diff --git a/packages/system/ingress-nginx/charts/ingress-nginx/Chart.yaml b/packages/system/ingress-nginx/charts/ingress-nginx/Chart.yaml index 39142ef4..fd7b8103 100644 --- a/packages/system/ingress-nginx/charts/ingress-nginx/Chart.yaml +++ b/packages/system/ingress-nginx/charts/ingress-nginx/Chart.yaml @@ -1,9 +1,9 @@ annotations: artifacthub.io/changes: | - - Update Ingress-Nginx version controller-v1.11.5 + - Update Ingress-Nginx version controller-v1.11.2 artifacthub.io/prerelease: "false" apiVersion: v2 -appVersion: 1.11.5 +appVersion: 1.11.2 description: Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer home: https://github.com/kubernetes/ingress-nginx @@ -15,9 +15,11 @@ kubeVersion: '>=1.21.0-0' maintainers: - name: cpanato - name: Gacko +- name: puerco +- name: rikatz - name: strongjz - name: tao12345666333 name: ingress-nginx sources: - https://github.com/kubernetes/ingress-nginx -version: 4.11.5 +version: 4.11.2 diff --git a/packages/system/ingress-nginx/charts/ingress-nginx/OWNERS b/packages/system/ingress-nginx/charts/ingress-nginx/OWNERS index 428474f6..d588ede6 100644 --- a/packages/system/ingress-nginx/charts/ingress-nginx/OWNERS +++ b/packages/system/ingress-nginx/charts/ingress-nginx/OWNERS @@ -1,4 +1,10 @@ # See the OWNERS docs: https://www.kubernetes.dev/docs/guide/owners +approvers: +- ingress-nginx-helm-maintainers + +reviewers: +- ingress-nginx-helm-reviewers + labels: - area/helm diff --git a/packages/system/ingress-nginx/charts/ingress-nginx/README.md b/packages/system/ingress-nginx/charts/ingress-nginx/README.md index d36a564c..26eab285 100644 --- a/packages/system/ingress-nginx/charts/ingress-nginx/README.md +++ b/packages/system/ingress-nginx/charts/ingress-nginx/README.md @@ -2,7 +2,7 @@ [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer -![Version: 4.11.5](https://img.shields.io/badge/Version-4.11.5-informational?style=flat-square) ![AppVersion: 1.11.5](https://img.shields.io/badge/AppVersion-1.11.5-informational?style=flat-square) +![Version: 4.11.2](https://img.shields.io/badge/Version-4.11.2-informational?style=flat-square) ![AppVersion: 1.11.2](https://img.shields.io/badge/AppVersion-1.11.2-informational?style=flat-square) To use, add `ingressClassName: nginx` spec field or the `kubernetes.io/ingress.class: nginx` annotation to your Ingress resources. @@ -229,24 +229,6 @@ Detail of how and why are in [this issue](https://github.com/helm/charts/pull/13 As of version `1.26.0` of this chart, by simply not providing any clusterIP value, `invalid: spec.clusterIP: Invalid value: "": field is immutable` will no longer occur since `clusterIP: ""` will not be rendered. -### Pod Security Admission - -You can use Pod Security Admission by applying labels to the `ingress-nginx` namespace as instructed by the [documentation](https://kubernetes.io/docs/tasks/configure-pod-container/enforce-standards-namespace-labels). - -Example: - -```yaml -apiVersion: v1 -kind: Namespace -metadata: - name: ingress-nginx - labels: - kubernetes.io/metadata.name: ingress-nginx - name: ingress-nginx - pod-security.kubernetes.io/enforce: restricted - pod-security.kubernetes.io/enforce-version: v1.31 -``` - ## Values | Key | Type | Default | Description | @@ -271,11 +253,11 @@ metadata: | controller.admissionWebhooks.namespaceSelector | object | `{}` | | | controller.admissionWebhooks.objectSelector | object | `{}` | | | controller.admissionWebhooks.patch.enabled | bool | `true` | | -| controller.admissionWebhooks.patch.image.digest | string | `"sha256:e8825994b7a2c7497375a9b945f386506ca6a3eda80b89b74ef2db743f66a5ea"` | | +| controller.admissionWebhooks.patch.image.digest | string | `"sha256:a320a50cc91bd15fd2d6fa6de58bd98c1bd64b9a6f926ce23a600d87043455a3"` | | | controller.admissionWebhooks.patch.image.image | string | `"ingress-nginx/kube-webhook-certgen"` | | | controller.admissionWebhooks.patch.image.pullPolicy | string | `"IfNotPresent"` | | | controller.admissionWebhooks.patch.image.registry | string | `"registry.k8s.io"` | | -| controller.admissionWebhooks.patch.image.tag | string | `"v1.5.2"` | | +| controller.admissionWebhooks.patch.image.tag | string | `"v1.4.3"` | | | controller.admissionWebhooks.patch.labels | object | `{}` | Labels to be added to patch job resources | | controller.admissionWebhooks.patch.networkPolicy.enabled | bool | `false` | Enable 'networkPolicy' or not | | controller.admissionWebhooks.patch.nodeSelector."kubernetes.io/os" | string | `"linux"` | | @@ -343,8 +325,8 @@ metadata: | controller.hostname | object | `{}` | Optionally customize the pod hostname. | | controller.image.allowPrivilegeEscalation | bool | `false` | | | controller.image.chroot | bool | `false` | | -| controller.image.digest | string | `"sha256:a1cbad75b0a7098bf9325132794dddf9eef917e8a7fe246749a4cea7ff6f01eb"` | | -| controller.image.digestChroot | string | `"sha256:ec9df3eb6b06563a079ee46045da94cbf750f7dbb16fdbcb9e3265b551ed72ad"` | | +| controller.image.digest | string | `"sha256:d5f8217feeac4887cb1ed21f27c2674e58be06bd8f5184cacea2a69abaf78dce"` | | +| controller.image.digestChroot | string | `"sha256:21b55a2f0213a18b91612a8c0850167e00a8e34391fd595139a708f9c047e7a8"` | | | controller.image.image | string | `"ingress-nginx/controller"` | | | controller.image.pullPolicy | string | `"IfNotPresent"` | | | controller.image.readOnlyRootFilesystem | bool | `false` | | @@ -352,7 +334,7 @@ metadata: | controller.image.runAsNonRoot | bool | `true` | | | controller.image.runAsUser | int | `101` | | | controller.image.seccompProfile.type | string | `"RuntimeDefault"` | | -| controller.image.tag | string | `"v1.11.5"` | | +| controller.image.tag | string | `"v1.11.2"` | | | controller.ingressClass | string | `"nginx"` | For backwards compatibility with ingress.class annotation, use ingressClass. Algorithm is as follows, first ingressClassName is considered, if not present, controller looks for ingress.class annotation | | controller.ingressClassByName | bool | `false` | Process IngressClass per name (additionally as per spec.controller). | | controller.ingressClassResource | object | `{"aliases":[],"annotations":{},"controllerValue":"k8s.io/ingress-nginx","default":false,"enabled":true,"name":"nginx","parameters":{}}` | This section refers to the creation of the IngressClass resource. IngressClasses are immutable and cannot be changed after creation. We do not support namespaced IngressClasses, yet, so a ClusterRole and a ClusterRoleBinding is required. | @@ -384,7 +366,7 @@ metadata: | controller.livenessProbe.periodSeconds | int | `10` | | | controller.livenessProbe.successThreshold | int | `1` | | | controller.livenessProbe.timeoutSeconds | int | `1` | | -| controller.maxmindLicenseKey | string | `""` | Maxmind license key to download GeoLite2 Databases. # https://blog.maxmind.com/2019/12/significant-changes-to-accessing-and-using-geolite2-databases/ | +| controller.maxmindLicenseKey | string | `""` | Maxmind license key to download GeoLite2 Databases. # https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-geolite2-databases | | controller.metrics.enabled | bool | `false` | | | controller.metrics.port | int | `10254` | | | controller.metrics.portName | string | `"metrics"` | | @@ -398,7 +380,7 @@ metadata: | controller.metrics.service.servicePort | int | `10254` | | | controller.metrics.service.type | string | `"ClusterIP"` | | | controller.metrics.serviceMonitor.additionalLabels | object | `{}` | | -| controller.metrics.serviceMonitor.annotations | object | `{}` | Annotations to be added to the ServiceMonitor. | +| controller.metrics.serviceMonitor.annotations | object | `{}` | | | controller.metrics.serviceMonitor.enabled | bool | `false` | | | controller.metrics.serviceMonitor.metricRelabelings | list | `[]` | | | controller.metrics.serviceMonitor.namespace | string | `""` | | @@ -533,7 +515,7 @@ metadata: | defaultBackend.livenessProbe.periodSeconds | int | `10` | | | defaultBackend.livenessProbe.successThreshold | int | `1` | | | defaultBackend.livenessProbe.timeoutSeconds | int | `5` | | -| defaultBackend.minAvailable | int | `1` | Minimum available pods set in PodDisruptionBudget. | +| defaultBackend.minAvailable | int | `1` | | | defaultBackend.minReadySeconds | int | `0` | `minReadySeconds` to avoid killing pods before we are ready # | | defaultBackend.name | string | `"defaultbackend"` | | | defaultBackend.networkPolicy.enabled | bool | `false` | Enable 'networkPolicy' or not | diff --git a/packages/system/ingress-nginx/charts/ingress-nginx/README.md.gotmpl b/packages/system/ingress-nginx/charts/ingress-nginx/README.md.gotmpl index 3cb9d565..17b029bb 100644 --- a/packages/system/ingress-nginx/charts/ingress-nginx/README.md.gotmpl +++ b/packages/system/ingress-nginx/charts/ingress-nginx/README.md.gotmpl @@ -226,22 +226,4 @@ Detail of how and why are in [this issue](https://github.com/helm/charts/pull/13 As of version `1.26.0` of this chart, by simply not providing any clusterIP value, `invalid: spec.clusterIP: Invalid value: "": field is immutable` will no longer occur since `clusterIP: ""` will not be rendered. -### Pod Security Admission - -You can use Pod Security Admission by applying labels to the `ingress-nginx` namespace as instructed by the [documentation](https://kubernetes.io/docs/tasks/configure-pod-container/enforce-standards-namespace-labels). - -Example: - -```yaml -apiVersion: v1 -kind: Namespace -metadata: - name: ingress-nginx - labels: - kubernetes.io/metadata.name: ingress-nginx - name: ingress-nginx - pod-security.kubernetes.io/enforce: restricted - pod-security.kubernetes.io/enforce-version: v1.31 -``` - {{ template "chart.valuesSection" . }} diff --git a/packages/system/ingress-nginx/charts/ingress-nginx/ci/controller-admission-tls-cert-manager-values.yaml b/packages/system/ingress-nginx/charts/ingress-nginx/ci/controller-admission-tls-cert-manager-values.yaml new file mode 100644 index 00000000..a13241cd --- /dev/null +++ b/packages/system/ingress-nginx/charts/ingress-nginx/ci/controller-admission-tls-cert-manager-values.yaml @@ -0,0 +1,6 @@ +controller: + admissionWebhooks: + certManager: + enabled: true + service: + type: ClusterIP diff --git a/packages/system/ingress-nginx/charts/ingress-nginx/ci/controller-custom-ingressclass-flags.yaml b/packages/system/ingress-nginx/charts/ingress-nginx/ci/controller-custom-ingressclass-flags.yaml new file mode 100644 index 00000000..b28a2326 --- /dev/null +++ b/packages/system/ingress-nginx/charts/ingress-nginx/ci/controller-custom-ingressclass-flags.yaml @@ -0,0 +1,7 @@ +controller: + watchIngressWithoutClass: true + ingressClassResource: + name: custom-nginx + enabled: true + default: true + controllerValue: "k8s.io/custom-nginx" diff --git a/packages/system/ingress-nginx/charts/ingress-nginx/ci/controller-daemonset-extra-modules-values.yaml b/packages/system/ingress-nginx/charts/ingress-nginx/ci/controller-daemonset-extra-modules-values.yaml deleted file mode 100644 index edf12e77..00000000 --- a/packages/system/ingress-nginx/charts/ingress-nginx/ci/controller-daemonset-extra-modules-values.yaml +++ /dev/null @@ -1,30 +0,0 @@ -controller: - image: - repository: ingress-controller/controller - tag: 1.0.0-dev - digest: null - - service: - type: ClusterIP - - kind: DaemonSet - - extraModules: - - name: opentelemetry - image: - registry: registry.k8s.io - image: ingress-nginx/opentelemetry-1.25.3 - tag: v20240813-b933310d - digest: sha256:f7604ac0547ed64d79b98d92133234e66c2c8aade3c1f4809fed5eec1fb7f922 - distroless: true - containerSecurityContext: - runAsNonRoot: true - runAsUser: 65532 - runAsGroup: 65532 - allowPrivilegeEscalation: false - seccompProfile: - type: RuntimeDefault - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true diff --git a/packages/system/ingress-nginx/charts/ingress-nginx/ci/controller-deployment-extra-modules-values.yaml b/packages/system/ingress-nginx/charts/ingress-nginx/ci/controller-deployment-extra-modules-values.yaml deleted file mode 100644 index d4083cc3..00000000 --- a/packages/system/ingress-nginx/charts/ingress-nginx/ci/controller-deployment-extra-modules-values.yaml +++ /dev/null @@ -1,30 +0,0 @@ -controller: - image: - repository: ingress-controller/controller - tag: 1.0.0-dev - digest: null - - service: - type: ClusterIP - - kind: Deployment - - extraModules: - - name: opentelemetry - image: - registry: registry.k8s.io - image: ingress-nginx/opentelemetry-1.25.3 - tag: v20240813-b933310d - digest: sha256:f7604ac0547ed64d79b98d92133234e66c2c8aade3c1f4809fed5eec1fb7f922 - distroless: true - containerSecurityContext: - runAsNonRoot: true - runAsUser: 65532 - runAsGroup: 65532 - allowPrivilegeEscalation: false - seccompProfile: - type: RuntimeDefault - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true diff --git a/packages/system/ingress-nginx/charts/ingress-nginx/ci/controller-deployment-opentelemetry-values.yaml b/packages/system/ingress-nginx/charts/ingress-nginx/ci/controller-deployment-opentelemetry-values.yaml deleted file mode 100644 index 9443ddef..00000000 --- a/packages/system/ingress-nginx/charts/ingress-nginx/ci/controller-deployment-opentelemetry-values.yaml +++ /dev/null @@ -1,13 +0,0 @@ -controller: - image: - repository: ingress-controller/controller - tag: 1.0.0-dev - digest: null - - service: - type: ClusterIP - - kind: Deployment - - opentelemetry: - enabled: true diff --git a/packages/system/ingress-nginx/charts/ingress-nginx/ci/controller-ingressclass-values.yaml b/packages/system/ingress-nginx/charts/ingress-nginx/ci/controller-ingressclass-values.yaml deleted file mode 100644 index c06429f9..00000000 --- a/packages/system/ingress-nginx/charts/ingress-nginx/ci/controller-ingressclass-values.yaml +++ /dev/null @@ -1,15 +0,0 @@ -controller: - image: - repository: ingress-controller/controller - tag: 1.0.0-dev - digest: null - - service: - type: ClusterIP - - ingressClassResource: - name: custom-nginx - default: true - controllerValue: k8s.io/custom-nginx - - watchIngressWithoutClass: true diff --git a/packages/system/ingress-nginx/charts/ingress-nginx/ci/daemonset-customconfig-values.yaml b/packages/system/ingress-nginx/charts/ingress-nginx/ci/daemonset-customconfig-values.yaml new file mode 100644 index 00000000..4393a5bc --- /dev/null +++ b/packages/system/ingress-nginx/charts/ingress-nginx/ci/daemonset-customconfig-values.yaml @@ -0,0 +1,14 @@ +controller: + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + kind: DaemonSet + allowSnippetAnnotations: false + admissionWebhooks: + enabled: false + service: + type: ClusterIP + + config: + use-proxy-protocol: "true" diff --git a/packages/system/ingress-nginx/charts/ingress-nginx/ci/daemonset-customnodeport-values.yaml b/packages/system/ingress-nginx/charts/ingress-nginx/ci/daemonset-customnodeport-values.yaml new file mode 100644 index 00000000..1d94be21 --- /dev/null +++ b/packages/system/ingress-nginx/charts/ingress-nginx/ci/daemonset-customnodeport-values.yaml @@ -0,0 +1,22 @@ +controller: + kind: DaemonSet + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + admissionWebhooks: + enabled: false + + service: + type: NodePort + nodePorts: + tcp: + 9000: 30090 + udp: + 9001: 30091 + +tcp: + 9000: "default/test:8080" + +udp: + 9001: "default/test:8080" diff --git a/packages/system/ingress-nginx/charts/ingress-nginx/ci/daemonset-extra-modules.yaml b/packages/system/ingress-nginx/charts/ingress-nginx/ci/daemonset-extra-modules.yaml new file mode 100644 index 00000000..52a32fcb --- /dev/null +++ b/packages/system/ingress-nginx/charts/ingress-nginx/ci/daemonset-extra-modules.yaml @@ -0,0 +1,13 @@ +controller: + kind: DaemonSet + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + service: + type: ClusterIP + extraModules: + - name: opentelemetry + image: + registry: registry.k8s.io + image: busybox + tag: latest diff --git a/packages/system/ingress-nginx/charts/ingress-nginx/ci/daemonset-headers-values.yaml b/packages/system/ingress-nginx/charts/ingress-nginx/ci/daemonset-headers-values.yaml new file mode 100644 index 00000000..ab7d47bd --- /dev/null +++ b/packages/system/ingress-nginx/charts/ingress-nginx/ci/daemonset-headers-values.yaml @@ -0,0 +1,14 @@ +controller: + kind: DaemonSet + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + admissionWebhooks: + enabled: false + addHeaders: + X-Frame-Options: deny + proxySetHeaders: + X-Forwarded-Proto: https + service: + type: ClusterIP diff --git a/packages/system/ingress-nginx/charts/ingress-nginx/ci/controller-service-internal-values.yaml b/packages/system/ingress-nginx/charts/ingress-nginx/ci/daemonset-internal-lb-values.yaml similarity index 81% rename from packages/system/ingress-nginx/charts/ingress-nginx/ci/controller-service-internal-values.yaml rename to packages/system/ingress-nginx/charts/ingress-nginx/ci/daemonset-internal-lb-values.yaml index 11108fbc..0a200a74 100644 --- a/packages/system/ingress-nginx/charts/ingress-nginx/ci/controller-service-internal-values.yaml +++ b/packages/system/ingress-nginx/charts/ingress-nginx/ci/daemonset-internal-lb-values.yaml @@ -1,12 +1,13 @@ controller: + kind: DaemonSet image: repository: ingress-controller/controller tag: 1.0.0-dev digest: null - + admissionWebhooks: + enabled: false service: type: ClusterIP - internal: enabled: true annotations: diff --git a/packages/system/ingress-nginx/charts/ingress-nginx/ci/daemonset-nodeport-values.yaml b/packages/system/ingress-nginx/charts/ingress-nginx/ci/daemonset-nodeport-values.yaml new file mode 100644 index 00000000..3b7aa2fc --- /dev/null +++ b/packages/system/ingress-nginx/charts/ingress-nginx/ci/daemonset-nodeport-values.yaml @@ -0,0 +1,10 @@ +controller: + kind: DaemonSet + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + admissionWebhooks: + enabled: false + service: + type: NodePort diff --git a/packages/system/ingress-nginx/charts/ingress-nginx/ci/controller-daemonset-podannotations-values.yaml b/packages/system/ingress-nginx/charts/ingress-nginx/ci/daemonset-podannotations-values.yaml