From 39cd4eb3c7aab6db256c855fda760c5bd1b60dc8 Mon Sep 17 00:00:00 2001 From: marc Date: Fri, 4 Dec 2020 16:18:10 +0100 Subject: [PATCH] don't copy nginx-ingress, already on common --- .../charts/nginx-ingress/.helmignore | 21 - .../charts/nginx-ingress/Chart.yaml | 18 - lib/digitalocean/charts/nginx-ingress/OWNERS | 6 - .../charts/nginx-ingress/README.md | 359 ----------- .../ci/daemonset-customconfig-values.yaml | 4 - .../ci/daemonset-customnodeport-values.yaml | 15 - .../ci/daemonset-headers-values.yaml | 6 - .../ci/daemonset-nodeport-values.yaml | 4 - ...set-tcp-udp-configMapNamespace-values.yaml | 14 - .../ci/daemonset-tcp-udp-values.yaml | 10 - .../ci/daemonset-tcp-values.yaml | 6 - .../ci/deamonset-default-values.yaml | 2 - .../ci/deamonset-metrics-values.yaml | 4 - .../ci/deamonset-psp-values.yaml | 5 - .../ci/deamonset-webhook-and-psp-values.yaml | 7 - .../ci/deamonset-webhook-values.yaml | 4 - .../ci/deployment-autoscaling-values.yaml | 3 - .../ci/deployment-customconfig-values.yaml | 3 - .../ci/deployment-customnodeport-values.yaml | 14 - .../ci/deployment-default-values.yaml | 1 - .../ci/deployment-headers-values.yaml | 5 - .../ci/deployment-metrics-values.yaml | 3 - .../ci/deployment-nodeport-values.yaml | 3 - .../ci/deployment-psp-values.yaml | 2 - ...ent-tcp-udp-configMapNamespace-values.yaml | 13 - .../ci/deployment-tcp-udp-values.yaml | 9 - .../ci/deployment-tcp-values.yaml | 3 - .../ci/deployment-webhook-and-psp-values.yaml | 6 - .../ci/deployment-webhook-values.yaml | 3 - .../nginx-ingress/templates/_helpers.tpl | 125 ---- .../templates/addheaders-configmap.yaml | 14 - .../job-patch/clusterrole.yaml | 30 - .../job-patch/clusterrolebinding.yaml | 23 - .../job-patch/job-createSecret.yaml | 55 -- .../job-patch/job-patchWebhook.yaml | 57 -- .../admission-webhooks/job-patch/psp.yaml | 39 -- .../admission-webhooks/job-patch/role.yaml | 23 - .../job-patch/rolebinding.yaml | 23 - .../job-patch/serviceaccount.yaml | 15 - .../validating-webhook.yaml | 31 - .../nginx-ingress/templates/clusterrole.yaml | 71 --- .../templates/clusterrolebinding.yaml | 19 - .../templates/controller-configmap.yaml | 22 - .../templates/controller-daemonset.yaml | 256 -------- .../templates/controller-deployment.yaml | 251 -------- .../templates/controller-hpa.yaml | 34 -- .../templates/controller-metrics-service.yaml | 47 -- .../controller-poddisruptionbudget.yaml | 21 - .../templates/controller-prometheusrules.yaml | 24 - .../templates/controller-psp.yaml | 80 --- .../templates/controller-role.yaml | 91 --- .../templates/controller-rolebinding.yaml | 19 - .../templates/controller-service.yaml | 94 --- .../templates/controller-serviceaccount.yaml | 11 - .../templates/controller-servicemonitor.yaml | 38 -- .../templates/controller-webhook-service.yaml | 44 -- .../templates/default-backend-deployment.yaml | 107 ---- .../default-backend-poddisruptionbudget.yaml | 19 - .../templates/default-backend-psp.yaml | 35 -- .../templates/default-backend-role.yaml | 16 - .../default-backend-rolebinding.yaml | 19 - .../templates/default-backend-service.yaml | 45 -- .../default-backend-serviceaccount.yaml | 11 - .../templates/proxyheaders-configmap.yaml | 18 - .../templates/tcp-configmap.yaml | 14 - .../templates/udp-configmap.yaml | 14 - .../charts/nginx-ingress/values.yaml | 569 ------------------ 67 files changed, 2977 deletions(-) delete mode 100644 lib/digitalocean/charts/nginx-ingress/.helmignore delete mode 100644 lib/digitalocean/charts/nginx-ingress/Chart.yaml delete mode 100644 lib/digitalocean/charts/nginx-ingress/OWNERS delete mode 100644 lib/digitalocean/charts/nginx-ingress/README.md delete mode 100644 lib/digitalocean/charts/nginx-ingress/ci/daemonset-customconfig-values.yaml delete mode 100644 lib/digitalocean/charts/nginx-ingress/ci/daemonset-customnodeport-values.yaml delete mode 100644 lib/digitalocean/charts/nginx-ingress/ci/daemonset-headers-values.yaml delete mode 100644 lib/digitalocean/charts/nginx-ingress/ci/daemonset-nodeport-values.yaml delete mode 100644 lib/digitalocean/charts/nginx-ingress/ci/daemonset-tcp-udp-configMapNamespace-values.yaml delete mode 100644 lib/digitalocean/charts/nginx-ingress/ci/daemonset-tcp-udp-values.yaml delete mode 100644 lib/digitalocean/charts/nginx-ingress/ci/daemonset-tcp-values.yaml delete mode 100644 lib/digitalocean/charts/nginx-ingress/ci/deamonset-default-values.yaml delete mode 100644 lib/digitalocean/charts/nginx-ingress/ci/deamonset-metrics-values.yaml delete mode 100644 lib/digitalocean/charts/nginx-ingress/ci/deamonset-psp-values.yaml delete mode 100644 lib/digitalocean/charts/nginx-ingress/ci/deamonset-webhook-and-psp-values.yaml delete mode 100644 lib/digitalocean/charts/nginx-ingress/ci/deamonset-webhook-values.yaml delete mode 100644 lib/digitalocean/charts/nginx-ingress/ci/deployment-autoscaling-values.yaml delete mode 100644 lib/digitalocean/charts/nginx-ingress/ci/deployment-customconfig-values.yaml delete mode 100644 lib/digitalocean/charts/nginx-ingress/ci/deployment-customnodeport-values.yaml delete mode 100644 lib/digitalocean/charts/nginx-ingress/ci/deployment-default-values.yaml delete mode 100644 lib/digitalocean/charts/nginx-ingress/ci/deployment-headers-values.yaml delete mode 100644 lib/digitalocean/charts/nginx-ingress/ci/deployment-metrics-values.yaml delete mode 100644 lib/digitalocean/charts/nginx-ingress/ci/deployment-nodeport-values.yaml delete mode 100644 lib/digitalocean/charts/nginx-ingress/ci/deployment-psp-values.yaml delete mode 100644 lib/digitalocean/charts/nginx-ingress/ci/deployment-tcp-udp-configMapNamespace-values.yaml delete mode 100644 lib/digitalocean/charts/nginx-ingress/ci/deployment-tcp-udp-values.yaml delete mode 100644 lib/digitalocean/charts/nginx-ingress/ci/deployment-tcp-values.yaml delete mode 100644 lib/digitalocean/charts/nginx-ingress/ci/deployment-webhook-and-psp-values.yaml delete mode 100644 lib/digitalocean/charts/nginx-ingress/ci/deployment-webhook-values.yaml delete mode 100644 lib/digitalocean/charts/nginx-ingress/templates/_helpers.tpl delete mode 100644 lib/digitalocean/charts/nginx-ingress/templates/addheaders-configmap.yaml delete mode 100644 lib/digitalocean/charts/nginx-ingress/templates/admission-webhooks/job-patch/clusterrole.yaml delete mode 100644 lib/digitalocean/charts/nginx-ingress/templates/admission-webhooks/job-patch/clusterrolebinding.yaml delete mode 100644 lib/digitalocean/charts/nginx-ingress/templates/admission-webhooks/job-patch/job-createSecret.yaml delete mode 100644 lib/digitalocean/charts/nginx-ingress/templates/admission-webhooks/job-patch/job-patchWebhook.yaml delete mode 100644 lib/digitalocean/charts/nginx-ingress/templates/admission-webhooks/job-patch/psp.yaml delete mode 100644 lib/digitalocean/charts/nginx-ingress/templates/admission-webhooks/job-patch/role.yaml delete mode 100644 lib/digitalocean/charts/nginx-ingress/templates/admission-webhooks/job-patch/rolebinding.yaml delete mode 100644 lib/digitalocean/charts/nginx-ingress/templates/admission-webhooks/job-patch/serviceaccount.yaml delete mode 100644 lib/digitalocean/charts/nginx-ingress/templates/admission-webhooks/validating-webhook.yaml delete mode 100644 lib/digitalocean/charts/nginx-ingress/templates/clusterrole.yaml delete mode 100644 lib/digitalocean/charts/nginx-ingress/templates/clusterrolebinding.yaml delete mode 100644 lib/digitalocean/charts/nginx-ingress/templates/controller-configmap.yaml delete mode 100644 lib/digitalocean/charts/nginx-ingress/templates/controller-daemonset.yaml delete mode 100644 lib/digitalocean/charts/nginx-ingress/templates/controller-deployment.yaml delete mode 100644 lib/digitalocean/charts/nginx-ingress/templates/controller-hpa.yaml delete mode 100644 lib/digitalocean/charts/nginx-ingress/templates/controller-metrics-service.yaml delete mode 100644 lib/digitalocean/charts/nginx-ingress/templates/controller-poddisruptionbudget.yaml delete mode 100644 lib/digitalocean/charts/nginx-ingress/templates/controller-prometheusrules.yaml delete mode 100644 lib/digitalocean/charts/nginx-ingress/templates/controller-psp.yaml delete mode 100644 lib/digitalocean/charts/nginx-ingress/templates/controller-role.yaml delete mode 100644 lib/digitalocean/charts/nginx-ingress/templates/controller-rolebinding.yaml delete mode 100644 lib/digitalocean/charts/nginx-ingress/templates/controller-service.yaml delete mode 100644 lib/digitalocean/charts/nginx-ingress/templates/controller-serviceaccount.yaml delete mode 100644 lib/digitalocean/charts/nginx-ingress/templates/controller-servicemonitor.yaml delete mode 100644 lib/digitalocean/charts/nginx-ingress/templates/controller-webhook-service.yaml delete mode 100644 lib/digitalocean/charts/nginx-ingress/templates/default-backend-deployment.yaml delete mode 100644 lib/digitalocean/charts/nginx-ingress/templates/default-backend-poddisruptionbudget.yaml delete mode 100644 lib/digitalocean/charts/nginx-ingress/templates/default-backend-psp.yaml delete mode 100644 lib/digitalocean/charts/nginx-ingress/templates/default-backend-role.yaml delete mode 100644 lib/digitalocean/charts/nginx-ingress/templates/default-backend-rolebinding.yaml delete mode 100644 lib/digitalocean/charts/nginx-ingress/templates/default-backend-service.yaml delete mode 100644 lib/digitalocean/charts/nginx-ingress/templates/default-backend-serviceaccount.yaml delete mode 100644 lib/digitalocean/charts/nginx-ingress/templates/proxyheaders-configmap.yaml delete mode 100644 lib/digitalocean/charts/nginx-ingress/templates/tcp-configmap.yaml delete mode 100644 lib/digitalocean/charts/nginx-ingress/templates/udp-configmap.yaml delete mode 100644 lib/digitalocean/charts/nginx-ingress/values.yaml diff --git a/lib/digitalocean/charts/nginx-ingress/.helmignore b/lib/digitalocean/charts/nginx-ingress/.helmignore deleted file mode 100644 index f0c13194..00000000 --- a/lib/digitalocean/charts/nginx-ingress/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/lib/digitalocean/charts/nginx-ingress/Chart.yaml b/lib/digitalocean/charts/nginx-ingress/Chart.yaml deleted file mode 100644 index b3ae906b..00000000 --- a/lib/digitalocean/charts/nginx-ingress/Chart.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: v1 -appVersion: 0.30.0 -description: An nginx Ingress controller that uses ConfigMap to store the nginx configuration. -engine: gotpl -home: https://github.com/kubernetes/ingress-nginx -icon: https://upload.wikimedia.org/wikipedia/commons/thumb/c/c5/Nginx_logo.svg/500px-Nginx_logo.svg.png -keywords: -- ingress -- nginx -kubeVersion: '>=1.10.0-0' -maintainers: -- name: ChiefAlexander -- email: Trevor.G.Wood@gmail.com - name: taharah -name: nginx-ingress -sources: -- https://github.com/kubernetes/ingress-nginx -version: 1.35.0 diff --git a/lib/digitalocean/charts/nginx-ingress/OWNERS b/lib/digitalocean/charts/nginx-ingress/OWNERS deleted file mode 100644 index 0001de36..00000000 --- a/lib/digitalocean/charts/nginx-ingress/OWNERS +++ /dev/null @@ -1,6 +0,0 @@ -approvers: -- ChiefAlexander -- taharah -reviewers: -- ChiefAlexander -- taharah diff --git a/lib/digitalocean/charts/nginx-ingress/README.md b/lib/digitalocean/charts/nginx-ingress/README.md deleted file mode 100644 index e73df1a5..00000000 --- a/lib/digitalocean/charts/nginx-ingress/README.md +++ /dev/null @@ -1,359 +0,0 @@ -# nginx-ingress - -[nginx-ingress](https://github.com/kubernetes/ingress-nginx) is an Ingress controller that uses ConfigMap to store the nginx configuration. - -To use, add the `kubernetes.io/ingress.class: nginx` annotation to your Ingress resources. - -## TL;DR; - -```console -$ helm install stable/nginx-ingress -``` - -## Introduction - -This chart bootstraps an nginx-ingress deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -## Prerequisites - - - Kubernetes 1.6+ - -## Installing the Chart - -To install the chart with the release name `my-release`: - -```console -$ helm install --name my-release stable/nginx-ingress -``` - -The command deploys nginx-ingress on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation. - -> **Tip**: List all releases using `helm list` - -## Uninstalling the Chart - -To uninstall/delete the `my-release` deployment: - -```console -$ helm delete my-release -``` - -The command removes all the Kubernetes components associated with the chart and deletes the release. - -## Configuration - -The following table lists the configurable parameters of the nginx-ingress chart and their default values. - -Parameter | Description | Default ---- | --- | --- -`controller.name` | name of the controller component | `controller` -`controller.image.repository` | controller container image repository | `quay.io/kubernetes-ingress-controller/nginx-ingress-controller` -`controller.image.tag` | controller container image tag | `0.30.0` -`controller.image.pullPolicy` | controller container image pull policy | `IfNotPresent` -`controller.image.runAsUser` | User ID of the controller process. Value depends on the Linux distribution used inside of the container image. | `101` -`controller.useComponentLabel` | Wether to add component label so the HPA can work separately for controller and defaultBackend. *Note: don't change this if you have an already running deployment as it will need the recreation of the controller deployment* | `false` -`controller.containerPort.http` | The port that the controller container listens on for http connections. | `80` -`controller.containerPort.https` | The port that the controller container listens on for https connections. | `443` -`controller.config` | nginx [ConfigMap](https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/configmap.md) entries | none -`controller.hostNetwork` | If the nginx deployment / daemonset should run on the host's network namespace. Do not set this when `controller.service.externalIPs` is set and `kube-proxy` is used as there will be a port-conflict for port `80` | false -`controller.defaultBackendService` | default 404 backend service; needed only if `defaultBackend.enabled = false` and version < 0.21.0| `""` -`controller.dnsPolicy` | If using `hostNetwork=true`, change to `ClusterFirstWithHostNet`. See [pod's dns policy](https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy) for details | `ClusterFirst` -`controller.dnsConfig` | custom pod dnsConfig. See [pod's dns config](https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-config) for details | `{}` -`controller.reportNodeInternalIp` | If using `hostNetwork=true`, setting `reportNodeInternalIp=true`, will pass the flag `report-node-internal-ip-address` to nginx-ingress. This sets the status of all Ingress objects to the internal IP address of all nodes running the NGINX Ingress controller. -`controller.electionID` | election ID to use for the status update | `ingress-controller-leader` -`controller.extraEnvs` | any additional environment variables to set in the pods | `{}` -`controller.extraContainers` | Sidecar containers to add to the controller pod. See [LemonLDAP::NG controller](https://github.com/lemonldap-ng-controller/lemonldap-ng-controller) as example | `{}` -`controller.extraVolumeMounts` | Additional volumeMounts to the controller main container | `{}` -`controller.extraVolumes` | Additional volumes to the controller pod | `{}` -`controller.extraInitContainers` | Containers, which are run before the app containers are started | `[]` -`controller.ingressClass` | name of the ingress class to route through this controller | `nginx` -`controller.maxmindLicenseKey` | Maxmind license key to download GeoLite2 Databases. See [Accessing and using GeoLite2 database](https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-geolite2-databases/) | `""` -`controller.scope.enabled` | limit the scope of the ingress controller | `false` (watch all namespaces) -`controller.scope.namespace` | namespace to watch for ingress | `""` (use the release namespace) -`controller.extraArgs` | Additional controller container arguments | `{}` -`controller.kind` | install as Deployment, DaemonSet or Both | `Deployment` -`controller.deploymentAnnotations` | annotations to be added to deployment | `{}` -`controller.autoscaling.enabled` | If true, creates Horizontal Pod Autoscaler | false -`controller.autoscaling.minReplicas` | If autoscaling enabled, this field sets minimum replica count | `2` -`controller.autoscaling.maxReplicas` | If autoscaling enabled, this field sets maximum replica count | `11` -`controller.autoscaling.targetCPUUtilizationPercentage` | Target CPU utilization percentage to scale | `"50"` -`controller.autoscaling.targetMemoryUtilizationPercentage` | Target memory utilization percentage to scale | `"50"` -`controller.daemonset.useHostPort` | If `controller.kind` is `DaemonSet`, this will enable `hostPort` for TCP/80 and TCP/443 | false -`controller.daemonset.hostPorts.http` | If `controller.daemonset.useHostPort` is `true` and this is non-empty, it sets the hostPort | `"80"` -`controller.daemonset.hostPorts.https` | If `controller.daemonset.useHostPort` is `true` and this is non-empty, it sets the hostPort | `"443"` -`controller.tolerations` | node taints to tolerate (requires Kubernetes >=1.6) | `[]` -`controller.affinity` | node/pod affinities (requires Kubernetes >=1.6) | `{}` -`controller.terminationGracePeriodSeconds` | how many seconds to wait before terminating a pod | `60` -`controller.minReadySeconds` | how many seconds a pod needs to be ready before killing the next, during update | `0` -`controller.nodeSelector` | node labels for pod assignment | `{}` -`controller.podAnnotations` | annotations to be added to pods | `{}` -`controller.podLabels` | labels to add to the pod container metadata | `{}` -`controller.podSecurityContext` | Security context policies to add to the controller pod | `{}` -`controller.replicaCount` | desired number of controller pods | `1` -`controller.minAvailable` | minimum number of available controller pods for PodDisruptionBudget | `1` -`controller.resources` | controller pod resource requests & limits | `{}` -`controller.priorityClassName` | controller priorityClassName | `nil` -`controller.lifecycle` | controller pod lifecycle hooks | `{}` -`controller.service.annotations` | annotations for controller service | `{}` -`controller.service.labels` | labels for controller service | `{}` -`controller.publishService.enabled` | if true, the controller will set the endpoint records on the ingress objects to reflect those on the service | `false` -`controller.publishService.pathOverride` | override of the default publish-service name | `""` -`controller.service.enabled` | if disabled no service will be created. This is especially useful when `controller.kind` is set to `DaemonSet` and `controller.daemonset.useHostPorts` is `true` | true -`controller.service.clusterIP` | internal controller cluster service IP (set to `"-"` to pass an empty value) | `nil` -`controller.service.omitClusterIP` | (Deprecated) To omit the `clusterIP` from the controller service | `false` -`controller.service.externalIPs` | controller service external IP addresses. Do not set this when `controller.hostNetwork` is set to `true` and `kube-proxy` is used as there will be a port-conflict for port `80` | `[]` -`controller.service.externalTrafficPolicy` | If `controller.service.