DevFW-CICD/ingress-nginx-helm
12
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
7908 commits 4 branches 217 tags 166 MiB
Commit graph

258 commits

Author SHA1 Message Date
pellmont
726d7e6239
add containerSecurityContext to extraModules init containers (kubernetes#9016) (#9242) 2022-11-10 02:38:54 -08:00
Njegos Railic
4d4358f673
Adding support for disabling liveness and readiness probes in the Helm chart (#9238) 2022-11-08 06:44:25 -08:00
Youssef Bel Mekki
ac1a3363bd
add:(admission-webhooks) ability to set securityContext for job-containers createSecret and patchWebhook (#9186) 
Signed-off-by: ybelMekk <youssef.bel.mekki@nav.no>

Signed-off-by: ybelMekk <youssef.bel.mekki@nav.no>
 2022-10-25 14:14:36 -07:00
FutureMatt
249780737c
#7652 - Updated Helm chart to use the fullname for the electionID if not specified. (#9133) 
* Automatically generate electionID from the fullname or use the set value.

* Updated the chart readme to include the new empty default.

* Rebuilt the Helm readme with helm-docs.
 2022-10-13 07:37:01 -07:00
Marco Ebert
83aa9e472f
Rename controller-wehbooks-networkpolicy.yaml -> controller-webhooks-networkpolicy.yaml. (#9123) 2022-10-05 09:14:05 -07:00
Matt Lauber
dacb8da058
Fix yaml formatting error with multiple annotations (#9104) 
When using multiple values for the `serviceAccount.annotations` values, the first line ends up indented 2 further than the following lines, resulting in a invalid yaml
 2022-09-30 08:06:29 -07:00
James Strong
8f18c0f973
Merge pull request #9046 from anders-swanson/revert-8665-metrics-port-name 
Parameterize metrics port name
 2022-09-30 11:04:00 -04:00
Ehsan Saei
1a078af307
fix chroot module mount path (#9090) 2022-09-28 14:02:30 -07:00
Wilmar den Ouden
67f7d3da63
fix: do not apply job-patch psp on Kubernetes 1.25 and newer (#9074) 
* fix: do not apply job-patch psp on Kubernetes 1.25 and newer

Signed-off-by: wilmarguida <w.denouden@guida.nl>

* fix: bump kubernetes version for helm chart CI to 1.25.0

Signed-off-by: wilmarguida <w.denouden@guida.nl>

Signed-off-by: wilmarguida <w.denouden@guida.nl>
 2022-09-24 04:38:05 -07:00
Tomas Hulata
3579ed0487
feat: switch from endpoints to endpointslices (#8890) 
* endpointslices

Signed-off-by: tombokombo <tombo@sysart.tech>

* cleanup

Signed-off-by: tombokombo <tombo@sysart.tech>

* fix rbac

Signed-off-by: tombokombo <tombo@sysart.tech>

* fix comments

Signed-off-by: tombokombo <tombo@sysart.tech>

* cleanup store, add store tests

Signed-off-by: tombokombo <tombo@sysart.tech>

* fix copyright date

Signed-off-by: tombokombo <tombo@sysart.tech>

Signed-off-by: tombokombo <tombo@sysart.tech>
 2022-09-23 12:38:04 -07:00
Anders Swanson
e7c793f65d parameterize port name 2022-09-12 12:34:40 -07:00
Anders Swanson
6ef7317581 Revert "Metrics port name (Helm) (#8665)" 
This reverts commit adeb84aa38.
 2022-09-12 07:28:44 -07:00
James Strong
db3cdc04e4
release 1.3.1 (#9014) 
* release 1.3.1

Signed-off-by: James Strong <strong.james.e@gmail.com>

* fix readme

Signed-off-by: James Strong <strong.james.e@gmail.com>

* fix readme

Signed-off-by: James Strong <strong.james.e@gmail.com>

* fix readme

Signed-off-by: James Strong <strong.james.e@gmail.com>

* Fix chart linter

* Fix helm docs

* Fix helm docs

* fix helm docs

* Add warning about lease change

* Disable PSP in v1.25

* rollback cluster in helmchart to psp tests

Signed-off-by: James Strong <strong.james.e@gmail.com>
Co-authored-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>
 2022-09-05 04:28:36 -07:00
Jintao Zhang
ffcf13c09b
revert changes to configmap resource permissions (#8959) 
Signed-off-by: Jintao Zhang <zhangjintao9020@gmail.com>

Signed-off-by: Jintao Zhang <zhangjintao9020@gmail.com>
 2022-08-23 00:29:24 -07:00
Anders Swanson
adeb84aa38
Metrics port name (Helm) (#8665) 2022-08-22 16:20:09 -07:00
omichels
cad575e923
securityContext in admission-webhook now configurable e.g. to set seccompProfiles (#8930) 
* Make securityContext in admission-webhook more configurable e.g. to set seccompProfiles

Signed-off-by: Oliver Michels <oliver.michels@aldi-sued.com>

* Make securityContext in admission-webhook more configurable e.g. to set seccompProfiles

Signed-off-by: Oliver Michels <oliver.michels@aldi-sued.com>

* Make securityContext in admission-webhook more configurable e.g. to set seccompProfiles

Signed-off-by: Oliver Michels <oliver.michels@aldi-sued.com>

* Make securityContext in admission-webhook more configurable e.g. to set seccompProfiles

Signed-off-by: Oliver Michels <oliver.michels@aldi-sued.com>

Signed-off-by: Oliver Michels <oliver.michels@aldi-sued.com>
 2022-08-22 16:12:09 -07:00
Mangirdas Judeikis
1791b62e45
Add NetworkPolicy support (#8928) 
* Add NetworkPolicy support

* add doc for np
 2022-08-22 16:08:09 -07:00
Jintao Zhang
730174f73d
feat: using LeaseLock for election (#8921) 
We removed the use of configmap as an election lock, so we will use the
Lease API to complete the election.

