diff --git a/bundle/manifests/nginx-ingress-operator.clusterserviceversion.yaml b/bundle/manifests/nginx-ingress-operator.clusterserviceversion.yaml index fabcc03c..ee50481a 100644 --- a/bundle/manifests/nginx-ingress-operator.clusterserviceversion.yaml +++ b/bundle/manifests/nginx-ingress-operator.clusterserviceversion.yaml @@ -63,7 +63,7 @@ metadata: "image": { "pullPolicy": "IfNotPresent", "repository": "nginx/nginx-ingress", - "tag": "3.2.1-ubi" + "tag": "3.3.0-ubi" }, "includeYear": false, "ingressClass": "nginx", diff --git a/config/manifests/bases/nginx-ingress-operator.clusterserviceversion.yaml b/config/manifests/bases/nginx-ingress-operator.clusterserviceversion.yaml index 137cbaa4..b7d1e928 100644 --- a/config/manifests/bases/nginx-ingress-operator.clusterserviceversion.yaml +++ b/config/manifests/bases/nginx-ingress-operator.clusterserviceversion.yaml @@ -33,7 +33,7 @@ metadata: "customPorts": [], "image": { "repository": "nginx/nginx-ingress", - "tag": "3.2.1-ubi", + "tag": "3.3.0-ubi", "pullPolicy": "IfNotPresent" }, "lifecycle": {}, diff --git a/config/samples/charts_v1alpha1_nginxingress.yaml b/config/samples/charts_v1alpha1_nginxingress.yaml index 8335c2b3..a1ab9448 100644 --- a/config/samples/charts_v1alpha1_nginxingress.yaml +++ b/config/samples/charts_v1alpha1_nginxingress.yaml @@ -25,7 +25,7 @@ spec: customPorts: [] image: repository: nginx/nginx-ingress - tag: "3.2.1-ubi" + tag: "3.3.0-ubi" # digest: "sha256:CHANGEME" pullPolicy: IfNotPresent lifecycle: {} diff --git a/docs/nginx-ingress-controller.md b/docs/nginx-ingress-controller.md index 10931a9c..c2b7edcd 100644 --- a/docs/nginx-ingress-controller.md +++ b/docs/nginx-ingress-controller.md @@ -36,7 +36,7 @@ spec: customPorts: [] image: repository: nginx/nginx-ingress - tag: "3.2.1-ubi" + tag: "3.3.0-ubi" # digest: "sha256:CHANGEME" pullPolicy: IfNotPresent lifecycle: {} @@ -220,7 +220,7 @@ Parameter | Description | Default `controller.logLevel` | The log level of the Ingress Controller. | 1 `controller.image.digest ` | The image digest of the Ingress Controller. | None `controller.image.repository` | The image repository of the Ingress Controller. | nginx/nginx-ingress -`controller.image.tag` | The tag of the Ingress Controller image. | 3.2.1 +`controller.image.tag` | The tag of the Ingress Controller image. | 3.3.0 `controller.image.pullPolicy` | The pull policy for the Ingress Controller image. | IfNotPresent `controller.lifecycle` | The lifecycle of the Ingress Controller pods. | {} `controller.customConfigMap` | The name of the custom ConfigMap used by the Ingress Controller. If set, then the default config is ignored. | "" diff --git a/examples/deployment-oss-min/nginx-ingress-controller.yaml b/examples/deployment-oss-min/nginx-ingress-controller.yaml index a378935e..ee3846d6 100644 --- a/examples/deployment-oss-min/nginx-ingress-controller.yaml +++ b/examples/deployment-oss-min/nginx-ingress-controller.yaml @@ -11,7 +11,7 @@ spec: image: pullPolicy: IfNotPresent repository: nginx/nginx-ingress - tag: 3.2.1-ubi + tag: 3.3.0-ubi ingressClass: nginx kind: deployment nginxplus: false diff --git a/examples/deployment-plus-min/nginx-ingress-controller.yaml b/examples/deployment-plus-min/nginx-ingress-controller.yaml index f2b9937e..02f4303a 100644 --- a/examples/deployment-plus-min/nginx-ingress-controller.yaml +++ b/examples/deployment-plus-min/nginx-ingress-controller.yaml @@ -11,7 +11,7 @@ spec: image: pullPolicy: IfNotPresent repository: nginx/nginx-ingress - tag: 3.2.1-ubi + tag: 3.3.0-ubi ingressClass: nginx kind: deployment nginxplus: true diff --git a/helm-charts/nginx-ingress/Chart.yaml b/helm-charts/nginx-ingress/Chart.yaml index c0e08387..a3820ea6 100644 --- a/helm-charts/nginx-ingress/Chart.yaml +++ b/helm-charts/nginx-ingress/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: 3.2.1 +appVersion: 3.3.0 description: NGINX Ingress Controller home: https://github.com/nginxinc/kubernetes-ingress -icon: https://raw.githubusercontent.com/nginxinc/kubernetes-ingress/v3.2.1/deployments/helm-chart/chart-icon.png +icon: https://raw.githubusercontent.com/nginxinc/kubernetes-ingress/v3.3.0/deployments/helm-chart/chart-icon.png keywords: - ingress - nginx @@ -12,6 +12,6 @@ maintainers: name: nginxinc name: nginx-ingress sources: -- https://github.com/nginxinc/kubernetes-ingress/tree/v3.2.1/deployments/helm-chart +- https://github.com/nginxinc/kubernetes-ingress/tree/v3.3.0/deployments/helm-chart type: application -version: 0.18.1 +version: 1.0.0 diff --git a/helm-charts/nginx-ingress/README.md b/helm-charts/nginx-ingress/README.md index cf9ba9d6..8e1371e0 100644 --- a/helm-charts/nginx-ingress/README.md +++ b/helm-charts/nginx-ingress/README.md @@ -6,20 +6,35 @@ This chart deploys the NGINX Ingress Controller in your Kubernetes cluster. ## Prerequisites -- A [Kubernetes Version Supported by the Ingress Controller](https://docs.nginx.com/nginx-ingress-controller/technical-specifications/#supported-kubernetes-versions) +- A [Kubernetes Version Supported by the Ingress + Controller](https://docs.nginx.com/nginx-ingress-controller/technical-specifications/#supported-kubernetes-versions) - Helm 3.0+. - If you’d like to use NGINX Plus: - - To pull from the F5 Container registry, configure a docker registry secret using your JWT token from the MyF5 portal by following the instructions from [here](https://docs.nginx.com/nginx-ingress-controller/installation/using-the-jwt-token-docker-secret). Make sure to specify the secret using `controller.serviceAccount.imagePullSecretName` parameter. - - Alternatively, pull an Ingress Controller image with NGINX Plus and push it to your private registry by following the instructions from [here](https://docs.nginx.com/nginx-ingress-controller/installation/pulling-ingress-controller-image). - - Alternatively, you can build an Ingress Controller image with NGINX Plus and push it to your private registry by following the instructions from [here](https://docs.nginx.com/nginx-ingress-controller/installation/building-ingress-controller-image). + - To pull from the F5 Container registry, configure a docker registry secret using your JWT token from the MyF5 portal + by following the instructions from + [here](https://docs.nginx.com/nginx-ingress-controller/installation/using-the-jwt-token-docker-secret). Make sure to + specify the secret using `controller.serviceAccount.imagePullSecretName` parameter. + - Alternatively, pull an Ingress Controller image with NGINX Plus and push it to your private registry by following + the instructions from + [here](https://docs.nginx.com/nginx-ingress-controller/installation/pulling-ingress-controller-image). + - Alternatively, you can build an Ingress Controller image with NGINX Plus and push it to your private registry by + following the instructions from + [here](https://docs.nginx.com/nginx-ingress-controller/installation/building-ingress-controller-image). - Update the `controller.image.repository` field of the `values-plus.yaml` accordingly. -- If you’d like to use App Protect DoS, please install App Protect DoS Arbitrator [helm chart](https://github.com/nginxinc/nap-dos-arbitrator-helm-chart). Make sure to install in the same namespace as the NGINX Ingress Controller. Note that if you install multiple NGINX Ingress Controllers in the same namespace, they will need to share the same Arbitrator because it is not possible to install more than one Arbitrator in a single namespace. +- If you’d like to use App Protect DoS, please install App Protect DoS Arbitrator [helm + chart](https://github.com/nginxinc/nap-dos-arbitrator-helm-chart). Make sure to install in the same namespace as the + NGINX Ingress Controller. Note that if you install multiple NGINX Ingress Controllers in the same namespace, they will + need to share the same Arbitrator because