DevFW-CICD/ingress-nginx-helm
14
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
7577 commits 4 branches 217 tags 166 MiB
Commit graph

165 commits

Author SHA1 Message Date
TheRealNoob
af9e5246ad
Chart: Make pod affinity templatable. (#11453) 
* [helm] template pod affinity

* update README

* Apply suggestions from code review

Co-authored-by: Marco Ebert <marco_ebert@icloud.com>

* revert Chart.yaml version bump

* add unittests

* add docs defaultBackend.affinity

* add README section to values

* fix README syntax

* Apply suggestions from code review

Co-authored-by: Marco Ebert <marco_ebert@icloud.com>

* Update charts/ingress-nginx/values.yaml

Co-authored-by: Marco Ebert <marco_ebert@icloud.com>

* update formatting of unittests + add README examples

* fix affinity labels on default-backend

* Apply suggestions from code review

Co-authored-by: Marco Ebert <marco_ebert@icloud.com>

* remove double quotes on string

---------

Co-authored-by: Marco Ebert <marco_ebert@icloud.com>
 2024-06-14 02:13:44 -07:00
Reddysekhar Gaduputi
0c17748c44
Chart: Make admission webhook patch job RBAC configurable. (#11376) 
* Add an option to skip rbac resources creation in helm chart for admission-webhooks (#11375)

Signed-off-by: Reddysekhar Gaduputi <gsekhar73@gmail.com>

* Add an option to skip rbac resources creation in helm chart update README (#11375)

Signed-off-by: Reddysekhar Gaduputi <gsekhar73@gmail.com>

* Add an option to skip serviceAccount resources creation in helm chart for admission-webhooks (#11375)

Signed-off-by: Reddysekhar Gaduputi <gsekhar73@gmail.com>

* Add helm chart tests for admission-webhooks (#11375)

Signed-off-by: Reddysekhar Gaduputi <gsekhar73@gmail.com>

* Chart make admission webhook patch job RBAC configurable (#11375)

Signed-off-by: Reddysekhar Gaduputi <gsekhar73@gmail.com>

* Update charts/ingress-nginx/tests/admission-webhooks/job-patch/clusterrole_test.yaml

Co-authored-by: Marco Ebert <marco_ebert@icloud.com>

* Update charts/ingress-nginx/tests/admission-webhooks/job-patch/clusterrolebinding_test.yaml

Co-authored-by: Marco Ebert <marco_ebert@icloud.com>

* Update charts/ingress-nginx/tests/admission-webhooks/job-patch/role_test.yaml

Co-authored-by: Marco Ebert <marco_ebert@icloud.com>

* Update charts/ingress-nginx/tests/admission-webhooks/job-patch/rolebinding_test.yaml

Co-authored-by: Marco Ebert <marco_ebert@icloud.com>

* Update charts/ingress-nginx/tests/admission-webhooks/job-patch/serviceaccount_test.yaml

Co-authored-by: Marco Ebert <marco_ebert@icloud.com>

---------

Signed-off-by: Reddysekhar Gaduputi <gsekhar73@gmail.com>
Co-authored-by: Marco Ebert <marco_ebert@icloud.com>
 2024-06-03 02:17:23 -07:00
k8s-infra-cherrypick-robot
82c4d78a2f
Merge pull request #11277 from strongjz/chart-1.10.1 (#11415) 
release chart 4.10.1

Co-authored-by: James Strong <strong.james.e@gmail.com>
 2024-06-03 00:34:38 -07:00
Marco Ebert
987039c014
Chart: Remove controller.enableWorkerSerialReloads. (#11400) 2024-06-03 00:32:19 -07:00
Carlos Parada
95efaf3e39
Accept user defined annotations in IngressClass (#11362) 2024-05-22 06:08:30 -07:00
Rafael da Fonseca
4e11074323
Allow configuring nginx worker reload behaviour, to prevent multiple concurrent worker reloads which can lead to high resource usage and OOMKill (#10884) 
* feat: allow configuring nginx worker reload behaviour, to prevent multiple concurrent worker reloads