Before this, we used `MultiLock` to facilitate smooth migration of
existing users of ingress-nginx from configmap to LeaseLock.

Signed-off-by: Jintao Zhang <zhangjintao9020@gmail.com>

Signed-off-by: Jintao Zhang <zhangjintao9020@gmail.com>
 2022-08-22 15:38:16 -07:00
Steven Bambling
9325819345
Add condition for monitoring.coreos.com/v1 API (#8770) 2022-07-10 14:05:47 -07:00
Jintao Zhang
cf4dca8e43
feat: migrate leaderelection lock to leases (#8733) 
* feat: migrate leaderelection lock to leases

Signed-off-by: Jintao Zhang <zhangjintao9020@gmail.com>

* Update RBAC

Co-authored-by: Shafeeque E S <shafeeque.e.s@sap.com>
 2022-07-09 05:37:46 -07:00
Eric84626
7806159b38
support extraEnvs for job resources in helm chart (#8545) 
* support extraEnvs for job resources in helm chart

Signed-off-by: Li, Eric <Xiannan.li@fmr.com>

* Update helm doc

* Update helm doc

* Updated helm doc - add controller.admissionWebhooks.extraEnvs

* Added some test data for webhook controller.admissionWebhooks.extraEnvs

* added new line at the end of deployment-webhook-extraEnvs-values.yaml

* Fixed helm chart test issue
 2022-06-21 07:16:26 -07:00
Mac Chaffee
6c3a237d7d
Add CAP_SYS_CHROOT to DS/PSP when needed (#8587) 
Signed-off-by: Mac Chaffee <me@macchaffee.com>
 2022-05-16 06:30:18 -07:00
Pavel Selivanov
61fcca3a3a
Add portNamePreffix Helm chart parameter (#8458) 
Allow user to set custom preffix for TCP and UDP ports
 2022-05-10 09:13:43 -07:00
Ricardo Katz
3def835a6a
Jail/chroot nginx process inside controller container (#8337) 
* Initial work on chrooting nginx process

* More improvements in chroot

* Fix charts and some file locations

* Fix symlink on non chrooted container

* fix psp test

* Add e2e tests to chroot image

* Fix logger

* Add internal logger in controller

* Fix overlay for chrooted tests

* Fix tests

* fix boilerplates

* Fix unittest to point to the right pid

* Fix PR review
 2022-04-08 21:48:04 -07:00
James Strong
ac3b86b2c3
release 1.1.3 details (#8411) 
* release 1.1.3 details
fix the readme with right sha and version
remove helm label
fix issue 8329
fix the 1.20 service after the fix for ipv6
udpate readme and change for patches

* update helm doc

Signed-off-by: James Strong <strong.james.e@gmail.com>
 2022-04-01 09:14:46 -07:00
thomasbruggink
9180ef1ee4
Add the shareProcessNamespace as a configurable setting. (#8287) 2022-03-14 08:51:57 -07:00
dylan-bitovi
4ecb3520c8
Add fsGroup value to admission-webhooks/job-patch charts (#8267) 
* added fsGroup to admission createSecret and patchWebhook job

* added fsGroup to admission createSecret and patchWebhook job

* modified helm/README.md to add value for fsGroup

* fixed patch job values ordering

* remove manually edited README for replacement with helm-docs generated version

* re-adding charts/README.md generated by helm-docs
 2022-02-28 07:10:57 -08:00
Romain Dauby
527361c8eb
Minor fix for missing pathType property (#8244) 2022-02-20 13:14:11 -08:00
Tomas Hulata
4b4895b53b
add ingress.class (#8136) 
Signed-off-by: tombokombo <tombo@sysart.tech>
 2022-02-06 12:18:51 -08:00
stoupance
0f464333a9
Remove Capabilities.APIVersions for Kustomize to parse file (#7829) 2022-02-01 09:34:10 -08:00
Billy Walker
0c2070ef4a
Adding annotations to the controller service account (#8173) 
* fix: adding annotations to the controller service account

* fix: adding annotations to the controller service account
 2022-01-26 19:12:50 -08:00
Arthur Woimbée
a665a409da
helm: ServiceMonitor: sane default namespaceSelector (#7998) 
* helm: service-monitor: sane default namespaceSelector

* chart version bump (4.0.16)
 2022-01-17 15:28:49 -08:00
Marc Portabella Clotet
4badf20173
#7271 feat: avoid-pdb-creation-when-default-backend-disabled-and-replicas-gt-1 (#8155) 
* feat: avoid-pdb-creation-when-default-backend-disabled-and-replicas-gt-1