it is not possible to install more than one Arbitrator in a single + namespace. ## CRDs -By default, the Ingress Controller requires a number of custom resource definitions (CRDs) installed in the cluster. The Helm client will install those CRDs. If the CRDs are not installed, the Ingress Controller pods will not become `Ready`. +By default, the Ingress Controller requires a number of custom resource definitions (CRDs) installed in the cluster. The +Helm client will install those CRDs. If the CRDs are not installed, the Ingress Controller pods will not become `Ready`. -If you do not use the custom resources that require those CRDs (which corresponds to `controller.enableCustomResources` set to `false` and `controller.appprotect.enable` set to `false` and `controller.appprotectdos.enable` set to `false`), the installation of the CRDs can be skipped by specifying `--skip-crds` for the helm install command. +If you do not use the custom resources that require those CRDs (which corresponds to `controller.enableCustomResources` +set to `false` and `controller.appprotect.enable` set to `false` and `controller.appprotectdos.enable` set to `false`), +the installation of the CRDs can be skipped by specifying `--skip-crds` for the helm install command. ### Upgrading the CRDs @@ -31,9 +46,11 @@ kubectl apply -f crds/ > **Note** > -> The following warning is expected and can be ignored: `Warning: kubectl apply should be used on resource created by either kubectl create --save-config or kubectl apply`. +> The following warning is expected and can be ignored: `Warning: kubectl apply should be used on resource created by +> either kubectl create --save-config or kubectl apply`. > -> Make sure to check the [release notes](https://www.github.com/nginxinc/kubernetes-ingress/releases) for a new release for any special upgrade procedures. +> Make sure to check the [release notes](https://www.github.com/nginxinc/kubernetes-ingress/releases) for a new release +> for any special upgrade procedures. ### Uninstalling the CRDs @@ -45,7 +62,9 @@ kubectl delete -f crds/ > **Note** > -> This command will delete all the corresponding custom resources in your cluster across all namespaces. Please ensure there are no custom resources that you want to keep and there are no other Ingress Controller releases running in the cluster. +> This command will delete all the corresponding custom resources in your cluster across all namespaces. Please ensure +> there are no custom resources that you want to keep and there are no other Ingress Controller releases running in the +> cluster. ## Managing the Chart via OCI Registry @@ -56,25 +75,29 @@ To install the chart with the release name my-release (my-release is the name th For NGINX: ```console -helm install my-release oci://ghcr.io/nginxinc/charts/nginx-ingress --version 0.18.1 +helm install my-release oci://ghcr.io/nginxinc/charts/nginx-ingress --version 1.0.0 ``` -For NGINX Plus: (assuming you have pushed the Ingress Controller image `nginx-plus-ingress` to your private registry `myregistry.example.com`) +For NGINX Plus: (assuming you have pushed the Ingress Controller image `nginx-plus-ingress` to your private registry +`myregistry.example.com`) ```console -helm install my-release oci://ghcr.io/nginxinc/charts/nginx-ingress --version 0.18.1 --set controller.image.repository=myregistry.example.com/nginx-plus-ingress --set controller.nginxplus=true +helm install my-release oci://ghcr.io/nginxinc/charts/nginx-ingress --version 1.0.0 --set controller.image.repository=myregistry.example.com/nginx-plus-ingress --set controller.nginxplus=true ``` -This will install the latest `edge` version of the Ingress Controller from GitHub Container Registry. If you prefer to use Docker Hub, you can replace `ghcr.io/nginxinc/charts/nginx-ingress` with `registry-1.docker.io/nginxcharts/nginx-ingress`. +This will install the latest `edge` version of