Chart: Improve CI. (#12003)

.github/workflows/chart.yaml

@@ -0,0 +1,64 @@
+name: Chart
+
+on:
+  push:
+    branches:
+      - main
+      - release-*
+    paths:
+      - charts/ingress-nginx/Chart.yaml
+  
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+jobs:
+  release:
+    name: Release
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: write
+
+    steps:
+      - name: Set up Python
+        uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0
+        with:
+          python-version: 3.x
+
+      - name: Set up Helm
+        uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0
+
+      - name: Set up Helm Chart Testing
+        uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1
+
+      - name: Set up Artifact Hub
+        run: |
+          curl --fail --location https://github.com/artifacthub/hub/releases/download/v1.19.0/ah_1.19.0_linux_amd64.tar.gz --output /tmp/ah.tar.gz
+          echo "0e430493521ce387ca04d79b26646a86f92886dbcceb44985bb71082a9530ca5  /tmp/ah.tar.gz" | shasum --check
+          sudo tar --extract --file /tmp/ah.tar.gz --directory /usr/local/bin ah
+
+      - name: Set up Git
+        run: |
+          git config --global user.name "${GITHUB_ACTOR}"
+          git config --global user.email "${GITHUB_ACTOR}@users.noreply.github.com"
+
+      - name: Checkout code
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        with:
+          fetch-depth: 0
+
+      - name: Lint chart
+        run: |
+          ct lint --config .ct.yaml
+          ah lint --path charts/ingress-nginx
+
+      - name: Release chart
+        uses: helm/chart-releaser-action@a917fd15b20e8b64b94d9158ad54cd6345335584 # v1.6.0
+        env:
+          CR_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          CR_RELEASE_NAME_TEMPLATE: helm-chart-{{ .Version }}
+          CR_SKIP_EXISTING: true
+        with:
+          charts_dir: charts

.github/workflows/ci.yaml

@@ -208,112 +208,88 @@ jobs:
           path: docker.tar.gz
           retention-days: 5
 
-  helm-lint:
+  chart-lint:
-    name: Helm chart lint
+    name: Chart / Lint
     runs-on: ubuntu-latest
     needs:
       - changes
-    if: |
+
-      (needs.changes.outputs.charts == 'true') || (needs.changes.outputs.baseimage == 'true') || ${{ github.event.workflow_dispatch.run_e2e == 'true' }}
+    if: fromJSON(needs.changes.outputs.charts) || fromJSON(needs.changes.outputs.baseimage) || fromJSON(github.event.workflow_dispatch.run_e2e)
 
     steps:
-      - name: Checkout
+      - name: Set up Python
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0
         with:
-          fetch-depth: 0
+          python-version: 3.x
 
       - name: Set up Helm
         uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0
 
-      - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0
+      - name: Set up Helm Chart Testing
-        with:
-          python-version: '3.x'
-
-      - name: Set up chart-testing
         uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1
 
-      - name: Install Helm Unit Test Plugin
+      - name: Set up Artifact Hub
         run: |
-          helm plugin install https://github.com/helm-unittest/helm-unittest
+          curl --fail --location https://github.com/artifacthub/hub/releases/download/v1.19.0/ah_1.19.0_linux_amd64.tar.gz --output /tmp/ah.tar.gz
+          echo "0e430493521ce387ca04d79b26646a86f92886dbcceb44985bb71082a9530ca5  /tmp/ah.tar.gz" | shasum --check
+          sudo tar --extract --file /tmp/ah.tar.gz --directory /usr/local/bin ah
 
-      - name: Run Helm Unit Tests
+      - name: Set up Helm Docs
+        uses: gabe565/setup-helm-docs-action@d5c35bdc9133cfbea3b671acadf50a29029e87c2 # v1.0.4
+
+      - name: Set up Helm Unit Test
+        run: helm plugin install https://github.com/helm-unittest/helm-unittest
+
+      - name: Checkout code
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        with:
+          fetch-depth: 0
+
+      - name: Lint chart
         run: |
-          helm unittest charts/ingress-nginx -d
+          ct lint --config .ct.yaml
+          ah lint --path charts/ingress-nginx
 
-      - name: Run chart-testing (lint)
+      - name: Check docs
-        run: ct lint --config ./.ct.yaml
-
-      - name: Run helm-docs
         run: |
-          GOBIN=$PWD GO111MODULE=on go install github.com/norwoodj/helm-docs/cmd/helm-docs@v1.11.0
+          helm-docs --chart-search-root charts
-          ./helm-docs --chart-search-root=${GITHUB_WORKSPACE}/charts
+          git diff --exit-code charts/ingress-nginx/README.md
-          DIFF=$(git diff ${GITHUB_WORKSPACE}/charts/ingress-nginx/README.md)
-          if [ ! -z "$DIFF" ]; then
-            echo "Please use helm-docs in your clone, of your fork, of the project, and commit a updated README.md for the chart. https://github.com/kubernetes/ingress-nginx/blob/main/RELEASE.md#d-edit-the-valuesyaml-and-run-helm-docs"
-          fi
-          git diff --exit-code
-          rm -f ./helm-docs
 