* fix: added-eol

* feat: avoid-pdb-creation-when-default-backend-disabled-and-replicas-gt-1

* fix: added-eol
 2022-01-17 15:16:49 -08:00
Nicolas Lamirault
3732681588
Support additonal labels and all Kubernetes recommanded labels (#7186) 
* Add: Kubernetes recommanded labels

Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com>

* Add: support additional labels

Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com>

* Add: commonLabels default value

Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com>
 2022-01-16 14:29:28 -08:00
Damien Mathieu
15b0aba03b
First sidecar module: OpenTelemetry (#8013) 
* remove opentelemetry from main nginx image

* add opentelemetry sidecar image

* handle extra modules in helm chart

* fix running helm chart

* mount the modules volume in the init container

* merge the mounted folder

* fix the otel image

* fix licence year

* fix cloudbuild image

* use the same nginx version as in the main image

* only retrieve /etc/nginx/modules for now
 2022-01-16 13:33:28 -08:00
Alex Sears
84db822a94
Add newline indenting to admission webhook annotations (#8015) 
Signed-off-by: Alex Sears <me@alexsears.com>
 2021-12-07 11:26:37 -08:00
Daniel Sim
f7a5704be8
Add relabelings in controller-servicemonitor.yaml (#8008) 
* Add relabelings above metricRelabelings in controller-servicemonitor.yaml

* Bump chart version to 4.0.13, Add to CHANGELOG

* Rename PR/CHANGELOG
 2021-12-06 05:50:32 -08:00
Alex Co
ea1099abc9
allow set annotations for admission Jobs (#7979) 
* allow set annotations for admission Jobs

Signed-off-by: Alex Co <tuanclq@gmail.com>

* Bump chart version & update CHANGELOG

Signed-off-by: Alex Co <tuanclq@gmail.com>

* Bump chart version again

Signed-off-by: Alex Co <tuanclq@gmail.com>

* Add example

Signed-off-by: Alex Co <tuanclq@gmail.com>
 2021-11-29 03:33:22 -08:00
Anton Holovin
5a5bff1fb9
Making Kube service appProtocol field optional (#7873) 2021-11-26 02:36:52 -08:00
Steve Griffith
e57d2f63fa
applied allowPrivilegeEscalation=false (#7948) 2021-11-20 12:52:59 -08:00
Muhammad Hamza Zaib
30c0d2260d
[Helm] Add labels to resources (#6992) 
* Add labels to RBAC resources

* Add labels to all resources

* Fix labels indentaton in patch jobs

* Add controller and default backend labels to pods

Signed-off-by: Muhammad Hamza Zaib <hamzazaib3202@gmail.com>

* Bump chart version and update changelog

Signed-off-by: Muhammad Hamza Zaib <hamzazaib3202@gmail.com>
 2021-11-19 06:52:52 -08:00
Nithya
7d17ff35fa
helm chart: choice option for internal/external loadbalancer type service (#7806) 2021-11-15 15:13:52 -08:00
Adam Graves
6299c39842
Allow setting of container securityContext (#7533) 
Currently this blocks deployments on clusters with global PodSecurityPolicies set

Signed-off-by: Adam Graves <adam.graves85@gmail.com>
 2021-11-15 13:54:49 -08:00
zryfish
7203a0b8bd
support watch namespaces matched namespace selector (#7472) 
skip caching namespaces at cluster scope if only watching single namespace

add --watch-namespace-selector in user guide

add e2e test
 2021-11-12 11:46:28 -08:00
Gerald Pape
017e1ecde3
Fix Ingress resources in docs (#7579) 
* fix Ingress resources in docs

Signed-off-by: Gerald Pape <gerald@giantswarm.io>

* move to ingressClassName

* fix more Ingress resource examples

* empty commit

Signed-off-by: Gerald Pape <gerald@giantswarm.io>

* make NOTES.txt aware of version + add notice about ingress version to examples main page

* add link to legacy documentation

Signed-off-by: Gerald Pape <gerald@giantswarm.io>
 2021-11-09 07:43:49 -08:00
Jennifer
72ec0e290e
Remove double spacing (#7830) 2021-11-05 13:54:40 -07:00
WMP
5b94d83aeb
priorityClassName should be in " " (#7512) 
* priorityClassName should be in " "

Example:  https://github.com/helm/charts/blob/master/stable/k8s-spot-rescheduler/templates/deployment.yaml#L28

* Update charts/ingress-nginx/templates/controller-deployment.yaml

Co-authored-by: Alex Harder <13860012+ChiefAlexander@users.noreply.github.com>

Co-authored-by: Ricardo Katz <rikatz@users.noreply.github.com>
Co-authored-by: Alex Harder <13860012+ChiefAlexander@users.noreply.github.com>
 2021-10-24 15:28:21 -07:00
James Callahan
e4001df41e
ServiceMonitor namespaceSelector defaults to current namespace (#7001) 2021-10-24 14:28:21 -07:00
Zhiwei Liu
af7d9581f4
Remove deprecated annotation in helm chart example (#7813) 2021-10-22 10:34:38 -07:00
Mmadu Manasseh
5a52d99ae8
Refactor: update DaemonSet and Deployment command params to use templates (#7689) 
* Refactor: update DaemonSet and Deployment command parameters to use helm templates

* Fix whitespace issues
 2021-10-14 01:23:19 -07:00
João Henri
001ce778b7
Support ipFamilyPolicy and ipFamilies fields in Helm Chart (#7651) 
* Add support to ipFamilyPolicy and ipFamilies fields in Helm chart

As stated in the prerequisites' session of https://kubernetes.io/docs/concepts/services-networking/dual-stack/, in order to use Kubernetes IPv4/IPv6 dual stack, v1.20 is needed. This commit aims in supporting these dual-stack-ness in ingress-nginx's chart.

