90c79689c4
* Drop v1beta1 from ingress nginx (#7156) * Drop v1beta1 from ingress nginx Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com> * Fix intorstr logic in controller Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com> * fixing admission Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com> * more intorstr fixing * correct template rendering Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com> * Fix e2e tests for v1 api Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com> * Fix gofmt errors * This is finally working...almost there... Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com> * Re-add removed validation of AdmissionReview * Prepare for v1.0.0-alpha.1 release Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com> * Update changelog and matrix table for v1.0.0-alpha.1 (#7274) Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com> * add docs for syslog feature (#7219) * Fix link to e2e-tests.md in developer-guide (#7201) * Use ENV expansion for namespace in args (#7146) Update the DaemonSet namespace references to use the `POD_NAMESPACE` environment variable in the same way that the Deployment does. * chart: using Helm builtin capabilities check (#7190) Signed-off-by: Jintao Zhang <zhangjintao9020@gmail.com> * Update proper default value for HTTP2MaxConcurrentStreams in Docs (#6944) It should be 128 as documented in https://github.com/kubernetes/ingress-nginx/blob/master/internal/ingress/controller/config/config.go#L780 * Fix MaxWorkerOpenFiles calculation on high cores nodes (#7107) * Fix MaxWorkerOpenFiles calculation on high cores nodes * Add e2e test for rlimit_nofile * Fix doc for max-worker-open-files * ingress/tcp: add additional error logging on failed (#7208) * Add file containing stable release (#7313) * Handle named (non-numeric) ports correctly (#7311) Signed-off-by: Carlos Panato <ctadeu@gmail.com> * Updated v1beta1 to v1 as its deprecated (#7308) * remove mercurial from build (#7031) * Retry to download maxmind DB if it fails (#7242) * Retry to download maxmind DB if it fails. Signed-off-by: Sergey Shakuto <sshakuto@infoblox.com> * Add retries count arg, move retry logic into DownloadGeoLite2DB function Signed-off-by: Sergey Shakuto <sshakuto@infoblox.com> * Reorder parameters in DownloadGeoLite2DB Signed-off-by: Sergey Shakuto <sshakuto@infoblox.com> * Remove hardcoded value Signed-off-by: Sergey Shakuto <sshakuto@infoblox.com> * Release v1.0.0-alpha.1 * Add changelog for v1.0.0-alpha.2 * controller: ignore non-service backends (#7332) * controller: ignore non-service backends Signed-off-by: Carlos Panato <ctadeu@gmail.com> * update per feedback Signed-off-by: Carlos Panato <ctadeu@gmail.com> * fix: allow scope/tcp/udp configmap namespace to altered (#7161) * Lower webhook timeout for digital ocean (#7319) * Lower webhook timeout for digital ocean * Set Digital Ocean value controller.admissionWebhooks.timeoutSeconds to 29 * update OWNERS and aliases files (#7365) (#7366) Signed-off-by: Carlos Panato <ctadeu@gmail.com> * Downgrade Lua modules for s390x (#7355) Downgrade Lua modules to last known working version. * Fix IngressClass logic for newer releases (#7341) * Fix IngressClass