-      - name: Run Artifact Hub lint
+      - name: Run tests
-        run: |
+        run: helm unittest charts/ingress-nginx
-          wget https://github.com/artifacthub/hub/releases/download/v1.5.0/ah_1.5.0_linux_amd64.tar.gz
-          echo 'ad0e44c6ea058ab6b85dbf582e88bad9fdbc64ded0d1dd4edbac65133e5c87da *ah_1.5.0_linux_amd64.tar.gz' | shasum -c
-          tar -xzvf ah_1.5.0_linux_amd64.tar.gz ah
-          ./ah lint -p charts/ingress-nginx || exit 1
-          rm -f ./ah ./ah_1.5.0_linux_amd64.tar.gz
 
-  helm-test:
+  chart-test:
-    name: Helm chart testing
+    name: Chart / Test
     runs-on: ubuntu-latest
     needs:
       - changes
       - build
-      - helm-lint
+      - chart-lint
-    if: |
+
-      (needs.changes.outputs.charts == 'true') || (needs.changes.outputs.baseimage == 'true') || ${{ github.event.workflow_dispatch.run_e2e == 'true' }}
+    if: fromJSON(needs.changes.outputs.charts) || fromJSON(needs.changes.outputs.baseimage) || fromJSON(github.event.workflow_dispatch.run_e2e)
 
     strategy:
       matrix:
         k8s: [v1.28.13, v1.29.8, v1.30.4, v1.31.0]
 
     steps:
-      - name: Checkout
+      - name: Checkout code
         uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
 
-      - name: Setup Go
+      - name: Download cache
-        uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
-        with:
-          go-version: ${{ needs.build.outputs.golangversion }}
-          check-latest: true
-
-      - name: cache
         uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
         with:
           name: docker.tar.gz
 
-      - name: fix permissions
+      - name: Load cache
-        run: |
+        run: gzip --decompress --stdout docker.tar.gz | docker load
-          sudo mkdir -p $HOME/.kube
-          sudo chmod -R 777 $HOME/.kube
 
-      - name: Create Kubernetes ${{ matrix.k8s }} cluster
+      - name: Run tests
-        id: kind
-        run: |
-          kind create cluster --image=kindest/node:${{ matrix.k8s }}
-
-      - name: Load images from cache
-        run: |
-          echo "loading docker images..."
-          gzip -dc docker.tar.gz | docker load
-
-      - name: Test
         env:
-          KIND_CLUSTER_NAME: kind
+          K8S_VERSION: ${{ matrix.k8s }}
-          SKIP_CLUSTER_CREATION: true
           SKIP_IMAGE_CREATION: true
-          SKIP_INGRESS_IMAGE_CREATION: true
         run: |
-          kind get kubeconfig > $HOME/.kube/kind-config-kind
+          sudo mkdir -pm 777 "${HOME}/.kube"
           make kind-e2e-chart-tests
 
   kubernetes:

.github/workflows/helm.yaml

@@ -1,88 +0,0 @@
-name: Helm
-
-on:
-  push:
-    branches:
-      - main
-      - release-*
-  
-  workflow_dispatch:
-
-permissions:
-  contents: read
-
-jobs:
-
-  changes:
-    runs-on: ubuntu-latest
-
-    permissions:
-      contents: read  # for dorny/paths-filter to fetch a list of changed files
-
-    if: github.repository == 'kubernetes/ingress-nginx'
-
-    outputs:
-      docs: ${{ steps.filter.outputs.docs }}
-      charts: ${{ steps.filter.outputs.charts }}
-
-    steps:
-      - name: Checkout
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-
-      - name: Run Artifact Hub lint
-        run: |
-          wget https://github.com/artifacthub/hub/releases/download/v1.5.0/ah_1.5.0_linux_amd64.tar.gz
-          echo 'ad0e44c6ea058ab6b85dbf582e88bad9fdbc64ded0d1dd4edbac65133e5c87da *ah_1.5.0_linux_amd64.tar.gz' | shasum -c
-          tar -xzvf ah_1.5.0_linux_amd64.tar.gz ah
-          ./ah lint -p charts/ingress-nginx || exit 1
-          rm -f ./ah ./ah_1.5.0_linux_amd64.tar.gz
-
-      - name: Set up chart-testing
-        uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1
-
-      - name: Run chart-testing (lint)
-        run: ct lint --target-branch ${{ github.ref_name }} --config ./.ct.yaml
-
-      - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
-        id: filter
-        with:
-          token: ${{ secrets.GITHUB_TOKEN }}
-          filters: |
-            charts:
-              - 'charts/ingress-nginx/Chart.yaml'
-              - 'charts/ingress-nginx/values.yaml'
-
-  chart:
-    name: Release Chart
-    runs-on: ubuntu-latest
-
-    permissions:
-      contents: write # needed to write releases
-
-    needs:
-      - changes
-
-    if: ${{ needs.changes.outputs.charts == 'true' }}
-
-    steps:
-      - name: Checkout master
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-        with:
-          # Fetch entire history. Required for chart-releaser; see https://github.com/helm/chart-releaser-action/issues/13#issuecomment-602063896
-          fetch-depth: 0
-          ref: ${{ github.ref_name }} 
-
-      - name: Setup
-        shell: bash
-        run: |
-          git config --global user.name "$GITHUB_ACTOR"
-          git config --global user.email "$GITHUB_ACTOR@users.noreply.github.com"
-
-      - name: Helm Chart Releaser
-        uses: helm/chart-releaser-action@a917fd15b20e8b64b94d9158ad54cd6345335584 # v1.6.0
-        env:
-          CR_SKIP_EXISTING: true
-          CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
-          CR_RELEASE_NAME_TEMPLATE: "helm-chart-{{ .Version }}"
-        with:
-          charts_dir: charts

.gitignore

@@ -1,4 +1,3 @@
-helm-docs
 # OSX
 ._*
 .DS_Store

MANUAL_RELEASE.md

@@ -226,19 +226,18 @@ Promoting the images basically means that images, that were pushed to staging co
           ```
 
 ### d. Edit the values.yaml and run helm-docs
+
   - [Fields to edit in values.yaml](https://github.com/kubernetes/ingress-nginx/blob/main/charts/ingress-nginx/values.yaml)
 
     - tag
     - digest
 
-  - [helm-docs](https://github.com/norwoodj/helm-docs) is a tool that generates the README.md for a helm-chart automatically. In the CI pipeline workflow of github actions (/.github/workflows/ci.yaml), you can see how helm-docs is used. But the CI pipeline is not designed to make commits back into the project. So we need to run helm-docs manually, and check in the resulting autogenerated README.md at the path /charts/ingress-nginx/README.md
+  - [helm-docs](https://github.com/norwoodj/helm-docs) is a tool that generates the README.md for a Helm chart automatically. In the CI pipeline workflow of GitHub actions (.github/workflows/ci.yaml), you can see how helm-docs is used. The CI pipeline is not designed to make commits back into the project, so we need to run helm-docs manually and commit the resulting generated README.md. You can obtain a recent version of the helm-docs binary here: https://github.com/norwoodj/helm-docs/releases.
     ```
-          GOBIN=$PWD GO111MODULE=on go install github.com/norwoodj/helm-docs/cmd/helm-docs@v1.11.0
+    helm-docs --chart-search-root charts
-          ./helm-docs --chart-search-root=${GITHUB_WORKSPACE}/charts
+    git diff charts/ingress-nginx/README.md
-          git diff --exit-code
-          rm -f ./helm-docs
     ```
-    Watchout for mistakes like leaving the helm-docs executable in your clone workspace or not checking the new README.md manually etc.
+    Take care of not leaving the helm-docs executable in your clone workspace or not committing the new README.md.
 
 ### e. Edit the static manifests
 

charts/ingress-nginx/ci/admission-webhooks-cert-manager-values.yaml

@@ -1,10 +1,12 @@
 controller:
-  kind: DaemonSet
   image:
     repository: ingress-controller/controller
     tag: 1.0.0-dev
     digest: null
-  admissionWebhooks:
+
-    enabled: false
   service:
     type: ClusterIP
+
+  admissionWebhooks:
+    certManager:
+      enabled: true

charts/ingress-nginx/ci/controller-admission-tls-cert-manager-values.yaml

@@ -1,6 +0,0 @@
-controller:
-  admissionWebhooks:
-    certManager:
-      enabled: true
-  service:
-    type: ClusterIP

charts/ingress-nginx/ci/controller-configmap-addheaders-values.yaml

@@ -0,0 +1,11 @@
+controller:
+  image:
+    repository: ingress-controller/controller
+    tag: 1.0.0-dev
+    digest: null
+
+  service:
+    type: ClusterIP
+
+  addHeaders:
+    X-Frame-Options: deny