similarity index 81% rename from packages/system/ingress-nginx/charts/ingress-nginx/ci/controller-daemonset-podannotations-values.yaml rename to packages/system/ingress-nginx/charts/ingress-nginx/ci/daemonset-podannotations-values.yaml index 405992ef..0b55306a 100644 --- a/packages/system/ingress-nginx/charts/ingress-nginx/ci/controller-daemonset-podannotations-values.yaml +++ b/packages/system/ingress-nginx/charts/ingress-nginx/ci/daemonset-podannotations-values.yaml @@ -1,16 +1,17 @@ controller: + kind: DaemonSet image: repository: ingress-controller/controller tag: 1.0.0-dev digest: null - + admissionWebhooks: + enabled: false + metrics: + enabled: true service: type: ClusterIP - - kind: DaemonSet - podAnnotations: - prometheus.io/scrape: "true" + prometheus.io/path: /metrics prometheus.io/port: "10254" prometheus.io/scheme: http - prometheus.io/path: /metrics + prometheus.io/scrape: "true" diff --git a/packages/system/ingress-nginx/charts/ingress-nginx/ci/daemonset-tcp-udp-configMapNamespace-values.yaml b/packages/system/ingress-nginx/charts/ingress-nginx/ci/daemonset-tcp-udp-configMapNamespace-values.yaml new file mode 100644 index 00000000..acd86a77 --- /dev/null +++ b/packages/system/ingress-nginx/charts/ingress-nginx/ci/daemonset-tcp-udp-configMapNamespace-values.yaml @@ -0,0 +1,20 @@ +controller: + kind: DaemonSet + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + admissionWebhooks: + enabled: false + service: + type: ClusterIP + tcp: + configMapNamespace: default + udp: + configMapNamespace: default + +tcp: + 9000: "default/test:8080" + +udp: + 9001: "default/test:8080" diff --git a/packages/system/ingress-nginx/charts/ingress-nginx/ci/daemonset-tcp-udp-portNamePrefix-values.yaml b/packages/system/ingress-nginx/charts/ingress-nginx/ci/daemonset-tcp-udp-portNamePrefix-values.yaml new file mode 100644 index 00000000..90b0f57a --- /dev/null +++ b/packages/system/ingress-nginx/charts/ingress-nginx/ci/daemonset-tcp-udp-portNamePrefix-values.yaml @@ -0,0 +1,18 @@ +controller: + kind: DaemonSet + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + admissionWebhooks: + enabled: false + service: + type: ClusterIP + +tcp: + 9000: "default/test:8080" + +udp: + 9001: "default/test:8080" + +portNamePrefix: "port" diff --git a/packages/system/ingress-nginx/charts/ingress-nginx/ci/daemonset-tcp-udp-values.yaml b/packages/system/ingress-nginx/charts/ingress-nginx/ci/daemonset-tcp-udp-values.yaml new file mode 100644 index 00000000..25ee64d8 --- /dev/null +++ b/packages/system/ingress-nginx/charts/ingress-nginx/ci/daemonset-tcp-udp-values.yaml @@ -0,0 +1,16 @@ +controller: + kind: DaemonSet + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + admissionWebhooks: + enabled: false + service: + type: ClusterIP + +tcp: + 9000: "default/test:8080" + +udp: + 9001: "default/test:8080" diff --git a/packages/system/ingress-nginx/charts/ingress-nginx/ci/daemonset-tcp-values.yaml b/packages/system/ingress-nginx/charts/ingress-nginx/ci/daemonset-tcp-values.yaml new file mode 100644 index 00000000..380c8b4b --- /dev/null +++ b/packages/system/ingress-nginx/charts/ingress-nginx/ci/daemonset-tcp-values.yaml @@ -0,0 +1,14 @@ +controller: + kind: DaemonSet + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + admissionWebhooks: + enabled: false + service: + type: ClusterIP + +tcp: + 9000: "default/test:8080" + 9001: "default/test:8080" diff --git a/packages/system/ingress-nginx/charts/ingress-nginx/ci/admission-webhooks-cert-manager-values.yaml b/packages/system/ingress-nginx/charts/ingress-nginx/ci/deamonset-default-values.yaml similarity index 79% rename from packages/system/ingress-nginx/charts/ingress-nginx/ci/admission-webhooks-cert-manager-values.yaml rename to packages/system/ingress-nginx/charts/ingress-nginx/ci/deamonset-default-values.yaml index 7eafd0c5..82fa23e8 100644 --- a/packages/system/ingress-nginx/charts/ingress-nginx/ci/admission-webhooks-cert-manager-values.yaml +++ b/packages/system/ingress-nginx/charts/ingress-nginx/ci/deamonset-default-values.yaml @@ -1,12 +1,10 @@ controller: + kind: DaemonSet image: repository: ingress-controller/controller tag: 1.0.0-dev digest: null - + admissionWebhooks: + enabled: false service: type: ClusterIP - - admissionWebhooks: - certManager: - enabled: true diff --git a/packages/system/ingress-nginx/charts/ingress-nginx/ci/deamonset-metrics-values.yaml b/packages/system/ingress-nginx/charts/ingress-nginx/ci/deamonset-metrics-values.yaml new file mode 100644 index 00000000..cb3cb54b --- /dev/null +++ b/packages/system/ingress-nginx/charts/ingress-nginx/ci/deamonset-metrics-values.yaml @@ -0,0 +1,12 @@ +controller: + kind: DaemonSet + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + admissionWebhooks: + enabled: false + metrics: + enabled: true + service: + type: ClusterIP diff --git a/packages/system/ingress-nginx/charts/ingress-nginx/ci/controller-daemonset-metrics-values.yaml b/packages/system/ingress-nginx/charts/ingress-nginx/ci/deamonset-webhook-values.yaml similarity index 89% rename from packages/system/ingress-nginx/charts/ingress-nginx/ci/controller-daemonset-metrics-values.yaml rename to packages/system/ingress-nginx/charts/ingress-nginx/ci/deamonset-webhook-values.yaml index 7a98580c..54d364df 100644 --- a/packages/system/ingress-nginx/charts/ingress-nginx/ci/controller-daemonset-metrics-values.yaml +++ b/packages/system/ingress-nginx/charts/ingress-nginx/ci/deamonset-webhook-values.yaml @@ -1,13 +1,10 @@ controller: + kind: DaemonSet image: repository: ingress-controller/controller tag: 1.0.0-dev digest: null - + admissionWebhooks: + enabled: true service: type: ClusterIP - - kind: DaemonSet - - metrics: - enabled: true diff --git a/packages/system/ingress-nginx/charts/ingress-nginx/ci/controller-hpa-values.yaml b/packages/system/ingress-nginx/charts/ingress-nginx/ci/deployment-autoscaling-behavior-values.yaml similarity index 71% rename from packages/system/ingress-nginx/charts/ingress-nginx/ci/controller-hpa-values.yaml rename to packages/system/ingress-nginx/charts/ingress-nginx/ci/deployment-autoscaling-behavior-values.yaml index 54a0d2f7..dca3f35f 100644 --- a/packages/system/ingress-nginx/charts/ingress-nginx/ci/controller-hpa-values.yaml +++ b/packages/system/ingress-nginx/charts/ingress-nginx/ci/deployment-autoscaling-behavior-values.yaml @@ -1,12 +1,4 @@ controller: - image: - repository: ingress-controller/controller - tag: 1.0.0-dev - digest: null - - service: - type: ClusterIP - autoscaling: enabled: true behavior: @@ -16,3 +8,7 @@ controller: - type: Pods value: 1 periodSeconds: 180 + admissionWebhooks: + enabled: false + service: + type: ClusterIP diff --git a/packages/system/ingress-nginx/charts/ingress-nginx/ci/deployment-autoscaling-values.yaml b/packages/system/ingress-nginx/charts/ingress-nginx/ci/deployment-autoscaling-values.yaml new file mode 100644 index 00000000..b8b3ac68 --- /dev/null +++ b/packages/system/ingress-nginx/charts/ingress-nginx/ci/deployment-autoscaling-values.yaml @@ -0,0 +1,11 @@ +controller: + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + autoscaling: + enabled: true + admissionWebhooks: + enabled: false + service: + type: ClusterIP diff --git a/packages/system/ingress-nginx/charts/ingress-nginx/ci/controller-configmap-values.yaml b/packages/system/ingress-nginx/charts/ingress-nginx/ci/deployment-customconfig-values.yaml similarity index 70% rename from packages/system/ingress-nginx/charts/ingress-nginx/ci/controller-configmap-values.yaml rename to packages/system/ingress-nginx/charts/ingress-nginx/ci/deployment-customconfig-values.yaml index a7029895..17494184 100644 --- a/packages/system/ingress-nginx/charts/ingress-nginx/ci/controller-configmap-values.yaml +++ b/packages/system/ingress-nginx/charts/ingress-nginx/ci/deployment-customconfig-values.yaml @@ -3,9 +3,10 @@ controller: repository: ingress-controller/controller tag: 1.0.0-dev digest: null - - service: - type: ClusterIP - config: use-proxy-protocol: "true" + allowSnippetAnnotations: false + admissionWebhooks: + enabled: false + service: + type: ClusterIP diff --git a/packages/system/ingress-nginx/charts/ingress-nginx/ci/controller-service-values.yaml b/packages/system/ingress-nginx/charts/ingress-nginx/ci/deployment-customnodeport-values.yaml similarity index 69% rename from packages/system/ingress-nginx/charts/ingress-nginx/ci/controller-service-values.yaml rename to packages/system/ingress-nginx/charts/ingress-nginx/ci/deployment-customnodeport-values.yaml index 9039368c..a564eaf9 100644 --- a/packages/system/ingress-nginx/charts/ingress-nginx/ci/controller-service-values.yaml +++ b/packages/system/ingress-nginx/charts/ingress-nginx/ci/deployment-customnodeport-values.yaml @@ -3,20 +3,18 @@ controller: repository: ingress-controller/controller tag: 1.0.0-dev digest: null - + admissionWebhooks: + enabled: false service: type: NodePort - nodePorts: tcp: 9000: 30090 udp: 9001: 30091 -portNamePrefix: port - tcp: - 9000: default/test:8080 + 9000: "default/test:8080" udp: - 9001: default/test:8080 + 9001: "default/test:8080" diff --git a/packages/system/ingress-nginx/charts/ingress-nginx/ci/controller-daemonset-values.yaml b/packages/system/ingress-nginx/charts/ingress-nginx/ci/deployment-default-values.yaml similarity index 78% rename from packages/system/ingress-nginx/charts/ingress-nginx/ci/controller-daemonset-values.yaml rename to packages/system/ingress-nginx/charts/ingress-nginx/ci/deployment-default-values.yaml index d34025c8..9f46b4e7 100644 --- a/packages/system/ingress-nginx/charts/ingress-nginx/ci/controller-daemonset-values.yaml +++ b/packages/system/ingress-nginx/charts/ingress-nginx/ci/deployment-default-values.yaml @@ -1,10 +1,8 @@ +# Left blank to test default values controller: image: repository: ingress-controller/controller tag: 1.0.0-dev digest: null - service: type: ClusterIP - - kind: DaemonSet diff --git a/packages/system/ingress-nginx/charts/ingress-nginx/ci/deployment-extra-modules-default-container-sec-context.yaml b/packages/system/ingress-nginx/charts/ingress-nginx/ci/deployment-extra-modules-default-container-sec-context.yaml new file mode 100644 index 00000000..91b1b98a --- /dev/null +++ b/packages/system/ingress-nginx/charts/ingress-nginx/ci/deployment-extra-modules-default-container-sec-context.yaml @@ -0,0 +1,15 @@ +controller: + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + service: + type: ClusterIP + containerSecurityContext: + allowPrivilegeEscalation: false + extraModules: + - name: opentelemetry + image: + registry: registry.k8s.io + image: busybox + tag: latest diff --git a/packages/system/ingress-nginx/charts/ingress-nginx/ci/deployment-extra-modules-specific-container-sec-context.yaml b/packages/system/ingress-nginx/charts/ingress-nginx/ci/deployment-extra-modules-specific-container-sec-context.yaml new file mode 100644 index 00000000..b6013c7d --- /dev/null +++ b/packages/system/ingress-nginx/charts/ingress-nginx/ci/deployment-extra-modules-specific-container-sec-context.yaml @@ -0,0 +1,15 @@ +controller: + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + service: + type: ClusterIP + extraModules: + - name: opentelemetry + image: + registry: registry.k8s.io + image: busybox + tag: latest + containerSecurityContext: + allowPrivilegeEscalation: false diff --git a/packages/system/ingress-nginx/charts/ingress-nginx/ci/deployment-extra-modules.yaml b/packages/system/ingress-nginx/charts/ingress-nginx/ci/deployment-extra-modules.yaml new file mode 100644 index 00000000..2fbe1cc0 --- /dev/null +++ b/packages/system/ingress-nginx/charts/ingress-nginx/ci/deployment-extra-modules.yaml @@ -0,0 +1,13 @@ +controller: + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + service: + type: ClusterIP + extraModules: + - name: opentelemetry + image: + registry: registry.k8s.io + image: busybox + tag: latest diff --git a/packages/system/ingress-nginx/charts/ingress-nginx/ci/controller-configmap-proxyheaders-values.yaml b/packages/system/ingress-nginx/charts/ingress-nginx/ci/deployment-headers-values.yaml similarity index 69% rename from packages/system/ingress-nginx/charts/ingress-nginx/ci/controller-configmap-proxyheaders-values.yaml rename to packages/system/ingress-nginx/charts/ingress-nginx/ci/deployment-headers-values.yaml index e23a13c0..17a11ac3 100644 --- a/packages/system/ingress-nginx/charts/ingress-nginx/ci/controller-configmap-proxyheaders-values.yaml +++ b/packages/system/ingress-nginx/charts/ingress-nginx/ci/deployment-headers-values.yaml @@ -3,9 +3,11 @@ controller: repository: ingress-controller/controller tag: 1.0.0-dev digest: null - - service: - type: ClusterIP - + admissionWebhooks: + enabled: false + addHeaders: + X-Frame-Options: deny proxySetHeaders: X-Forwarded-Proto: https + service: + type: ClusterIP diff --git a/packages/system/ingress-nginx/charts/ingress-nginx/ci/deployment-internal-lb-values.yaml b/packages/system/ingress-nginx/charts/ingress-nginx/ci/deployment-internal-lb-values.yaml new file mode 100644 index 00000000..663ccb9d --- /dev/null +++ b/packages/system/ingress-nginx/charts/ingress-nginx/ci/deployment-internal-lb-values.yaml @@ -0,0 +1,19 @@ +controller: + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + admissionWebhooks: + enabled: false + service: + type: ClusterIP + internal: + enabled: true + annotations: + service.beta.kubernetes.io/aws-load-balancer-internal: "true" + ports: + http: 443 + https: 80 + targetPorts: + http: 443 + https: 80 diff --git a/packages/system/ingress-nginx/charts/ingress-nginx/ci/deployment-metrics-values.yaml b/packages/system/ingress-nginx/charts/ingress-nginx/ci/deployment-metrics-values.yaml new file mode 100644 index 00000000..9209ad5a --- /dev/null +++ b/packages/system/ingress-nginx/charts/ingress-nginx/ci/deployment-metrics-values.yaml @@ -0,0 +1,11 @@ +controller: + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + admissionWebhooks: + enabled: false + metrics: + enabled: true + service: + type: ClusterIP diff --git a/packages/system/ingress-nginx/charts/ingress-nginx/ci/controller-deployment-values.yaml b/packages/system/ingress-nginx/charts/ingress-nginx/ci/deployment-nodeport-values.yaml similarity index 65% rename from packages/system/ingress-nginx/charts/ingress-nginx/ci/controller-deployment-values.yaml rename to packages/system/ingress-nginx/charts/ingress-nginx/ci/deployment-nodeport-values.yaml index 1b092dc0..cd9b3235 100644 --- a/packages/system/ingress-nginx/charts/ingress-nginx/ci/controller-deployment-values.yaml +++ b/packages/system/ingress-nginx/charts/ingress-nginx/ci/deployment-nodeport-values.yaml @@ -3,8 +3,7 @@ controller: repository: ingress-controller/controller tag: 1.0.0-dev digest: null - + admissionWebhooks: + enabled: false service: - type: ClusterIP - - kind: Deployment + type: NodePort diff --git a/packages/system/ingress-nginx/charts/ingress-nginx/ci/controller-daemonset-opentelemetry-values.yaml b/packages/system/ingress-nginx/charts/ingress-nginx/ci/deployment-opentelemetry-customregistry-values.yaml similarity index 88% rename from packages/system/ingress-nginx/charts/ingress-nginx/ci/controller-daemonset-opentelemetry-values.yaml rename to packages/system/ingress-nginx/charts/ingress-nginx/ci/deployment-opentelemetry-customregistry-values.yaml index 179ab2a8..fb3ef444 100644 --- a/packages/system/ingress-nginx/charts/ingress-nginx/ci/controller-daemonset-opentelemetry-values.yaml +++ b/packages/system/ingress-nginx/charts/ingress-nginx/ci/deployment-opentelemetry-customregistry-values.yaml @@ -3,11 +3,7 @@ controller: repository: ingress-controller/controller tag: 1.0.0-dev digest: null - service: type: ClusterIP - - kind: DaemonSet - opentelemetry: enabled: true diff --git a/packages/system/ingress-nginx/charts/ingress-nginx/ci/controller-deployment-podannotations-values.yaml b/packages/system/ingress-nginx/charts/ingress-nginx/ci/deployment-podannotations-values.yaml similarity index 80% rename from packages/system/ingress-nginx/charts/ingress-nginx/ci/controller-deployment-podannotations-values.yaml rename to packages/system/ingress-nginx/charts/ingress-nginx/ci/deployment-podannotations-values.yaml index cf1f2611..b48d93c4 100644 --- a/packages/system/ingress-nginx/charts/ingress-nginx/ci/controller-deployment-podannotations-values.yaml +++ b/packages/system/ingress-nginx/charts/ingress-nginx/ci/deployment-podannotations-values.yaml @@ -3,14 +3,14 @@ controller: repository: ingress-controller/controller tag: 1.0.0-dev digest: null - + admissionWebhooks: + enabled: false + metrics: + enabled: true service: type: ClusterIP - - kind: Deployment - podAnnotations: - prometheus.io/scrape: "true" + prometheus.io/path: /metrics prometheus.io/port: "10254" prometheus.io/scheme: http - prometheus.io/path: /metrics + prometheus.io/scrape: "true" diff --git a/packages/system/ingress-nginx/charts/ingress-nginx/ci/deployment-tcp-udp-configMapNamespace-values.yaml b/packages/system/ingress-nginx/charts/ingress-nginx/ci/deployment-tcp-udp-configMapNamespace-values.yaml new file mode 100644 index 00000000..c51a4e91 --- /dev/null +++ b/packages/system/ingress-nginx/charts/ingress-nginx/ci/deployment-tcp-udp-configMapNamespace-values.yaml @@ -0,0 +1,19 @@ +controller: + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + admissionWebhooks: + enabled: false + service: + type: ClusterIP + tcp: + configMapNamespace: default + udp: + configMapNamespace: default + +tcp: + 9000: "default/test:8080" + +udp: + 9001: "default/test:8080" diff --git a/packages/system/ingress-nginx/charts/ingress-nginx/ci/deployment-tcp-udp-portNamePrefix-values.yaml b/packages/system/ingress-nginx/charts/ingress-nginx/ci/deployment-tcp-udp-portNamePrefix-values.yaml new file mode 100644 index 00000000..56323c5e --- /dev/null +++ b/packages/system/ingress-nginx/charts/ingress-nginx/ci/deployment-tcp-udp-portNamePrefix-values.yaml @@ -0,0 +1,17 @@ +controller: + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + admissionWebhooks: + enabled: false + service: + type: ClusterIP + +tcp: + 9000: "default/test:8080" + +udp: + 9001: "default/test:8080" + +portNamePrefix: "port" diff --git a/packages/system/ingress-nginx/charts/ingress-nginx/ci/deployment-tcp-udp-values.yaml b/packages/system/ingress-nginx/charts/ingress-nginx/ci/deployment-tcp-udp-values.yaml new file mode 100644 index 00000000..5b45b69d --- /dev/null +++ b/packages/system/ingress-nginx/charts/ingress-nginx/ci/deployment-tcp-udp-values.yaml @@ -0,0 +1,15 @@ +controller: + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + admissionWebhooks: + enabled: false + service: + type: ClusterIP + +tcp: + 9000: "default/test:8080" + +udp: + 9001: "default/test:8080" diff --git a/packages/system/ingress-nginx/charts/ingress-nginx/ci/controller-configmap-addheaders-values.yaml b/packages/system/ingress-nginx/charts/ingress-nginx/ci/deployment-tcp-values.yaml similarity index 68% rename from packages/system/ingress-nginx/charts/ingress-nginx/ci/controller-configmap-addheaders-values.yaml rename to packages/system/ingress-nginx/charts/ingress-nginx/ci/deployment-tcp-values.yaml index 460a610b..ac0b6e60 100644 --- a/packages/system/ingress-nginx/charts/ingress-nginx/ci/controller-configmap-addheaders-values.yaml +++ b/packages/system/ingress-nginx/charts/ingress-nginx/ci/deployment-tcp-values.yaml @@ -3,9 +3,9 @@ controller: repository: ingress-controller/controller tag: 1.0.0-dev digest: null - service: type: ClusterIP - addHeaders: - X-Frame-Options: deny +tcp: + 9000: "default/test:8080" + 9001: "default/test:8080" diff --git a/packages/system/ingress-nginx/charts/ingress-nginx/ci/deployment-webhook-extraEnvs-values.yaml b/packages/system/ingress-nginx/charts/ingress-nginx/ci/deployment-webhook-extraEnvs-values.yaml new file mode 100644 index 00000000..95487b07 --- /dev/null +++ b/packages/system/ingress-nginx/charts/ingress-nginx/ci/deployment-webhook-extraEnvs-values.yaml @@ -0,0 +1,12 @@ +controller: + service: + type: ClusterIP + admissionWebhooks: + enabled: true + extraEnvs: + - name: FOO + value: foo + - name: TEST + value: test + patch: + enabled: true diff --git a/packages/system/ingress-nginx/charts/ingress-nginx/ci/deployment-webhook-resources-values.yaml b/packages/system/ingress-nginx/charts/ingress-nginx/ci/deployment-webhook-resources-values.yaml new file mode 100644 index 00000000..49ebbb02 --- /dev/null +++ b/packages/system/ingress-nginx/charts/ingress-nginx/ci/deployment-webhook-resources-values.yaml @@ -0,0 +1,23 @@ +controller: + service: + type: ClusterIP + admissionWebhooks: + enabled: true + createSecretJob: + resources: + limits: + cpu: 10m + memory: 20Mi + requests: + cpu: 10m + memory: 20Mi + patchWebhookJob: + resources: + limits: + cpu: 10m + memory: 20Mi + requests: + cpu: 10m + memory: 20Mi + patch: + enabled: true diff --git a/packages/system/ingress-nginx/charts/ingress-nginx/ci/controller-deployment-metrics-values.yaml b/packages/system/ingress-nginx/charts/ingress-nginx/ci/deployment-webhook-values.yaml similarity index 82% rename from packages/system/ingress-nginx/charts/ingress-nginx/ci/controller-deployment-metrics-values.yaml rename to packages/system/ingress-nginx/charts/ingress-nginx/ci/deployment-webhook-values.yaml index 9c95d347..76669a53 100644 --- a/packages/system/ingress-nginx/charts/ingress-nginx/ci/controller-deployment-metrics-values.yaml +++ b/packages/system/ingress-nginx/charts/ingress-nginx/ci/deployment-webhook-values.yaml @@ -3,11 +3,7 @@ controller: repository: ingress-controller/controller tag: 1.0.0-dev digest: null - + admissionWebhooks: + enabled: true service: type: ClusterIP - - kind: Deployment - - metrics: - enabled: true diff --git a/packages/system/ingress-nginx/charts/ingress-nginx/templates/_helpers.tpl b/packages/system/ingress-nginx/charts/ingress-nginx/templates/_helpers.tpl index 24cfd14a..99246888 100644 --- a/packages/system/ingress-nginx/charts/ingress-nginx/templates/_helpers.tpl +++ b/packages/system/ingress-nginx/charts/ingress-nginx/templates/_helpers.tpl @@ -203,7 +203,7 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this {{- end -}} {{/* -Create the name of the default backend service account to use +Create the name of the backend service account to use - only used when podsecuritypolicy is also enabled */}} {{- define "ingress-nginx.defaultBackend.serviceAccountName" -}} {{- if .Values.defaultBackend.serviceAccount.create -}} diff --git a/packages/system/ingress-nginx/charts/ingress-nginx/templates/admission-webhooks/validating-webhook.yaml b/packages/system/ingress-nginx/charts/ingress-nginx/templates/admission-webhooks/validating-webhook.yaml index 0949cea7..4cd36a62 100644 --- a/packages/system/ingress-nginx/charts/ingress-nginx/templates/admission-webhooks/validating-webhook.yaml +++ b/packages/system/ingress-nginx/charts/ingress-nginx/templates/admission-webhooks/validating-webhook.yaml @@ -40,7 +40,6 @@ webhooks: service: name: {{ include "ingress-nginx.controller.fullname" . }}-admission namespace: {{ include "ingress-nginx.namespace" . }} - port: {{ .Values.controller.admissionWebhooks.service.servicePort }} path: /networking/v1/ingresses {{- if .Values.controller.admissionWebhooks.timeoutSeconds }} timeoutSeconds: {{ .Values.controller.admissionWebhooks.timeoutSeconds }} diff --git a/packages/system/ingress-nginx/charts/ingress-nginx/templates/controller-prometheusrule.yaml b/packages/system/ingress-nginx/charts/ingress-nginx/templates/controller-prometheusrules.yaml similarity index 100% rename from packages/system/ingress-nginx/charts/ingress-nginx/templates/controller-prometheusrule.yaml rename to packages/system/ingress-nginx/charts/ingress-nginx/templates/controller-prometheusrules.yaml diff --git a/packages/system/ingress-nginx/charts/ingress-nginx/templates/controller-service-webhook.yaml b/packages/system/ingress-nginx/charts/ingress-nginx/templates/controller-service-webhook.yaml index 67aac0d9..6dcf1a10 100644 --- a/packages/system/ingress-nginx/charts/ingress-nginx/templates/controller-service-webhook.yaml +++ b/packages/system/ingress-nginx/charts/ingress-nginx/templates/controller-service-webhook.yaml @@ -29,7 +29,7 @@ spec: {{- end }} ports: - name: https-webhook - port: {{ .Values.controller.admissionWebhooks.service.servicePort }} + port: 443 targetPort: webhook {{- if semverCompare ">=1.20.0-0" .Capabilities.KubeVersion.Version }} appProtocol: https diff --git a/packages/system/ingress-nginx/charts/ingress-nginx/templates/controller-servicemonitor.yaml b/packages/system/ingress-nginx/charts/ingress-nginx/templates/controller-servicemonitor.yaml index 93ab4d24..62301da4 100644 --- a/packages/system/ingress-nginx/charts/ingress-nginx/templates/controller-servicemonitor.yaml +++ b/packages/system/ingress-nginx/charts/ingress-nginx/templates/controller-servicemonitor.yaml @@ -3,48 +3,51 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: {{ include "ingress-nginx.controller.fullname" . }} - {{- if .Values.controller.metrics.serviceMonitor.namespace }} +{{- if .Values.controller.metrics.serviceMonitor.namespace }} namespace: {{ .Values.controller.metrics.serviceMonitor.namespace }} - {{- else }} +{{- else }} namespace: {{ include "ingress-nginx.namespace" . }} - {{- end }} +{{- end }} labels: {{- include "ingress-nginx.labels" . | nindent 4 }} app.kubernetes.io/component: controller - {{- if .Values.controller.metrics.serviceMonitor.additionalLabels }} + {{- if .Values.controller.metrics.serviceMonitor.additionalLabels }} {{- toYaml .Values.controller.metrics.serviceMonitor.additionalLabels | nindent 4 }} - {{- end }} + {{- end }} {{- if .Values.controller.metrics.serviceMonitor.annotations }} annotations: {{ toYaml .Values.controller.metrics.serviceMonitor.annotations | nindent 4 }} {{- end }} spec: - {{- if .Values.controller.metrics.serviceMonitor.namespaceSelector }} + endpoints: + - port: {{ .Values.controller.metrics.portName }} + interval: {{ .Values.controller.metrics.serviceMonitor.scrapeInterval }} + {{- if .Values.controller.metrics.serviceMonitor.honorLabels }} + honorLabels: true + {{- end }} + {{- if .Values.controller.metrics.serviceMonitor.relabelings }} + relabelings: {{ toYaml .Values.controller.metrics.serviceMonitor.relabelings | nindent 8 }} + {{- end }} + {{- if .Values.controller.metrics.serviceMonitor.metricRelabelings }} + metricRelabelings: {{ toYaml .Values.controller.metrics.serviceMonitor.metricRelabelings | nindent 8 }} + {{- end }} +{{- if .Values.controller.metrics.serviceMonitor.jobLabel }} + jobLabel: {{ .Values.controller.metrics.serviceMonitor.jobLabel | quote }} +{{- end }} +{{- if .Values.controller.metrics.serviceMonitor.namespaceSelector }} namespaceSelector: {{ toYaml .Values.controller.metrics.serviceMonitor.namespaceSelector | nindent 4 }} - {{- else }} +{{- else }} namespaceSelector: matchNames: - - {{ include "ingress-nginx.namespace" . }} + - {{ include "ingress-nginx.namespace" . }} +{{- end }} +{{- if .Values.controller.metrics.serviceMonitor.targetLabels }} + targetLabels: + {{- range .Values.controller.metrics.serviceMonitor.targetLabels }} + - {{ . }} {{- end }} +{{- end }} selector: matchLabels: {{- include "ingress-nginx.selectorLabels" . | nindent 6 }} app.kubernetes.io/component: controller - endpoints: - - port: {{ .Values.controller.metrics.portName }} - interval: {{ .Values.controller.metrics.serviceMonitor.scrapeInterval }} - {{- if .Values.controller.metrics.serviceMonitor.honorLabels }} - honorLabels: true - {{- end }} - {{- if .Values.controller.metrics.serviceMonitor.relabelings }} - relabelings: {{ toYaml .Values.controller.metrics.serviceMonitor.relabelings | nindent 4 }} - {{- end }} - {{- if .Values.controller.metrics.serviceMonitor.metricRelabelings }} - metricRelabelings: {{ toYaml .Values.controller.metrics.serviceMonitor.metricRelabelings | nindent 4 }} - {{- end }} - {{- if .Values.controller.metrics.serviceMonitor.jobLabel }} - jobLabel: {{ .Values.controller.metrics.serviceMonitor.jobLabel | quote }} - {{- end }} - {{- if .Values.controller.metrics.serviceMonitor.targetLabels }} - targetLabels: {{ toYaml .Values.controller.metrics.serviceMonitor.targetLabels | nindent 2 }} - {{- end }} {{- end }} diff --git a/packages/system/ingress-nginx/charts/ingress-nginx/templates/default-backend-deployment.yaml b/packages/system/ingress-nginx/charts/ingress-nginx/templates/default-backend-deployment.yaml index 6755e237..c6ccdd5c 100644 --- a/packages/system/ingress-nginx/charts/ingress-nginx/templates/default-backend-deployment.yaml +++ b/packages/system/ingress-nginx/charts/ingress-nginx/templates/default-backend-deployment.yaml @@ -102,7 +102,7 @@ spec: {{- if .Values.defaultBackend.nodeSelector }} nodeSelector: {{ toYaml .Values.defaultBackend.nodeSelector | nindent 8 }} {{- end }} - serviceAccountName: {{ include "ingress-nginx.defaultBackend.serviceAccountName" . }} + serviceAccountName: {{ template "ingress-nginx.defaultBackend.serviceAccountName" . }} {{- if .Values.defaultBackend.tolerations }} tolerations: {{ toYaml .Values.defaultBackend.tolerations | nindent 8 }} {{- end }} diff --git a/packages/system/ingress-nginx/charts/ingress-nginx/templates/default-backend-poddisruptionbudget.yaml b/packages/system/ingress-nginx/charts/ingress-nginx/templates/default-backend-poddisruptionbudget.yaml index c8363fd4..f869e453 100644 --- a/packages/system/ingress-nginx/charts/ingress-nginx/templates/default-backend-poddisruptionbudget.yaml +++ b/packages/system/ingress-nginx/charts/ingress-nginx/templates/default-backend-poddisruptionbudget.yaml @@ -1,9 +1,5 @@ {{- if .Values.defaultBackend.enabled -}} -{{- $replicas := .Values.defaultBackend.replicaCount }} -{{- if .Values.defaultBackend.autoscaling.enabled }} -{{- $replicas = .Values.defaultBackend.autoscaling.minReplicas }} -{{- end }} -{{- if gt ($replicas | int) 1 }} +{{- if or (gt (.Values.defaultBackend.replicaCount | int) 1) (gt (.Values.defaultBackend.autoscaling.minReplicas | int) 1) }} apiVersion: {{ ternary "policy/v1" "policy/v1beta1" (semverCompare ">=1.21.0-0" .Capabilities.KubeVersion.Version) }} kind: PodDisruptionBudget metadata: diff --git a/packages/system/ingress-nginx/charts/ingress-nginx/templates/default-backend-serviceaccount.yaml b/packages/system/ingress-nginx/charts/ingress-nginx/templates/default-backend-serviceaccount.yaml index 6fd2d623..2afaf0c0 100644 --- a/packages/system/ingress-nginx/charts/ingress-nginx/templates/default-backend-serviceaccount.yaml +++ b/packages/system/ingress-nginx/charts/ingress-nginx/templates/default-backend-serviceaccount.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.defaultBackend.enabled .Values.defaultBackend.serviceAccount.create -}} +{{- if and .Values.defaultBackend.enabled .Values.defaultBackend.serviceAccount.create -}} apiVersion: v1 kind: ServiceAccount metadata: @@ -8,7 +8,7 @@ metadata: {{- with .Values.defaultBackend.labels }} {{- toYaml . | nindent 4 }} {{- end }} - name: {{ include "ingress-nginx.defaultBackend.serviceAccountName" . }} + name: {{ template "ingress-nginx.defaultBackend.serviceAccountName" . }} namespace: {{ include "ingress-nginx.namespace" . }} automountServiceAccountToken: {{ .Values.defaultBackend.serviceAccount.automountServiceAccountToken }} {{- end }} diff --git a/packages/system/ingress-nginx/charts/ingress-nginx/tests/admission-webhooks/job-patch/serviceaccount_test.yaml b/packages/system/ingress-nginx/charts/ingress-nginx/tests/admission-webhooks/job-patch/serviceaccount_test.yaml index f72bc438..7c30d1e6 100644 --- a/packages/system/ingress-nginx/charts/ingress-nginx/tests/admission-webhooks/job-patch/serviceaccount_test.yaml +++ b/packages/system/ingress-nginx/charts/ingress-nginx/tests/admission-webhooks/job-patch/serviceaccount_test.yaml @@ -20,7 +20,7 @@ tests: of: ServiceAccount - equal: path: metadata.name - value: RELEASE-NAME-ingress-nginx-admission + value: ingress-nginx-admission - it: should create a ServiceAccount with specified name if `controller.admissionWebhooks.patch.serviceAccount.name` is set set: diff --git a/packages/system/ingress-nginx/charts/ingress-nginx/tests/admission-webhooks/validating-webhook_test.yaml b/packages/system/ingress-nginx/charts/ingress-nginx/tests/admission-webhooks/validating-webhook_test.yaml deleted file mode 100644 index 47b6b687..00000000 --- a/packages/system/ingress-nginx/charts/ingress-nginx/tests/admission-webhooks/validating-webhook_test.yaml +++ /dev/null @@ -1,32 +0,0 @@ -suite: Admission Webhooks > ValidatingWebhookConfiguration -templates: - - admission-webhooks/validating-webhook.yaml - -tests: - - it: should not create a ValidatingWebhookConfiguration if `controller.admissionWebhooks.enabled` is false - set: - controller.admissionWebhooks.enabled: false - asserts: - - hasDocuments: - count: 0 - - - it: should create a ValidatingWebhookConfiguration if `controller.admissionWebhooks.enabled` is true - set: - controller.admissionWebhooks.enabled: true - asserts: - - hasDocuments: - count: 1 - - isKind: - of: ValidatingWebhookConfiguration - - equal: - path: metadata.name - value: RELEASE-NAME-ingress-nginx-admission - - - it: should create a ValidatingWebhookConfiguration with a custom port if `controller.admissionWebhooks.service.servicePort` is set - set: - controller.admissionWebhooks.enabled: true - controller.admissionWebhooks.service.servicePort: 9443 - asserts: - - equal: - path: webhooks[0].clientConfig.service.port - value: 9443 diff --git a/packages/system/ingress-nginx/charts/ingress-nginx/tests/controller-configmap_test.yaml b/packages/system/ingress-nginx/charts/ingress-nginx/tests/controller-configmap_test.yaml index 168b657d..9cfea980 100644 --- a/packages/system/ingress-nginx/charts/ingress-nginx/tests/controller-configmap_test.yaml +++ b/packages/system/ingress-nginx/charts/ingress-nginx/tests/controller-configmap_test.yaml @@ -16,16 +16,16 @@ tests: - it: should create a ConfigMap with templated values if `controller.config` contains templates set: controller.config: - template: "test.{{ .Release.Namespace }}.svc.kubernetes.local" - integer: 12345 - boolean: true + global-rate-limit-memcached-host: "memcached.{{ .Release.Namespace }}.svc.kubernetes.local" + global-rate-limit-memcached-port: 11211 + use-gzip: true asserts: - equal: - path: data.template - value: test.NAMESPACE.svc.kubernetes.local + path: data.global-rate-limit-memcached-host + value: memcached.NAMESPACE.svc.kubernetes.local - equal: - path: data.integer - value: "12345" + path: data.global-rate-limit-memcached-port + value: "11211" - equal: - path: data.boolean + path: data.use-gzip value: "true" diff --git a/packages/system/ingress-nginx/charts/ingress-nginx/tests/controller-daemonset_test.yaml b/packages/system/ingress-nginx/charts/ingress-nginx/tests/controller-daemonset_test.yaml index 81d067bb..bc810a1c 100644 --- a/packages/system/ingress-nginx/charts/ingress-nginx/tests/controller-daemonset_test.yaml +++ b/packages/system/ingress-nginx/charts/ingress-nginx/tests/controller-daemonset_test.yaml @@ -139,34 +139,12 @@ tests: - controller topologyKey: kubernetes.io/hostname - - it: should create a DaemonSet with a custom registry if `controller.image.registry` is set - set: - controller.kind: DaemonSet - controller.image.registry: custom.registry.io - controller.image.tag: v1.0.0-dev - controller.image.digest: sha256:faa2d18687f734994b6bd9e309e7a73852a81c30e1b8f63165fcd4f0a087e3cd - asserts: - - equal: - path: spec.template.spec.containers[0].image - value: custom.registry.io/ingress-nginx/controller:v1.0.0-dev@sha256:faa2d18687f734994b6bd9e309e7a73852a81c30e1b8f63165fcd4f0a087e3cd - - - it: should create a DaemonSet with a custom image if `controller.image.image` is set - set: - controller.kind: DaemonSet - controller.image.image: custom-repo/custom-image - controller.image.tag: v1.0.0-dev - controller.image.digest: sha256:faa2d18687f734994b6bd9e309e7a73852a81c30e1b8f63165fcd4f0a087e3cd - asserts: - - equal: - path: spec.template.spec.containers[0].image - value: registry.k8s.io/custom-repo/custom-image:v1.0.0-dev@sha256:faa2d18687f734994b6bd9e309e7a73852a81c30e1b8f63165fcd4f0a087e3cd - - it: should create a DaemonSet with a custom tag if `controller.image.tag` is set set: controller.kind: DaemonSet - controller.image.tag: custom-tag + controller.image.tag: my-little-custom-tag controller.image.digest: sha256:faa2d18687f734994b6bd9e309e7a73852a81c30e1b8f63165fcd4f0a087e3cd asserts: - equal: path: spec.template.spec.containers[0].image - value: registry.k8s.io/ingress-nginx/controller:custom-tag@sha256:faa2d18687f734994b6bd9e309e7a73852a81c30e1b8f63165fcd4f0a087e3cd + value: registry.k8s.io/ingress-nginx/controller:my-little-custom-tag@sha256:faa2d18687f734994b6bd9e309e7a73852a81c30e1b8f63165fcd4f0a087e3cd diff --git a/packages/system/ingress-nginx/charts/ingress-nginx/tests/controller-deployment_test.yaml b/packages/system/ingress-nginx/charts/ingress-nginx/tests/controller-deployment_test.yaml index 382aecd7..da400487 100644 --- a/packages/system/ingress-nginx/charts/ingress-nginx/tests/controller-deployment_test.yaml +++ b/packages/system/ingress-nginx/charts/ingress-nginx/tests/controller-deployment_test.yaml @@ -161,31 +161,11 @@ tests: - controller topologyKey: kubernetes.io/hostname - - it: should create a Deployment with a custom registry if `controller.image.registry` is set - set: - controller.image.registry: custom.registry.io - controller.image.tag: v1.0.0-dev - controller.image.digest: sha256:faa2d18687f734994b6bd9e309e7a73852a81c30e1b8f63165fcd4f0a087e3cd - asserts: - - equal: - path: spec.template.spec.containers[0].image - value: custom.registry.io/ingress-nginx/controller:v1.0.0-dev@sha256:faa2d18687f734994b6bd9e309e7a73852a81c30e1b8f63165fcd4f0a087e3cd - - - it: should create a Deployment with a custom image if `controller.image.image` is set - set: - controller.image.image: custom-repo/custom-image - controller.image.tag: v1.0.0-dev - controller.image.digest: sha256:faa2d18687f734994b6bd9e309e7a73852a81c30e1b8f63165fcd4f0a087e3cd - asserts: - - equal: - path: spec.template.spec.containers[0].image - value: registry.k8s.io/custom-repo/custom-image:v1.0.0-dev@sha256:faa2d18687f734994b6bd9e309e7a73852a81c30e1b8f63165fcd4f0a087e3cd - - it: should create a Deployment with a custom tag if `controller.image.tag` is set set: - controller.image.tag: custom-tag + controller.image.tag: my-little-custom-tag controller.image.digest: sha256:faa2d18687f734994b6bd9e309e7a73852a81c30e1b8f63165fcd4f0a087e3cd asserts: - equal: path: spec.template.spec.containers[0].image - value: registry.k8s.io/ingress-nginx/controller:custom-tag@sha256:faa2d18687f734994b6bd9e309e7a73852a81c30e1b8f63165fcd4f0a087e3cd + value: registry.k8s.io/ingress-nginx/controller:my-little-custom-tag@sha256:faa2d18687f734994b6bd9e309e7a73852a81c30e1b8f63165fcd4f0a087e3cd diff --git a/packages/system/ingress-nginx/charts/ingress-nginx/tests/controller-poddisruptionbudget_test.yaml b/packages/system/ingress-nginx/charts/ingress-nginx/tests/controller-poddisruptionbudget_test.yaml index f215f352..48b4fafc 100644 --- a/packages/system/ingress-nginx/charts/ingress-nginx/tests/controller-poddisruptionbudget_test.yaml +++ b/packages/system/ingress-nginx/charts/ingress-nginx/tests/controller-poddisruptionbudget_test.yaml @@ -71,19 +71,3 @@ tests: asserts: - hasDocuments: count: 0 - - - it: should create a PodDisruptionBudget without `minAvailable` and with `maxUnavailable` if `controller.minAvailable` and `controller.maxUnavailable` are set - set: - controller.replicaCount: 2 - controller.minAvailable: 1 - controller.maxUnavailable: 1 - asserts: - - hasDocuments: - count: 1 - - isKind: - of: PodDisruptionBudget - - notExists: - path: spec.minAvailable - - equal: - path: spec.maxUnavailable - value: 1 diff --git a/packages/system/ingress-nginx/charts/ingress-nginx/tests/controller-prometheusrule_test.yaml b/packages/system/ingress-nginx/charts/ingress-nginx/tests/controller-prometheusrule_test.yaml deleted file mode 100644 index d60a9831..00000000 --- a/packages/system/ingress-nginx/charts/ingress-nginx/tests/controller-prometheusrule_test.yaml +++ /dev/null @@ -1,17 +0,0 @@ -suite: Controller > PrometheusRule -templates: - - controller-prometheusrule.yaml - -tests: - - it: should create a PrometheusRule if `controller.metrics.prometheusRule.enabled` is true - set: - controller.metrics.enabled: true - controller.metrics.prometheusRule.enabled: true - asserts: - - hasDocuments: - count: 1 - - isKind: - of: PrometheusRule - - equal: - path: metadata.name - value: RELEASE-NAME-ingress-nginx-controller diff --git a/packages/system/ingress-nginx/charts/ingress-nginx/tests/controller-service-webhook_test.yaml b/packages/system/ingress-nginx/charts/ingress-nginx/tests/controller-service-webhook_test.yaml deleted file mode 100644 index 1c759edb..00000000 --- a/packages/system/ingress-nginx/charts/ingress-nginx/tests/controller-service-webhook_test.yaml +++ /dev/null @@ -1,32 +0,0 @@ -suite: Controller > Service > Webhook -templates: - - controller-service-webhook.yaml - -tests: - - it: should not create a webhook Service if `controller.admissionWebhooks.enabled` is false - set: - controller.admissionWebhooks.enabled: false - asserts: - - hasDocuments: - count: 0 - - - it: should create a webhook Service if `controller.admissionWebhooks.enabled` is true - set: - controller.admissionWebhooks.enabled: true - asserts: - - hasDocuments: - count: 1 - - isKind: - of: Service - - equal: - path: metadata.name - value: RELEASE-NAME-ingress-nginx-controller-admission - - - it: should create a webhook Service with a custom port if `controller.admissionWebhooks.service.servicePort` is set - set: - controller.admissionWebhooks.enabled: true - controller.admissionWebhooks.service.servicePort: 9443 - asserts: - - equal: - path: spec.ports[0].port - value: 9443 diff --git a/packages/system/ingress-nginx/charts/ingress-nginx/tests/controller-serviceaccount_test.yaml b/packages/system/ingress-nginx/charts/ingress-nginx/tests/controller-serviceaccount_test.yaml deleted file mode 100644 index 928e5377..00000000 --- a/packages/system/ingress-nginx/charts/ingress-nginx/tests/controller-serviceaccount_test.yaml +++ /dev/null @@ -1,47 +0,0 @@ -suite: Controller > ServiceAccount -templates: - - controller-serviceaccount.yaml - -tests: - - it: should not create a ServiceAccount if `serviceAccount.create` is false - set: - serviceAccount.create: false - asserts: - - hasDocuments: - count: 0 - - - it: should create a ServiceAccount if `serviceAccount.create` is true - set: - serviceAccount.create: true - asserts: - - hasDocuments: - count: 1 - - isKind: - of: ServiceAccount - - equal: - path: metadata.name - value: RELEASE-NAME-ingress-nginx - - - it: should create a ServiceAccount with specified name if `serviceAccount.name` is set - set: - serviceAccount.name: ingress-nginx-admission-test-sa - asserts: - - hasDocuments: - count: 1 - - isKind: - of: ServiceAccount - - equal: - path: metadata.name - value: ingress-nginx-admission-test-sa - - - it: should create a ServiceAccount with token auto-mounting disabled if `serviceAccount.automountServiceAccountToken` is false - set: - serviceAccount.automountServiceAccountToken: false - asserts: - - hasDocuments: - count: 1 - - isKind: - of: ServiceAccount - - equal: - path: automountServiceAccountToken - value: false diff --git a/packages/system/ingress-nginx/charts/ingress-nginx/tests/controller-servicemonitor_test.yaml b/packages/system/ingress-nginx/charts/ingress-nginx/tests/controller-servicemonitor_test.yaml deleted file mode 100644 index 310097c1..00000000 --- a/packages/system/ingress-nginx/charts/ingress-nginx/tests/controller-servicemonitor_test.yaml +++ /dev/null @@ -1,29 +0,0 @@ -suite: Controller > ServiceMonitor -templates: - - controller-servicemonitor.yaml - -tests: - - it: should create a ServiceMonitor if `controller.metrics.serviceMonitor.enabled` is true - set: - controller.metrics.enabled: true - controller.metrics.serviceMonitor.enabled: true - asserts: - - hasDocuments: - count: 1 - - isKind: - of: ServiceMonitor - - equal: - path: metadata.name - value: RELEASE-NAME-ingress-nginx-controller - - - it: should create a ServiceMonitor with annotations if `controller.metrics.serviceMonitor.annotations` is set - set: - controller.metrics.enabled: true - controller.metrics.serviceMonitor.enabled: true - controller.metrics.serviceMonitor.annotations: - my-little-annotation: test-value - asserts: - - equal: - path: metadata.annotations - value: - my-little-annotation: test-value diff --git a/packages/system/ingress-nginx/charts/ingress-nginx/tests/default-backend-deployment_test.yaml b/packages/system/ingress-nginx/charts/ingress-nginx/tests/default-backend-deployment_test.yaml index 4ba4b03d..e237fe7e 100644 --- a/packages/system/ingress-nginx/charts/ingress-nginx/tests/default-backend-deployment_test.yaml +++ b/packages/system/ingress-nginx/charts/ingress-nginx/tests/default-backend-deployment_test.yaml @@ -135,35 +135,3 @@ tests: values: - default-backend topologyKey: kubernetes.io/hostname - - - it: should create a Deployment with a custom registry if `defaultBackend.image.registry` is set - set: - defaultBackend.enabled: true - defaultBackend.image.registry: custom.registry.io - defaultBackend.image.tag: v1.0.0-dev - defaultBackend.image.digest: sha256:faa2d18687f734994b6bd9e309e7a73852a81c30e1b8f63165fcd4f0a087e3cd - asserts: - - equal: - path: spec.template.spec.containers[0].image - value: custom.registry.io/defaultbackend-amd64:v1.0.0-dev@sha256:faa2d18687f734994b6bd9e309e7a73852a81c30e1b8f63165fcd4f0a087e3cd - - - it: should create a Deployment with a custom image if `defaultBackend.image.image` is set - set: - defaultBackend.enabled: true - defaultBackend.image.image: custom-repo/custom-image - defaultBackend.image.tag: v1.0.0-dev - defaultBackend.image.digest: sha256:faa2d18687f734994b6bd9e309e7a73852a81c30e1b8f63165fcd4f0a087e3cd - asserts: - - equal: - path: spec.template.spec.containers[0].image - value: registry.k8s.io/custom-repo/custom-image:v1.0.0-dev@sha256:faa2d18687f734994b6bd9e309e7a73852a81c30e1b8f63165fcd4f0a087e3cd - - - it: should create a Deployment with a custom tag if `defaultBackend.image.tag` is set - set: - defaultBackend.enabled: true - defaultBackend.image.tag: custom-tag - defaultBackend.image.digest: sha256:faa2d18687f734994b6bd9e309e7a73852a81c30e1b8f63165fcd4f0a087e3cd - asserts: - - equal: - path: spec.template.spec.containers[0].image - value: registry.k8s.io/defaultbackend-amd64:custom-tag@sha256:faa2d18687f734994b6bd9e309e7a73852a81c30e1b8f63165fcd4f0a087e3cd diff --git a/packages/system/ingress-nginx/charts/ingress-nginx/tests/default-backend-poddisruptionbudget_test.yaml b/packages/system/ingress-nginx/charts/ingress-nginx/tests/default-backend-poddisruptionbudget_test.yaml deleted file mode 100644 index 09580186..00000000 --- a/packages/system/ingress-nginx/charts/ingress-nginx/tests/default-backend-poddisruptionbudget_test.yaml +++ /dev/null @@ -1,48 +0,0 @@ -suite: Default Backend > PodDisruptionBudget -templates: - - default-backend-poddisruptionbudget.yaml - -tests: - - it: should create a PodDisruptionBudget if `defaultBackend.replicaCount` is greater than 1 - set: - defaultBackend.enabled: true - defaultBackend.replicaCount: 2 - asserts: - - hasDocuments: - count: 1 - - isKind: - of: PodDisruptionBudget - - equal: - path: metadata.name - value: RELEASE-NAME-ingress-nginx-defaultbackend - - - it: should not create a PodDisruptionBudget if `defaultBackend.replicaCount` is less than or equal 1 - set: - defaultBackend.enabled: true - defaultBackend.replicaCount: 1 - asserts: - - hasDocuments: - count: 0 - - - it: should create a PodDisruptionBudget if `defaultBackend.autoscaling.enabled` is true and `defaultBackend.autoscaling.minReplicas` is greater than 1 - set: - defaultBackend.enabled: true - defaultBackend.autoscaling.enabled: true - defaultBackend.autoscaling.minReplicas: 2 - asserts: - - hasDocuments: - count: 1 - - isKind: - of: PodDisruptionBudget - - equal: - path: metadata.name - value: RELEASE-NAME-ingress-nginx-defaultbackend - - - it: should not create a PodDisruptionBudget if `defaultBackend.autoscaling.enabled` is true and `defaultBackend.autoscaling.minReplicas` is less than or equal 1 - set: - defaultBackend.enabled: true - defaultBackend.autoscaling.enabled: true - defaultBackend.autoscaling.minReplicas: 1 - asserts: - - hasDocuments: - count: 0 diff --git a/packages/system/ingress-nginx/charts/ingress-nginx/tests/default-backend-serviceaccount_test.yaml b/packages/system/ingress-nginx/charts/ingress-nginx/tests/default-backend-serviceaccount_test.yaml deleted file mode 100644 index 05a815d0..00000000 --- a/packages/system/ingress-nginx/charts/ingress-nginx/tests/default-backend-serviceaccount_test.yaml +++ /dev/null @@ -1,51 +0,0 @@ -suite: Default Backend > ServiceAccount -templates: - - default-backend-serviceaccount.yaml - -tests: - - it: should not create a ServiceAccount if `defaultBackend.serviceAccount.create` is false - set: - defaultBackend.enabled: true - defaultBackend.serviceAccount.create: false - asserts: - - hasDocuments: - count: 0 - - - it: should create a ServiceAccount if `defaultBackend.serviceAccount.create` is true - set: - defaultBackend.enabled: true - defaultBackend.serviceAccount.create: true - asserts: - - hasDocuments: - count: 1 - - isKind: - of: ServiceAccount - - equal: - path: metadata.name - value: RELEASE-NAME-ingress-nginx-backend - - - it: should create a ServiceAccount with specified name if `defaultBackend.serviceAccount.name` is set - set: - defaultBackend.enabled: true - defaultBackend.serviceAccount.name: ingress-nginx-admission-test-sa - asserts: - - hasDocuments: - count: 1 - - isKind: - of: ServiceAccount - - equal: - path: metadata.name - value: ingress-nginx-admission-test-sa - - - it: should create a ServiceAccount with token auto-mounting disabled if `defaultBackend.serviceAccount.automountServiceAccountToken` is false - set: - defaultBackend.enabled: true - defaultBackend.serviceAccount.automountServiceAccountToken: false - asserts: - - hasDocuments: - count: 1 - - isKind: - of: ServiceAccount - - equal: - path: automountServiceAccountToken - value: false diff --git a/packages/system/ingress-nginx/charts/ingress-nginx/values.yaml b/packages/system/ingress-nginx/charts/ingress-nginx/values.yaml index 1c9f1c58..fbd0b31c 100644 --- a/packages/system/ingress-nginx/charts/ingress-nginx/values.yaml +++ b/packages/system/ingress-nginx/charts/ingress-nginx/values.yaml @@ -26,9 +26,9 @@ controller: ## for backwards compatibility consider setting the full image url via the repository value below ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail ## repository: - tag: "v1.11.5" - digest: sha256:a1cbad75b0a7098bf9325132794dddf9eef917e8a7fe246749a4cea7ff6f01eb - digestChroot: sha256:ec9df3eb6b06563a079ee46045da94cbf750f7dbb16fdbcb9e3265b551ed72ad + tag: "v1.11.2" + digest: sha256:d5f8217feeac4887cb1ed21f27c2674e58be06bd8f5184cacea2a69abaf78dce + digestChroot: sha256:21b55a2f0213a18b91612a8c0850167e00a8e34391fd595139a708f9c047e7a8 pullPolicy: IfNotPresent runAsNonRoot: true # www-data -> uid 101 @@ -194,7 +194,7 @@ controller: # -- Annotations to be added to the udp config configmap annotations: {} # -- Maxmind license key to download GeoLite2 Databases. - ## https://blog.maxmind.com/2019/12/significant-changes-to-accessing-and-using-geolite2-databases/ + ## https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-geolite2-databases maxmindLicenseKey: "" # -- Additional command line arguments to pass to Ingress-Nginx Controller # E.g. to specify the default SSL certificate you can use @@ -299,8 +299,6 @@ controller: # app.kubernetes.io/name: '{{ include "ingress-nginx.name" . }}' # app.kubernetes.io/instance: '{{ .Release.Name }}' # app.kubernetes.io/component: controller - # matchLabelKeys: - # - pod-template-hash # topologyKey: topology.kubernetes.io/zone # maxSkew: 1 # whenUnsatisfiable: ScheduleAnyway @@ -309,8 +307,6 @@ controller: # app.kubernetes.io/name: '{{ include "ingress-nginx.name" . }}' # app.kubernetes.io/instance: '{{ .Release.Name }}' # app.kubernetes.io/component: controller - # matchLabelKeys: - # - pod-template-hash # topologyKey: kubernetes.io/hostname # maxSkew: 1 # whenUnsatisfiable: ScheduleAnyway @@ -808,8 +804,8 @@ controller: ## for backwards compatibility consider setting the full image url via the repository value below ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail ## repository: - tag: v1.5.2 - digest: sha256:e8825994b7a2c7497375a9b945f386506ca6a3eda80b89b74ef2db743f66a5ea + tag: v1.4.3 + digest: sha256:a320a50cc91bd15fd2d6fa6de58bd98c1bd64b9a6f926ce23a600d87043455a3 pullPolicy: IfNotPresent # -- Provide a priority class name to the webhook patching job ## @@ -877,7 +873,6 @@ controller: serviceMonitor: enabled: false additionalLabels: {} - # -- Annotations to be added to the ServiceMonitor. annotations: {} ## The label to use to retrieve the job name from. ## jobLabel: "app.kubernetes.io/name" @@ -1067,8 +1062,6 @@ defaultBackend: # app.kubernetes.io/name: '{{ include "ingress-nginx.name" . }}' # app.kubernetes.io/instance: '{{ .Release.Name }}' # app.kubernetes.io/component: default-backend - # matchLabelKeys: - # - pod-template-hash # topologyKey: topology.kubernetes.io/zone # maxSkew: 1 # whenUnsatisfiable: ScheduleAnyway @@ -1077,8 +1070,6 @@ defaultBackend: # app.kubernetes.io/name: '{{ include "ingress-nginx.name" . }}' # app.kubernetes.io/instance: '{{ .Release.Name }}' # app.kubernetes.io/component: default-backend - # matchLabelKeys: - # - pod-template-hash # topologyKey: kubernetes.io/hostname # maxSkew: 1 # whenUnsatisfiable: ScheduleAnyway @@ -1099,7 +1090,6 @@ defaultBackend: ## podAnnotations: {} replicaCount: 1 - # -- Minimum available pods set in PodDisruptionBudget. minAvailable: 1 resources: {} # limits: