DevFW-CICD/ingress-nginx-helm
14
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
%!d() commits 4 branches 217 tags 166 MiB
Commit graph

72 commits

Author SHA1 Message Date
Marco Ebert
45fc8860cf
Chart: Add global.image.registry. (#12028) 2024-09-30 09:26:04 +01:00
Marco Ebert
3f6e6aef78
Images: Remove OpenTelemetry. (#12024) 2024-09-29 17:31:04 +02:00
Trond
7b8d293d9b
Chart: Add controller.progressDeadlineSeconds. (#12017) 2024-09-27 11:14:01 +01:00
Marco Ebert
e972a35e98
Chart: Remove isControllerTagValid. (#11710) 2024-08-01 00:28:12 -07:00
TheRealNoob
af9e5246ad
Chart: Make pod affinity templatable. (#11453) 
* [helm] template pod affinity

* update README

* Apply suggestions from code review

Co-authored-by: Marco Ebert <marco_ebert@icloud.com>

* revert Chart.yaml version bump

* add unittests

* add docs defaultBackend.affinity

* add README section to values

* fix README syntax

* Apply suggestions from code review

Co-authored-by: Marco Ebert <marco_ebert@icloud.com>

* Update charts/ingress-nginx/values.yaml

Co-authored-by: Marco Ebert <marco_ebert@icloud.com>

* update formatting of unittests + add README examples

* fix affinity labels on default-backend

* Apply suggestions from code review

Co-authored-by: Marco Ebert <marco_ebert@icloud.com>

* remove double quotes on string

---------

Co-authored-by: Marco Ebert <marco_ebert@icloud.com>
 2024-06-14 02:13:44 -07:00
Marco Ebert
9480cde724
Chart: Align HPA & KEDA conditions. (#11110) 2024-03-12 06:43:51 -07:00
Marco Ebert
97d4a83e75
Deployment/DaemonSet: Remove distroless from extraModules templating. (#10742) 2023-12-13 09:29:06 +01:00
Marco Ebert
815a1c56a9
Chart: Simplify image templating. (#10708) 2023-12-05 17:22:12 +01:00
Marco Ebert
8b026f42d5
Chart: Tighten securityContexts and Pod Security Policies. (#10491) 
* Values: Fix docs of `controller.podSecurityContext` & `controller.sysctls`.

* Values: Add missing `controller.containerSecurityContext`.

Already in use, but has never been added to values.

* Values: Fix docs of `defaultBackend.podSecurityContext` & `defaultBackend.containerSecurityContext`.

* Helpers: Rename `controller.containerSecurityContext` to `ingress-nginx.controller.containerSecurityContext`.

Due to alignment with other templates.

* Helpers: Improve `extraModules`.

- Make `command` a multiline list.
- Fix `toYaml` usage.
- Remove `toYaml` where not necessary.

* Helpers: Move `ingress-nginx.defaultBackend.fullname`.

* Helpers: Add `ingress-nginx.defaultBackend.containerSecurityContext`.

Extracts the default backend `securityContext` into a template, as for the controller.

* Controller: Fix indentation of `controller.podSecurityContext` & `controller.sysctls`.

* Controller: Improve `controller.extraModules` & `controller.opentelemetry`.

- Add `controller.extraModules.distroless` & `controller.extraModules.resources`.
- Add `controller.opentelemetry.name` & `controller.opentelemetry.distroless`.
- Align `extraModules` inclusion for `controller.extraModules` & `controller.opentelemetry`.
- Remove redundant whitespaces.

* Controller/PSP: Align indentation.

* Controller/PSP: Remove quotes.

* Controller/PSP: Improve comments.

* Controller/PSP: Reorder fields.

See https://v1-24.docs.kubernetes.io/docs/concepts/security/pod-security-policy.

* Admission Webhooks: Fix indentation of `controller.admissionWebhooks.patch.securityContext`.

* Admission Webhooks/PSP: Align indentation.

* Admission Webhooks/PSP: Reorder fields.

* Admission Webhooks/PSP: Align condition.

