mirror of
https://github.com/outbackdingo/cozystack.git
synced 2026-01-27 18:18:41 +00:00
Merge pull request #236 from aenix-io/upd-nginx-ingress
Update ingress-nginx-controller v1.11
This commit is contained in:
Marian Koreniuk
@@ -1,8 +1,9 @@
|
||||
annotations:
|
||||
artifacthub.io/changes: '- "Update Ingress-Nginx version controller-v1.9.4"'
|
||||
artifacthub.io/changes: |
|
||||
- Update Ingress-Nginx version controller-v1.11.1
|
||||
artifacthub.io/prerelease: "false"
|
||||
apiVersion: v2
|
||||
appVersion: 1.9.4
|
||||
appVersion: 1.11.1
|
||||
description: Ingress controller for Kubernetes using NGINX as a reverse proxy and
|
||||
load balancer
|
||||
home: https://github.com/kubernetes/ingress-nginx
|
||||
@@ -10,12 +11,15 @@ icon: https://upload.wikimedia.org/wikipedia/commons/thumb/c/c5/Nginx_logo.svg/5
|
||||
keywords:
|
||||
- ingress
|
||||
- nginx
|
||||
kubeVersion: '>=1.20.0-0'
|
||||
kubeVersion: '>=1.21.0-0'
|
||||
maintainers:
|
||||
- name: cpanato
|
||||
- name: Gacko
|
||||
- name: puerco
|
||||
- name: rikatz
|
||||
- name: strongjz
|
||||
- name: tao12345666333
|
||||
name: ingress-nginx
|
||||
sources:
|
||||
- https://github.com/kubernetes/ingress-nginx
|
||||
version: 4.8.4
|
||||
version: 4.11.1
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
# See the OWNERS docs: https://github.com/kubernetes/community/blob/master/contributors/guide/owners.md
|
||||
# See the OWNERS docs: https://www.kubernetes.dev/docs/guide/owners
|
||||
|
||||
approvers:
|
||||
- ingress-nginx-helm-maintainers
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
|
||||
[ingress-nginx](https://github.com/kubernetes/ingress-nginx) Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer
|
||||
|
||||
 
|
||||
 
|
||||
|
||||
To use, add `ingressClassName: nginx` spec field or the `kubernetes.io/ingress.class: nginx` annotation to your Ingress resources.
|
||||
|
||||
@@ -10,7 +10,7 @@ This chart bootstraps an ingress-nginx deployment on a [Kubernetes](http://kuber
|
||||
|
||||
## Requirements
|
||||
|
||||
Kubernetes: `>=1.20.0-0`
|
||||
Kubernetes: `>=1.21.0-0`
|
||||
|
||||
## Get Repo Info
|
||||
|
||||
@@ -253,17 +253,23 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu
|
||||
| controller.admissionWebhooks.namespaceSelector | object | `{}` | |
|
||||
| controller.admissionWebhooks.objectSelector | object | `{}` | |
|
||||
| controller.admissionWebhooks.patch.enabled | bool | `true` | |
|
||||
| controller.admissionWebhooks.patch.image.digest | string | `"sha256:a7943503b45d552785aa3b5e457f169a5661fb94d82b8a3373bcd9ebaf9aac80"` | |
|
||||
| controller.admissionWebhooks.patch.image.digest | string | `"sha256:36d05b4077fb8e3d13663702fa337f124675ba8667cbd949c03a8e8ea6fa4366"` | |
|
||||
| controller.admissionWebhooks.patch.image.image | string | `"ingress-nginx/kube-webhook-certgen"` | |
|
||||
| controller.admissionWebhooks.patch.image.pullPolicy | string | `"IfNotPresent"` | |
|
||||
| controller.admissionWebhooks.patch.image.registry | string | `"registry.k8s.io"` | |
|
||||
| controller.admissionWebhooks.patch.image.tag | string | `"v20231011-8b53cabe0"` | |
|
||||
| controller.admissionWebhooks.patch.image.tag | string | `"v1.4.1"` | |
|
||||
| controller.admissionWebhooks.patch.labels | object | `{}` | Labels to be added to patch job resources |
|
||||
| controller.admissionWebhooks.patch.networkPolicy.enabled | bool | `false` | Enable 'networkPolicy' or not |
|
||||
| controller.admissionWebhooks.patch.nodeSelector."kubernetes.io/os" | string | `"linux"` | |
|
||||
| controller.admissionWebhooks.patch.podAnnotations | object | `{}` | |
|
||||
| controller.admissionWebhooks.patch.priorityClassName | string | `""` | Provide a priority class name to the webhook patching job # |
|
||||
| controller.admissionWebhooks.patch.rbac | object | `{"create":true}` | Admission webhook patch job RBAC |
|
||||
| controller.admissionWebhooks.patch.rbac.create | bool | `true` | Create RBAC or not |
|
||||
| controller.admissionWebhooks.patch.securityContext | object | `{}` | Security context for secret creation & webhook patch pods |
|
||||
| controller.admissionWebhooks.patch.serviceAccount | object | `{"automountServiceAccountToken":true,"create":true,"name":""}` | Admission webhook patch job service account |
|
||||
| controller.admissionWebhooks.patch.serviceAccount.automountServiceAccountToken | bool | `true` | Auto-mount service account token or not |
|
||||
| controller.admissionWebhooks.patch.serviceAccount.create | bool | `true` | Create a service account or not |
|
||||
| controller.admissionWebhooks.patch.serviceAccount.name | string | `""` | Custom service account name |
|
||||
| controller.admissionWebhooks.patch.tolerations | list | `[]` | |
|
||||
| controller.admissionWebhooks.patchWebhookJob.name | string | `"patch"` | |
|
||||
| controller.admissionWebhooks.patchWebhookJob.resources | object | `{}` | |
|
||||
@@ -285,7 +291,7 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu
|
||||
| controller.autoscaling.targetCPUUtilizationPercentage | int | `50` | |
|
||||
| controller.autoscaling.targetMemoryUtilizationPercentage | int | `50` | |
|
||||
| controller.autoscalingTemplate | list | `[]` | |
|
||||
| controller.config | object | `{}` | Will add custom configuration options to Nginx https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/ |
|
||||
| controller.config | object | `{}` | Global configuration passed to the ConfigMap consumed by the controller. Values may contain Helm templates. Ref.: https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/ |
|
||||
| controller.configAnnotations | object | `{}` | Annotations to be added to the controller config configuration configmap. |
|
||||
| controller.configMapNamespace | string | `""` | Allows customization of the configmap / nginx-configmap namespace; defaults to $(POD_NAMESPACE) |
|
||||
| controller.containerName | string | `"controller"` | Configures the controller container name |
|
||||
@@ -293,9 +299,11 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu
|
||||
| controller.containerSecurityContext | object | `{}` | Security context for controller containers |
|
||||
| controller.customTemplate.configMapKey | string | `""` | |
|
||||
| controller.customTemplate.configMapName | string | `""` | |
|
||||
| controller.disableLeaderElection | bool | `false` | This configuration disable Nginx Controller Leader Election |
|
||||
| controller.dnsConfig | object | `{}` | Optionally customize the pod dnsConfig. |
|
||||
| controller.dnsPolicy | string | `"ClusterFirst"` | Optionally change this to ClusterFirstWithHostNet in case you have 'hostNetwork: true'. By default, while using host network, name resolution uses the host's DNS. If you wish nginx-controller to keep resolving names inside the k8s network, use ClusterFirstWithHostNet. |
|
||||
| controller.electionID | string | `""` | Election ID to use for status update, by default it uses the controller name combined with a suffix of 'leader' |
|
||||
| controller.electionTTL | string | `""` | Duration a leader election is valid before it's getting re-elected, e.g. `15s`, `10m` or `1h`. (Default: 30s) |
|
||||
| controller.enableAnnotationValidations | bool | `false` | |
|
||||
| controller.enableMimalloc | bool | `true` | Enable mimalloc as a drop-in replacement for malloc. # ref: https://github.com/microsoft/mimalloc # |
|
||||
| controller.enableTopologyAwareRouting | bool | `false` | This configuration enables Topology Aware Routing feature, used together with service annotation service.kubernetes.io/topology-mode="auto" Defaults to false |
|
||||
@@ -317,8 +325,8 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu
|
||||
| controller.hostname | object | `{}` | Optionally customize the pod hostname. |
|
||||
| controller.image.allowPrivilegeEscalation | bool | `false` | |
|
||||
| controller.image.chroot | bool | `false` | |
|
||||
| controller.image.digest | string | `"sha256:5b161f051d017e55d358435f295f5e9a297e66158f136321d9b04520ec6c48a3"` | |
|
||||
| controller.image.digestChroot | string | `"sha256:5976b1067cfbca8a21d0ba53d71f83543a73316a61ea7f7e436d6cf84ddf9b26"` | |
|
||||
| controller.image.digest | string | `"sha256:e6439a12b52076965928e83b7b56aae6731231677b01e81818bce7fa5c60161a"` | |
|
||||
| controller.image.digestChroot | string | `"sha256:7cabe4bd7558bfdf5b707976d7be56fd15ffece735d7c90fc238b6eda290fd8d"` | |
|
||||
| controller.image.image | string | `"ingress-nginx/controller"` | |
|
||||
| controller.image.pullPolicy | string | `"IfNotPresent"` | |
|
||||
| controller.image.readOnlyRootFilesystem | bool | `false` | |
|
||||
@@ -326,14 +334,17 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu
|
||||
| controller.image.runAsNonRoot | bool | `true` | |
|
||||
| controller.image.runAsUser | int | `101` | |
|
||||
| controller.image.seccompProfile.type | string | `"RuntimeDefault"` | |
|
||||
| controller.image.tag | string | `"v1.9.4"` | |
|
||||
| controller.image.tag | string | `"v1.11.1"` | |
|
||||
| controller.ingressClass | string | `"nginx"` | For backwards compatibility with ingress.class annotation, use ingressClass. Algorithm is as follows, first ingressClassName is considered, if not present, controller looks for ingress.class annotation |
|
||||
| controller.ingressClassByName | bool | `false` | Process IngressClass per name (additionally as per spec.controller). |
|
||||
| controller.ingressClassResource.controllerValue | string | `"k8s.io/ingress-nginx"` | Controller-value of the controller that is processing this ingressClass |
|
||||
| controller.ingressClassResource.default | bool | `false` | Is this the default ingressClass for the cluster |
|
||||
| controller.ingressClassResource.enabled | bool | `true` | Is this ingressClass enabled or not |
|
||||
| controller.ingressClassResource.name | string | `"nginx"` | Name of the ingressClass |
|
||||
| controller.ingressClassResource.parameters | object | `{}` | Parameters is a link to a custom resource containing additional configuration for the controller. This is optional if the controller does not require extra parameters. |
|
||||
| controller.ingressClassResource | object | `{"aliases":[],"annotations":{},"controllerValue":"k8s.io/ingress-nginx","default":false,"enabled":true,"name":"nginx","parameters":{}}` | This section refers to the creation of the IngressClass resource. IngressClasses are immutable and cannot be changed after creation. We do not support namespaced IngressClasses, yet, so a ClusterRole and a ClusterRoleBinding is required. |
|
||||
| controller.ingressClassResource.aliases | list | `[]` | Aliases of this IngressClass. Creates copies with identical settings but the respective alias as name. Useful for development environments with only one Ingress Controller but production-like Ingress resources. `default` gets enabled on the original IngressClass only. |
|
||||
| controller.ingressClassResource.annotations | object | `{}` | Annotations to be added to the IngressClass resource. |
|
||||
| controller.ingressClassResource.controllerValue | string | `"k8s.io/ingress-nginx"` | Controller of the IngressClass. An Ingress Controller looks for IngressClasses it should reconcile by this value. This value is also being set as the `--controller-class` argument of this Ingress Controller. Ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class |
|
||||
| controller.ingressClassResource.default | bool | `false` | If true, Ingresses without `ingressClassName` get assigned to this IngressClass on creation. Ingress creation gets rejected if there are multiple default IngressClasses. Ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#default-ingress-class |
|
||||
| controller.ingressClassResource.enabled | bool | `true` | Create the IngressClass or not |
|
||||
| controller.ingressClassResource.name | string | `"nginx"` | Name of the IngressClass |
|
||||
| controller.ingressClassResource.parameters | object | `{}` | A link to a custom resource containing additional configuration for the controller. This is optional if the controller consuming this IngressClass does not require additional parameters. Ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class |
|
||||
| controller.keda.apiVersion | string | `"keda.sh/v1alpha1"` | |
|
||||
| controller.keda.behavior | object | `{}` | |
|
||||
| controller.keda.cooldownPeriod | int | `300` | |
|
||||
@@ -369,6 +380,7 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu
|
||||
| controller.metrics.service.servicePort | int | `10254` | |
|
||||
| controller.metrics.service.type | string | `"ClusterIP"` | |
|
||||
| controller.metrics.serviceMonitor.additionalLabels | object | `{}` | |
|
||||
| controller.metrics.serviceMonitor.annotations | object | `{}` | |
|
||||
| controller.metrics.serviceMonitor.enabled | bool | `false` | |
|
||||
| controller.metrics.serviceMonitor.metricRelabelings | list | `[]` | |
|
||||
| controller.metrics.serviceMonitor.namespace | string | `""` | |
|
||||
@@ -387,9 +399,12 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu
|
||||
| controller.opentelemetry.containerSecurityContext.runAsNonRoot | bool | `true` | |
|
||||
| controller.opentelemetry.containerSecurityContext.runAsUser | int | `65532` | The image's default user, inherited from its base image `cgr.dev/chainguard/static`. |
|
||||
| controller.opentelemetry.containerSecurityContext.seccompProfile.type | string | `"RuntimeDefault"` | |
|
||||
| controller.opentelemetry.distroless | bool | `true` | |
|
||||
| controller.opentelemetry.enabled | bool | `false` | |
|
||||
| controller.opentelemetry.image | string | `"registry.k8s.io/ingress-nginx/opentelemetry:v20230721-3e2062ee5@sha256:13bee3f5223883d3ca62fee7309ad02d22ec00ff0d7033e3e9aca7a9f60fd472"` | |
|
||||
| controller.opentelemetry.image.digest | string | `"sha256:13bee3f5223883d3ca62fee7309ad02d22ec00ff0d7033e3e9aca7a9f60fd472"` | |
|
||||
| controller.opentelemetry.image.distroless | bool | `true` | |
|
||||
| controller.opentelemetry.image.image | string | `"ingress-nginx/opentelemetry"` | |
|
||||
| controller.opentelemetry.image.registry | string | `"registry.k8s.io"` | |
|
||||
| controller.opentelemetry.image.tag | string | `"v20230721-3e2062ee5"` | |
|
||||
| controller.opentelemetry.name | string | `"opentelemetry"` | |
|
||||
| controller.opentelemetry.resources | object | `{}` | |
|
||||
| controller.podAnnotations | object | `{}` | Annotations to be added to controller pods # |
|
||||
@@ -415,34 +430,50 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu
|
||||
| controller.scope.enabled | bool | `false` | Enable 'scope' or not |
|
||||
| controller.scope.namespace | string | `""` | Namespace to limit the controller to; defaults to $(POD_NAMESPACE) |
|
||||
| controller.scope.namespaceSelector | string | `""` | When scope.enabled == false, instead of watching all namespaces, we watching namespaces whose labels only match with namespaceSelector. Format like foo=bar. Defaults to empty, means watching all namespaces. |
|
||||
| controller.service.annotations | object | `{}` | Annotations are mandatory for the load balancer to come up. Varies with the cloud service. Values passed through helm tpl engine. |
|
||||
| controller.service.appProtocol | bool | `true` | If enabled is adding an appProtocol option for Kubernetes service. An appProtocol field replacing annotations that were using for setting a backend protocol. Here is an example for AWS: service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http It allows choosing the protocol for each backend specified in the Kubernetes service. See the following GitHub issue for more details about the purpose: https://github.com/kubernetes/kubernetes/issues/40244 Will be ignored for Kubernetes versions older than 1.20 # |
|
||||
| controller.service.enableHttp | bool | `true` | |
|
||||
| controller.service.enableHttps | bool | `true` | |
|
||||
| controller.service.enabled | bool | `true` | |
|
||||
| controller.service.external.enabled | bool | `true` | |
|
||||
| controller.service.externalIPs | list | `[]` | List of IP addresses at which the controller services are available # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips # |
|
||||
| controller.service.internal.annotations | object | `{}` | Annotations are mandatory for the load balancer to come up. Varies with the cloud service. Values passed through helm tpl engine. |
|
||||
| controller.service.internal.enabled | bool | `false` | Enables an additional internal load balancer (besides the external one). |
|
||||
| controller.service.internal.loadBalancerIP | string | `""` | Used by cloud providers to connect the resulting internal LoadBalancer to a pre-existing static IP. Make sure to add to the service the needed annotation to specify the subnet which the static IP belongs to. For instance, `networking.gke.io/internal-load-balancer-subnet` for GCP and `service.beta.kubernetes.io/aws-load-balancer-subnets` for AWS. |
|
||||
| controller.service.internal.loadBalancerSourceRanges | list | `[]` | Restrict access For LoadBalancer service. Defaults to 0.0.0.0/0. |
|
||||
| controller.service.internal.ports | object | `{}` | Custom port mapping for internal service |