Signed-off-by: jaehnri <joao.henri.cr@gmail.com>

* Standardize documentation with two '#'s

Signed-off-by: jaehnri <joao.henri.cr@gmail.com>

* Bump Helm chart version to 4.1.0

Signed-off-by: jaehnri <joao.henri.cr@gmail.com>

* Update Helm Chart changelog with 4.1.0 description

Signed-off-by: jaehnri <joao.henri.cr@gmail.com>

* Revert Helm Chart bump and remove CHANGELOG

As there will be more things in the release, in the review of this PR, it was asked to revert the bumps:
https://github.com/kubernetes/ingress-nginx/pull/7651#pullrequestreview-757311449

Signed-off-by: jaehnri <joao.henri.cr@gmail.com>
 2021-10-12 13:38:00 -07:00
Long Wu Yuan
766345e2bb
added ingressClassName field in example ingress (#7797) 2021-10-11 19:39:47 -07:00
Léopold Jacquot
a6ef52da9d
Add service-metrics port protocol (#7782) 2021-10-10 13:34:37 -07:00
Ricardo Katz
4fc57dcc49
Change enable-snippet to allow-snippet-annotation (#7670) 
Signed-off-by: Ricardo Pchevuzinske Katz <rkatz@vmware.com>
 2021-09-20 16:52:23 -07:00
Ricardo Katz
5e6ab651ec
Add option to force enabling snippet directives (#7665) 
Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>
 2021-09-19 12:40:08 -07:00
Ricardo Katz
cda59ccc9c
Add new flag to watch ingressclass by name instead of spec (#7609) 2021-09-10 10:14:01 -07:00
Bhumij Gupta
8b3a6f0252
Helm notes outputs non nil value for ingress.class annotation (#7611) 
Signed-off-by: bhumijgupta <bhumijgupta@gmail.com>
 2021-09-08 02:17:20 -07:00
Aivars Sterns
9dda37c130
add same tcp and udp ports to internal load balancer (#7511) 2021-09-02 00:54:09 -07:00
Maksim Nabokikh
4c4013904a
Add a flag to specify address to bind the healthz server (#7541) 
* Add a flag to specify address to bind the healthz server

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>

* Add healthz host to the helm chart

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>

* Apply suggestions from code review

Co-authored-by: Ricardo Katz <rikatz@users.noreply.github.com>

Co-authored-by: Ricardo Katz <rikatz@users.noreply.github.com>
 2021-08-26 05:13:23 -07:00
Emily L Shepherd
623436ef65
Add appProtocol field to all ServicePorts (#7493) 
Minor update to the helm chart to set the [appProtocol][1] field on all
http / https ports defined in the various services created by the helm
chart:

- http and https for controller-service
- http and https for controller-service-internal
- https for controler-service-webhook
- http for default-backend-service

These are only added in kubernetes >= 1.20, which is when this feature
became stable.

[1]: https://kubernetes.io/docs/concepts/services-networking/service/#application-protocol
 2021-08-23 10:08:01 -07:00
amirschw
605c243d7a
[Helm] Make HPA behavior configurable (#7203) 
Signed-off-by: amirschw <24677563+amirschw@users.noreply.github.com>
 2021-08-22 12:05:59 -07:00
Ricardo Katz
90c79689c4
Release v1 (#7470) 
* Drop v1beta1 from ingress nginx (#7156)

* Drop v1beta1 from ingress nginx

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Fix intorstr logic in controller

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* fixing admission

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* more intorstr fixing

* correct template rendering

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Fix e2e tests for v1 api

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Fix gofmt errors

* This is finally working...almost there...

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Re-add removed validation of AdmissionReview

* Prepare for v1.0.0-alpha.1 release

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Update changelog and matrix table for v1.0.0-alpha.1 (#7274)

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* add docs for syslog feature (#7219)

* Fix link to e2e-tests.md in developer-guide (#7201)

* Use ENV expansion for namespace in args (#7146)

Update the DaemonSet namespace references to use the `POD_NAMESPACE` environment variable in the same way that the Deployment does.

* chart: using Helm builtin capabilities check (#7190)

Signed-off-by: Jintao Zhang <zhangjintao9020@gmail.com>

* Update proper default value for HTTP2MaxConcurrentStreams in Docs (#6944)

It should be 128 as documented in https://github.com/kubernetes/ingress-nginx/blob/master/internal/ingress/controller/config/config.go#L780

* Fix MaxWorkerOpenFiles calculation on high cores nodes (#7107)

* Fix MaxWorkerOpenFiles calculation on high cores nodes

* Add e2e test for rlimit_nofile

* Fix doc for max-worker-open-files

* ingress/tcp: add additional error logging on failed (#7208)

* Add file containing stable release (#7313)

* Handle named (non-numeric) ports correctly (#7311)

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

* Updated v1beta1 to v1 as its deprecated (#7308)

* remove mercurial from build (#7031)

* Retry to download maxmind DB if it fails (#7242)

* Retry to download maxmind DB if it fails.