charts/ingress-nginx/ci/controller-configmap-proxyheaders-values.yaml

@@ -0,0 +1,11 @@
+controller:
+  image:
+    repository: ingress-controller/controller
+    tag: 1.0.0-dev
+    digest: null
+
+  service:
+    type: ClusterIP
+
+  proxySetHeaders:
+    X-Forwarded-Proto: https

charts/ingress-nginx/ci/controller-configmap-values.yaml

@@ -3,10 +3,9 @@ controller:
     repository: ingress-controller/controller
     tag: 1.0.0-dev
     digest: null
-  config:
+
-    use-proxy-protocol: "true"
-  allowSnippetAnnotations: false
-  admissionWebhooks:
-    enabled: false
   service:
     type: ClusterIP
+
+  config:
+    use-proxy-protocol: "true"

charts/ingress-nginx/ci/controller-custom-ingressclass-flags.yaml

@@ -1,7 +0,0 @@
-controller:
-  watchIngressWithoutClass: true
-  ingressClassResource:
-    name: custom-nginx
-    enabled: true
-    default: true
-    controllerValue: "k8s.io/custom-nginx"

charts/ingress-nginx/ci/controller-daemonset-extra-modules-values.yaml

@@ -0,0 +1,30 @@
+controller:
+  image:
+    repository: ingress-controller/controller
+    tag: 1.0.0-dev
+    digest: null
+
+  service:
+    type: ClusterIP
+
+  kind: DaemonSet
+
+  extraModules:
+  - name: opentelemetry
+    image:
+      registry: registry.k8s.io
+      image: ingress-nginx/opentelemetry-1.25.3
+      tag: v20240813-b933310d
+      digest: sha256:f7604ac0547ed64d79b98d92133234e66c2c8aade3c1f4809fed5eec1fb7f922
+      distroless: true
+    containerSecurityContext:
+      runAsNonRoot: true
+      runAsUser: 65532
+      runAsGroup: 65532
+      allowPrivilegeEscalation: false
+      seccompProfile:
+        type: RuntimeDefault
+      capabilities:
+        drop:
+        - ALL
+      readOnlyRootFilesystem: true

charts/ingress-nginx/ci/controller-daemonset-metrics-values.yaml

@@ -1,10 +1,13 @@
 controller:
-  kind: DaemonSet
   image:
     repository: ingress-controller/controller
     tag: 1.0.0-dev
     digest: null
-  admissionWebhooks:
+
-    enabled: true
   service:
     type: ClusterIP
+
+  kind: DaemonSet
+
+  metrics:
+    enabled: true

charts/ingress-nginx/ci/controller-daemonset-opentelemetry-values.yaml

@@ -3,7 +3,11 @@ controller:
     repository: ingress-controller/controller
     tag: 1.0.0-dev
     digest: null
+
   service:
     type: ClusterIP
+
+  kind: DaemonSet
+
   opentelemetry:
     enabled: true

charts/ingress-nginx/ci/controller-daemonset-podannotations-values.yaml

@@ -1,17 +1,16 @@
 controller:
-  kind: DaemonSet
   image:
     repository: ingress-controller/controller
     tag: 1.0.0-dev
     digest: null
-  admissionWebhooks:
+
-    enabled: false
-  metrics:
-    enabled: true
   service:
     type: ClusterIP
+
+  kind: DaemonSet
+
   podAnnotations:
-    prometheus.io/path: /metrics
+    prometheus.io/scrape: "true"
     prometheus.io/port: "10254"
     prometheus.io/scheme: http
-    prometheus.io/scrape: "true"
+    prometheus.io/path: /metrics

charts/ingress-nginx/ci/controller-daemonset-values.yaml

@@ -1,8 +1,10 @@
-# Left blank to test default values
 controller:
   image:
     repository: ingress-controller/controller
     tag: 1.0.0-dev
     digest: null
+
   service:
     type: ClusterIP
+
+  kind: DaemonSet

charts/ingress-nginx/ci/controller-deployment-extra-modules-values.yaml

@@ -0,0 +1,30 @@
+controller:
+  image:
+    repository: ingress-controller/controller
+    tag: 1.0.0-dev
+    digest: null
+
+  service:
+    type: ClusterIP
+
+  kind: Deployment
+
+  extraModules:
+  - name: opentelemetry
+    image:
+      registry: registry.k8s.io
+      image: ingress-nginx/opentelemetry-1.25.3
+      tag: v20240813-b933310d
+      digest: sha256:f7604ac0547ed64d79b98d92133234e66c2c8aade3c1f4809fed5eec1fb7f922
+      distroless: true
+    containerSecurityContext:
+      runAsNonRoot: true
+      runAsUser: 65532
+      runAsGroup: 65532
+      allowPrivilegeEscalation: false
+      seccompProfile:
+        type: RuntimeDefault
+      capabilities:
+        drop:
+        - ALL
+      readOnlyRootFilesystem: true