logic for newer releases Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com> * Change e2e tests for the new IngressClass presence * Fix chart and admission tests Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com> * Fix helm chart test Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com> * Fix reviews * Remove ingressclass code from admission * update tag to v1.0.0-beta.1 * update readme and changelog for v1.0.0-beta.1 * Release v1.0.0-beta.1 - helm and manifests (#7422) * Change the order of annotation just to trigger a new helm release (#7425) * [cherry-pick] Add dev-v1 branch into helm releaser (#7428) * Add dev-v1 branch into helm releaser (#7424) * chore: add link for artifacthub.io/prerelease annotations Signed-off-by: Jintao Zhang <zhangjintao9020@gmail.com> Co-authored-by: Ricardo Katz <rikatz@users.noreply.github.com> * k8s job ci pipeline for dev-v1 br v1.22.0 (#7453) * k8s job ci pipeline for dev-v1 br v1.22.0 Signed-off-by: Neha Lohia <nehapithadiya444@gmail.com> * k8s job ci pipeline for dev-v1 br v1.21.2 Signed-off-by: Neha Lohia <nehapithadiya444@gmail.com> * remove v1.21.1 version Signed-off-by: Neha Lohia <nehapithadiya444@gmail.com> * Add controller.watchIngressWithoutClass config option (#7459) Signed-off-by: Akshit Grover <akshit.grover2016@gmail.com> * Release new helm chart with certgen fixed (#7478) * Update go version, modules and remove ioutil * Release new helm chart with certgen fixed * changed appversion, chartversion, TAG, image (#7490) * Fix CI conflict * Fix CI conflict * Fix build.sh from rebase process * Fix controller_test post rebase Co-authored-by: Tianhao Guo <rggth09@gmail.com> Co-authored-by: Ray <61553+rctay@users.noreply.github.com> Co-authored-by: Bill Cassidy <cassid4@gmail.com> Co-authored-by: Jintao Zhang <tao12345666333@163.com> Co-authored-by: Sathish Ramani <rsathishx87@gmail.com> Co-authored-by: Mansur Marvanov <nanorobocop@gmail.com> Co-authored-by: Matt1360 <568198+Matt1360@users.noreply.github.com> Co-authored-by: Carlos Tadeu Panato Junior <ctadeu@gmail.com> Co-authored-by: Kundan Kumar <kundan.kumar@india.nec.com> Co-authored-by: Tom Hayward <thayward@infoblox.com> Co-authored-by: Sergey Shakuto <sshakuto@infoblox.com> Co-authored-by: Tore <tore.lonoy@gmail.com> Co-authored-by: Bouke Versteegh <info@boukeversteegh.nl> Co-authored-by: Shahid <shahid@us.ibm.com> Co-authored-by: James Strong <strong.james.e@gmail.com> Co-authored-by: Long Wu Yuan <longwuyuan@gmail.com> Co-authored-by: Jintao Zhang <zhangjintao9020@gmail.com> Co-authored-by: Neha Lohia <nehapithadiya444@gmail.com> Co-authored-by: Akshit Grover <akshit.grover2016@gmail.com>
251 lines
11 KiB
YAML
251 lines
11 KiB
YAML
{{- if or (eq .Values.controller.kind "Deployment") (eq .Values.controller.kind "Both") -}}
|
|
{{- include "isControllerTagValid" . -}}
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
labels:
|
|
{{- include "ingress-nginx.labels" . | nindent 4 }}
|
|
app.kubernetes.io/component: controller
|
|
{{- with .Values.controller.labels }}
|
|
{{- toYaml . | nindent 4 }}
|
|
{{- end }}
|
|
name: {{ include "ingress-nginx.controller.fullname" . }}
|
|
namespace: {{ .Release.Namespace }}
|
|