Signed-off-by: Sergey Shakuto <sshakuto@infoblox.com>

* Add retries count arg, move retry logic into DownloadGeoLite2DB function

Signed-off-by: Sergey Shakuto <sshakuto@infoblox.com>

* Reorder parameters in DownloadGeoLite2DB

Signed-off-by: Sergey Shakuto <sshakuto@infoblox.com>

* Remove hardcoded value

Signed-off-by: Sergey Shakuto <sshakuto@infoblox.com>

* Release v1.0.0-alpha.1

* Add changelog for v1.0.0-alpha.2

* controller: ignore non-service backends (#7332)

* controller: ignore non-service backends

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

* update per feedback

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

* fix: allow scope/tcp/udp configmap namespace to altered (#7161)

* Lower webhook timeout for digital ocean (#7319)

* Lower webhook timeout for digital ocean

* Set Digital Ocean value controller.admissionWebhooks.timeoutSeconds to 29

* update OWNERS and aliases files (#7365) (#7366)

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

* Downgrade Lua modules for s390x (#7355)

Downgrade Lua modules to last known working version.

* Fix IngressClass logic for newer releases (#7341)

* Fix IngressClass logic for newer releases

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Change e2e tests for the new IngressClass presence

* Fix chart and admission tests

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Fix helm chart test

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Fix reviews

* Remove ingressclass code from admission

* update tag to v1.0.0-beta.1

* update readme and changelog for v1.0.0-beta.1

* Release v1.0.0-beta.1 - helm and manifests (#7422)

* Change the order of annotation just to trigger a new helm release (#7425)

* [cherry-pick] Add dev-v1 branch into helm releaser (#7428)

* Add dev-v1 branch into helm releaser (#7424)

* chore: add link for artifacthub.io/prerelease annotations

Signed-off-by: Jintao Zhang <zhangjintao9020@gmail.com>

Co-authored-by: Ricardo Katz <rikatz@users.noreply.github.com>

* k8s job ci pipeline for dev-v1 br v1.22.0 (#7453)

* k8s job ci pipeline for dev-v1 br v1.22.0

Signed-off-by: Neha Lohia <nehapithadiya444@gmail.com>

* k8s job ci pipeline for dev-v1 br v1.21.2

Signed-off-by: Neha Lohia <nehapithadiya444@gmail.com>

* remove v1.21.1 version

Signed-off-by: Neha Lohia <nehapithadiya444@gmail.com>

* Add controller.watchIngressWithoutClass config option (#7459)

Signed-off-by: Akshit Grover <akshit.grover2016@gmail.com>

* Release new helm chart with certgen fixed (#7478)

* Update go version, modules and remove ioutil

* Release new helm chart with certgen fixed

* changed appversion, chartversion, TAG, image (#7490)

* Fix CI conflict

* Fix CI conflict

* Fix build.sh from rebase process

* Fix controller_test post rebase

Co-authored-by: Tianhao Guo <rggth09@gmail.com>
Co-authored-by: Ray <61553+rctay@users.noreply.github.com>
Co-authored-by: Bill Cassidy <cassid4@gmail.com>
Co-authored-by: Jintao Zhang <tao12345666333@163.com>
Co-authored-by: Sathish Ramani <rsathishx87@gmail.com>
Co-authored-by: Mansur Marvanov <nanorobocop@gmail.com>
Co-authored-by: Matt1360 <568198+Matt1360@users.noreply.github.com>
Co-authored-by: Carlos Tadeu Panato Junior <ctadeu@gmail.com>
Co-authored-by: Kundan Kumar <kundan.kumar@india.nec.com>
Co-authored-by: Tom Hayward <thayward@infoblox.com>
Co-authored-by: Sergey Shakuto <sshakuto@infoblox.com>
Co-authored-by: Tore <tore.lonoy@gmail.com>
Co-authored-by: Bouke Versteegh <info@boukeversteegh.nl>
Co-authored-by: Shahid <shahid@us.ibm.com>
Co-authored-by: James Strong <strong.james.e@gmail.com>
Co-authored-by: Long Wu Yuan <longwuyuan@gmail.com>
Co-authored-by: Jintao Zhang <zhangjintao9020@gmail.com>
Co-authored-by: Neha Lohia <nehapithadiya444@gmail.com>
Co-authored-by: Akshit Grover <akshit.grover2016@gmail.com>
 2021-08-21 13:42:00 -07:00
kayrus
e53a11e839
Add hostname value to override pod's hostname (#7386) 2021-08-09 06:45:31 -07:00
Bhumij Gupta
6f0401fc73
Helm - Enable configuring request and limit for containers in webhook jobs (#7434) 
* helm: add feature to configure request and limit for container in createSecret and patchWebhook job