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable [source IP preservation](https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-typenodeport) | `"Cluster"` -`controller.service.sessionAffinity` | Enables client IP based session affinity. Must be `ClientIP` or `None` if set. | `""` -`controller.service.healthCheckNodePort` | If `controller.service.type` is `NodePort` or `LoadBalancer` and `controller.service.externalTrafficPolicy` is set to `Local`, set this to [the managed health-check port the kube-proxy will expose](https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-typenodeport). If blank, a random port in the `NodePort` range will be assigned | `""` -`controller.service.loadBalancerIP` | IP address to assign to load balancer (if supported) | `""` -`controller.service.loadBalancerSourceRanges` | list of IP CIDRs allowed access to load balancer (if supported) | `[]` -`controller.service.enableHttp` | if port 80 should be opened for service | `true` -`controller.service.enableHttps` | if port 443 should be opened for service | `true` -`controller.service.targetPorts.http` | Sets the targetPort that maps to the Ingress' port 80 | `80` -`controller.service.targetPorts.https` | Sets the targetPort that maps to the Ingress' port 443 | `443` -`controller.service.ports.http` | Sets service http port | `80` -`controller.service.ports.https` | Sets service https port | `443` -`controller.service.type` | type of controller service to create | `LoadBalancer` -`controller.service.nodePorts.http` | If `controller.service.type` is either `NodePort` or `LoadBalancer` and this is non-empty, it sets the nodePort that maps to the Ingress' port 80 | `""` -`controller.service.nodePorts.https` | If `controller.service.type` is either `NodePort` or `LoadBalancer` and this is non-empty, it sets the nodePort that maps to the Ingress' port 443 | `""` -`controller.service.nodePorts.tcp` | Sets the nodePort for an entry referenced by its key from `tcp` | `{}` -`controller.service.nodePorts.udp` | Sets the nodePort for an entry referenced by its key from `udp` | `{}` -`controller.livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 10 -`controller.livenessProbe.periodSeconds` | How often to perform the probe | 10 -`controller.livenessProbe.timeoutSeconds` | When the probe times out | 5 -`controller.livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | 1 -`controller.livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 3 -`controller.livenessProbe.port` | The port number that the liveness probe will listen on. | 10254 -`controller.readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated | 10 -`controller.readinessProbe.periodSeconds` | How often to perform the probe | 10 -`controller.readinessProbe.timeoutSeconds` | When the probe times out | 1 -`controller.readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | 1 -`controller.readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 3 -`controller.readinessProbe.port` | The port number that the readiness probe will listen on. | 10254 -`controller.metrics.enabled` | if `true`, enable Prometheus metrics | `false` -`controller.metrics.service.annotations` | annotations for Prometheus metrics service | `{}` -`controller.metrics.service.clusterIP` | cluster IP address to assign to service (set to `"-"` to pass an empty value) | `nil` -`controller.metrics.service.omitClusterIP` | (Deprecated) To omit the `clusterIP` from the metrics service | `false` -`controller.metrics.service.externalIPs` | Prometheus metrics service external IP addresses | `[]` -`controller.metrics.service.labels` | labels for metrics service | `{}` -`controller.metrics.service.loadBalancerIP` | IP address to assign to load balancer (if supported) | `""` -`controller.metrics.service.loadBalancerSourceRanges` | list of IP CIDRs allowed access to load balancer (if supported) | `[]` -`controller.metrics.service.servicePort` | Prometheus metrics service port | `9913` -`controller.metrics.service.type` | type of Prometheus metrics service to create | `ClusterIP` -`controller.metrics.serviceMonitor.enabled` | Set this to `true` to create ServiceMonitor for Prometheus operator | `false` -`controller.metrics.serviceMonitor.additionalLabels` | Additional labels that can be used so ServiceMonitor will be discovered by Prometheus | `{}` -`controller.metrics.serviceMonitor.honorLabels` | honorLabels chooses the metric's labels on collisions with target labels. | `false` -`controller.metrics.serviceMonitor.namespace` | namespace where servicemonitor resource should be created | `the same namespace as nginx ingress` -`controller.metrics.serviceMonitor.namespaceSelector` | [namespaceSelector](https://github.com/coreos/prometheus-operator/blob/v0.34.0/Documentation/api.md#namespaceselector) to configure what namespaces to scrape | `will scrape the helm release namespace only` -`controller.metrics.serviceMonitor.scrapeInterval` | interval between Prometheus scraping | `30s` -`controller.metrics.prometheusRule.enabled` | Set this to `true` to create prometheusRules for Prometheus operator | `false` -`controller.metrics.prometheusRule.additionalLabels` | Additional labels that can be used so prometheusRules will be discovered by Prometheus | `{}` -`controller.metrics.prometheusRule.namespace` | namespace where prometheusRules resource should be created | `the same namespace as nginx ingress` -`controller.metrics.prometheusRule.rules` | [rules](https://prometheus.io/docs/prometheus/latest/configuration/alerting_rules/) to be prometheus in YAML format, check values for an example. | `[]` -`controller.admissionWebhooks.enabled` | Create Ingress admission webhooks. Validating webhook will check the ingress syntax. | `false` -`controller.admissionWebhooks.failurePolicy` | Failure policy for admission webhooks | `Fail` -`controller.admissionWebhooks.port` | Admission webhook port | `8080` -`controller.admissionWebhooks.service.annotations` | Annotations for admission webhook service | `{}` -`controller.admissionWebhooks.service.omitClusterIP` | (Deprecated) To omit the `clusterIP` from the admission webhook service | `false` -`controller.admissionWebhooks.service.clusterIP` | cluster IP address to assign to admission webhook service (set to `"-"` to pass an empty value) | `nil` -`controller.admissionWebhooks.service.externalIPs` | Admission webhook service external IP addresses | `[]` -`controller.admissionWebhooks.service.loadBalancerIP` | IP address to assign to load balancer (if supported) | `""` -`controller.admissionWebhooks.service.loadBalancerSourceRanges` | List of IP CIDRs allowed access to load balancer (if supported) | `[]` -`controller.admissionWebhooks.service.servicePort` | Admission webhook service port | `443` -`controller.admissionWebhooks.service.type` | Type of admission webhook service to create | `ClusterIP` -`controller.admissionWebhooks.patch.enabled` | If true, will use a pre and post install hooks to generate a CA and certificate to use for the prometheus operator tls proxy, and patch the created webhooks with the CA. | `true` -`controller.admissionWebhooks.patch.image.repository` | Repository to use for the webhook integration jobs | `jettech/kube-webhook-certgen` -`controller.admissionWebhooks.patch.image.tag` | Tag to use for the webhook integration jobs | `v1.0.0` -`controller.admissionWebhooks.patch.image.pullPolicy` | Image pull policy for the webhook integration jobs | `IfNotPresent` -`controller.admissionWebhooks.patch.priorityClassName` | Priority class for the webhook integration jobs | `""` -`controller.admissionWebhooks.patch.podAnnotations` | Annotations for the webhook job pods | `{}` -`controller.admissionWebhooks.patch.nodeSelector` | Node selector for running admission hook patch jobs | `{}` -`controller.customTemplate.configMapName` | configMap containing a custom nginx template | `""` -`controller.customTemplate.configMapKey` | configMap key containing the nginx template | `""` -`controller.addHeaders` | configMap key:value pairs containing [custom headers](https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#add-headers) added before sending response to the client | `{}` -`controller.proxySetHeaders` | configMap key:value pairs containing [custom headers](https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#proxy-set-headers) added before sending request to the backends| `{}` -`controller.headers` | DEPRECATED, Use `controller.proxySetHeaders` instead. | `{}` -`controller.updateStrategy` | allows setting of RollingUpdate strategy | `{}` -`controller.configMapNamespace` | The nginx-configmap namespace name | `""` -`controller.tcp.configMapNamespace` | The tcp-services-configmap namespace name | `""` -`controller.udp.configMapNamespace` | The udp-services-configmap namespace name | `""` -`defaultBackend.enabled` | Use default backend component | `true` -`defaultBackend.name` | name of the default backend component | `default-backend` -`defaultBackend.image.repository` | default backend container image repository | `k8s.gcr.io/defaultbackend-amd64` -`defaultBackend.image.tag` | default backend container image tag | `1.5` -`defaultBackend.image.pullPolicy` | default backend container image pull policy | `IfNotPresent` -`defaultBackend.image.runAsUser` | User ID of the controller process. Value depends on the Linux distribution used inside of the container image. By default uses nobody user. | `65534` -`defaultBackend.useComponentLabel` | Whether to add component label so the HPA can work separately for controller and defaultBackend. *Note: don't change this if you have an already running deployment as it will need the recreation of the defaultBackend deployment* | `false` -`defaultBackend.extraArgs` | Additional default backend container arguments | `{}` -`defaultBackend.extraEnvs` | any additional environment variables to set in the defaultBackend pods | `[]` -`defaultBackend.port` | Http port number | `8080` -`defaultBackend.livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 30 -`defaultBackend.livenessProbe.periodSeconds` | How often to perform the probe | 10 -`defaultBackend.livenessProbe.timeoutSeconds` | When the probe times out | 5 -`defaultBackend.livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | 1 -`defaultBackend.livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 3 -`defaultBackend.readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated | 0 -`defaultBackend.readinessProbe.periodSeconds` | How often to perform the probe | 5 -`defaultBackend.readinessProbe.timeoutSeconds` | When the probe times out | 5 -`defaultBackend.readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | 1 -`defaultBackend.readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 6 -`defaultBackend.tolerations` | node taints to tolerate (requires Kubernetes >=1.6) | `[]` -`defaultBackend.affinity` | node/pod affinities (requires Kubernetes >=1.6) | `{}` -`defaultBackend.nodeSelector` | node labels for pod assignment | `{}` -`defaultBackend.podAnnotations` | annotations to be added to pods | `{}` -`defaultBackend.podLabels` | labels to add to the pod container metadata | `{}` -`defaultBackend.replicaCount` | desired number of default backend pods | `1` -`defaultBackend.minAvailable` | minimum number of available default backend pods for PodDisruptionBudget | `1` -`defaultBackend.resources` | default backend pod resource requests & limits | `{}` -`defaultBackend.priorityClassName` | default backend priorityClassName | `nil` -`defaultBackend.podSecurityContext` | Security context policies to add to the default backend | `{}` -`defaultBackend.service.annotations` | annotations for default backend service | `{}` -`defaultBackend.service.clusterIP` | internal default backend cluster service IP (set to `"-"` to pass an empty value) | `nil` -`defaultBackend.service.omitClusterIP` | (Deprecated) To omit the `clusterIP` from the default backend service | `false` -`defaultBackend.service.externalIPs` | default backend service external IP addresses | `[]` -`defaultBackend.service.loadBalancerIP` | IP address to assign to load balancer (if supported) | `""` -`defaultBackend.service.loadBalancerSourceRanges` | list of IP CIDRs allowed access to load balancer (if supported) | `[]` -`defaultBackend.service.type` | type of default backend service to create | `ClusterIP` -`defaultBackend.serviceAccount.create` | if `true`, create a backend service account. Only useful if you need a pod security policy to run the backend. | `true` -`defaultBackend.serviceAccount.name` | The name of the backend service account to use. If not set and `create` is `true`, a name is generated using the fullname template. Only useful if you need a pod security policy to run the backend. | `` -`imagePullSecrets` | name of Secret resource containing private registry credentials | `nil` -`rbac.create` | if `true`, create & use RBAC resources | `true` -`rbac.scope` | if `true`, do not create & use clusterrole and -binding. Set to `true` in combination with `controller.scope.enabled=true` to disable load-balancer status updates and scope the ingress entirely. | `false` -`podSecurityPolicy.enabled` | if `true`, create & use Pod Security Policy resources | `false` -`serviceAccount.create` | if `true`, create a service account for the controller | `true` -`serviceAccount.name` | The name of the controller service account to use. If not set and `create` is `true`, a name is generated using the fullname template. | `` -`revisionHistoryLimit` | The number of old history to retain to allow rollback. | `10` -`tcp` | TCP service key:value pairs. The value is evaluated as a template. | `{}` -`udp` | UDP service key:value pairs The value is evaluated as a template. | `{}` -`releaseLabelOverride` | If provided, the value will be used as the `release` label instead of .Release.Name | `""` - -These parameters can be passed via Helm's `--set` option -```console -$ helm install stable/nginx-ingress --name my-release \ - --set controller.metrics.enabled=true -``` - -Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, - -```console -$ helm install stable/nginx-ingress --name my-release -f values.yaml -``` - -A useful trick to debug issues with ingress is to increase the logLevel -as described [here](https://github.com/kubernetes/ingress-nginx/blob/master/docs/troubleshooting.md#debug) - -```console -$ helm install stable/nginx-ingress --set controller.extraArgs.v=2 -``` -> **Tip**: You can use the default [values.yaml](values.yaml) - -## PodDisruptionBudget - -Note that the PodDisruptionBudget resource will only be defined if the replicaCount is greater than one, -else it would make it impossible to evacuate a node. See [gh issue #7127](https://github.com/helm/charts/issues/7127) for more info. - -## Prometheus Metrics - -The Nginx ingress controller can export Prometheus metrics. - -```console -$ helm install stable/nginx-ingress --name my-release \ - --set controller.metrics.enabled=true -``` - -You can add Prometheus annotations to the metrics service using `controller.metrics.service.annotations`. Alternatively, if you use the Prometheus Operator, you can enable ServiceMonitor creation using `controller.metrics.serviceMonitor.enabled`. - -## nginx-ingress nginx\_status page/stats server - -Previous versions of this chart had a `controller.stats.*` configuration block, which is now obsolete due to the following changes in nginx ingress controller: -* in [0.16.1](https://github.com/kubernetes/ingress-nginx/blob/master/Changelog.md#0161), the vts (virtual host traffic status) dashboard was removed -* in [0.23.0](https://github.com/kubernetes/ingress-nginx/blob/master/Changelog.md#0230), the status page at port 18080 is now a unix socket webserver only available at localhost. - You can use `curl --unix-socket /tmp/nginx-status-server.sock http://localhost/nginx_status` inside the controller container to access it locally, or use the snippet from [nginx-ingress changelog](https://github.com/kubernetes/ingress-nginx/blob/master/Changelog.md#0230) to re-enable the http server - -## ExternalDNS Service configuration - -Add an [ExternalDNS](https://github.com/kubernetes-sigs/external-dns) annotation to the LoadBalancer service: - -```yaml -controller: - service: - annotations: - external-dns.alpha.kubernetes.io/hostname: kubernetes-example.com. -``` - -## AWS L7 ELB with SSL Termination - -Annotate the controller as shown in the [nginx-ingress l7 patch](https://github.com/kubernetes/ingress-nginx/blob/master/deploy/aws/l7/service-l7.yaml): - -```yaml -controller: - service: - targetPorts: - http: http - https: http - annotations: - service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:XX-XXXX-X:XXXXXXXXX:certificate/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXX - service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "http" - service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https" - service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: '3600' -``` - -## AWS L4 NLB with SSL Redirection - -`ssl-redirect` and `force-ssl-redirect` flag are not working with AWS Network Load Balancer. You need to turn if off and add additional port with `server-snippet` in order to make it work. - -The port NLB `80` will be mapped to nginx container port `80` and NLB port `443` will be mapped to nginx container port `8000` (special). Then we use `$server_port` to manage redirection on port `80` -``` -controller: - config: - ssl-redirect: "false" # we use `special` port to control ssl redirection - server-snippet: | - listen 8000; - if ( $server_port = 80 ) { - return 308 https://$host$request_uri; - } - containerPort: - http: 80 - https: 443 - special: 8000 - service: - targetPorts: - http: http - https: special - annotations: - service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "tcp" - service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "443" - service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "your-arn" - service.beta.kubernetes.io/aws-load-balancer-type: "nlb" -``` - -## AWS route53-mapper - -To configure the LoadBalancer service with the [route53-mapper addon](https://github.com/kubernetes/kops/tree/master/addons/route53-mapper), add the `domainName` annotation and `dns` label: - -```yaml -controller: - service: - labels: - dns: "route53" - annotations: - domainName: "kubernetes-example.com" -``` - -## Ingress Admission Webhooks - -With nginx-ingress-controller version 0.25+, the nginx ingress controller pod exposes an endpoint that will integrate with the `validatingwebhookconfiguration` Kubernetes feature to prevent bad ingress from being added to the cluster. - -With nginx-ingress-controller in 0.25.* work only with kubernetes 1.14+, 0.26 fix [this issue](https://github.com/kubernetes/ingress-nginx/pull/4521) - -## Helm error when upgrading: spec.clusterIP: Invalid value: "" - -If you are upgrading this chart from a version between 0.31.0 and 1.2.2 then you may get an error like this: - -``` -Error: UPGRADE FAILED: Service "?????-controller" is invalid: spec.clusterIP: Invalid value: "": field is immutable -``` - -Detail of how and why are in [this issue](https://github.com/helm/charts/pull/13646) but to resolve this you can set `xxxx.service.omitClusterIP` to `true` where `xxxx` is the service referenced in the error. - -As of version `1.26.0` of this chart, by simply not providing any clusterIP value, `invalid: spec.clusterIP: Invalid value: "": field is immutable` will no longer occur since `clusterIP: ""` will not be rendered. diff --git a/lib/digitalocean/charts/nginx-ingress/ci/daemonset-customconfig-values.yaml b/lib/digitalocean/charts/nginx-ingress/ci/daemonset-customconfig-values.yaml deleted file mode 100644 index f12eac3f..00000000 --- a/lib/digitalocean/charts/nginx-ingress/ci/daemonset-customconfig-values.yaml +++ /dev/null @@ -1,4 +0,0 @@ -controller: - kind: DaemonSet - config: - use-proxy-protocol: "true" diff --git a/lib/digitalocean/charts/nginx-ingress/ci/daemonset-customnodeport-values.yaml b/lib/digitalocean/charts/nginx-ingress/ci/daemonset-customnodeport-values.yaml deleted file mode 100644 index 382bc50e..00000000 --- a/lib/digitalocean/charts/nginx-ingress/ci/daemonset-customnodeport-values.yaml +++ /dev/null @@ -1,15 +0,0 @@ -controller: - kind: DaemonSet - service: - type: NodePort - nodePorts: - tcp: - 9000: 30090 - udp: - 9001: 30091 - -tcp: - 9000: "default/test:8080" - -udp: - 9001: "default/test:8080" diff --git a/lib/digitalocean/charts/nginx-ingress/ci/daemonset-headers-values.yaml b/lib/digitalocean/charts/nginx-ingress/ci/daemonset-headers-values.yaml deleted file mode 100644 index a29690f1..00000000 --- a/lib/digitalocean/charts/nginx-ingress/ci/daemonset-headers-values.yaml +++ /dev/null @@ -1,6 +0,0 @@ -controller: - kind: DaemonSet - addHeaders: - X-Frame-Options: deny - proxySetHeaders: - X-Forwarded-Proto: https diff --git a/lib/digitalocean/charts/nginx-ingress/ci/daemonset-nodeport-values.yaml b/lib/digitalocean/charts/nginx-ingress/ci/daemonset-nodeport-values.yaml deleted file mode 100644 index ebc8f102..00000000 --- a/lib/digitalocean/charts/nginx-ingress/ci/daemonset-nodeport-values.yaml +++ /dev/null @@ -1,4 +0,0 @@ -controller: - kind: DaemonSet - service: - type: NodePort diff --git a/lib/digitalocean/charts/nginx-ingress/ci/daemonset-tcp-udp-configMapNamespace-values.yaml b/lib/digitalocean/charts/nginx-ingress/ci/daemonset-tcp-udp-configMapNamespace-values.yaml deleted file mode 100644 index 3484704f..00000000 --- a/lib/digitalocean/charts/nginx-ingress/ci/daemonset-tcp-udp-configMapNamespace-values.yaml +++ /dev/null @@ -1,14 +0,0 @@ -controller: - kind: DaemonSet - service: - type: ClusterIP - tcp: - configMapNamespace: default - udp: - configMapNamespace: default - -tcp: - 9000: "default/test:8080" - -udp: - 9001: "default/test:8080" diff --git a/lib/digitalocean/charts/nginx-ingress/ci/daemonset-tcp-udp-values.yaml b/lib/digitalocean/charts/nginx-ingress/ci/daemonset-tcp-udp-values.yaml deleted file mode 100644 index e6866d7c..00000000 --- a/lib/digitalocean/charts/nginx-ingress/ci/daemonset-tcp-udp-values.yaml +++ /dev/null @@ -1,10 +0,0 @@ -controller: - kind: DaemonSet - service: - type: ClusterIP - -tcp: - 9000: "default/test:8080" - -udp: - 9001: "default/test:8080" diff --git a/lib/digitalocean/charts/nginx-ingress/ci/daemonset-tcp-values.yaml b/lib/digitalocean/charts/nginx-ingress/ci/daemonset-tcp-values.yaml deleted file mode 100644 index f0a60608..00000000 --- a/lib/digitalocean/charts/nginx-ingress/ci/daemonset-tcp-values.yaml +++ /dev/null @@ -1,6 +0,0 @@ -controller: - kind: DaemonSet - -tcp: - 9000: "default/test:8080" - 9001: "default/test:8080" diff --git a/lib/digitalocean/charts/nginx-ingress/ci/deamonset-default-values.yaml b/lib/digitalocean/charts/nginx-ingress/ci/deamonset-default-values.yaml deleted file mode 100644 index ddb25623..00000000 --- a/lib/digitalocean/charts/nginx-ingress/ci/deamonset-default-values.yaml +++ /dev/null @@ -1,2 +0,0 @@ -controller: - kind: DaemonSet diff --git a/lib/digitalocean/charts/nginx-ingress/ci/deamonset-metrics-values.yaml b/lib/digitalocean/charts/nginx-ingress/ci/deamonset-metrics-values.yaml deleted file mode 100644 index 5ce435d5..00000000 --- a/lib/digitalocean/charts/nginx-ingress/ci/deamonset-metrics-values.yaml +++ /dev/null @@ -1,4 +0,0 @@ -controller: - kind: DaemonSet - metrics: - enabled: true diff --git a/lib/digitalocean/charts/nginx-ingress/ci/deamonset-psp-values.yaml b/lib/digitalocean/charts/nginx-ingress/ci/deamonset-psp-values.yaml deleted file mode 100644 index b441c1ad..00000000 --- a/lib/digitalocean/charts/nginx-ingress/ci/deamonset-psp-values.yaml +++ /dev/null @@ -1,5 +0,0 @@ -controller: - kind: DaemonSet - -podSecurityPolicy: - enabled: true diff --git a/lib/digitalocean/charts/nginx-ingress/ci/deamonset-webhook-and-psp-values.yaml b/lib/digitalocean/charts/nginx-ingress/ci/deamonset-webhook-and-psp-values.yaml deleted file mode 100644 index 2cf9d6fd..00000000 --- a/lib/digitalocean/charts/nginx-ingress/ci/deamonset-webhook-and-psp-values.yaml +++ /dev/null @@ -1,7 +0,0 @@ -controller: - kind: DaemonSet - admissionWebhooks: - enabled: true - -podSecurityPolicy: - enabled: true diff --git a/lib/digitalocean/charts/nginx-ingress/ci/deamonset-webhook-values.yaml b/lib/digitalocean/charts/nginx-ingress/ci/deamonset-webhook-values.yaml deleted file mode 100644 index 2d2cb479..00000000 --- a/lib/digitalocean/charts/nginx-ingress/ci/deamonset-webhook-values.yaml +++ /dev/null @@ -1,4 +0,0 @@ -controller: - kind: DaemonSet - admissionWebhooks: - enabled: true diff --git a/lib/digitalocean/charts/nginx-ingress/ci/deployment-autoscaling-values.yaml b/lib/digitalocean/charts/nginx-ingress/ci/deployment-autoscaling-values.yaml deleted file mode 100644 index e9701daa..00000000 --- a/lib/digitalocean/charts/nginx-ingress/ci/deployment-autoscaling-values.yaml +++ /dev/null @@ -1,3 +0,0 @@ -controller: - autoscaling: - enabled: true diff --git a/lib/digitalocean/charts/nginx-ingress/ci/deployment-customconfig-values.yaml b/lib/digitalocean/charts/nginx-ingress/ci/deployment-customconfig-values.yaml deleted file mode 100644 index 401aea42..00000000 --- a/lib/digitalocean/charts/nginx-ingress/ci/deployment-customconfig-values.yaml +++ /dev/null @@ -1,3 +0,0 @@ -controller: - config: - use-proxy-protocol: "true" diff --git a/lib/digitalocean/charts/nginx-ingress/ci/deployment-customnodeport-values.yaml b/lib/digitalocean/charts/nginx-ingress/ci/deployment-customnodeport-values.yaml deleted file mode 100644 index 6958eaac..00000000 --- a/lib/digitalocean/charts/nginx-ingress/ci/deployment-customnodeport-values.yaml +++ /dev/null @@ -1,14 +0,0 @@ -controller: - service: - type: NodePort - nodePorts: - tcp: - 9000: 30090 - udp: - 9001: 30091 - -tcp: - 9000: "default/test:8080" - -udp: - 9001: "default/test:8080" diff --git a/lib/digitalocean/charts/nginx-ingress/ci/deployment-default-values.yaml b/lib/digitalocean/charts/nginx-ingress/ci/deployment-default-values.yaml deleted file mode 100644 index b15f0e41..00000000 --- a/lib/digitalocean/charts/nginx-ingress/ci/deployment-default-values.yaml +++ /dev/null @@ -1 +0,0 @@ -# Left blank to test default values diff --git a/lib/digitalocean/charts/nginx-ingress/ci/deployment-headers-values.yaml b/lib/digitalocean/charts/nginx-ingress/ci/deployment-headers-values.yaml deleted file mode 100644 index f3873af0..00000000 --- a/lib/digitalocean/charts/nginx-ingress/ci/deployment-headers-values.yaml +++ /dev/null @@ -1,5 +0,0 @@ -controller: - addHeaders: - X-Frame-Options: deny - proxySetHeaders: - X-Forwarded-Proto: https diff --git a/lib/digitalocean/charts/nginx-ingress/ci/deployment-metrics-values.yaml b/lib/digitalocean/charts/nginx-ingress/ci/deployment-metrics-values.yaml deleted file mode 100644 index 9a93fa52..00000000 --- a/lib/digitalocean/charts/nginx-ingress/ci/deployment-metrics-values.yaml +++ /dev/null @@ -1,3 +0,0 @@ -controller: - metrics: - enabled: true diff --git a/lib/digitalocean/charts/nginx-ingress/ci/deployment-nodeport-values.yaml b/lib/digitalocean/charts/nginx-ingress/ci/deployment-nodeport-values.yaml deleted file mode 100644 index ffdc47b2..00000000 --- a/lib/digitalocean/charts/nginx-ingress/ci/deployment-nodeport-values.yaml +++ /dev/null @@ -1,3 +0,0 @@ -controller: - service: - type: NodePort diff --git a/lib/digitalocean/charts/nginx-ingress/ci/deployment-psp-values.yaml b/lib/digitalocean/charts/nginx-ingress/ci/deployment-psp-values.yaml deleted file mode 100644 index 7aae8605..00000000 --- a/lib/digitalocean/charts/nginx-ingress/ci/deployment-psp-values.yaml +++ /dev/null @@ -1,2 +0,0 @@ -podSecurityPolicy: - enabled: true diff --git a/lib/digitalocean/charts/nginx-ingress/ci/deployment-tcp-udp-configMapNamespace-values.yaml b/lib/digitalocean/charts/nginx-ingress/ci/deployment-tcp-udp-configMapNamespace-values.yaml deleted file mode 100644 index 7b06c1eb..00000000 --- a/lib/digitalocean/charts/nginx-ingress/ci/deployment-tcp-udp-configMapNamespace-values.yaml +++ /dev/null @@ -1,13 +0,0 @@ -controller: - service: - type: ClusterIP - tcp: - configMapNamespace: default - udp: - configMapNamespace: default - -tcp: - 9000: "default/test:8080" - -udp: - 9001: "default/test:8080" diff --git a/lib/digitalocean/charts/nginx-ingress/ci/deployment-tcp-udp-values.yaml b/lib/digitalocean/charts/nginx-ingress/ci/deployment-tcp-udp-values.yaml deleted file mode 100644 index 7c55d447..00000000 --- a/lib/digitalocean/charts/nginx-ingress/ci/deployment-tcp-udp-values.yaml +++ /dev/null @@ -1,9 +0,0 @@ -controller: - service: - type: ClusterIP - -tcp: - 9000: "default/test:8080" - -udp: - 9001: "default/test:8080" diff --git a/lib/digitalocean/charts/nginx-ingress/ci/deployment-tcp-values.yaml b/lib/digitalocean/charts/nginx-ingress/ci/deployment-tcp-values.yaml deleted file mode 100644 index c8bc2049..00000000 --- a/lib/digitalocean/charts/nginx-ingress/ci/deployment-tcp-values.yaml +++ /dev/null @@ -1,3 +0,0 @@ -tcp: - 9000: "default/test:8080" - 9001: "default/test:8080" diff --git a/lib/digitalocean/charts/nginx-ingress/ci/deployment-webhook-and-psp-values.yaml b/lib/digitalocean/charts/nginx-ingress/ci/deployment-webhook-and-psp-values.yaml deleted file mode 100644 index 0590d7c9..00000000 --- a/lib/digitalocean/charts/nginx-ingress/ci/deployment-webhook-and-psp-values.yaml +++ /dev/null @@ -1,6 +0,0 @@ -controller: - admissionWebhooks: - enabled: true - -podSecurityPolicy: - enabled: true diff --git a/lib/digitalocean/charts/nginx-ingress/ci/deployment-webhook-values.yaml b/lib/digitalocean/charts/nginx-ingress/ci/deployment-webhook-values.yaml deleted file mode 100644 index 07e1a925..00000000 --- a/lib/digitalocean/charts/nginx-ingress/ci/deployment-webhook-values.yaml +++ /dev/null @@ -1,3 +0,0 @@ -controller: - admissionWebhooks: - enabled: true diff --git a/lib/digitalocean/charts/nginx-ingress/templates/_helpers.tpl b/lib/digitalocean/charts/nginx-ingress/templates/_helpers.tpl deleted file mode 100644 index 2dbf8cf2..00000000 --- a/lib/digitalocean/charts/nginx-ingress/templates/_helpers.tpl +++ /dev/null @@ -1,125 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "nginx-ingress.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "nginx-ingress.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "nginx-ingress.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create a default fully qualified controller name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "nginx-ingress.controller.fullname" -}} -{{- printf "%s-%s" (include "nginx-ingress.fullname" .) .Values.controller.name | trunc 63 | trimSuffix "-" -}} -{{- end -}} - - -{{/* -Allow for the ability to override the release name used as a label in many places. -*/}} -{{- define "nginx-ingress.releaseLabel" -}} -{{- .Values.releaseLabelOverride | default .Release.Name | trunc 63 -}} -{{- end -}} - -{{/* -Construct the path for the publish-service. - -By convention this will simply use the / to match the name of the -service generated. - -Users can provide an override for an explicit service they want bound via `.Values.controller.publishService.pathOverride` - -*/}} -{{- define "nginx-ingress.controller.publishServicePath" -}} -{{- $defServiceName := printf "%s/%s" .Release.Namespace (include "nginx-ingress.controller.fullname" .) -}} -{{- $servicePath := default $defServiceName .Values.controller.publishService.pathOverride }} -{{- print $servicePath | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified default backend name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "nginx-ingress.defaultBackend.fullname" -}} -{{- printf "%s-%s" (include "nginx-ingress.fullname" .) .Values.defaultBackend.name | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create the name of the controller service account to use -*/}} -{{- define "nginx-ingress.