* Admission Webhooks/ClusterRole: Align PSP rule.

* Default Backend/PSP: Align indentation.

* Default Backend/PSP: Reorder fields.

See https://v1-24.docs.kubernetes.io/docs/concepts/security/pod-security-policy.

* Values: Tighten `controller.image`.

Due to recent changes, the controller image can be run without privilege escalation:

- https://github.com/kubernetes/ingress-nginx/issues/8499
- https://github.com/kubernetes/ingress-nginx/pull/7449

* Values: Tighten `controller.extraModules.containerSecurityContext`.

* Values: Tighten `controller.opentelemetry.containerSecurityContext`.

* Values: Tighten `controller.admissionWebhooks.*.securityContext`.

Moves the pod `securityContext` to the containers to not interfere with injected containers.

* Values: Tighten `defaultBackend.image`.
 2023-11-07 18:52:36 +01:00
Marco Ebert
0120a2df48
Admission Webhook: Truncate name. (#10523) 2023-10-29 18:26:05 +01:00
jasine
7ce6cc88d8
feat: add namespace overrides (#10539) 
* feat: add namespace overrides

* add value in readme

* fix: readme description

* fix: description in value

* fix: set max length and trim last "-"
 2023-10-24 19:53:46 +02:00
Matt Clegg
b9d8bb406c
DOCS Remove support for running Both (#10255) 2023-10-12 19:51:40 +02:00
František Hána
06c64bf567
helm: add resources to opentelemetry init container (#10300) 2023-09-11 19:36:12 -07:00
Marco Ebert
2d03da6334
Deployment/DaemonSet: Fix templating & value. (#10240) 2023-09-10 07:20:09 -07:00
Marco Ebert
4869c8b462
Deployment/DaemonSet: Template topologySpreadConstraints. (#10259) 2023-09-10 05:38:10 -07:00
Ehsan Saei
3baa591bb5
promote distroless otel init image (#10257) 2023-08-02 03:34:49 -07:00
Jan-Otto Kröpke
afd1311f85
[helm] configure allow to configure hostAliases (#10180) 
Signed-off-by: Jan-Otto Kröpke <joe@cloudeteer.de>
 2023-07-28 04:41:56 -07:00
amirschw
1dd8d0cfd7
Ignore deployment template's replicas if KEDA is enabled (#9534) 2023-07-20 10:34:11 -07:00
Ehsan Saei
436df32c2c
add distroless otel init (#10035) 
add distroless otel init
 2023-06-12 03:47:48 -07:00
Adam Jacques
00bfb2e84a
Fix several Helm YAML issues with extraModules and extraInitContainers (#9709) 
* Fix indention issue for DaemonSets when using extraModules and extraInitContainers

* Improve documentation

* Unify and fix templating

* Enable support for the opentelemetry from values.yaml
 2023-03-21 06:37:08 -07:00
Marco Ebert
47eb3a17fd
Deployment/DaemonSet: Label pods using ingress-nginx.labels. (#9732) 2023-03-14 06:44:17 -07:00
Jan-Otto Kröpke
d7674e4323
feat(helm): Optionally use cert-manager instead admission patch (#9279) 2022-12-07 04:16:38 -08:00
Ehsan Saei
3474c33e15
update OpenTelemetry image (#9308) 
* update OpenTelemetry image