|
||||
| controller.service.internal.targetPorts | object | `{}` | Custom target port mapping for internal service |
|
||||
| controller.service.ipFamilies | list | `["IPv4"]` | List of IP families (e.g. IPv4, IPv6) assigned to the service. This field is usually assigned automatically based on cluster configuration and the ipFamilyPolicy field. # Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/ |
|
||||
| controller.service.ipFamilyPolicy | string | `"SingleStack"` | Represents the dual-stack-ness requested or required by this Service. Possible values are SingleStack, PreferDualStack or RequireDualStack. The ipFamilies and clusterIPs fields depend on the value of this field. # Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/ |
|
||||
| controller.service.labels | object | `{}` | |
|
||||
| controller.service.loadBalancerClass | string | `""` | Used by cloud providers to select a load balancer implementation other than the cloud provider default. https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-class |
|
||||
| controller.service.loadBalancerIP | string | `""` | Used by cloud providers to connect the resulting `LoadBalancer` to a pre-existing static IP according to https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer |
|
||||
| controller.service.loadBalancerSourceRanges | list | `[]` | |
|
||||
| controller.service.nodePorts.http | string | `""` | |
|
||||
| controller.service.nodePorts.https | string | `""` | |
|
||||
| controller.service.nodePorts.tcp | object | `{}` | |
|
||||
| controller.service.nodePorts.udp | object | `{}` | |
|
||||
| controller.service.ports.http | int | `80` | |
|
||||
| controller.service.ports.https | int | `443` | |
|
||||
| controller.service.targetPorts.http | string | `"http"` | |
|
||||
| controller.service.targetPorts.https | string | `"https"` | |
|
||||
| controller.service.type | string | `"LoadBalancer"` | |
|
||||
| controller.service.annotations | object | `{}` | Annotations to be added to the external controller service. See `controller.service.internal.annotations` for annotations to be added to the internal controller service. |
|
||||
| controller.service.appProtocol | bool | `true` | Declare the app protocol of the external HTTP and HTTPS listeners or not. Supersedes provider-specific annotations for declaring the backend protocol. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#application-protocol |
|
||||
| controller.service.clusterIP | string | `""` | Pre-defined cluster internal IP address of the external controller service. Take care of collisions with existing services. This value is immutable. Set once, it can not be changed without deleting and re-creating the service. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address |
|
||||
| controller.service.enableHttp | bool | `true` | Enable the HTTP listener on both controller services or not. |
|
||||
| controller.service.enableHttps | bool | `true` | Enable the HTTPS listener on both controller services or not. |
|
||||
| controller.service.enabled | bool | `true` | Enable controller services or not. This does not influence the creation of either the admission webhook or the metrics service. |
|
||||
| controller.service.external.enabled | bool | `true` | Enable the external controller service or not. Useful for internal-only deployments. |
|
||||
| controller.service.externalIPs | list | `[]` | List of node IP addresses at which the external controller service is available. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips |
|
||||
| controller.service.externalTrafficPolicy | string | `""` | External traffic policy of the external controller service. Set to "Local" to preserve source IP on providers supporting it. Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip |
|
||||
| controller.service.internal.annotations | object | `{}` | Annotations to be added to the internal controller service. Mandatory for the internal controller service to be created. Varies with the cloud service. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer |
|
||||
| controller.service.internal.appProtocol | bool | `true` | Declare the app protocol of the internal HTTP and HTTPS listeners or not. Supersedes provider-specific annotations for declaring the backend protocol. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#application-protocol |
|
||||
| controller.service.internal.clusterIP | string | `""` | Pre-defined cluster internal IP address of the internal controller service. Take care of collisions with existing services. This value is immutable. Set once, it can not be changed without deleting and re-creating the service. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address |
|
||||
| controller.service.internal.enabled | bool | `false` | Enable the internal controller service or not. Remember to configure `controller.service.internal.annotations` when enabling this. |
|
||||
| controller.service.internal.externalIPs | list | `[]` | List of node IP addresses at which the internal controller service is available. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips |
|
||||
| controller.service.internal.externalTrafficPolicy | string | `""` | External traffic policy of the internal controller service. Set to "Local" to preserve source IP on providers supporting it. Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip |
|
||||
| controller.service.internal.ipFamilies | list | `["IPv4"]` | List of IP families (e.g. IPv4, IPv6) assigned to the internal controller service. This field is usually assigned automatically based on cluster configuration and the `ipFamilyPolicy` field. Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services |
|
||||
| controller.service.internal.ipFamilyPolicy | string | `"SingleStack"` | Represents the dual-stack capabilities of the internal controller service. Possible values are SingleStack, PreferDualStack or RequireDualStack. Fields `ipFamilies` and `clusterIP` depend on the value of this field. Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services |
|
||||
| controller.service.internal.loadBalancerClass | string | `""` | Load balancer class of the internal controller service. Used by cloud providers to select a load balancer implementation other than the cloud provider default. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-class |
|
||||
| controller.service.internal.loadBalancerIP | string | `""` | Deprecated: Pre-defined IP address of the internal controller service. Used by cloud providers to connect the resulting load balancer service to a pre-existing static IP. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer |
|
||||
| controller.service.internal.loadBalancerSourceRanges | list | `[]` | Restrict access to the internal controller service. Values must be CIDRs. Allows any source address by default. |
|
||||
| controller.service.internal.nodePorts.http | string | `""` | Node port allocated for the internal HTTP listener. If left empty, the service controller allocates one from the configured node port range. |
|
||||
| controller.service.internal.nodePorts.https | string | `""` | Node port allocated for the internal HTTPS listener. If left empty, the service controller allocates one from the configured node port range. |
|
||||
| controller.service.internal.nodePorts.tcp | object | `{}` | Node port mapping for internal TCP listeners. If left empty, the service controller allocates them from the configured node port range. Example: tcp: 8080: 30080 |
|
||||
| controller.service.internal.nodePorts.udp | object | `{}` | Node port mapping for internal UDP listeners. If left empty, the service controller allocates them from the configured node port range. Example: udp: 53: 30053 |
|
||||
| controller.service.internal.ports | object | `{}` | |
|
||||
| controller.service.internal.sessionAffinity | string | `""` | Session affinity of the internal controller service. Must be either "None" or "ClientIP" if set. Defaults to "None". Ref: https://kubernetes.io/docs/reference/networking/virtual-ips/#session-affinity |
|
||||
| controller.service.internal.targetPorts | object | `{}` | |
|
||||
| controller.service.internal.type | string | `""` | Type of the internal controller service. Defaults to the value of `controller.service.type`. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types |
|
||||
| controller.service.ipFamilies | list | `["IPv4"]` | List of IP families (e.g. IPv4, IPv6) assigned to the external controller service. This field is usually assigned automatically based on cluster configuration and the `ipFamilyPolicy` field. Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services |
|
||||
| controller.service.ipFamilyPolicy | string | `"SingleStack"` | Represents the dual-stack capabilities of the external controller service. Possible values are SingleStack, PreferDualStack or RequireDualStack. Fields `ipFamilies` and `clusterIP` depend on the value of this field. Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services |
|
||||
| controller.service.labels | object | `{}` | Labels to be added to both controller services. |
|
||||
| controller.service.loadBalancerClass | string | `""` | Load balancer class of the external controller service. Used by cloud providers to select a load balancer implementation other than the cloud provider default. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-class |
|
||||
| controller.service.loadBalancerIP | string | `""` | Deprecated: Pre-defined IP address of the external controller service. Used by cloud providers to connect the resulting load balancer service to a pre-existing static IP. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer |
|
||||
| controller.service.loadBalancerSourceRanges | list | `[]` | Restrict access to the external controller service. Values must be CIDRs. Allows any source address by default. |
|
||||
| controller.service.nodePorts.http | string | `""` | Node port allocated for the external HTTP listener. If left empty, the service controller allocates one from the configured node port range. |
|
||||
| controller.service.nodePorts.https | string | `""` | Node port allocated for the external HTTPS listener. If left empty, the service controller allocates one from the configured node port range. |
|
||||
| controller.service.nodePorts.tcp | object | `{}` | Node port mapping for external TCP listeners. If left empty, the service controller allocates them from the configured node port range. Example: tcp: 8080: 30080 |
|
||||
| controller.service.nodePorts.udp | object | `{}` | Node port mapping for external UDP listeners. If left empty, the service controller allocates them from the configured node port range. Example: udp: 53: 30053 |
|
||||
| controller.service.ports.http | int | `80` | Port the external HTTP listener is published with. |
|
||||
| controller.service.ports.https | int | `443` | Port the external HTTPS listener is published with. |
|
||||
| controller.service.sessionAffinity | string | `""` | Session affinity of the external controller service. Must be either "None" or "ClientIP" if set. Defaults to "None". Ref: https://kubernetes.io/docs/reference/networking/virtual-ips/#session-affinity |
|
||||
| controller.service.targetPorts.http | string | `"http"` | Port of the ingress controller the external HTTP listener is mapped to. |
|
||||
| controller.service.targetPorts.https | string | `"https"` | Port of the ingress controller the external HTTPS listener is mapped to. |
|
||||
| controller.service.type | string | `"LoadBalancer"` | Type of the external controller service. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types |
|
||||
| controller.shareProcessNamespace | bool | `false` | |
|
||||
| controller.sysctls | object | `{}` | sysctls for controller pods # Ref: https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ |
|
||||
| controller.tcp.annotations | object | `{}` | Annotations to be added to the tcp config configmap |
|
||||
@@ -454,7 +485,7 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu
|
||||
| controller.udp.configMapNamespace | string | `""` | Allows customization of the udp-services-configmap; defaults to $(POD_NAMESPACE) |
|
||||
| controller.updateStrategy | object | `{}` | The update strategy to apply to the Deployment or DaemonSet # |
|
||||
| controller.watchIngressWithoutClass | bool | `false` | Process Ingress objects without ingressClass annotation/ingressClassName field Overrides value for --watch-ingress-without-class flag of the controller binary Defaults to false |
|
||||
| defaultBackend.affinity | object | `{}` | |
|
||||
| defaultBackend.affinity | object | `{}` | Affinity and anti-affinity rules for server scheduling to nodes # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity |
|
||||
| defaultBackend.autoscaling.annotations | object | `{}` | |
|
||||
| defaultBackend.autoscaling.enabled | bool | `false` | |
|
||||
| defaultBackend.autoscaling.maxReplicas | int | `2` | |
|
||||
@@ -510,6 +541,7 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu
|
||||
| defaultBackend.serviceAccount.create | bool | `true` | |
|
||||
| defaultBackend.serviceAccount.name | string | `""` | |
|
||||
| defaultBackend.tolerations | list | `[]` | Node tolerations for server scheduling to nodes with taints # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ # |
|
||||
| defaultBackend.topologySpreadConstraints | list | `[]` | Topology spread constraints rely on node labels to identify the topology domain(s) that each Node is in. Ref.: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ |
|
||||
| defaultBackend.updateStrategy | object | `{}` | The update strategy to apply to the Deployment or DaemonSet # |
|
||||
| dhParam | string | `""` | A base64-encoded Diffie-Hellman parameter. This can be generated with: `openssl dhparam 4096 2> /dev/null | base64` # Ref: https://github.com/kubernetes/ingress-nginx/tree/main/docs/examples/customization/ssl-dh-param |
|
||||
| imagePullSecrets | list | `[]` | Optional array of imagePullSecrets containing private registry credentials # Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ |
|
||||
|
||||
@@ -7,4 +7,7 @@ controller:
|
||||
type: ClusterIP
|
||||
extraModules:
|
||||
- name: opentelemetry
|
||||
image: busybox
|
||||
image:
|
||||
registry: registry.k8s.io
|
||||
image: busybox
|
||||
tag: latest
|
||||
|
||||
@@ -9,4 +9,7 @@ controller:
|
||||
allowPrivilegeEscalation: false
|
||||
extraModules:
|
||||
- name: opentelemetry
|
||||
image: busybox
|
||||
image:
|
||||
registry: registry.k8s.io
|
||||
image: busybox
|
||||
tag: latest
|
||||
|
||||
@@ -7,6 +7,9 @@ controller:
|
||||
type: ClusterIP
|
||||
extraModules:
|
||||
- name: opentelemetry
|
||||
image: busybox
|
||||
image:
|
||||
registry: registry.k8s.io
|
||||
image: busybox
|
||||
tag: latest
|
||||
containerSecurityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
|
||||
@@ -7,4 +7,7 @@ controller:
|
||||
type: ClusterIP
|
||||
extraModules:
|
||||
- name: opentelemetry
|
||||
image: busybox
|
||||
image:
|
||||
registry: registry.k8s.io
|
||||
image: busybox
|
||||
tag: latest
|
||||
|
||||
@@ -0,0 +1,9 @@
|
||||
controller:
|
||||
image:
|
||||
repository: ingress-controller/controller
|
||||
tag: 1.0.0-dev
|
||||
digest: null
|
||||
service:
|
||||
type: ClusterIP
|
||||
opentelemetry:
|
||||
enabled: true
|
||||
@@ -167,6 +167,17 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this
|
||||
{{- printf "%s-%s" (include "ingress-nginx.fullname" .) .Values.controller.admissionWebhooks.name | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Create the name of the admission webhook patch job service account to use
|
||||
*/}}
|
||||
{{- define "ingress-nginx.admissionWebhooks.patch.serviceAccountName" -}}
|
||||
{{- if .Values.controller.admissionWebhooks.patch.serviceAccount.create -}}
|
||||
{{ default (include "ingress-nginx.admissionWebhooks.fullname" .) .Values.controller.admissionWebhooks.patch.serviceAccount.name }}
|
||||
{{- else -}}
|
||||
{{ default "default" .Values.controller.admissionWebhooks.patch.serviceAccount.name }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Create a default fully qualified admission webhook secret creation job name.
|
||||
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
|
||||
@@ -242,22 +253,13 @@ Check the ingress controller version tag is at most three versions behind the la
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
IngressClass parameters.
|
||||
*/}}
|
||||
{{- define "ingressClass.parameters" -}}
|
||||
{{- if .Values.controller.ingressClassResource.parameters -}}
|
||||
parameters:
|
||||
{{ toYaml .Values.controller.ingressClassResource.parameters | indent 4}}
|
||||
{{ end }}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Extra modules.
|
||||
*/}}
|
||||
{{- define "extraModules" -}}
|
||||
- name: {{ .name }}
|
||||
image: {{ .image }}
|
||||
{{- with .image }}
|
||||
image: {{ if .repository }}{{ .repository }}{{ else }}{{ .registry }}/{{ .image }}{{ end }}:{{ .tag }}{{ if .digest }}@{{ .digest }}{{ end }}
|
||||
command:
|
||||
{{- if .distroless }}
|
||||
- /init_module
|
||||
@@ -266,6 +268,7 @@ Extra modules.