{{- if .Values.controller.annotations }}
|
|
annotations: {{ toYaml .Values.controller.annotations | nindent 4 }}
|
|
{{- end }}
|
|
spec:
|
|
selector:
|
|
matchLabels:
|
|
{{- include "ingress-nginx.selectorLabels" . | nindent 6 }}
|
|
app.kubernetes.io/component: controller
|
|
{{- if not .Values.controller.autoscaling.enabled }}
|
|
replicas: {{ .Values.controller.replicaCount }}
|
|
{{- end }}
|
|
revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
|
|
{{- if .Values.controller.updateStrategy }}
|
|
strategy:
|
|
{{ toYaml .Values.controller.updateStrategy | nindent 4 }}
|
|
{{- end }}
|
|
minReadySeconds: {{ .Values.controller.minReadySeconds }}
|
|
template:
|
|
metadata:
|
|
{{- if .Values.controller.podAnnotations }}
|
|
annotations:
|
|
{{- range $key, $value := .Values.controller.podAnnotations }}
|
|
{{ $key }}: {{ $value | quote }}
|
|
{{- end }}
|
|
{{- end }}
|
|
labels:
|
|
{{- include "ingress-nginx.selectorLabels" . | nindent 8 }}
|
|
app.kubernetes.io/component: controller
|
|
{{- if .Values.controller.podLabels }}
|
|
{{- toYaml .Values.controller.podLabels | nindent 8 }}
|
|
{{- end }}
|
|
spec:
|
|
{{- if .Values.controller.dnsConfig }}
|
|
dnsConfig: {{ toYaml .Values.controller.dnsConfig | nindent 8 }}
|
|
{{- end }}
|
|
{{- if .Values.controller.hostname }}
|
|
hostname: {{ toYaml .Values.controller.hostname | nindent 8 }}
|
|
{{- end }}
|
|
dnsPolicy: {{ .Values.controller.dnsPolicy }}
|
|
{{- if .Values.imagePullSecrets }}
|
|
imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 8 }}
|
|
{{- end }}
|
|
{{- if .Values.controller.priorityClassName }}
|
|
priorityClassName: {{ .Values.controller.priorityClassName }}
|
|
{{- end }}
|
|
{{- if or .Values.controller.podSecurityContext .Values.controller.sysctls }}
|
|
securityContext:
|
|
{{- end }}
|
|
{{- if .Values.controller.podSecurityContext }}
|
|
{{- toYaml .Values.controller.podSecurityContext | nindent 8 }}
|
|
{{- end }}
|
|
{{- if .Values.controller.sysctls }}
|
|
sysctls:
|
|
{{- range $sysctl, $value := .Values.controller.sysctls }}
|
|
- name: {{ $sysctl | quote }}
|
|
value: {{ $value | quote }}
|
|
{{- end }}
|
|
{{- end }}
|
|
containers:
|
|
- name: {{ .Values.controller.containerName }}
|
|
{{- with .Values.controller.image }}
|
|
image: "{{- if .repository -}}{{ .repository }}{{ else }}{{ .registry }}/{{ .image }}{{- end -}}:{{ .tag }}{{- if (.digest) -}} @{{.digest}} {{- end -}}"
|
|
{{- end }}
|
|
imagePullPolicy: {{ .Values.controller.image.pullPolicy }}
|
|
{{- if .Values.controller.lifecycle }}
|
|
lifecycle: {{ toYaml .Values.controller.lifecycle | nindent 12 }}
|
|
{{- end }}
|
|
args:
|
|
- /nginx-ingress-controller
|
|
{{- if .Values.defaultBackend.enabled }}
|
|
- --default-backend-service=$(POD_NAMESPACE)/{{ include "ingress-nginx.defaultBackend.fullname" . }}
|
|
{{- end }}
|
|
{{- if .Values.controller.publishService.enabled }}
|
|
- --publish-service={{ template "ingress-nginx.controller.publishServicePath" . }}
|
|
{{- end }}
|
|
- --election-id={{ .Values.controller.electionID }}
|
|
- --controller-class={{ .Values.controller.ingressClassResource.controllerValue }}
|
|
- --configmap={{ default "$(POD_NAMESPACE)" .Values.controller.configMapNamespace }}/{{ include "ingress-nginx.controller.fullname" . }}
|
|
{{- if .Values.tcp }}
|
|
- --tcp-services-configmap={{ default "$(POD_NAMESPACE)" .Values.controller.tcp.configMapNamespace }}/{{ include "ingress-nginx.fullname" . }}-tcp
|
|
{{- end }}
|
|
{{- if .Values.udp }}
|
|
- --udp-services-configmap={{ default "$(POD_NAMESPACE)" .Values.controller.udp.configMapNamespace }}/{{ include "ingress-nginx.fullname" . }}-udp
|
|
{{- end }}
|
|
{{- if .Values.controller.scope.enabled }}
|
|
- --watch-namespace={{ default "$(POD_NAMESPACE)" .Values.controller.scope.namespace }}
|
|
{{- end }}
|
|
{{- if and .Values.controller.reportNodeInternalIp .Values.controller.hostNetwork }}
|
|
- --report-node-internal-ip-address={{ .Values.controller.reportNodeInternalIp }}
|
|
{{- end }}
|
|
{{- if .Values.controller.admissionWebhooks.enabled }}
|
|
- --validating-webhook=:{{ .Values.controller.admissionWebhooks.port }}
|
|
- --validating-webhook-certificate={{ .Values.controller.admissionWebhooks.certificate }}
|
|
- --validating-webhook-key={{ .Values.controller.admissionWebhooks.key }}
|
|
{{- end }}
|
|
{{- if .Values.controller.maxmindLicenseKey }}
|
|
- --maxmind-license-key={{ .Values.controller.maxmindLicenseKey }}
|
|
{{- end }}
|
|
{{- if not (eq .Values.controller.healthCheckPath "/healthz") }}
|
|
- --health-check-path={{ .Values.controller.healthCheckPath }}
|
|
{{- end }}
|
|
{{- if .Values.controller.watchIngressWithoutClass }}
|
|
- --watch-ingress-without-class=true
|
|
{{- end }}
|
|
{{- range $key, $value := .Values.controller.extraArgs }}
|
|
{{- /* Accept keys without values or with false as value */}}
|
|
{{- if eq ($value | quote | len) 2 }}
|
|
- --{{ $key }}
|
|
{{- else }}
|
|
- --{{ $key }}={{ $value }}
|
|
{{- end }}
|
|
{{- end }}
|
|
securityContext:
|
|
capabilities:
|
|
drop:
|
|
- ALL
|
|
add:
|
|
- NET_BIND_SERVICE
|
|
runAsUser: {{ .Values.controller.image.runAsUser }}
|
|
allowPrivilegeEscalation: {{ .Values.controller.image.allowPrivilegeEscalation }}
|
|
env:
|
|
- name: POD_NAME
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: metadata.name
|
|
- name: POD_NAMESPACE
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: metadata.namespace
|
|
{{- if .Values.controller.enableMimalloc }}
|
|
- name: LD_PRELOAD
|
|
value: /usr/local/lib/libmimalloc.so
|
|
{{- end }}
|
|
{{- if .Values.controller.extraEnvs }}
|
|
{{- toYaml .Values.controller.extraEnvs | nindent 12 }}
|
|
{{- end }}
|
|
{{- if .Values.controller.startupProbe }}
|
|
startupProbe: {{ toYaml .Values.controller.startupProbe | nindent 12 }}
|
|
{{- end }}
|
|
livenessProbe: {{ toYaml .Values.controller.livenessProbe | nindent 12 }}
|
|
readinessProbe: {{ toYaml .Values.controller.readinessProbe | nindent 12 }}
|
|
ports:
|
|
{{- range $key, $value := .Values.controller.containerPort }}
|
|
- name: {{ $key }}
|
|
containerPort: {{ $value }}
|
|
protocol: TCP
|
|
{{- if $.Values.controller.hostPort.enabled }}
|
|
hostPort: {{ index $.Values.controller.hostPort.ports $key | default $value }}
|
|
{{- end }}
|
|
{{- end }}
|
|
{{- if .Values.controller.metrics.enabled }}
|
|
- name: metrics
|
|
containerPort: {{ .Values.controller.metrics.port }}
