DevFW-CICD/ingress-nginx-helm
14
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
7814 commits 4 branches 217 tags 166 MiB
Commit graph

176 commits

Author SHA1 Message Date
Marco Ebert
ab2541986d
Chart: Bump Kube Webhook CertGen. (#12607) 2024-12-25 22:08:11 +01:00
Marco Ebert
e22ab119ea
Docs: Add Pod Security Admission. (#12197) 
Co-authored-by: Hung Tran <40334379+phuhung273@users.noreply.github.com>
 2024-10-15 16:15:05 +02:00
Marco Ebert
f6456ea86c
Release controller v1.11.3 & chart v4.11.3. (#12156) 2024-10-08 22:08:23 +01:00
Marco Ebert
f2aeb08873
Chart: Bump Kube Webhook CertGen. (#12123) 2024-10-06 16:20:55 +02:00
k8s-infra-cherrypick-robot
bd97375742
Chart: Align default backend PodDisruptionBudget. (#11999) 
Co-authored-by: Marco Ebert <marco_ebert@icloud.com>
 2024-09-20 14:20:03 +02:00
k8s-infra-cherrypick-robot
b401ff3912
Chart: Add tests for PrometheusRule & ServiceMonitor. (#11889) 
Co-authored-by: Marco Ebert <marco_ebert@icloud.com>
 2024-08-27 11:30:24 +02:00
k8s-infra-cherrypick-robot
1165665591
Update maxmind post link about geolite2 license changes (#11881) 
Signed-off-by: Seonghyeon Cho <seonghyeoncho96@gmail.com>
Co-authored-by: Seonghyeon Cho <seonghyeoncho96@gmail.com>
 2024-08-26 22:31:22 +02:00
Marco Ebert
d3bb2b4f87
Release controller v1.11.2 & chart v4.11.2. (#11814) 2024-08-16 08:54:22 +02:00
k8s-infra-cherrypick-robot
604e634846
Chart: Bump Kube Webhook CertGen & OpenTelemetry. (#11812) 
Co-authored-by: Marco Ebert <marco_ebert@icloud.com>
 2024-08-15 07:19:18 -07:00
Marco Ebert
7b37df8f38
Release controller v1.11.1 & chart v4.11.1. (#11650) 2024-07-18 10:57:33 -07:00
Marco Ebert
d5ddfdaf67
Release: Apply changes from main. (#11589) 2024-07-10 01:06:57 -07:00
TheRealNoob
af9e5246ad
Chart: Make pod affinity templatable. (#11453) 
* [helm] template pod affinity

* update README

* Apply suggestions from code review

Co-authored-by: Marco Ebert <marco_ebert@icloud.com>

* revert Chart.yaml version bump

* add unittests

* add docs defaultBackend.affinity

* add README section to values

* fix README syntax

* Apply suggestions from code review

Co-authored-by: Marco Ebert <marco_ebert@icloud.com>

* Update charts/ingress-nginx/values.yaml

Co-authored-by: Marco Ebert <marco_ebert@icloud.com>

* update formatting of unittests + add README examples

* fix affinity labels on default-backend

* Apply suggestions from code review

Co-authored-by: Marco Ebert <marco_ebert@icloud.com>

* remove double quotes on string

---------

Co-authored-by: Marco Ebert <marco_ebert@icloud.com>
 2024-06-14 02:13:44 -07:00
Reddysekhar Gaduputi
0c17748c44
Chart: Make admission webhook patch job RBAC configurable. (#11376) 
* Add an option to skip rbac resources creation in helm chart for admission-webhooks (#11375)

Signed-off-by: Reddysekhar Gaduputi <gsekhar73@gmail.com>

* Add an option to skip rbac resources creation in helm chart update README (#11375)

Signed-off-by: Reddysekhar Gaduputi <gsekhar73@gmail.com>

* Add an option to skip serviceAccount resources creation in helm chart for admission-webhooks (#11375)

Signed-off-by: Reddysekhar Gaduputi <gsekhar73@gmail.com>

* Add helm chart tests for admission-webhooks (#11375)

Signed-off-by: Reddysekhar Gaduputi <gsekhar73@gmail.com>

* Chart make admission webhook patch job RBAC configurable (#11375)

Signed-off-by: Reddysekhar Gaduputi <gsekhar73@gmail.com>

* Update charts/ingress-nginx/tests/admission-webhooks/job-patch/clusterrole_test.yaml

Co-authored-by: Marco Ebert <marco_ebert@icloud.com>

* Update charts/ingress-nginx/tests/admission-webhooks/job-patch/clusterrolebinding_test.yaml

