DevFW-CICD/ingress-nginx-helm
14
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
%!d() commits 4 branches 217 tags 166 MiB
Commit graph

438 commits

Author SHA1 Message Date
Rafael da Fonseca
4e11074323
Allow configuring nginx worker reload behaviour, to prevent multiple concurrent worker reloads which can lead to high resource usage and OOMKill (#10884) 
* feat: allow configuring nginx worker reload behaviour, to prevent multiple concurrent worker reloads

Signed-off-by: Rafael da Fonseca <rafael.fonseca@wildlifestudios.com>

* appease linter, remove unnecessary log line

Signed-off-by: Rafael da Fonseca <rafael.fonseca@wildlifestudios.com>

* Flip to using a positive behaviour flag instead of negative

Signed-off-by: Rafael da Fonseca <rafael.fonseca@wildlifestudios.com>

* Update helm-docs

Signed-off-by: Rafael da Fonseca <rafael.fonseca@wildlifestudios.com>

* Avoid calling GetBackendConfiguration() twice, use clearer name for helm chart option

Signed-off-by: Rafael da Fonseca <rafael.fonseca@wildlifestudios.com>

* Fix helm-docs ordering

Signed-off-by: Rafael da Fonseca <rafael.fonseca@wildlifestudios.com>

---------

Signed-off-by: Rafael da Fonseca <rafael.fonseca@wildlifestudios.com>
 2024-05-14 14:45:25 -07:00
NierYYDS
95554dccd2
fix: update kube version requirement to 1.21 (#11275) 
The controller depends on the v1 version of EndpointSlice, but the discovery.k8s.io/v1 API was first introduced in Kubernetes version 1.21.
 2024-04-18 10:06:32 -07:00
Marco Ebert
531b007b60
Chart: Add unit tests for default backend & topology spread constraints. (#11218) 
Also remove trailing whitespaces.
 2024-04-05 14:19:58 -07:00
Jozef Halgas
158ba45b0b
sort default backend hpa metrics (#11215) 2024-04-05 12:10:36 -07:00
Long Wu Yuan
5e0792ecb5
updated certgen image shatag (#11214) 2024-04-05 08:16:55 -07:00
Matheus Fidelis
e9509e27aa
feature(default_backend): topologySpreadConstraints on default backend (#11197) 
feature(default_backend): topologySpread support

feature(default_backend): topologySpread support

feature(default_backend): helm-docs

feature(default_backend): helm-docs

feature(default_backend): helm-docs

feature(default_backend): helm-docs

feature(default_backend): nit

feature(default_backend): nit

feature(default_backend): nit
 2024-04-05 04:54:48 -07:00
TheRealNoob
ad274ab2c6
Chart: Make controller.config templatable. (#11181) 
* [helm] pass controller.config through tpl

* add unittest

* update README.md

* Update charts/ingress-nginx/README.md

Co-authored-by: Marco Ebert <marco_ebert@icloud.com>

* Update charts/ingress-nginx/tests/controller-configmap_test.yaml

Co-authored-by: Marco Ebert <marco_ebert@icloud.com>

* Update charts/ingress-nginx/values.yaml

Co-authored-by: Marco Ebert <marco_ebert@icloud.com>

---------

Co-authored-by: Marco Ebert <marco_ebert@icloud.com>
 2024-04-04 12:50:05 -07:00
Marco Ebert
bf3fa53167
Owners: Promote Gacko to ingress-nginx-maintainers & ingress-nginx-reviewers. (#11165) 
* Owners: Sort `ingress-nginx-maintainers` & `ingress-nginx-reviewers`.

* Owners: Update URL in aliases.

* Images: Remove owners as it's identical to global owners.

* Images: Remove global owners from `kube-webhook-certgen` owners.

* Owners: Remove members from aliases covered by other aliases.

ingress-nginx-helm-maintainers:
- cpanato: Covered by ingress-nginx-maintainers
- strongjz: Covered by ingress-nginx-maintainers

ingress-nginx-helm-reviewers:
- cpanato: Covered by ingress-nginx-reviewers
- strongjz: Covered by ingress-nginx-reviewers

ingress-nginx-docs-maintainers:
- tao12345666333: Covered by ingress-nginx-maintainers

* Owners: Promote myself to `ingress-nginx-maintainers` & `ingress-nginx-reviewers`.
 2024-04-04 08:01:10 -07:00
Karol Kieglerski
b233a96faa
Fix-semver (#11193) 2024-04-04 06:08:00 -07:00
Carlos Tadeu Panato Junior
c0767ccc61
refactor helm ci tests part I (#11178) 
* refactor helm ci tests part I