Signed-off-by: Rafael da Fonseca <rafael.fonseca@wildlifestudios.com>

* appease linter, remove unnecessary log line

Signed-off-by: Rafael da Fonseca <rafael.fonseca@wildlifestudios.com>

* Flip to using a positive behaviour flag instead of negative

Signed-off-by: Rafael da Fonseca <rafael.fonseca@wildlifestudios.com>

* Update helm-docs

Signed-off-by: Rafael da Fonseca <rafael.fonseca@wildlifestudios.com>

* Avoid calling GetBackendConfiguration() twice, use clearer name for helm chart option

Signed-off-by: Rafael da Fonseca <rafael.fonseca@wildlifestudios.com>

* Fix helm-docs ordering

Signed-off-by: Rafael da Fonseca <rafael.fonseca@wildlifestudios.com>

---------

Signed-off-by: Rafael da Fonseca <rafael.fonseca@wildlifestudios.com>
 2024-05-14 14:45:25 -07:00
NierYYDS
95554dccd2
fix: update kube version requirement to 1.21 (#11275) 
The controller depends on the v1 version of EndpointSlice, but the discovery.k8s.io/v1 API was first introduced in Kubernetes version 1.21.
 2024-04-18 10:06:32 -07:00
Long Wu Yuan
5e0792ecb5
updated certgen image shatag (#11214) 2024-04-05 08:16:55 -07:00
Matheus Fidelis
e9509e27aa
feature(default_backend): topologySpreadConstraints on default backend (#11197) 
feature(default_backend): topologySpread support

feature(default_backend): topologySpread support

feature(default_backend): helm-docs

feature(default_backend): helm-docs

feature(default_backend): helm-docs

feature(default_backend): helm-docs

feature(default_backend): nit

feature(default_backend): nit

feature(default_backend): nit
 2024-04-05 04:54:48 -07:00
TheRealNoob
ad274ab2c6
Chart: Make controller.config templatable. (#11181) 
* [helm] pass controller.config through tpl

* add unittest

* update README.md

* Update charts/ingress-nginx/README.md

Co-authored-by: Marco Ebert <marco_ebert@icloud.com>

* Update charts/ingress-nginx/tests/controller-configmap_test.yaml

Co-authored-by: Marco Ebert <marco_ebert@icloud.com>

* Update charts/ingress-nginx/values.yaml

Co-authored-by: Marco Ebert <marco_ebert@icloud.com>

---------

Co-authored-by: Marco Ebert <marco_ebert@icloud.com>
 2024-04-04 12:50:05 -07:00
Matheus Fidelis
7c8af4928b
Controller: Make Leader Election TTL configurable. (#11142) 
* feature(leader_ttl): feature to customize ttl to leader be re-elected

* fix(review): docs
 2024-03-28 06:36:23 -07:00
Marco Ebert
56a0968675
Chart: Add IngressClass aliases. (#11109) 2024-03-17 14:27:27 -07:00
Marco Ebert
2894b8a060
Chart: Improve IngressClass documentation. (#11104) 2024-03-12 06:39:07 -07:00
Matheus Fidelis
9b63559cbb
feature(leader_election): flag to disable leader election feature on controller (#11064) 2024-03-06 05:59:22 -08:00
Ricardo Katz
dc999d81da
Release version v1.10.0 (#11039) 2024-02-28 16:41:06 -08:00
Ricardo Katz
7a75538dea
Bump kubewebhook certgen (#11034) 
Signed-off-by: Ricardo Katz <rikatz@users.noreply.github.com>
Co-authored-by: Jintao Zhang <zhangjintao9020@gmail.com>
 2024-02-27 21:32:13 -08:00
James Strong
4e97379b4e
Release controller 1.9.6 and helm 4.9.1 (#10919) 
Signed-off-by: James Strong <strong.james.e@gmail.com>
 2024-01-26 23:45:19 -08:00
James Strong
0e47bfbfec release 1.9.5 docs 
Signed-off-by: James Strong <strong.james.e@gmail.com>
 2023-12-21 10:42:28 +01:00
Mathieu Parent
9db2eb965e
Add controller.metrics.serviceMonitor.annotations in Helm chart (#9677) 
Signed-off-by: Mathieu Parent <math.parent@gmail.com>
 2023-12-20 23:08:50 +01:00
Marco Ebert
0e12525bdd Chart: Revert verion 4.8.4. 2023-12-20 19:30:43 +01:00
patst
7e31f818ff
helm: opentelemetry addon allow configuration of registry with setting tag (#9773) 
* feat: allow configuration of registry, image, tag and digest in single values for opentelemetry addon