* review comment

* helm-docs

* clean
 2022-12-05 00:55:02 -08:00
pellmont
726d7e6239
add containerSecurityContext to extraModules init containers (kubernetes#9016) (#9242) 2022-11-10 02:38:54 -08:00
Njegos Railic
4d4358f673
Adding support for disabling liveness and readiness probes in the Helm chart (#9238) 2022-11-08 06:44:25 -08:00
James Strong
8f18c0f973
Merge pull request #9046 from anders-swanson/revert-8665-metrics-port-name 
Parameterize metrics port name
 2022-09-30 11:04:00 -04:00
Ehsan Saei
1a078af307
fix chroot module mount path (#9090) 2022-09-28 14:02:30 -07:00
Anders Swanson
e7c793f65d parameterize port name 2022-09-12 12:34:40 -07:00
Anders Swanson
6ef7317581 Revert "Metrics port name (Helm) (#8665)" 
This reverts commit adeb84aa38.
 2022-09-12 07:28:44 -07:00
Anders Swanson
adeb84aa38
Metrics port name (Helm) (#8665) 2022-08-22 16:20:09 -07:00
Pavel Selivanov
61fcca3a3a
Add portNamePreffix Helm chart parameter (#8458) 
Allow user to set custom preffix for TCP and UDP ports
 2022-05-10 09:13:43 -07:00
Ricardo Katz
3def835a6a
Jail/chroot nginx process inside controller container (#8337) 
* Initial work on chrooting nginx process

* More improvements in chroot

* Fix charts and some file locations

* Fix symlink on non chrooted container

* fix psp test

* Add e2e tests to chroot image

* Fix logger

* Add internal logger in controller

* Fix overlay for chrooted tests

* Fix tests

* fix boilerplates

* Fix unittest to point to the right pid

* Fix PR review
 2022-04-08 21:48:04 -07:00
thomasbruggink
9180ef1ee4
Add the shareProcessNamespace as a configurable setting. (#8287) 2022-03-14 08:51:57 -07:00
Damien Mathieu
15b0aba03b
First sidecar module: OpenTelemetry (#8013) 
* remove opentelemetry from main nginx image

* add opentelemetry sidecar image

* handle extra modules in helm chart

* fix running helm chart

* mount the modules volume in the init container

* merge the mounted folder

* fix the otel image

* fix licence year

* fix cloudbuild image

* use the same nginx version as in the main image

* only retrieve /etc/nginx/modules for now
 2022-01-16 13:33:28 -08:00
Muhammad Hamza Zaib
30c0d2260d
[Helm] Add labels to resources (#6992) 
* Add labels to RBAC resources

* Add labels to all resources

* Fix labels indentaton in patch jobs

* Add controller and default backend labels to pods

Signed-off-by: Muhammad Hamza Zaib <hamzazaib3202@gmail.com>

* Bump chart version and update changelog

Signed-off-by: Muhammad Hamza Zaib <hamzazaib3202@gmail.com>
 2021-11-19 06:52:52 -08:00
Adam Graves
6299c39842
Allow setting of container securityContext (#7533) 
Currently this blocks deployments on clusters with global PodSecurityPolicies set

Signed-off-by: Adam Graves <adam.graves85@gmail.com>
 2021-11-15 13:54:49 -08:00
WMP
5b94d83aeb
priorityClassName should be in " " (#7512) 
* priorityClassName should be in " "

Example:  https://github.com/helm/charts/blob/master/stable/k8s-spot-rescheduler/templates/deployment.yaml#L28

* Update charts/ingress-nginx/templates/controller-deployment.yaml

Co-authored-by: Alex Harder <13860012+ChiefAlexander@users.noreply.github.com>

Co-authored-by: Ricardo Katz <rikatz@users.noreply.github.com>
Co-authored-by: Alex Harder <13860012+ChiefAlexander@users.noreply.github.com>
 2021-10-24 15:28:21 -07:00
Mmadu Manasseh
5a52d99ae8
Refactor: update DaemonSet and Deployment command params to use templates (#7689) 
* Refactor: update DaemonSet and Deployment command parameters to use helm templates

* Fix whitespace issues
 2021-10-14 01:23:19 -07:00
Ricardo Katz
cda59ccc9c
Add new flag to watch ingressclass by name instead of spec (#7609) 2021-09-10 10:14:01 -07:00
Maksim Nabokikh
4c4013904a
Add a flag to specify address to bind the healthz server (#7541) 
* Add a flag to specify address to bind the healthz server

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>

* Add healthz host to the helm chart

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>

* Apply suggestions from code review

Co-authored-by: Ricardo Katz <rikatz@users.noreply.github.com>

Co-authored-by: Ricardo Katz <rikatz@users.noreply.github.com>
 2021-08-26 05:13:23 -07:00
Ricardo Katz
90c79689c4
Release v1 (#7470) 
* Drop v1beta1 from ingress nginx (#7156)

* Drop v1beta1 from ingress nginx

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Fix intorstr logic in controller

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* fixing admission

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* more intorstr fixing

* correct template rendering

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Fix e2e tests for v1 api

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Fix gofmt errors

* This is finally working...almost there...