charts/ingress-nginx/ci/controller-deployment-metrics-values.yaml

@@ -3,7 +3,11 @@ controller:
     repository: ingress-controller/controller
     tag: 1.0.0-dev
     digest: null
-  admissionWebhooks:
+
-    enabled: true
   service:
     type: ClusterIP
+
+  kind: Deployment
+
+  metrics:
+    enabled: true

charts/ingress-nginx/ci/controller-deployment-opentelemetry-values.yaml

@@ -3,9 +3,11 @@ controller:
     repository: ingress-controller/controller
     tag: 1.0.0-dev
     digest: null
-  admissionWebhooks:
+
-    enabled: false
-  metrics:
-    enabled: true
   service:
     type: ClusterIP
+
+  kind: Deployment
+
+  opentelemetry:
+    enabled: true

charts/ingress-nginx/ci/controller-deployment-podannotations-values.yaml

@@ -3,14 +3,14 @@ controller:
     repository: ingress-controller/controller
     tag: 1.0.0-dev
     digest: null
-  admissionWebhooks:
+
-    enabled: false
-  metrics:
-    enabled: true
   service:
     type: ClusterIP
+
+  kind: Deployment
+
   podAnnotations:
-    prometheus.io/path: /metrics
+    prometheus.io/scrape: "true"
     prometheus.io/port: "10254"
     prometheus.io/scheme: http
-    prometheus.io/scrape: "true"
+    prometheus.io/path: /metrics

charts/ingress-nginx/ci/controller-deployment-values.yaml

@@ -0,0 +1,10 @@
+controller:
+  image:
+    repository: ingress-controller/controller
+    tag: 1.0.0-dev
+    digest: null
+
+  service:
+    type: ClusterIP
+
+  kind: Deployment

charts/ingress-nginx/ci/controller-hpa-values.yaml

@@ -1,4 +1,12 @@
 controller:
+  image:
+    repository: ingress-controller/controller
+    tag: 1.0.0-dev
+    digest: null
+
+  service:
+    type: ClusterIP
+
   autoscaling:
     enabled: true
     behavior:
@@ -8,7 +16,3 @@ controller:
         - type: Pods
           value: 1
           periodSeconds: 180
-  admissionWebhooks:
-    enabled: false
-  service:
-    type: ClusterIP

charts/ingress-nginx/ci/controller-ingressclass-values.yaml

@@ -0,0 +1,15 @@
+controller:
+  image:
+    repository: ingress-controller/controller
+    tag: 1.0.0-dev
+    digest: null
+
+  service:
+    type: ClusterIP
+
+  ingressClassResource:
+    name: custom-nginx
+    default: true
+    controllerValue: k8s.io/custom-nginx
+
+  watchIngressWithoutClass: true

charts/ingress-nginx/ci/controller-service-internal-values.yaml

@@ -1,13 +1,12 @@
 controller:
-  kind: DaemonSet
   image:
     repository: ingress-controller/controller
     tag: 1.0.0-dev
     digest: null
-  admissionWebhooks:
+
-    enabled: false
   service:
     type: ClusterIP
+
     internal:
       enabled: true
       annotations:

charts/ingress-nginx/ci/controller-service-values.yaml

@@ -3,18 +3,20 @@ controller:
     repository: ingress-controller/controller
     tag: 1.0.0-dev
     digest: null
-  admissionWebhooks:
+
-    enabled: false
   service:
     type: NodePort
+
     nodePorts:
       tcp:
         9000: 30090
       udp:
         9001: 30091
 
+portNamePrefix: port
+
 tcp:
-  9000: "default/test:8080"
+  9000: default/test:8080
 
 udp:
-  9001: "default/test:8080"
+  9001: default/test:8080

charts/ingress-nginx/ci/daemonset-customconfig-values.yaml

@@ -1,14 +0,0 @@
-controller:
-  image:
-    repository: ingress-controller/controller
-    tag: 1.0.0-dev
-    digest: null
-  kind: DaemonSet
-  allowSnippetAnnotations: false
-  admissionWebhooks:
-    enabled: false
-  service:
-    type: ClusterIP
-
-  config:
-    use-proxy-protocol: "true"

