DevFW-CICD/ingress-nginx-helm
12
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
7908 commits 4 branches 217 tags 166 MiB
Commit graph

64 commits

Author SHA1 Message Date
Aran Shavit
e07f0f6890
Chart: Set automountServiceAccountToken in workloads. (#12247) 
Signed-off-by: Aran Shavit <Aranshavit@gmail.com>
Co-authored-by: Marco Ebert <marco_ebert@icloud.com>
 2024-10-29 20:55:25 +00:00
Marco Ebert
45fc8860cf
Chart: Add global.image.registry. (#12028) 2024-09-30 09:26:04 +01:00
Marco Ebert
3f6e6aef78
Images: Remove OpenTelemetry. (#12024) 2024-09-29 17:31:04 +02:00
Marco Ebert
e972a35e98
Chart: Remove isControllerTagValid. (#11710) 2024-08-01 00:28:12 -07:00
TheRealNoob
af9e5246ad
Chart: Make pod affinity templatable. (#11453) 
* [helm] template pod affinity

* update README

* Apply suggestions from code review

Co-authored-by: Marco Ebert <marco_ebert@icloud.com>

* revert Chart.yaml version bump

* add unittests

* add docs defaultBackend.affinity

* add README section to values

* fix README syntax

* Apply suggestions from code review

Co-authored-by: Marco Ebert <marco_ebert@icloud.com>

* Update charts/ingress-nginx/values.yaml

Co-authored-by: Marco Ebert <marco_ebert@icloud.com>

* update formatting of unittests + add README examples

* fix affinity labels on default-backend

* Apply suggestions from code review

Co-authored-by: Marco Ebert <marco_ebert@icloud.com>

* remove double quotes on string

---------

Co-authored-by: Marco Ebert <marco_ebert@icloud.com>
 2024-06-14 02:13:44 -07:00
Marco Ebert
97d4a83e75
Deployment/DaemonSet: Remove distroless from extraModules templating. (#10742) 2023-12-13 09:29:06 +01:00
Marco Ebert
815a1c56a9
Chart: Simplify image templating. (#10708) 2023-12-05 17:22:12 +01:00
Marco Ebert
8b026f42d5
Chart: Tighten securityContexts and Pod Security Policies. (#10491) 
* Values: Fix docs of `controller.podSecurityContext` & `controller.sysctls`.

* Values: Add missing `controller.containerSecurityContext`.

Already in use, but has never been added to values.

* Values: Fix docs of `defaultBackend.podSecurityContext` & `defaultBackend.containerSecurityContext`.

* Helpers: Rename `controller.containerSecurityContext` to `ingress-nginx.controller.containerSecurityContext`.

Due to alignment with other templates.

* Helpers: Improve `extraModules`.

- Make `command` a multiline list.
- Fix `toYaml` usage.
- Remove `toYaml` where not necessary.

* Helpers: Move `ingress-nginx.defaultBackend.fullname`.

* Helpers: Add `ingress-nginx.defaultBackend.containerSecurityContext`.

Extracts the default backend `securityContext` into a template, as for the controller.

* Controller: Fix indentation of `controller.podSecurityContext` & `controller.sysctls`.

* Controller: Improve `controller.extraModules` & `controller.opentelemetry`.

- Add `controller.extraModules.distroless` & `controller.extraModules.resources`.
- Add `controller.opentelemetry.name` & `controller.opentelemetry.distroless`.
- Align `extraModules` inclusion for `controller.extraModules` & `controller.opentelemetry`.
- Remove redundant whitespaces.

* Controller/PSP: Align indentation.

* Controller/PSP: Remove quotes.

* Controller/PSP: Improve comments.

* Controller/PSP: Reorder fields.

See https://v1-24.docs.kubernetes.io/docs/concepts/security/pod-security-policy.

* Admission Webhooks: Fix indentation of `controller.admissionWebhooks.patch.securityContext`.

* Admission Webhooks/PSP: Align indentation.

* Admission Webhooks/PSP: Reorder fields.

* Admission Webhooks/PSP: Align condition.