|
||||
- -c
|
||||
- /usr/local/bin/init_module.sh
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .containerSecurityContext }}
|
||||
securityContext: {{ toYaml .containerSecurityContext | nindent 4 }}
|
||||
{{- end }}
|
||||
|
||||
@@ -29,7 +29,7 @@
|
||||
- --watch-namespace={{ default "$(POD_NAMESPACE)" .Values.controller.scope.namespace }}
|
||||
{{- end }}
|
||||
{{- if and (not .Values.controller.scope.enabled) .Values.controller.scope.namespaceSelector }}
|
||||
- --watch-namespace-selector={{ default "" .Values.controller.scope.namespaceSelector }}
|
||||
- --watch-namespace-selector={{ .Values.controller.scope.namespaceSelector }}
|
||||
{{- end }}
|
||||
{{- if and .Values.controller.reportNodeInternalIp .Values.controller.hostNetwork }}
|
||||
- --report-node-internal-ip-address={{ .Values.controller.reportNodeInternalIp }}
|
||||
@@ -54,9 +54,18 @@
|
||||
{{- if .Values.controller.watchIngressWithoutClass }}
|
||||
- --watch-ingress-without-class=true
|
||||
{{- end }}
|
||||
{{- if not .Values.controller.metrics.enabled }}
|
||||
- --enable-metrics={{ .Values.controller.metrics.enabled }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.enableTopologyAwareRouting }}
|
||||
- --enable-topology-aware-routing=true
|
||||
{{- end }}
|
||||
{{- if .Values.controller.disableLeaderElection }}
|
||||
- --disable-leader-election=true
|
||||
{{- end }}
|
||||
{{- if .Values.controller.electionTTL }}
|
||||
- --election-ttl={{ .Values.controller.electionTTL }}
|
||||
{{- end }}
|
||||
{{- range $key, $value := .Values.controller.extraArgs }}
|
||||
{{- /* Accept keys without values or with false as value */}}
|
||||
{{- if eq ($value | quote | len) 2 }}
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled (not .Values.controller.admissionWebhooks.certManager.enabled) -}}
|
||||
{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled .Values.controller.admissionWebhooks.patch.rbac.create (not .Values.controller.admissionWebhooks.certManager.enabled) -}}
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled (not .Values.controller.admissionWebhooks.certManager.enabled) -}}
|
||||
{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled .Values.controller.admissionWebhooks.patch.rbac.create (not .Values.controller.admissionWebhooks.certManager.enabled) -}}
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
@@ -18,6 +18,6 @@ roleRef:
|
||||
name: {{ include "ingress-nginx.admissionWebhooks.fullname" . }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ include "ingress-nginx.admissionWebhooks.fullname" . }}
|
||||
name: {{ include "ingress-nginx.admissionWebhooks.patch.serviceAccountName" . }}
|
||||
namespace: {{ include "ingress-nginx.namespace" . }}
|
||||
{{- end }}
|
||||
|
||||
@@ -43,7 +43,7 @@ spec:
|
||||
containers:
|
||||
- name: create
|
||||
{{- with .Values.controller.admissionWebhooks.patch.image }}
|
||||
image: "{{- if .repository -}}{{ .repository }}{{ else }}{{ .registry }}/{{ .image }}{{- end -}}:{{ .tag }}{{- if (.digest) -}} @{{.digest}} {{- end -}}"
|
||||
image: {{ if .repository }}{{ .repository }}{{ else }}{{ .registry }}/{{ .image }}{{ end }}:{{ .tag }}{{ if .digest }}@{{ .digest }}{{ end }}
|
||||
{{- end }}
|
||||
imagePullPolicy: {{ .Values.controller.admissionWebhooks.patch.image.pullPolicy }}
|
||||
args:
|
||||
@@ -66,7 +66,7 @@ spec:
|
||||
resources: {{ toYaml .Values.controller.admissionWebhooks.createSecretJob.resources | nindent 12 }}
|
||||
{{- end }}
|
||||
restartPolicy: OnFailure
|
||||
serviceAccountName: {{ include "ingress-nginx.admissionWebhooks.fullname" . }}
|
||||
serviceAccountName: {{ include "ingress-nginx.admissionWebhooks.patch.serviceAccountName" . }}
|
||||
{{- if .Values.controller.admissionWebhooks.patch.nodeSelector }}
|
||||
nodeSelector: {{ toYaml .Values.controller.admissionWebhooks.patch.nodeSelector | nindent 8 }}
|
||||
{{- end }}
|
||||
|
||||
@@ -43,7 +43,7 @@ spec:
|
||||
containers:
|
||||
- name: patch
|
||||
{{- with .Values.controller.admissionWebhooks.patch.image }}
|
||||
image: "{{- if .repository -}}{{ .repository }}{{ else }}{{ .registry }}/{{ .image }}{{- end -}}:{{ .tag }}{{- if (.digest) -}} @{{.digest}} {{- end -}}"
|
||||
image: {{ if .repository }}{{ .repository }}{{ else }}{{ .registry }}/{{ .image }}{{ end }}:{{ .tag }}{{ if .digest }}@{{ .digest }}{{ end }}
|
||||
{{- end }}
|
||||
imagePullPolicy: {{ .Values.controller.admissionWebhooks.patch.image.pullPolicy }}
|
||||
args:
|
||||
@@ -68,7 +68,7 @@ spec:
|
||||
resources: {{ toYaml .Values.controller.admissionWebhooks.patchWebhookJob.resources | nindent 12 }}
|
||||
{{- end }}
|
||||
restartPolicy: OnFailure
|
||||
serviceAccountName: {{ include "ingress-nginx.admissionWebhooks.fullname" . }}
|
||||
serviceAccountName: {{ include "ingress-nginx.admissionWebhooks.patch.serviceAccountName" . }}
|
||||
{{- if .Values.controller.admissionWebhooks.patch.nodeSelector }}
|
||||
nodeSelector: {{ toYaml .Values.controller.admissionWebhooks.patch.nodeSelector | nindent 8 }}
|
||||
{{- end }}
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled (not .Values.controller.admissionWebhooks.certManager.enabled) -}}
|
||||
{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled .Values.controller.admissionWebhooks.patch.rbac.create (not .Values.controller.admissionWebhooks.certManager.enabled) -}}
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
metadata:
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled (not .Values.controller.admissionWebhooks.certManager.enabled) -}}
|
||||
{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled .Values.controller.admissionWebhooks.patch.rbac.create (not .Values.controller.admissionWebhooks.certManager.enabled) -}}
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
@@ -19,6 +19,6 @@ roleRef:
|
||||
name: {{ include "ingress-nginx.admissionWebhooks.fullname" . }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ include "ingress-nginx.admissionWebhooks.fullname" . }}
|
||||
name: {{ include "ingress-nginx.admissionWebhooks.patch.serviceAccountName" . }}
|
||||
namespace: {{ include "ingress-nginx.namespace" . }}
|
||||
{{- end }}
|
||||
|
||||
@@ -1,8 +1,8 @@
|
||||
{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled (not .Values.controller.admissionWebhooks.certManager.enabled) -}}
|
||||
{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled .Values.controller.admissionWebhooks.patch.serviceAccount.create (not .Values.controller.admissionWebhooks.certManager.enabled) -}}
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: {{ include "ingress-nginx.admissionWebhooks.fullname" . }}
|
||||
name: {{ include "ingress-nginx.admissionWebhooks.patch.serviceAccountName" . }}
|
||||
namespace: {{ include "ingress-nginx.namespace" . }}
|
||||
annotations:
|
||||
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
|
||||
@@ -13,4 +13,5 @@ metadata:
|
||||
{{- with .Values.controller.admissionWebhooks.patch.labels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
automountServiceAccountToken: {{ .Values.controller.admissionWebhooks.patch.serviceAccount.automountServiceAccountToken }}
|
||||
{{- end }}
|
||||
|
||||
@@ -24,5 +24,5 @@ data:
|
||||
ssl-dh-param: {{ include "ingress-nginx.namespace" . }}/{{ include "ingress-nginx.controller.fullname" . }}
|
||||
{{- end }}
|
||||
{{- range $key, $value := .Values.controller.config }}
|
||||
{{- $key | nindent 2 }}: {{ $value | quote }}
|
||||
{{- $key | nindent 2 }}: {{ tpl (toString $value) $ | quote }}
|
||||
{{- end }}
|
||||
|
||||
@@ -77,7 +77,7 @@ spec:
|
||||
containers:
|
||||
- name: {{ .Values.controller.containerName }}
|
||||
{{- with .Values.controller.image }}
|
||||
image: "{{- if .repository -}}{{ .repository }}{{ else }}{{ .registry }}/{{ include "ingress-nginx.image" . }}{{- end -}}:{{ .tag }}{{ include "ingress-nginx.imageDigest" . }}"
|
||||
image: {{ if .repository }}{{ .repository }}{{ else }}{{ .registry }}/{{ include "ingress-nginx.image" . }}{{ end }}:{{ .tag }}{{ include "ingress-nginx.imageDigest" . }}
|
||||
{{- end }}
|
||||
imagePullPolicy: {{ .Values.controller.image.pullPolicy }}
|
||||
{{- if .Values.controller.lifecycle }}
|
||||
@@ -186,13 +186,13 @@ spec:
|
||||
{{- if .Values.controller.extraModules }}
|
||||
{{- range .Values.controller.extraModules }}
|
||||
{{- $containerSecurityContext := .containerSecurityContext | default $.Values.controller.containerSecurityContext }}
|
||||
{{- include "extraModules" (dict "name" .name "image" .image "distroless" .distroless "containerSecurityContext" $containerSecurityContext "resources" .resources) | nindent 8 }}
|
||||
{{- include "extraModules" (dict "name" .name "image" .image "containerSecurityContext" $containerSecurityContext "resources" .resources) | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.opentelemetry.enabled }}
|
||||
{{- with .Values.controller.opentelemetry }}
|
||||
{{- $containerSecurityContext := .containerSecurityContext | default $.Values.controller.containerSecurityContext }}
|
||||
{{- include "extraModules" (dict "name" .name "image" .image "distroless" .distroless "containerSecurityContext" $containerSecurityContext "resources" .resources) | nindent 8 }}
|
||||
{{- include "extraModules" (dict "name" .name "image" .image "containerSecurityContext" $containerSecurityContext "resources" .resources) | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@@ -206,7 +206,7 @@ spec:
|
||||
tolerations: {{ toYaml .Values.controller.tolerations | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.affinity }}
|
||||
affinity: {{ toYaml .Values.controller.affinity | nindent 8 }}
|
||||
affinity: {{ tpl (toYaml .Values.controller.affinity) $ | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.topologySpreadConstraints }}
|
||||
topologySpreadConstraints: {{ tpl (toYaml .Values.controller.topologySpreadConstraints) $ | nindent 8 }}
|
||||
|
||||
@@ -19,7 +19,7 @@ spec:
|
||||
matchLabels:
|
||||
{{- include "ingress-nginx.selectorLabels" . | nindent 6 }}
|
||||
app.kubernetes.io/component: controller
|
||||
{{- if not (or .Values.controller.autoscaling.enabled .Values.controller.keda.enabled) }}
|
||||
{{- if eq .Values.controller.autoscaling.enabled .Values.controller.keda.enabled }}
|
||||
replicas: {{ .Values.controller.replicaCount }}
|
||||
{{- end }}
|
||||
revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
|
||||
@@ -80,7 +80,7 @@ spec:
|
||||
containers:
|
||||
- name: {{ .Values.controller.containerName }}
|
||||
{{- with .Values.controller.image }}
|
||||
image: "{{- if .repository -}}{{ .repository }}{{ else }}{{ .registry }}/{{ include "ingress-nginx.image" . }}{{- end -}}:{{ .tag }}{{ include "ingress-nginx.imageDigest" . }}"
|
||||
image: {{ if .repository }}{{ .repository }}{{ else }}{{ .registry }}/{{ include "ingress-nginx.image" . }}{{ end }}:{{ .tag }}{{ include "ingress-nginx.imageDigest" . }}
|
||||
{{- end }}
|
||||
imagePullPolicy: {{ .Values.controller.image.pullPolicy }}
|
||||
{{- if .Values.controller.lifecycle }}
|
||||
@@ -189,13 +189,13 @@ spec:
|
||||
{{- if .Values.controller.extraModules }}
|
||||
{{- range .Values.controller.extraModules }}
|
||||
{{- $containerSecurityContext := .containerSecurityContext | default $.Values.controller.containerSecurityContext }}
|
||||
{{- include "extraModules" (dict "name" .name "image" .image "distroless" .distroless "containerSecurityContext" $containerSecurityContext "resources" .resources) | nindent 8 }}
|
||||
{{- include "extraModules" (dict "name" .name "image" .image "containerSecurityContext" $containerSecurityContext "resources" .resources) | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.opentelemetry.enabled }}
|
||||
{{- with .Values.controller.opentelemetry }}
|
||||
{{- $containerSecurityContext := .containerSecurityContext | default $.Values.controller.containerSecurityContext }}
|
||||
{{- include "extraModules" (dict "name" .name "image" .image "distroless" .distroless "containerSecurityContext" $containerSecurityContext "resources" .resources) | nindent 8 }}
|
||||
{{- include "extraModules" (dict "name" .name "image" .image "containerSecurityContext" $containerSecurityContext "resources" .resources) | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@@ -209,7 +209,7 @@ spec:
|
||||
tolerations: {{ toYaml .Values.controller.tolerations | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.affinity }}
|
||||
affinity: {{ toYaml .Values.controller.affinity | nindent 8 }}
|
||||
affinity: {{ tpl (toYaml .Values.controller.affinity) $ | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.topologySpreadConstraints }}
|
||||
topologySpreadConstraints: {{ tpl (toYaml .Values.controller.topologySpreadConstraints) $ | nindent 8 }}
|
||||
|
||||
@@ -0,0 +1,23 @@
|
||||
{{- if .Values.controller.ingressClassResource.enabled -}}
|
||||
{{- range .Values.controller.ingressClassResource.aliases }}
|
||||
---
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: IngressClass
|
||||
metadata:
|
||||
labels:
|
||||
{{- include "ingress-nginx.labels" $ | nindent 4 }}
|
||||
app.kubernetes.io/component: controller
|
||||
{{- with $.Values.controller.labels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
name: {{ . }}
|
||||
{{- if $.Values.controller.ingressClassResource.annotations }}
|
||||
annotations: {{ toYaml $.Values.controller.ingressClassResource.annotations | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
controller: {{ $.Values.controller.ingressClassResource.controllerValue }}
|
||||
{{- with $.Values.controller.ingressClassResource.parameters }}
|
||||
parameters: {{ toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@@ -1,6 +1,4 @@
|
||||
{{- if .Values.controller.ingressClassResource.enabled -}}
|
||||
# We don't support namespaced ingressClass yet
|
||||
# So a ClusterRole and a ClusterRoleBinding is required
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: IngressClass
|
||||
metadata:
|
||||
@@ -11,11 +9,18 @@ metadata:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
name: {{ .Values.controller.ingressClassResource.name }}
|
||||
{{- if .Values.controller.ingressClassResource.default }}
|
||||
{{- if or .Values.controller.ingressClassResource.default .Values.controller.ingressClassResource.annotations }}
|
||||
annotations:
|
||||
{{- if .Values.controller.ingressClassResource.default }}
|
||||
ingressclass.kubernetes.io/is-default-class: "true"
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.ingressClassResource.annotations }}
|
||||
{{- toYaml .Values.controller.ingressClassResource.annotations | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
spec:
|
||||
controller: {{ .Values.controller.ingressClassResource.controllerValue }}
|
||||
{{ template "ingressClass.parameters" . }}
|
||||
{{- with .Values.controller.ingressClassResource.parameters }}
|
||||
parameters: {{ toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
{{- if and .Values.controller.keda.enabled (eq .Values.controller.kind "Deployment") -}}
|
||||
{{- if and (eq .Values.controller.kind "Deployment") .Values.controller.keda.enabled (not .Values.controller.autoscaling.enabled) -}}
|
||||
apiVersion: {{ .Values.controller.keda.apiVersion }}
|
||||
kind: ScaledObject
|
||||
metadata:
|
||||
|
||||
@@ -1,4 +1,13 @@
|
||||
{{- if or (and .Values.controller.autoscaling.enabled (gt (.Values.controller.autoscaling.minReplicas | int) 1)) (and (not .Values.controller.autoscaling.enabled) (gt (.Values.controller.replicaCount | int) 1)) }}
|
||||
# PDB is not supported for DaemonSets.
|
||||
# https://github.com/kubernetes/kubernetes/issues/108124
|
||||
{{- if eq .Values.controller.kind "Deployment" }}
|
||||
{{- $replicas := .Values.controller.replicaCount }}
|
||||
{{- if and .Values.controller.autoscaling.enabled (not .Values.controller.keda.enabled) }}
|
||||
{{- $replicas = .Values.controller.autoscaling.minReplicas }}
|
||||
{{- else if and .Values.controller.keda.enabled (not .Values.controller.autoscaling.enabled) }}
|
||||
{{- $replicas = .Values.controller.keda.minReplicas }}
|
||||
{{- end }}
|
||||
{{- if gt ($replicas | int) 1 }}
|
||||
apiVersion: {{ ternary "policy/v1" "policy/v1beta1" (semverCompare ">=1.21.0-0" .Capabilities.KubeVersion.Version) }}
|
||||
kind: PodDisruptionBudget
|
||||
metadata:
|
||||
@@ -24,3 +33,4 @@ spec:
|
||||
maxUnavailable: {{ .Values.controller.maxUnavailable }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
{{- if and ( .Values.controller.metrics.enabled ) ( .Values.controller.metrics.prometheusRule.enabled ) ( .Capabilities.APIVersions.Has "monitoring.coreos.com/v1" ) -}}
|
||||
{{- if and .Values.controller.metrics.enabled .Values.controller.metrics.prometheusRule.enabled -}}
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: PrometheusRule
|
||||
metadata:
|
||||
|
||||
@@ -44,12 +44,15 @@ rules:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
# Omit Ingress status permissions if `--update-status` is disabled.
|
||||
{{- if ne (index .Values.controller.extraArgs "update-status") "false" }}
|
||||
- apiGroups:
|
||||
- networking.k8s.io
|
||||
resources:
|
||||
- ingresses/status
|
||||
verbs:
|
||||
- update
|
||||
{{- end }}
|
||||
- apiGroups:
|
||||
- networking.k8s.io
|
||||
resources:
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
{{- if and .Values.controller.service.enabled .Values.controller.service.internal.enabled .Values.controller.service.internal.annotations}}
|
||||
{{- if and .Values.controller.service.enabled .Values.controller.service.internal.enabled .Values.controller.service.internal.annotations -}}
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
@@ -15,9 +15,12 @@ metadata:
|
||||
name: {{ include "ingress-nginx.controller.fullname" . }}-internal
|
||||
namespace: {{ include "ingress-nginx.namespace" . }}
|
||||
spec:
|
||||
type: "{{ .Values.controller.service.type }}"
|
||||
{{- if hasKey .Values.controller.service.internal "allocateLoadBalancerNodePorts" }}
|
||||
allocateLoadBalancerNodePorts: {{ .Values.controller.service.internal.allocateLoadBalancerNodePorts }}
|
||||
type: {{ .Values.controller.service.internal.type | default .Values.controller.service.type }}
|
||||
{{- if .Values.controller.service.internal.clusterIP }}
|
||||
clusterIP: {{ .Values.controller.service.internal.clusterIP }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.service.internal.externalIPs }}
|
||||
externalIPs: {{ toYaml .Values.controller.service.internal.externalIPs | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.service.internal.loadBalancerIP }}
|
||||
loadBalancerIP: {{ .Values.controller.service.internal.loadBalancerIP }}
|
||||
@@ -25,8 +28,28 @@ spec:
|
||||
{{- if .Values.controller.service.internal.loadBalancerSourceRanges }}
|
||||
loadBalancerSourceRanges: {{ toYaml .Values.controller.service.internal.loadBalancerSourceRanges | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.service.internal.loadBalancerClass }}
|
||||
loadBalancerClass: {{ .Values.controller.service.internal.loadBalancerClass }}
|
||||
{{- end }}
|
||||
{{- if hasKey .Values.controller.service.internal "allocateLoadBalancerNodePorts" }}
|
||||
allocateLoadBalancerNodePorts: {{ .Values.controller.service.internal.allocateLoadBalancerNodePorts }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.service.internal.externalTrafficPolicy }}
|
||||
externalTrafficPolicy: {{ .Values.controller.service.internal.externalTrafficPolicy }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.service.internal.sessionAffinity }}
|
||||
sessionAffinity: {{ .Values.controller.service.internal.sessionAffinity }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.service.internal.healthCheckNodePort }}
|
||||
healthCheckNodePort: {{ .Values.controller.service.internal.healthCheckNodePort }}
|
||||
{{- end }}
|
||||
{{- if semverCompare ">=1.21.0-0" .Capabilities.KubeVersion.Version -}}
|
||||
{{- if .Values.controller.service.internal.ipFamilyPolicy }}
|
||||
ipFamilyPolicy: {{ .Values.controller.service.internal.ipFamilyPolicy }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.service.internal.ipFamilies }}
|
||||
ipFamilies: {{ toYaml .Values.controller.service.internal.ipFamilies | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
ports:
|
||||
{{- $setNodePorts := (or (eq .Values.controller.service.type "NodePort") (eq .Values.controller.service.type "LoadBalancer")) }}
|
||||
@@ -35,11 +58,11 @@ spec:
|
||||
port: {{ .Values.controller.service.internal.ports.http | default .Values.controller.service.ports.http }}
|
||||
protocol: TCP
|
||||
targetPort: {{ .Values.controller.service.internal.targetPorts.http | default .Values.controller.service.targetPorts.http }}
|
||||
{{- if semverCompare ">=1.20" .Capabilities.KubeVersion.Version }}
|
||||
{{- if and (semverCompare ">=1.20.0-0" .Capabilities.KubeVersion.Version) (.Values.controller.service.internal.appProtocol) }}
|
||||
appProtocol: http
|
||||
{{- end }}
|
||||
{{- if (and $setNodePorts (not (empty .Values.controller.service.nodePorts.http))) }}
|
||||
nodePort: {{ .Values.controller.service.nodePorts.http }}
|
||||
{{- if (and $setNodePorts (not (empty .Values.controller.service.internal.nodePorts.http))) }}
|
||||
nodePort: {{ .Values.controller.service.internal.nodePorts.http }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.service.enableHttps }}
|
||||
@@ -47,11 +70,11 @@ spec:
|
||||
port: {{ .Values.controller.service.internal.ports.https | default .Values.controller.service.ports.https }}
|
||||
protocol: TCP
|
||||
targetPort: {{ .Values.controller.service.internal.targetPorts.https | default .Values.controller.service.targetPorts.https }}
|
||||
{{- if semverCompare ">=1.20" .Capabilities.KubeVersion.Version }}
|
||||
{{- if and (semverCompare ">=1.20.0-0" .Capabilities.KubeVersion.Version) (.Values.controller.service.internal.appProtocol) }}
|
||||
appProtocol: https
|
||||
{{- end }}
|
||||
{{- if (and $setNodePorts (not (empty .Values.controller.service.nodePorts.https))) }}
|
||||
nodePort: {{ .Values.controller.service.nodePorts.https }}
|
||||
{{- if (and $setNodePorts (not (empty .Values.controller.service.internal.nodePorts.https))) }}
|
||||
nodePort: {{ .Values.controller.service.internal.nodePorts.https }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- range $key, $value := .Values.tcp }}
|
||||
@@ -59,9 +82,9 @@ spec:
|
||||
port: {{ $key }}
|
||||
protocol: TCP
|
||||
targetPort: {{ if $.Values.portNamePrefix }}{{ $.Values.portNamePrefix }}-{{ end }}{{ $key }}-tcp
|
||||
{{- if $.Values.controller.service.nodePorts.tcp }}
|
||||
{{- if index $.Values.controller.service.nodePorts.tcp $key }}
|
||||
nodePort: {{ index $.Values.controller.service.nodePorts.tcp $key }}
|
||||
{{- if $.Values.controller.service.internal.nodePorts.tcp }}
|
||||
{{- if index $.Values.controller.service.internal.nodePorts.tcp $key }}
|
||||
nodePort: {{ index $.Values.controller.service.internal.nodePorts.tcp $key }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@@ -70,9 +93,9 @@ spec:
|
||||
port: {{ $key }}
|
||||
protocol: UDP
|
||||
targetPort: {{ if $.Values.portNamePrefix }}{{ $.Values.portNamePrefix }}-{{ end }}{{ $key }}-udp
|
||||
{{- if $.Values.controller.service.nodePorts.udp }}
|
||||
{{- if index $.Values.controller.service.nodePorts.udp $key }}
|
||||
nodePort: {{ index $.Values.controller.service.nodePorts.udp $key }}
|
||||
{{- if $.Values.controller.service.internal.nodePorts.udp }}
|
||||
{{- if index $.Values.controller.service.internal.nodePorts.udp $key }}
|
||||
nodePort: {{ index $.Values.controller.service.internal.nodePorts.udp $key }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
@@ -31,7 +31,7 @@ spec:
|
||||
- name: https-webhook
|
||||
port: 443
|
||||
targetPort: webhook
|
||||
{{- if semverCompare ">=1.20" .Capabilities.KubeVersion.Version }}
|
||||
{{- if semverCompare ">=1.20.0-0" .Capabilities.KubeVersion.Version }}
|
||||
appProtocol: https
|
||||
{{- end }}
|
||||
selector:
|
||||
|
||||
@@ -16,9 +16,6 @@ metadata:
|
||||
namespace: {{ include "ingress-nginx.namespace" . }}
|
||||
spec:
|
||||
type: {{ .Values.controller.service.type }}
|
||||
{{- if hasKey .Values.controller.service "allocateLoadBalancerNodePorts" }}
|
||||
allocateLoadBalancerNodePorts: {{ .Values.controller.service.allocateLoadBalancerNodePorts }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.service.clusterIP }}
|
||||
clusterIP: {{ .Values.controller.service.clusterIP }}
|
||||
{{- end }}
|
||||
@@ -34,6 +31,9 @@ spec:
|
||||
{{- if .Values.controller.service.loadBalancerClass }}
|
||||
loadBalancerClass: {{ .Values.controller.service.loadBalancerClass }}
|
||||
{{- end }}
|
||||
{{- if hasKey .Values.controller.service "allocateLoadBalancerNodePorts" }}
|
||||
allocateLoadBalancerNodePorts: {{ .Values.controller.service.allocateLoadBalancerNodePorts }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.service.externalTrafficPolicy }}
|
||||
externalTrafficPolicy: {{ .Values.controller.service.externalTrafficPolicy }}
|
||||
{{- end }}
|
||||
@@ -47,8 +47,6 @@ spec:
|
||||
{{- if .Values.controller.service.ipFamilyPolicy }}
|
||||
ipFamilyPolicy: {{ .Values.controller.service.ipFamilyPolicy }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if semverCompare ">=1.21.0-0" .Capabilities.KubeVersion.Version -}}
|
||||
{{- if .Values.controller.service.ipFamilies }}
|
||||
ipFamilies: {{ toYaml .Values.controller.service.ipFamilies | nindent 4 }}
|
||||
{{- end }}
|
||||
@@ -60,7 +58,7 @@ spec:
|
||||
port: {{ .Values.controller.service.ports.http }}
|
||||
protocol: TCP
|
||||
targetPort: {{ .Values.controller.service.targetPorts.http }}
|
||||
{{- if and (semverCompare ">=1.20" .Capabilities.KubeVersion.Version) (.Values.controller.service.appProtocol) }}
|
||||
{{- if and (semverCompare ">=1.20.0-0" .Capabilities.KubeVersion.Version) (.Values.controller.service.appProtocol) }}
|
||||
appProtocol: http
|
||||
{{- end }}
|
||||
{{- if (and $setNodePorts (not (empty .Values.controller.service.nodePorts.http))) }}
|
||||
@@ -72,7 +70,7 @@ spec:
|
||||
port: {{ .Values.controller.service.ports.https }}
|
||||
protocol: TCP
|
||||
targetPort: {{ .Values.controller.service.targetPorts.https }}
|
||||
{{- if and (semverCompare ">=1.20" .Capabilities.KubeVersion.Version) (.Values.controller.service.appProtocol) }}
|
||||
{{- if and (semverCompare ">=1.20.0-0" .Capabilities.KubeVersion.Version) (.Values.controller.service.appProtocol) }}
|
||||
appProtocol: https
|
||||
{{- end }}
|
||||
{{- if (and $setNodePorts (not (empty .Values.controller.service.nodePorts.https))) }}
|
||||
|
||||
@@ -14,6 +14,9 @@ metadata:
|
||||
{{- if .Values.controller.metrics.serviceMonitor.additionalLabels }}
|
||||
{{- toYaml .Values.controller.metrics.serviceMonitor.additionalLabels | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.metrics.serviceMonitor.annotations }}
|
||||
annotations: {{ toYaml .Values.controller.metrics.serviceMonitor.annotations | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
endpoints:
|
||||
- port: {{ .Values.controller.metrics.portName }}
|
||||
|
||||
@@ -30,7 +30,7 @@ spec:
|
||||
annotations: {{ toYaml .Values.defaultBackend.podAnnotations | nindent 8 }}
|
||||
{{- end }}
|
||||
labels:
|
||||
{{- include "ingress-nginx.selectorLabels" . | nindent 8 }}
|
||||
{{- include "ingress-nginx.labels" . | nindent 8 }}
|
||||
app.kubernetes.io/component: default-backend
|
||||
{{- with .Values.defaultBackend.labels }}
|
||||
{{- toYaml . | nindent 8 }}
|
||||
@@ -51,7 +51,7 @@ spec:
|
||||
containers:
|
||||
- name: {{ template "ingress-nginx.name" . }}-default-backend
|
||||
{{- with .Values.defaultBackend.image }}
|
||||
image: "{{- if .repository -}}{{ .repository }}{{ else }}{{ .registry }}/{{ .image }}{{- end -}}:{{ .tag }}{{- if (.digest) -}} @{{.digest}} {{- end -}}"
|
||||
image: {{ if .repository }}{{ .repository }}{{ else }}{{ .registry }}/{{ .image }}{{ end }}:{{ .tag }}{{ if .digest }}@{{ .digest }}{{ end }}
|
||||
{{- end }}
|
||||
imagePullPolicy: {{ .Values.defaultBackend.image.pullPolicy }}
|
||||
{{- if .Values.defaultBackend.extraArgs }}
|
||||
@@ -107,7 +107,10 @@ spec:
|
||||
tolerations: {{ toYaml .Values.defaultBackend.tolerations | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.defaultBackend.affinity }}
|
||||
affinity: {{ toYaml .Values.defaultBackend.affinity | nindent 8 }}
|
||||
affinity: {{ tpl (toYaml .Values.defaultBackend.affinity) $ | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.defaultBackend.topologySpreadConstraints }}
|
||||
topologySpreadConstraints: {{ tpl (toYaml .Values.defaultBackend.topologySpreadConstraints) $ | nindent 8 }}
|
||||
{{- end }}
|
||||
terminationGracePeriodSeconds: 60
|
||||
{{- if .Values.defaultBackend.extraVolumes }}
|
||||
|
||||
@@ -1,23 +1,23 @@
|
||||
{{- if .Values.defaultBackend.enabled }}
|
||||
{{- range .Values.defaultBackend.extraConfigMaps }}
|
||||
{{- range .Values.defaultBackend.extraConfigMaps }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: {{ .name }}
|
||||
namespace: {{ include "ingress-nginx.namespace" $ | quote }}
|
||||
labels:
|
||||
{{- include "ingress-nginx.labels" $ | nindent 4 }}
|
||||
app.kubernetes.io/component: default-backend
|
||||
{{- with $.Values.defaultBackend.labels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- with .labels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
name: {{ .name }}
|
||||
namespace: {{ include "ingress-nginx.namespace" $ }}
|
||||
data:
|
||||
{{- with .data }}
|
||||
{{- toYaml . | nindent 2 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{- end }}
|
||||
|
||||
@@ -21,14 +21,6 @@ spec:
|
||||
minReplicas: {{ .Values.defaultBackend.autoscaling.minReplicas }}
|
||||
maxReplicas: {{ .Values.defaultBackend.autoscaling.maxReplicas }}
|
||||
metrics:
|
||||
{{- with .Values.defaultBackend.autoscaling.targetCPUUtilizationPercentage }}
|
||||
- type: Resource
|
||||
resource:
|
||||
name: cpu
|
||||
target:
|
||||
type: Utilization
|
||||
averageUtilization: {{ . }}
|
||||
{{- end }}
|
||||
{{- with .Values.defaultBackend.autoscaling.targetMemoryUtilizationPercentage }}
|
||||
- type: Resource
|
||||
resource:
|
||||
@@ -37,4 +29,12 @@ spec:
|
||||
type: Utilization
|
||||
averageUtilization: {{ . }}
|
||||
{{- end }}
|
||||
{{- with .Values.defaultBackend.autoscaling.targetCPUUtilizationPercentage }}
|
||||
- type: Resource
|
||||
resource:
|
||||
name: cpu
|
||||
target:
|
||||
type: Utilization
|
||||
averageUtilization: {{ . }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
@@ -32,7 +32,7 @@ spec:
|
||||
port: {{ .Values.defaultBackend.service.servicePort }}
|
||||
protocol: TCP
|
||||
targetPort: http
|
||||
{{- if semverCompare ">=1.20" .Capabilities.KubeVersion.Version }}
|
||||
{{- if semverCompare ">=1.20.0-0" .Capabilities.KubeVersion.Version }}
|
||||
appProtocol: http
|
||||
{{- end }}
|
||||
selector:
|
||||
|
||||
@@ -0,0 +1,11 @@
|
||||
suite: Admission Webhooks > Patch Job > ClusterRole
|
||||
templates:
|
||||
- admission-webhooks/job-patch/clusterrole.yaml
|
||||
|
||||
tests:
|
||||
- it: should not create a ClusterRole if `controller.admissionWebhooks.patch.rbac.create` is false
|
||||
set:
|
||||
controller.admissionWebhooks.patch.rbac.create: false
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 0
|
||||
@@ -0,0 +1,11 @@
|
||||
suite: Admission Webhooks > Patch Job > ClusterRoleBinding
|
||||
templates:
|
||||
- admission-webhooks/job-patch/clusterrolebinding.yaml
|
||||
|
||||
tests:
|
||||
- it: should not create a ClusterRoleBinding if `controller.admissionWebhooks.patch.rbac.create` is false
|
||||
set:
|
||||
controller.admissionWebhooks.patch.rbac.create: false
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 0
|
||||
@@ -0,0 +1,11 @@
|
||||
suite: Admission Webhooks > Patch Job > Role
|
||||
templates:
|
||||
- admission-webhooks/job-patch/role.yaml
|
||||
|
||||
tests:
|
||||
- it: should not create a Role if `controller.admissionWebhooks.patch.rbac.create` is false
|
||||
set:
|
||||
controller.admissionWebhooks.patch.rbac.create: false
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 0
|
||||
@@ -0,0 +1,11 @@
|
||||
suite: Admission Webhooks > Patch Job > RoleBinding
|
||||
templates:
|
||||
- admission-webhooks/job-patch/rolebinding.yaml
|
||||
|
||||
tests:
|
||||
- it: should not create a RoleBinding if `controller.admissionWebhooks.patch.rbac.create` is false
|
||||
set:
|
||||
controller.admissionWebhooks.patch.rbac.create: false
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 0
|
||||
@@ -0,0 +1,47 @@
|
||||
suite: Admission Webhooks > Patch Job > ServiceAccount
|
||||
templates:
|
||||
- admission-webhooks/job-patch/serviceaccount.yaml
|
||||
|
||||
tests:
|
||||
- it: should not create a ServiceAccount if `controller.admissionWebhooks.patch.serviceAccount.create` is false
|
||||
set:
|
||||
controller.admissionWebhooks.patch.serviceAccount.create: false
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 0
|
||||
|
||||
- it: should create a ServiceAccount if `controller.admissionWebhooks.patch.serviceAccount.create` is true
|
||||
set:
|
||||
controller.admissionWebhooks.patch.serviceAccount.create: true
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 1
|
||||
- isKind:
|
||||
of: ServiceAccount
|
||||
- equal:
|
||||
path: metadata.name
|
||||
value: ingress-nginx-admission
|
||||
|
||||
- it: should create a ServiceAccount with specified name if `controller.admissionWebhooks.patch.serviceAccount.name` is set
|
||||
set:
|
||||
controller.admissionWebhooks.patch.serviceAccount.name: ingress-nginx-admission-test-sa
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 1
|
||||
- isKind:
|
||||
of: ServiceAccount
|
||||
- equal:
|
||||
path: metadata.name
|
||||
value: ingress-nginx-admission-test-sa
|
||||
|
||||
- it: should create a ServiceAccount with token auto-mounting disabled if `controller.admissionWebhooks.patch.serviceAccount.automountServiceAccountToken` is false
|
||||
set:
|
||||
controller.admissionWebhooks.patch.serviceAccount.automountServiceAccountToken: false