charts/ingress-nginx/ci/daemonset-customnodeport-values.yaml

@@ -1,22 +0,0 @@
-controller:
-  kind: DaemonSet
-  image:
-    repository: ingress-controller/controller
-    tag: 1.0.0-dev
-    digest: null
-  admissionWebhooks:
-    enabled: false
-
-  service:
-    type: NodePort
-    nodePorts:
-      tcp:
-        9000: 30090
-      udp:
-        9001: 30091
-
-tcp:
-  9000: "default/test:8080"
-
-udp:
-  9001: "default/test:8080"

charts/ingress-nginx/ci/daemonset-extra-modules.yaml

@@ -1,13 +0,0 @@
-controller:
-  kind: DaemonSet
-  image:
-    repository: ingress-controller/controller
-    tag: 1.0.0-dev
-  service:
-    type: ClusterIP
-  extraModules:
-    - name: opentelemetry
-      image:
-        registry: registry.k8s.io
-        image: busybox
-        tag: latest

charts/ingress-nginx/ci/daemonset-headers-values.yaml

@@ -1,14 +0,0 @@
-controller:
-  kind: DaemonSet
-  image:
-    repository: ingress-controller/controller
-    tag: 1.0.0-dev
-    digest: null
-  admissionWebhooks:
-    enabled: false
-  addHeaders:
-    X-Frame-Options: deny
-  proxySetHeaders:
-    X-Forwarded-Proto: https
-  service:
-    type: ClusterIP

charts/ingress-nginx/ci/daemonset-nodeport-values.yaml

@@ -1,10 +0,0 @@
-controller:
-  kind: DaemonSet
-  image:
-    repository: ingress-controller/controller
-    tag: 1.0.0-dev
-    digest: null
-  admissionWebhooks:
-    enabled: false
-  service:
-    type: NodePort

charts/ingress-nginx/ci/daemonset-tcp-udp-configMapNamespace-values.yaml

@@ -1,20 +0,0 @@
-controller:
-  kind: DaemonSet
-  image:
-    repository: ingress-controller/controller
-    tag: 1.0.0-dev
-    digest: null
-  admissionWebhooks:
-    enabled: false
-  service:
-    type: ClusterIP
-  tcp:
-    configMapNamespace: default
-  udp:
-    configMapNamespace: default
-
-tcp:
-  9000: "default/test:8080"
-
-udp:
-  9001: "default/test:8080"

charts/ingress-nginx/ci/daemonset-tcp-udp-portNamePrefix-values.yaml

@@ -1,18 +0,0 @@
-controller:
-  kind: DaemonSet
-  image:
-    repository: ingress-controller/controller
-    tag: 1.0.0-dev
-    digest: null
-  admissionWebhooks:
-    enabled: false
-  service:
-    type: ClusterIP
-
-tcp:
-  9000: "default/test:8080"
-
-udp:
-  9001: "default/test:8080"
-
-portNamePrefix: "port"

charts/ingress-nginx/ci/daemonset-tcp-udp-values.yaml

@@ -1,16 +0,0 @@
-controller:
-  kind: DaemonSet
-  image:
-    repository: ingress-controller/controller
-    tag: 1.0.0-dev
-    digest: null
-  admissionWebhooks:
-    enabled: false
-  service:
-    type: ClusterIP
-
-tcp:
-  9000: "default/test:8080"
-
-udp:
-  9001: "default/test:8080"

charts/ingress-nginx/ci/daemonset-tcp-values.yaml

@@ -1,14 +0,0 @@
-controller:
-  kind: DaemonSet
-  image:
-    repository: ingress-controller/controller
-    tag: 1.0.0-dev
-    digest: null
-  admissionWebhooks:
-    enabled: false
-  service:
-    type: ClusterIP
-
-tcp:
-  9000: "default/test:8080"
-  9001: "default/test:8080"

charts/ingress-nginx/ci/deamonset-metrics-values.yaml

@@ -1,12 +0,0 @@
-controller:
-  kind: DaemonSet
-  image:
-    repository: ingress-controller/controller
-    tag: 1.0.0-dev
-    digest: null
-  admissionWebhooks:
-    enabled: false
-  metrics:
-    enabled: true
-  service:
-    type: ClusterIP

charts/ingress-nginx/ci/deployment-autoscaling-values.yaml

@@ -1,11 +0,0 @@
-controller:
-  image:
-    repository: ingress-controller/controller
-    tag: 1.0.0-dev
-    digest: null
-  autoscaling:
-    enabled: true
-  admissionWebhooks:
-    enabled: false
-  service:
-    type: ClusterIP

charts/ingress-nginx/ci/deployment-extra-modules-default-container-sec-context.yaml