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Re-add removed validation of AdmissionReview

* Prepare for v1.0.0-alpha.1 release

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Update changelog and matrix table for v1.0.0-alpha.1 (#7274)

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* add docs for syslog feature (#7219)

* Fix link to e2e-tests.md in developer-guide (#7201)

* Use ENV expansion for namespace in args (#7146)

Update the DaemonSet namespace references to use the `POD_NAMESPACE` environment variable in the same way that the Deployment does.

* chart: using Helm builtin capabilities check (#7190)

Signed-off-by: Jintao Zhang <zhangjintao9020@gmail.com>

* Update proper default value for HTTP2MaxConcurrentStreams in Docs (#6944)

It should be 128 as documented in https://github.com/kubernetes/ingress-nginx/blob/master/internal/ingress/controller/config/config.go#L780

* Fix MaxWorkerOpenFiles calculation on high cores nodes (#7107)

* Fix MaxWorkerOpenFiles calculation on high cores nodes

* Add e2e test for rlimit_nofile

* Fix doc for max-worker-open-files

* ingress/tcp: add additional error logging on failed (#7208)

* Add file containing stable release (#7313)

* Handle named (non-numeric) ports correctly (#7311)

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

* Updated v1beta1 to v1 as its deprecated (#7308)

* remove mercurial from build (#7031)

* Retry to download maxmind DB if it fails (#7242)

* Retry to download maxmind DB if it fails.

Signed-off-by: Sergey Shakuto <sshakuto@infoblox.com>

* Add retries count arg, move retry logic into DownloadGeoLite2DB function

Signed-off-by: Sergey Shakuto <sshakuto@infoblox.com>

* Reorder parameters in DownloadGeoLite2DB

Signed-off-by: Sergey Shakuto <sshakuto@infoblox.com>

* Remove hardcoded value

Signed-off-by: Sergey Shakuto <sshakuto@infoblox.com>

* Release v1.0.0-alpha.1

* Add changelog for v1.0.0-alpha.2

* controller: ignore non-service backends (#7332)

* controller: ignore non-service backends

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

* update per feedback

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

* fix: allow scope/tcp/udp configmap namespace to altered (#7161)

* Lower webhook timeout for digital ocean (#7319)

* Lower webhook timeout for digital ocean

* Set Digital Ocean value controller.admissionWebhooks.timeoutSeconds to 29

* update OWNERS and aliases files (#7365) (#7366)

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

* Downgrade Lua modules for s390x (#7355)

Downgrade Lua modules to last known working version.

* Fix IngressClass logic for newer releases (#7341)

* Fix IngressClass logic for newer releases

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Change e2e tests for the new IngressClass presence

* Fix chart and admission tests

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Fix helm chart test

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Fix reviews

* Remove ingressclass code from admission

* update tag to v1.0.0-beta.1

* update readme and changelog for v1.0.0-beta.1

* Release v1.0.0-beta.1 - helm and manifests (#7422)

* Change the order of annotation just to trigger a new helm release (#7425)

* [cherry-pick] Add dev-v1 branch into helm releaser (#7428)

* Add dev-v1 branch into helm releaser (#7424)

* chore: add link for artifacthub.io/prerelease annotations

Signed-off-by: Jintao Zhang <zhangjintao9020@gmail.com>

Co-authored-by: Ricardo Katz <rikatz@users.noreply.github.com>

* k8s job ci pipeline for dev-v1 br v1.22.0 (#7453)