* Admission Webhooks/ClusterRole: Align PSP rule.

* Default Backend/PSP: Align indentation.

* Default Backend/PSP: Reorder fields.

See https://v1-24.docs.kubernetes.io/docs/concepts/security/pod-security-policy.

* Values: Tighten `controller.image`.

Due to recent changes, the controller image can be run without privilege escalation:

- https://github.com/kubernetes/ingress-nginx/issues/8499
- https://github.com/kubernetes/ingress-nginx/pull/7449

* Values: Tighten `controller.extraModules.containerSecurityContext`.

* Values: Tighten `controller.opentelemetry.containerSecurityContext`.

* Values: Tighten `controller.admissionWebhooks.*.securityContext`.

Moves the pod `securityContext` to the containers to not interfere with injected containers.

* Values: Tighten `defaultBackend.image`.
 2023-11-07 18:52:36 +01:00
Marco Ebert
0120a2df48
Admission Webhook: Truncate name. (#10523) 2023-10-29 18:26:05 +01:00
jasine
7ce6cc88d8
feat: add namespace overrides (#10539) 
* feat: add namespace overrides

* add value in readme

* fix: readme description

* fix: description in value

* fix: set max length and trim last "-"
 2023-10-24 19:53:46 +02:00
Matt Clegg
b9d8bb406c
DOCS Remove support for running Both (#10255) 2023-10-12 19:51:40 +02:00
Marco Ebert
8f54b538d9
DaemonSet: Implement OpenTelemetry resources. (#10409) 2023-09-12 23:02:14 -07:00
Marco Ebert
2d03da6334
Deployment/DaemonSet: Fix templating & value. (#10240) 2023-09-10 07:20:09 -07:00
Marco Ebert
4869c8b462
Deployment/DaemonSet: Template topologySpreadConstraints. (#10259) 2023-09-10 05:38:10 -07:00
Federico Cuello
8c7981bfa2
helm: Fix opentelemetry module installation for daemonset (#9792) 
* fix: opentelemetry module for controller-daemonset

* fix: Align controller-daemonset with controller-deployment

* Fix typo in github/workflows/ci
 2023-05-22 07:42:34 -07:00
Adam Jacques
00bfb2e84a
Fix several Helm YAML issues with extraModules and extraInitContainers (#9709) 
* Fix indention issue for DaemonSets when using extraModules and extraInitContainers

* Improve documentation

* Unify and fix templating

* Enable support for the opentelemetry from values.yaml
 2023-03-21 06:37:08 -07:00
Marco Ebert
47eb3a17fd
Deployment/DaemonSet: Label pods using ingress-nginx.labels. (#9732) 2023-03-14 06:44:17 -07:00
Jan-Otto Kröpke
d7674e4323
feat(helm): Optionally use cert-manager instead admission patch (#9279) 2022-12-07 04:16:38 -08:00
pellmont
726d7e6239
add containerSecurityContext to extraModules init containers (kubernetes#9016) (#9242) 2022-11-10 02:38:54 -08:00
Njegos Railic
4d4358f673
Adding support for disabling liveness and readiness probes in the Helm chart (#9238) 2022-11-08 06:44:25 -08:00
Anders Swanson
e7c793f65d parameterize port name 2022-09-12 12:34:40 -07:00
Anders Swanson
6ef7317581 Revert "Metrics port name (Helm) (#8665)" 
This reverts commit adeb84aa38.
 2022-09-12 07:28:44 -07:00
Anders Swanson
adeb84aa38
Metrics port name (Helm) (#8665) 2022-08-22 16:20:09 -07:00
Mac Chaffee
6c3a237d7d
Add CAP_SYS_CHROOT to DS/PSP when needed (#8587) 
Signed-off-by: Mac Chaffee <me@macchaffee.com>
 2022-05-16 06:30:18 -07:00
Pavel Selivanov
61fcca3a3a
Add portNamePreffix Helm chart parameter (#8458) 
Allow user to set custom preffix for TCP and UDP ports
 2022-05-10 09:13:43 -07:00
Ricardo Katz
3def835a6a
Jail/chroot nginx process inside controller container (#8337) 
* Initial work on chrooting nginx process