Signed-off-by: Bhumij Gupta <bhumijgupta@gmail.com>

* Remove empty line in helm template

Signed-off-by: Bhumij Gupta <bhumijgupta@gmail.com>

* Add test for admission webhook job container resources

Signed-off-by: Bhumij Gupta <bhumijgupta@gmail.com>

* Add new line character at the end of charts ci file

Signed-off-by: Bhumij Gupta <bhumijgupta@gmail.com>
 2021-08-05 15:31:41 -07:00
Maikel
46be93808b
Add scope configuration check. (#6864) 2021-08-05 06:23:22 -07:00
Swift
b1a71adb74
Bump PDB API version to v1 (#7421) 
* update pdb to v1

Signed-off-by: yuswift <yuswift2018@gmail.com>

* validate the version in PDB

Signed-off-by: yuswift <yuswift2018@gmail.com>
 2021-08-05 05:23:22 -07:00
Long
2a190d2657
added namespace field in the namespace scoped resource templates of helm chart (#7256) 
* added namespace field in the namespace scoped resource templates of helm chart

* moved namespace field from roleRef to metadata
 2021-06-21 04:56:51 -07:00
Christian Rebischke
cec3c0af3d
helm: add new ingressClass resource (#6882) 
* helm: add new ingressClass resource

* add ingress parameters support

This commit adds ingress parameters support.
Credits go to Ariel Vinas: ariel@craftech.io
 2021-06-18 16:16:42 -07:00
Njegos Railic
9e89951ec7
Add annotations for HPA (#7117) 2021-06-02 02:52:24 -07:00
Maurice Faber
7c6b694e72
Update controller-poddisruptionbudget.yaml (#6734) 
Logic was wrong. See additional check that is also part of the first OR.
 2021-05-30 13:16:25 -07:00
Zach Rhoads
f6dbd93865
updated values.yaml and templates to have separate values for registry and image with container images, left repository value for backwards compatability (#7095) 2021-05-23 09:07:38 -07:00
Brian Harwell
293071ae02
Add support for custom probes (#7137) 
* Add support for custom probes

* Fix lint issue with comment

* Bump chart version

* Fix lint issue
 2021-05-18 06:37:31 -07:00
amirschw
bee7360ca4 [Helm] allow configuring controller container name 
Signed-off-by: amirschw <24677563+amirschw@users.noreply.github.com>
 2021-04-13 15:34:13 +03:00
Muhammad Hamza Zaib
ab58492ea4 Merge branch 'master' of github.com:kubernetes/ingress-nginx into add-servicemonitor-joblabel 2021-04-08 08:37:32 +02:00
Eric Bailey
63e35ac32b Support existing PSPs in Helm chart 2021-04-07 13:04:02 -05:00
Muhammad Hamza Zaib
9d9f10ce8b Add option to specify job label for service monitor 2021-04-06 08:19:03 +02:00
Joshua Stern
343790a6b2 Add ability to specify automountServiceAccountToken 2021-03-15 14:38:00 -04:00
Pierre Péronnet
59f930dd25
feat(chart) Add volumes to default-backend deployment 
Update changelog and Chart.yml

Signed-off-by: Pierre Péronnet <pierre.peronnet@ovhcloud.com>
 2021-03-09 16:54:12 +01:00
Manuel Alejandro de Brito Fontes
175f97dce5 Allow use of numeric namespaces in helm chart 2021-01-28 09:29:53 -03:00
Kyle Michel
fac7411cec
Add value for configuring a custom Diffie-Hellman parameters file 
Revert chart version
 2021-01-27 21:04:38 -05:00
Manuel Alejandro de Brito Fontes
80239fc9f4 Remove ClusterRole when scope option is enabled 2021-01-20 14:23:41 -03:00
Ivan Rizzante
5ff5b99fbc Add custom ScaledObject annotations 
Signed-off-by: Ivan Rizzante <i.rizzante@gmail.com>
 2021-01-20 16:43:07 +01:00
hoodbsa
d70652a0eb
fix scaleTargetRef definition for KEDA v.2 2021-01-14 13:29:32 +03:00
Yasser
a70553f7d8 Do not create HPA if default backend not enabled 
Update annotations

Do not create HPA if default backend not enabled
 2021-01-12 17:01:47 +01:00
Kubernetes Prow Robot
3e5605910a
Merge pull request #6691 from dzirg44/ingress-config 
Helm: Ingress config change
 2020-12-29 05:24:35 -08:00
Kubernetes Prow Robot
f239fe07ff
Merge pull request #6688 from mhulscher/psp-emptydir 
feat: allow volume-type emptyDir in controller podsecuritypolicy
 2020-12-29 05:24:28 -08:00
Oleg Tsymbal
826da966fc Change: toYaml to range 2020-12-28 23:52:41 +02:00
Mitch Hulscher
39fea58085 feat: allow volume-type emptyDir in controller podsecuritypolicy 2020-12-28 11:01:32 +01:00
Maxim Pogozhiy
b55f4371e3 Add GeoIP Local mirror support 2020-12-28 17:37:26 +10:00
cooperbenson-qz
8de7d42cfc Adding LoadBalancerIP value for internal service 
Adding documentation for the value