* feat: allow configuration of registry, image, tag and digest in single values for opentelemetry addon

* add ci test file

* fix: updated helm-docs with opentelemetry image value

* fix: ci test case

* fix: ci test case set default registry, image + tag

* fix: ci test case set default registry + image

* fix: remove unrequired comment

* feat!: use extraModules helper method for templating the image value

* image definition for OTel image is now split up in image, repo and registry values

* feat!: move distroless config under the image key

* update helm-docs

* Refactor template to generate the image name

* adapt test cases for extraModules

* implement code review

* try to fix ci test for opentelemetry
 2023-12-08 11:09:34 +01:00
Marco Ebert
7e54daa909
Helm Service: Align internal to external. (#10239) 
* Service: Align internal to external.

* Service: Remove redundant condition.
 2023-12-05 17:25:04 +01:00
Ofir Shtrull
83f4332572
add new serivce type for internal use (#10727) 
* add new serivce type for internal use

* bump chart version

* lint

* fix tests

* fix readme

* Update charts/ingress-nginx/Chart.yaml

Co-authored-by: Marco Ebert <marco_ebert@icloud.com>

* Update charts/ingress-nginx/values.yaml

Co-authored-by: Marco Ebert <marco_ebert@icloud.com>

* rerun helm-docs

* Update charts/ingress-nginx/templates/controller-service-internal.yaml

Co-authored-by: Marco Ebert <marco_ebert@icloud.com>

* fix values

* fix values

---------

Co-authored-by: Marco Ebert <marco_ebert@icloud.com>
 2023-12-05 14:47:20 +01:00
Stavros Foteinopoulos
1f06e26080
Add extra configMaps support to helm chart (#10673) 
* Add extra configMaps support to helm chart

Signed-off-by: Stavros Foteinopoulos <stafot@gmail.com>

* Introducing unit tests for helm chart

Signed-off-by: Stavros Foteinopoulos <stafot@gmail.com>

---------

Signed-off-by: Stavros Foteinopoulos <stafot@gmail.com>
 2023-12-02 14:26:23 +01:00
Jmnote
bfc2300c3d
[charts] add controller.admissionWebhooks.networkPolicyEnabled (#10650) 
* add controller.admissionWebhooks.networkPolicyEnabled

Signed-off-by: Jmnote <opcore@gmail.com>

* .Values.controller.admissionWebhooks.patch.networkPolicy.enabled

---------

Signed-off-by: Jmnote <opcore@gmail.com>
 2023-11-29 22:39:51 +01:00
Marco Ebert
8b026f42d5
Chart: Tighten securityContexts and Pod Security Policies. (#10491) 
* Values: Fix docs of `controller.podSecurityContext` & `controller.sysctls`.

* Values: Add missing `controller.containerSecurityContext`.

Already in use, but has never been added to values.

* Values: Fix docs of `defaultBackend.podSecurityContext` & `defaultBackend.containerSecurityContext`.

* Helpers: Rename `controller.containerSecurityContext` to `ingress-nginx.controller.containerSecurityContext`.

Due to alignment with other templates.

* Helpers: Improve `extraModules`.

- Make `command` a multiline list.
- Fix `toYaml` usage.
- Remove `toYaml` where not necessary.

* Helpers: Move `ingress-nginx.defaultBackend.fullname`.

* Helpers: Add `ingress-nginx.defaultBackend.containerSecurityContext`.

Extracts the default backend `securityContext` into a template, as for the controller.

* Controller: Fix indentation of `controller.podSecurityContext` & `controller.sysctls`.

* Controller: Improve `controller.extraModules` & `controller.opentelemetry`.