Co-authored-by: Marco Ebert <marco_ebert@icloud.com>

* Update charts/ingress-nginx/tests/admission-webhooks/job-patch/role_test.yaml

Co-authored-by: Marco Ebert <marco_ebert@icloud.com>

* Update charts/ingress-nginx/tests/admission-webhooks/job-patch/rolebinding_test.yaml

Co-authored-by: Marco Ebert <marco_ebert@icloud.com>

* Update charts/ingress-nginx/tests/admission-webhooks/job-patch/serviceaccount_test.yaml

Co-authored-by: Marco Ebert <marco_ebert@icloud.com>

---------

Signed-off-by: Reddysekhar Gaduputi <gsekhar73@gmail.com>
Co-authored-by: Marco Ebert <marco_ebert@icloud.com>
 2024-06-03 02:17:23 -07:00
k8s-infra-cherrypick-robot
82c4d78a2f
Merge pull request #11277 from strongjz/chart-1.10.1 (#11415) 
release chart 4.10.1

Co-authored-by: James Strong <strong.james.e@gmail.com>
 2024-06-03 00:34:38 -07:00
Marco Ebert
987039c014
Chart: Remove controller.enableWorkerSerialReloads. (#11400) 2024-06-03 00:32:19 -07:00
Carlos Parada
95efaf3e39
Accept user defined annotations in IngressClass (#11362) 2024-05-22 06:08:30 -07:00
Rafael da Fonseca
4e11074323
Allow configuring nginx worker reload behaviour, to prevent multiple concurrent worker reloads which can lead to high resource usage and OOMKill (#10884) 
* feat: allow configuring nginx worker reload behaviour, to prevent multiple concurrent worker reloads

Signed-off-by: Rafael da Fonseca <rafael.fonseca@wildlifestudios.com>

* appease linter, remove unnecessary log line

Signed-off-by: Rafael da Fonseca <rafael.fonseca@wildlifestudios.com>

* Flip to using a positive behaviour flag instead of negative

Signed-off-by: Rafael da Fonseca <rafael.fonseca@wildlifestudios.com>

* Update helm-docs

Signed-off-by: Rafael da Fonseca <rafael.fonseca@wildlifestudios.com>

* Avoid calling GetBackendConfiguration() twice, use clearer name for helm chart option

Signed-off-by: Rafael da Fonseca <rafael.fonseca@wildlifestudios.com>

* Fix helm-docs ordering

Signed-off-by: Rafael da Fonseca <rafael.fonseca@wildlifestudios.com>

---------

Signed-off-by: Rafael da Fonseca <rafael.fonseca@wildlifestudios.com>
 2024-05-14 14:45:25 -07:00
NierYYDS
95554dccd2
fix: update kube version requirement to 1.21 (#11275) 
The controller depends on the v1 version of EndpointSlice, but the discovery.k8s.io/v1 API was first introduced in Kubernetes version 1.21.
 2024-04-18 10:06:32 -07:00
Long Wu Yuan
5e0792ecb5
updated certgen image shatag (#11214) 2024-04-05 08:16:55 -07:00
Matheus Fidelis
e9509e27aa
feature(default_backend): topologySpreadConstraints on default backend (#11197) 
feature(default_backend): topologySpread support

feature(default_backend): topologySpread support

feature(default_backend): helm-docs

feature(default_backend): helm-docs

feature(default_backend): helm-docs

feature(default_backend): helm-docs

feature(default_backend): nit

feature(default_backend): nit

feature(default_backend): nit
 2024-04-05 04:54:48 -07:00
TheRealNoob
ad274ab2c6
Chart: Make controller.config templatable. (#11181) 
* [helm] pass controller.config through tpl

* add unittest

* update README.md

* Update charts/ingress-nginx/README.md

Co-authored-by: Marco Ebert <marco_ebert@icloud.com>

* Update charts/ingress-nginx/tests/controller-configmap_test.yaml

Co-authored-by: Marco Ebert <marco_ebert@icloud.com>

* Update charts/ingress-nginx/values.yaml

Co-authored-by: Marco Ebert <marco_ebert@icloud.com>

---------

Co-authored-by: Marco Ebert <marco_ebert@icloud.com>
 2024-04-04 12:50:05 -07:00
Matheus Fidelis
7c8af4928b
Controller: Make Leader Election TTL configurable. (#11142) 
* feature(leader_ttl): feature to customize ttl to leader be re-elected