Bumping chart version

Adding changelog entry

Added change to artifacthub annotation
 2020-12-21 09:59:01 -07:00
Andrew Konrath
603e2c5ee8 Allow custom service names for controller and backend (#6457) 2020-12-05 17:49:15 -06:00
Yasser
3a5a5b0e83 Fix the name of default backend variable 2020-12-01 16:49:11 +01:00
Lee Robert
a1cd31bc51
Reorder HPA resource list to work with GitOps tooling 2020-11-24 08:51:02 -05:00
Brandon Pinske
129b7d119e Support Keda Autoscaling 
Keda autoscaling is exclusive with regular hpa scaling. If both are set to true, keda takes precedence.
 2020-11-18 13:22:34 -07:00
Kubernetes Prow Robot
52726abaee
Merge pull request #6423 from lablabs/default-backend-autoscaling 
Add Default backend HPA autoscaling.
 2020-11-09 06:50:27 -08:00
Adam Hamsik
ab9ba3e970 Add Default backend HPA autoscaling. 2020-11-06 19:37:27 +01:00
Mark Pundsack
c64c691335 Alternate to respecting setting admissionWebhooks.failurePolicy in values.yaml 2020-11-04 21:18:30 -06:00
Kubernetes Prow Robot
fb6b572378
Merge pull request #6356 from AlexisMtr/pod-security-context 
Add securitycontext settings on defaultbackend
 2020-11-02 08:14:53 -08:00
Alexis Martinier
8c56e4df9d Add securitycontext settings on defaultbackend 
Signed-off-by: Alexis Martinier <a.martinier@gmail.com>
 2020-11-02 12:02:33 +01:00
Kubernetes Prow Robot
340850447f
Merge pull request #6401 from ivanov-aleksander/fix/annotations 
Fix controller service annotations
 2020-11-01 12:18:51 -08:00
Nick Fisher
822309b406 Added loadBalancerSourceRanges for internal lbs 2020-10-30 12:43:24 -04:00
Oleksandr Ivanov
9872e37b0d fix controller service annotations 2020-10-30 17:43:44 +02:00
Manuel Alejandro de Brito Fontes
703c2d6f8e Enable validation of ingress definitions from extensions package 2020-10-26 10:50:44 -03:00
Kewei Ma
171843210c Fix liveness and readiness probe path in daemonset chart 2020-10-14 09:50:52 -05:00
Alessandro Vozza
3ae837b4b0 fix podAnnotations quotes for #6315 
bumped chart version, daemonset podannotations

missing end on podannotations

ci values files

new lines at the end of files
 2020-10-12 20:50:06 +02:00
Kewei Ma
c8294eaf4e Allow Helm Chart to customize admission webhook's annotations, timeoutSeconds, namespaceSelector, objectSelector and cert files locations 2020-10-08 14:37:15 -05:00
Manuel Alejandro de Brito Fontes
4632497a95 Update helm chart 2020-10-02 15:30:09 -03:00
Manuel Alejandro de Brito Fontes
7722fa38aa Add admission controller e2e test 2020-09-26 16:06:58 -03:00
Manuel Alejandro de Brito Fontes
4b831c77b2
Refactor parsing of key values 2020-09-21 13:04:32 -03:00
Luca Berneking
4e02ae78ba Add helm chart options to expose metrics service as NodePort 2020-09-21 11:33:39 +02:00
Manuel Alejandro de Brito Fontes
370bc45ef6 Fix helm chart admissionReviewVersions regression 2020-09-16 10:14:06 -03:00
Manuel Alejandro de Brito Fontes
27598b5f90 Update chart requirements 2020-09-15 14:50:32 -03:00
Joseph Petersen
4733e7c0eb
add topologySpreadConstraint to controller 2020-09-11 15:41:44 +02:00
Stylianos Rigas
442f7bb71b Adding parameter for externalTrafficPolicy in internal controller service spec 2020-09-01 19:20:00 +01:00
Anton Wolkov
fcbc3659b8 Misc fixes for nginx-ingress chart for better keel and prometheus-operator integration 
Update: allow values.yaml without labels to pass
 2020-08-31 23:14:44 +03:00
Anton Wolkov
0a45e3c655 Misc fixes for nginx-ingress chart for better keel and prometheus-operator integration 2020-08-31 22:46:43 +03:00
Calvin Bui
bca7b8b217
Add configurable serviceMonitor metricRelabelling and targetLabels 
Signed-off-by: Calvin Bui <3604363+calvinbui@users.noreply.github.com>
 2020-08-19 12:25:57 +10:00
Philipp Strube
59b16c4e92 Use Env expansion for namespace in args 
When deploying the controller to a custom namespace, users have to
overwrite the namespace attribute as well as the hardcoded namespace
values in a number of args for the Deployment and the admission
controller Jobs.