- Add `controller.extraModules.distroless` & `controller.extraModules.resources`.
- Add `controller.opentelemetry.name` & `controller.opentelemetry.distroless`.
- Align `extraModules` inclusion for `controller.extraModules` & `controller.opentelemetry`.
- Remove redundant whitespaces.

* Controller/PSP: Align indentation.

* Controller/PSP: Remove quotes.

* Controller/PSP: Improve comments.

* Controller/PSP: Reorder fields.

See https://v1-24.docs.kubernetes.io/docs/concepts/security/pod-security-policy.

* Admission Webhooks: Fix indentation of `controller.admissionWebhooks.patch.securityContext`.

* Admission Webhooks/PSP: Align indentation.

* Admission Webhooks/PSP: Reorder fields.

* Admission Webhooks/PSP: Align condition.

* Admission Webhooks/ClusterRole: Align PSP rule.

* Default Backend/PSP: Align indentation.

* Default Backend/PSP: Reorder fields.

See https://v1-24.docs.kubernetes.io/docs/concepts/security/pod-security-policy.

* Values: Tighten `controller.image`.

Due to recent changes, the controller image can be run without privilege escalation:

- https://github.com/kubernetes/ingress-nginx/issues/8499
- https://github.com/kubernetes/ingress-nginx/pull/7449

* Values: Tighten `controller.extraModules.containerSecurityContext`.

* Values: Tighten `controller.opentelemetry.containerSecurityContext`.

* Values: Tighten `controller.admissionWebhooks.*.securityContext`.

Moves the pod `securityContext` to the containers to not interfere with injected containers.

* Values: Tighten `defaultBackend.image`.
 2023-11-07 18:52:36 +01:00
Marco Ebert
0120a2df48
Admission Webhook: Truncate name. (#10523) 2023-10-29 18:26:05 +01:00
Ricardo Katz
5583f90c7f
Release v1.9.4 (#10568) 2023-10-25 18:33:49 +02:00
jasine
7ce6cc88d8
feat: add namespace overrides (#10539) 
* feat: add namespace overrides

* add value in readme

* fix: readme description

* fix: description in value

* fix: set max length and trim last "-"
 2023-10-24 19:53:46 +02:00
James Strong
6f2ad83b0d
release 1.9.3 
Signed-off-by: James Strong <strong.james.e@gmail.com>
 2023-10-12 09:51:50 -04:00
James Strong
2d3ee50949
update nginx base, httpbun, e2e, helm webhook cert gen (#10506) 
* update nginx base, httpbun, e2e, helm webhook cert gen

Signed-off-by: James Strong <strong.james.e@gmail.com>

* fix helm docs

Signed-off-by: James Strong <strong.james.e@gmail.com>

---------

Signed-off-by: James Strong <strong.james.e@gmail.com>
 2023-10-11 23:53:19 +02:00
Ricardo Katz
24b139424d Release v1.9.1 2023-10-01 18:01:26 -03:00
Marco Ebert
0b0ce031ac
Chart: Rework network policies. (#10238) 2023-09-24 08:02:57 -07:00
Ricardo Katz
6107346590
Release v1.9.0 (#10433) 2023-09-23 13:46:56 -07:00
arukiidou
82e24cb399
Helm - Fix Chart.yaml - add license annotations, add type keyword, remove gotpl (#10287) 
* Helm - add license annotations, add type keyword, remove gotpl

Signed-off-by: junya koyama <arukiidou@yahoo.co.jp>

* Helm - run helm-docs

Signed-off-by: junya koyama <arukiidou@yahoo.co.jp>

---------

Signed-off-by: junya koyama <arukiidou@yahoo.co.jp>
 2023-09-22 04:08:50 -07:00
Ricardo Katz
cb70900609
Release v1.9.0-beta.0 (#10422) 2023-09-18 04:52:31 -07:00
František Hána
06c64bf567
helm: add resources to opentelemetry init container (#10300) 2023-09-11 19:36:12 -07:00
Ricardo Katz
cf889c6c47
Disable user snippets per default (#10393) 
* Disable user snippets per default