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 1
|
||||
- isKind:
|
||||
of: ServiceAccount
|
||||
- equal:
|
||||
path: automountServiceAccountToken
|
||||
value: false
|
||||
@@ -0,0 +1,27 @@
|
||||
suite: Controller > ConfigMap > Add Headers
|
||||
templates:
|
||||
- controller-configmap-addheaders.yaml
|
||||
|
||||
tests:
|
||||
- it: should not create a ConfigMap if `controller.addHeaders` is not set
|
||||
set:
|
||||
controller.addHeaders: null
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 0
|
||||
|
||||
- it: should create a ConfigMap if `controller.addHeaders` is set
|
||||
set:
|
||||
controller.addHeaders:
|
||||
X-Another-Custom-Header: Value
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 1
|
||||
- isKind:
|
||||
of: ConfigMap
|
||||
- equal:
|
||||
path: metadata.name
|
||||
value: RELEASE-NAME-ingress-nginx-custom-add-headers
|
||||
- equal:
|
||||
path: data.X-Another-Custom-Header
|
||||
value: Value
|
||||
@@ -0,0 +1,27 @@
|
||||
suite: Controller > ConfigMap > Proxy Headers
|
||||
templates:
|
||||
- controller-configmap-proxyheaders.yaml
|
||||
|
||||
tests:
|
||||
- it: should not create a ConfigMap if `controller.proxySetHeaders` is not set
|
||||
set:
|
||||
controller.proxySetHeaders: null
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 0
|
||||
|
||||
- it: should create a ConfigMap if `controller.proxySetHeaders` is set
|
||||
set:
|
||||
controller.proxySetHeaders:
|
||||
X-Custom-Header: Value
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 1
|
||||
- isKind:
|
||||
of: ConfigMap
|
||||
- equal:
|
||||
path: metadata.name
|
||||
value: RELEASE-NAME-ingress-nginx-custom-proxy-headers
|
||||
- equal:
|
||||
path: data.X-Custom-Header
|
||||
value: Value
|
||||
@@ -0,0 +1,31 @@
|
||||
suite: Controller > ConfigMap
|
||||
templates:
|
||||
- controller-configmap.yaml
|
||||
|
||||
tests:
|
||||
- it: should create a ConfigMap
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 1
|
||||
- isKind:
|
||||
of: ConfigMap
|
||||
- equal:
|
||||
path: metadata.name
|
||||
value: RELEASE-NAME-ingress-nginx-controller
|
||||
|
||||
- it: should create a ConfigMap with templated values if `controller.config` contains templates
|
||||
set:
|
||||
controller.config:
|
||||
global-rate-limit-memcached-host: "memcached.{{ .Release.Namespace }}.svc.kubernetes.local"
|
||||
global-rate-limit-memcached-port: 11211
|
||||
use-gzip: true
|
||||
asserts:
|
||||
- equal:
|
||||
path: data.global-rate-limit-memcached-host
|
||||
value: memcached.NAMESPACE.svc.kubernetes.local
|
||||
- equal:
|
||||
path: data.global-rate-limit-memcached-port
|
||||
value: "11211"
|
||||
- equal:
|
||||
path: data.use-gzip
|
||||
value: "true"
|
||||
@@ -0,0 +1,140 @@
|
||||
suite: Controller > DaemonSet
|
||||
templates:
|
||||
- controller-daemonset.yaml
|
||||
|
||||
tests:
|
||||
- it: should create a DaemonSet if `controller.kind` is "DaemonSet"
|
||||
set:
|
||||
controller.kind: DaemonSet
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 1
|
||||
- isKind:
|
||||
of: DaemonSet
|
||||
- equal:
|
||||
path: metadata.name
|
||||
value: RELEASE-NAME-ingress-nginx-controller
|
||||
|
||||
- it: should create a DaemonSet with argument `--enable-metrics=false` if `controller.metrics.enabled` is false
|
||||
set:
|
||||
controller.kind: DaemonSet
|
||||
controller.metrics.enabled: false
|
||||
asserts:
|
||||
- contains:
|
||||
path: spec.template.spec.containers[0].args
|
||||
content: --enable-metrics=false
|
||||
|
||||
- it: should create a DaemonSet without argument `--enable-metrics=false` if `controller.metrics.enabled` is true
|
||||
set:
|
||||
controller.kind: DaemonSet
|
||||
controller.metrics.enabled: true
|
||||
asserts:
|
||||
- notContains:
|
||||
path: spec.template.spec.containers[0].args
|
||||
content: --enable-metrics=false
|
||||
|
||||
- it: should create a DaemonSet with argument `--controller-class=k8s.io/ingress-nginx-internal` if `controller.ingressClassResource.controllerValue` is "k8s.io/ingress-nginx-internal"
|
||||
set:
|
||||
controller.kind: DaemonSet
|
||||
controller.ingressClassResource.controllerValue: k8s.io/ingress-nginx-internal
|
||||
asserts:
|
||||
- contains:
|
||||
path: spec.template.spec.containers[0].args
|
||||
content: --controller-class=k8s.io/ingress-nginx-internal
|
||||
|
||||
- it: should create a DaemonSet with resource limits if `controller.resources.limits` is set
|
||||
set:
|
||||
controller.kind: DaemonSet
|
||||
controller.resources.limits.cpu: 500m
|
||||
controller.resources.limits.memory: 512Mi
|
||||
asserts:
|
||||
- equal:
|
||||
path: spec.template.spec.containers[0].resources.limits.cpu
|
||||
value: 500m
|
||||
- equal:
|
||||
path: spec.template.spec.containers[0].resources.limits.memory
|
||||
value: 512Mi
|
||||
|
||||
- it: should create a DaemonSet with topology spread constraints if `controller.topologySpreadConstraints` is set
|
||||
set:
|
||||
controller.kind: DaemonSet
|
||||
controller.topologySpreadConstraints:
|
||||
- labelSelector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: '{{ include "ingress-nginx.name" . }}'
|
||||
app.kubernetes.io/instance: '{{ .Release.Name }}'
|
||||
app.kubernetes.io/component: controller
|
||||
topologyKey: topology.kubernetes.io/zone
|
||||
maxSkew: 1
|
||||
whenUnsatisfiable: ScheduleAnyway
|
||||
- labelSelector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: '{{ include "ingress-nginx.name" . }}'
|
||||
app.kubernetes.io/instance: '{{ .Release.Name }}'
|
||||
app.kubernetes.io/component: controller
|
||||
topologyKey: kubernetes.io/hostname
|
||||
maxSkew: 1
|
||||
whenUnsatisfiable: ScheduleAnyway
|
||||
asserts:
|
||||
- equal:
|
||||
path: spec.template.spec.topologySpreadConstraints
|
||||
value:
|
||||
- labelSelector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: RELEASE-NAME
|
||||
app.kubernetes.io/component: controller
|
||||
topologyKey: topology.kubernetes.io/zone
|
||||
maxSkew: 1
|
||||
whenUnsatisfiable: ScheduleAnyway
|
||||
- labelSelector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: RELEASE-NAME
|
||||
app.kubernetes.io/component: controller
|
||||
topologyKey: kubernetes.io/hostname
|
||||
maxSkew: 1
|
||||
whenUnsatisfiable: ScheduleAnyway
|
||||
|
||||
- it: should create a DaemonSet with affinity if `controller.affinity` is set
|
||||
set:
|
||||
controller.kind: DaemonSet
|
||||
controller.affinity:
|
||||
podAntiAffinity:
|
||||
requiredDuringSchedulingIgnoredDuringExecution:
|
||||
- labelSelector:
|
||||
matchExpressions:
|
||||
- key: app.kubernetes.io/name
|
||||
operator: In
|
||||
values:
|
||||
- '{{ include "ingress-nginx.name" . }}'
|
||||
- key: app.kubernetes.io/instance
|
||||
operator: In
|
||||
values:
|
||||
- '{{ .Release.Name }}'
|
||||
- key: app.kubernetes.io/component
|
||||
operator: In
|
||||
values:
|
||||
- controller
|
||||
topologyKey: kubernetes.io/hostname
|
||||
asserts:
|
||||
- equal:
|
||||
path: spec.template.spec.affinity
|
||||
value:
|
||||
podAntiAffinity:
|
||||
requiredDuringSchedulingIgnoredDuringExecution:
|
||||
- labelSelector:
|
||||
matchExpressions:
|
||||
- key: app.kubernetes.io/name
|
||||
operator: In
|
||||
values:
|
||||
- ingress-nginx
|
||||
- key: app.kubernetes.io/instance
|
||||
operator: In
|
||||
values:
|
||||
- RELEASE-NAME
|
||||
- key: app.kubernetes.io/component
|
||||
operator: In
|
||||
values:
|
||||
- controller
|
||||
topologyKey: kubernetes.io/hostname
|
||||
@@ -0,0 +1,162 @@
|
||||
suite: Controller > Deployment
|
||||
templates:
|
||||
- controller-deployment.yaml
|
||||
|
||||
tests:
|
||||
- it: should create a Deployment
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 1
|
||||
- isKind:
|
||||
of: Deployment
|
||||
- equal:
|
||||
path: metadata.name
|
||||
value: RELEASE-NAME-ingress-nginx-controller
|
||||
|
||||
- it: should create a Deployment with 3 replicas if `controller.replicaCount` is 3
|
||||
set:
|
||||
controller.replicaCount: 3
|
||||
asserts:
|
||||
- equal:
|
||||
path: spec.replicas
|
||||
value: 3
|
||||
|
||||
- it: should create a Deployment without replicas if `controller.autoscaling.enabled` is true
|
||||
set:
|
||||
controller.autoscaling.enabled: true
|
||||
asserts:
|
||||
- notExists:
|
||||
path: spec.replicas
|
||||
|
||||
- it: should create a Deployment without replicas if `controller.keda.enabled` is true
|
||||
set:
|
||||
controller.keda.enabled: true
|
||||
asserts:
|
||||
- notExists:
|
||||
path: spec.replicas
|
||||
|
||||
- it: should create a Deployment with replicas if `controller.autoscaling.enabled` is true and `controller.keda.enabled` is true
|
||||
set:
|
||||
controller.autoscaling.enabled: true
|
||||
controller.keda.enabled: true
|
||||
asserts:
|
||||
- exists:
|
||||
path: spec.replicas
|
||||
|
||||
- it: should create a Deployment with argument `--enable-metrics=false` if `controller.metrics.enabled` is false
|
||||
set:
|
||||
controller.metrics.enabled: false
|
||||
asserts:
|
||||
- contains:
|
||||
path: spec.template.spec.containers[0].args
|
||||
content: --enable-metrics=false
|
||||
|
||||
- it: should create a Deployment without argument `--enable-metrics=false` if `controller.metrics.enabled` is true
|
||||
set:
|
||||
controller.metrics.enabled: true
|
||||
asserts:
|
||||
- notContains:
|
||||
path: spec.template.spec.containers[0].args
|
||||
content: --enable-metrics=false
|
||||
|
||||
- it: should create a Deployment with argument `--controller-class=k8s.io/ingress-nginx-internal` if `controller.ingressClassResource.controllerValue` is "k8s.io/ingress-nginx-internal"
|
||||
set:
|
||||
controller.ingressClassResource.controllerValue: k8s.io/ingress-nginx-internal
|
||||
asserts:
|
||||
- contains:
|
||||
path: spec.template.spec.containers[0].args
|
||||
content: --controller-class=k8s.io/ingress-nginx-internal
|
||||
|
||||
- it: should create a Deployment with resource limits if `controller.resources.limits` is set
|
||||
set:
|
||||
controller.resources.limits.cpu: 500m
|
||||
controller.resources.limits.memory: 512Mi
|
||||
asserts:
|
||||
- equal:
|
||||
path: spec.template.spec.containers[0].resources.limits.cpu
|
||||
value: 500m
|
||||
- equal:
|
||||
path: spec.template.spec.containers[0].resources.limits.memory
|
||||
value: 512Mi
|
||||
|
||||
- it: should create a Deployment with topology spread constraints if `controller.topologySpreadConstraints` is set
|
||||
set:
|
||||
controller.topologySpreadConstraints:
|
||||
- labelSelector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: '{{ include "ingress-nginx.name" . }}'
|
||||
app.kubernetes.io/instance: '{{ .Release.Name }}'
|
||||
app.kubernetes.io/component: controller
|
||||
topologyKey: topology.kubernetes.io/zone
|
||||
maxSkew: 1
|
||||
whenUnsatisfiable: ScheduleAnyway
|
||||
- labelSelector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: '{{ include "ingress-nginx.name" . }}'
|
||||
app.kubernetes.io/instance: '{{ .Release.Name }}'
|
||||
app.kubernetes.io/component: controller
|
||||
topologyKey: kubernetes.io/hostname
|
||||
maxSkew: 1
|
||||
whenUnsatisfiable: ScheduleAnyway
|
||||
asserts:
|
||||
- equal:
|
||||
path: spec.template.spec.topologySpreadConstraints
|
||||
value:
|
||||
- labelSelector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: RELEASE-NAME
|
||||
app.kubernetes.io/component: controller
|
||||
topologyKey: topology.kubernetes.io/zone
|
||||
maxSkew: 1
|
||||
whenUnsatisfiable: ScheduleAnyway
|
||||
- labelSelector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: RELEASE-NAME
|
||||
app.kubernetes.io/component: controller
|
||||
topologyKey: kubernetes.io/hostname
|
||||
maxSkew: 1
|
||||
whenUnsatisfiable: ScheduleAnyway
|
||||
|
||||
- it: should create a Deployment with affinity if `controller.affinity` is set
|
||||
set:
|
||||
controller.affinity:
|
||||
podAntiAffinity:
|
||||
requiredDuringSchedulingIgnoredDuringExecution:
|
||||
- labelSelector:
|
||||
matchExpressions:
|
||||
- key: app.kubernetes.io/name
|
||||
operator: In
|
||||
values:
|
||||
- '{{ include "ingress-nginx.name" . }}'
|
||||
- key: app.kubernetes.io/instance
|
||||
operator: In
|
||||
values:
|
||||
- '{{ .Release.Name }}'
|
||||
- key: app.kubernetes.io/component
|
||||
operator: In
|
||||
values:
|
||||
- controller
|
||||
topologyKey: kubernetes.io/hostname
|
||||
asserts:
|
||||
- equal:
|
||||
path: spec.template.spec.affinity
|
||||
value:
|
||||
podAntiAffinity:
|
||||
requiredDuringSchedulingIgnoredDuringExecution:
|
||||
- labelSelector:
|
||||
matchExpressions:
|
||||
- key: app.kubernetes.io/name
|
||||
operator: In
|
||||
values:
|
||||
- ingress-nginx
|
||||
- key: app.kubernetes.io/instance
|
||||
operator: In
|
||||
values:
|
||||
- RELEASE-NAME
|
||||
- key: app.kubernetes.io/component
|
||||
operator: In
|
||||
values:
|
||||
- controller
|
||||
topologyKey: kubernetes.io/hostname
|
||||
@@ -0,0 +1,31 @@
|
||||
suite: Controller > HPA
|
||||
templates:
|
||||
- controller-hpa.yaml
|
||||
|
||||
tests:
|
||||
- it: should create an HPA if `controller.autoscaling.enabled` is true
|
||||
set:
|
||||
controller.autoscaling.enabled: true
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 1
|
||||
- isKind:
|
||||
of: HorizontalPodAutoscaler
|
||||
- equal:
|
||||
path: metadata.name
|
||||
value: RELEASE-NAME-ingress-nginx-controller
|
||||
|
||||
- it: should not create an HPA if `controller.autoscaling.enabled` is true and `controller.keda.enabled` is true
|
||||
set:
|
||||
controller.autoscaling.enabled: true
|
||||
controller.keda.enabled: true
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 0
|
||||
|
||||
- it: should not create an HPA if `controller.kind` is "DaemonSet"
|
||||
set:
|
||||
controller.kind: DaemonSet
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 0
|
||||
@@ -0,0 +1,110 @@
|
||||
suite: Controller > IngressClass > Aliases
|
||||
templates:
|
||||
- controller-ingressclass-aliases.yaml
|
||||
|
||||
tests:
|
||||
- it: should not create IngressClass aliases
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 0
|
||||
|
||||
- it: should create an IngressClass alias with name "nginx-alias" if `controller.ingressClassResource.aliases` is set
|
||||
set:
|
||||
controller.ingressClassResource.aliases:
|
||||
- nginx-alias
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 1
|
||||
- isKind:
|
||||
of: IngressClass
|
||||
- equal:
|
||||
path: metadata.name
|
||||
value: nginx-alias
|
||||
|
||||
- it: should create an IngressClass alias without annotation `ingressclass.kubernetes.io/is-default-class` if `controller.ingressClassResource.default` is true
|
||||
set:
|
||||
controller.ingressClassResource.aliases:
|
||||
- nginx-alias
|
||||
controller.ingressClassResource.default: true
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 1
|
||||
- isKind:
|
||||
of: IngressClass
|
||||
- equal:
|
||||
path: metadata.name
|
||||
value: nginx-alias
|
||||
- notExists:
|
||||
path: metadata.annotations["ingressclass.kubernetes.io/is-default-class"]
|
||||
|
||||
- it: should create an IngressClass alias with annotations if `controller.ingressClassResource.annotations` is set
|
||||
set:
|
||||
controller.ingressClassResource.aliases:
|
||||
- nginx-alias
|
||||
controller.ingressClassResource.annotations:
|
||||
my-fancy-annotation: has-a-value
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 1
|
||||
- isKind:
|
||||
of: IngressClass
|
||||
- equal:
|
||||
path: metadata.name
|
||||
value: nginx-alias
|
||||
- equal:
|
||||
path: metadata.annotations.my-fancy-annotation
|
||||
value: has-a-value
|
||||
|
||||
- it: should create an IngressClass alias with controller "k8s.io/ingress-nginx-internal" if `controller.ingressClassResource.controllerValue` is "k8s.io/ingress-nginx-internal"
|
||||
set:
|
||||
controller.ingressClassResource.aliases:
|
||||
- nginx-alias
|
||||
controller.ingressClassResource.controllerValue: k8s.io/ingress-nginx-internal
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 1
|
||||
- isKind:
|
||||
of: IngressClass
|
||||
- equal:
|
||||
path: metadata.name
|
||||
value: nginx-alias
|
||||
- equal:
|
||||
path: spec.controller
|
||||
value: k8s.io/ingress-nginx-internal
|
||||
|
||||
- it: should create an IngressClass alias with parameters if `controller.ingressClassResource.parameters` is set
|
||||
set:
|
||||
controller.ingressClassResource.aliases:
|
||||
- nginx-alias
|
||||
controller.ingressClassResource.parameters:
|
||||
apiGroup: k8s.example.com
|
||||
kind: IngressParameters
|
||||
name: external-lb
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 1
|
||||
- isKind:
|
||||
of: IngressClass
|
||||
- equal:
|
||||
path: metadata.name
|
||||
value: nginx-alias
|
||||
- equal:
|
||||
path: spec.parameters
|
||||
value:
|
||||
apiGroup: k8s.example.com
|
||||
kind: IngressParameters
|
||||
name: external-lb
|
||||
|
||||
- it: should create two IngressClass aliases if `controller.ingressClassResource.aliases` has two elements
|
||||
set:
|
||||
controller.ingressClassResource.aliases:
|
||||
- nginx-alias-1
|
||||
- nginx-alias-2
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 2
|
||||
- isKind:
|
||||
of: IngressClass
|
||||
- matchRegex:
|
||||
path: metadata.name
|
||||
pattern: nginx-alias-(1|2)
|
||||
@@ -0,0 +1,93 @@
|
||||