* More improvements in chroot

* Fix charts and some file locations

* Fix symlink on non chrooted container

* fix psp test

* Add e2e tests to chroot image

* Fix logger

* Add internal logger in controller

* Fix overlay for chrooted tests

* Fix tests

* fix boilerplates

* Fix unittest to point to the right pid

* Fix PR review
 2022-04-08 21:48:04 -07:00
thomasbruggink
9180ef1ee4
Add the shareProcessNamespace as a configurable setting. (#8287) 2022-03-14 08:51:57 -07:00
Damien Mathieu
15b0aba03b
First sidecar module: OpenTelemetry (#8013) 
* remove opentelemetry from main nginx image

* add opentelemetry sidecar image

* handle extra modules in helm chart

* fix running helm chart

* mount the modules volume in the init container

* merge the mounted folder

* fix the otel image

* fix licence year

* fix cloudbuild image

* use the same nginx version as in the main image

* only retrieve /etc/nginx/modules for now
 2022-01-16 13:33:28 -08:00
Muhammad Hamza Zaib
30c0d2260d
[Helm] Add labels to resources (#6992) 
* Add labels to RBAC resources

* Add labels to all resources

* Fix labels indentaton in patch jobs

* Add controller and default backend labels to pods

Signed-off-by: Muhammad Hamza Zaib <hamzazaib3202@gmail.com>

* Bump chart version and update changelog

Signed-off-by: Muhammad Hamza Zaib <hamzazaib3202@gmail.com>
 2021-11-19 06:52:52 -08:00
Mmadu Manasseh
5a52d99ae8
Refactor: update DaemonSet and Deployment command params to use templates (#7689) 
* Refactor: update DaemonSet and Deployment command parameters to use helm templates

* Fix whitespace issues
 2021-10-14 01:23:19 -07:00
Ricardo Katz
cda59ccc9c
Add new flag to watch ingressclass by name instead of spec (#7609) 2021-09-10 10:14:01 -07:00
Maksim Nabokikh
4c4013904a
Add a flag to specify address to bind the healthz server (#7541) 
* Add a flag to specify address to bind the healthz server

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>

* Add healthz host to the helm chart

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>

* Apply suggestions from code review

Co-authored-by: Ricardo Katz <rikatz@users.noreply.github.com>

Co-authored-by: Ricardo Katz <rikatz@users.noreply.github.com>
 2021-08-26 05:13:23 -07:00
Ricardo Katz
90c79689c4
Release v1 (#7470) 
* Drop v1beta1 from ingress nginx (#7156)

* Drop v1beta1 from ingress nginx

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Fix intorstr logic in controller

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* fixing admission

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* more intorstr fixing

* correct template rendering

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Fix e2e tests for v1 api

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Fix gofmt errors

* This is finally working...almost there...

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Re-add removed validation of AdmissionReview

* Prepare for v1.0.0-alpha.1 release

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Update changelog and matrix table for v1.0.0-alpha.1 (#7274)

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* add docs for syslog feature (#7219)

* Fix link to e2e-tests.md in developer-guide (#7201)

* Use ENV expansion for namespace in args (#7146)

Update the DaemonSet namespace references to use the `POD_NAMESPACE` environment variable in the same way that the Deployment does.

* chart: using Helm builtin capabilities check (#7190)

Signed-off-by: Jintao Zhang <zhangjintao9020@gmail.com>

* Update proper default value for HTTP2MaxConcurrentStreams in Docs (#6944)

It should be 128 as documented in https://github.com/kubernetes/ingress-nginx/blob/master/internal/ingress/controller/config/config.go#L780

* Fix MaxWorkerOpenFiles calculation on high cores nodes (#7107)

* Fix MaxWorkerOpenFiles calculation on high cores nodes

* Add e2e test for rlimit_nofile

* Fix doc for max-worker-open-files

* ingress/tcp: add additional error logging on failed (#7208)

* Add file containing stable release (#7313)

* Handle named (non-numeric) ports correctly (#7311)

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

* Updated v1beta1 to v1 as its deprecated (#7308)

* remove mercurial from build (#7031)

* Retry to download maxmind DB if it fails (#7242)

* Retry to download maxmind DB if it fails.

