controller:
## Ref: https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-typeloadbalancer ## Ref: https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-typeloadbalancer
# externalTrafficPolicy: "" # externalTrafficPolicy: ""
# --- Suffix to be used to name the internal service
nameSuffix: internal
# shareProcessNamespace enables process namespace sharing within the pod. # shareProcessNamespace enables process namespace sharing within the pod.
# This can be used for example to signal log rotation using `kill -USR1` from a sidecar. # This can be used for example to signal log rotation using `kill -USR1` from a sidecar.
shareProcessNamespace: false shareProcessNamespace: false
@ -634,6 +637,8 @@ controller:
externalIPs: [] externalIPs: []
# loadBalancerIP: "" # loadBalancerIP: ""
loadBalancerSourceRanges: [] loadBalancerSourceRanges: []
# --- Suffix to be used to name the admission webhook service
nameSuffix: admission
servicePort: 443 servicePort: 443
type: ClusterIP type: ClusterIP
@ -710,6 +715,8 @@ controller:
# loadBalancerIP: "" # loadBalancerIP: ""
loadBalancerSourceRanges: [] loadBalancerSourceRanges: []
# --- Suffix to be used to name the metrics service
nameSuffix: metrics
servicePort: 10254 servicePort: 10254
type: ClusterIP type: ClusterIP
# externalTrafficPolicy: "" # externalTrafficPolicy: ""