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} - {{ default (include "nginx-ingress.fullname" .) .Values.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Create the name of the backend service account to use - only used when podsecuritypolicy is also enabled -*/}} -{{- define "nginx-ingress.defaultBackend.serviceAccountName" -}} -{{- if .Values.defaultBackend.serviceAccount.create -}} - {{ default (printf "%s-backend" (include "nginx-ingress.fullname" .)) .Values.defaultBackend.serviceAccount.name }} -{{- else -}} - {{ default "default-backend" .Values.defaultBackend.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for deployment. -*/}} -{{- define "deployment.apiVersion" -}} -{{- if semverCompare ">=1.9-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "apps/v1" -}} -{{- else -}} -{{- print "extensions/v1beta1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiGroup for PodSecurityPolicy. -*/}} -{{- define "podSecurityPolicy.apiGroup" -}} -{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "policy" -}} -{{- else -}} -{{- print "extensions" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for podSecurityPolicy. -*/}} -{{- define "podSecurityPolicy.apiVersion" -}} -{{- if semverCompare ">=1.10-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "policy/v1beta1" -}} -{{- else -}} -{{- print "extensions/v1beta1" -}} -{{- end -}} -{{- end -}} \ No newline at end of file diff --git a/lib/digitalocean/charts/nginx-ingress/templates/addheaders-configmap.yaml b/lib/digitalocean/charts/nginx-ingress/templates/addheaders-configmap.yaml deleted file mode 100644 index 534b133c..00000000 --- a/lib/digitalocean/charts/nginx-ingress/templates/addheaders-configmap.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.controller.addHeaders }} -apiVersion: v1 -kind: ConfigMap -metadata: - labels: - app: {{ template "nginx-ingress.name" . }} - chart: {{ template "nginx-ingress.chart" . }} - component: "{{ .Values.controller.name }}" - heritage: {{ .Release.Service }} - release: {{ template "nginx-ingress.releaseLabel" . }} - name: {{ template "nginx-ingress.fullname" . }}-custom-add-headers -data: -{{ toYaml .Values.controller.addHeaders | indent 2 }} -{{- end }} diff --git a/lib/digitalocean/charts/nginx-ingress/templates/admission-webhooks/job-patch/clusterrole.yaml b/lib/digitalocean/charts/nginx-ingress/templates/admission-webhooks/job-patch/clusterrole.yaml deleted file mode 100644 index a2483265..00000000 --- a/lib/digitalocean/charts/nginx-ingress/templates/admission-webhooks/job-patch/clusterrole.yaml +++ /dev/null @@ -1,30 +0,0 @@ -{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "nginx-ingress.fullname" . }}-admission - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded - labels: - app: {{ template "nginx-ingress.name" . }} - chart: {{ template "nginx-ingress.chart" . }} - component: "{{ .Values.controller.name }}" - heritage: {{ .Release.Service }} - release: {{ template "nginx-ingress.releaseLabel" . }} -rules: - - apiGroups: - - admissionregistration.k8s.io - resources: - - validatingwebhookconfigurations - verbs: - - get - - update -{{- if .Values.podSecurityPolicy.enabled }} - - apiGroups: ['extensions'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "nginx-ingress.fullname" . }}-admission -{{- end }} -{{- end }} diff --git a/lib/digitalocean/charts/nginx-ingress/templates/admission-webhooks/job-patch/clusterrolebinding.yaml b/lib/digitalocean/charts/nginx-ingress/templates/admission-webhooks/job-patch/clusterrolebinding.yaml deleted file mode 100644 index c99fdf85..00000000 --- a/lib/digitalocean/charts/nginx-ingress/templates/admission-webhooks/job-patch/clusterrolebinding.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "nginx-ingress.fullname" . }}-admission - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded - labels: - app: {{ template "nginx-ingress.name" . }} - chart: {{ template "nginx-ingress.chart" . }} - component: "{{ .Values.controller.name }}" - heritage: {{ .Release.Service }} - release: {{ template "nginx-ingress.releaseLabel" . }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "nginx-ingress.fullname" . }}-admission -subjects: - - kind: ServiceAccount - name: {{ template "nginx-ingress.fullname" . }}-admission - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/lib/digitalocean/charts/nginx-ingress/templates/admission-webhooks/job-patch/job-createSecret.yaml b/lib/digitalocean/charts/nginx-ingress/templates/admission-webhooks/job-patch/job-createSecret.yaml deleted file mode 100644 index 0a409a70..00000000 --- a/lib/digitalocean/charts/nginx-ingress/templates/admission-webhooks/job-patch/job-createSecret.yaml +++ /dev/null @@ -1,55 +0,0 @@ -{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled }} -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ template "nginx-ingress.fullname" . }}-admission-create - annotations: - "helm.sh/hook": pre-install,pre-upgrade - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded - labels: - app: {{ template "nginx-ingress.name" . }} - chart: {{ template "nginx-ingress.chart" . }} - component: "{{ .Values.controller.name }}" - heritage: {{ .Release.Service }} - release: {{ template "nginx-ingress.releaseLabel" . }} -spec: - {{- if .Capabilities.APIVersions.Has "batch/v1alpha1" }} - # Alpha feature since k8s 1.12 - ttlSecondsAfterFinished: 0 - {{- end }} - template: - metadata: - name: {{ template "nginx-ingress.fullname" . }}-admission-create -{{- with .Values.controller.admissionWebhooks.patch.podAnnotations }} - annotations: -{{ toYaml . | indent 8 }} -{{- end }} - labels: - app: {{ template "nginx-ingress.name" . }} - chart: {{ template "nginx-ingress.chart" . }} - component: "{{ .Values.controller.name }}" - heritage: {{ .Release.Service }} - release: {{ template "nginx-ingress.releaseLabel" . }} - spec: - {{- if .Values.controller.admissionWebhooks.patch.priorityClassName }} - priorityClassName: {{ .Values.controller.admissionWebhooks.patch.priorityClassName }} - {{- end }} - containers: - - name: create - image: {{ .Values.controller.admissionWebhooks.patch.image.repository }}:{{ .Values.controller.admissionWebhooks.patch.image.tag }} - imagePullPolicy: {{ .Values.controller.admissionWebhooks.patch.image.pullPolicy }} - args: - - create - - --host={{ template "nginx-ingress.controller.fullname" . }}-admission,{{ template "nginx-ingress.controller.fullname" . }}-admission.{{ .Release.Namespace }}.svc - - --namespace={{ .Release.Namespace }} - - --secret-name={{ template "nginx-ingress.fullname". }}-admission - restartPolicy: OnFailure - serviceAccountName: {{ template "nginx-ingress.fullname" . }}-admission - {{- with .Values.controller.admissionWebhooks.patch.nodeSelector }} - nodeSelector: -{{ toYaml . | indent 8 }} - {{- end }} - securityContext: - runAsNonRoot: true - runAsUser: 2000 -{{- end }} diff --git a/lib/digitalocean/charts/nginx-ingress/templates/admission-webhooks/job-patch/job-patchWebhook.yaml b/lib/digitalocean/charts/nginx-ingress/templates/admission-webhooks/job-patch/job-patchWebhook.yaml deleted file mode 100644 index 0b890582..00000000 --- a/lib/digitalocean/charts/nginx-ingress/templates/admission-webhooks/job-patch/job-patchWebhook.yaml +++ /dev/null @@ -1,57 +0,0 @@ -{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled }} -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ template "nginx-ingress.fullname" . }}-admission-patch - annotations: - "helm.sh/hook": post-install,post-upgrade - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded - labels: - app: {{ template "nginx-ingress.name" . }} - chart: {{ template "nginx-ingress.chart" . }} - component: "{{ .Values.controller.name }}" - heritage: {{ .Release.Service }} - release: {{ template "nginx-ingress.releaseLabel" . }} -spec: - {{- if .Capabilities.APIVersions.Has "batch/v1alpha1" }} - # Alpha feature since k8s 1.12 - ttlSecondsAfterFinished: 0 - {{- end }} - template: - metadata: - name: {{ template "nginx-ingress.fullname" . }}-admission-patch -{{- with .Values.controller.admissionWebhooks.patch.podAnnotations }} - annotations: -{{ toYaml . | indent 8 }} -{{- end }} - labels: - app: {{ template "nginx-ingress.name" . }} - chart: {{ template "nginx-ingress.chart" . }} - component: "{{ .Values.controller.name }}" - heritage: {{ .Release.Service }} - release: {{ template "nginx-ingress.releaseLabel" . }} - spec: - {{- if .Values.controller.admissionWebhooks.patch.priorityClassName }} - priorityClassName: {{ .Values.controller.admissionWebhooks.patch.priorityClassName }} - {{- end }} - containers: - - name: patch - image: {{ .Values.controller.admissionWebhooks.patch.image.repository }}:{{ .Values.controller.admissionWebhooks.patch.image.tag }} - imagePullPolicy: {{ .Values.controller.admissionWebhooks.patch.pullPolicy }} - args: - - patch - - --webhook-name={{ template "nginx-ingress.fullname" . }}-admission - - --namespace={{ .Release.Namespace }} - - --patch-mutating=false - - --secret-name={{ template "nginx-ingress.fullname". }}-admission - - --patch-failure-policy={{ .Values.controller.admissionWebhooks.failurePolicy }} - restartPolicy: OnFailure - serviceAccountName: {{ template "nginx-ingress.fullname" . }}-admission - {{- with .Values.controller.admissionWebhooks.patch.nodeSelector }} - nodeSelector: -{{ toYaml . | indent 8 }} - {{- end }} - securityContext: - runAsNonRoot: true - runAsUser: 2000 -{{- end }} diff --git a/lib/digitalocean/charts/nginx-ingress/templates/admission-webhooks/job-patch/psp.yaml b/lib/digitalocean/charts/nginx-ingress/templates/admission-webhooks/job-patch/psp.yaml deleted file mode 100644 index a23f9271..00000000 --- a/lib/digitalocean/charts/nginx-ingress/templates/admission-webhooks/job-patch/psp.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled .Values.podSecurityPolicy.enabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "nginx-ingress.fullname" . }}-admission - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded - labels: - app: {{ template "nginx-ingress.name" . }} - chart: {{ template "nginx-ingress.chart" . }} - component: "{{ .Values.controller.name }}" - heritage: {{ .Release.Service }} - release: {{ template "nginx-ingress.releaseLabel" . }} -spec: - allowPrivilegeEscalation: false - fsGroup: - ranges: - - max: 65535 - min: 1 - rule: MustRunAs - requiredDropCapabilities: - - ALL - runAsUser: - rule: MustRunAsNonRoot - seLinux: - rule: RunAsAny - supplementalGroups: - ranges: - - max: 65535 - min: 1 - rule: MustRunAs - volumes: - - configMap - - emptyDir - - projected - - secret - - downwardAPI -{{- end }} diff --git a/lib/digitalocean/charts/nginx-ingress/templates/admission-webhooks/job-patch/role.yaml b/lib/digitalocean/charts/nginx-ingress/templates/admission-webhooks/job-patch/role.yaml deleted file mode 100644 index 665769fd..00000000 --- a/lib/digitalocean/charts/nginx-ingress/templates/admission-webhooks/job-patch/role.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ template "nginx-ingress.fullname" . }}-admission - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded - labels: - app: {{ template "nginx-ingress.name" . }} - chart: {{ template "nginx-ingress.chart" . }} - component: "{{ .Values.controller.name }}" - heritage: {{ .Release.Service }} - release: {{ template "nginx-ingress.releaseLabel" . }} -rules: - - apiGroups: - - "" - resources: - - secrets - verbs: - - get - - create -{{- end }} diff --git a/lib/digitalocean/charts/nginx-ingress/templates/admission-webhooks/job-patch/rolebinding.yaml b/lib/digitalocean/charts/nginx-ingress/templates/admission-webhooks/job-patch/rolebinding.yaml deleted file mode 100644 index 0e4873fc..00000000 --- a/lib/digitalocean/charts/nginx-ingress/templates/admission-webhooks/job-patch/rolebinding.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "nginx-ingress.fullname" . }}-admission - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded - labels: - app: {{ template "nginx-ingress.name" . }} - chart: {{ template "nginx-ingress.chart" . }} - component: "{{ .Values.controller.name }}" - heritage: {{ .Release.Service }} - release: {{ template "nginx-ingress.releaseLabel" . }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "nginx-ingress.fullname" . }}-admission -subjects: - - kind: ServiceAccount - name: {{ template "nginx-ingress.fullname" . }}-admission - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/lib/digitalocean/charts/nginx-ingress/templates/admission-webhooks/job-patch/serviceaccount.yaml b/lib/digitalocean/charts/nginx-ingress/templates/admission-webhooks/job-patch/serviceaccount.yaml deleted file mode 100644 index c0822f9c..00000000 --- a/lib/digitalocean/charts/nginx-ingress/templates/admission-webhooks/job-patch/serviceaccount.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "nginx-ingress.fullname" . }}-admission - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded - labels: - app: {{ template "nginx-ingress.name" . }} - chart: {{ template "nginx-ingress.chart" . }} - component: "{{ .Values.controller.name }}" - heritage: {{ .Release.Service }} - release: {{ template "nginx-ingress.releaseLabel" . }} -{{- end }} diff --git a/lib/digitalocean/charts/nginx-ingress/templates/admission-webhooks/validating-webhook.yaml b/lib/digitalocean/charts/nginx-ingress/templates/admission-webhooks/validating-webhook.yaml deleted file mode 100644 index cd962e5e..00000000 --- a/lib/digitalocean/charts/nginx-ingress/templates/admission-webhooks/validating-webhook.yaml +++ /dev/null @@ -1,31 +0,0 @@ -{{- if .Values.controller.admissionWebhooks.enabled }} -apiVersion: admissionregistration.k8s.io/v1beta1 -kind: ValidatingWebhookConfiguration -metadata: - labels: - app: {{ template "nginx-ingress.name" . }}-admission - chart: {{ template "nginx-ingress.chart" . }} - component: "admission-webhook" - heritage: {{ .Release.Service }} - release: {{ template "nginx-ingress.releaseLabel" . }} - name: {{ template "nginx-ingress.fullname" . }}-admission -webhooks: - - name: validate.nginx.ingress.kubernetes.io - rules: - - apiGroups: - - extensions - - networking.k8s.io - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - ingresses - failurePolicy: Fail - clientConfig: - service: - namespace: {{ .Release.Namespace }} - name: {{ template "nginx-ingress.controller.fullname" . }}-admission - path: /extensions/v1beta1/ingresses -{{- end }} diff --git a/lib/digitalocean/charts/nginx-ingress/templates/clusterrole.yaml b/lib/digitalocean/charts/nginx-ingress/templates/clusterrole.yaml deleted file mode 100644 index 14667eba..00000000 --- a/lib/digitalocean/charts/nginx-ingress/templates/clusterrole.yaml +++ /dev/null @@ -1,71 +0,0 @@ -{{- if and (.Values.rbac.create) (not .Values.rbac.scope) -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app: {{ template "nginx-ingress.name" . }} - chart: {{ template "nginx-ingress.chart" . }} - heritage: {{ .Release.Service }} - release: {{ template "nginx-ingress.releaseLabel" . }} - name: {{ template "nginx-ingress.fullname" . }} -rules: - - apiGroups: - - "" - resources: - - configmaps - - endpoints - - nodes - - pods - - secrets - verbs: - - list - - watch -{{- if and .Values.controller.scope.enabled .Values.controller.scope.namespace }} - - apiGroups: - - "" - resources: - - namespaces - resourceNames: - - "{{ .Values.controller.scope.namespace }}" - verbs: - - get -{{- end }} - - apiGroups: - - "" - resources: - - nodes - verbs: - - get - - apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - update - - watch - - apiGroups: - - extensions - - "networking.k8s.io" # k8s 1.14+ - resources: - - ingresses - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - apiGroups: - - extensions - - "networking.k8s.io" # k8s 1.14+ - resources: - - ingresses/status - verbs: - - update -{{- end -}} diff --git a/lib/digitalocean/charts/nginx-ingress/templates/clusterrolebinding.yaml b/lib/digitalocean/charts/nginx-ingress/templates/clusterrolebinding.yaml deleted file mode 100644 index 39decdac..00000000 --- a/lib/digitalocean/charts/nginx-ingress/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if and (.Values.rbac.create) (not .Values.rbac.scope) -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app: {{ template "nginx-ingress.name" . }} - chart: {{ template "nginx-ingress.chart" . }} - heritage: {{ .Release.Service }} - release: {{ template "nginx-ingress.releaseLabel" . }} - name: {{ template "nginx-ingress.fullname" . }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "nginx-ingress.fullname" . }} -subjects: - - kind: ServiceAccount - name: {{ template "nginx-ingress.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end -}} diff --git a/lib/digitalocean/charts/nginx-ingress/templates/controller-configmap.yaml b/lib/digitalocean/charts/nginx-ingress/templates/controller-configmap.yaml deleted file mode 100644 index 25625b44..00000000 --- a/lib/digitalocean/charts/nginx-ingress/templates/controller-configmap.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if or .Values.controller.config (or (or .Values.controller.proxySetHeaders .Values.controller.headers) .Values.controller.addHeaders) }} -apiVersion: v1 -kind: ConfigMap -metadata: - labels: - app: {{ template "nginx-ingress.name" . }} - chart: {{ template "nginx-ingress.chart" . }} - component: "{{ .Values.controller.name }}" - heritage: {{ .Release.Service }} - release: {{ template "nginx-ingress.releaseLabel" . }} - name: {{ template "nginx-ingress.controller.fullname" . }} -data: -{{- if .Values.controller.addHeaders }} - add-headers: {{ .Release.Namespace }}/{{ template "nginx-ingress.fullname" . }}-custom-add-headers -{{- end }} -{{- if or .Values.controller.proxySetHeaders .Values.controller.headers }} - proxy-set-headers: {{ .Release.Namespace }}/{{ template "nginx-ingress.fullname" . }}-custom-proxy-headers -{{- end }} -{{- if .Values.controller.config }} -{{ toYaml .Values.controller.config | indent 2 }} -{{- end }} -{{- end }} diff --git a/lib/digitalocean/charts/nginx-ingress/templates/controller-daemonset.yaml b/lib/digitalocean/charts/nginx-ingress/templates/controller-daemonset.yaml deleted file mode 100644 index 21bd8a16..00000000 --- a/lib/digitalocean/charts/nginx-ingress/templates/controller-daemonset.yaml +++ /dev/null @@ -1,256 +0,0 @@ -{{- if or (eq .Values.controller.kind "DaemonSet") (eq .Values.controller.kind "Both") }} -{{- $useHostPort := .Values.controller.daemonset.useHostPort -}} -{{- $hostPorts := .Values.controller.daemonset.hostPorts -}} -apiVersion: {{ template "deployment.apiVersion" . }} -kind: DaemonSet -metadata: - labels: - app: {{ template "nginx-ingress.name" . }} - chart: {{ template "nginx-ingress.chart" . }} - heritage: {{ .Release.Service }} - release: {{ template "nginx-ingress.releaseLabel" . }} - app.kubernetes.io/component: controller - name: {{ template "nginx-ingress.controller.fullname" . }} - annotations: -{{ toYaml .Values.controller.deploymentAnnotations | indent 4}} -spec: - selector: - matchLabels: - app: {{ template "nginx-ingress.name" . }} - release: {{ template "nginx-ingress.releaseLabel" . }} - {{- if .Values.controller.useComponentLabel }} - app.kubernetes.io/component: controller - {{- end }} - revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} - updateStrategy: -{{ toYaml .Values.controller.updateStrategy | indent 4 }} - minReadySeconds: {{ .Values.controller.minReadySeconds }} - template: - metadata: - {{- if .Values.controller.podAnnotations }} - annotations: - {{- range $key, $value := .Values.controller.podAnnotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} - {{- end }} - labels: - app: {{ template "nginx-ingress.name" . }} - release: {{ template "nginx-ingress.releaseLabel" . }} - app.kubernetes.io/component: controller - {{- if .Values.controller.podLabels }} -{{ toYaml .Values.controller.podLabels | indent 8}} - {{- end }} - spec: -{{- if .Values.controller.dnsConfig }} - dnsConfig: -{{ toYaml .Values.controller.dnsConfig | indent 8 }} -{{- end }} - dnsPolicy: {{ .Values.controller.dnsPolicy }} - {{- if .Values.imagePullSecrets }} - imagePullSecrets: -{{ toYaml .Values.imagePullSecrets | indent 8 }} - {{- end }} -{{- if .Values.controller.priorityClassName }} - priorityClassName: "{{ .Values.controller.priorityClassName }}" -{{- end }} - {{- if .Values.controller.podSecurityContext }} - securityContext: -{{ toYaml .Values.controller.podSecurityContext | indent 8 }} - {{- end }} - containers: - - name: {{ template "nginx-ingress.name" . }}-{{ .Values.controller.name }} - image: "{{ .Values.controller.image.repository }}:{{ .Values.controller.image.tag }}" - imagePullPolicy: "{{ .Values.controller.image.pullPolicy }}" - {{- if .Values.controller.lifecycle }} - lifecycle: -{{ toYaml .Values.controller.lifecycle | indent 12 }} - {{- end }} - args: - - /nginx-ingress-controller - {{- if .Values.defaultBackend.enabled }} - - --default-backend-service={{ .Release.Namespace }}/{{ template "nginx-ingress.defaultBackend.fullname" . }} - {{- else }} - {{- if (semverCompare "<0.21.0" .Values.controller.image.tag) }} - - --default-backend-service={{ required ".Values.controller.defaultBackendService is required if .Values.defaultBackend.enabled=false and .Values.controller.image.tag < 0.21.0" .Values.controller.defaultBackendService }} - {{- else if .Values.controller.defaultBackendService }} - - --default-backend-service={{ .Values.controller.defaultBackendService }} - {{- end }} - {{- end }} - {{- if and (semverCompare ">=0.9.0-beta.1" .Values.controller.image.tag) .Values.controller.publishService.enabled }} - - --publish-service={{ template "nginx-ingress.controller.publishServicePath" . }} - {{- end }} - {{- if (semverCompare ">=0.9.0-beta.1" .Values.controller.image.tag) }} - - --election-id={{ .Values.controller.electionID }} - {{- end }} - {{- if (semverCompare ">=0.9.0-beta.1" .Values.controller.image.tag) }} - - --ingress-class={{ .Values.controller.ingressClass }} - {{- end }} - {{- if (semverCompare ">=0.9.0-beta.1" .Values.controller.image.tag) }} - - --configmap={{ .Release.Namespace }}/{{ template "nginx-ingress.controller.fullname" . }} - {{- else }} - - --nginx-configmap={{ .Release.Namespace }}/{{ template "nginx-ingress.controller.fullname" . }} - {{- end }} - {{- if .Values.tcp }} - - --tcp-services-configmap={{ .Release.Namespace }}/{{ template "nginx-ingress.fullname" . }}-tcp - {{- end }} - {{- if .Values.udp }} - - --udp-services-configmap={{ .Release.Namespace }}/{{ template "nginx-ingress.fullname" . }}-udp - {{- end }} - {{- if .Values.controller.scope.enabled }} - - --watch-namespace={{ default .Release.Namespace .Values.controller.scope.namespace }} - {{- end }} - {{- if and (.Values.controller.reportNodeInternalIp) (.Values.controller.hostNetwork)}} - - --report-node-internal-ip-address={{ .Values.controller.reportNodeInternalIp }} - {{- end }} - {{- if .Values.controller.admissionWebhooks.enabled }} - - --validating-webhook=:{{ .Values.controller.admissionWebhooks.port }} - - --validating-webhook-certificate=/usr/local/certificates/cert - - --validating-webhook-key=/usr/local/certificates/key - {{- end }} - {{- if .Values.controller.maxmindLicenseKey }} - - --maxmind-license-key={{ .Values.controller.maxmindLicenseKey }} - {{- end }} - {{- range $key, $value := .Values.controller.extraArgs }} - {{- if $value }} - - --{{ $key }}={{ $value }} - {{- else }} - - --{{ $key }} - {{- end }} - {{- end }} - {{- if (semverCompare ">=0.16.0" .Values.controller.image.tag) }} - securityContext: - capabilities: - drop: - - ALL - add: - - NET_BIND_SERVICE - runAsUser: {{ .Values.controller.image.runAsUser }} - allowPrivilegeEscalation: {{ .Values.controller.image.allowPrivilegeEscalation }} - {{- end }} - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - {{- if .Values.controller.extraEnvs }} -{{ toYaml .Values.controller.extraEnvs | indent 12 }} - {{- end }} - livenessProbe: - httpGet: - path: /healthz - port: {{ .Values.controller.livenessProbe.port }} - scheme: HTTP - initialDelaySeconds: {{ .Values.controller.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.controller.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.controller.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.controller.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.controller.livenessProbe.failureThreshold }} - ports: - {{- range $key, $value := .Values.controller.containerPort }} - - name: {{ $key }} - containerPort: {{ $value }} - protocol: TCP - {{- if $useHostPort }} - hostPort: {{ index $hostPorts $key | default $value }} - {{- end }} - {{- end }} - {{- if .Values.controller.metrics.enabled }} - - name: metrics - containerPort: {{ .Values.controller.metrics.port }} - protocol: TCP - {{- end }} - {{- if .Values.controller.admissionWebhooks.enabled }} - - name: webhook - containerPort: {{ .Values.controller.admissionWebhooks.port }} - protocol: TCP - {{- end }} - {{- range $key, $value := .Values.tcp }} - - name: "{{ $key }}-tcp" - containerPort: {{ $key }} - protocol: TCP - {{- if $useHostPort }} - hostPort: {{ $key }} - {{- end }} - {{- end }} - {{- range $key, $value := .Values.udp }} - - name: "{{ $key }}-udp" - containerPort: {{ $key }} - protocol: UDP - {{- if $useHostPort }} - hostPort: {{ $key }} - {{- end }} - {{- end }} - readinessProbe: - httpGet: - path: /healthz - port: {{ .Values.controller.readinessProbe.port }} - scheme: HTTP - initialDelaySeconds: {{ .Values.controller.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.controller.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.controller.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }} -{{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled) }} - volumeMounts: -{{- end }} -{{- if .Values.controller.customTemplate.configMapName }} - - mountPath: /etc/nginx/template - name: nginx-template-volume - readOnly: true -{{- end }} -{{- if .Values.controller.admissionWebhooks.enabled }} - - name: webhook-cert - mountPath: "/usr/local/certificates/" - readOnly: true -{{- end }} -{{- if .Values.controller.extraVolumeMounts }} -{{ toYaml .Values.controller.extraVolumeMounts | indent 12}} -{{- end }} - resources: -{{ toYaml .Values.controller.resources | indent 12 }} -{{- if .Values.controller.extraContainers }} -{{ toYaml .Values.controller.extraContainers | indent 8}} -{{- end }} -{{- if .Values.controller.extraInitContainers }} - initContainers: -{{ toYaml .Values.controller.extraInitContainers | indent 8}} -{{- end }} - hostNetwork: {{ .Values.controller.hostNetwork }} - {{- if .Values.controller.nodeSelector }} - nodeSelector: -{{ toYaml .Values.controller.nodeSelector | indent 8 }} - {{- end }} - {{- if .Values.controller.tolerations }} - tolerations: -{{ toYaml .Values.controller.tolerations | indent 8 }} - {{- end }} - {{- if .Values.controller.affinity }} - affinity: -{{ toYaml .Values.controller.affinity | indent 8 }} - {{- end }} - serviceAccountName: {{ template "nginx-ingress.serviceAccountName" . }} - terminationGracePeriodSeconds: 60 -{{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled .Values.controller.extraVolumes) }} - volumes: -{{- end }} -{{- if .Values.controller.customTemplate.configMapName }} - - name: nginx-template-volume - configMap: - name: {{ .Values.controller.customTemplate.configMapName }} - items: - - key: {{ .Values.controller.customTemplate.configMapKey }} - path: nginx.tmpl -{{- end }} -{{- if .Values.controller.admissionWebhooks.enabled }} - - name: webhook-cert - secret: - secretName: {{ template "nginx-ingress.fullname". }}-admission -{{- end }} -{{- if .Values.controller.extraVolumes }} -{{ toYaml .Values.controller.extraVolumes | indent 8}} -{{- end }} -{{- end }} diff --git a/lib/digitalocean/charts/nginx-ingress/templates/controller-deployment.yaml b/lib/digitalocean/charts/nginx-ingress/templates/controller-deployment.yaml deleted file mode 100644 index 8cf9bda1..00000000 --- a/lib/digitalocean/charts/nginx-ingress/templates/controller-deployment.yaml +++ /dev/null @@ -1,251 +0,0 @@ -{{- if or (eq .Values.controller.kind "Deployment") (eq .Values.controller.kind "Both") }} -apiVersion: {{ template "deployment.apiVersion" . }} -kind: Deployment -metadata: - labels: - app: {{ template "nginx-ingress.name" . }} - chart: {{ template "nginx-ingress.chart" . }} - heritage: {{ .Release.Service }} - release: {{ template "nginx-ingress.releaseLabel" . }} - app.kubernetes.io/component: controller - name: {{ template "nginx-ingress.controller.fullname" . }} - annotations: -{{ toYaml .Values.controller.deploymentAnnotations | indent 4}} -spec: - selector: - matchLabels: - app: {{ template "nginx-ingress.name" . }} - release: {{ template "nginx-ingress.releaseLabel" . }} - {{- if .Values.controller.useComponentLabel }} - app.kubernetes.io/component: controller - {{- end }} -{{- if not .Values.controller.autoscaling.enabled }} - replicas: {{ .Values.controller.replicaCount }} -{{- end }} - revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} - strategy: -{{ toYaml .Values.controller.updateStrategy | indent 4 }} - minReadySeconds: {{ .Values.controller.minReadySeconds }} - template: - metadata: - {{- if .Values.controller.podAnnotations }} - annotations: - {{- range $key, $value := .Values.controller.podAnnotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} - {{- end }} - labels: - app: {{ template "nginx-ingress.name" . }} - release: {{ template "nginx-ingress.releaseLabel" . }} - app.kubernetes.io/component: controller - {{- if .Values.controller.podLabels }} -{{ toYaml .Values.controller.podLabels | indent 8 }} - {{- end }} - spec: -{{- if .Values.controller.dnsConfig }} - dnsConfig: -{{ toYaml .Values.controller.dnsConfig | indent 8 }} -{{- end }} - dnsPolicy: {{ .Values.controller.dnsPolicy }} - {{- if .Values.imagePullSecrets }} - imagePullSecrets: -{{ toYaml .Values.imagePullSecrets | indent 8 }} - {{- end }} -{{- if .Values.controller.priorityClassName }} - priorityClassName: "{{ .Values.controller.priorityClassName }}" -{{- end }} - {{- if .Values.controller.podSecurityContext }} - securityContext: -{{ toYaml .Values.controller.podSecurityContext | indent 8 }} - {{- end }} - containers: - - name: {{ template "nginx-ingress.name" . }}-{{ .Values.controller.name }} - image: "{{ .Values.controller.image.repository }}:{{ .Values.controller.image.tag }}" - imagePullPolicy: "{{ .Values.controller.image.pullPolicy }}" - {{- if .Values.controller.lifecycle }} - lifecycle: -{{ toYaml .Values.controller.lifecycle | indent 12 }} - {{- end }} - args: - - /nginx-ingress-controller - {{- if .Values.defaultBackend.enabled }} - - --default-backend-service={{ .Release.Namespace }}/{{ template "nginx-ingress.defaultBackend.fullname" . }} - {{- else }} - {{- if (semverCompare "<0.21.0" .Values.controller.image.tag) }} - - --default-backend-service={{ required ".Values.controller.defaultBackendService is required if .Values.defaultBackend.enabled=false and .Values.controller.image.tag < 0.21.0" .Values.controller.defaultBackendService }} - {{- else if .Values.controller.defaultBackendService }} - - --default-backend-service={{ .Values.controller.defaultBackendService }} - {{- end }} - {{- end }} - {{- if and (semverCompare ">=0.9.0-beta.1" .Values.controller.image.tag) .Values.controller.publishService.enabled }} - - --publish-service={{ template "nginx-ingress.controller.publishServicePath" . }} - {{- end }} - {{- if (semverCompare ">=0.9.0-beta.1" .Values.controller.image.tag) }} - - --election-id={{ .Values.controller.electionID }} - {{- end }} - {{- if (semverCompare ">=0.9.0-beta.1" .Values.controller.image.tag) }} - - --ingress-class={{ .Values.controller.ingressClass }} - {{- end }} - {{- if (semverCompare ">=0.9.0-beta.1" .Values.controller.image.tag) }} - - --configmap={{ default .Release.Namespace .Values.controller.configMapNamespace }}/{{ template "nginx-ingress.controller.fullname" . }} - {{- else }} - - --nginx-configmap={{ default .Release.Namespace .Values.controller.configMapNamespace }}/{{ template "nginx-ingress.controller.fullname" . }} - {{- end }} - {{- if .Values.tcp }} - - --tcp-services-configmap={{ default .Release.Namespace .Values.controller.tcp.configMapNamespace }}/{{ template "nginx-ingress.fullname" . }}-tcp - {{- end }} - {{- if .Values.udp }} - - --udp-services-configmap={{ default .Release.Namespace .Values.controller.udp.configMapNamespace }}/{{ template "nginx-ingress.fullname" . }}-udp - {{- end }} - {{- if .Values.controller.scope.enabled }} - - --watch-namespace={{ default .Release.Namespace .Values.controller.scope.namespace }} - {{- end }} - {{- if and (.Values.controller.scope.enabled) (.Values.rbac.scope) }} - - --update-status=false - {{- end }} - {{- if and (.Values.controller.reportNodeInternalIp) (.Values.controller.hostNetwork) }} - - --report-node-internal-ip-address={{ .Values.controller.reportNodeInternalIp }} - {{- end }} - {{- if .Values.controller.admissionWebhooks.enabled }} - - --validating-webhook=:{{ .Values.controller.admissionWebhooks.port }} - - --validating-webhook-certificate=/usr/local/certificates/cert - - --validating-webhook-key=/usr/local/certificates/key - {{- end }} - {{- if .Values.controller.maxmindLicenseKey }} - - --maxmind-license-key={{ .Values.controller.maxmindLicenseKey }} - {{- end }} - {{- range $key, $value := .Values.controller.extraArgs }} - {{- if $value }} - - --{{ $key }}={{ $value }} - {{- else }} - - --{{ $key }} - {{- end }} - {{- end }} - {{- if (semverCompare ">=0.16.0" .Values.controller.image.tag) }} - securityContext: - capabilities: - drop: - - ALL - add: - - NET_BIND_SERVICE - runAsUser: {{ .Values.controller.image.runAsUser }} - allowPrivilegeEscalation: {{ .Values.controller.image.allowPrivilegeEscalation }} - {{- end }} - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - {{- if .Values.controller.extraEnvs }} -{{ toYaml .Values.controller.extraEnvs | indent 12 }} - {{- end }} - livenessProbe: - httpGet: - path: /healthz - port: {{ .Values.controller.livenessProbe.port }} - scheme: HTTP - initialDelaySeconds: {{ .Values.controller.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.controller.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.controller.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.controller.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.controller.livenessProbe.failureThreshold }} - ports: - {{- range $key, $value := .Values.controller.containerPort }} - - name: {{ $key }} - containerPort: {{ $value }} - protocol: TCP - {{- end }} - {{- if .Values.controller.metrics.enabled }} - - name: metrics - containerPort: {{ .Values.controller.metrics.port }} - protocol: TCP - {{- end }} - {{- if .Values.controller.admissionWebhooks.enabled }} - - name: webhook - containerPort: {{ .Values.controller.admissionWebhooks.port }} - protocol: TCP - {{- end }} - {{- range $key, $value := .Values.tcp }} - - name: "{{ $key }}-tcp" - containerPort: {{ $key }} - protocol: TCP - {{- end }} - {{- range $key, $value := .Values.udp }} - - name: "{{ $key }}-udp" - containerPort: {{ $key }} - protocol: UDP - {{- end }} - readinessProbe: - httpGet: - path: /healthz - port: {{ .Values.controller.readinessProbe.port }} - scheme: HTTP - initialDelaySeconds: {{ .Values.controller.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.controller.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.controller.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }} -{{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled) }} - volumeMounts: -{{- end }} -{{- if .Values.controller.customTemplate.configMapName }} - - mountPath: /etc/nginx/template - name: nginx-template-volume - readOnly: true -{{- end }} -{{- if .Values.controller.admissionWebhooks.enabled }} - - name: webhook-cert - mountPath: "/usr/local/certificates/" - readOnly: true -{{- end }} -{{- if .Values.controller.extraVolumeMounts }} -{{ toYaml .Values.controller.extraVolumeMounts | indent 12}} -{{- end }} - resources: -{{ toYaml .Values.controller.resources | indent 12 }} -{{- if .Values.controller.extraContainers }} -{{ toYaml .Values.controller.extraContainers | indent 8}} -{{- end }} -{{- if .Values.controller.extraInitContainers }} - initContainers: -{{ toYaml .Values.controller.extraInitContainers | indent 8}} -{{- end }} - hostNetwork: {{ .Values.controller.hostNetwork }} - {{- if .Values.controller.nodeSelector }} - nodeSelector: -{{ toYaml .Values.controller.nodeSelector | indent 8 }} - {{- end }} - {{- if .Values.controller.tolerations }} - tolerations: -{{ toYaml .Values.controller.tolerations | indent 8 }} - {{- end }} - {{- if .Values.controller.affinity }} - affinity: -{{ toYaml .Values.controller.affinity | indent 8 }} - {{- end }} - serviceAccountName: {{ template "nginx-ingress.serviceAccountName" . }} - terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }} -{{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled .Values.controller.extraVolumes) }} - volumes: -{{- end }} -{{- if .Values.controller.customTemplate.configMapName }} - - name: nginx-template-volume - configMap: - name: {{ .Values.controller.customTemplate.configMapName }} - items: - - key: {{ .Values.controller.customTemplate.configMapKey }} - path: nginx.tmpl -{{- end }} -{{- if .Values.controller.admissionWebhooks.enabled }} - - name: webhook-cert - secret: - secretName: {{ template "nginx-ingress.fullname". }}-admission -{{- end }} -{{- if .Values.controller.extraVolumes }} -{{ toYaml .Values.controller.extraVolumes | indent 8}} -{{- end }} -{{- end }} diff --git a/lib/digitalocean/charts/nginx-ingress/templates/controller-hpa.yaml b/lib/digitalocean/charts/nginx-ingress/templates/controller-hpa.yaml deleted file mode 100644 index 77d35338..00000000 --- a/lib/digitalocean/charts/nginx-ingress/templates/controller-hpa.yaml +++ /dev/null @@ -1,34 +0,0 @@ -{{- if or (eq .Values.controller.kind "Deployment") (eq .Values.controller.kind "Both") }} -{{- if .Values.controller.autoscaling.enabled }} -apiVersion: autoscaling/v2beta1 -kind: HorizontalPodAutoscaler -metadata: - labels: - app: {{ template "nginx-ingress.name" . }} - chart: {{ template "nginx-ingress.chart" . }} - component: "{{ .Values.controller.name }}" - heritage: {{ .Release.Service }} - release: {{ template "nginx-ingress.releaseLabel" . }} - name: {{ template "nginx-ingress.controller.fullname" . }} -spec: - scaleTargetRef: - apiVersion: {{ template "deployment.apiVersion" . }} - kind: Deployment - name: {{ template "nginx-ingress.controller.fullname" . }} - minReplicas: {{ .Values.controller.autoscaling.minReplicas }} - maxReplicas: {{ .Values.controller.autoscaling.maxReplicas }} - metrics: -{{- with .Values.controller.autoscaling.targetCPUUtilizationPercentage }} - - type: Resource - resource: - name: cpu - targetAverageUtilization: {{ . }} -{{- end }} -{{- with .Values.controller.autoscaling.targetMemoryUtilizationPercentage }} - - type: Resource - resource: - name: memory - targetAverageUtilization: {{ . }} -{{- end }} -{{- end }} -{{- end }} diff --git a/lib/digitalocean/charts/nginx-ingress/templates/controller-metrics-service.yaml b/lib/digitalocean/charts/nginx-ingress/templates/controller-metrics-service.yaml deleted file mode 100644 index 9e991d69..00000000 --- a/lib/digitalocean/charts/nginx-ingress/templates/controller-metrics-service.yaml +++ /dev/null @@ -1,47 +0,0 @@ -{{- if .Values.controller.metrics.enabled }} -apiVersion: v1 -kind: Service -metadata: -{{- if .Values.controller.metrics.service.annotations }} - annotations: - {{- range $key, $value := .Values.controller.metrics.service.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -{{- end }} - labels: -{{- if .Values.controller.metrics.service.labels }} -{{ toYaml .Values.controller.metrics.service.labels | indent 4 }} -{{- end }} - app: {{ template "nginx-ingress.name" . }} - chart: {{ template "nginx-ingress.chart" . }} - component: "{{ .Values.controller.name }}" - heritage: {{ .Release.Service }} - release: {{ template "nginx-ingress.releaseLabel" . }} - name: {{ template "nginx-ingress.controller.fullname" . }}-metrics -spec: -{{- if not .Values.controller.metrics.service.omitClusterIP }} - {{- with .Values.controller.metrics.service.clusterIP }} - clusterIP: {{ if eq "-" . }}""{{ else }}{{ . | quote }}{{ end }} - {{- end }} -{{- end }} -{{- if .Values.controller.metrics.service.externalIPs }} - externalIPs: -{{ toYaml .Values.controller.metrics.service.externalIPs | indent 4 }} -{{- end }} -{{- if .Values.controller.metrics.service.loadBalancerIP }} - loadBalancerIP: "{{ .Values.controller.metrics.service.loadBalancerIP }}" -{{- end }} -{{- if .Values.controller.metrics.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: -{{ toYaml .Values.controller.metrics.service.loadBalancerSourceRanges | indent 4 }} -{{- end }} - ports: - - name: metrics - port: {{ .Values.controller.metrics.service.servicePort }} - targetPort: metrics - selector: - app: {{ template "nginx-ingress.name" . }} - release: {{ template "nginx-ingress.releaseLabel" . }} - app.kubernetes.io/component: controller - type: "{{ .Values.controller.metrics.service.type }}" -{{- end }} diff --git a/lib/digitalocean/charts/nginx-ingress/templates/controller-poddisruptionbudget.yaml b/lib/digitalocean/charts/nginx-ingress/templates/controller-poddisruptionbudget.yaml deleted file mode 100644 index d1dab8fb..00000000 --- a/lib/digitalocean/charts/nginx-ingress/templates/controller-poddisruptionbudget.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if or (and .Values.controller.autoscaling.enabled (gt (.Values.controller.autoscaling.minReplicas | int) 1)) (gt (.Values.controller.replicaCount | int) 1) }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - labels: - app: {{ template "nginx-ingress.name" . }} - chart: {{ template "nginx-ingress.chart" . }} - app.kubernetes.io/component: controller - heritage: {{ .Release.Service }} - release: {{ template "nginx-ingress.releaseLabel" . }} - name: {{ template "nginx-ingress.controller.fullname" . }} -spec: - selector: - matchLabels: - app: {{ template "nginx-ingress.name" . }} - release: {{ template "nginx-ingress.releaseLabel" . }} - {{- if .Values.controller.useComponentLabel }} - app.kubernetes.io/component: controller - {{- end }} - minAvailable: {{ .Values.controller.minAvailable }} -{{- end }} diff --git a/lib/digitalocean/charts/nginx-ingress/templates/controller-prometheusrules.yaml b/lib/digitalocean/charts/nginx-ingress/templates/controller-prometheusrules.yaml deleted file mode 100644 index 4a439573..00000000 --- a/lib/digitalocean/charts/nginx-ingress/templates/controller-prometheusrules.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if and .Values.controller.metrics.enabled .Values.controller.metrics.prometheusRule.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: {{ template "nginx-ingress.controller.fullname" . }} - {{- if .Values.controller.metrics.prometheusRule.namespace }} - namespace: {{ .Values.controller.metrics.prometheusRule.namespace }} - {{- end }} - labels: - app: {{ template "nginx-ingress.name" . }} - chart: {{ template "nginx-ingress.chart" . }} - component: "{{ .Values.controller.name }}" - heritage: {{ .Release.Service }} - release: {{ template "nginx-ingress.releaseLabel" . }} - {{- if .Values.controller.metrics.prometheusRule.additionalLabels }} -{{ toYaml .Values.controller.metrics.prometheusRule.additionalLabels | indent 4 }} - {{- end }} -spec: - {{- with .Values.controller.metrics.prometheusRule.rules }} - groups: - - name: {{ template "nginx-ingress.name" $ }} - rules: {{- toYaml . | nindent 4 }} - {{- end }} -{{- end }} diff --git a/lib/digitalocean/charts/nginx-ingress/templates/controller-psp.yaml b/lib/digitalocean/charts/nginx-ingress/templates/controller-psp.yaml deleted file mode 100644 index ccbf636b..00000000 --- a/lib/digitalocean/charts/nginx-ingress/templates/controller-psp.yaml +++ /dev/null @@ -1,80 +0,0 @@ -{{- if .Values.podSecurityPolicy.enabled}} -apiVersion: {{ template "podSecurityPolicy.apiVersion" . }} -kind: PodSecurityPolicy -metadata: - name: {{ template "nginx-ingress.fullname" . }} - labels: - app: {{ template "nginx-ingress.name" . }} - chart: {{ template "nginx-ingress.chart" . }} - heritage: {{ .Release.Service }} - release: {{ template "nginx-ingress.releaseLabel" . }} -spec: - allowedCapabilities: - - NET_BIND_SERVICE - privileged: false - allowPrivilegeEscalation: true - # Allow core volume types. - volumes: - - 'configMap' - #- 'emptyDir' - - 'projected' - - 'secret' - #- 'downwardAPI' - hostNetwork: {{ .Values.controller.hostNetwork }} -{{- if or .Values.controller.hostNetwork .Values.controller.daemonset.useHostPort }} - hostPorts: -{{- if .Values.controller.hostNetwork }} -{{- range $key, $value := .Values.controller.containerPort }} - # {{ $key }} - - min: {{ $value }} - max: {{ $value }} -{{- end }} -{{- else if .Values.controller.daemonset.useHostPort }} -{{- range $key, $value := .Values.controller.daemonset.hostPorts }} - # {{ $key }} - - min: {{ $value }} - max: {{ $value }} -{{- end }} -{{- end }} -{{- if .Values.controller.metrics.enabled }} - # metrics - - min: {{ .Values.controller.metrics.port }} - max: {{ .Values.controller.metrics.port }} -{{- end }} -{{- if .Values.controller.admissionWebhooks.enabled }} - # admission webhooks - - min: {{ .Values.controller.admissionWebhooks.port }} - max: {{ .Values.controller.admissionWebhooks.port }} -{{- end }} -{{- range $key, $value := .Values.tcp }} - # {{ $key }}-tcp - - min: {{ $key }} - max: {{ $key }} -{{- end }} -{{- range $key, $value := .Values.udp }} - # {{ $key }}-udp - - min: {{ $key }} - max: {{ $key }} -{{- end }} -{{- end }} - hostIPC: false - hostPID: false - runAsUser: - # Require the container to run without root privileges. - rule: 'MustRunAsNonRoot' - supplementalGroups: - rule: 'MustRunAs' - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - readOnlyRootFilesystem: false - seLinux: - rule: 'RunAsAny' -{{- end }} diff --git a/lib/digitalocean/charts/nginx-ingress/templates/controller-role.yaml b/lib/digitalocean/charts/nginx-ingress/templates/controller-role.yaml deleted file mode 100644 index bb9ff14a..00000000 --- a/lib/digitalocean/charts/nginx-ingress/templates/controller-role.yaml +++ /dev/null @@ -1,91 +0,0 @@ -{{- if .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app: {{ template "nginx-ingress.name" . }} - chart: {{ template "nginx-ingress.chart" . }} - heritage: {{ .Release.Service }} - release: {{ template "nginx-ingress.releaseLabel" . }} - name: {{ template "nginx-ingress.fullname" . }} -rules: - - apiGroups: - - "" - resources: - - namespaces - verbs: - - get - - apiGroups: - - "" - resources: - - configmaps - - pods - - secrets - - endpoints - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - update - - watch - - apiGroups: - - extensions - - "networking.k8s.io" # k8s 1.14+ - resources: - - ingresses - verbs: - - get - - list - - watch - - apiGroups: - - extensions - - "networking.k8s.io" # k8s 1.14+ - resources: - - ingresses/status - verbs: - - update - - apiGroups: - - "" - resources: - - configmaps - resourceNames: - - {{ .Values.controller.electionID }}-{{ .Values.controller.ingressClass }} - verbs: - - get - - update - - apiGroups: - - "" - resources: - - configmaps - verbs: - - create - - apiGroups: - - "" - resources: - - endpoints - verbs: - - create - - get - - update - - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -{{- if .Values.podSecurityPolicy.enabled }} - - apiGroups: ['{{ template "podSecurityPolicy.apiGroup" . }}'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: [{{ template "nginx-ingress.fullname" . }}] -{{- end }} - -{{- end -}} diff --git a/lib/digitalocean/charts/nginx-ingress/templates/controller-rolebinding.yaml b/lib/digitalocean/charts/nginx-ingress/templates/controller-rolebinding.yaml deleted file mode 100644 index c1186c0c..00000000 --- a/lib/digitalocean/charts/nginx-ingress/templates/controller-rolebinding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app: {{ template "nginx-ingress.name" . }} - chart: {{ template "nginx-ingress.chart" . }} - heritage: {{ .Release.Service }} - release: {{ template "nginx-ingress.releaseLabel" . }} - name: {{ template "nginx-ingress.fullname" . }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "nginx-ingress.fullname" . }} -subjects: - - kind: ServiceAccount - name: {{ template "nginx-ingress.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end -}} diff --git a/lib/digitalocean/charts/nginx-ingress/templates/controller-service.yaml b/lib/digitalocean/charts/nginx-ingress/templates/controller-service.yaml deleted file mode 100644 index 15d51a03..00000000 --- a/lib/digitalocean/charts/nginx-ingress/templates/controller-service.yaml +++ /dev/null @@ -1,94 +0,0 @@ -{{- if .Values.controller.service.enabled }} -apiVersion: v1 -kind: Service -metadata: -{{- if .Values.controller.service.annotations }} - annotations: - {{- range $key, $value := .Values.controller.service.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -{{- end }} - labels: -{{- if .Values.controller.service.labels }} -{{ toYaml .Values.controller.service.labels | indent 4 }} -{{- end }} - app: {{ template "nginx-ingress.name" . }} - chart: {{ template "nginx-ingress.chart" . }} - component: "{{ .Values.controller.name }}" - heritage: {{ .Release.Service }} - release: {{ template "nginx-ingress.releaseLabel" . }} - name: {{ template "nginx-ingress.controller.fullname" . }} -spec: -{{- if not .Values.controller.service.omitClusterIP }} - {{- with .Values.controller.service.clusterIP }} - clusterIP: {{ if eq "-" . }}""{{ else }}{{ . | quote }}{{ end }} - {{- end }} -{{- end }} -{{- if .Values.controller.service.externalIPs }} - externalIPs: -{{ toYaml .Values.controller.service.externalIPs | indent 4 }} -{{- end }} -{{- if .Values.controller.service.loadBalancerIP }} - loadBalancerIP: "{{ .Values.controller.service.loadBalancerIP }}" -{{- end }} -{{- if .Values.controller.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: -{{ toYaml .Values.controller.service.loadBalancerSourceRanges | indent 4 }} -{{- end }} -{{- if and (semverCompare ">=1.7-0" .Capabilities.KubeVersion.GitVersion) (.Values.controller.service.externalTrafficPolicy) }} - externalTrafficPolicy: "{{ .Values.controller.service.externalTrafficPolicy }}" -{{- end }} -{{- if .Values.controller.service.sessionAffinity }} - sessionAffinity: "{{ .Values.controller.service.sessionAffinity }}" -{{- end }} -{{- if and (semverCompare ">=1.7-0" .Capabilities.KubeVersion.GitVersion) (.Values.controller.service.healthCheckNodePort) }} - healthCheckNodePort: {{ .Values.controller.service.healthCheckNodePort }} -{{- end }} - ports: - {{- $setNodePorts := (or (eq .Values.controller.service.type "NodePort") (eq .Values.controller.service.type "LoadBalancer")) }} - {{- if .Values.controller.service.enableHttp }} - - name: http - port: {{ .Values.controller.service.ports.http }} - protocol: TCP - targetPort: {{ .Values.controller.service.targetPorts.http }} - {{- if (and $setNodePorts (not (empty .Values.controller.service.nodePorts.http))) }} - nodePort: {{ .Values.controller.service.nodePorts.http }} - {{- end }} - {{- end }} - {{- if .Values.controller.service.enableHttps }} - - name: https - port: {{ .Values.controller.service.ports.https }} - protocol: TCP - targetPort: {{ .Values.controller.service.targetPorts.https }} - {{- if (and $setNodePorts (not (empty .Values.controller.service.nodePorts.https))) }} - nodePort: {{ .Values.controller.service.nodePorts.https }} - {{- end }} - {{- end }} - {{- range $key, $value := .Values.tcp }} - - name: "{{ $key }}-tcp" - port: {{ $key }} - protocol: TCP - targetPort: "{{ $key }}-tcp" - {{- if $.Values.controller.service.nodePorts.tcp }} - {{- if index $.Values.controller.service.nodePorts.tcp $key }} - nodePort: {{ index $.Values.controller.service.nodePorts.tcp $key }} - {{- end }} - {{- end }} - {{- end }} - {{- range $key, $value := .Values.udp }} - - name: "{{ $key }}-udp" - port: {{ $key }} - protocol: UDP - targetPort: "{{ $key }}-udp" - {{- if $.Values.controller.service.nodePorts.udp }} - {{- if index $.Values.controller.service.nodePorts.udp $key }} - nodePort: {{ index $.Values.controller.service.nodePorts.udp $key }} - {{- end }} - {{- end }} - {{- end }} - selector: - app: {{ template "nginx-ingress.name" . }} - release: {{ template "nginx-ingress.releaseLabel" . }} - app.kubernetes.io/component: controller - type: "{{ .Values.controller.service.type }}" -{{- end }} diff --git a/lib/digitalocean/charts/nginx-ingress/templates/controller-serviceaccount.yaml b/lib/digitalocean/charts/nginx-ingress/templates/controller-serviceaccount.yaml deleted file mode 100644 index 7b688e68..00000000 --- a/lib/digitalocean/charts/nginx-ingress/templates/controller-serviceaccount.yaml +++ /dev/null @@ -1,11 +0,0 @@ -{{- if or .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app: {{ template "nginx-ingress.name" . }} - chart: {{ template "nginx-ingress.chart" . }} - heritage: {{ .Release.Service }} - release: {{ template "nginx-ingress.releaseLabel" . }} - name: {{ template "nginx-ingress.serviceAccountName" . }} -{{- end -}} diff --git a/lib/digitalocean/charts/nginx-ingress/templates/controller-servicemonitor.yaml b/lib/digitalocean/charts/nginx-ingress/templates/controller-servicemonitor.yaml deleted file mode 100644 index f3129ea6..00000000 --- a/lib/digitalocean/charts/nginx-ingress/templates/controller-servicemonitor.yaml +++ /dev/null @@ -1,38 +0,0 @@ -{{- if and .Values.controller.metrics.enabled .Values.controller.metrics.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "nginx-ingress.controller.fullname" . }} - {{- if .Values.controller.metrics.serviceMonitor.namespace }} - namespace: {{ .Values.controller.metrics.serviceMonitor.namespace }} - {{- end }} - labels: - app: {{ template "nginx-ingress.name" . }} - chart: {{ template "nginx-ingress.chart" . }} - component: "{{ .Values.controller.name }}" - heritage: {{ .Release.Service }} - release: {{ template "nginx-ingress.releaseLabel" . }} - {{- if .Values.controller.metrics.serviceMonitor.additionalLabels }} -{{ toYaml .Values.controller.metrics.serviceMonitor.additionalLabels | indent 4 }} - {{- end }} -spec: - endpoints: - - port: metrics - interval: {{ .Values.controller.metrics.serviceMonitor.scrapeInterval }} - {{- if .Values.controller.metrics.serviceMonitor.honorLabels }} - honorLabels: true - {{- end }} - {{- if .Values.controller.metrics.serviceMonitor.namespaceSelector }} - namespaceSelector: -{{ toYaml .Values.controller.metrics.serviceMonitor.namespaceSelector | indent 4 -}} - {{ else }} - namespaceSelector: - matchNames: - - {{ .Release.Namespace }} - {{- end }} - selector: - matchLabels: - app: {{ template "nginx-ingress.name" . }} - component: "{{ .Values.controller.name }}" - release: {{ template "nginx-ingress.releaseLabel" . }} -{{- end }} diff --git a/lib/digitalocean/charts/nginx-ingress/templates/controller-webhook-service.yaml b/lib/digitalocean/charts/nginx-ingress/templates/controller-webhook-service.yaml deleted file mode 100644 index 5c4ad85a..00000000 --- a/lib/digitalocean/charts/nginx-ingress/templates/controller-webhook-service.yaml +++ /dev/null @@ -1,44 +0,0 @@ -{{- if .Values.controller.admissionWebhooks.enabled }} -apiVersion: v1 -kind: Service -metadata: -{{- if .Values.controller.admissionWebhooks.service.annotations }} - annotations: - {{- range $key, $value := .Values.controller.admissionWebhooks.service.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -{{- end }} - labels: - app: {{ template "nginx-ingress.name" . }} - chart: {{ template "nginx-ingress.chart" . }} - component: "{{ .Values.controller.name }}" - heritage: {{ .Release.Service }} - release: {{ template "nginx-ingress.releaseLabel" . }} - name: {{ template "nginx-ingress.controller.fullname" . }}-admission -spec: -{{- if not .Values.controller.admissionWebhooks.service.omitClusterIP }} - {{- with .Values.controller.admissionWebhooks.service.clusterIP }} - clusterIP: {{ if eq "-" . }}""{{ else }}{{ . | quote }}{{ end }} - {{- end }} -{{- end }} -{{- if .Values.controller.admissionWebhooks.service.externalIPs }} - externalIPs: -{{ toYaml .Values.controller.admissionWebhooks.service.externalIPs | indent 4 }} -{{- end }} -{{- if .Values.controller.admissionWebhooks.service.loadBalancerIP }} - loadBalancerIP: "{{ .Values.controller.admissionWebhooks.service.loadBalancerIP }}" -{{- end }} -{{- if .Values.controller.admissionWebhooks.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: -{{ toYaml .Values.controller.admissionWebhooks.service.loadBalancerSourceRanges | indent 4 }} -{{- end }} - ports: - - name: https-webhook - port: 443 - targetPort: webhook - selector: - app: {{ template "nginx-ingress.name" . }} - release: {{ template "nginx-ingress.releaseLabel" . }} - app.kubernetes.io/component: controller - type: "{{ .Values.controller.admissionWebhooks.service.type }}" -{{- end }} diff --git a/lib/digitalocean/charts/nginx-ingress/templates/default-backend-deployment.yaml b/lib/digitalocean/charts/nginx-ingress/templates/default-backend-deployment.yaml deleted file mode 100644 index 64493699..00000000 --- a/lib/digitalocean/charts/nginx-ingress/templates/default-backend-deployment.yaml +++ /dev/null @@ -1,107 +0,0 @@ -{{- if .Values.defaultBackend.enabled }} -apiVersion: {{ template "deployment.apiVersion" . }} -kind: Deployment -metadata: - labels: - app: {{ template "nginx-ingress.name" . }} - chart: {{ template "nginx-ingress.chart" . }} - heritage: {{ .Release.Service }} - release: {{ template "nginx-ingress.releaseLabel" . }} - app.kubernetes.io/component: default-backend - name: {{ template "nginx-ingress.defaultBackend.fullname" . }} -spec: - selector: - matchLabels: - app: {{ template "nginx-ingress.name" . }} - release: {{ template "nginx-ingress.releaseLabel" . }} - {{- if .Values.defaultBackend.useComponentLabel }} - app.kubernetes.io/component: default-backend - {{- end }} - replicas: {{ .Values.defaultBackend.replicaCount }} - revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} - template: - metadata: - {{- if .Values.defaultBackend.podAnnotations }} - annotations: - {{- range $key, $value := .Values.defaultBackend.podAnnotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} - {{- end }} - labels: - app: {{ template "nginx-ingress.name" . }} - release: {{ template "nginx-ingress.releaseLabel" . }} - app.kubernetes.io/component: default-backend - {{- if .Values.defaultBackend.podLabels }} -{{ toYaml .Values.defaultBackend.podLabels | indent 8 }} - {{- end }} - spec: - {{- if .Values.imagePullSecrets }} - imagePullSecrets: -{{ toYaml .Values.imagePullSecrets | indent 8 }} - {{- end }} -{{- if .Values.defaultBackend.priorityClassName }} - priorityClassName: "{{ .Values.defaultBackend.priorityClassName }}" -{{- end }} - {{- if .Values.defaultBackend.podSecurityContext }} - securityContext: -{{ toYaml .Values.defaultBackend.podSecurityContext | indent 8 }} - {{- end }} - containers: - - name: {{ template "nginx-ingress.name" . }}-{{ .Values.defaultBackend.name }} - image: "{{ .Values.defaultBackend.image.repository }}:{{ .Values.defaultBackend.image.tag }}" - imagePullPolicy: "{{ .Values.defaultBackend.image.pullPolicy }}" - args: - {{- range $key, $value := .Values.defaultBackend.extraArgs }} - {{- if $value }} - - --{{ $key }}={{ $value }} - {{- else }} - - --{{ $key }} - {{- end }} - {{- end }} - securityContext: - runAsUser: {{ .Values.defaultBackend.image.runAsUser }} - {{- if .Values.defaultBackend.extraEnvs }} - env: -{{ toYaml .Values.defaultBackend.extraEnvs | indent 12 }} - {{- end }} - livenessProbe: - httpGet: - path: /healthz - port: {{ .Values.defaultBackend.port }} - scheme: HTTP - initialDelaySeconds: {{ .Values.defaultBackend.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.defaultBackend.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.defaultBackend.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.defaultBackend.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.defaultBackend.livenessProbe.failureThreshold }} - readinessProbe: - httpGet: - path: /healthz - port: {{ .Values.defaultBackend.port }} - scheme: HTTP - initialDelaySeconds: {{ .Values.defaultBackend.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.defaultBackend.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.defaultBackend.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.defaultBackend.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.defaultBackend.readinessProbe.failureThreshold }} - ports: - - name: http - containerPort: {{ .Values.defaultBackend.port }} - protocol: TCP - resources: -{{ toYaml .Values.defaultBackend.resources | indent 12 }} - {{- if .Values.defaultBackend.nodeSelector }} - nodeSelector: -{{ toYaml .Values.defaultBackend.nodeSelector | indent 8 }} - {{- end }} - serviceAccountName: {{ template "nginx-ingress.defaultBackend.serviceAccountName" . }} - {{- if .Values.defaultBackend.tolerations }} - tolerations: -{{ toYaml .Values.defaultBackend.tolerations | indent 8 }} - {{- end }} - {{- if .Values.defaultBackend.affinity }} - affinity: -{{ toYaml .Values.defaultBackend.affinity | indent 8 }} - {{- end }} - terminationGracePeriodSeconds: 60 -{{- end }} diff --git a/lib/digitalocean/charts/nginx-ingress/templates/default-backend-poddisruptionbudget.yaml b/lib/digitalocean/charts/nginx-ingress/templates/default-backend-poddisruptionbudget.yaml deleted file mode 100644 index 5719fd91..00000000 --- a/lib/digitalocean/charts/nginx-ingress/templates/default-backend-poddisruptionbudget.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if gt (.Values.defaultBackend.replicaCount | int) 1 }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - labels: - app: {{ template "nginx-ingress.name" . }} - chart: {{ template "nginx-ingress.chart" . }} - component: "{{ .Values.defaultBackend.name }}" - heritage: {{ .Release.Service }} - release: {{ template "nginx-ingress.releaseLabel" . }} - name: {{ template "nginx-ingress.defaultBackend.fullname" . }} -spec: - selector: - matchLabels: - app: {{ template "nginx-ingress.name" . }} - release: {{ template "nginx-ingress.releaseLabel" . }} - component: "{{ .Values.defaultBackend.name }}" - minAvailable: {{ .Values.defaultBackend.minAvailable }} -{{- end }} diff --git a/lib/digitalocean/charts/nginx-ingress/templates/default-backend-psp.yaml b/lib/digitalocean/charts/nginx-ingress/templates/default-backend-psp.yaml deleted file mode 100644 index 38191d4f..00000000 --- a/lib/digitalocean/charts/nginx-ingress/templates/default-backend-psp.yaml +++ /dev/null @@ -1,35 +0,0 @@ -{{- if and .Values.podSecurityPolicy.enabled .Values.defaultBackend.enabled -}} -apiVersion: {{ template "podSecurityPolicy.apiVersion" . }} -kind: PodSecurityPolicy -metadata: - name: {{ template "nginx-ingress.fullname" . }}-backend - labels: - app: {{ template "nginx-ingress.name" . }} - chart: {{ template "nginx-ingress.chart" . }} - heritage: {{ .Release.Service }} - release: {{ template "nginx-ingress.releaseLabel" . }} -spec: - allowPrivilegeEscalation: false - fsGroup: - ranges: - - max: 65535 - min: 1 - rule: MustRunAs - requiredDropCapabilities: - - ALL - runAsUser: - rule: MustRunAsNonRoot - seLinux: - rule: RunAsAny - supplementalGroups: - ranges: - - max: 65535 - min: 1 - rule: MustRunAs - volumes: - - configMap - - emptyDir - - projected - - secret - - downwardAPI -{{- end -}} diff --git a/lib/digitalocean/charts/nginx-ingress/templates/default-backend-role.yaml b/lib/digitalocean/charts/nginx-ingress/templates/default-backend-role.yaml deleted file mode 100644 index 11fbba9a..00000000 --- a/lib/digitalocean/charts/nginx-ingress/templates/default-backend-role.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled .Values.defaultBackend.enabled -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app: {{ template "nginx-ingress.name" . }} - chart: {{ template "nginx-ingress.chart" . }} - heritage: {{ .Release.Service }} - release: {{ template "nginx-ingress.releaseLabel" . }} - name: {{ template "nginx-ingress.fullname" . }}-backend -rules: - - apiGroups: ['{{ template "podSecurityPolicy.apiGroup" . }}'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: [{{ template "nginx-ingress.fullname" . }}-backend] -{{- end -}} diff --git a/lib/digitalocean/charts/nginx-ingress/templates/default-backend-rolebinding.yaml b/lib/digitalocean/charts/nginx-ingress/templates/default-backend-rolebinding.yaml deleted file mode 100644 index 7d03ef40..00000000 --- a/lib/digitalocean/charts/nginx-ingress/templates/default-backend-rolebinding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled .Values.defaultBackend.enabled -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app: {{ template "nginx-ingress.name" . }} - chart: {{ template "nginx-ingress.chart" . }} - heritage: {{ .Release.Service }} - release: {{ template "nginx-ingress.releaseLabel" . }} - name: {{ template "nginx-ingress.fullname" . }}-backend -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "nginx-ingress.fullname" . }}-backend -subjects: - - kind: ServiceAccount - name: {{ template "nginx-ingress.defaultBackend.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end -}} diff --git a/lib/digitalocean/charts/nginx-ingress/templates/default-backend-service.yaml b/lib/digitalocean/charts/nginx-ingress/templates/default-backend-service.yaml deleted file mode 100644 index 23dba195..00000000 --- a/lib/digitalocean/charts/nginx-ingress/templates/default-backend-service.yaml +++ /dev/null @@ -1,45 +0,0 @@ -{{- if .Values.defaultBackend.enabled }} -apiVersion: v1 -kind: Service -metadata: -{{- if .Values.defaultBackend.service.annotations }} - annotations: - {{- range $key, $value := .Values.defaultBackend.service.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -{{- end }} - labels: - app: {{ template "nginx-ingress.name" . }} - chart: {{ template "nginx-ingress.chart" . }} - component: "{{ .Values.defaultBackend.name }}" - heritage: {{ .Release.Service }} - release: {{ template "nginx-ingress.releaseLabel" . }} - name: {{ template "nginx-ingress.defaultBackend.fullname" . }} -spec: -{{- if not .Values.defaultBackend.service.omitClusterIP }} - {{- with .Values.defaultBackend.service.clusterIP }} - clusterIP: {{ if eq "-" . }}""{{ else }}{{ . | quote }}{{ end }} - {{- end }} -{{- end }} -{{- if .Values.defaultBackend.service.externalIPs }} - externalIPs: -{{ toYaml .Values.defaultBackend.service.externalIPs | indent 4 }} -{{- end }} -{{- if .Values.defaultBackend.service.loadBalancerIP }} - loadBalancerIP: "{{ .Values.defaultBackend.service.loadBalancerIP }}" -{{- end }} -{{- if .Values.defaultBackend.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: -{{ toYaml .Values.defaultBackend.service.loadBalancerSourceRanges | indent 4 }} -{{- end }} - ports: - - name: http - port: {{ .Values.defaultBackend.service.servicePort }} - protocol: TCP - targetPort: http - selector: - app: {{ template "nginx-ingress.name" . }} - release: {{ template "nginx-ingress.releaseLabel" . }} - app.kubernetes.io/component: default-backend - type: "{{ .Values.defaultBackend.service.type }}" -{{- end }} diff --git a/lib/digitalocean/charts/nginx-ingress/templates/default-backend-serviceaccount.yaml b/lib/digitalocean/charts/nginx-ingress/templates/default-backend-serviceaccount.yaml deleted file mode 100644 index 94689a6b..00000000 --- a/lib/digitalocean/charts/nginx-ingress/templates/default-backend-serviceaccount.yaml +++ /dev/null @@ -1,11 +0,0 @@ -{{- if and .Values.defaultBackend.enabled .Values.defaultBackend.serviceAccount.create }} -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app: {{ template "nginx-ingress.name" . }} - chart: {{ template "nginx-ingress.chart" . }} - heritage: {{ .Release.Service }} - release: {{ template "nginx-ingress.releaseLabel" . }} - name: {{ template "nginx-ingress.defaultBackend.serviceAccountName" . }} -{{- end }} diff --git a/lib/digitalocean/charts/nginx-ingress/templates/proxyheaders-configmap.yaml b/lib/digitalocean/charts/nginx-ingress/templates/proxyheaders-configmap.yaml deleted file mode 100644 index ae918ae1..00000000 --- a/lib/digitalocean/charts/nginx-ingress/templates/proxyheaders-configmap.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if or .Values.controller.proxySetHeaders .Values.controller.headers }} -apiVersion: v1 -kind: ConfigMap -metadata: - labels: - app: {{ template "nginx-ingress.name" . }} - chart: {{ template "nginx-ingress.chart" . }} - component: "{{ .Values.controller.name }}" - heritage: {{ .Release.Service }} - release: {{ template "nginx-ingress.releaseLabel" . }} - name: {{ template "nginx-ingress.fullname" . }}-custom-proxy-headers -data: -{{- if .Values.controller.proxySetHeaders }} -{{ toYaml .Values.controller.proxySetHeaders | indent 2 }} -{{ else if and .Values.controller.headers (not .Values.controller.proxySetHeaders) }} -{{ toYaml .Values.controller.headers | indent 2 }} -{{- end }} -{{- end }} diff --git a/lib/digitalocean/charts/nginx-ingress/templates/tcp-configmap.yaml b/lib/digitalocean/charts/nginx-ingress/templates/tcp-configmap.yaml deleted file mode 100644 index 96de14fc..00000000 --- a/lib/digitalocean/charts/nginx-ingress/templates/tcp-configmap.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.tcp }} -apiVersion: v1 -kind: ConfigMap -metadata: - labels: - app: {{ template "nginx-ingress.name" . }} - chart: {{ template "nginx-ingress.chart" . }} - component: "{{ .Values.controller.name }}" - heritage: {{ .Release.Service }} - release: {{ template "nginx-ingress.releaseLabel" . }} - name: {{ template "nginx-ingress.fullname" . }}-tcp -data: -{{ tpl (toYaml .Values.tcp) . | indent 2 }} -{{- end }} diff --git a/lib/digitalocean/charts/nginx-ingress/templates/udp-configmap.yaml b/lib/digitalocean/charts/nginx-ingress/templates/udp-configmap.yaml deleted file mode 100644 index 69ee361c..00000000 --- a/lib/digitalocean/charts/nginx-ingress/templates/udp-configmap.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.udp }} -apiVersion: v1 -kind: ConfigMap -metadata: - labels: - app: {{ template "nginx-ingress.name" . }} - chart: {{ template "nginx-ingress.chart" . }} - component: "{{ .Values.controller.name }}" - heritage: {{ .Release.Service }} - release: {{ template "nginx-ingress.releaseLabel" . }} - name: {{ template "nginx-ingress.fullname" . }}-udp -data: -{{ tpl (toYaml .Values.udp) . | indent 2 }} -{{- end }} diff --git a/lib/digitalocean/charts/nginx-ingress/values.yaml b/lib/digitalocean/charts/nginx-ingress/values.yaml deleted file mode 100644 index a20520bd..00000000 --- a/lib/digitalocean/charts/nginx-ingress/values.yaml +++ /dev/null @@ -1,569 +0,0 @@ -## nginx configuration -## Ref: https://github.com/kubernetes/ingress/blob/master/controllers/nginx/configuration.md -## -controller: - name: controller - image: - repository: quay.io/kubernetes-ingress-controller/nginx-ingress-controller - tag: "0.30.0" - pullPolicy: IfNotPresent - # www-data -> uid 101 - runAsUser: 101 - allowPrivilegeEscalation: true - - # This will fix the issue of HPA not being able to read the metrics. - # Note that if you enable it for existing deployments, it won't work as the labels are immutable. - # We recommend setting this to true for new deployments. - useComponentLabel: false - - # Configures the ports the nginx-controller listens on - containerPort: - http: 80 - https: 443 - - # Will add custom configuration options to Nginx https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/ - config: {} - - # Maxmind license key to download GeoLite2 Databases - # https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-geolite2-databases - maxmindLicenseKey: "" - - # Will add custom headers before sending traffic to backends according to https://github.com/kubernetes/ingress-nginx/tree/master/docs/examples/customization/custom-headers - proxySetHeaders: {} - - # Will add custom headers before sending response traffic to the client according to: https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#add-headers - addHeaders: {} - - # Required for use with CNI based kubernetes installations (such as ones set up by kubeadm), - # since CNI and hostport don't mix yet. Can be deprecated once https://github.com/kubernetes/kubernetes/issues/23920 - # is merged - hostNetwork: false - - # Optionally customize the pod dnsConfig. - dnsConfig: {} - - # Optionally change this to ClusterFirstWithHostNet in case you have 'hostNetwork: true'. - # By default, while using host network, name resolution uses the host's DNS. If you wish nginx-controller - # to keep resolving names inside the k8s network, use ClusterFirstWithHostNet. - dnsPolicy: ClusterFirst - - # Bare-metal considerations via the host network https://kubernetes.github.io/ingress-nginx/deploy/baremetal/#via-the-host-network - # Ingress status was blank because there is no Service exposing the NGINX Ingress controller in a configuration using the host network, the default --publish-service flag used in standard cloud setups does not apply - reportNodeInternalIp: false - - ## Use host ports 80 and 443 - daemonset: - useHostPort: false - - hostPorts: - http: 80 - https: 443 - - ## Required only if defaultBackend.enabled = false - ## Must be / - ## - defaultBackendService: "" - - ## Election ID to use for status update - ## - electionID: ingress-controller-leader - - ## Name of the ingress class to route through this controller - ## - ingressClass: nginx - - # labels to add to the pod container metadata - podLabels: {} - # key: value - - ## Security Context policies for controller pods - ## See https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ for - ## notes on enabling and using sysctls - ## - podSecurityContext: {} - - ## Allows customization of the external service - ## the ingress will be bound to via DNS - publishService: - enabled: false - ## Allows overriding of the publish service to bind to - ## Must be / - ## - pathOverride: "" - - ## Limit the scope of the controller - ## - scope: - enabled: false - namespace: "" # defaults to .Release.Namespace - - ## Allows customization of the configmap / nginx-configmap namespace - ## - configMapNamespace: "" # defaults to .Release.Namespace - - ## Allows customization of the tcp-services-configmap namespace - ## - tcp: - configMapNamespace: "" # defaults to .Release.Namespace - - ## Allows customization of the udp-services-configmap namespace - ## - udp: - configMapNamespace: "" # defaults to .Release.Namespace - - ## Additional command line arguments to pass to nginx-ingress-controller - ## E.g. to specify the default SSL certificate you can use - ## extraArgs: - ## default-ssl-certificate: "/" - extraArgs: {} - - ## Additional environment variables to set - extraEnvs: [] - # extraEnvs: - # - name: FOO - # valueFrom: - # secretKeyRef: - # key: FOO - # name: secret-resource - - ## DaemonSet or Deployment - ## - kind: Deployment - - ## Annotations to be added to the controller deployment - ## - deploymentAnnotations: {} - - # The update strategy to apply to the Deployment or DaemonSet - ## - updateStrategy: {} - # rollingUpdate: - # maxUnavailable: 1 - # type: RollingUpdate - - # minReadySeconds to avoid killing pods before we are ready - ## - minReadySeconds: 0 - - - ## Node tolerations for server scheduling to nodes with taints - ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - ## - tolerations: [] - # - key: "key" - # operator: "Equal|Exists" - # value: "value" - # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)" - - ## Affinity and anti-affinity - ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## - affinity: {} - # # An example of preferred pod anti-affinity, weight is in the range 1-100 - # podAntiAffinity: - # preferredDuringSchedulingIgnoredDuringExecution: - # - weight: 100 - # podAffinityTerm: - # labelSelector: - # matchExpressions: - # - key: app - # operator: In - # values: - # - nginx-ingress - # topologyKey: kubernetes.io/hostname - - # # An example of required pod anti-affinity - # podAntiAffinity: - # requiredDuringSchedulingIgnoredDuringExecution: - # - labelSelector: - # matchExpressions: - # - key: app - # operator: In - # values: - # - nginx-ingress - # topologyKey: "kubernetes.io/hostname" - - ## terminationGracePeriodSeconds - ## - terminationGracePeriodSeconds: 60 - - ## Node labels for controller pod assignment - ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ - ## - nodeSelector: {} - - ## Liveness and readiness probe values - ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes - ## - livenessProbe: - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - port: 10254 - readinessProbe: - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - port: 10254 - - ## Annotations to be added to controller pods - ## - podAnnotations: {} - - replicaCount: 1 - - minAvailable: 1 - - resources: {} - # limits: - # cpu: 100m - # memory: 64Mi - # requests: - # cpu: 100m - # memory: 64Mi - - autoscaling: - enabled: false - minReplicas: 2 - maxReplicas: 11 - targetCPUUtilizationPercentage: 50 - targetMemoryUtilizationPercentage: 50 - - ## Override NGINX template - customTemplate: - configMapName: "" - configMapKey: "" - - service: - enabled: true - - annotations: {} - labels: {} - ## Deprecated, instead simply do not provide a clusterIP value - omitClusterIP: false - # clusterIP: "" - - ## List of IP addresses at which the controller services are available - ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips - ## - externalIPs: [] - - loadBalancerIP: "" - loadBalancerSourceRanges: [] - - enableHttp: true - enableHttps: true - - ## Set external traffic policy to: "Local" to preserve source IP on - ## providers supporting it - ## Ref: https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-typeloadbalancer - externalTrafficPolicy: "" - - # Must be either "None" or "ClientIP" if set. Kubernetes will default to "None". - # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - sessionAffinity: "" - - healthCheckNodePort: 0 - - ports: - http: 80 - https: 443 - - targetPorts: - http: http - https: https - - type: LoadBalancer - - # type: NodePort - # nodePorts: - # http: 32080 - # https: 32443 - # tcp: - # 8080: 32808 - nodePorts: - http: "" - https: "" - tcp: {} - udp: {} - - extraContainers: [] - ## Additional containers to be added to the controller pod. - ## See https://github.com/lemonldap-ng-controller/lemonldap-ng-controller as example. - # - name: my-sidecar - # image: nginx:latest - # - name: lemonldap-ng-controller - # image: lemonldapng/lemonldap-ng-controller:0.2.0 - # args: - # - /lemonldap-ng-controller - # - --alsologtostderr - # - --configmap=$(POD_NAMESPACE)/lemonldap-ng-configuration - # env: - # - name: POD_NAME - # valueFrom: - # fieldRef: - # fieldPath: metadata.name - # - name: POD_NAMESPACE - # valueFrom: - # fieldRef: - # fieldPath: metadata.namespace - # volumeMounts: - # - name: copy-portal-skins - # mountPath: /srv/var/lib/lemonldap-ng/portal/skins - - extraVolumeMounts: [] - ## Additional volumeMounts to the controller main container. - # - name: copy-portal-skins - # mountPath: /var/lib/lemonldap-ng/portal/skins - - extraVolumes: [] - ## Additional volumes to the controller pod. - # - name: copy-portal-skins - # emptyDir: {} - - extraInitContainers: [] - ## Containers, which are run before the app containers are started. - # - name: init-myservice - # image: busybox - # command: ['sh', '-c', 'until nslookup myservice; do echo waiting for myservice; sleep 2; done;'] - - admissionWebhooks: - enabled: false - failurePolicy: Fail - port: 8443 - - service: - annotations: {} - ## Deprecated, instead simply do not provide a clusterIP value - omitClusterIP: false - # clusterIP: "" - externalIPs: [] - loadBalancerIP: "" - loadBalancerSourceRanges: [] - servicePort: 443 - type: ClusterIP - - patch: - enabled: true - image: - repository: jettech/kube-webhook-certgen - tag: v1.0.0 - pullPolicy: IfNotPresent - ## Provide a priority class name to the webhook patching job - ## - priorityClassName: "" - podAnnotations: {} - nodeSelector: {} - - metrics: - port: 10254 - # if this port is changed, change healthz-port: in extraArgs: accordingly - enabled: false - - service: - annotations: {} - # prometheus.io/scrape: "true" - # prometheus.io/port: "10254" - - ## Deprecated, instead simply do not provide a clusterIP value - omitClusterIP: false - # clusterIP: "" - - ## List of IP addresses at which the stats-exporter service is available - ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips - ## - externalIPs: [] - - loadBalancerIP: "" - loadBalancerSourceRanges: [] - servicePort: 9913 - type: ClusterIP - - serviceMonitor: - enabled: false - additionalLabels: {} - namespace: "" - namespaceSelector: {} - # Default: scrape .Release.Namespace only - # To scrape all, use the following: - # namespaceSelector: - # any: true - scrapeInterval: 30s - # honorLabels: true - - prometheusRule: - enabled: false - additionalLabels: {} - namespace: "" - rules: [] - # # These are just examples rules, please adapt them to your needs - # - alert: TooMany500s - # expr: 100 * ( sum( nginx_ingress_controller_requests{status=~"5.+"} ) / sum(nginx_ingress_controller_requests) ) > 5 - # for: 1m - # labels: - # severity: critical - # annotations: - # description: Too many 5XXs - # summary: More than 5% of the all requests did return 5XX, this require your attention - # - alert: TooMany400s - # expr: 100 * ( sum( nginx_ingress_controller_requests{status=~"4.+"} ) / sum(nginx_ingress_controller_requests) ) > 5 - # for: 1m - # labels: - # severity: critical - # annotations: - # description: Too many 4XXs - # summary: More than 5% of the all requests did return 4XX, this require your attention - - - lifecycle: {} - - priorityClassName: "" - -## Rollback limit -## -revisionHistoryLimit: 10 - -## Default 404 backend -## -defaultBackend: - - ## If false, controller.defaultBackendService must be provided - ## - enabled: true - - name: default-backend - image: - repository: k8s.gcr.io/defaultbackend-amd64 - tag: "1.5" - pullPolicy: IfNotPresent - # nobody user -> uid 65534 - runAsUser: 65534 - - # This will fix the issue of HPA not being able to read the metrics. - # Note that if you enable it for existing deployments, it won't work as the labels are immutable. - # We recommend setting this to true for new deployments. - useComponentLabel: false - - extraArgs: {} - - serviceAccount: - create: true - name: - ## Additional environment variables to set for defaultBackend pods - extraEnvs: [] - - port: 8080 - - ## Readiness and liveness probes for default backend - ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ - ## - livenessProbe: - failureThreshold: 3 - initialDelaySeconds: 30 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - readinessProbe: - failureThreshold: 6 - initialDelaySeconds: 0 - periodSeconds: 5 - successThreshold: 1 - timeoutSeconds: 5 - - ## Node tolerations for server scheduling to nodes with taints - ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - ## - tolerations: [] - # - key: "key" - # operator: "Equal|Exists" - # value: "value" - # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)" - - affinity: {} - - ## Security Context policies for controller pods - ## See https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ for - ## notes on enabling and using sysctls - ## - podSecurityContext: {} - - # labels to add to the pod container metadata - podLabels: {} - # key: value - - ## Node labels for default backend pod assignment - ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ - ## - nodeSelector: {} - - ## Annotations to be added to default backend pods - ## - podAnnotations: {} - - replicaCount: 1 - - minAvailable: 1 - - resources: {} - # limits: - # cpu: 10m - # memory: 20Mi - # requests: - # cpu: 10m - # memory: 20Mi - - service: - annotations: {} - ## Deprecated, instead simply do not provide a clusterIP value - omitClusterIP: false - # clusterIP: "" - - ## List of IP addresses at which the default backend service is available - ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips - ## - externalIPs: [] - - loadBalancerIP: "" - loadBalancerSourceRanges: [] - servicePort: 80 - type: ClusterIP - - priorityClassName: "" - -# If provided, the value will be used as the `release` label instead of .Release.Name -releaseLabelOverride: "" - -## Enable RBAC as per https://github.com/kubernetes/ingress/tree/master/examples/rbac/nginx and https://github.com/kubernetes/ingress/issues/266 -rbac: - create: true - scope: false - -# If true, create & use Pod Security Policy resources -# https://kubernetes.io/docs/concepts/policy/pod-security-policy/ -podSecurityPolicy: - enabled: false - -serviceAccount: - create: true - name: - -## Optional array of imagePullSecrets containing private registry credentials -## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ -imagePullSecrets: [] -# - name: secretName - -# TCP service key:value pairs -# Ref: https://github.com/kubernetes/contrib/tree/master/ingress/controllers/nginx/examples/tcp -## -tcp: {} -# 8080: "default/example-tcp-svc:9000" - -# UDP service key:value pairs -# Ref: https://github.com/kubernetes/contrib/tree/master/ingress/controllers/nginx/examples/udp -## -udp: {} -# 53: "kube-system/kube-dns:53"