@@ -1,15 +0,0 @@
-controller:
-  image:
-    repository: ingress-controller/controller
-    tag: 1.0.0-dev
-    digest: null
-  service:
-    type: ClusterIP
-  containerSecurityContext:
-    allowPrivilegeEscalation: false
-  extraModules:
-    - name: opentelemetry
-      image:
-        registry: registry.k8s.io
-        image: busybox
-        tag: latest

charts/ingress-nginx/ci/deployment-extra-modules-specific-container-sec-context.yaml

@@ -1,15 +0,0 @@
-controller:
-  image:
-    repository: ingress-controller/controller
-    tag: 1.0.0-dev
-    digest: null
-  service:
-    type: ClusterIP
-  extraModules:
-    - name: opentelemetry
-      image:
-        registry: registry.k8s.io
-        image: busybox
-        tag: latest
-      containerSecurityContext:
-        allowPrivilegeEscalation: false

charts/ingress-nginx/ci/deployment-extra-modules.yaml

@@ -1,13 +0,0 @@
-controller:
-  image:
-    repository: ingress-controller/controller
-    tag: 1.0.0-dev
-    digest: null
-  service:
-    type: ClusterIP
-  extraModules:
-    - name: opentelemetry
-      image:
-        registry: registry.k8s.io
-        image: busybox
-        tag: latest

charts/ingress-nginx/ci/deployment-headers-values.yaml

@@ -1,13 +0,0 @@
-controller:
-  image:
-    repository: ingress-controller/controller
-    tag: 1.0.0-dev
-    digest: null
-  admissionWebhooks:
-    enabled: false
-  addHeaders:
-    X-Frame-Options: deny
-  proxySetHeaders:
-    X-Forwarded-Proto: https
-  service:
-    type: ClusterIP

charts/ingress-nginx/ci/deployment-internal-lb-values.yaml

@@ -1,19 +0,0 @@
-controller:
-  image:
-    repository: ingress-controller/controller
-    tag: 1.0.0-dev
-    digest: null
-  admissionWebhooks:
-    enabled: false
-  service:
-    type: ClusterIP
-    internal:
-      enabled: true
-      annotations:
-        service.beta.kubernetes.io/aws-load-balancer-internal: "true"
-      ports:
-        http: 443
-        https: 80
-      targetPorts:
-        http: 443
-        https: 80

charts/ingress-nginx/ci/deployment-nodeport-values.yaml

@@ -1,9 +0,0 @@
-controller:
-  image:
-    repository: ingress-controller/controller
-    tag: 1.0.0-dev
-    digest: null
-  admissionWebhooks:
-    enabled: false
-  service:
-    type: NodePort

charts/ingress-nginx/ci/deployment-tcp-udp-configMapNamespace-values.yaml

@@ -1,19 +0,0 @@
-controller:
-  image:
-    repository: ingress-controller/controller
-    tag: 1.0.0-dev
-    digest: null
-  admissionWebhooks:
-    enabled: false
-  service:
-    type: ClusterIP
-  tcp:
-    configMapNamespace: default
-  udp:
-    configMapNamespace: default
-
-tcp:
-  9000: "default/test:8080"
-
-udp:
-  9001: "default/test:8080"

charts/ingress-nginx/ci/deployment-tcp-udp-portNamePrefix-values.yaml

@@ -1,17 +0,0 @@
-controller:
-  image:
-    repository: ingress-controller/controller
-    tag: 1.0.0-dev
-    digest: null
-  admissionWebhooks:
-    enabled: false
-  service:
-    type: ClusterIP
-
-tcp:
-  9000: "default/test:8080"
-
-udp:
-  9001: "default/test:8080"
-
-portNamePrefix: "port"

charts/ingress-nginx/ci/deployment-tcp-udp-values.yaml

@@ -1,15 +0,0 @@
-controller:
-  image:
-    repository: ingress-controller/controller
-    tag: 1.0.0-dev
-    digest: null
-  admissionWebhooks:
-    enabled: false
-  service:
-    type: ClusterIP
-
-tcp:
-  9000: "default/test:8080"
-
-udp:
-  9001: "default/test:8080"

charts/ingress-nginx/ci/deployment-tcp-values.yaml

@@ -1,11 +0,0 @@
-controller:
-  image:
-    repository: ingress-controller/controller
-    tag: 1.0.0-dev
-    digest: null
-  service:
-    type: ClusterIP
-
-tcp:
-  9000: "default/test:8080"
-  9001: "default/test:8080"

charts/ingress-nginx/ci/deployment-webhook-extraEnvs-values.yaml

@@ -1,12 +0,0 @@
-controller:
-  service:
-    type: ClusterIP
-  admissionWebhooks:
-    enabled: true
-    extraEnvs:
-      - name: FOO
-        value: foo
-      - name: TEST
-        value: test
-    patch:
-      enabled: true