suite: Controller > IngressClass
|
||||
templates:
|
||||
- controller-ingressclass.yaml
|
||||
|
||||
tests:
|
||||
- it: should create an IngressClass
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 1
|
||||
- isKind:
|
||||
of: IngressClass
|
||||
- equal:
|
||||
path: metadata.name
|
||||
value: nginx
|
||||
|
||||
- it: should create an IngressClass with name "nginx-internal" if `controller.ingressClassResource.name` is "nginx-internal"
|
||||
set:
|
||||
controller.ingressClassResource.name: nginx-internal
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 1
|
||||
- isKind:
|
||||
of: IngressClass
|
||||
- equal:
|
||||
path: metadata.name
|
||||
value: nginx-internal
|
||||
|
||||
- it: "should create an IngressClass with annotation `ingressclass.kubernetes.io/is-default-class: \"true\"` if `controller.ingressClassResource.default` is true"
|
||||
set:
|
||||
controller.ingressClassResource.default: true
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 1
|
||||
- isKind:
|
||||
of: IngressClass
|
||||
- equal:
|
||||
path: metadata.name
|
||||
value: nginx
|
||||
- equal:
|
||||
path: metadata.annotations["ingressclass.kubernetes.io/is-default-class"]
|
||||
value: "true"
|
||||
|
||||
- it: should create an IngressClass with annotations if `controller.ingressClassResource.annotations` is set
|
||||
set:
|
||||
controller.ingressClassResource.annotations:
|
||||
my-fancy-annotation: has-a-value
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 1
|
||||
- isKind:
|
||||
of: IngressClass
|
||||
- equal:
|
||||
path: metadata.name
|
||||
value: nginx
|
||||
- equal:
|
||||
path: metadata.annotations.my-fancy-annotation
|
||||
value: has-a-value
|
||||
|
||||
- it: should create an IngressClass with controller "k8s.io/ingress-nginx-internal" if `controller.ingressClassResource.controllerValue` is "k8s.io/ingress-nginx-internal"
|
||||
set:
|
||||
controller.ingressClassResource.controllerValue: k8s.io/ingress-nginx-internal
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 1
|
||||
- isKind:
|
||||
of: IngressClass
|
||||
- equal:
|
||||
path: metadata.name
|
||||
value: nginx
|
||||
- equal:
|
||||
path: spec.controller
|
||||
value: k8s.io/ingress-nginx-internal
|
||||
|
||||
- it: should create an IngressClass with parameters if `controller.ingressClassResource.parameters` is set
|
||||
set:
|
||||
controller.ingressClassResource.parameters:
|
||||
apiGroup: k8s.example.com
|
||||
kind: IngressParameters
|
||||
name: external-lb
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 1
|
||||
- isKind:
|
||||
of: IngressClass
|
||||
- equal:
|
||||
path: metadata.name
|
||||
value: nginx
|
||||
- equal:
|
||||
path: spec.parameters
|
||||
value:
|
||||
apiGroup: k8s.example.com
|
||||
kind: IngressParameters
|
||||
name: external-lb
|
||||
@@ -0,0 +1,31 @@
|
||||
suite: Controller > KEDA
|
||||
templates:
|
||||
- controller-keda.yaml
|
||||
|
||||
tests:
|
||||
- it: should create a ScaledObject if `controller.keda.enabled` is true
|
||||
set:
|
||||
controller.keda.enabled: true
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 1
|
||||
- isKind:
|
||||
of: ScaledObject
|
||||
- equal:
|
||||
path: metadata.name
|
||||
value: RELEASE-NAME-ingress-nginx-controller
|
||||
|
||||
- it: should not create a ScaledObject if `controller.keda.enabled` is true and `controller.autoscaling.enabled` is true
|
||||
set:
|
||||
controller.keda.enabled: true
|
||||
controller.autoscaling.enabled: true
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 0
|
||||
|
||||
- it: should not create a ScaledObject if `controller.kind` is "DaemonSet"
|
||||
set:
|
||||
controller.kind: DaemonSet
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 0
|
||||
@@ -0,0 +1,23 @@
|
||||
suite: Controller > NetworkPolicy
|
||||
templates:
|
||||
- controller-networkpolicy.yaml
|
||||
|
||||
tests:
|
||||
- it: should not create a NetworkPolicy if `controller.networkPolicy.enabled` is false
|
||||
set:
|
||||
controller.networkPolicy.enabled: false
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 0
|
||||
|
||||
- it: should create a NetworkPolicy if `controller.networkPolicy.enabled` is true
|
||||
set:
|
||||
controller.networkPolicy.enabled: true
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 1
|
||||
- isKind:
|
||||
of: NetworkPolicy
|
||||
- equal:
|
||||
path: metadata.name
|
||||
value: RELEASE-NAME-ingress-nginx-controller
|
||||
@@ -0,0 +1,73 @@
|
||||
suite: Controller > PodDisruptionBudget
|
||||
templates:
|
||||
- controller-poddisruptionbudget.yaml
|
||||
|
||||
tests:
|
||||
- it: should create a PodDisruptionBudget if `controller.replicaCount` is greater than 1
|
||||
set:
|
||||
controller.replicaCount: 2
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 1
|
||||
- isKind:
|
||||
of: PodDisruptionBudget
|
||||
- equal:
|
||||
path: metadata.name
|
||||
value: RELEASE-NAME-ingress-nginx-controller
|
||||
|
||||
- it: should not create a PodDisruptionBudget if `controller.replicaCount` is less than or equal 1
|
||||
set:
|
||||
controller.replicaCount: 1
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 0
|
||||
|
||||
- it: should create a PodDisruptionBudget if `controller.autoscaling.enabled` is true and `controller.autoscaling.minReplicas` is greater than 1
|
||||
set:
|
||||
controller.autoscaling.enabled: true
|
||||
controller.autoscaling.minReplicas: 2
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 1
|
||||
- isKind:
|
||||
of: PodDisruptionBudget
|
||||
- equal:
|
||||
path: metadata.name
|
||||
value: RELEASE-NAME-ingress-nginx-controller
|
||||
|
||||
- it: should not create a PodDisruptionBudget if `controller.autoscaling.enabled` is true and `controller.autoscaling.minReplicas` is less than or equal 1
|
||||
set:
|
||||
controller.autoscaling.enabled: true
|
||||
controller.autoscaling.minReplicas: 1
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 0
|
||||
|
||||
- it: should create a PodDisruptionBudget if `controller.keda.enabled` is true and `controller.keda.minReplicas` is greater than 1
|
||||
set:
|
||||
controller.keda.enabled: true
|
||||
controller.keda.minReplicas: 2
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 1
|
||||
- isKind:
|
||||
of: PodDisruptionBudget
|
||||
- equal:
|
||||
path: metadata.name
|
||||
value: RELEASE-NAME-ingress-nginx-controller
|
||||
|
||||
- it: should not create a PodDisruptionBudget if `controller.keda.enabled` is true and `controller.keda.minReplicas` is less than or equal 1
|
||||
set:
|
||||
controller.keda.enabled: true
|
||||
controller.keda.minReplicas: 1
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 0
|
||||
|
||||
- it: should not create a PodDisruptionBudget if `controller.autoscaling.enabled` is true and `controller.keda.enabled` is true
|
||||
set:
|
||||
controller.autoscaling.enabled: true
|
||||
controller.keda.enabled: true
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 0
|
||||
@@ -0,0 +1,25 @@
|
||||
suite: Controller > Service > Internal
|
||||
templates:
|
||||
- controller-service-internal.yaml
|
||||
|
||||
tests:
|
||||
- it: should not create an internal Service if `controller.service.internal.enabled` is false
|
||||
set:
|
||||
controller.service.internal.enabled: false
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 0
|
||||
|
||||
- it: should create an internal Service if `controller.service.internal.enabled` is true and `controller.service.internal.annotations` are set
|
||||
set:
|
||||
controller.service.internal.enabled: true
|
||||
controller.service.internal.annotations:
|
||||
test.annotation: "true"
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 1
|
||||
- isKind:
|
||||
of: Service
|
||||
- equal:
|
||||
path: metadata.name
|
||||
value: RELEASE-NAME-ingress-nginx-controller-internal
|
||||
@@ -0,0 +1,23 @@
|
||||
suite: Controller > Service > Metrics
|
||||
templates:
|
||||
- controller-service-metrics.yaml
|
||||
|
||||
tests:
|
||||
- it: should not create a metrics Service if `controller.metrics.enabled` is false
|
||||
set:
|
||||
controller.metrics.enabled: false
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 0
|
||||
|
||||
- it: should create a metrics Service if `controller.metrics.enabled` is true
|
||||
set:
|
||||
controller.metrics.enabled: true
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 1
|
||||
- isKind:
|
||||
of: Service
|
||||
- equal:
|
||||
path: metadata.name
|
||||
value: RELEASE-NAME-ingress-nginx-controller-metrics
|
||||
@@ -0,0 +1,32 @@
|
||||
suite: Controller > Service
|
||||
templates:
|
||||
- controller-service.yaml
|
||||
|
||||
tests:
|
||||
- it: should not create a Service if `controller.service.external.enabled` is false
|
||||
set:
|
||||
controller.service.external.enabled: false
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 0
|
||||
|
||||
- it: should create a Service if `controller.service.external.enabled` is true
|
||||
set:
|
||||
controller.service.external.enabled: true
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 1
|
||||
- isKind:
|
||||
of: Service
|
||||
- equal:
|
||||
path: metadata.name
|
||||
value: RELEASE-NAME-ingress-nginx-controller
|
||||
|
||||
- it: should create a Service of type "NodePort" if `controller.service.external.enabled` is true and `controller.service.type` is "NodePort"
|
||||
set:
|
||||
controller.service.external.enabled: true
|
||||
controller.service.type: NodePort
|
||||
asserts:
|
||||
- equal:
|
||||
path: spec.type
|
||||
value: NodePort
|
||||
@@ -0,0 +1,137 @@
|
||||
suite: Default Backend > Deployment
|
||||
templates:
|
||||
- default-backend-deployment.yaml
|
||||
|
||||
tests:
|
||||
- it: should not create a Deployment if `defaultBackend.enabled` is false
|
||||
set:
|
||||
defaultBackend.enabled: false
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 0
|
||||
|
||||
- it: should create a Deployment if `defaultBackend.enabled` is true
|
||||
set:
|
||||
defaultBackend.enabled: true
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 1
|
||||
- isKind:
|
||||
of: Deployment
|
||||
- equal:
|
||||
path: metadata.name
|
||||
value: RELEASE-NAME-ingress-nginx-defaultbackend
|
||||
|
||||
- it: should create a Deployment with 3 replicas if `defaultBackend.replicaCount` is 3
|
||||
set:
|
||||
defaultBackend.enabled: true
|
||||
defaultBackend.replicaCount: 3
|
||||
asserts:
|
||||
- equal:
|
||||
path: spec.replicas
|
||||
value: 3
|
||||
|
||||
- it: should create a Deployment without replicas if `defaultBackend.autoscaling.enabled` is true
|
||||
set:
|
||||
defaultBackend.enabled: true
|
||||
defaultBackend.autoscaling.enabled: true
|
||||
asserts:
|
||||
- notExists:
|
||||
path: spec.replicas
|
||||
|
||||
- it: should create a Deployment with resource limits if `defaultBackend.resources.limits` is set
|
||||
set:
|
||||
defaultBackend.enabled: true
|
||||
defaultBackend.resources.limits.cpu: 500m
|
||||
defaultBackend.resources.limits.memory: 512Mi
|
||||
asserts:
|
||||
- equal:
|
||||
path: spec.template.spec.containers[0].resources.limits.cpu
|
||||
value: 500m
|
||||
- equal:
|
||||
path: spec.template.spec.containers[0].resources.limits.memory
|
||||
value: 512Mi
|
||||
|
||||
- it: should create a Deployment with topology spread constraints if `defaultBackend.topologySpreadConstraints` is set
|
||||
set:
|
||||
defaultBackend.enabled: true
|
||||
defaultBackend.topologySpreadConstraints:
|
||||
- labelSelector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: '{{ include "ingress-nginx.name" . }}'
|
||||
app.kubernetes.io/instance: '{{ .Release.Name }}'
|
||||
app.kubernetes.io/component: default-backend
|
||||
topologyKey: topology.kubernetes.io/zone
|
||||
maxSkew: 1
|
||||
whenUnsatisfiable: ScheduleAnyway
|
||||
- labelSelector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: '{{ include "ingress-nginx.name" . }}'
|
||||
app.kubernetes.io/instance: '{{ .Release.Name }}'
|
||||
app.kubernetes.io/component: default-backend
|
||||
topologyKey: kubernetes.io/hostname
|
||||
maxSkew: 1
|
||||
whenUnsatisfiable: ScheduleAnyway
|
||||
asserts:
|
||||
- equal:
|
||||
path: spec.template.spec.topologySpreadConstraints
|
||||
value:
|
||||
- labelSelector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: RELEASE-NAME
|
||||
app.kubernetes.io/component: default-backend
|
||||
topologyKey: topology.kubernetes.io/zone
|
||||
maxSkew: 1
|
||||
whenUnsatisfiable: ScheduleAnyway
|
||||
- labelSelector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: RELEASE-NAME
|
||||
app.kubernetes.io/component: default-backend
|
||||
topologyKey: kubernetes.io/hostname
|
||||
maxSkew: 1
|
||||
whenUnsatisfiable: ScheduleAnyway
|
||||
|
||||
- it: should create a Deployment with affinity if `defaultBackend.affinity` is set
|
||||
set:
|
||||
defaultBackend.enabled: true
|
||||
defaultBackend.affinity:
|
||||
podAntiAffinity:
|
||||
requiredDuringSchedulingIgnoredDuringExecution:
|
||||
- labelSelector:
|
||||
matchExpressions:
|
||||
- key: app.kubernetes.io/name
|
||||
operator: In
|
||||
values:
|
||||
- '{{ include "ingress-nginx.name" . }}'
|
||||
- key: app.kubernetes.io/instance
|
||||
operator: In
|
||||
values:
|
||||
- '{{ .Release.Name }}'
|
||||
- key: app.kubernetes.io/component
|
||||
operator: In
|
||||
values:
|
||||
- default-backend
|
||||
topologyKey: kubernetes.io/hostname
|
||||
asserts:
|
||||
- equal:
|
||||
path: spec.template.spec.affinity
|
||||
value:
|
||||
podAntiAffinity:
|
||||
requiredDuringSchedulingIgnoredDuringExecution:
|
||||
- labelSelector:
|
||||
matchExpressions:
|
||||
- key: app.kubernetes.io/name
|
||||
operator: In
|
||||
values:
|
||||
- ingress-nginx
|
||||
- key: app.kubernetes.io/instance
|
||||
operator: In
|
||||
values:
|
||||
- RELEASE-NAME
|
||||
- key: app.kubernetes.io/component
|
||||
operator: In
|
||||
values:
|
||||
- default-backend
|
||||
topologyKey: kubernetes.io/hostname
|
||||
@@ -1,19 +1,18 @@
|
||||
suite: test default backend extra ConfigMaps
|
||||
suite: Default Backend > Extra ConfigMaps
|
||||
templates:
|
||||
- default-backend-extra-configmaps.yaml
|
||||
|
||||
tests:
|
||||
- it: should not create any ConfigMap by default
|
||||
- it: should not create a ConfigMap if `defaultBackend.extraConfigMaps` is empty
|
||||
set:
|
||||
Release.Namespace: default
|
||||
defaultBackend.enabled: true
|
||||
defaultBackend.extraConfigMaps: []
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 0
|
||||
|
||||
- it: should create one ConfigMap
|
||||
- it: should create one ConfigMap if `defaultBackend.extraConfigMaps` has one element
|
||||
set:
|
||||
Release.Namespace: default
|
||||
defaultBackend.enabled: true
|
||||
defaultBackend.extraConfigMaps:
|
||||
- name: my-configmap-1
|
||||
@@ -27,10 +26,12 @@ tests:
|
||||
- equal:
|
||||
path: metadata.name
|
||||
value: my-configmap-1
|
||||
- equal:
|
||||
path: data.key1
|
||||
value: value1
|
||||
|
||||
- it: should correctly render multiple ConfigMaps
|
||||
- it: should create two ConfigMaps if `defaultBackend.extraConfigMaps` has two elements
|
||||
set:
|
||||
Release.Namespace: nginx
|
||||
defaultBackend.enabled: true
|
||||
defaultBackend.extraConfigMaps:
|
||||
- name: my-configmap-1
|
||||
@@ -46,4 +47,4 @@ tests:
|
||||
of: ConfigMap
|
||||
- matchRegex:
|
||||
path: metadata.name
|
||||
pattern: "my-configmap-\\d+"
|
||||
pattern: my-configmap-(1|2)
|
||||
|
||||
@@ -0,0 +1,32 @@
|
||||
suite: Default Backend > Service
|
||||
templates:
|
||||
- default-backend-service.yaml
|
||||
|
||||
tests:
|
||||
- it: should not create a Service if `defaultBackend.enabled` is false
|
||||
set:
|
||||
defaultBackend.enabled: false
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 0
|
||||
|
||||
- it: should create a Service if `defaultBackend.enabled` is true
|
||||
set:
|
||||
defaultBackend.enabled: true
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 1
|
||||
- isKind:
|
||||
of: Service
|
||||
- equal:
|
||||
path: metadata.name
|
||||
value: RELEASE-NAME-ingress-nginx-defaultbackend
|
||||
|
||||
- it: should create a Service with port 80 if `defaultBackend.service.port` is 80
|
||||
set:
|
||||
defaultBackend.enabled: true
|
||||
defaultBackend.service.port: 80
|
||||
asserts:
|
||||
- equal:
|
||||
path: spec.ports[0].port
|
||||
value: 80
|
||||
@@ -9,7 +9,6 @@
|
||||
|
||||
# -- Override the deployment namespace; defaults to .Release.Namespace
|
||||
namespaceOverride: ""
|
||||
|
||||
## Labels to apply to all resources
|
||||
##
|
||||
commonLabels: {}
|
||||
@@ -27,9 +26,9 @@ controller:
|
||||
## for backwards compatibility consider setting the full image url via the repository value below
|
||||
## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail
|
||||
## repository:
|
||||
tag: "v1.9.4"
|
||||
digest: sha256:5b161f051d017e55d358435f295f5e9a297e66158f136321d9b04520ec6c48a3
|
||||
digestChroot: sha256:5976b1067cfbca8a21d0ba53d71f83543a73316a61ea7f7e436d6cf84ddf9b26
|
||||
tag: "v1.11.1"
|
||||
digest: sha256:e6439a12b52076965928e83b7b56aae6731231677b01e81818bce7fa5c60161a
|
||||
digestChroot: sha256:7cabe4bd7558bfdf5b707976d7be56fd15ffece735d7c90fc238b6eda290fd8d
|
||||
pullPolicy: IfNotPresent
|
||||
runAsNonRoot: true
|
||||
# www-data -> uid 101
|
||||
@@ -46,7 +45,8 @@ controller:
|
||||
containerPort:
|
||||
http: 80
|
||||
https: 443
|
||||
# -- Will add custom configuration options to Nginx https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/
|
||||
# -- Global configuration passed to the ConfigMap consumed by the controller. Values may contain Helm templates.
|
||||
# Ref.: https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/
|
||||
config: {}
|
||||
# -- Annotations to be added to the controller config configuration configmap.
|
||||
configAnnotations: {}
|
||||
@@ -84,6 +84,10 @@ controller:
|
||||
# -- This configuration enables Topology Aware Routing feature, used together with service annotation service.kubernetes.io/topology-mode="auto"
|
||||
# Defaults to false
|
||||
enableTopologyAwareRouting: false
|
||||
# -- This configuration disable Nginx Controller Leader Election
|
||||
disableLeaderElection: false
|
||||
# -- Duration a leader election is valid before it's getting re-elected, e.g. `15s`, `10m` or `1h`. (Default: 30s)
|
||||
electionTTL: ""
|
||||
# -- This configuration defines if Ingress Controller should allow users to set
|
||||
# their own *-snippet annotations, otherwise this is forbidden / dropped
|
||||
# when users add those annotations.
|
||||
@@ -109,21 +113,39 @@ controller:
|
||||
enabled: false
|
||||
# -- Election ID to use for status update, by default it uses the controller name combined with a suffix of 'leader'
|
||||
electionID: ""
|
||||
## This section refers to the creation of the IngressClass resource
|
||||
## IngressClass resources are supported since k8s >= 1.18 and required since k8s >= 1.19
|
||||
# -- This section refers to the creation of the IngressClass resource.
|
||||
# IngressClasses are immutable and cannot be changed after creation.
|
||||
# We do not support namespaced IngressClasses, yet, so a ClusterRole and a ClusterRoleBinding is required.
|
||||
ingressClassResource:
|
||||
# -- Name of the ingressClass
|
||||
# -- Name of the IngressClass
|
||||
name: nginx
|
||||
# -- Is this ingressClass enabled or not
|
||||
# -- Create the IngressClass or not
|
||||
enabled: true
|
||||
# -- Is this the default ingressClass for the cluster
|
||||
# -- If true, Ingresses without `ingressClassName` get assigned to this IngressClass on creation.
|
||||
# Ingress creation gets rejected if there are multiple default IngressClasses.
|
||||
# Ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#default-ingress-class
|
||||
default: false
|
||||
# -- Controller-value of the controller that is processing this ingressClass
|
||||
controllerValue: "k8s.io/ingress-nginx"
|
||||
# -- Parameters is a link to a custom resource containing additional
|
||||
# configuration for the controller. This is optional if the controller
|
||||
# does not require extra parameters.
|
||||
# -- Annotations to be added to the IngressClass resource.
|
||||
annotations: {}
|
||||
# -- Controller of the IngressClass. An Ingress Controller looks for IngressClasses it should reconcile by this value.
|
||||
# This value is also being set as the `--controller-class` argument of this Ingress Controller.
|
||||
# Ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class
|
||||
controllerValue: k8s.io/ingress-nginx
|
||||
# -- Aliases of this IngressClass. Creates copies with identical settings but the respective alias as name.
|
||||
# Useful for development environments with only one Ingress Controller but production-like Ingress resources.
|
||||
# `default` gets enabled on the original IngressClass only.
|
||||
aliases: []
|
||||
# aliases:
|
||||
# - nginx-alias-1
|
||||
# - nginx-alias-2
|
||||
# -- A link to a custom resource containing additional configuration for the controller.
|
||||
# This is optional if the controller consuming this IngressClass does not require additional parameters.
|
||||
# Ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class
|
||||
parameters: {}
|
||||
# parameters:
|
||||
# apiGroup: k8s.example.com
|
||||
# kind: IngressParameters
|
||||
# name: external-lb
|
||||
# -- For backwards compatibility with ingress.class annotation, use ingressClass.
|
||||
# Algorithm is as follows, first ingressClassName is considered, if not present, controller looks for ingress.class annotation
|
||||
ingressClass: nginx
|
||||
@@ -140,7 +162,6 @@ controller:
|
||||
# "net.core.somaxconn": "8192"
|
||||
# -- Security context for controller containers
|
||||
containerSecurityContext: {}
|
||||
|
||||
# -- Allows customization of the source of the IP address or FQDN to report
|
||||
# in the ingress status field. By default, it reads the information provided
|
||||
# by the service. If disable, the status field reports the IP address of the
|
||||
@@ -239,11 +260,11 @@ controller:
|
||||
# - key: app.kubernetes.io/name
|
||||
# operator: In
|
||||
# values:
|
||||
# - ingress-nginx
|
||||
# - '{{ include "ingress-nginx.name" . }}'
|
||||
# - key: app.kubernetes.io/instance
|
||||
# operator: In
|
||||
# values:
|
||||
# - ingress-nginx
|
||||
# - '{{ .Release.Name }}'
|
||||
# - key: app.kubernetes.io/component
|
||||
# operator: In
|
||||
# values:
|
||||
@@ -258,16 +279,16 @@ controller:
|
||||
# - key: app.kubernetes.io/name
|
||||
# operator: In
|
||||
# values:
|
||||
# - ingress-nginx
|
||||
# - '{{ include "ingress-nginx.name" . }}'
|
||||
# - key: app.kubernetes.io/instance
|
||||
# operator: In
|
||||
# values:
|
||||
# - ingress-nginx
|
||||
# - '{{ .Release.Name }}'
|
||||
# - key: app.kubernetes.io/component
|
||||
# operator: In
|
||||
# values:
|
||||
# - controller
|
||||
# topologyKey: "kubernetes.io/hostname"
|
||||
# topologyKey: kubernetes.io/hostname
|
||||
|
||||
# -- Topology spread constraints rely on node labels to identify the topology domain(s) that each Node is in.
|
||||
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
|
||||
@@ -445,102 +466,170 @@ controller:
|
||||
configMapName: ""
|
||||
configMapKey: ""
|
||||
service:
|
||||
# -- Enable controller services or not. This does not influence the creation of either the admission webhook or the metrics service.
|
||||
enabled: true
|
||||
# -- If enabled is adding an appProtocol option for Kubernetes service. An appProtocol field replacing annotations that were
|
||||
# using for setting a backend protocol. Here is an example for AWS: service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http
|
||||
# It allows choosing the protocol for each backend specified in the Kubernetes service.
|
||||
# See the following GitHub issue for more details about the purpose: https://github.com/kubernetes/kubernetes/issues/40244
|
||||
# Will be ignored for Kubernetes versions older than 1.20
|
||||
##
|
||||
appProtocol: true
|
||||
# -- Annotations are mandatory for the load balancer to come up. Varies with the cloud service. Values passed through helm tpl engine.
|
||||
external:
|
||||
# -- Enable the external controller service or not. Useful for internal-only deployments.
|
||||
enabled: true
|
||||
# -- Annotations to be added to the external controller service. See `controller.service.internal.annotations` for annotations to be added to the internal controller service.
|
||||
annotations: {}
|
||||
# -- Labels to be added to both controller services.
|
||||
labels: {}
|
||||
# clusterIP: ""
|
||||
|
||||
# -- List of IP addresses at which the controller services are available
|
||||
## Ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips
|
||||
##
|
||||
# -- Type of the external controller service.
|
||||
# Ref: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types
|
||||
type: LoadBalancer
|
||||
# -- Pre-defined cluster internal IP address of the external controller service. Take care of collisions with existing services.
|
||||
# This value is immutable. Set once, it can not be changed without deleting and re-creating the service.
|
||||
# Ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address
|
||||
clusterIP: ""
|
||||
# -- List of node IP addresses at which the external controller service is available.
|
||||
# Ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips
|
||||
externalIPs: []
|
||||
# -- Set to false to disable loadbalancer node port allocation
|
||||
# See https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-nodeport-allocation
|
||||
# allocateLoadBalancerNodePorts: true
|
||||
# -- Used by cloud providers to connect the resulting `LoadBalancer` to a pre-existing static IP according to https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer
|
||||
# -- Deprecated: Pre-defined IP address of the external controller service. Used by cloud providers to connect the resulting load balancer service to a pre-existing static IP.
|
||||
# Ref: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer
|
||||
loadBalancerIP: ""
|
||||
# -- Restrict access to the external controller service. Values must be CIDRs. Allows any source address by default.
|
||||
loadBalancerSourceRanges: []
|
||||
# -- Used by cloud providers to select a load balancer implementation other than the cloud provider default. https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-class
|
||||
# -- Load balancer class of the external controller service. Used by cloud providers to select a load balancer implementation other than the cloud provider default.
|
||||
# Ref: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-class
|
||||
loadBalancerClass: ""
|
||||
enableHttp: true
|
||||
enableHttps: true
|
||||
## Set external traffic policy to: "Local" to preserve source IP on providers supporting it.
|
||||
## Ref: https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-typeloadbalancer
|
||||
# externalTrafficPolicy: ""
|
||||
# -- Enable node port allocation for the external controller service or not. Applies to type `LoadBalancer` only.
|
||||
# Ref: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-nodeport-allocation
|
||||
# allocateLoadBalancerNodePorts: true
|
||||
|
||||
## Must be either "None" or "ClientIP" if set. Kubernetes will default to "None".
|
||||
## Ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
|
||||
# sessionAffinity: ""
|
||||
|
||||
## Specifies the health check node port (numeric port number) for the service. If healthCheckNodePort isn’t specified,
|
||||
## the service controller allocates a port from your cluster’s NodePort range.
|
||||
## Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
|
||||
# -- External traffic policy of the external controller service. Set to "Local" to preserve source IP on providers supporting it.
|
||||
# Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
|
||||
externalTrafficPolicy: ""
|
||||
# -- Session affinity of the external controller service. Must be either "None" or "ClientIP" if set. Defaults to "None".
|
||||
# Ref: https://kubernetes.io/docs/reference/networking/virtual-ips/#session-affinity
|
||||
sessionAffinity: ""
|
||||
# -- Specifies the health check node port (numeric port number) for the external controller service.
|
||||
# If not specified, the service controller allocates a port from your cluster's node port range.
|
||||
# Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
|
||||
# healthCheckNodePort: 0
|
||||
|
||||
# -- Represents the dual-stack-ness requested or required by this Service. Possible values are
|
||||
# SingleStack, PreferDualStack or RequireDualStack.
|
||||
# The ipFamilies and clusterIPs fields depend on the value of this field.
|
||||
## Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/
|
||||
ipFamilyPolicy: "SingleStack"
|
||||
# -- List of IP families (e.g. IPv4, IPv6) assigned to the service. This field is usually assigned automatically
|
||||
# based on cluster configuration and the ipFamilyPolicy field.
|
||||
## Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/
|
||||
# -- Represents the dual-stack capabilities of the external controller service. Possible values are SingleStack, PreferDualStack or RequireDualStack.
|
||||
# Fields `ipFamilies` and `clusterIP` depend on the value of this field.
|
||||
# Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services
|
||||
ipFamilyPolicy: SingleStack
|
||||
# -- List of IP families (e.g. IPv4, IPv6) assigned to the external controller service. This field is usually assigned automatically based on cluster configuration and the `ipFamilyPolicy` field.
|
||||
# Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services
|
||||
ipFamilies:
|
||||
- IPv4
|
||||
# -- Enable the HTTP listener on both controller services or not.
|
||||
enableHttp: true
|
||||
# -- Enable the HTTPS listener on both controller services or not.
|
||||
enableHttps: true
|
||||
ports:
|
||||
# -- Port the external HTTP listener is published with.
|
||||
http: 80
|
||||
# -- Port the external HTTPS listener is published with.
|
||||
https: 443
|
||||
targetPorts:
|
||||
# -- Port of the ingress controller the external HTTP listener is mapped to.
|
||||
http: http
|
||||
# -- Port of the ingress controller the external HTTPS listener is mapped to.
|
||||
https: https
|
||||
type: LoadBalancer
|
||||
## type: NodePort
|
||||
## nodePorts:
|
||||
## http: 32080
|
||||
## https: 32443
|
||||
## tcp:
|
||||
## 8080: 32808
|
||||
# -- Declare the app protocol of the external HTTP and HTTPS listeners or not. Supersedes provider-specific annotations for declaring the backend protocol.
|
||||
# Ref: https://kubernetes.io/docs/concepts/services-networking/service/#application-protocol
|
||||
appProtocol: true
|
||||
nodePorts:
|
||||
# -- Node port allocated for the external HTTP listener. If left empty, the service controller allocates one from the configured node port range.
|
||||
http: ""
|
||||
# -- Node port allocated for the external HTTPS listener. If left empty, the service controller allocates one from the configured node port range.
|
||||
https: ""
|
||||
# -- Node port mapping for external TCP listeners. If left empty, the service controller allocates them from the configured node port range.
|
||||
# Example:
|
||||
# tcp:
|
||||
# 8080: 30080
|
||||
tcp: {}
|
||||
# -- Node port mapping for external UDP listeners. If left empty, the service controller allocates them from the configured node port range.
