services/charts
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

add test train

Browse Source
This commit is contained in:
ducoterra
2021-08-29 14:54:47 -04:00
parent 40f11fe721
commit ada7070b1b
109 changed files with 6 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
test/ingress-nginx/3.34.0/.helmignore Normal file
View File

@@ -0,0 +1,22 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

250
test/ingress-nginx/3.34.0/CHANGELOG.md Normal file
View File

@@ -0,0 +1,250 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 3.34.0
- [7256] https://github.com/kubernetes/ingress-nginx/pull/7256 Add namespace field in the namespace scoped resource templates
### 3.33.0
- [7164] https://github.com/kubernetes/ingress-nginx/pull/7164 Update nginx to v1.20.1
### 3.32.0
- [7117] https://github.com/kubernetes/ingress-nginx/pull/7117 Add annotations for HPA
### 3.31.0
- [7137] https://github.com/kubernetes/ingress-nginx/pull/7137 Add support for custom probes
### 3.30.0
- [#7092](https://github.com/kubernetes/ingress-nginx/pull/7092) Removes the possibility of using localhost in ExternalNames as endpoints
### 3.29.0
- [X] [#6945](https://github.com/kubernetes/ingress-nginx/pull/7020) Add option to specify job label for ServiceMonitor
### 3.28.0
- [ ] [#6900](https://github.com/kubernetes/ingress-nginx/pull/6900) Support existing PSPs
### 3.27.0
- Update ingress-nginx v0.45.0
### 3.26.0
- [X] [#6979](https://github.com/kubernetes/ingress-nginx/pull/6979) Changed servicePort value for metrics
### 3.25.0
- [X] [#6957](https://github.com/kubernetes/ingress-nginx/pull/6957) Add ability to specify automountServiceAccountToken
### 3.24.0
- [X] [#6908](https://github.com/kubernetes/ingress-nginx/pull/6908) Add volumes to default-backend deployment
### 3.23.0
- Update ingress-nginx v0.44.0
### 3.22.0
- [X] [#6802](https://github.com/kubernetes/ingress-nginx/pull/6802) Add value for configuring a custom Diffie-Hellman parameters file
- [X] [#6815](https://github.com/kubernetes/ingress-nginx/pull/6815) Allow use of numeric namespaces in helm chart
### 3.21.0
- [X] [#6783](https://github.com/kubernetes/ingress-nginx/pull/6783) Add custom annotations to ScaledObject
- [X] [#6761](https://github.com/kubernetes/ingress-nginx/pull/6761) Adding quotes in the serviceAccount name in Helm values
- [X] [#6767](https://github.com/kubernetes/ingress-nginx/pull/6767) Remove ClusterRole when scope option is enabled
- [X] [#6785](https://github.com/kubernetes/ingress-nginx/pull/6785) Update kube-webhook-certgen image to v1.5.1
### 3.20.1
- Do not create KEDA in case of DaemonSets.
- Fix KEDA v2 definition
### 3.20.0
- [X] [#6730](https://github.com/kubernetes/ingress-nginx/pull/6730) Do not create HPA for defaultBackend if not enabled.
### 3.19.0
- Update ingress-nginx v0.43.0
### 3.18.0
- [X] [#6688](https://github.com/kubernetes/ingress-nginx/pull/6688) Allow volume-type emptyDir in controller podsecuritypolicy
- [X] [#6691](https://github.com/kubernetes/ingress-nginx/pull/6691) Improve parsing of helm parameters
### 3.17.0
- Update ingress-nginx v0.42.0
### 3.16.1
- Fix chart-releaser action
### 3.16.0
- [X] [#6646](https://github.com/kubernetes/ingress-nginx/pull/6646) Added LoadBalancerIP value for internal service
### 3.15.1
- Fix chart-releaser action
### 3.15.0
- [X] [#6586](https://github.com/kubernetes/ingress-nginx/pull/6586) Fix 'maxmindLicenseKey' location in values.yaml
### 3.14.0
- [X] [#6469](https://github.com/kubernetes/ingress-nginx/pull/6469) Allow custom service names for controller and backend
### 3.13.0
- [X] [#6544](https://github.com/kubernetes/ingress-nginx/pull/6544) Fix default backend HPA name variable
### 3.12.0
- [X] [#6514](https://github.com/kubernetes/ingress-nginx/pull/6514) Remove helm2 support and update docs
### 3.11.1
- [X] [#6505](https://github.com/kubernetes/ingress-nginx/pull/6505) Reorder HPA resource list to work with GitOps tooling
### 3.11.0
- Support Keda Autoscaling
### 3.10.1
- Fix regression introduced in 0.41.0 with external authentication
### 3.10.0
- Fix routing regression introduced in 0.41.0 with PathType Exact
### 3.9.0
- [X] [#6423](https://github.com/kubernetes/ingress-nginx/pull/6423) Add Default backend HPA autoscaling
### 3.8.0
- [X] [#6395](https://github.com/kubernetes/ingress-nginx/pull/6395) Update jettech/kube-webhook-certgen image
- [X] [#6377](https://github.com/kubernetes/ingress-nginx/pull/6377) Added loadBalancerSourceRanges for internal lbs
- [X] [#6356](https://github.com/kubernetes/ingress-nginx/pull/6356) Add securitycontext settings on defaultbackend
- [X] [#6401](https://github.com/kubernetes/ingress-nginx/pull/6401) Fix controller service annotations
- [X] [#6403](https://github.com/kubernetes/ingress-nginx/pull/6403) Initial helm chart changelog
### 3.7.1
- [X] [#6326](https://github.com/kubernetes/ingress-nginx/pull/6326) Fix liveness and readiness probe path in daemonset chart
### 3.7.0
- [X] [#6316](https://github.com/kubernetes/ingress-nginx/pull/6316) Numerals in podAnnotations in quotes [#6315](https://github.com/kubernetes/ingress-nginx/issues/6315)
### 3.6.0
- [X] [#6305](https://github.com/kubernetes/ingress-nginx/pull/6305) Add default linux nodeSelector
### 3.5.1
- [X] [#6299](https://github.com/kubernetes/ingress-nginx/pull/6299) Fix helm chart release
### 3.5.0
- [X] [#6260](https://github.com/kubernetes/ingress-nginx/pull/6260) Allow Helm Chart to customize admission webhook's annotations, timeoutSeconds, namespaceSelector, objectSelector and cert files locations
### 3.4.0
- [X] [#6268](https://github.com/kubernetes/ingress-nginx/pull/6268) Update to 0.40.2 in helm chart #6288
### 3.3.1
- [X] [#6259](https://github.com/kubernetes/ingress-nginx/pull/6259) Release helm chart
- [X] [#6258](https://github.com/kubernetes/ingress-nginx/pull/6258) Fix chart markdown link
- [X] [#6253](https://github.com/kubernetes/ingress-nginx/pull/6253) Release v0.40.0
### 3.3.1
- [X] [#6233](https://github.com/kubernetes/ingress-nginx/pull/6233) Add admission controller e2e test
### 3.3.0
- [X] [#6203](https://github.com/kubernetes/ingress-nginx/pull/6203) Refactor parsing of key values
- [X] [#6162](https://github.com/kubernetes/ingress-nginx/pull/6162) Add helm chart options to expose metrics service as NodePort
- [X] [#6180](https://github.com/kubernetes/ingress-nginx/pull/6180) Fix helm chart admissionReviewVersions regression
- [X] [#6169](https://github.com/kubernetes/ingress-nginx/pull/6169) Fix Typo in example prometheus rules
### 3.0.0
- [X] [#6167](https://github.com/kubernetes/ingress-nginx/pull/6167) Update chart requirements
### 2.16.0
- [X] [#6154](https://github.com/kubernetes/ingress-nginx/pull/6154) add `topologySpreadConstraint` to controller
### 2.15.0
- [X] [#6087](https://github.com/kubernetes/ingress-nginx/pull/6087) Adding parameter for externalTrafficPolicy in internal controller service spec
### 2.14.0
- [X] [#6104](https://github.com/kubernetes/ingress-nginx/pull/6104) Misc fixes for nginx-ingress chart for better keel and prometheus-operator integration
### 2.13.0
- [X] [#6093](https://github.com/kubernetes/ingress-nginx/pull/6093) Release v0.35.0
### 2.13.0
- [X] [#6093](https://github.com/kubernetes/ingress-nginx/pull/6093) Release v0.35.0
- [X] [#6080](https://github.com/kubernetes/ingress-nginx/pull/6080) Switch images to k8s.gcr.io after Vanity Domain Flip
### 2.12.1
- [X] [#6075](https://github.com/kubernetes/ingress-nginx/pull/6075) Sync helm chart affinity examples
### 2.12.0
- [X] [#6039](https://github.com/kubernetes/ingress-nginx/pull/6039) Add configurable serviceMonitor metricRelabelling and targetLabels
- [X] [#6044](https://github.com/kubernetes/ingress-nginx/pull/6044) Fix YAML linting
### 2.11.3
- [X] [#6038](https://github.com/kubernetes/ingress-nginx/pull/6038) Bump chart version PATCH
### 2.11.2
- [X] [#5951](https://github.com/kubernetes/ingress-nginx/pull/5951) Bump chart patch version
### 2.11.1
- [X] [#5900](https://github.com/kubernetes/ingress-nginx/pull/5900) Release helm chart for v0.34.1
### 2.11.0
- [X] [#5879](https://github.com/kubernetes/ingress-nginx/pull/5879) Update helm chart for v0.34.0
- [X] [#5671](https://github.com/kubernetes/ingress-nginx/pull/5671) Make liveness probe more fault tolerant than readiness probe
### 2.10.0
- [X] [#5843](https://github.com/kubernetes/ingress-nginx/pull/5843) Update jettech/kube-webhook-certgen image
### 2.9.1
- [X] [#5823](https://github.com/kubernetes/ingress-nginx/pull/5823) Add quoting to sysctls because numeric values need to be presented as strings (#5823)
### 2.9.0
- [X] [#5795](https://github.com/kubernetes/ingress-nginx/pull/5795) Use fully qualified images to avoid cri-o issues
### TODO
Keep building the changelog using *git log charts* checking the tag

19
test/ingress-nginx/3.34.0/Chart.yaml Normal file
View File

@@ -0,0 +1,19 @@
annotations:
artifacthub.io/changes: |
- Add namespace field in the namespace scoped resource templates
apiVersion: v2
appVersion: 0.47.0
description: Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer
home: https://github.com/kubernetes/ingress-nginx
icon: https://upload.wikimedia.org/wikipedia/commons/thumb/c/c5/Nginx_logo.svg/500px-Nginx_logo.svg.png
keywords:
- ingress
- nginx
kubeVersion: '>=1.16.0-0'
maintainers:
- name: ChiefAlexander
name: ingress-nginx
sources:
- https://github.com/kubernetes/ingress-nginx
type: application
version: 3.34.0

5
test/ingress-nginx/3.34.0/OWNERS Normal file
View File

@@ -0,0 +1,5 @@
approvers:
- ChiefAlexander
reviewers:
- ChiefAlexander

49
test/ingress-nginx/3.34.0/README.md Normal file
View File

@@ -0,0 +1,49 @@
# Nginx ingress
1. Install nginx
```bash
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo update
helm install ingress-nginx ingress-nginx/ingress-nginx
```
2. Install cert-manager
```bash
kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.3.1/cert-manager.yaml
```
3. Apply nginx
```bash
kubectl apply -f letsencrypt-issuer.yaml
```
## Ingress Examples
```yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
kubernetes.io/ingress.class: nginx
name: {{ .Release.Name }}
spec:
rules:
- host: {{ .Release.Name }}.ducoterra.net
http:
paths:
- backend:
service:
name: {{ .Release.Name }}
port:
number: 80
path: /
pathType: Prefix
tls:
- hosts:
- {{ .Release.Name }}.ducoterra.net
secretName: {{.Release.Name}}-tls-cert
```

3
test/ingress-nginx/3.34.0/app-readme.md Normal file
View File

@@ -0,0 +1,3 @@
# Ingress Nginx
nginx ingress for kubernetes

9
test/ingress-nginx/3.34.0/ci/daemonset-customconfig-values.yaml Normal file
View File

@@ -0,0 +1,9 @@
controller:
kind: DaemonSet
admissionWebhooks:
enabled: false
service:
type: ClusterIP
config:
use-proxy-protocol: "true"

18
test/ingress-nginx/3.34.0/ci/daemonset-customnodeport-values.yaml Normal file
View File

@@ -0,0 +1,18 @@
controller:
kind: DaemonSet
admissionWebhooks:
enabled: false
service:
type: NodePort
nodePorts:
tcp:
9000: 30090
udp:
9001: 30091
tcp:
9000: "default/test:8080"
udp:
9001: "default/test:8080"

10
test/ingress-nginx/3.34.0/ci/daemonset-headers-values.yaml Normal file
View File

@@ -0,0 +1,10 @@
controller:
kind: DaemonSet
admissionWebhooks:
enabled: false
addHeaders:
X-Frame-Options: deny
proxySetHeaders:
X-Forwarded-Proto: https
service:
type: ClusterIP

10
test/ingress-nginx/3.34.0/ci/daemonset-internal-lb-values.yaml Normal file
View File

@@ -0,0 +1,10 @@
controller:
kind: DaemonSet
admissionWebhooks:
enabled: false
service:
type: ClusterIP
internal:
enabled: true
annotations:
service.beta.kubernetes.io/aws-load-balancer-internal: 0.0.0.0/0

6
test/ingress-nginx/3.34.0/ci/daemonset-nodeport-values.yaml Normal file
View File

@@ -0,0 +1,6 @@
controller:
kind: DaemonSet
admissionWebhooks:
enabled: false
service:
type: NodePort

13
test/ingress-nginx/3.34.0/ci/daemonset-podannotations-values.yaml Normal file
View File

@@ -0,0 +1,13 @@
controller:
kind: DaemonSet
admissionWebhooks:
enabled: false
metrics:
enabled: true
service:
type: ClusterIP
podAnnotations:
prometheus.io/path: /metrics
prometheus.io/port: "10254"
prometheus.io/scheme: http
prometheus.io/scrape: "true"

16
test/ingress-nginx/3.34.0/ci/daemonset-tcp-udp-configMapNamespace-values.yaml Normal file
View File

@@ -0,0 +1,16 @@
controller:
kind: DaemonSet
admissionWebhooks:
enabled: false
service:
type: ClusterIP
tcp:
configMapNamespace: default
udp:
configMapNamespace: default
tcp:
9000: "default/test:8080"
udp:
9001: "default/test:8080"

12
test/ingress-nginx/3.34.0/ci/daemonset-tcp-udp-values.yaml Normal file
View File

@@ -0,0 +1,12 @@
controller:
kind: DaemonSet
admissionWebhooks:
enabled: false
service:
type: ClusterIP
tcp:
9000: "default/test:8080"
udp:
9001: "default/test:8080"

10
test/ingress-nginx/3.34.0/ci/daemonset-tcp-values.yaml Normal file
View File

@@ -0,0 +1,10 @@
controller:
kind: DaemonSet
admissionWebhooks:
enabled: false
service:
type: ClusterIP
tcp:
9000: "default/test:8080"
9001: "default/test:8080"

6
test/ingress-nginx/3.34.0/ci/deamonset-default-values.yaml Normal file
View File

@@ -0,0 +1,6 @@
controller:
kind: DaemonSet
admissionWebhooks:
enabled: false
service:
type: ClusterIP

8
test/ingress-nginx/3.34.0/ci/deamonset-metrics-values.yaml Normal file
View File

@@ -0,0 +1,8 @@
controller:
kind: DaemonSet
admissionWebhooks:
enabled: false
metrics:
enabled: true
service:
type: ClusterIP

9
test/ingress-nginx/3.34.0/ci/deamonset-psp-values.yaml Normal file
View File

@@ -0,0 +1,9 @@
controller:
kind: DaemonSet
admissionWebhooks:
enabled: false
service:
type: ClusterIP
podSecurityPolicy:
enabled: true

9
test/ingress-nginx/3.34.0/ci/deamonset-webhook-and-psp-values.yaml Normal file
View File

@@ -0,0 +1,9 @@
controller:
kind: DaemonSet
admissionWebhooks:
enabled: true
service:
type: ClusterIP
podSecurityPolicy:
enabled: true

6
test/ingress-nginx/3.34.0/ci/deamonset-webhook-values.yaml Normal file
View File

@@ -0,0 +1,6 @@
controller:
kind: DaemonSet
admissionWebhooks:
enabled: true
service:
type: ClusterIP

7
test/ingress-nginx/3.34.0/ci/deployment-autoscaling-values.yaml Normal file
View File

@@ -0,0 +1,7 @@
controller:
autoscaling:
enabled: true
admissionWebhooks:
enabled: false
service:
type: ClusterIP

7
test/ingress-nginx/3.34.0/ci/deployment-customconfig-values.yaml Normal file
View File

@@ -0,0 +1,7 @@
controller:
config:
use-proxy-protocol: "true"
admissionWebhooks:
enabled: false
service:
type: ClusterIP

16
test/ingress-nginx/3.34.0/ci/deployment-customnodeport-values.yaml Normal file
View File

@@ -0,0 +1,16 @@
controller:
admissionWebhooks:
enabled: false
service:
type: NodePort
nodePorts:
tcp:
9000: 30090
udp:
9001: 30091
tcp:
9000: "default/test:8080"
udp:
9001: "default/test:8080"

4
test/ingress-nginx/3.34.0/ci/deployment-default-values.yaml Normal file
View File

@@ -0,0 +1,4 @@
# Left blank to test default values
controller:
service:
type: ClusterIP

9
test/ingress-nginx/3.34.0/ci/deployment-headers-values.yaml Normal file
View File

@@ -0,0 +1,9 @@
controller:
admissionWebhooks:
enabled: false
addHeaders:
X-Frame-Options: deny
proxySetHeaders:
X-Forwarded-Proto: https
service:
type: ClusterIP

9
test/ingress-nginx/3.34.0/ci/deployment-internal-lb-values.yaml Normal file
View File

@@ -0,0 +1,9 @@
controller:
admissionWebhooks:
enabled: false
service:
type: ClusterIP
internal:
enabled: true
annotations:
service.beta.kubernetes.io/aws-load-balancer-internal: 0.0.0.0/0

7
test/ingress-nginx/3.34.0/ci/deployment-metrics-values.yaml Normal file
View File

@@ -0,0 +1,7 @@
controller:
admissionWebhooks:
enabled: false
metrics:
enabled: true
service:
type: ClusterIP

5
test/ingress-nginx/3.34.0/ci/deployment-nodeport-values.yaml Normal file
View File

@@ -0,0 +1,5 @@
controller:
admissionWebhooks:
enabled: false
service:
type: NodePort

12
test/ingress-nginx/3.34.0/ci/deployment-podannotations-values.yaml Normal file
View File

@@ -0,0 +1,12 @@
controller:
admissionWebhooks:
enabled: false
metrics:
enabled: true
service:
type: ClusterIP
podAnnotations:
prometheus.io/path: /metrics
prometheus.io/port: "10254"
prometheus.io/scheme: http
prometheus.io/scrape: "true"

6
test/ingress-nginx/3.34.0/ci/deployment-psp-values.yaml Normal file
View File

@@ -0,0 +1,6 @@
controller:
service:
type: ClusterIP
podSecurityPolicy:
enabled: true

15
test/ingress-nginx/3.34.0/ci/deployment-tcp-udp-configMapNamespace-values.yaml Normal file
View File

@@ -0,0 +1,15 @@
controller:
admissionWebhooks:
enabled: false
service:
type: ClusterIP
tcp:
configMapNamespace: default
udp:
configMapNamespace: default
tcp:
9000: "default/test:8080"
udp:
9001: "default/test:8080"

11
test/ingress-nginx/3.34.0/ci/deployment-tcp-udp-values.yaml Normal file
View File

@@ -0,0 +1,11 @@
controller:
admissionWebhooks:
enabled: false
service:
type: ClusterIP
tcp:
9000: "default/test:8080"
udp:
9001: "default/test:8080"

7
test/ingress-nginx/3.34.0/ci/deployment-tcp-values.yaml Normal file
View File

@@ -0,0 +1,7 @@
controller:
service:
type: ClusterIP
tcp:
9000: "default/test:8080"
9001: "default/test:8080"

8
test/ingress-nginx/3.34.0/ci/deployment-webhook-and-psp-values.yaml Normal file
View File

@@ -0,0 +1,8 @@
controller:
admissionWebhooks:
enabled: true
service:
type: ClusterIP
podSecurityPolicy:
enabled: true

5
test/ingress-nginx/3.34.0/ci/deployment-webhook-values.yaml Normal file
View File

@@ -0,0 +1,5 @@
controller:
admissionWebhooks:
enabled: true
service:
type: ClusterIP

11
test/ingress-nginx/3.34.0/ix_values.yaml Normal file
View File

@@ -0,0 +1,11 @@
image:
repository: k8s.gcr.io
image: ingress-nginx/controller
tag: "v0.47.0"
controller:
service:
type: NodePort
nodePorts:
http: 9080
https: 9443

12
test/ingress-nginx/3.34.0/questions.yaml Normal file
View File

@@ -0,0 +1,12 @@
groups:
- name: "Let's Encrypt Config"
description: "Let's Encrypt configuration details for cert-manager"
- name: "Nginx Config"
description: "Nginx configuration details"
questions:
- variable: email
description: "Let's Encrypt Email"
group: "Let's Encrypt Config"
label: "Let's Encrypt Email"
schema:
type: string

71
test/ingress-nginx/3.34.0/templates/NOTES.txt Normal file
View File

@@ -0,0 +1,71 @@
The ingress-nginx controller has been installed.
{{- if contains "NodePort" .Values.controller.service.type }}
Get the application URL by running these commands:
{{- if (not (empty .Values.controller.service.nodePorts.http)) }}
export HTTP_NODE_PORT={{ .Values.controller.service.nodePorts.http }}
{{- else }}
export HTTP_NODE_PORT=$(kubectl --namespace {{ .Release.Namespace }} get services -o jsonpath="{.spec.ports[0].nodePort}" {{ include "ingress-nginx.controller.fullname" . }})
{{- end }}
{{- if (not (empty .Values.controller.service.nodePorts.https)) }}
export HTTPS_NODE_PORT={{ .Values.controller.service.nodePorts.https }}
{{- else }}
export HTTPS_NODE_PORT=$(kubectl --namespace {{ .Release.Namespace }} get services -o jsonpath="{.spec.ports[1].nodePort}" {{ include "ingress-nginx.controller.fullname" . }})
{{- end }}
export NODE_IP=$(kubectl --namespace {{ .Release.Namespace }} get nodes -o jsonpath="{.items[0].status.addresses[1].address}")
echo "Visit http://$NODE_IP:$HTTP_NODE_PORT to access your application via HTTP."
echo "Visit https://$NODE_IP:$HTTPS_NODE_PORT to access your application via HTTPS."
{{- else if contains "LoadBalancer" .Values.controller.service.type }}
It may take a few minutes for the LoadBalancer IP to be available.
You can watch the status by running 'kubectl --namespace {{ .Release.Namespace }} get services -o wide -w {{ include "ingress-nginx.controller.fullname" . }}'
{{- else if contains "ClusterIP" .Values.controller.service.type }}
Get the application URL by running these commands:
export POD_NAME=$(kubectl --namespace {{ .Release.Namespace }} get pods -o jsonpath="{.items[0].metadata.name}" -l "app={{ template "ingress-nginx.name" . }},component={{ .Values.controller.name }},release={{ .Release.Name }}")
kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:80
echo "Visit http://127.0.0.1:8080 to access your application."
{{- end }}
An example Ingress that makes use of the controller:
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: {{ .Values.controller.ingressClass }}
name: example
namespace: foo
spec:
rules:
- host: www.example.com
http:
paths:
- backend:
serviceName: exampleService
servicePort: 80
path: /
# This section is only required if TLS is to be enabled for the Ingress
tls:
- hosts:
- www.example.com
secretName: example-tls
If TLS is enabled for the Ingress, a Secret containing the certificate and key must also be provided:
apiVersion: v1
kind: Secret
metadata:
name: example-tls
namespace: foo
data:
tls.crt: <base64 encoded cert>
tls.key: <base64 encoded key>
type: kubernetes.io/tls
{{- if .Values.controller.headers }}
#################################################################################
###### WARNING: `controller.headers` has been deprecated! #####
###### It has been renamed to `controller.proxySetHeaders`. #####
#################################################################################
{{- end }}

134
test/ingress-nginx/3.34.0/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,134 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "ingress-nginx.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "ingress-nginx.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "ingress-nginx.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create a default fully qualified controller name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "ingress-nginx.controller.fullname" -}}
{{- printf "%s-%s" (include "ingress-nginx.fullname" .) .Values.controller.name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Construct the path for the publish-service.
By convention this will simply use the <namespace>/<controller-name> to match the name of the
service generated.
Users can provide an override for an explicit service they want bound via `.Values.controller.publishService.pathOverride`
*/}}
{{- define "ingress-nginx.controller.publishServicePath" -}}
{{- $defServiceName := printf "%s/%s" "$(POD_NAMESPACE)" (include "ingress-nginx.controller.fullname" .) -}}
{{- $servicePath := default $defServiceName .Values.controller.publishService.pathOverride }}
{{- print $servicePath | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified default backend name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "ingress-nginx.defaultBackend.fullname" -}}
{{- printf "%s-%s" (include "ingress-nginx.fullname" .) .Values.defaultBackend.name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Common labels
*/}}
{{- define "ingress-nginx.labels" -}}
helm.sh/chart: {{ include "ingress-nginx.chart" . }}
{{ include "ingress-nginx.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end -}}
{{/*
Selector labels
*/}}
{{- define "ingress-nginx.selectorLabels" -}}
app.kubernetes.io/name: {{ include "ingress-nginx.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end -}}
{{/*
Create the name of the controller service account to use
*/}}
{{- define "ingress-nginx.serviceAccountName" -}}
{{- if .Values.serviceAccount.create -}}
{{ default (include "ingress-nginx.fullname" .) .Values.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{/*
Create the name of the backend service account to use - only used when podsecuritypolicy is also enabled
*/}}
{{- define "ingress-nginx.defaultBackend.serviceAccountName" -}}
{{- if .Values.defaultBackend.serviceAccount.create -}}
{{ default (printf "%s-backend" (include "ingress-nginx.fullname" .)) .Values.defaultBackend.serviceAccount.name }}
{{- else -}}
{{ default "default-backend" .Values.defaultBackend.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiGroup for PodSecurityPolicy.
*/}}
{{- define "podSecurityPolicy.apiGroup" -}}
{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
{{- print "policy" -}}
{{- else -}}
{{- print "extensions" -}}
{{- end -}}
{{- end -}}
{{/*
Check the ingress controller version tag is at most three versions behind the last release
*/}}
{{- define "isControllerTagValid" -}}
{{- if not (semverCompare ">=0.27.0-0" .Values.controller.image.tag) -}}
{{- fail "Controller container image tag should be 0.27.0 or higher" -}}
{{- end -}}
{{- end -}}
{{/*
IngressClass parameters.
*/}}
{{- define "ingressClass.parameters" -}}
{{- if .Values.controller.ingressClassResource.parameters -}}
parameters:
{{ toYaml .Values.controller.ingressClassResource.parameters | indent 4}}
{{ end }}
{{- end -}}

31
test/ingress-nginx/3.34.0/templates/admission-webhooks/job-patch/clusterrole.yaml Normal file
View File

@@ -0,0 +1,31 @@
{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled -}}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ include "ingress-nginx.fullname" . }}-admission
annotations:
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
labels:
{{- include "ingress-nginx.labels" . | nindent 4 }}
app.kubernetes.io/component: admission-webhook
rules:
- apiGroups:
- admissionregistration.k8s.io
resources:
- validatingwebhookconfigurations
verbs:
- get
- update
{{- if .Values.podSecurityPolicy.enabled }}
- apiGroups: ['extensions']
resources: ['podsecuritypolicies']
verbs: ['use']
resourceNames:
{{- with .Values.controller.admissionWebhooks.existingPsp }}
- {{ . }}
{{- else }}
- {{ include "ingress-nginx.fullname" . }}-admission
{{- end }}
{{- end }}
{{- end }}

20
test/ingress-nginx/3.34.0/templates/admission-webhooks/job-patch/clusterrolebinding.yaml Normal file
View File

@@ -0,0 +1,20 @@
{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled -}}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ include "ingress-nginx.fullname" . }}-admission
annotations:
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
labels:
{{- include "ingress-nginx.labels" . | nindent 4 }}
app.kubernetes.io/component: admission-webhook
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ include "ingress-nginx.fullname" . }}-admission
subjects:
- kind: ServiceAccount
name: {{ include "ingress-nginx.fullname" . }}-admission
namespace: {{ .Release.Namespace | quote }}
{{- end }}

61
test/ingress-nginx/3.34.0/templates/admission-webhooks/job-patch/job-createSecret.yaml Normal file
View File

@@ -0,0 +1,61 @@
{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled -}}
apiVersion: batch/v1
kind: Job
metadata:
name: {{ include "ingress-nginx.fullname" . }}-admission-create
namespace: {{ .Release.Namespace }}
annotations:
"helm.sh/hook": pre-install,pre-upgrade
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
labels:
{{- include "ingress-nginx.labels" . | nindent 4 }}
app.kubernetes.io/component: admission-webhook
spec:
{{- if .Capabilities.APIVersions.Has "batch/v1alpha1" }}
# Alpha feature since k8s 1.12
ttlSecondsAfterFinished: 0
{{- end }}
template:
metadata:
name: {{ include "ingress-nginx.fullname" . }}-admission-create
{{- if .Values.controller.admissionWebhooks.patch.podAnnotations }}
annotations: {{ toYaml .Values.controller.admissionWebhooks.patch.podAnnotations | nindent 8 }}
{{- end }}
labels:
{{- include "ingress-nginx.labels" . | nindent 8 }}
app.kubernetes.io/component: admission-webhook
spec:
{{- if .Values.controller.admissionWebhooks.patch.priorityClassName }}
priorityClassName: {{ .Values.controller.admissionWebhooks.patch.priorityClassName }}
{{- end }}
{{- if .Values.imagePullSecrets }}
imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 8 }}
{{- end }}
containers:
- name: create
{{- with .Values.controller.admissionWebhooks.patch.image }}
image: "{{- if .repository -}}{{ .repository }}{{ else }}{{ .registry }}/{{ .image }}{{- end -}}:{{ .tag }}{{- if (.digest) -}} @{{.digest}} {{- end -}}"
{{- end }}
imagePullPolicy: {{ .Values.controller.admissionWebhooks.patch.image.pullPolicy }}
args:
- create
- --host={{ include "ingress-nginx.controller.fullname" . }}-admission,{{ include "ingress-nginx.controller.fullname" . }}-admission.$(POD_NAMESPACE).svc
- --namespace=$(POD_NAMESPACE)
- --secret-name={{ include "ingress-nginx.fullname" . }}-admission
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
restartPolicy: OnFailure
serviceAccountName: {{ include "ingress-nginx.fullname" . }}-admission
{{- if .Values.controller.admissionWebhooks.patch.nodeSelector }}
nodeSelector: {{ toYaml .Values.controller.admissionWebhooks.patch.nodeSelector | nindent 8 }}
{{- end }}
{{- if .Values.controller.admissionWebhooks.patch.tolerations }}
tolerations: {{ toYaml .Values.controller.admissionWebhooks.patch.tolerations | nindent 8 }}
{{- end }}
securityContext:
runAsNonRoot: true
runAsUser: {{ .Values.controller.admissionWebhooks.patch.runAsUser }}
{{- end }}

63
test/ingress-nginx/3.34.0/templates/admission-webhooks/job-patch/job-patchWebhook.yaml Normal file
View File

@@ -0,0 +1,63 @@
{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled -}}
apiVersion: batch/v1
kind: Job
metadata:
name: {{ include "ingress-nginx.fullname" . }}-admission-patch
namespace: {{ .Release.Namespace }}
annotations:
"helm.sh/hook": post-install,post-upgrade
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
labels:
{{- include "ingress-nginx.labels" . | nindent 4 }}
app.kubernetes.io/component: admission-webhook
spec:
{{- if .Capabilities.APIVersions.Has "batch/v1alpha1" }}
# Alpha feature since k8s 1.12
ttlSecondsAfterFinished: 0
{{- end }}
template:
metadata:
name: {{ include "ingress-nginx.fullname" . }}-admission-patch
{{- if .Values.controller.admissionWebhooks.patch.podAnnotations }}
annotations: {{ toYaml .Values.controller.admissionWebhooks.patch.podAnnotations | nindent 8 }}
{{- end }}
labels:
{{- include "ingress-nginx.labels" . | nindent 8 }}
app.kubernetes.io/component: admission-webhook
spec:
{{- if .Values.controller.admissionWebhooks.patch.priorityClassName }}
priorityClassName: {{ .Values.controller.admissionWebhooks.patch.priorityClassName }}
{{- end }}
{{- if .Values.imagePullSecrets }}
imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 8 }}
{{- end }}
containers:
- name: patch
{{- with .Values.controller.admissionWebhooks.patch.image }}
image: "{{- if .repository -}}{{ .repository }}{{ else }}{{ .registry }}/{{ .image }}{{- end -}}:{{ .tag }}{{- if (.digest) -}} @{{.digest}} {{- end -}}"
{{- end }}
imagePullPolicy: {{ .Values.controller.admissionWebhooks.patch.image.pullPolicy }}
args:
- patch
- --webhook-name={{ include "ingress-nginx.fullname" . }}-admission
- --namespace=$(POD_NAMESPACE)
- --patch-mutating=false
- --secret-name={{ include "ingress-nginx.fullname" . }}-admission
- --patch-failure-policy={{ .Values.controller.admissionWebhooks.failurePolicy }}
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
restartPolicy: OnFailure
serviceAccountName: {{ include "ingress-nginx.fullname" . }}-admission
{{- if .Values.controller.admissionWebhooks.patch.nodeSelector }}
nodeSelector: {{ toYaml .Values.controller.admissionWebhooks.patch.nodeSelector | nindent 8 }}
{{- end }}
{{- if .Values.controller.admissionWebhooks.patch.tolerations }}
tolerations: {{ toYaml .Values.controller.admissionWebhooks.patch.tolerations | nindent 8 }}
{{- end }}
securityContext:
runAsNonRoot: true
runAsUser: {{ .Values.controller.admissionWebhooks.patch.runAsUser }}
{{- end }}

36
test/ingress-nginx/3.34.0/templates/admission-webhooks/job-patch/psp.yaml Normal file
View File

@@ -0,0 +1,36 @@
{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled .Values.podSecurityPolicy.enabled (empty .Values.controller.admissionWebhooks.existingPsp) -}}
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: {{ include "ingress-nginx.fullname" . }}-admission
annotations:
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
labels:
{{- include "ingress-nginx.labels" . | nindent 4 }}
app.kubernetes.io/component: admission-webhook
spec:
allowPrivilegeEscalation: false
fsGroup:
ranges:
- max: 65535
min: 1
rule: MustRunAs
requiredDropCapabilities:
- ALL
runAsUser:
rule: MustRunAsNonRoot
seLinux:
rule: RunAsAny
supplementalGroups:
ranges:
- max: 65535
min: 1
rule: MustRunAs
volumes:
- configMap
- emptyDir
- projected
- secret
- downwardAPI
{{- end }}

21
test/ingress-nginx/3.34.0/templates/admission-webhooks/job-patch/role.yaml Normal file
View File

@@ -0,0 +1,21 @@
{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled -}}
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ include "ingress-nginx.fullname" . }}-admission
namespace: {{ .Release.Namespace }}
annotations:
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
labels:
{{- include "ingress-nginx.labels" . | nindent 4 }}
app.kubernetes.io/component: admission-webhook
rules:
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- create
{{- end }}

21
test/ingress-nginx/3.34.0/templates/admission-webhooks/job-patch/rolebinding.yaml Normal file
View File

@@ -0,0 +1,21 @@
{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled -}}
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ include "ingress-nginx.fullname" . }}-admission
namespace: {{ .Release.Namespace }}
annotations:
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
labels:
{{- include "ingress-nginx.labels" . | nindent 4 }}
app.kubernetes.io/component: admission-webhook
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ include "ingress-nginx.fullname" . }}-admission
subjects:
- kind: ServiceAccount
name: {{ include "ingress-nginx.fullname" . }}-admission
namespace: {{ .Release.Namespace | quote }}
{{- end }}

13
test/ingress-nginx/3.34.0/templates/admission-webhooks/job-patch/serviceaccount.yaml Normal file
View File

@@ -0,0 +1,13 @@
{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "ingress-nginx.fullname" . }}-admission
namespace: {{ .Release.Namespace }}
annotations:
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
labels:
{{- include "ingress-nginx.labels" . | nindent 4 }}
app.kubernetes.io/component: admission-webhook
{{- end }}

46
test/ingress-nginx/3.34.0/templates/admission-webhooks/validating-webhook.yaml Normal file
View File

@@ -0,0 +1,46 @@
{{- if .Values.controller.admissionWebhooks.enabled -}}
# before changing this value, check the required kubernetes version
# https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#prerequisites
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
{{- if .Values.controller.admissionWebhooks.annotations }}
annotations: {{ toYaml .Values.controller.admissionWebhooks.annotations | nindent 4 }}
{{- end }}
labels:
{{- include "ingress-nginx.labels" . | nindent 4 }}
app.kubernetes.io/component: admission-webhook
name: {{ include "ingress-nginx.fullname" . }}-admission
webhooks:
- name: validate.nginx.ingress.kubernetes.io
matchPolicy: Equivalent
rules:
- apiGroups:
- networking.k8s.io
apiVersions:
- v1beta1
operations:
- CREATE
- UPDATE
resources:
- ingresses
failurePolicy: {{ .Values.controller.admissionWebhooks.failurePolicy | default "Fail" }}
sideEffects: None
admissionReviewVersions:
- v1
- v1beta1
clientConfig:
service:
namespace: {{ .Release.Namespace | quote }}
name: {{ include "ingress-nginx.controller.fullname" . }}-admission
path: /networking/v1beta1/ingresses
{{- if .Values.controller.admissionWebhooks.timeoutSeconds }}
timeoutSeconds: {{ .Values.controller.admissionWebhooks.timeoutSeconds }}
{{- end }}
{{- if .Values.controller.admissionWebhooks.namespaceSelector }}
namespaceSelector: {{ toYaml .Values.controller.admissionWebhooks.namespaceSelector | nindent 6 }}
{{- end }}
{{- if .Values.controller.admissionWebhooks.objectSelector }}
objectSelector: {{ toYaml .Values.controller.admissionWebhooks.objectSelector | nindent 6 }}
{{- end }}
{{- end }}

75
test/ingress-nginx/3.34.0/templates/clusterrole.yaml Normal file
View File

@@ -0,0 +1,75 @@
{{- if and .Values.rbac.create (not .Values.rbac.scope) -}}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
{{- include "ingress-nginx.labels" . | nindent 4 }}
name: {{ include "ingress-nginx.fullname" . }}
rules:
- apiGroups:
- ""
resources:
- configmaps
- endpoints
- nodes
- pods
- secrets
verbs:
- list
- watch
{{- if and .Values.controller.scope.enabled .Values.controller.scope.namespace }}
- apiGroups:
- ""
resources:
- namespaces
resourceNames:
- "{{ .Values.controller.scope.namespace }}"
verbs:
- get
{{- end }}
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- apiGroups:
- ""
resources:
- services
verbs:
- get
- list
- watch
- apiGroups:
- extensions
- "networking.k8s.io" # k8s 1.14+
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- extensions
- "networking.k8s.io" # k8s 1.14+
resources:
- ingresses/status
verbs:
- update
- apiGroups:
- "networking.k8s.io" # k8s 1.14+
resources:
- ingressclasses
verbs:
- get
- list
- watch
{{- end }}

16
test/ingress-nginx/3.34.0/templates/clusterrolebinding.yaml Normal file
View File

@@ -0,0 +1,16 @@
{{- if and .Values.rbac.create (not .Values.rbac.scope) -}}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
{{- include "ingress-nginx.labels" . | nindent 4 }}
name: {{ include "ingress-nginx.fullname" . }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ include "ingress-nginx.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ template "ingress-nginx.serviceAccountName" . }}
namespace: {{ .Release.Namespace | quote }}
{{- end }}

11
test/ingress-nginx/3.34.0/templates/controller-configmap-addheaders.yaml Normal file
View File

@@ -0,0 +1,11 @@
{{- if .Values.controller.addHeaders -}}
apiVersion: v1
kind: ConfigMap
metadata:
labels:
{{- include "ingress-nginx.labels" . | nindent 4 }}
app.kubernetes.io/component: controller
name: {{ include "ingress-nginx.fullname" . }}-custom-add-headers
namespace: {{ .Release.Namespace }}
data: {{ toYaml .Values.controller.addHeaders | nindent 2 }}
{{- end }}

16
test/ingress-nginx/3.34.0/templates/controller-configmap-proxyheaders.yaml Normal file
View File

@@ -0,0 +1,16 @@
{{- if or .Values.controller.proxySetHeaders .Values.controller.headers -}}
apiVersion: v1
kind: ConfigMap
metadata:
labels:
{{- include "ingress-nginx.labels" . | nindent 4 }}
app.kubernetes.io/component: controller
name: {{ include "ingress-nginx.fullname" . }}-custom-proxy-headers
namespace: {{ .Release.Namespace }}
data:
{{- if .Values.controller.proxySetHeaders }}
{{ toYaml .Values.controller.proxySetHeaders | indent 2 }}
{{ else if and .Values.controller.headers (not .Values.controller.proxySetHeaders) }}
{{ toYaml .Values.controller.headers | indent 2 }}
{{- end }}
{{- end }}

14
test/ingress-nginx/3.34.0/templates/controller-configmap-tcp.yaml Normal file
View File

@@ -0,0 +1,14 @@
{{- if .Values.tcp -}}
apiVersion: v1
kind: ConfigMap
metadata:
labels:
{{- include "ingress-nginx.labels" . | nindent 4 }}
app.kubernetes.io/component: controller
{{- if .Values.controller.tcp.annotations }}
annotations: {{ toYaml .Values.controller.tcp.annotations | nindent 4 }}
{{- end }}
name: {{ include "ingress-nginx.fullname" . }}-tcp
namespace: {{ .Release.Namespace }}
data: {{ tpl (toYaml .Values.tcp) . | nindent 2 }}
{{- end }}

14
test/ingress-nginx/3.34.0/templates/controller-configmap-udp.yaml Normal file
View File

@@ -0,0 +1,14 @@
{{- if .Values.udp -}}
apiVersion: v1
kind: ConfigMap
metadata:
labels:
{{- include "ingress-nginx.labels" . | nindent 4 }}
app.kubernetes.io/component: controller
{{- if .Values.controller.udp.annotations }}
annotations: {{ toYaml .Values.controller.udp.annotations | nindent 4 }}
{{- end }}
name: {{ include "ingress-nginx.fullname" . }}-udp
namespace: {{ .Release.Namespace }}
data: {{ tpl (toYaml .Values.udp) . | nindent 2 }}
{{- end }}

25
test/ingress-nginx/3.34.0/templates/controller-configmap.yaml Normal file
View File

@@ -0,0 +1,25 @@
apiVersion: v1
kind: ConfigMap
metadata:
labels:
{{- include "ingress-nginx.labels" . | nindent 4 }}
app.kubernetes.io/component: controller
{{- if .Values.controller.configAnnotations }}
annotations: {{ toYaml .Values.controller.configAnnotations | nindent 4 }}
{{- end }}
name: {{ include "ingress-nginx.controller.fullname" . }}
namespace: {{ .Release.Namespace }}
data:
{{- if .Values.controller.addHeaders }}
add-headers: {{ .Release.Namespace }}/{{ include "ingress-nginx.fullname" . }}-custom-add-headers
{{- end }}
{{- if or .Values.controller.proxySetHeaders .Values.controller.headers }}
proxy-set-headers: {{ .Release.Namespace }}/{{ include "ingress-nginx.fullname" . }}-custom-proxy-headers
{{- end }}
{{- if .Values.dhParam }}
ssl-dh-param: {{ printf "%s/%s" .Release.Namespace (include "ingress-nginx.controller.fullname" .) }}
{{- end }}
{{- range $key, $value := .Values.controller.config }}
{{ $key | nindent 2 }}: {{ $value | quote }}
{{- end }}

244
test/ingress-nginx/3.34.0/templates/controller-daemonset.yaml Normal file
View File

@@ -0,0 +1,244 @@
{{- if or (eq .Values.controller.kind "DaemonSet") (eq .Values.controller.kind "Both") -}}
{{- include "isControllerTagValid" . -}}
apiVersion: apps/v1
kind: DaemonSet
metadata:
labels:
{{- include "ingress-nginx.labels" . | nindent 4 }}
app.kubernetes.io/component: controller
{{- with .Values.controller.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
name: {{ include "ingress-nginx.controller.fullname" . }}
namespace: {{ .Release.Namespace }}
{{- if .Values.controller.annotations }}
annotations: {{ toYaml .Values.controller.annotations | nindent 4 }}
{{- end }}
spec:
selector:
matchLabels:
{{- include "ingress-nginx.selectorLabels" . | nindent 6 }}
app.kubernetes.io/component: controller
revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
{{- if .Values.controller.updateStrategy }}
updateStrategy: {{ toYaml .Values.controller.updateStrategy | nindent 4 }}
{{- end }}
minReadySeconds: {{ .Values.controller.minReadySeconds }}
template:
metadata:
{{- if .Values.controller.podAnnotations }}
annotations:
{{- range $key, $value := .Values.controller.podAnnotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
labels:
{{- include "ingress-nginx.selectorLabels" . | nindent 8 }}
app.kubernetes.io/component: controller
{{- if .Values.controller.podLabels }}
{{- toYaml .Values.controller.podLabels | nindent 8 }}
{{- end }}
spec:
{{- if .Values.controller.dnsConfig }}
dnsConfig: {{ toYaml .Values.controller.dnsConfig | nindent 8 }}
{{- end }}
dnsPolicy: {{ .Values.controller.dnsPolicy }}
{{- if .Values.imagePullSecrets }}
imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 8 }}
{{- end }}
{{- if .Values.controller.priorityClassName }}
priorityClassName: {{ .Values.controller.priorityClassName }}
{{- end }}
{{- if or .Values.controller.podSecurityContext .Values.controller.sysctls }}
securityContext:
{{- end }}
{{- if .Values.controller.podSecurityContext }}
{{- toYaml .Values.controller.podSecurityContext | nindent 8 }}
{{- end }}
{{- if .Values.controller.sysctls }}
sysctls:
{{- range $sysctl, $value := .Values.controller.sysctls }}
- name: {{ $sysctl | quote }}
value: {{ $value | quote }}
{{- end }}
{{- end }}
containers:
- name: {{ .Values.controller.containerName }}
{{- with .Values.controller.image }}
image: "{{- if .repository -}}{{ .repository }}{{ else }}{{ .registry }}/{{ .image }}{{- end -}}:{{ .tag }}{{- if (.digest) -}} @{{.digest}} {{- end -}}"
{{- end }}
imagePullPolicy: {{ .Values.controller.image.pullPolicy }}
{{- if .Values.controller.lifecycle }}
lifecycle: {{ toYaml .Values.controller.lifecycle | nindent 12 }}
{{- end }}
args:
- /nginx-ingress-controller
{{- if .Values.defaultBackend.enabled }}
- --default-backend-service={{ .Release.Namespace }}/{{ include "ingress-nginx.defaultBackend.fullname" . }}
{{- end }}
{{- if .Values.controller.publishService.enabled }}
- --publish-service={{ template "ingress-nginx.controller.publishServicePath" . }}
{{- end }}
- --election-id={{ .Values.controller.electionID }}
- --ingress-class={{ .Values.controller.ingressClass }}
- --configmap={{ .Release.Namespace }}/{{ include "ingress-nginx.controller.fullname" . }}
{{- if .Values.tcp }}
- --tcp-services-configmap={{ .Release.Namespace }}/{{ include "ingress-nginx.fullname" . }}-tcp
{{- end }}
{{- if .Values.udp }}
- --udp-services-configmap={{ .Release.Namespace }}/{{ include "ingress-nginx.fullname" . }}-udp
{{- end }}
{{- if .Values.controller.scope.enabled }}
- --watch-namespace={{ default .Release.Namespace .Values.controller.scope.namespace }}
{{- end }}
{{- if and .Values.controller.reportNodeInternalIp .Values.controller.hostNetwork }}
- --report-node-internal-ip-address={{ .Values.controller.reportNodeInternalIp }}
{{- end }}
{{- if .Values.controller.admissionWebhooks.enabled }}
- --validating-webhook=:{{ .Values.controller.admissionWebhooks.port }}
- --validating-webhook-certificate={{ .Values.controller.admissionWebhooks.certificate }}
- --validating-webhook-key={{ .Values.controller.admissionWebhooks.key }}
{{- end }}
{{- if .Values.controller.maxmindMirror }}
- --maxmind-mirror={{ .Values.controller.maxmindMirror }}
{{- end}}
{{- if .Values.controller.maxmindLicenseKey }}
- --maxmind-license-key={{ .Values.controller.maxmindLicenseKey }}
{{- end }}
{{- if not (eq .Values.controller.healthCheckPath "/healthz") }}
- --health-check-path={{ .Values.controller.healthCheckPath }}
{{- end }}
{{- range $key, $value := .Values.controller.extraArgs }}
{{- /* Accept keys without values or with false as value */}}
{{- if eq ($value | quote | len) 2 }}
- --{{ $key }}
{{- else }}
- --{{ $key }}={{ $value }}
{{- end }}
{{- end }}
securityContext:
capabilities:
drop:
- ALL
add:
- NET_BIND_SERVICE
runAsUser: {{ .Values.controller.image.runAsUser }}
allowPrivilegeEscalation: {{ .Values.controller.image.allowPrivilegeEscalation }}
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
{{- if .Values.controller.enableMimalloc }}
- name: LD_PRELOAD
value: /usr/local/lib/libmimalloc.so
{{- end }}
{{- if .Values.controller.extraEnvs }}
{{- toYaml .Values.controller.extraEnvs | nindent 12 }}
{{- end }}
{{- if .Values.controller.startupProbe }}
startupProbe: {{ toYaml .Values.controller.startupProbe | nindent 12 }}
{{- end }}
livenessProbe: {{ toYaml .Values.controller.livenessProbe | nindent 12 }}
readinessProbe: {{ toYaml .Values.controller.readinessProbe | nindent 12 }}
ports:
{{- range $key, $value := .Values.controller.containerPort }}
- name: {{ $key }}
containerPort: {{ $value }}
protocol: TCP
{{- if $.Values.controller.hostPort.enabled }}
hostPort: {{ index $.Values.controller.hostPort.ports $key | default $value }}
{{- end }}
{{- end }}
{{- if .Values.controller.metrics.enabled }}
- name: metrics
containerPort: {{ .Values.controller.metrics.port }}
protocol: TCP
{{- end }}
{{- if .Values.controller.admissionWebhooks.enabled }}
- name: webhook
containerPort: {{ .Values.controller.admissionWebhooks.port }}
protocol: TCP
{{- end }}
{{- range $key, $value := .Values.tcp }}
- name: {{ $key }}-tcp
containerPort: {{ $key }}
protocol: TCP
{{- if $.Values.controller.hostPort.enabled }}
hostPort: {{ $key }}
{{- end }}
{{- end }}
{{- range $key, $value := .Values.udp }}
- name: {{ $key }}-udp
containerPort: {{ $key }}
protocol: UDP
{{- if $.Values.controller.hostPort.enabled }}
hostPort: {{ $key }}
{{- end }}
{{- end }}
{{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled) }}
volumeMounts:
{{- if .Values.controller.customTemplate.configMapName }}
- mountPath: /etc/nginx/template
name: nginx-template-volume
readOnly: true
{{- end }}
{{- if .Values.controller.admissionWebhooks.enabled }}
- name: webhook-cert
mountPath: /usr/local/certificates/
readOnly: true
{{- end }}
{{- if .Values.controller.extraVolumeMounts }}
{{- toYaml .Values.controller.extraVolumeMounts | nindent 12 }}
{{- end }}
{{- end }}
{{- if .Values.controller.resources }}
resources: {{ toYaml .Values.controller.resources | nindent 12 }}
{{- end }}
{{- if .Values.controller.extraContainers }}
{{ toYaml .Values.controller.extraContainers | nindent 8 }}
{{- end }}
{{- if .Values.controller.extraInitContainers }}
initContainers: {{ toYaml .Values.controller.extraInitContainers | nindent 8 }}
{{- end }}
{{- if .Values.controller.hostNetwork }}
hostNetwork: {{ .Values.controller.hostNetwork }}
{{- end }}
{{- if .Values.controller.nodeSelector }}
nodeSelector: {{ toYaml .Values.controller.nodeSelector | nindent 8 }}
{{- end }}
{{- if .Values.controller.tolerations }}
tolerations: {{ toYaml .Values.controller.tolerations | nindent 8 }}
{{- end }}
{{- if .Values.controller.affinity }}
affinity: {{ toYaml .Values.controller.affinity | nindent 8 }}
{{- end }}
{{- if .Values.controller.topologySpreadConstraints }}
topologySpreadConstraints: {{ toYaml .Values.controller.topologySpreadConstraints | nindent 8 }}
{{- end }}
serviceAccountName: {{ template "ingress-nginx.serviceAccountName" . }}
terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }}
{{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled .Values.controller.extraVolumes) }}
volumes:
{{- if .Values.controller.customTemplate.configMapName }}
- name: nginx-template-volume
configMap:
name: {{ .Values.controller.customTemplate.configMapName }}
items:
- key: {{ .Values.controller.customTemplate.configMapKey }}
path: nginx.tmpl
{{- end }}
{{- if .Values.controller.admissionWebhooks.enabled }}
- name: webhook-cert
secret:
secretName: {{ include "ingress-nginx.fullname" . }}-admission
{{- end }}
{{- if .Values.controller.extraVolumes }}
{{ toYaml .Values.controller.extraVolumes | nindent 8 }}
{{- end }}
{{- end }}
{{- end }}

245
test/ingress-nginx/3.34.0/templates/controller-deployment.yaml Normal file
View File

@@ -0,0 +1,245 @@
{{- if or (eq .Values.controller.kind "Deployment") (eq .Values.controller.kind "Both") -}}
{{- include "isControllerTagValid" . -}}
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
{{- include "ingress-nginx.labels" . | nindent 4 }}
app.kubernetes.io/component: controller
{{- with .Values.controller.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
name: {{ include "ingress-nginx.controller.fullname" . }}
namespace: {{ .Release.Namespace }}
{{- if .Values.controller.annotations }}
annotations: {{ toYaml .Values.controller.annotations | nindent 4 }}
{{- end }}
spec:
selector:
matchLabels:
{{- include "ingress-nginx.selectorLabels" . | nindent 6 }}
app.kubernetes.io/component: controller
{{- if not .Values.controller.autoscaling.enabled }}
replicas: {{ .Values.controller.replicaCount }}
{{- end }}
revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
{{- if .Values.controller.updateStrategy }}
strategy:
{{ toYaml .Values.controller.updateStrategy | nindent 4 }}
{{- end }}
minReadySeconds: {{ .Values.controller.minReadySeconds }}
template:
metadata:
{{- if .Values.controller.podAnnotations }}
annotations:
{{- range $key, $value := .Values.controller.podAnnotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
labels:
{{- include "ingress-nginx.selectorLabels" . | nindent 8 }}
app.kubernetes.io/component: controller
{{- if .Values.controller.podLabels }}
{{- toYaml .Values.controller.podLabels | nindent 8 }}
{{- end }}
spec:
{{- if .Values.controller.dnsConfig }}
dnsConfig: {{ toYaml .Values.controller.dnsConfig | nindent 8 }}
{{- end }}
dnsPolicy: {{ .Values.controller.dnsPolicy }}
{{- if .Values.imagePullSecrets }}
imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 8 }}
{{- end }}
{{- if .Values.controller.priorityClassName }}
priorityClassName: {{ .Values.controller.priorityClassName }}
{{- end }}
{{- if or .Values.controller.podSecurityContext .Values.controller.sysctls }}
securityContext:
{{- end }}
{{- if .Values.controller.podSecurityContext }}
{{- toYaml .Values.controller.podSecurityContext | nindent 8 }}
{{- end }}
{{- if .Values.controller.sysctls }}
sysctls:
{{- range $sysctl, $value := .Values.controller.sysctls }}
- name: {{ $sysctl | quote }}
value: {{ $value | quote }}
{{- end }}
{{- end }}
containers:
- name: {{ .Values.controller.containerName }}
{{- with .Values.controller.image }}
image: "{{- if .repository -}}{{ .repository }}{{ else }}{{ .registry }}/{{ .image }}{{- end -}}:{{ .tag }}{{- if (.digest) -}} @{{.digest}} {{- end -}}"
{{- end }}
imagePullPolicy: {{ .Values.controller.image.pullPolicy }}
{{- if .Values.controller.lifecycle }}
lifecycle: {{ toYaml .Values.controller.lifecycle | nindent 12 }}
{{- end }}
args:
- /nginx-ingress-controller
{{- if .Values.defaultBackend.enabled }}
- --default-backend-service=$(POD_NAMESPACE)/{{ include "ingress-nginx.defaultBackend.fullname" . }}
{{- end }}
{{- if .Values.controller.publishService.enabled }}
- --publish-service={{ template "ingress-nginx.controller.publishServicePath" . }}
{{- end }}
- --election-id={{ .Values.controller.electionID }}
- --ingress-class={{ .Values.controller.ingressClass }}
- --configmap=$(POD_NAMESPACE)/{{ include "ingress-nginx.controller.fullname" . }}
{{- if .Values.tcp }}
- --tcp-services-configmap=$(POD_NAMESPACE)/{{ include "ingress-nginx.fullname" . }}-tcp
{{- end }}
{{- if .Values.udp }}
- --udp-services-configmap=$(POD_NAMESPACE)/{{ include "ingress-nginx.fullname" . }}-udp
{{- end }}
{{- if .Values.controller.scope.enabled }}
- --watch-namespace={{ default "$(POD_NAMESPACE)" .Values.controller.scope.namespace }}
{{- end }}
{{- if and .Values.controller.reportNodeInternalIp .Values.controller.hostNetwork }}
- --report-node-internal-ip-address={{ .Values.controller.reportNodeInternalIp }}
{{- end }}
{{- if .Values.controller.admissionWebhooks.enabled }}
- --validating-webhook=:{{ .Values.controller.admissionWebhooks.port }}
- --validating-webhook-certificate={{ .Values.controller.admissionWebhooks.certificate }}
- --validating-webhook-key={{ .Values.controller.admissionWebhooks.key }}
{{- end }}
{{- if .Values.controller.maxmindLicenseKey }}
- --maxmind-license-key={{ .Values.controller.maxmindLicenseKey }}
{{- end }}
{{- if not (eq .Values.controller.healthCheckPath "/healthz") }}
- --health-check-path={{ .Values.controller.healthCheckPath }}
{{- end }}
{{- range $key, $value := .Values.controller.extraArgs }}
{{- /* Accept keys without values or with false as value */}}
{{- if eq ($value | quote | len) 2 }}
- --{{ $key }}
{{- else }}
- --{{ $key }}={{ $value }}
{{- end }}
{{- end }}
securityContext:
capabilities:
drop:
- ALL
add:
- NET_BIND_SERVICE
runAsUser: {{ .Values.controller.image.runAsUser }}
allowPrivilegeEscalation: {{ .Values.controller.image.allowPrivilegeEscalation }}
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
{{- if .Values.controller.enableMimalloc }}
- name: LD_PRELOAD
value: /usr/local/lib/libmimalloc.so
{{- end }}
{{- if .Values.controller.extraEnvs }}
{{- toYaml .Values.controller.extraEnvs | nindent 12 }}
{{- end }}
{{- if .Values.controller.startupProbe }}
startupProbe: {{ toYaml .Values.controller.startupProbe | nindent 12 }}
{{- end }}
livenessProbe: {{ toYaml .Values.controller.livenessProbe | nindent 12 }}
readinessProbe: {{ toYaml .Values.controller.readinessProbe | nindent 12 }}
ports:
{{- range $key, $value := .Values.controller.containerPort }}
- name: {{ $key }}
containerPort: {{ $value }}
protocol: TCP
{{- if $.Values.controller.hostPort.enabled }}
hostPort: {{ index $.Values.controller.hostPort.ports $key | default $value }}
{{- end }}
{{- end }}
{{- if .Values.controller.metrics.enabled }}
- name: metrics
containerPort: {{ .Values.controller.metrics.port }}
protocol: TCP
{{- end }}
{{- if .Values.controller.admissionWebhooks.enabled }}
- name: webhook
containerPort: {{ .Values.controller.admissionWebhooks.port }}
protocol: TCP
{{- end }}
{{- range $key, $value := .Values.tcp }}
- name: {{ $key }}-tcp
containerPort: {{ $key }}
protocol: TCP
{{- if $.Values.controller.hostPort.enabled }}
hostPort: {{ $key }}
{{- end }}
{{- end }}
{{- range $key, $value := .Values.udp }}
- name: {{ $key }}-udp
containerPort: {{ $key }}
protocol: UDP
{{- if $.Values.controller.hostPort.enabled }}
hostPort: {{ $key }}
{{- end }}
{{- end }}
{{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled) }}
volumeMounts:
{{- if .Values.controller.customTemplate.configMapName }}
- mountPath: /etc/nginx/template
name: nginx-template-volume
readOnly: true
{{- end }}
{{- if .Values.controller.admissionWebhooks.enabled }}
- name: webhook-cert
mountPath: /usr/local/certificates/
readOnly: true
{{- end }}
{{- if .Values.controller.extraVolumeMounts }}
{{- toYaml .Values.controller.extraVolumeMounts | nindent 12 }}
{{- end }}
{{- end }}
{{- if .Values.controller.resources }}
resources: {{ toYaml .Values.controller.resources | nindent 12 }}
{{- end }}
{{- if .Values.controller.extraContainers }}
{{ toYaml .Values.controller.extraContainers | nindent 8 }}
{{- end }}
{{- if .Values.controller.extraInitContainers }}
initContainers: {{ toYaml .Values.controller.extraInitContainers | nindent 8 }}
{{- end }}
{{- if .Values.controller.hostNetwork }}
hostNetwork: {{ .Values.controller.hostNetwork }}
{{- end }}
{{- if .Values.controller.nodeSelector }}
nodeSelector: {{ toYaml .Values.controller.nodeSelector | nindent 8 }}
{{- end }}
{{- if .Values.controller.tolerations }}
tolerations: {{ toYaml .Values.controller.tolerations | nindent 8 }}
{{- end }}
{{- if .Values.controller.affinity }}
affinity: {{ toYaml .Values.controller.affinity | nindent 8 }}
{{- end }}
{{- if .Values.controller.topologySpreadConstraints }}
topologySpreadConstraints: {{ toYaml .Values.controller.topologySpreadConstraints | nindent 8 }}
{{- end }}
serviceAccountName: {{ template "ingress-nginx.serviceAccountName" . }}
terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }}
{{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled .Values.controller.extraVolumes) }}
volumes:
{{- if .Values.controller.customTemplate.configMapName }}
- name: nginx-template-volume
configMap:
name: {{ .Values.controller.customTemplate.configMapName }}
items:
- key: {{ .Values.controller.customTemplate.configMapKey }}
path: nginx.tmpl
{{- end }}
{{- if .Values.controller.admissionWebhooks.enabled }}
- name: webhook-cert
secret:
secretName: {{ include "ingress-nginx.fullname" . }}-admission
{{- end }}
{{- if .Values.controller.extraVolumes }}
{{ toYaml .Values.controller.extraVolumes | nindent 8 }}
{{- end }}
{{- end }}
{{- end }}

45
test/ingress-nginx/3.34.0/templates/controller-hpa.yaml Normal file
View File

@@ -0,0 +1,45 @@
{{- if and .Values.controller.autoscaling.enabled (or (eq .Values.controller.kind "Deployment") (eq .Values.controller.kind "Both")) -}}
{{- if not .Values.controller.keda.enabled }}
apiVersion: autoscaling/v2beta2
kind: HorizontalPodAutoscaler
metadata:
annotations:
{{- with .Values.controller.autoscaling.annotations }}
{{- toYaml . | trimSuffix "\n" | nindent 4 }}
{{- end }}
labels:
{{- include "ingress-nginx.labels" . | nindent 4 }}
app.kubernetes.io/component: controller
name: {{ include "ingress-nginx.controller.fullname" . }}
namespace: {{ .Release.Namespace }}
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: {{ include "ingress-nginx.controller.fullname" . }}
minReplicas: {{ .Values.controller.autoscaling.minReplicas }}
maxReplicas: {{ .Values.controller.autoscaling.maxReplicas }}
metrics:
{{- with .Values.controller.autoscaling.targetMemoryUtilizationPercentage }}
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: {{ . }}
{{- end }}
{{- with .Values.controller.autoscaling.targetCPUUtilizationPercentage }}
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: {{ . }}
{{- end }}
{{- with .Values.controller.autoscalingTemplate }}
{{- toYaml . | nindent 2 }}
{{- end }}
{{- end }}
{{- end }}

23
test/ingress-nginx/3.34.0/templates/controller-ingressclass.yaml Normal file
View File

@@ -0,0 +1,23 @@
{{- if and (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) (.Values.controller.ingressClassResource.enabled) -}}
{{- if and (semverCompare "=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
apiVersion: networking.k8s.io/v1beta1
{{- else }}
apiVersion: networking.k8s.io/v1
{{- end }}
kind: IngressClass
metadata:
labels:
{{- include "ingress-nginx.labels" . | nindent 4 }}
app.kubernetes.io/component: controller
{{- with .Values.controller.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
name: {{ .Values.controller.ingressClass }}
{{- if .Values.controller.ingressClassResource.default }}
annotations:
ingressclass.kubernetes.io/is-default-class: "true"
{{- end }}
spec:
controller: k8s.io/ingress-nginx
{{ template "ingressClass.parameters" . }}
{{- end }}

39
test/ingress-nginx/3.34.0/templates/controller-keda.yaml Normal file
View File

@@ -0,0 +1,39 @@
{{- if and .Values.controller.keda.enabled (or (eq .Values.controller.kind "Deployment") (eq .Values.controller.kind "Both")) -}}
# https://keda.sh/docs/
apiVersion: {{ .Values.controller.keda.apiVersion }}
kind: ScaledObject
metadata:
labels:
{{- include "ingress-nginx.labels" . | nindent 4 }}
app.kubernetes.io/component: controller
name: {{ include "ingress-nginx.controller.fullname" . }}
{{- if .Values.controller.keda.scaledObject.annotations }}
annotations: {{ toYaml .Values.controller.keda.scaledObject.annotations | nindent 4 }}
{{- end }}
spec:
scaleTargetRef:
{{- if eq .Values.controller.keda.apiVersion "keda.k8s.io/v1alpha1" }}
deploymentName: {{ include "ingress-nginx.controller.fullname" . }}
{{- else if eq .Values.controller.keda.apiVersion "keda.sh/v1alpha1" }}
name: {{ include "ingress-nginx.controller.fullname" . }}
{{- end }}
pollingInterval: {{ .Values.controller.keda.pollingInterval }}
cooldownPeriod: {{ .Values.controller.keda.cooldownPeriod }}
minReplicaCount: {{ .Values.controller.keda.minReplicas }}
maxReplicaCount: {{ .Values.controller.keda.maxReplicas }}
triggers:
{{- with .Values.controller.keda.triggers }}
{{ toYaml . | indent 2 }}
{{ end }}
advanced:
restoreToOriginalReplicaCount: {{ .Values.controller.keda.restoreToOriginalReplicaCount }}
{{- if .Values.controller.keda.behavior }}
horizontalPodAutoscalerConfig:
behavior:
{{ with .Values.controller.keda.behavior -}}
{{ toYaml . | indent 8 }}
{{ end }}
{{- end }}
{{- end }}

16
test/ingress-nginx/3.34.0/templates/controller-poddisruptionbudget.yaml Normal file
View File

@@ -0,0 +1,16 @@
{{- if or (and .Values.controller.autoscaling.enabled (gt (.Values.controller.autoscaling.minReplicas | int) 1)) (and (not .Values.controller.autoscaling.enabled) (gt (.Values.controller.replicaCount | int) 1)) }}
apiVersion: policy/v1beta1
kind: PodDisruptionBudget
metadata:
labels:
{{- include "ingress-nginx.labels" . | nindent 4 }}
app.kubernetes.io/component: controller
name: {{ include "ingress-nginx.controller.fullname" . }}
namespace: {{ .Release.Namespace }}
spec:
selector:
matchLabels:
{{- include "ingress-nginx.selectorLabels" . | nindent 6 }}
app.kubernetes.io/component: controller
minAvailable: {{ .Values.controller.minAvailable }}
{{- end }}

21
test/ingress-nginx/3.34.0/templates/controller-prometheusrules.yaml Normal file
View File

@@ -0,0 +1,21 @@
{{- if and .Values.controller.metrics.enabled .Values.controller.metrics.prometheusRule.enabled -}}
apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
name: {{ include "ingress-nginx.controller.fullname" . }}
{{- if .Values.controller.metrics.prometheusRule.namespace }}
namespace: {{ .Values.controller.metrics.prometheusRule.namespace | quote }}
{{- end }}
labels:
{{- include "ingress-nginx.labels" . | nindent 4 }}
app.kubernetes.io/component: controller
{{- if .Values.controller.metrics.prometheusRule.additionalLabels }}
{{- toYaml .Values.controller.metrics.prometheusRule.additionalLabels | nindent 4 }}
{{- end }}
spec:
{{- if .Values.controller.metrics.prometheusRule.rules }}
groups:
- name: {{ template "ingress-nginx.name" . }}
rules: {{- toYaml .Values.controller.metrics.prometheusRule.rules | nindent 4 }}
{{- end }}
{{- end }}

86
test/ingress-nginx/3.34.0/templates/controller-psp.yaml Normal file
View File

@@ -0,0 +1,86 @@
{{- if and .Values.podSecurityPolicy.enabled (empty .Values.controller.existingPsp) -}}
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: {{ include "ingress-nginx.fullname" . }}
labels:
{{- include "ingress-nginx.labels" . | nindent 4 }}
app.kubernetes.io/component: controller
spec:
allowedCapabilities:
- NET_BIND_SERVICE
{{- if .Values.controller.sysctls }}
allowedUnsafeSysctls:
{{- range $sysctl, $value := .Values.controller.sysctls }}
- {{ $sysctl }}
{{- end }}
{{- end }}
privileged: false
allowPrivilegeEscalation: true
# Allow core volume types.
volumes:
- 'configMap'
- 'emptyDir'
#- 'projected'
- 'secret'
#- 'downwardAPI'
{{- if .Values.controller.hostNetwork }}
hostNetwork: {{ .Values.controller.hostNetwork }}
{{- end }}
{{- if or .Values.controller.hostNetwork .Values.controller.hostPort.enabled }}
hostPorts:
{{- if .Values.controller.hostNetwork }}
{{- range $key, $value := .Values.controller.containerPort }}
# {{ $key }}
- min: {{ $value }}
max: {{ $value }}
{{- end }}
{{- else if .Values.controller.hostPort.enabled }}
{{- range $key, $value := .Values.controller.hostPort.ports }}
# {{ $key }}
- min: {{ $value }}
max: {{ $value }}
{{- end }}
{{- end }}
{{- if .Values.controller.metrics.enabled }}
# metrics
- min: {{ .Values.controller.metrics.port }}
max: {{ .Values.controller.metrics.port }}
{{- end }}
{{- if .Values.controller.admissionWebhooks.enabled }}
# admission webhooks
- min: {{ .Values.controller.admissionWebhooks.port }}
max: {{ .Values.controller.admissionWebhooks.port }}
{{- end }}
{{- range $key, $value := .Values.tcp }}
# {{ $key }}-tcp
- min: {{ $key }}
max: {{ $key }}
{{- end }}
{{- range $key, $value := .Values.udp }}
# {{ $key }}-udp
- min: {{ $key }}
max: {{ $key }}
{{- end }}
{{- end }}
hostIPC: false
hostPID: false
runAsUser:
# Require the container to run without root privileges.
rule: 'MustRunAsNonRoot'
supplementalGroups:
rule: 'MustRunAs'
ranges:
# Forbid adding the root group.
- min: 1
max: 65535
fsGroup:
rule: 'MustRunAs'
ranges:
# Forbid adding the root group.
- min: 1
max: 65535
readOnlyRootFilesystem: false
seLinux:
rule: 'RunAsAny'
{{- end }}

92
test/ingress-nginx/3.34.0/templates/controller-role.yaml Normal file
View File

@@ -0,0 +1,92 @@
{{- if .Values.rbac.create -}}
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
{{- include "ingress-nginx.labels" . | nindent 4 }}
app.kubernetes.io/component: controller
name: {{ include "ingress-nginx.fullname" . }}
namespace: {{ .Release.Namespace }}
rules:
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- apiGroups:
- ""
resources:
- configmaps
- pods
- secrets
- endpoints
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- services
verbs:
- get
- list
- watch
- apiGroups:
- extensions
- "networking.k8s.io" # k8s 1.14+
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- extensions
- "networking.k8s.io" # k8s 1.14+
resources:
- ingresses/status
verbs:
- update
- apiGroups:
- "networking.k8s.io" # k8s 1.14+
resources:
- ingressclasses
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- configmaps
resourceNames:
- {{ .Values.controller.electionID }}-{{ .Values.controller.ingressClass }}
verbs:
- get
- update
- apiGroups:
- ""
resources:
- configmaps
verbs:
- create
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
{{- if .Values.podSecurityPolicy.enabled }}
- apiGroups: [{{ template "podSecurityPolicy.apiGroup" . }}]
resources: ['podsecuritypolicies']
verbs: ['use']
{{- with .Values.controller.existingPsp }}
resourceNames: [{{ . }}]
{{- else }}
resourceNames: [{{ include "ingress-nginx.fullname" . }}]
{{- end }}
{{- end }}
{{- end }}

18
test/ingress-nginx/3.34.0/templates/controller-rolebinding.yaml Normal file
View File

@@ -0,0 +1,18 @@
{{- if .Values.rbac.create -}}
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
{{- include "ingress-nginx.labels" . | nindent 4 }}
app.kubernetes.io/component: controller
name: {{ include "ingress-nginx.fullname" . }}
namespace: {{ .Release.Namespace }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ include "ingress-nginx.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ template "ingress-nginx.serviceAccountName" . }}
namespace: {{ .Release.Namespace | quote }}
{{- end }}

51
test/ingress-nginx/3.34.0/templates/controller-service-internal.yaml Normal file
View File

@@ -0,0 +1,51 @@
{{- if and .Values.controller.service.enabled .Values.controller.service.internal.enabled .Values.controller.service.internal.annotations}}
apiVersion: v1
kind: Service
metadata:
annotations:
{{- range $key, $value := .Values.controller.service.internal.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
labels:
{{- include "ingress-nginx.labels" . | nindent 4 }}
app.kubernetes.io/component: controller
{{- if .Values.controller.service.labels }}
{{- toYaml .Values.controller.service.labels | nindent 4 }}
{{- end }}
name: {{ include "ingress-nginx.controller.fullname" . }}-internal
namespace: {{ .Release.Namespace }}
spec:
type: "{{ .Values.controller.service.type }}"
{{- if .Values.controller.service.internal.loadBalancerIP }}
loadBalancerIP: {{ .Values.controller.service.internal.loadBalancerIP }}
{{- end }}
{{- if .Values.controller.service.internal.loadBalancerSourceRanges }}
loadBalancerSourceRanges: {{ toYaml .Values.controller.service.internal.loadBalancerSourceRanges | nindent 4 }}
{{- end }}
{{- if .Values.controller.service.internal.externalTrafficPolicy }}
externalTrafficPolicy: {{ .Values.controller.service.internal.externalTrafficPolicy }}
{{- end }}
ports:
{{- $setNodePorts := (or (eq .Values.controller.service.type "NodePort") (eq .Values.controller.service.type "LoadBalancer")) }}
{{- if .Values.controller.service.enableHttp }}
- name: http
port: {{ .Values.controller.service.ports.http }}
protocol: TCP
targetPort: {{ .Values.controller.service.targetPorts.http }}
{{- if (and $setNodePorts (not (empty .Values.controller.service.nodePorts.http))) }}
nodePort: {{ .Values.controller.service.nodePorts.http }}
{{- end }}
{{- end }}
{{- if .Values.controller.service.enableHttps }}
- name: https
port: {{ .Values.controller.service.ports.https }}
protocol: TCP
targetPort: {{ .Values.controller.service.targetPorts.https }}
{{- if (and $setNodePorts (not (empty .Values.controller.service.nodePorts.https))) }}
nodePort: {{ .Values.controller.service.nodePorts.https }}
{{- end }}
{{- end }}
selector:
{{- include "ingress-nginx.selectorLabels" . | nindent 4 }}
app.kubernetes.io/component: controller
{{- end }}

44
test/ingress-nginx/3.34.0/templates/controller-service-metrics.yaml Normal file
View File

@@ -0,0 +1,44 @@
{{- if .Values.controller.metrics.enabled -}}
apiVersion: v1
kind: Service
metadata:
{{- if .Values.controller.metrics.service.annotations }}
annotations: {{ toYaml .Values.controller.metrics.service.annotations | nindent 4 }}
{{- end }}
labels:
{{- include "ingress-nginx.labels" . | nindent 4 }}
app.kubernetes.io/component: controller
{{- if .Values.controller.metrics.service.labels }}
{{- toYaml .Values.controller.metrics.service.labels | nindent 4 }}
{{- end }}
name: {{ include "ingress-nginx.controller.fullname" . }}-metrics
namespace: {{ .Release.Namespace }}
spec:
type: {{ .Values.controller.metrics.service.type }}
{{- if .Values.controller.metrics.service.clusterIP }}
clusterIP: {{ .Values.controller.metrics.service.clusterIP }}
{{- end }}
{{- if .Values.controller.metrics.service.externalIPs }}
externalIPs: {{ toYaml .Values.controller.metrics.service.externalIPs | nindent 4 }}
{{- end }}
{{- if .Values.controller.metrics.service.loadBalancerIP }}
loadBalancerIP: {{ .Values.controller.metrics.service.loadBalancerIP }}
{{- end }}
{{- if .Values.controller.metrics.service.loadBalancerSourceRanges }}
loadBalancerSourceRanges: {{ toYaml .Values.controller.metrics.service.loadBalancerSourceRanges | nindent 4 }}
{{- end }}
{{- if .Values.controller.metrics.service.externalTrafficPolicy }}
externalTrafficPolicy: {{ .Values.controller.metrics.service.externalTrafficPolicy }}
{{- end }}
ports:
- name: metrics
port: {{ .Values.controller.metrics.service.servicePort }}
targetPort: metrics
{{- $setNodePorts := (or (eq .Values.controller.metrics.service.type "NodePort") (eq .Values.controller.metrics.service.type "LoadBalancer")) }}
{{- if (and $setNodePorts (not (empty .Values.controller.metrics.service.nodePort))) }}
nodePort: {{ .Values.controller.metrics.service.nodePort }}
{{- end }}
selector:
{{- include "ingress-nginx.selectorLabels" . | nindent 4 }}
app.kubernetes.io/component: controller
{{- end }}

34
test/ingress-nginx/3.34.0/templates/controller-service-webhook.yaml Normal file
View File

@@ -0,0 +1,34 @@
{{- if .Values.controller.admissionWebhooks.enabled -}}
apiVersion: v1
kind: Service
metadata:
{{- if .Values.controller.admissionWebhooks.service.annotations }}
annotations: {{ toYaml .Values.controller.admissionWebhooks.service.annotations | nindent 4 }}
{{- end }}
labels:
{{- include "ingress-nginx.labels" . | nindent 4 }}
app.kubernetes.io/component: controller
name: {{ include "ingress-nginx.controller.fullname" . }}-admission
namespace: {{ .Release.Namespace }}
spec:
type: {{ .Values.controller.admissionWebhooks.service.type }}
{{- if .Values.controller.admissionWebhooks.service.clusterIP }}
clusterIP: {{ .Values.controller.admissionWebhooks.service.clusterIP }}
{{- end }}
{{- if .Values.controller.admissionWebhooks.service.externalIPs }}
externalIPs: {{ toYaml .Values.controller.admissionWebhooks.service.externalIPs | nindent 4 }}
{{- end }}
{{- if .Values.controller.admissionWebhooks.service.loadBalancerIP }}
loadBalancerIP: {{ .Values.controller.admissionWebhooks.service.loadBalancerIP }}
{{- end }}
{{- if .Values.controller.admissionWebhooks.service.loadBalancerSourceRanges }}
loadBalancerSourceRanges: {{ toYaml .Values.controller.admissionWebhooks.service.loadBalancerSourceRanges | nindent 4 }}
{{- end }}
ports:
- name: https-webhook
port: 443
targetPort: webhook
selector:
{{- include "ingress-nginx.selectorLabels" . | nindent 4 }}
app.kubernetes.io/component: controller
{{- end }}

85
test/ingress-nginx/3.34.0/templates/controller-service.yaml Normal file
View File

@@ -0,0 +1,85 @@
{{- if .Values.controller.service.enabled -}}
apiVersion: v1
kind: Service
metadata:
annotations:
{{- range $key, $value := .Values.controller.service.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
labels:
{{- include "ingress-nginx.labels" . | nindent 4 }}
app.kubernetes.io/component: controller
{{- if .Values.controller.service.labels }}
{{- toYaml .Values.controller.service.labels | nindent 4 }}
{{- end }}
name: {{ include "ingress-nginx.controller.fullname" . }}
namespace: {{ .Release.Namespace }}
spec:
type: {{ .Values.controller.service.type }}
{{- if .Values.controller.service.clusterIP }}
clusterIP: {{ .Values.controller.service.clusterIP }}
{{- end }}
{{- if .Values.controller.service.externalIPs }}
externalIPs: {{ toYaml .Values.controller.service.externalIPs | nindent 4 }}
{{- end }}
{{- if .Values.controller.service.loadBalancerIP }}
loadBalancerIP: {{ .Values.controller.service.loadBalancerIP }}
{{- end }}
{{- if .Values.controller.service.loadBalancerSourceRanges }}
loadBalancerSourceRanges: {{ toYaml .Values.controller.service.loadBalancerSourceRanges | nindent 4 }}
{{- end }}
{{- if .Values.controller.service.externalTrafficPolicy }}
externalTrafficPolicy: {{ .Values.controller.service.externalTrafficPolicy }}
{{- end }}
{{- if .Values.controller.service.sessionAffinity }}
sessionAffinity: {{ .Values.controller.service.sessionAffinity }}
{{- end }}
{{- if .Values.controller.service.healthCheckNodePort }}
healthCheckNodePort: {{ .Values.controller.service.healthCheckNodePort }}
{{- end }}
ports:
{{- $setNodePorts := (or (eq .Values.controller.service.type "NodePort") (eq .Values.controller.service.type "LoadBalancer")) }}
{{- if .Values.controller.service.enableHttp }}
- name: http
port: {{ .Values.controller.service.ports.http }}
protocol: TCP
targetPort: {{ .Values.controller.service.targetPorts.http }}
{{- if (and $setNodePorts (not (empty .Values.controller.service.nodePorts.http))) }}
nodePort: {{ .Values.controller.service.nodePorts.http }}
{{- end }}
{{- end }}
{{- if .Values.controller.service.enableHttps }}
- name: https
port: {{ .Values.controller.service.ports.https }}
protocol: TCP
targetPort: {{ .Values.controller.service.targetPorts.https }}
{{- if (and $setNodePorts (not (empty .Values.controller.service.nodePorts.https))) }}
nodePort: {{ .Values.controller.service.nodePorts.https }}
{{- end }}
{{- end }}
{{- range $key, $value := .Values.tcp }}
- name: {{ $key }}-tcp
port: {{ $key }}
protocol: TCP
targetPort: {{ $key }}-tcp
{{- if $.Values.controller.service.nodePorts.tcp }}
{{- if index $.Values.controller.service.nodePorts.tcp $key }}
nodePort: {{ index $.Values.controller.service.nodePorts.tcp $key }}
{{- end }}
{{- end }}
{{- end }}
{{- range $key, $value := .Values.udp }}
- name: {{ $key }}-udp
port: {{ $key }}
protocol: UDP
targetPort: {{ $key }}-udp
{{- if $.Values.controller.service.nodePorts.udp }}
{{- if index $.Values.controller.service.nodePorts.udp $key }}
nodePort: {{ index $.Values.controller.service.nodePorts.udp $key }}
{{- end }}
{{- end }}
{{- end }}
selector:
{{- include "ingress-nginx.selectorLabels" . | nindent 4 }}
app.kubernetes.io/component: controller
{{- end }}

11
test/ingress-nginx/3.34.0/templates/controller-serviceaccount.yaml Normal file
View File

@@ -0,0 +1,11 @@
{{- if or .Values.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
{{- include "ingress-nginx.labels" . | nindent 4 }}
app.kubernetes.io/component: controller
name: {{ template "ingress-nginx.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }}
{{- end }}

45
test/ingress-nginx/3.34.0/templates/controller-servicemonitor.yaml Normal file
View File

@@ -0,0 +1,45 @@
{{- if and .Values.controller.metrics.enabled .Values.controller.metrics.serviceMonitor.enabled -}}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ include "ingress-nginx.controller.fullname" . }}
{{- if .Values.controller.metrics.serviceMonitor.namespace }}
namespace: {{ .Values.controller.metrics.serviceMonitor.namespace | quote }}
{{- end }}
labels:
{{- include "ingress-nginx.labels" . | nindent 4 }}
app.kubernetes.io/component: controller
{{- if .Values.controller.metrics.serviceMonitor.additionalLabels }}
{{- toYaml .Values.controller.metrics.serviceMonitor.additionalLabels | nindent 4 }}
{{- end }}
spec:
endpoints:
- port: metrics
interval: {{ .Values.controller.metrics.serviceMonitor.scrapeInterval }}
{{- if .Values.controller.metrics.serviceMonitor.honorLabels }}
honorLabels: true
{{- end }}
{{- if .Values.controller.metrics.serviceMonitor.metricRelabelings }}
metricRelabelings: {{ toYaml .Values.controller.metrics.serviceMonitor.metricRelabelings | nindent 8 }}
{{- end }}
{{- if .Values.controller.metrics.serviceMonitor.jobLabel }}
jobLabel: {{ .Values.controller.metrics.serviceMonitor.jobLabel | quote }}
{{- end }}
{{- if .Values.controller.metrics.serviceMonitor.namespaceSelector }}
namespaceSelector: {{ toYaml .Values.controller.metrics.serviceMonitor.namespaceSelector | nindent 4 }}
{{ else }}
namespaceSelector:
matchNames:
- {{ .Release.Namespace }}
{{- end }}
{{- if .Values.controller.metrics.serviceMonitor.targetLabels }}
targetLabels:
{{- range .Values.controller.metrics.serviceMonitor.targetLabels }}
- {{ . }}
{{- end }}
{{- end }}
selector:
matchLabels:
{{- include "ingress-nginx.selectorLabels" . | nindent 6 }}
app.kubernetes.io/component: controller
{{- end }}

112
test/ingress-nginx/3.34.0/templates/default-backend-deployment.yaml Normal file
View File

@@ -0,0 +1,112 @@
{{- if .Values.defaultBackend.enabled -}}
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
{{- include "ingress-nginx.labels" . | nindent 4 }}
app.kubernetes.io/component: default-backend
name: {{ include "ingress-nginx.defaultBackend.fullname" . }}
namespace: {{ .Release.Namespace }}
spec:
selector:
matchLabels:
{{- include "ingress-nginx.selectorLabels" . | nindent 6 }}
app.kubernetes.io/component: default-backend
{{- if not .Values.defaultBackend.autoscaling.enabled }}
replicas: {{ .Values.defaultBackend.replicaCount }}
{{- end }}
revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
template:
metadata:
{{- if .Values.defaultBackend.podAnnotations }}
annotations: {{ toYaml .Values.defaultBackend.podAnnotations | nindent 8 }}
{{- end }}
labels:
{{- include "ingress-nginx.selectorLabels" . | nindent 8 }}
app.kubernetes.io/component: default-backend
{{- if .Values.defaultBackend.podLabels }}
{{- toYaml .Values.defaultBackend.podLabels | nindent 8 }}
{{- end }}
spec:
{{- if .Values.imagePullSecrets }}
imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 8 }}
{{- end }}
{{- if .Values.defaultBackend.priorityClassName }}
priorityClassName: {{ .Values.defaultBackend.priorityClassName }}
{{- end }}
{{- if .Values.defaultBackend.podSecurityContext }}
securityContext: {{ toYaml .Values.defaultBackend.podSecurityContext | nindent 8 }}
{{- end }}
containers:
- name: {{ template "ingress-nginx.name" . }}-default-backend
{{- with .Values.defaultBackend.image }}
image: "{{- if .repository -}}{{ .repository }}{{ else }}{{ .registry }}/{{ .image }}{{- end -}}:{{ .tag }}{{- if (.digest) -}} @{{.digest}} {{- end -}}"
{{- end }}
imagePullPolicy: {{ .Values.defaultBackend.image.pullPolicy }}
{{- if .Values.defaultBackend.extraArgs }}
args:
{{- range $key, $value := .Values.defaultBackend.extraArgs }}
{{- /* Accept keys without values or with false as value */}}
{{- if eq ($value | quote | len) 2 }}
- --{{ $key }}
{{- else }}
- --{{ $key }}={{ $value }}
{{- end }}
{{- end }}
{{- end }}
securityContext:
capabilities:
drop:
- ALL
runAsUser: {{ .Values.defaultBackend.image.runAsUser }}
runAsNonRoot: {{ .Values.defaultBackend.image.runAsNonRoot }}
allowPrivilegeEscalation: {{ .Values.defaultBackend.image.allowPrivilegeEscalation }}
readOnlyRootFilesystem: {{ .Values.defaultBackend.image.readOnlyRootFilesystem}}
{{- if .Values.defaultBackend.extraEnvs }}
env: {{ toYaml .Values.defaultBackend.extraEnvs | nindent 12 }}
{{- end }}
livenessProbe:
httpGet:
path: /healthz
port: {{ .Values.defaultBackend.port }}
scheme: HTTP
initialDelaySeconds: {{ .Values.defaultBackend.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.defaultBackend.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.defaultBackend.livenessProbe.timeoutSeconds }}
successThreshold: {{ .Values.defaultBackend.livenessProbe.successThreshold }}
failureThreshold: {{ .Values.defaultBackend.livenessProbe.failureThreshold }}
readinessProbe:
httpGet:
path: /healthz
port: {{ .Values.defaultBackend.port }}
scheme: HTTP
initialDelaySeconds: {{ .Values.defaultBackend.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.defaultBackend.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.defaultBackend.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.defaultBackend.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.defaultBackend.readinessProbe.failureThreshold }}
ports:
- name: http
containerPort: {{ .Values.defaultBackend.port }}
protocol: TCP
{{- if .Values.defaultBackend.extraVolumeMounts }}
volumeMounts: {{- toYaml .Values.defaultBackend.extraVolumeMounts | nindent 12 }}
{{- end }}
{{- if .Values.defaultBackend.resources }}
resources: {{ toYaml .Values.defaultBackend.resources | nindent 12 }}
{{- end }}
{{- if .Values.defaultBackend.nodeSelector }}
nodeSelector: {{ toYaml .Values.defaultBackend.nodeSelector | nindent 8 }}
{{- end }}
serviceAccountName: {{ template "ingress-nginx.defaultBackend.serviceAccountName" . }}
{{- if .Values.defaultBackend.tolerations }}
tolerations: {{ toYaml .Values.defaultBackend.tolerations | nindent 8 }}
{{- end }}
{{- if .Values.defaultBackend.affinity }}
affinity: {{ toYaml .Values.defaultBackend.affinity | nindent 8 }}
{{- end }}
terminationGracePeriodSeconds: 60
{{- if .Values.defaultBackend.extraVolumes }}
volumes: {{ toYaml .Values.defaultBackend.extraVolumes | nindent 8 }}
{{- end }}
{{- end }}

30
test/ingress-nginx/3.34.0/templates/default-backend-hpa.yaml Normal file
View File

@@ -0,0 +1,30 @@
{{- if and .Values.defaultBackend.enabled .Values.defaultBackend.autoscaling.enabled }}
apiVersion: autoscaling/v2beta1
kind: HorizontalPodAutoscaler
metadata:
labels:
{{- include "ingress-nginx.labels" . | nindent 4 }}
app.kubernetes.io/component: default-backend
name: {{ template "ingress-nginx.defaultBackend.fullname" . }}
namespace: {{ .Release.Namespace }}
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: {{ template "ingress-nginx.defaultBackend.fullname" . }}
minReplicas: {{ .Values.defaultBackend.autoscaling.minReplicas }}
maxReplicas: {{ .Values.defaultBackend.autoscaling.maxReplicas }}
metrics:
{{- with .Values.defaultBackend.autoscaling.targetCPUUtilizationPercentage }}
- type: Resource
resource:
name: cpu
targetAverageUtilization: {{ . }}
{{- end }}
{{- with .Values.defaultBackend.autoscaling.targetMemoryUtilizationPercentage }}
- type: Resource
resource:
name: memory
targetAverageUtilization: {{ . }}
{{- end }}
{{- end }}

16
test/ingress-nginx/3.34.0/templates/default-backend-poddisruptionbudget.yaml Normal file
View File

@@ -0,0 +1,16 @@
{{- if or (gt (.Values.defaultBackend.replicaCount | int) 1) (gt (.Values.defaultBackend.autoscaling.minReplicas | int) 1) }}
apiVersion: policy/v1beta1
kind: PodDisruptionBudget
metadata:
labels:
{{- include "ingress-nginx.labels" . | nindent 4 }}
app.kubernetes.io/component: default-backend
name: {{ include "ingress-nginx.defaultBackend.fullname" . }}
namespace: {{ .Release.Namespace }}
spec:
selector:
matchLabels:
{{- include "ingress-nginx.selectorLabels" . | nindent 6 }}
app.kubernetes.io/component: default-backend
minAvailable: {{ .Values.defaultBackend.minAvailable }}
{{- end }}

33
test/ingress-nginx/3.34.0/templates/default-backend-psp.yaml Normal file
View File

@@ -0,0 +1,33 @@
{{- if and .Values.podSecurityPolicy.enabled .Values.defaultBackend.enabled (empty .Values.defaultBackend.existingPsp) -}}
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: {{ include "ingress-nginx.fullname" . }}-backend
labels:
{{- include "ingress-nginx.labels" . | nindent 4 }}
app.kubernetes.io/component: default-backend
spec:
allowPrivilegeEscalation: false
fsGroup:
ranges:
- max: 65535
min: 1
rule: MustRunAs
requiredDropCapabilities:
- ALL
runAsUser:
rule: MustRunAsNonRoot
seLinux:
rule: RunAsAny
supplementalGroups:
ranges:
- max: 65535
min: 1
rule: MustRunAs
volumes:
- configMap
- emptyDir
- projected
- secret
- downwardAPI
{{- end }}

19
test/ingress-nginx/3.34.0/templates/default-backend-role.yaml Normal file
View File

@@ -0,0 +1,19 @@
{{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled .Values.defaultBackend.enabled -}}
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
{{- include "ingress-nginx.labels" . | nindent 4 }}
app.kubernetes.io/component: default-backend
name: {{ include "ingress-nginx.fullname" . }}-backend
namespace: {{ .Release.Namespace }}
rules:
- apiGroups: [{{ template "podSecurityPolicy.apiGroup" . }}]
resources: ['podsecuritypolicies']
verbs: ['use']
{{- with .Values.defaultBackend.existingPsp }}
resourceNames: [{{ . }}]
{{- else }}
resourceNames: [{{ include "ingress-nginx.fullname" . }}-backend]
{{- end }}
{{- end }}

18
test/ingress-nginx/3.34.0/templates/default-backend-rolebinding.yaml Normal file
View File

@@ -0,0 +1,18 @@
{{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled .Values.defaultBackend.enabled -}}
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
{{- include "ingress-nginx.labels" . | nindent 4 }}
app.kubernetes.io/component: default-backend
name: {{ include "ingress-nginx.fullname" . }}-backend
namespace: {{ .Release.Namespace }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ include "ingress-nginx.fullname" . }}-backend
subjects:
- kind: ServiceAccount
name: {{ template "ingress-nginx.defaultBackend.serviceAccountName" . }}
namespace: {{ .Release.Namespace | quote }}
{{- end }}

35
test/ingress-nginx/3.34.0/templates/default-backend-service.yaml Normal file
View File

@@ -0,0 +1,35 @@
{{- if .Values.defaultBackend.enabled -}}
apiVersion: v1
kind: Service
metadata:
{{- if .Values.defaultBackend.service.annotations }}
annotations: {{ toYaml .Values.defaultBackend.service.annotations | nindent 4 }}
{{- end }}
labels:
{{- include "ingress-nginx.labels" . | nindent 4 }}
app.kubernetes.io/component: default-backend
name: {{ include "ingress-nginx.defaultBackend.fullname" . }}
namespace: {{ .Release.Namespace }}
spec:
type: {{ .Values.defaultBackend.service.type }}
{{- if .Values.defaultBackend.service.clusterIP }}
clusterIP: {{ .Values.defaultBackend.service.clusterIP }}
{{- end }}
{{- if .Values.defaultBackend.service.externalIPs }}
externalIPs: {{ toYaml .Values.defaultBackend.service.externalIPs | nindent 4 }}
{{- end }}
{{- if .Values.defaultBackend.service.loadBalancerIP }}
loadBalancerIP: {{ .Values.defaultBackend.service.loadBalancerIP }}
{{- end }}
{{- if .Values.defaultBackend.service.loadBalancerSourceRanges }}
loadBalancerSourceRanges: {{ toYaml .Values.defaultBackend.service.loadBalancerSourceRanges | nindent 4 }}
{{- end }}
ports:
- name: http
port: {{ .Values.defaultBackend.service.servicePort }}
protocol: TCP
targetPort: http
selector:
{{- include "ingress-nginx.selectorLabels" . | nindent 4 }}
app.kubernetes.io/component: default-backend
{{- end }}

11
test/ingress-nginx/3.34.0/templates/default-backend-serviceaccount.yaml Normal file
View File

@@ -0,0 +1,11 @@
{{- if and .Values.defaultBackend.enabled .Values.defaultBackend.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
{{- include "ingress-nginx.labels" . | nindent 4 }}
app.kubernetes.io/component: default-backend
name: {{ template "ingress-nginx.defaultBackend.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
automountServiceAccountToken: {{ .Values.defaultBackend.serviceAccount.automountServiceAccountToken }}
{{- end }}

10
test/ingress-nginx/3.34.0/templates/dh-param-secret.yaml Normal file
View File

@@ -0,0 +1,10 @@
{{- with .Values.dhParam -}}
apiVersion: v1
kind: Secret
metadata:
name: {{ include "ingress-nginx.controller.fullname" $ }}
labels:
{{- include "ingress-nginx.labels" $ | nindent 4 }}
data:
dhparam.pem: {{ . }}
{{- end }}

18
test/ingress-nginx/3.34.0/templates/letsencrypt-issuer.yaml Normal file
View File

@@ -0,0 +1,18 @@
# apiVersion: cert-manager.io/v1
# kind: ClusterIssuer
# metadata:
# name: letsencrypt-prod
# spec:
# acme:
# # The ACME server URL
# server: https://acme-v02.api.letsencrypt.org/directory
# # Email address used for ACME registration
# email: {{ .Values.email }}
# # Name of a secret used to store the ACME account private key
# privateKeySecretRef:
# name: letsencrypt-prod
# # Enable the HTTP-01 challenge provider
# solvers:
# - http01:
# ingress:
# class: nginx

808
test/ingress-nginx/3.34.0/values.yaml Normal file
View File

@@ -0,0 +1,808 @@
## nginx configuration
## Ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/index.md
##
## Overrides for generated resource names
# See templates/_helpers.tpl
# nameOverride:
# fullnameOverride:
controller:
name: controller
image:
registry: k8s.gcr.io
image: ingress-nginx/controller
# for backwards compatibility consider setting the full image url via the repository value below
# use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail
# repository:
tag: "v0.47.0"
digest: sha256:a1e4efc107be0bb78f32eaec37bef17d7a0c81bec8066cdf2572508d21351d0b
pullPolicy: IfNotPresent
# www-data -> uid 101
runAsUser: 101
allowPrivilegeEscalation: true
# Use an existing PSP instead of creating one
existingPsp: ""
# Configures the controller container name
containerName: controller
# Configures the ports the nginx-controller listens on
containerPort:
http: 80
https: 443
# Will add custom configuration options to Nginx https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/
config: {}
## Annotations to be added to the controller config configuration configmap
##
configAnnotations: {}
# Will add custom headers before sending traffic to backends according to https://github.com/kubernetes/ingress-nginx/tree/master/docs/examples/customization/custom-headers
proxySetHeaders: {}
# Will add custom headers before sending response traffic to the client according to: https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#add-headers
addHeaders: {}
# Optionally customize the pod dnsConfig.
dnsConfig: {}
# Optionally change this to ClusterFirstWithHostNet in case you have 'hostNetwork: true'.
# By default, while using host network, name resolution uses the host's DNS. If you wish nginx-controller
# to keep resolving names inside the k8s network, use ClusterFirstWithHostNet.
dnsPolicy: ClusterFirst
# Bare-metal considerations via the host network https://kubernetes.github.io/ingress-nginx/deploy/baremetal/#via-the-host-network
# Ingress status was blank because there is no Service exposing the NGINX Ingress controller in a configuration using the host network, the default --publish-service flag used in standard cloud setups does not apply
reportNodeInternalIp: false
# Required for use with CNI based kubernetes installations (such as ones set up by kubeadm),
# since CNI and hostport don't mix yet. Can be deprecated once https://github.com/kubernetes/kubernetes/issues/23920
# is merged
hostNetwork: false
## Use host ports 80 and 443
## Disabled by default
##
hostPort:
enabled: false
ports:
http: 80
https: 443
## Election ID to use for status update
##
electionID: ingress-controller-leader
## Name of the ingress class to route through this controller
##
ingressClass: nginx
# This section refers to the creation of the IngressClass resource
# IngressClass resources are supported since k8s >= 1.18
ingressClassResource:
enabled: false
default: false
# Parameters is a link to a custom resource containing additional
# configuration for the controller. This is optional if the controller
# does not require extra parameters.
parameters: {}
# labels to add to the pod container metadata
podLabels: {}
# key: value
## Security Context policies for controller pods
##
podSecurityContext: {}
## See https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ for
## notes on enabling and using sysctls
###
sysctls: {}
# sysctls:
# "net.core.somaxconn": "8192"
## Allows customization of the source of the IP address or FQDN to report
## in the ingress status field. By default, it reads the information provided
## by the service. If disable, the status field reports the IP address of the
## node or nodes where an ingress controller pod is running.
publishService:
enabled: true
## Allows overriding of the publish service to bind to
## Must be <namespace>/<service_name>
##
pathOverride: ""
## Limit the scope of the controller
##
scope:
enabled: false
namespace: "" # defaults to .Release.Namespace
## Allows customization of the configmap / nginx-configmap namespace
##
configMapNamespace: "" # defaults to .Release.Namespace
## Allows customization of the tcp-services-configmap
##
tcp:
configMapNamespace: "" # defaults to .Release.Namespace
## Annotations to be added to the tcp config configmap
annotations: {}
## Allows customization of the udp-services-configmap
##
udp:
configMapNamespace: "" # defaults to .Release.Namespace
## Annotations to be added to the udp config configmap
annotations: {}
# Maxmind license key to download GeoLite2 Databases
# https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-geolite2-databases
maxmindLicenseKey: ""
## Additional command line arguments to pass to nginx-ingress-controller
## E.g. to specify the default SSL certificate you can use
## extraArgs:
## default-ssl-certificate: "<namespace>/<secret_name>"
extraArgs: {}
## Additional environment variables to set
extraEnvs: []
# extraEnvs:
# - name: FOO
# valueFrom:
# secretKeyRef:
# key: FOO
# name: secret-resource
## DaemonSet or Deployment
##
kind: Deployment
## Annotations to be added to the controller Deployment or DaemonSet
##
annotations: {}
# keel.sh/pollSchedule: "@every 60m"
## Labels to be added to the controller Deployment or DaemonSet
##
labels: {}
# keel.sh/policy: patch
# keel.sh/trigger: poll
# The update strategy to apply to the Deployment or DaemonSet
##
updateStrategy: {}
# rollingUpdate:
# maxUnavailable: 1
# type: RollingUpdate
# minReadySeconds to avoid killing pods before we are ready
##
minReadySeconds: 0
## Node tolerations for server scheduling to nodes with taints
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
##
tolerations: []
# - key: "key"
# operator: "Equal|Exists"
# value: "value"
# effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)"
## Affinity and anti-affinity
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
##
affinity: {}
# # An example of preferred pod anti-affinity, weight is in the range 1-100
# podAntiAffinity:
# preferredDuringSchedulingIgnoredDuringExecution:
# - weight: 100
# podAffinityTerm:
# labelSelector:
# matchExpressions:
# - key: app.kubernetes.io/name
# operator: In
# values:
# - ingress-nginx
# - key: app.kubernetes.io/instance
# operator: In
# values:
# - ingress-nginx
# - key: app.kubernetes.io/component
# operator: In
# values:
# - controller
# topologyKey: kubernetes.io/hostname
# # An example of required pod anti-affinity
# podAntiAffinity:
# requiredDuringSchedulingIgnoredDuringExecution:
# - labelSelector:
# matchExpressions:
# - key: app.kubernetes.io/name
# operator: In
# values:
# - ingress-nginx
# - key: app.kubernetes.io/instance
# operator: In
# values:
# - ingress-nginx
# - key: app.kubernetes.io/component
# operator: In
# values:
# - controller
# topologyKey: "kubernetes.io/hostname"
## Topology spread constraints rely on node labels to identify the topology domain(s) that each Node is in.
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
##
topologySpreadConstraints: []
# - maxSkew: 1
# topologyKey: failure-domain.beta.kubernetes.io/zone
# whenUnsatisfiable: DoNotSchedule
# labelSelector:
# matchLabels:
# app.kubernetes.io/instance: ingress-nginx-internal
## terminationGracePeriodSeconds
## wait up to five minutes for the drain of connections
##
terminationGracePeriodSeconds: 300
## Node labels for controller pod assignment
## Ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector:
kubernetes.io/os: linux
## Liveness and readiness probe values
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
##
# startupProbe:
# httpGet:
# # should match container.healthCheckPath
# path: "/healthz"
# port: 10254
# scheme: HTTP
# initialDelaySeconds: 5
# periodSeconds: 5
# timeoutSeconds: 2
# successThreshold: 1
# failureThreshold: 5
livenessProbe:
httpGet:
# should match container.healthCheckPath
path: "/healthz"
port: 10254
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 1
successThreshold: 1
failureThreshold: 5
readinessProbe:
httpGet:
# should match container.healthCheckPath
path: "/healthz"
port: 10254
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 1
successThreshold: 1
failureThreshold: 3
# Path of the health check endpoint. All requests received on the port defined by
# the healthz-port parameter are forwarded internally to this path.
healthCheckPath: "/healthz"
## Annotations to be added to controller pods
##
podAnnotations: {}
replicaCount: 1
minAvailable: 1
# Define requests resources to avoid probe issues due to CPU utilization in busy nodes
# ref: https://github.com/kubernetes/ingress-nginx/issues/4735#issuecomment-551204903
# Ideally, there should be no limits.
# https://engineering.indeedblog.com/blog/2019/12/cpu-throttling-regression-fix/
resources:
# limits:
# cpu: 100m
# memory: 90Mi
requests:
cpu: 100m
memory: 90Mi
# Mutually exclusive with keda autoscaling
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 11
targetCPUUtilizationPercentage: 50
targetMemoryUtilizationPercentage: 50
autoscalingTemplate: []
# Custom or additional autoscaling metrics
# ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/#support-for-custom-metrics
# - type: Pods
# pods:
# metric:
# name: nginx_ingress_controller_nginx_process_requests_total
# target:
# type: AverageValue
# averageValue: 10000m
# Mutually exclusive with hpa autoscaling
keda:
apiVersion: "keda.sh/v1alpha1"
# apiVersion changes with keda 1.x vs 2.x
# 2.x = keda.sh/v1alpha1
# 1.x = keda.k8s.io/v1alpha1
enabled: false
minReplicas: 1
maxReplicas: 11
pollingInterval: 30
cooldownPeriod: 300
restoreToOriginalReplicaCount: false
scaledObject:
annotations: {}
# Custom annotations for ScaledObject resource
# annotations:
# key: value
triggers: []
# - type: prometheus
# metadata:
# serverAddress: http://<prometheus-host>:9090
# metricName: http_requests_total
# threshold: '100'
# query: sum(rate(http_requests_total{deployment="my-deployment"}[2m]))
behavior: {}
# scaleDown:
# stabilizationWindowSeconds: 300
# policies:
# - type: Pods
# value: 1
# periodSeconds: 180
# scaleUp:
# stabilizationWindowSeconds: 300
# policies:
# - type: Pods
# value: 2
# periodSeconds: 60
## Enable mimalloc as a drop-in replacement for malloc.
## ref: https://github.com/microsoft/mimalloc
##
enableMimalloc: true
## Override NGINX template
customTemplate:
configMapName: ""
configMapKey: ""
service:
enabled: true
annotations: {}
labels: {}
# clusterIP: ""
## List of IP addresses at which the controller services are available
## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips
##
externalIPs: []
# loadBalancerIP: ""
loadBalancerSourceRanges: []
enableHttp: true
enableHttps: true
## Set external traffic policy to: "Local" to preserve source IP on
## providers supporting it
## Ref: https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-typeloadbalancer
# externalTrafficPolicy: ""
# Must be either "None" or "ClientIP" if set. Kubernetes will default to "None".
# Ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
# sessionAffinity: ""
# specifies the health check node port (numeric port number) for the service. If healthCheckNodePort isnt specified,
# the service controller allocates a port from your clusters NodePort range.
# Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
# healthCheckNodePort: 0
ports:
http: 80
https: 443
targetPorts:
http: http
https: https
type: LoadBalancer
# type: NodePort
# nodePorts:
# http: 32080
# https: 32443
# tcp:
# 8080: 32808
nodePorts:
http: ""
https: ""
tcp: {}
udp: {}
## Enables an additional internal load balancer (besides the external one).
## Annotations are mandatory for the load balancer to come up. Varies with the cloud service.
internal:
enabled: false
annotations: {}
# loadBalancerIP: ""
## Restrict access For LoadBalancer service. Defaults to 0.0.0.0/0.
loadBalancerSourceRanges: []
## Set external traffic policy to: "Local" to preserve source IP on
## providers supporting it
## Ref: https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-typeloadbalancer
# externalTrafficPolicy: ""
extraContainers: []
## Additional containers to be added to the controller pod.
## See https://github.com/lemonldap-ng-controller/lemonldap-ng-controller as example.
# - name: my-sidecar
# image: nginx:latest
# - name: lemonldap-ng-controller
# image: lemonldapng/lemonldap-ng-controller:0.2.0
# args:
# - /lemonldap-ng-controller
# - --alsologtostderr
# - --configmap=$(POD_NAMESPACE)/lemonldap-ng-configuration
# env:
# - name: POD_NAME
# valueFrom:
# fieldRef:
# fieldPath: metadata.name
# - name: POD_NAMESPACE
# valueFrom:
# fieldRef:
# fieldPath: metadata.namespace
# volumeMounts:
# - name: copy-portal-skins
# mountPath: /srv/var/lib/lemonldap-ng/portal/skins
extraVolumeMounts: []
## Additional volumeMounts to the controller main container.
# - name: copy-portal-skins
# mountPath: /var/lib/lemonldap-ng/portal/skins
extraVolumes: []
## Additional volumes to the controller pod.
# - name: copy-portal-skins
# emptyDir: {}
extraInitContainers: []
## Containers, which are run before the app containers are started.
# - name: init-myservice
# image: busybox
# command: ['sh', '-c', 'until nslookup myservice; do echo waiting for myservice; sleep 2; done;']
admissionWebhooks:
annotations: {}
enabled: true
failurePolicy: Fail
# timeoutSeconds: 10
port: 8443
certificate: "/usr/local/certificates/cert"
key: "/usr/local/certificates/key"
namespaceSelector: {}
objectSelector: {}
# Use an existing PSP instead of creating one
existingPsp: ""
service:
annotations: {}
# clusterIP: ""
externalIPs: []
# loadBalancerIP: ""
loadBalancerSourceRanges: []
servicePort: 443
type: ClusterIP
patch:
enabled: true
image:
registry: docker.io
image: jettech/kube-webhook-certgen
# for backwards compatibility consider setting the full image url via the repository value below
# use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail
# repository:
tag: v1.5.1
pullPolicy: IfNotPresent
## Provide a priority class name to the webhook patching job
##
priorityClassName: ""
podAnnotations: {}
nodeSelector: {}
tolerations: []
runAsUser: 2000
metrics:
port: 10254
# if this port is changed, change healthz-port: in extraArgs: accordingly
enabled: false
service:
annotations: {}
# prometheus.io/scrape: "true"
# prometheus.io/port: "10254"
# clusterIP: ""
## List of IP addresses at which the stats-exporter service is available
## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips
##
externalIPs: []
# loadBalancerIP: ""
loadBalancerSourceRanges: []
servicePort: 10254
type: ClusterIP
# externalTrafficPolicy: ""
# nodePort: ""
serviceMonitor:
enabled: false
additionalLabels: {}
# The label to use to retrieve the job name from.
# jobLabel: "app.kubernetes.io/name"
namespace: ""
namespaceSelector: {}
# Default: scrape .Release.Namespace only
# To scrape all, use the following:
# namespaceSelector:
# any: true
scrapeInterval: 30s
# honorLabels: true
targetLabels: []
metricRelabelings: []
prometheusRule:
enabled: false
additionalLabels: {}
# namespace: ""
rules: []
# # These are just examples rules, please adapt them to your needs
# - alert: NGINXConfigFailed
# expr: count(nginx_ingress_controller_config_last_reload_successful == 0) > 0
# for: 1s
# labels:
# severity: critical
# annotations:
# description: bad ingress config - nginx config test failed
# summary: uninstall the latest ingress changes to allow config reloads to resume
# - alert: NGINXCertificateExpiry
# expr: (avg(nginx_ingress_controller_ssl_expire_time_seconds) by (host) - time()) < 604800
# for: 1s
# labels:
# severity: critical
# annotations:
# description: ssl certificate(s) will expire in less then a week
# summary: renew expiring certificates to avoid downtime
# - alert: NGINXTooMany500s
# expr: 100 * ( sum( nginx_ingress_controller_requests{status=~"5.+"} ) / sum(nginx_ingress_controller_requests) ) > 5
# for: 1m
# labels:
# severity: warning
# annotations:
# description: Too many 5XXs
# summary: More than 5% of all requests returned 5XX, this requires your attention
# - alert: NGINXTooMany400s
# expr: 100 * ( sum( nginx_ingress_controller_requests{status=~"4.+"} ) / sum(nginx_ingress_controller_requests) ) > 5
# for: 1m
# labels:
# severity: warning
# annotations:
# description: Too many 4XXs
# summary: More than 5% of all requests returned 4XX, this requires your attention
## Improve connection draining when ingress controller pod is deleted using a lifecycle hook:
## With this new hook, we increased the default terminationGracePeriodSeconds from 30 seconds
## to 300, allowing the draining of connections up to five minutes.
## If the active connections end before that, the pod will terminate gracefully at that time.
## To effectively take advantage of this feature, the Configmap feature
## worker-shutdown-timeout new value is 240s instead of 10s.
##
lifecycle:
preStop:
exec:
command:
- /wait-shutdown
priorityClassName: ""
## Rollback limit
##
revisionHistoryLimit: 10
## Default 404 backend
##
defaultBackend:
##
enabled: false
name: defaultbackend
image:
registry: k8s.gcr.io
image: defaultbackend-amd64
# for backwards compatibility consider setting the full image url via the repository value below
# use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail
# repository:
tag: "1.5"
pullPolicy: IfNotPresent
# nobody user -> uid 65534
runAsUser: 65534
runAsNonRoot: true
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
# Use an existing PSP instead of creating one
existingPsp: ""
extraArgs: {}
serviceAccount:
create: true
name: ""
automountServiceAccountToken: true
## Additional environment variables to set for defaultBackend pods
extraEnvs: []
port: 8080
## Readiness and liveness probes for default backend
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/
##
livenessProbe:
failureThreshold: 3
initialDelaySeconds: 30
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
readinessProbe:
failureThreshold: 6
initialDelaySeconds: 0
periodSeconds: 5
successThreshold: 1
timeoutSeconds: 5
## Node tolerations for server scheduling to nodes with taints
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
##
tolerations: []
# - key: "key"
# operator: "Equal|Exists"
# value: "value"
# effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)"
affinity: {}
## Security Context policies for controller pods
## See https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ for
## notes on enabling and using sysctls
##
podSecurityContext: {}
# labels to add to the pod container metadata
podLabels: {}
# key: value
## Node labels for default backend pod assignment
## Ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: {}
## Annotations to be added to default backend pods
##
podAnnotations: {}
replicaCount: 1
minAvailable: 1
resources: {}
# limits:
# cpu: 10m
# memory: 20Mi
# requests:
# cpu: 10m
# memory: 20Mi
extraVolumeMounts: []
## Additional volumeMounts to the default backend container.
# - name: copy-portal-skins
# mountPath: /var/lib/lemonldap-ng/portal/skins
extraVolumes: []
## Additional volumes to the default backend pod.
# - name: copy-portal-skins
# emptyDir: {}
autoscaling:
annotations: {}
enabled: false
minReplicas: 1
maxReplicas: 2
targetCPUUtilizationPercentage: 50
targetMemoryUtilizationPercentage: 50
service:
annotations: {}
# clusterIP: ""
## List of IP addresses at which the default backend service is available
## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips
##
externalIPs: []
# loadBalancerIP: ""
loadBalancerSourceRanges: []
servicePort: 80
type: ClusterIP
priorityClassName: ""
## Enable RBAC as per https://github.com/kubernetes/ingress/tree/master/examples/rbac/nginx and https://github.com/kubernetes/ingress/issues/266
rbac:
create: true
scope: false
# If true, create & use Pod Security Policy resources
# https://kubernetes.io/docs/concepts/policy/pod-security-policy/
podSecurityPolicy:
enabled: false
serviceAccount:
create: true
name: ""
automountServiceAccountToken: true
## Optional array of imagePullSecrets containing private registry credentials
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
imagePullSecrets: []
# - name: secretName
# TCP service key:value pairs
# Ref: https://github.com/kubernetes/contrib/tree/master/ingress/controllers/nginx/examples/tcp
##
tcp: {}
# 8080: "default/example-tcp-svc:9000"
# UDP service key:value pairs
# Ref: https://github.com/kubernetes/contrib/tree/master/ingress/controllers/nginx/examples/udp
##
udp: {}
# 53: "kube-system/kube-dns:53"
# A base64ed Diffie-Hellman parameter
# This can be generated with: openssl dhparam 4096 2> /dev/null | base64
# Ref: https://github.com/krmichel/ingress-nginx/blob/master/docs/examples/customization/ssl-dh-param
dhParam:

3
test/ingress-nginx/item.yaml Normal file
View File

@@ -0,0 +1,3 @@
categories:
- generic
icon_url: "http://ix_url"