Signed-off-by: Sergey Shakuto <sshakuto@infoblox.com>

* Add retries count arg, move retry logic into DownloadGeoLite2DB function

Signed-off-by: Sergey Shakuto <sshakuto@infoblox.com>

* Reorder parameters in DownloadGeoLite2DB

Signed-off-by: Sergey Shakuto <sshakuto@infoblox.com>

* Remove hardcoded value

Signed-off-by: Sergey Shakuto <sshakuto@infoblox.com>

* Release v1.0.0-alpha.1

* Add changelog for v1.0.0-alpha.2

* controller: ignore non-service backends (#7332)

* controller: ignore non-service backends

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

* update per feedback

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

* fix: allow scope/tcp/udp configmap namespace to altered (#7161)

* Lower webhook timeout for digital ocean (#7319)

* Lower webhook timeout for digital ocean

* Set Digital Ocean value controller.admissionWebhooks.timeoutSeconds to 29

* update OWNERS and aliases files (#7365) (#7366)

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

* Downgrade Lua modules for s390x (#7355)

Downgrade Lua modules to last known working version.

* Fix IngressClass logic for newer releases (#7341)

* Fix IngressClass logic for newer releases

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Change e2e tests for the new IngressClass presence

* Fix chart and admission tests

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Fix helm chart test

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Fix reviews

* Remove ingressclass code from admission

* update tag to v1.0.0-beta.1

* update readme and changelog for v1.0.0-beta.1

* Release v1.0.0-beta.1 - helm and manifests (#7422)

* Change the order of annotation just to trigger a new helm release (#7425)

* [cherry-pick] Add dev-v1 branch into helm releaser (#7428)

* Add dev-v1 branch into helm releaser (#7424)

* chore: add link for artifacthub.io/prerelease annotations

Signed-off-by: Jintao Zhang <zhangjintao9020@gmail.com>

Co-authored-by: Ricardo Katz <rikatz@users.noreply.github.com>

* k8s job ci pipeline for dev-v1 br v1.22.0 (#7453)

* k8s job ci pipeline for dev-v1 br v1.22.0

Signed-off-by: Neha Lohia <nehapithadiya444@gmail.com>

* k8s job ci pipeline for dev-v1 br v1.21.2

Signed-off-by: Neha Lohia <nehapithadiya444@gmail.com>

* remove v1.21.1 version

Signed-off-by: Neha Lohia <nehapithadiya444@gmail.com>

* Add controller.watchIngressWithoutClass config option (#7459)

Signed-off-by: Akshit Grover <akshit.grover2016@gmail.com>

* Release new helm chart with certgen fixed (#7478)

* Update go version, modules and remove ioutil

* Release new helm chart with certgen fixed

* changed appversion, chartversion, TAG, image (#7490)

* Fix CI conflict

* Fix CI conflict

* Fix build.sh from rebase process

* Fix controller_test post rebase

Co-authored-by: Tianhao Guo <rggth09@gmail.com>
Co-authored-by: Ray <61553+rctay@users.noreply.github.com>
Co-authored-by: Bill Cassidy <cassid4@gmail.com>
Co-authored-by: Jintao Zhang <tao12345666333@163.com>
Co-authored-by: Sathish Ramani <rsathishx87@gmail.com>
Co-authored-by: Mansur Marvanov <nanorobocop@gmail.com>
Co-authored-by: Matt1360 <568198+Matt1360@users.noreply.github.com>
Co-authored-by: Carlos Tadeu Panato Junior <ctadeu@gmail.com>
Co-authored-by: Kundan Kumar <kundan.kumar@india.nec.com>
Co-authored-by: Tom Hayward <thayward@infoblox.com>
Co-authored-by: Sergey Shakuto <sshakuto@infoblox.com>
Co-authored-by: Tore <tore.lonoy@gmail.com>
Co-authored-by: Bouke Versteegh <info@boukeversteegh.nl>
Co-authored-by: Shahid <shahid@us.ibm.com>
Co-authored-by: James Strong <strong.james.e@gmail.com>
Co-authored-by: Long Wu Yuan <longwuyuan@gmail.com>
Co-authored-by: Jintao Zhang <zhangjintao9020@gmail.com>
Co-authored-by: Neha Lohia <nehapithadiya444@gmail.com>
Co-authored-by: Akshit Grover <akshit.grover2016@gmail.com>
 2021-08-21 13:42:00 -07:00
kayrus
e53a11e839
Add hostname value to override pod's hostname (#7386) 2021-08-09 06:45:31 -07:00
Long
2a190d2657
added namespace field in the namespace scoped resource templates of helm chart (#7256) 
* added namespace field in the namespace scoped resource templates of helm chart

* moved namespace field from roleRef to metadata
 2021-06-21 04:56:51 -07:00
Zach Rhoads
f6dbd93865
updated values.yaml and templates to have separate values for registry and image with container images, left repository value for backwards compatability (#7095) 2021-05-23 09:07:38 -07:00
Brian Harwell
293071ae02
Add support for custom probes (#7137) 
* Add support for custom probes

* Fix lint issue with comment

* Bump chart version

* Fix lint issue
 2021-05-18 06:37:31 -07:00
amirschw
bee7360ca4 [Helm] allow configuring controller container name 
Signed-off-by: amirschw <24677563+amirschw@users.noreply.github.com>
 2021-04-13 15:34:13 +03:00
Maxim Pogozhiy
b55f4371e3 Add GeoIP Local mirror support 2020-12-28 17:37:26 +10:00
Kewei Ma
171843210c Fix liveness and readiness probe path in daemonset chart 2020-10-14 09:50:52 -05:00
Alessandro Vozza
3ae837b4b0 fix podAnnotations quotes for #6315 
bumped chart version, daemonset podannotations

missing end on podannotations

ci values files

new lines at the end of files
 2020-10-12 20:50:06 +02:00
Kewei Ma
c8294eaf4e Allow Helm Chart to customize admission webhook's annotations, timeoutSeconds, namespaceSelector, objectSelector and cert files locations 2020-10-08 14:37:15 -05:00
Manuel Alejandro de Brito Fontes
4b831c77b2
Refactor parsing of key values 2020-09-21 13:04:32 -03:00
Joseph Petersen
4733e7c0eb
add topologySpreadConstraint to controller 2020-09-11 15:41:44 +02:00
Anton Wolkov
fcbc3659b8 Misc fixes for nginx-ingress chart for better keel and prometheus-operator integration 
Update: allow values.yaml without labels to pass
 2020-08-31 23:14:44 +03:00
Anton Wolkov
0a45e3c655 Misc fixes for nginx-ingress chart for better keel and prometheus-operator integration 2020-08-31 22:46:43 +03:00
Manuel Alejandro de Brito Fontes
6c73d66ae6 Update helm chart for v0.34.0 2020-07-10 08:57:40 -04:00
Tobias Wolf
c56baf6b15
Add quoting to sysctls because numeric values need to be presented as strings (#5823) 2020-07-01 10:02:26 -04:00
Tobias Wolf
1d54d8b565 Add sysctl exemptions to controller PSP 
I would like to be able to support this construction in my DaemonSet, I have coontrol over the host and this is the easiest way yo bump the socket properties.
```yaml
securityContext:
  sysctls:
    - name: net.core.somaxconn
      value: "8192"
```
 2020-06-16 19:11:45 +02:00
Graham McGregor
2205edb16b Allow pulling images by digest 
The digest uniquely identifies a specific version of the image, so it is
never updated by Kubernetes unless you change the digest value. This is
desirable for security to gain confidence that no unvetted changes are
pulled to a deployment.
 2020-05-20 12:05:43 -04:00