* fix(review): docs
 2024-03-28 06:36:23 -07:00
Marco Ebert
56a0968675
Chart: Add IngressClass aliases. (#11109) 2024-03-17 14:27:27 -07:00
Marco Ebert
2894b8a060
Chart: Improve IngressClass documentation. (#11104) 2024-03-12 06:39:07 -07:00
Matheus Fidelis
9b63559cbb
feature(leader_election): flag to disable leader election feature on controller (#11064) 2024-03-06 05:59:22 -08:00
Ricardo Katz
dc999d81da
Release version v1.10.0 (#11039) 2024-02-28 16:41:06 -08:00
Ricardo Katz
7a75538dea
Bump kubewebhook certgen (#11034) 
Signed-off-by: Ricardo Katz <rikatz@users.noreply.github.com>
Co-authored-by: Jintao Zhang <zhangjintao9020@gmail.com>
 2024-02-27 21:32:13 -08:00
James Strong
4e97379b4e
Release controller 1.9.6 and helm 4.9.1 (#10919) 
Signed-off-by: James Strong <strong.james.e@gmail.com>
 2024-01-26 23:45:19 -08:00
James Strong
0e47bfbfec release 1.9.5 docs 
Signed-off-by: James Strong <strong.james.e@gmail.com>
 2023-12-21 10:42:28 +01:00
Mathieu Parent
9db2eb965e
Add controller.metrics.serviceMonitor.annotations in Helm chart (#9677) 
Signed-off-by: Mathieu Parent <math.parent@gmail.com>
 2023-12-20 23:08:50 +01:00
Marco Ebert
0e12525bdd Chart: Revert verion 4.8.4. 2023-12-20 19:30:43 +01:00
patst
7e31f818ff
helm: opentelemetry addon allow configuration of registry with setting tag (#9773) 
* feat: allow configuration of registry, image, tag and digest in single values for opentelemetry addon

* feat: allow configuration of registry, image, tag and digest in single values for opentelemetry addon

* add ci test file

* fix: updated helm-docs with opentelemetry image value

* fix: ci test case

* fix: ci test case set default registry, image + tag

* fix: ci test case set default registry + image

* fix: remove unrequired comment

* feat!: use extraModules helper method for templating the image value

* image definition for OTel image is now split up in image, repo and registry values

* feat!: move distroless config under the image key

* update helm-docs

* Refactor template to generate the image name

* adapt test cases for extraModules

* implement code review

* try to fix ci test for opentelemetry
 2023-12-08 11:09:34 +01:00
Marco Ebert
7e54daa909
Helm Service: Align internal to external. (#10239) 
* Service: Align internal to external.

* Service: Remove redundant condition.
 2023-12-05 17:25:04 +01:00
Ofir Shtrull
83f4332572
add new serivce type for internal use (#10727) 
* add new serivce type for internal use

* bump chart version

* lint

* fix tests

* fix readme

* Update charts/ingress-nginx/Chart.yaml

Co-authored-by: Marco Ebert <marco_ebert@icloud.com>

* Update charts/ingress-nginx/values.yaml

Co-authored-by: Marco Ebert <marco_ebert@icloud.com>

* rerun helm-docs

* Update charts/ingress-nginx/templates/controller-service-internal.yaml

Co-authored-by: Marco Ebert <marco_ebert@icloud.com>

* fix values

* fix values

---------

Co-authored-by: Marco Ebert <marco_ebert@icloud.com>
 2023-12-05 14:47:20 +01:00
Stavros Foteinopoulos
1f06e26080
Add extra configMaps support to helm chart (#10673) 
* Add extra configMaps support to helm chart

Signed-off-by: Stavros Foteinopoulos <stafot@gmail.com>

* Introducing unit tests for helm chart

Signed-off-by: Stavros Foteinopoulos <stafot@gmail.com>

---------

Signed-off-by: Stavros Foteinopoulos <stafot@gmail.com>
 2023-12-02 14:26:23 +01:00
Jmnote
bfc2300c3d
[charts] add controller.admissionWebhooks.networkPolicyEnabled (#10650) 
* add controller.admissionWebhooks.networkPolicyEnabled

Signed-off-by: Jmnote <opcore@gmail.com>

* .Values.controller.admissionWebhooks.patch.networkPolicy.enabled

---------

Signed-off-by: Jmnote <opcore@gmail.com>
 2023-11-29 22:39:51 +01:00
Marco Ebert
8b026f42d5
Chart: Tighten securityContexts and Pod Security Policies. (#10491) 
* Values: Fix docs of `controller.podSecurityContext` & `controller.sysctls`.

* Values: Add missing `controller.containerSecurityContext`.

Already in use, but has never been added to values.

* Values: Fix docs of `defaultBackend.podSecurityContext` & `defaultBackend.containerSecurityContext`.

* Helpers: Rename `controller.containerSecurityContext` to `ingress-nginx.controller.containerSecurityContext`.

Due to alignment with other templates.

* Helpers: Improve `extraModules`.

- Make `command` a multiline list.
- Fix `toYaml` usage.
- Remove `toYaml` where not necessary.