|
||||
# Example:
|
||||
# udp:
|
||||
# 53: 30053
|
||||
udp: {}
|
||||
external:
|
||||
enabled: true
|
||||
internal:
|
||||
# -- Enables an additional internal load balancer (besides the external one).
|
||||
# -- Enable the internal controller service or not. Remember to configure `controller.service.internal.annotations` when enabling this.
|
||||
enabled: false
|
||||
# -- Annotations are mandatory for the load balancer to come up. Varies with the cloud service. Values passed through helm tpl engine.
|
||||
# -- Annotations to be added to the internal controller service. Mandatory for the internal controller service to be created. Varies with the cloud service.
|
||||
# Ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
|
||||
annotations: {}
|
||||
# -- Set to false to disable loadbalancer node port allocation
|
||||
# See https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-nodeport-allocation
|
||||
# allocateLoadBalancerNodePorts: true
|
||||
# -- Used by cloud providers to connect the resulting internal LoadBalancer to a pre-existing static IP. Make sure to add to the service the needed annotation to specify the subnet which the static IP belongs to. For instance, `networking.gke.io/internal-load-balancer-subnet` for GCP and `service.beta.kubernetes.io/aws-load-balancer-subnets` for AWS.
|
||||
# -- Type of the internal controller service.
|
||||
# Defaults to the value of `controller.service.type`.
|
||||
# Ref: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types
|
||||
type: ""
|
||||
# -- Pre-defined cluster internal IP address of the internal controller service. Take care of collisions with existing services.
|
||||
# This value is immutable. Set once, it can not be changed without deleting and re-creating the service.
|
||||
# Ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address
|
||||
clusterIP: ""
|
||||
# -- List of node IP addresses at which the internal controller service is available.
|
||||
# Ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips
|
||||
externalIPs: []
|
||||
# -- Deprecated: Pre-defined IP address of the internal controller service. Used by cloud providers to connect the resulting load balancer service to a pre-existing static IP.
|
||||
# Ref: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer
|
||||
loadBalancerIP: ""
|
||||
# -- Restrict access For LoadBalancer service. Defaults to 0.0.0.0/0.
|
||||
# -- Restrict access to the internal controller service. Values must be CIDRs. Allows any source address by default.
|
||||
loadBalancerSourceRanges: []
|
||||
## Set external traffic policy to: "Local" to preserve source IP on
|
||||
## providers supporting it
|
||||
## Ref: https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-typeloadbalancer
|
||||
# externalTrafficPolicy: ""
|
||||
# -- Load balancer class of the internal controller service. Used by cloud providers to select a load balancer implementation other than the cloud provider default.
|
||||
# Ref: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-class
|
||||
loadBalancerClass: ""
|
||||
# -- Enable node port allocation for the internal controller service or not. Applies to type `LoadBalancer` only.
|
||||
# Ref: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-nodeport-allocation
|
||||
# allocateLoadBalancerNodePorts: true
|
||||
|
||||
# -- Custom port mapping for internal service
|
||||
# -- External traffic policy of the internal controller service. Set to "Local" to preserve source IP on providers supporting it.
|
||||
# Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
|
||||
externalTrafficPolicy: ""
|
||||
# -- Session affinity of the internal controller service. Must be either "None" or "ClientIP" if set. Defaults to "None".
|
||||
# Ref: https://kubernetes.io/docs/reference/networking/virtual-ips/#session-affinity
|
||||
sessionAffinity: ""
|
||||
# -- Specifies the health check node port (numeric port number) for the internal controller service.
|
||||
# If not specified, the service controller allocates a port from your cluster's node port range.
|
||||
# Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
|
||||
# healthCheckNodePort: 0
|
||||
|
||||
# -- Represents the dual-stack capabilities of the internal controller service. Possible values are SingleStack, PreferDualStack or RequireDualStack.
|
||||
# Fields `ipFamilies` and `clusterIP` depend on the value of this field.
|
||||
# Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services
|
||||
ipFamilyPolicy: SingleStack
|
||||
# -- List of IP families (e.g. IPv4, IPv6) assigned to the internal controller service. This field is usually assigned automatically based on cluster configuration and the `ipFamilyPolicy` field.
|
||||
# Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services
|
||||
ipFamilies:
|
||||
- IPv4
|
||||
ports: {}
|
||||
# http: 80
|
||||
# https: 443
|
||||
# -- Port the internal HTTP listener is published with.
|
||||
# Defaults to the value of `controller.service.ports.http`.
|
||||
# http: 80
|
||||
# -- Port the internal HTTPS listener is published with.
|
||||
# Defaults to the value of `controller.service.ports.https`.
|
||||
# https: 443
|
||||
|
||||
# -- Custom target port mapping for internal service
|
||||
targetPorts: {}
|
||||
# http: http
|
||||
# https: https
|
||||
# -- Port of the ingress controller the internal HTTP listener is mapped to.
|
||||
# Defaults to the value of `controller.service.targetPorts.http`.
|
||||
# http: http
|
||||
# -- Port of the ingress controller the internal HTTPS listener is mapped to.
|
||||
# Defaults to the value of `controller.service.targetPorts.https`.
|
||||
# https: https
|
||||
|
||||
# -- Declare the app protocol of the internal HTTP and HTTPS listeners or not. Supersedes provider-specific annotations for declaring the backend protocol.
|
||||
# Ref: https://kubernetes.io/docs/concepts/services-networking/service/#application-protocol
|
||||
appProtocol: true
|
||||
nodePorts:
|
||||
# -- Node port allocated for the internal HTTP listener. If left empty, the service controller allocates one from the configured node port range.
|
||||
http: ""
|
||||
# -- Node port allocated for the internal HTTPS listener. If left empty, the service controller allocates one from the configured node port range.
|
||||
https: ""
|
||||
# -- Node port mapping for internal TCP listeners. If left empty, the service controller allocates them from the configured node port range.
|
||||
# Example:
|
||||
# tcp:
|
||||
# 8080: 30080
|
||||
tcp: {}
|
||||
# -- Node port mapping for internal UDP listeners. If left empty, the service controller allocates them from the configured node port range.
|
||||
# Example:
|
||||
# udp:
|
||||
# 53: 30053
|
||||
udp: {}
|
||||
# shareProcessNamespace enables process namespace sharing within the pod.
|
||||
# This can be used for example to signal log rotation using `kill -USR1` from a sidecar.
|
||||
shareProcessNamespace: false
|
||||
@@ -587,8 +676,15 @@ controller:
|
||||
# -- Modules, which are mounted into the core nginx image. See values.yaml for a sample to add opentelemetry module
|
||||
extraModules: []
|
||||
# - name: mytestmodule
|
||||
# image: registry.k8s.io/ingress-nginx/mytestmodule
|
||||
# distroless: false
|
||||
# image:
|
||||
# registry: registry.k8s.io
|
||||
# image: ingress-nginx/mytestmodule
|
||||
# ## for backwards compatibility consider setting the full image url via the repository value below
|
||||
# ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail
|
||||
# ## repository:
|
||||
# tag: "v1.0.0"
|
||||
# digest: ""
|
||||
# distroless: false
|
||||
# containerSecurityContext:
|
||||
# runAsNonRoot: true
|
||||
# runAsUser: <user-id>
|
||||
@@ -608,8 +704,15 @@ controller:
|
||||
opentelemetry:
|
||||
enabled: false
|
||||
name: opentelemetry
|
||||
image: registry.k8s.io/ingress-nginx/opentelemetry:v20230721-3e2062ee5@sha256:13bee3f5223883d3ca62fee7309ad02d22ec00ff0d7033e3e9aca7a9f60fd472
|
||||
distroless: true
|
||||
image:
|
||||
registry: registry.k8s.io
|
||||
image: ingress-nginx/opentelemetry
|
||||
## for backwards compatibility consider setting the full image url via the repository value below
|
||||
## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail
|
||||
## repository:
|
||||
tag: "v20230721-3e2062ee5"
|
||||
digest: sha256:13bee3f5223883d3ca62fee7309ad02d22ec00ff0d7033e3e9aca7a9f60fd472
|
||||
distroless: true
|
||||
containerSecurityContext:
|
||||
runAsNonRoot: true
|
||||
# -- The image's default user, inherited from its base image `cgr.dev/chainguard/static`.
|
||||
@@ -619,7 +722,7 @@ controller:
|
||||
type: RuntimeDefault
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
- ALL
|
||||
readOnlyRootFilesystem: true
|
||||
resources: {}
|
||||
admissionWebhooks:
|
||||
@@ -670,7 +773,7 @@ controller:
|
||||
type: RuntimeDefault
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
- ALL
|
||||
readOnlyRootFilesystem: true
|
||||
resources: {}
|
||||
# limits:
|
||||
@@ -690,7 +793,7 @@ controller:
|
||||
type: RuntimeDefault
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
- ALL
|
||||
readOnlyRootFilesystem: true
|
||||
resources: {}
|
||||
patch:
|
||||
@@ -701,8 +804,8 @@ controller:
|
||||
## for backwards compatibility consider setting the full image url via the repository value below
|
||||
## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail
|
||||
## repository:
|
||||
tag: v20231011-8b53cabe0
|
||||
digest: sha256:a7943503b45d552785aa3b5e457f169a5661fb94d82b8a3373bcd9ebaf9aac80
|
||||
tag: v1.4.1
|
||||
digest: sha256:36d05b4077fb8e3d13663702fa337f124675ba8667cbd949c03a8e8ea6fa4366
|
||||
pullPolicy: IfNotPresent
|
||||
# -- Provide a priority class name to the webhook patching job
|
||||
##
|
||||
@@ -719,6 +822,18 @@ controller:
|
||||
labels: {}
|
||||
# -- Security context for secret creation & webhook patch pods
|
||||
securityContext: {}
|
||||
# -- Admission webhook patch job RBAC
|
||||
rbac:
|
||||
# -- Create RBAC or not
|
||||
create: true
|
||||
# -- Admission webhook patch job service account
|
||||
serviceAccount:
|
||||
# -- Create a service account or not
|
||||
create: true
|
||||
# -- Custom service account name
|
||||
name: ""
|
||||
# -- Auto-mount service account token or not
|
||||
automountServiceAccountToken: true
|
||||
# Use certmanager to generate webhook certs
|
||||
certManager:
|
||||
enabled: false
|
||||
@@ -758,6 +873,7 @@ controller:
|
||||
serviceMonitor:
|
||||
enabled: false
|
||||
additionalLabels: {}
|
||||
annotations: {}
|
||||
## The label to use to retrieve the job name from.
|
||||
## jobLabel: "app.kubernetes.io/name"
|
||||
namespace: ""
|
||||
@@ -895,7 +1011,68 @@ defaultBackend:
|
||||
# value: "value"
|
||||
# effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)"
|
||||
|
||||
# -- Affinity and anti-affinity rules for server scheduling to nodes
|
||||
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
|
||||
affinity: {}
|
||||
# # An example of preferred pod anti-affinity, weight is in the range 1-100
|
||||
# podAntiAffinity:
|
||||
# preferredDuringSchedulingIgnoredDuringExecution:
|
||||
# - weight: 100
|
||||
# podAffinityTerm:
|
||||
# labelSelector:
|
||||
# matchExpressions:
|
||||
# - key: app.kubernetes.io/name
|
||||
# operator: In
|
||||
# values:
|
||||
# - '{{ include "ingress-nginx.name" . }}'
|
||||
# - key: app.kubernetes.io/instance
|
||||
# operator: In
|
||||
# values:
|
||||
# - '{{ .Release.Name }}'
|
||||
# - key: app.kubernetes.io/component
|
||||
# operator: In
|
||||
# values:
|
||||
# - default-backend
|
||||
# topologyKey: kubernetes.io/hostname
|
||||
|
||||
# # An example of required pod anti-affinity
|
||||
# podAntiAffinity:
|
||||
# requiredDuringSchedulingIgnoredDuringExecution:
|
||||
# - labelSelector:
|
||||
# matchExpressions:
|
||||
# - key: app.kubernetes.io/name
|
||||
# operator: In
|
||||
# values:
|
||||
# - '{{ include "ingress-nginx.name" . }}'
|
||||
# - key: app.kubernetes.io/instance
|
||||
# operator: In
|
||||
# values:
|
||||
# - '{{ .Release.Name }}'
|
||||
# - key: app.kubernetes.io/component
|
||||
# operator: In
|
||||
# values:
|
||||
# - default-backend
|
||||
# topologyKey: kubernetes.io/hostname
|
||||
|
||||
# -- Topology spread constraints rely on node labels to identify the topology domain(s) that each Node is in.
|
||||
# Ref.: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
|
||||
topologySpreadConstraints: []
|
||||
# - labelSelector:
|
||||
# matchLabels:
|
||||
# app.kubernetes.io/name: '{{ include "ingress-nginx.name" . }}'
|
||||
# app.kubernetes.io/instance: '{{ .Release.Name }}'
|
||||
# app.kubernetes.io/component: default-backend
|
||||
# topologyKey: topology.kubernetes.io/zone
|
||||
# maxSkew: 1
|
||||
# whenUnsatisfiable: ScheduleAnyway
|
||||
# - labelSelector:
|
||||
# matchLabels:
|
||||
# app.kubernetes.io/name: '{{ include "ingress-nginx.name" . }}'
|
||||
# app.kubernetes.io/instance: '{{ .Release.Name }}'
|
||||
# app.kubernetes.io/component: default-backend
|
||||
# topologyKey: kubernetes.io/hostname
|
||||
# maxSkew: 1
|
||||
# whenUnsatisfiable: ScheduleAnyway
|
||||
# -- Security context for default backend pods
|
||||
podSecurityContext: {}
|
||||
# -- Security context for default backend containers
|
||||
@@ -931,21 +1108,21 @@ defaultBackend:
|
||||
## Additional volumes to the default backend pod.
|
||||
# - name: copy-portal-skins
|
||||
# emptyDir: {}
|
||||
|
||||
extraConfigMaps: []
|
||||
## Additional configmaps to the default backend pod.
|
||||
# Example ConfigMap, uncomment and configure as needed
|
||||
# - name: my-extra-configmap-1
|
||||
# labels:
|
||||
# type: config-1
|
||||
# data:
|
||||
# extra_file_1.html: |
|
||||
# <!-- Extra HTML content for ConfigMap 1 -->
|
||||
# - name: my-extra-configmap-2
|
||||
# labels:
|
||||
# type: config-2
|
||||
# data:
|
||||
# extra_file_2.html: |
|
||||
# <!-- Extra HTML content for ConfigMap 2 -->
|
||||
## Additional configmaps to the default backend pod.
|
||||
# - name: my-extra-configmap-1
|
||||
# labels:
|
||||
# type: config-1
|
||||
# data:
|
||||
# extra_file_1.html: |
|
||||
# <!-- Extra HTML content for ConfigMap 1 -->
|
||||
# - name: my-extra-configmap-2
|
||||
# labels:
|
||||
# type: config-2
|
||||
# data:
|
||||
# extra_file_2.html: |
|
||||
# <!-- Extra HTML content for ConfigMap 2 -->
|
||||
|
||||
autoscaling:
|
||||
annotations: {}
|
||||
@@ -996,13 +1173,13 @@ imagePullSecrets: []
|
||||
## Ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/exposing-tcp-udp-services.md
|
||||
##
|
||||
tcp: {}
|
||||
# 8080: "default/example-tcp-svc:9000"
|
||||
# "8080": "default/example-tcp-svc:9000"
|
||||
|
||||
# -- UDP service key-value pairs
|
||||
## Ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/exposing-tcp-udp-services.md
|
||||
##
|
||||
udp: {}
|
||||
# 53: "kube-system/kube-dns:53"
|
||||
# "53": "kube-system/kube-dns:53"
|
||||
|
||||
# -- Prefix for TCP and UDP ports names in ingress controller service
|
||||
## Some cloud providers, like Yandex Cloud may have a requirements for a port name regex to support cloud load balancer integration
|
||||
|
||||
@@ -5,8 +5,8 @@ ingress-nginx:
|
||||
image:
|
||||
registry: ghcr.io
|
||||
image: kvaps/ingress-nginx-with-protobuf-exporter/controller
|
||||
tag: v1.8.1
|
||||
digest: "sha256:7933a0729c716a8bf879218451ff43ee9c1a8f4850feffb12f81eb9439aefc23"
|
||||
tag: v1.11.1
|
||||
digest: sha256:76ca6d7898445140785091ff4a2b21df8c2b50fd1922fff6bd5118af75d33ab2
|
||||
allowSnippetAnnotations: true
|
||||
replicaCount: 2
|
||||
admissionWebhooks:
|
||||
@@ -16,7 +16,7 @@ ingress-nginx:
|
||||
enabled: true
|
||||
extraContainers:
|
||||
- name: protobuf-exporter
|
||||
image: ghcr.io/kvaps/ingress-nginx-with-protobuf-exporter/protobuf-exporter:v1.8.1@sha256:9b6f3f2688592a0f25038bc15e107642d7374359cbd87442920df1c45f27fe4d
|
||||
image: ghcr.io/kvaps/ingress-nginx-with-protobuf-exporter/protobuf-exporter:v1.11.1@sha256:82abdc9ab80b406dbeb8cd43fd8759b25c5ea77eb95f924bedc61453b9a3f693
|
||||
args:
|
||||
- --server.telemetry-address=0.0.0.0:9090
|
||||
- --server.exporter-address=0.0.0.0:9091
|
||||
|
||||
Reference in New Issue
Block a user