Signed-off-by: cpanato <ctadeu@gmail.com>

* update indentation

Signed-off-by: cpanato <ctadeu@gmail.com>

* fix path

Signed-off-by: cpanato <ctadeu@gmail.com>

* more updates

Signed-off-by: cpanato <ctadeu@gmail.com>

* add helm-lint job

Signed-off-by: cpanato <ctadeu@gmail.com>

---------

Signed-off-by: cpanato <ctadeu@gmail.com>
 2024-03-31 13:21:33 -07:00
Matheus Fidelis
7c8af4928b
Controller: Make Leader Election TTL configurable. (#11142) 
* feature(leader_ttl): feature to customize ttl to leader be re-elected

* fix(review): docs
 2024-03-28 06:36:23 -07:00
Marco Ebert
56a0968675
Chart: Add IngressClass aliases. (#11109) 2024-03-17 14:27:27 -07:00
Marco Ebert
112b9bb028
Chart: Render controller.ingressClassResource.parameters natively. (#11108) 2024-03-14 06:23:13 -07:00
Marco Ebert
9480cde724
Chart: Align HPA & KEDA conditions. (#11110) 2024-03-12 06:43:51 -07:00
Marco Ebert
aa5deedae3
Chart: Add Gacko to maintainers. Again. (#11107) 2024-03-12 06:41:27 -07:00
Marco Ebert
2894b8a060
Chart: Improve IngressClass documentation. (#11104) 2024-03-12 06:39:07 -07:00
Ramon Borges
b5c447612c
Chart: Deploy PodDisruptionBudget with KEDA. (#11032) 
* feat: deploy PDB if Keda is enabled and the minimum amount of replicas is greater than 1

* feat: add the corresponding unit-test to check PDB deployment with Keda

* chore: rename the test of PDB to follow suggested pattern

* chore: update the test-case suite name to the new format

* Update charts/ingress-nginx/templates/controller-poddisruptionbudget.yaml

Co-authored-by: Marco Ebert <marco_ebert@icloud.com>

* Update charts/ingress-nginx/tests/controller-poddisruptionbudget_test.yaml

Co-authored-by: Marco Ebert <marco_ebert@icloud.com>

---------

Co-authored-by: Marco Ebert <marco_ebert@icloud.com>
 2024-03-11 14:14:25 -07:00
Matheus Fidelis
9b63559cbb
feature(leader_election): flag to disable leader election feature on controller (#11064) 2024-03-06 05:59:22 -08:00
Bartosz Fenski
683105ebdc
quotes around numbers fort ports definitions (#11052) 2024-03-02 22:54:36 -08:00
Ricardo Katz
dc999d81da
Release version v1.10.0 (#11039) 2024-02-28 16:41:06 -08:00
Ricardo Katz
7a75538dea
Bump kubewebhook certgen (#11034) 
Signed-off-by: Ricardo Katz <rikatz@users.noreply.github.com>
Co-authored-by: Jintao Zhang <zhangjintao9020@gmail.com>
 2024-02-27 21:32:13 -08:00
Bazze
bb6d1b77be
Update controller-prometheusrules.yaml (#8902) 
As fixed in pull request #7829 for the ServiceMonitor resource, this is also needed for the PrometheusRule. When
upgrading the ingress-nginx chart in our environment (via Pulumi) from a really old version to the latest (4.2.0) we
noticed it wanted to delete the PrometheusRule resource. This PR should fix that.
 2024-02-27 09:27:48 -08:00
Marco Ebert
3e740fe8e7
Chart: Set --enable-metrics depending on controller.metrics.enabled. (#10959) 2024-02-01 22:55:15 -08:00
Marco Ebert
48b9831122
Chart: Remove useless default from _params.tpl. (#10957) 2024-02-01 15:03:48 -08:00
James Strong
4e97379b4e
Release controller 1.9.6 and helm 4.9.1 (#10919) 
Signed-off-by: James Strong <strong.james.e@gmail.com>
 2024-01-26 23:45:19 -08:00
Marco Ebert
9de651aa7d
Chart: Add Gacko to maintainers. (#10796) 2023-12-21 14:42:18 +01:00
James Strong
0e47bfbfec release 1.9.5 docs 
Signed-off-by: James Strong <strong.james.e@gmail.com>
 2023-12-21 10:42:28 +01:00
Mathieu Parent
9db2eb965e
Add controller.metrics.serviceMonitor.annotations in Helm chart (#9677) 
Signed-off-by: Mathieu Parent <math.parent@gmail.com>
 2023-12-20 23:08:50 +01:00
Joshua Sleeper
707a5a0bea
fix(labels): use complete labels variable on default-backend deployment (#10317) 2023-12-20 21:50:46 +01:00
Marco Ebert
0e12525bdd Chart: Revert verion 4.8.4. 2023-12-20 19:30:43 +01:00
Marco Ebert
2f7f4d70eb Chart: Improve #10673. 2023-12-19 10:01:41 +01:00
AhmedGrati
6c876bba9a
fix: disable cluster wide controller role permissions (#10659) 
Signed-off-by: AhmedGrati <ahmedgrati1999@gmail.com>
 2023-12-15 14:25:39 +01:00
Stavros Foteinopoulos
be7f508c73
Add more unit tests to helm chart (#10731) 
* Add more unit tests to helm chart

Signed-off-by: Stavros Foteinopoulos <stafot@gmail.com>

* Apply suggestions from code review

Co-authored-by: Marco Ebert <marco_ebert@icloud.com>

* Apply suggestions from code review

Co-authored-by: Marco Ebert <marco_ebert@icloud.com>

* Apply suggestions from code review

Co-authored-by: Marco Ebert <marco_ebert@icloud.com>

* Use upstream helm-unittest repository

Signed-off-by: Stavros Foteinopoulos <stafot@gmail.com>

* Remove non existing value from controller unittest

Signed-off-by: Stavros Foteinopoulos <stafot@gmail.com>

* fix unit test

Signed-off-by: Stavros Foteinopoulos <stafot@gmail.com>

* Apply suggestions from code review

Co-authored-by: Marco Ebert <marco_ebert@icloud.com>

* Apply suggestions from code review

Co-authored-by: Marco Ebert <marco_ebert@icloud.com>

---------

Signed-off-by: Stavros Foteinopoulos <stafot@gmail.com>
Co-authored-by: Marco Ebert <marco_ebert@icloud.com>
 2023-12-14 16:17:09 +01:00
Marco Ebert
97d4a83e75
Deployment/DaemonSet: Remove distroless from extraModules templating. (#10742) 2023-12-13 09:29:06 +01:00
patst
7e31f818ff
helm: opentelemetry addon allow configuration of registry with setting tag (#9773) 
* feat: allow configuration of registry, image, tag and digest in single values for opentelemetry addon

* feat: allow configuration of registry, image, tag and digest in single values for opentelemetry addon

* add ci test file

* fix: updated helm-docs with opentelemetry image value

* fix: ci test case

* fix: ci test case set default registry, image + tag

* fix: ci test case set default registry + image

* fix: remove unrequired comment

* feat!: use extraModules helper method for templating the image value

* image definition for OTel image is now split up in image, repo and registry values

* feat!: move distroless config under the image key

* update helm-docs

* Refactor template to generate the image name

* adapt test cases for extraModules

* implement code review

* try to fix ci test for opentelemetry
 2023-12-08 11:09:34 +01:00
Marco Ebert
7e54daa909
Helm Service: Align internal to external. (#10239) 
* Service: Align internal to external.

* Service: Remove redundant condition.
 2023-12-05 17:25:04 +01:00
Marco Ebert
815a1c56a9
Chart: Simplify image templating. (#10708) 2023-12-05 17:22:12 +01:00
Ofir Shtrull
83f4332572
add new serivce type for internal use (#10727) 
* add new serivce type for internal use

* bump chart version

* lint

* fix tests

* fix readme

* Update charts/ingress-nginx/Chart.yaml

Co-authored-by: Marco Ebert <marco_ebert@icloud.com>

* Update charts/ingress-nginx/values.yaml

Co-authored-by: Marco Ebert <marco_ebert@icloud.com>

* rerun helm-docs

* Update charts/ingress-nginx/templates/controller-service-internal.yaml

Co-authored-by: Marco Ebert <marco_ebert@icloud.com>

* fix values

* fix values

---------

Co-authored-by: Marco Ebert <marco_ebert@icloud.com>
 2023-12-05 14:47:20 +01:00
Stavros Foteinopoulos
1f06e26080
Add extra configMaps support to helm chart (#10673) 
* Add extra configMaps support to helm chart

Signed-off-by: Stavros Foteinopoulos <stafot@gmail.com>

* Introducing unit tests for helm chart

Signed-off-by: Stavros Foteinopoulos <stafot@gmail.com>

---------

Signed-off-by: Stavros Foteinopoulos <stafot@gmail.com>
 2023-12-02 14:26:23 +01:00
Jmnote
bfc2300c3d
[charts] add controller.admissionWebhooks.networkPolicyEnabled (#10650) 
* add controller.admissionWebhooks.networkPolicyEnabled

Signed-off-by: Jmnote <opcore@gmail.com>

* .Values.controller.admissionWebhooks.patch.networkPolicy.enabled

---------

Signed-off-by: Jmnote <opcore@gmail.com>
 2023-11-29 22:39:51 +01:00
Marco Ebert
7b9e3566f7 Chart: Split CHANGELOG.md into changelog/helm-chart-*.md. 2023-11-28 09:52:26 +01:00
Marco Ebert
b8e4e3ceba Chart: Rename changelog/Changelog-*.md into changelog/helm-chart-*.md. 2023-11-28 09:20:12 +01:00
Marco Ebert
84ced1ed1c Chart: Improve changelog/helm-chart.md.gotmpl. 2023-11-28 09:20:12 +01:00
Marco Ebert
559c03d1d3 Chart: Rename changelog.md.gotmpl into changelog/helm-chart.md.gotmpl. 2023-11-28 09:20:12 +01:00
Marco Ebert
8b026f42d5
Chart: Tighten securityContexts and Pod Security Policies. (#10491) 
* Values: Fix docs of `controller.podSecurityContext` & `controller.sysctls`.

* Values: Add missing `controller.containerSecurityContext`.

Already in use, but has never been added to values.

* Values: Fix docs of `defaultBackend.podSecurityContext` & `defaultBackend.containerSecurityContext`.

* Helpers: Rename `controller.containerSecurityContext` to `ingress-nginx.controller.containerSecurityContext`.

Due to alignment with other templates.

* Helpers: Improve `extraModules`.

- Make `command` a multiline list.
- Fix `toYaml` usage.
- Remove `toYaml` where not necessary.

* Helpers: Move `ingress-nginx.defaultBackend.fullname`.

* Helpers: Add `ingress-nginx.defaultBackend.containerSecurityContext`.

Extracts the default backend `securityContext` into a template, as for the controller.

* Controller: Fix indentation of `controller.podSecurityContext` & `controller.sysctls`.

* Controller: Improve `controller.extraModules` & `controller.opentelemetry`.

- Add `controller.extraModules.distroless` & `controller.extraModules.resources`.
- Add `controller.opentelemetry.name` & `controller.opentelemetry.distroless`.
- Align `extraModules` inclusion for `controller.extraModules` & `controller.opentelemetry`.
- Remove redundant whitespaces.

* Controller/PSP: Align indentation.

* Controller/PSP: Remove quotes.

* Controller/PSP: Improve comments.

* Controller/PSP: Reorder fields.

See https://v1-24.docs.kubernetes.io/docs/concepts/security/pod-security-policy.

* Admission Webhooks: Fix indentation of `controller.admissionWebhooks.patch.securityContext`.

* Admission Webhooks/PSP: Align indentation.

* Admission Webhooks/PSP: Reorder fields.

* Admission Webhooks/PSP: Align condition.

* Admission Webhooks/ClusterRole: Align PSP rule.

* Default Backend/PSP: Align indentation.

* Default Backend/PSP: Reorder fields.

See https://v1-24.docs.kubernetes.io/docs/concepts/security/pod-security-policy.

* Values: Tighten `controller.image`.

Due to recent changes, the controller image can be run without privilege escalation:

- https://github.com/kubernetes/ingress-nginx/issues/8499
- https://github.com/kubernetes/ingress-nginx/pull/7449

* Values: Tighten `controller.extraModules.containerSecurityContext`.

* Values: Tighten `controller.opentelemetry.containerSecurityContext`.

* Values: Tighten `controller.admissionWebhooks.*.securityContext`.

Moves the pod `securityContext` to the containers to not interfere with injected containers.

* Values: Tighten `defaultBackend.image`.
 2023-11-07 18:52:36 +01:00
Marco Ebert
6499a6bd04
Chart: Fix pod selectors in NOTES.txt. (#10617) 
Also improve other `kubectl` commands.
 2023-11-07 18:46:40 +01:00
Leonardo Taccari
870847ad4c
Comment NGINXCertificateExpiry alert label matcher (#10613) 
If a valid certificate is passed via `--default-ssl-certificate` it is
probably desiderable that we check its expiration!

Add a comment to explain that.
 2023-11-05 12:23:43 +01:00
Philipp B
d6a0f46c32
chart: allow setting allocateLoadBalancerNodePorts (#10585) 
Signed-off-by: Philipp Born <git@pborn.eu>
 2023-11-02 22:45:46 +01:00
Leonardo Taccari
dc659b252d
Ignore fake certificate for NGINXCertificateExpiry (#10505) 
The fake certificate is only a fallback and it is okay-ish if it
expires.

Do not alert for its expiration.
 2023-11-02 21:11:03 +01:00
Marco Ebert
9cb3919e84
Chart: Improve #10539. (#10565) 
* Helpers: Align `ingress-nginx.namespace` to `ingress-nginx.name`.

* Templates: Remove quotes.

In alignment to others. Also does not make sense as `namespace` must conform to DNS.

* Admission Webhooks/Validating Webhook: Make use of `ingress-nginx.namespace`.

* KEDA: Remove comment.

* Templates: Add forgotten namespace definitions.
 2023-11-01 22:59:56 +01:00