* Enable snippet on tests
 2023-09-10 20:02:10 -07:00
Marco Ebert
2d03da6334
Deployment/DaemonSet: Fix templating & value. (#10240) 2023-09-10 07:20:09 -07:00
James Strong
da9c5730f6
release notes 1.8.2 (#10389) 
* release notes 1.8.2

Signed-off-by: James Strong <strong.james.e@gmail.com>

* fix yaml error

Signed-off-by: James Strong <strong.james.e@gmail.com>

* supdate docs

* Rolling back to v1.21.1

---------

Signed-off-by: James Strong <strong.james.e@gmail.com>
Co-authored-by: Ricardo Katz <rikatz@users.noreply.github.com>
 2023-09-09 08:44:09 -07:00
logica
dd6145b2d3
Bump k8s.io/component-base from 0.26.4 to 0.27.4 (Replace Topology Aware Hints with Topology Aware Routing) (#10282) 
* Bump k8s.io/component-base from 0.26.4 to 0.27.4

Bumps [k8s.io/component-base](https://github.com/kubernetes/component-base) from 0.26.4 to 0.27.4.
- [Commits](https://github.com/kubernetes/component-base/compare/v0.26.4...v0.27.4)

---
updated-dependencies:
- dependency-name: k8s.io/component-base
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* changed annotation to TopologyMode

* fixed documents

* fixed test

* using api constraint for test deployment options

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-08-11 07:17:27 -07:00
Ehsan Saei
3baa591bb5
promote distroless otel init image (#10257) 2023-08-02 03:34:49 -07:00
Jan-Otto Kröpke
afd1311f85
[helm] configure allow to configure hostAliases (#10180) 
Signed-off-by: Jan-Otto Kröpke <joe@cloudeteer.de>
 2023-07-28 04:41:56 -07:00
Ricardo Katz
c5f348ea2e
Implement annotation validation (#9673) 
* Add validation to all annotations

* Add annotation validation for fcgi

* Fix reviews and fcgi e2e

* Add flag to disable cross namespace validation

* Add risk, flag for validation, tests

* Add missing formating

* Enable validation by default on tests

* Test validation flag

* remove ajp from list

* Finalize validation changes

* Add validations to CI

* Update helm docs

* Fix code review

* Use a better name for annotation risk
 2023-07-21 20:32:07 -07:00
Jan-Otto Kröpke
a297cedb7a
[helm] pass service annotations through helm tpl engine (#10084) 
Signed-off-by: Jan-Otto Kröpke <joe@cloudeteer.de>
 2023-07-20 11:00:10 -07:00
James Strong
652a800422
release notes 1.8.1 (#10161) 
Signed-off-by: James Strong <strong.james.e@gmail.com>
 2023-06-30 18:37:24 -03:00
Fabio Formosa
002d7e90d7
Added a doc line to the missing helm value service.internal.loadBalancerIP (#9406) 
* Update README.md

#9403 Add documentation for controller.service.internal.loadBalancerIP in Helm chart

* Update README.md

removed a duplicated row in the helm chart values

* #9403 added a doc to the internal loadBalancerIP

removed a comment from an already supported helm value and added a doc line

* #9403 Reverted a manual added line

Removed a manual added line in favour of helm doc

* #9403 re-generated the README with the last doc line added to the value.yaml

* #9403 removed trailing spaces

* removed trail spaces
 2023-06-27 05:34:32 -07:00
Isaac Wilson
08158df8c0
Update typo in docs for lb scheme (#10117) 2023-06-22 10:35:40 -07:00
LucasBoisserie
0b4c98b7c3
feat(helm): Add loadBalancerClass (#9562) 2023-06-22 07:59:40 -07:00
Chen Chen
5bfc56618e
Update Internal Load Balancer docs (#10062) 
* Update internal load balancer doc

Signed-off-by: z1cheng <imchench@gmail.com>

* Fix incorrect description

Signed-off-by: z1cheng <imchench@gmail.com>

* GenerateREADME.md using helm-docs

Signed-off-by: z1cheng <imchench@gmail.com>

* Regenerate the docs

Signed-off-by: z1cheng <imchench@gmail.com>

---------

Signed-off-by: z1cheng <imchench@gmail.com>
 2023-06-08 08:54:13 -07:00