* Helpers: Move `ingress-nginx.defaultBackend.fullname`.

* Helpers: Add `ingress-nginx.defaultBackend.containerSecurityContext`.

Extracts the default backend `securityContext` into a template, as for the controller.

* Controller: Fix indentation of `controller.podSecurityContext` & `controller.sysctls`.

* Controller: Improve `controller.extraModules` & `controller.opentelemetry`.

- Add `controller.extraModules.distroless` & `controller.extraModules.resources`.
- Add `controller.opentelemetry.name` & `controller.opentelemetry.distroless`.
- Align `extraModules` inclusion for `controller.extraModules` & `controller.opentelemetry`.
- Remove redundant whitespaces.

* Controller/PSP: Align indentation.

* Controller/PSP: Remove quotes.

* Controller/PSP: Improve comments.

* Controller/PSP: Reorder fields.

See https://v1-24.docs.kubernetes.io/docs/concepts/security/pod-security-policy.

* Admission Webhooks: Fix indentation of `controller.admissionWebhooks.patch.securityContext`.

* Admission Webhooks/PSP: Align indentation.

* Admission Webhooks/PSP: Reorder fields.

* Admission Webhooks/PSP: Align condition.

* Admission Webhooks/ClusterRole: Align PSP rule.

* Default Backend/PSP: Align indentation.

* Default Backend/PSP: Reorder fields.

See https://v1-24.docs.kubernetes.io/docs/concepts/security/pod-security-policy.

* Values: Tighten `controller.image`.

Due to recent changes, the controller image can be run without privilege escalation:

- https://github.com/kubernetes/ingress-nginx/issues/8499
- https://github.com/kubernetes/ingress-nginx/pull/7449

* Values: Tighten `controller.extraModules.containerSecurityContext`.

* Values: Tighten `controller.opentelemetry.containerSecurityContext`.

* Values: Tighten `controller.admissionWebhooks.*.securityContext`.

Moves the pod `securityContext` to the containers to not interfere with injected containers.

* Values: Tighten `defaultBackend.image`.
 2023-11-07 18:52:36 +01:00
Marco Ebert
0120a2df48
Admission Webhook: Truncate name. (#10523) 2023-10-29 18:26:05 +01:00
Ricardo Katz
5583f90c7f
Release v1.9.4 (#10568) 2023-10-25 18:33:49 +02:00
jasine
7ce6cc88d8
feat: add namespace overrides (#10539) 
* feat: add namespace overrides

* add value in readme

* fix: readme description

* fix: description in value

* fix: set max length and trim last "-"
 2023-10-24 19:53:46 +02:00
James Strong
6f2ad83b0d
release 1.9.3 
Signed-off-by: James Strong <strong.james.e@gmail.com>
 2023-10-12 09:51:50 -04:00
James Strong
2d3ee50949
update nginx base, httpbun, e2e, helm webhook cert gen (#10506) 
* update nginx base, httpbun, e2e, helm webhook cert gen

Signed-off-by: James Strong <strong.james.e@gmail.com>

* fix helm docs

Signed-off-by: James Strong <strong.james.e@gmail.com>

---------

Signed-off-by: James Strong <strong.james.e@gmail.com>
 2023-10-11 23:53:19 +02:00
Ricardo Katz
24b139424d Release v1.9.1 2023-10-01 18:01:26 -03:00
Marco Ebert
0b0ce031ac
Chart: Rework network policies. (#10238) 2023-09-24 08:02:57 -07:00
Ricardo Katz
6107346590
Release v1.9.0 (#10433) 2023-09-23 13:46:56 -07:00
arukiidou
82e24cb399
Helm - Fix Chart.yaml - add license annotations, add type keyword, remove gotpl (#10287) 
* Helm - add license annotations, add type keyword, remove gotpl

Signed-off-by: junya koyama <arukiidou@yahoo.co.jp>

* Helm - run helm-docs

Signed-off-by: junya koyama <arukiidou@yahoo.co.jp>

---------

Signed-off-by: junya koyama <arukiidou@yahoo.co.jp>
 2023-09-22 04:08:50 -07:00
Ricardo Katz
cb70900609
Release v1.9.0-beta.0 (#10422) 2023-09-18 04:52:31 -07:00
František Hána
06c64bf567
helm: add resources to opentelemetry init container (#10300) 2023-09-11 19:36:12 -07:00
Ricardo Katz
cf889c6c47
Disable user snippets per default (#10393) 
* Disable user snippets per default

* Enable snippet on tests
 2023-09-10 20:02:10 -07:00
Marco Ebert
2d03da6334
Deployment/DaemonSet: Fix templating & value. (#10240) 2023-09-10 07:20:09 -07:00