Instead, this commit, uses the namespace name from the DownwardAPI,
and allows users to simply change the namespace attribute without
having to worry about the container args.
 2020-07-29 11:44:08 +02:00
Manuel Alejandro de Brito Fontes
6c73d66ae6 Update helm chart for v0.34.0 2020-07-10 08:57:40 -04:00
Tobias Wolf
c56baf6b15
Add quoting to sysctls because numeric values need to be presented as strings (#5823) 2020-07-01 10:02:26 -04:00
Manuel Alejandro de Brito Fontes
a57d912ea4
Use admissionregistration.k8s.io/v1beta1 to be k8s < 1.16 compatible 2020-06-24 10:03:10 -04:00
Tobias Wolf
be5c29daef Update ValidatingWebhook for Ingress to support --dry-run=server 2020-06-21 10:11:00 +02:00
Oleksandr Semak
baed5c6061 add custom metric to hpa template 2020-06-18 11:40:56 -04:00
Tobias Wolf
1d54d8b565 Add sysctl exemptions to controller PSP 
I would like to be able to support this construction in my DaemonSet, I have coontrol over the host and this is the easiest way yo bump the socket properties.
```yaml
securityContext:
  sysctls:
    - name: net.core.somaxconn
      value: "8192"
```
 2020-06-16 19:11:45 +02:00
Luis Garnica Guilarte
398f548b75 Add support for an internal load balancer along with an external one 
Signed-off-by: Luis Garnica Guilarte <luisgarnica42@gmail.com>
 2020-06-16 16:59:43 +02:00
Graham McGregor
2205edb16b Allow pulling images by digest 
The digest uniquely identifies a specific version of the image, so it is
never updated by Kubernetes unless you change the digest value. This is
desirable for security to gain confidence that no unvetted changes are
pulled to a deployment.
 2020-05-20 12:05:43 -04:00
Tuan Anh Nguyen
e6d570d30b add toleration support for admission webhooks 
Update charts/ingress-nginx/Chart.yaml

Co-authored-by: Alex Harder <13860012+ChiefAlexander@users.noreply.github.com>
 2020-05-20 09:26:59 +07:00
Kubernetes Prow Robot
4b62da824e
Merge pull request #5494 from janosi/wh_runasuser 
Add configuration option for the runAsUser parameter of the webhook patch job
 2020-05-04 13:04:26 -07:00
Kubernetes Prow Robot
45698ca4e6
Merge pull request #5504 from janosi/wh_imagepullsecret 
Add configuration option for the imagePullSecrets in the webhook jobs
 2020-05-04 12:34:28 -07:00
Laszlo Janosi
5148443ca7 Move webhook runAsUser from patch.image.runAsUser to patch.runAsUser 2020-05-04 17:50:00 +00:00
John Reese
c6b053d922
Update job-patchWebhook.yaml 
Referencing `deploy.yaml` results in a `null` value for the `imagePullPolicy`. Looks like the pull policy value is set under image!
 2020-05-04 13:48:05 -04:00
Laszlo Janosi
50896901b0 Add configuration option for the imagePullSecrets in the WH jobs 2020-05-04 17:46:27 +00:00
Laszlo Janosi
82588a33a7 Add configuration option for the runAsUser parameter of the webhook patch job 2020-05-03 17:08:42 +00:00
Manuel Alejandro de Brito Fontes
768a91f58d Fix chart missing default backend name 2020-04-29 22:44:04 -04:00
nicklasfrahm
f63b7601a2 Fix helper for defaultbackend name 
Signed-off-by: nicklasfrahm <nicklas.frahm@gmail.com>
 2020-04-28 18:39:35 +02:00
Mofizur Rahman
4e63d6452a
update notes.txt example with networking.k8s.io 
ingress api extensions/v1beta1 is not longer supported since 1.18

the example after nginx helm deployment should reflect that
 2020-04-23 01:12:42 -04:00
Manuel Alejandro de Brito Fontes
efbb3f9fc8 Add support for IngressClass and ingress.class annotation 2020-04-22 09:15:32 -04:00
Manuel Alejandro de Brito Fontes
977178dea4 Remove chart old podSecurityPolicy check 2020-04-14 23:07:45 -04:00
Manuel Alejandro de Brito Fontes
2cc828213d Fix deployment strategy 2020-04-07 13:08:09 -04:00
Manuel Alejandro de Brito Fontes
1f3eac2c8c Remove duplicated annotations definition and refactor hostPort configuration 2020-04-06 19:15:47 -04:00
Manuel Alejandro de Brito Fontes
f86b0cdbba Add lifecycle hook and option to enable mimalloc 2020-04-06 13:16:46 -04:00
Manuel Alejandro de Brito Fontes
b8839a66b5 Fix valid semver comparison to allow dev images 2020-03-16 16:53:56 -03:00
Kubernetes Prow Robot
f19d52bba4
Merge pull request #5252 from aledbf/tag 
Check chart controller image tag
 2020-03-16 07:58:43 -07:00
Manuel Alejandro de Brito Fontes
e9641ba08e Check chart controller image tag 2020-03-16 11:50:05 -03:00
Kubernetes Prow Robot
c2c8af28db
Merge pull request #5249 from aledbf/hostport 
Add support for hostPort in Deployment
 2020-03-16 06:26:42 -07:00
Manuel Alejandro de Brito Fontes
3a5bc90709 Add support for custom healthz path in helm chart 2020-03-15 12:52:34 -03:00
Manuel Alejandro de Brito Fontes
19c4c5652d Add support for hostPort in Deployment 2020-03-14 18:24:46 -03:00
Manuel Alejandro de Brito Fontes
a96826b617 Configuration configmap should always be created 2020-03-13 09:51:07 -03:00
Manuel Alejandro de Brito Fontes
9f3fbc3014 Remove checks for older versions 2020-03-13 09:50:33 -03:00
Manuel Alejandro de Brito Fontes
1c90847801 Fix controller container name 2020-03-12 10:23:52 -03:00