* k8s job ci pipeline for dev-v1 br v1.22.0

Signed-off-by: Neha Lohia <nehapithadiya444@gmail.com>

* k8s job ci pipeline for dev-v1 br v1.21.2

Signed-off-by: Neha Lohia <nehapithadiya444@gmail.com>

* remove v1.21.1 version

Signed-off-by: Neha Lohia <nehapithadiya444@gmail.com>

* Add controller.watchIngressWithoutClass config option (#7459)

Signed-off-by: Akshit Grover <akshit.grover2016@gmail.com>

* Release new helm chart with certgen fixed (#7478)

* Update go version, modules and remove ioutil

* Release new helm chart with certgen fixed

* changed appversion, chartversion, TAG, image (#7490)

* Fix CI conflict

* Fix CI conflict

* Fix build.sh from rebase process

* Fix controller_test post rebase

Co-authored-by: Tianhao Guo <rggth09@gmail.com>
Co-authored-by: Ray <61553+rctay@users.noreply.github.com>
Co-authored-by: Bill Cassidy <cassid4@gmail.com>
Co-authored-by: Jintao Zhang <tao12345666333@163.com>
Co-authored-by: Sathish Ramani <rsathishx87@gmail.com>
Co-authored-by: Mansur Marvanov <nanorobocop@gmail.com>
Co-authored-by: Matt1360 <568198+Matt1360@users.noreply.github.com>
Co-authored-by: Carlos Tadeu Panato Junior <ctadeu@gmail.com>
Co-authored-by: Kundan Kumar <kundan.kumar@india.nec.com>
Co-authored-by: Tom Hayward <thayward@infoblox.com>
Co-authored-by: Sergey Shakuto <sshakuto@infoblox.com>
Co-authored-by: Tore <tore.lonoy@gmail.com>
Co-authored-by: Bouke Versteegh <info@boukeversteegh.nl>
Co-authored-by: Shahid <shahid@us.ibm.com>
Co-authored-by: James Strong <strong.james.e@gmail.com>
Co-authored-by: Long Wu Yuan <longwuyuan@gmail.com>
Co-authored-by: Jintao Zhang <zhangjintao9020@gmail.com>
Co-authored-by: Neha Lohia <nehapithadiya444@gmail.com>
Co-authored-by: Akshit Grover <akshit.grover2016@gmail.com>
 2021-08-21 13:42:00 -07:00
kayrus
e53a11e839
Add hostname value to override pod's hostname (#7386) 2021-08-09 06:45:31 -07:00
Long
2a190d2657
added namespace field in the namespace scoped resource templates of helm chart (#7256) 
* added namespace field in the namespace scoped resource templates of helm chart

* moved namespace field from roleRef to metadata
 2021-06-21 04:56:51 -07:00
Zach Rhoads
f6dbd93865
updated values.yaml and templates to have separate values for registry and image with container images, left repository value for backwards compatability (#7095) 2021-05-23 09:07:38 -07:00
Brian Harwell
293071ae02
Add support for custom probes (#7137) 
* Add support for custom probes

* Fix lint issue with comment

* Bump chart version

* Fix lint issue
 2021-05-18 06:37:31 -07:00
amirschw
bee7360ca4 [Helm] allow configuring controller container name 
Signed-off-by: amirschw <24677563+amirschw@users.noreply.github.com>
 2021-04-13 15:34:13 +03:00
Alessandro Vozza
3ae837b4b0 fix podAnnotations quotes for #6315 
bumped chart version, daemonset podannotations

missing end on podannotations

ci values files

new lines at the end of files
 2020-10-12 20:50:06 +02:00
Kewei Ma
c8294eaf4e Allow Helm Chart to customize admission webhook's annotations, timeoutSeconds, namespaceSelector, objectSelector and cert files locations 2020-10-08 14:37:15 -05:00
Manuel Alejandro de Brito Fontes
4b831c77b2
Refactor parsing of key values 2020-09-21 13:04:32 -03:00
Joseph Petersen
4733e7c0eb
add topologySpreadConstraint to controller 2020-09-11 15:41:44 +02:00