charts/ingress-nginx/ci/deployment-webhook-resources-values.yaml

@@ -1,23 +0,0 @@
-controller:
-  service:
-    type: ClusterIP
-  admissionWebhooks:
-    enabled: true
-    createSecretJob:
-      resources:
-        limits:
-          cpu: 10m
-          memory: 20Mi
-        requests:
-          cpu: 10m
-          memory: 20Mi
-    patchWebhookJob:
-      resources:
-        limits:
-          cpu: 10m
-          memory: 20Mi
-        requests:
-          cpu: 10m
-          memory: 20Mi
-    patch:
-      enabled: true

docs/user-guide/third-party-addons/opentelemetry.md

@@ -191,7 +191,7 @@ To install the example and collectors run:
     helm repo add grafana https://grafana.github.io/helm-charts
     helm repo update
     # deploy cert-manager needed for OpenTelemetry collector operator
-    kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.9.1/cert-manager.yaml
+    kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.15.3/cert-manager.yaml
     # create observability namespace
     kubectl apply -f https://raw.githubusercontent.com/esigo/nginx-example/main/observability/namespace.yaml
     # install OpenTelemetry collector operator

magefiles/steps/helm.go

@@ -170,7 +170,7 @@ func runHelmDocs() error {
 	if err != nil {
 		return err
 	}
-	err = sh.RunV("helm-docs", "--chart-search-root=${PWD}/charts")
+	err = sh.RunV("helm-docs", "--chart-search-root", "${PWD}/charts")
 	if err != nil {
 		return err
 	}
@@ -181,7 +181,7 @@ func installHelmDocs() error {
 	utils.Info("HELM Install HelmDocs")
 	g0 := sh.RunCmd("go")
 
-	err := g0("install", "github.com/norwoodj/helm-docs/cmd/helm-docs@v1.11.0")
+	err := g0("install", "github.com/norwoodj/helm-docs/cmd/helm-docs@latest")
 	if err != nil {
 		return err
 	}

test/e2e/run-chart-test.sh

@@ -91,25 +91,28 @@ echo "[dev-env] copying docker images to cluster..."
 kind load docker-image --name="${KIND_CLUSTER_NAME}" --nodes=${KIND_WORKERS} ${REGISTRY}/controller:${TAG}
 
 if [ "${SKIP_CERT_MANAGER_CREATION:-false}" = "false" ]; then
-  curl -fsSL -o cmctl.tar.gz https://github.com/cert-manager/cert-manager/releases/download/v1.11.1/cmctl-linux-amd64.tar.gz
+  echo "[dev-env] deploying cert-manager..."
-  tar xzf cmctl.tar.gz
+
-  chmod +x cmctl
+  # Get OS & platform for downloading cmctl.
- ./cmctl help
+  os="$(uname -o | tr "[:upper:]" "[:lower:]" | sed "s/gnu\///")"
-  echo "[dev-env] apply cert-manager ..."
+  platform="$(uname -m | sed "s/aarch64/arm64/;s/x86_64/amd64/")"
-  kubectl apply --wait -f https://github.com/cert-manager/cert-manager/releases/download/v1.11.0/cert-manager.yaml
+
-  kubectl wait --timeout=30s --for=condition=available deployment/cert-manager -n cert-manager
+  # Download cmctl. Cannot validate checksum as OS & platform may vary.
-  kubectl get validatingwebhookconfigurations cert-manager-webhook -ojson | jq '.webhooks[].clientConfig'
+  curl --fail --location "https://github.com/cert-manager/cmctl/releases/download/v2.1.1/cmctl_${os}_${platform}.tar.gz" | tar --extract --gzip cmctl
-  kubectl get endpoints -n cert-manager cert-manager-webhook
+
-  ./cmctl check api --wait=2m
+  # Install cert-manager.
+  ./cmctl x install
+  ./cmctl check api --wait 1m
 fi
 
 echo "[dev-env] running helm chart e2e tests..."
-docker run --rm --interactive --network host \
+docker run \
   --name ct \
-    --volume $KUBECONFIG:/root/.kube/config \
+  --volume "${KUBECONFIG}:/root/.kube/config:ro" \
-    --volume "${DIR}/../../":/workdir \
+  --volume "${DIR}/../../:/workdir" \
+  --network host \
   --workdir /workdir \
+  --entrypoint ct \
+  --rm \
   registry.k8s.io/ingress-nginx/e2e-test-runner:v20240829-2c421762@sha256:5b7809bfe9cbd9cd6bcb8033ca27576ca704f05ce729fe4dcb574810f7a25785 \
-        ct install \
+    install --charts charts/ingress-nginx
-        --charts charts/ingress-nginx \
-        --helm-extra-args "--timeout 60s"