|
|
protocol: TCP
|
|
{{- end }}
|
|
{{- if .Values.controller.admissionWebhooks.enabled }}
|
|
- name: webhook
|
|
containerPort: {{ .Values.controller.admissionWebhooks.port }}
|
|
protocol: TCP
|
|
{{- end }}
|
|
{{- range $key, $value := .Values.tcp }}
|
|
- name: {{ $key }}-tcp
|
|
containerPort: {{ $key }}
|
|
protocol: TCP
|
|
{{- if $.Values.controller.hostPort.enabled }}
|
|
hostPort: {{ $key }}
|
|
{{- end }}
|
|
{{- end }}
|
|
{{- range $key, $value := .Values.udp }}
|
|
- name: {{ $key }}-udp
|
|
containerPort: {{ $key }}
|
|
protocol: UDP
|
|
{{- if $.Values.controller.hostPort.enabled }}
|
|
hostPort: {{ $key }}
|
|
{{- end }}
|
|
{{- end }}
|
|
{{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled) }}
|
|
volumeMounts:
|
|
{{- if .Values.controller.customTemplate.configMapName }}
|
|
- mountPath: /etc/nginx/template
|
|
name: nginx-template-volume
|
|
readOnly: true
|
|
{{- end }}
|
|
{{- if .Values.controller.admissionWebhooks.enabled }}
|
|
- name: webhook-cert
|
|
mountPath: /usr/local/certificates/
|
|
readOnly: true
|
|
{{- end }}
|
|
{{- if .Values.controller.extraVolumeMounts }}
|
|
{{- toYaml .Values.controller.extraVolumeMounts | nindent 12 }}
|
|
{{- end }}
|
|
{{- end }}
|
|
{{- if .Values.controller.resources }}
|
|
resources: {{ toYaml .Values.controller.resources | nindent 12 }}
|
|
{{- end }}
|
|
{{- if .Values.controller.extraContainers }}
|
|
{{ toYaml .Values.controller.extraContainers | nindent 8 }}
|
|
{{- end }}
|
|
{{- if .Values.controller.extraInitContainers }}
|
|
initContainers: {{ toYaml .Values.controller.extraInitContainers | nindent 8 }}
|
|
{{- end }}
|
|
{{- if .Values.controller.hostNetwork }}
|
|
hostNetwork: {{ .Values.controller.hostNetwork }}
|
|
{{- end }}
|
|
{{- if .Values.controller.nodeSelector }}
|
|
nodeSelector: {{ toYaml .Values.controller.nodeSelector | nindent 8 }}
|
|
{{- end }}
|
|
{{- if .Values.controller.tolerations }}
|
|
tolerations: {{ toYaml .Values.controller.tolerations | nindent 8 }}
|
|
{{- end }}
|
|
{{- if .Values.controller.affinity }}
|
|
affinity: {{ toYaml .Values.controller.affinity | nindent 8 }}
|
|
{{- end }}
|
|
{{- if .Values.controller.topologySpreadConstraints }}
|
|
topologySpreadConstraints: {{ toYaml .Values.controller.topologySpreadConstraints | nindent 8 }}
|
|
{{- end }}
|
|
serviceAccountName: {{ template "ingress-nginx.serviceAccountName" . }}
|
|
terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }}
|
|
{{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled .Values.controller.extraVolumes) }}
|
|
volumes:
|
|
{{- if .Values.controller.customTemplate.configMapName }}
|
|
- name: nginx-template-volume
|
|
configMap:
|
|
name: {{ .Values.controller.customTemplate.configMapName }}
|
|
items:
|
|
- key: {{ .Values.controller.customTemplate.configMapKey }}
|
|
path: nginx.tmpl
|
|
{{- end }}
|
|
{{- if .Values.controller.admissionWebhooks.enabled }}
|
|
- name: webhook-cert
|
|
secret:
|
|
secretName: {{ include "ingress-nginx.fullname" . }}-admission
|
|
{{- end }}
|
|
{{- if .Values.controller.extraVolumes }}
|
|
{{ toYaml .Values.controller.extraVolumes | nindent 8 }}
|
|
{{- end }}
|
|
{{- end }}
|
|
{{- end }}
|