the Ingress Controller from GitHub Container Registry. If you prefer to +use Docker Hub, you can replace `ghcr.io/nginxinc/charts/nginx-ingress` with +`registry-1.docker.io/nginxcharts/nginx-ingress`. ### Upgrading the Chart -Helm does not upgrade the CRDs during a release upgrade. Before you upgrade a release, see [Upgrading the CRDs](#upgrading-the-crds). +Helm does not upgrade the CRDs during a release upgrade. Before you upgrade a release, see [Upgrading the +CRDs](#upgrading-the-crds). To upgrade the release `my-release`: ```console -helm upgrade my-release oci://ghcr.io/nginxinc/charts/nginx-ingress --version 0.18.1 +helm upgrade my-release oci://ghcr.io/nginxinc/charts/nginx-ingress --version 1.0.0 ``` ### Uninstalling the Chart @@ -87,12 +110,14 @@ helm uninstall my-release The command removes all the Kubernetes components associated with the release and deletes the release. -Uninstalling the release does not remove the CRDs. To remove the CRDs, see [Uninstalling the CRDs](#uninstalling-the-crds). +Uninstalling the release does not remove the CRDs. To remove the CRDs, see [Uninstalling the +CRDs](#uninstalling-the-crds). ### Edge Version -To test the latest changes in NGINX Ingress Controller before a new release, you can install the `edge` version. This version is built from the `main` branch of the NGINX Ingress Controller repository. -You can install the `edge` version by specifying the `--version` flag with the value `0.0.0-edge`: +To test the latest changes in NGINX Ingress Controller before a new release, you can install the `edge` version. This +version is built from the `main` branch of the NGINX Ingress Controller repository. You can install the `edge` version +by specifying the `--version` flag with the value `0.0.0-edge`: ```console helm install my-release oci://ghcr.io/nginxinc/charts/nginx-ingress --version 0.0.0-edge @@ -106,12 +131,14 @@ helm install my-release oci://ghcr.io/nginxinc/charts/nginx-ingress --version 0. ### Pulling the Chart -This step is required if you're installing the chart using its sources. Additionally, the step is also required for managing the custom resource definitions (CRDs), which the Ingress Controller requires by default, or for upgrading/deleting the CRDs. +This step is required if you're installing the chart using its sources. Additionally, the step is also required for +managing the custom resource definitions (CRDs), which the Ingress Controller requires by default, or for +upgrading/deleting the CRDs. 1. Pull the chart sources: ```console - helm pull oci://ghcr.io/nginxinc/charts/nginx-ingress --untar --version 0.18.1 + helm pull oci://ghcr.io/nginxinc/charts/nginx-ingress --untar --version 1.0.0 ``` 2. Change your working directory to nginx-ingress: @@ -136,11 +163,13 @@ For NGINX Plus: helm install my-release -f values-plus.yaml . ``` -The command deploys the Ingress Controller in your Kubernetes cluster in the default configuration. The configuration section lists the parameters that can be configured during installation. +The command deploys the Ingress Controller in your Kubernetes cluster in the default configuration. The configuration +section lists the parameters that can be configured during installation. ### Upgrading the Chart -Helm does not upgrade the CRDs during a release upgrade. Before you upgrade a release, see [Upgrading the CRDs](#upgrading-the-crds). +Helm does not upgrade the CRDs during a release upgrade. Before you upgrade a release, see [Upgrading the +CRDs](#upgrading-the-crds). To upgrade the release `my-release`: @@ -158,13 +187,18 @@ helm uninstall my-release The command removes all the Kubernetes components associated with the release and deletes the release. -Uninstalling the release does not remove the CRDs. To remove the CRDs, see [Uninstalling the CRDs](#uninstalling-the-crds). +Uninstalling the release does not remove the CRDs. To remove the CRDs, see [Uninstalling the +CRDs](#uninstalling-the-crds). ## Running Multiple Ingress Controllers -If you are running multiple Ingress Controller releases in your cluster with enabled custom resources, the releases will share a single version of the CRDs. As a result, make sure that the Ingress Controller versions match the version of the CRDs. Additionally, when uninstalling a release, ensure that you don’t remove the CRDs until there are no other Ingress Controller releases running in the cluster. +If you are running multiple Ingress Controller releases in your cluster with enabled custom resources, the releases will +share a single version of the CRDs. As a result, make sure that the Ingress Controller versions match the version of the +CRDs. Additionally, when uninstalling a release, ensure that you don’t remove the CRDs until there are no other Ingress +Controller releases running in the cluster. -See [running multiple Ingress Controllers](https://docs.nginx.com/nginx-ingress-controller/installation/running-multiple-ingress-controllers/) for more details. +See [running multiple Ingress Controllers](https://docs.nginx.com/nginx-ingress-controller/installation/running-multiple-ingress-controllers/) +for more details. ## Configuration @@ -183,7 +217,7 @@ The following tables lists the configurable parameters of the NGINX Ingress Cont |`controller.logLevel` | The log level of the Ingress Controller. | 1 | |`controller.image.digest` | The image digest of the Ingress Controller. | None | |`controller.image.repository` | The image repository of the Ingress Controller. | nginx/nginx-ingress | -|`controller.image.tag` | The tag of the Ingress Controller image. | 3.2.1 | +|`controller.image.tag` | The tag of the Ingress Controller image. | 3.3.0 | |`controller.image.pullPolicy` | The pull policy for the Ingress Controller image. | IfNotPresent | |`controller.lifecycle` | The lifecycle of the Ingress Controller pods. | {} | |`controller.customConfigMap` | The name of the custom ConfigMap used by the Ingress Controller. If set, then the default config is ignored. | "" | @@ -209,15 +243,17 @@ The following tables lists the configurable parameters of the NGINX Ingress Cont |`controller.extraContainers` | Extra (eg. sidecar) containers for the Ingress Controller pods. | [] | |`controller.resources` | The resources of the Ingress Controller pods. | requests: cpu=100m,memory=128Mi | |`controller.replicaCount` | The number of replicas of the Ingress Controller deployment. | 1 | -|`controller.ingressClass` | A class of the Ingress Controller. An IngressClass resource with the name equal to the class must be deployed. Otherwise, the Ingress Controller will fail to start. The Ingress Controller only processes resources that belong to its class - i.e. have the "ingressClassName" field resource equal to the class. The Ingress Controller processes all the VirtualServer/VirtualServerRoute/TransportServer resources that do not have the "ingressClassName" field for all versions of kubernetes. | nginx | -|`controller.setAsDefaultIngress` | New Ingresses without an `"ingressClassName"` field specified will be assigned the class specified in `controller.ingressClass`. | false | +|`controller.ingressClass.name` | A class of the Ingress Controller. An IngressClass resource with the name equal to the class must be deployed. Otherwise, the Ingress Controller will fail to start. The Ingress Controller only processes resources that belong to its class - i.e. have the "ingressClassName" field resource equal to the class. The Ingress Controller processes all the VirtualServer/VirtualServerRoute/TransportServer resources that do not have the "ingressClassName" field for all versions of Kubernetes. | nginx | +|`controller.ingressClass.create` | Creates a new IngressClass object with the name `controller.ingressClass.name`. Set to `false` to use an existing ingressClass created using `kubectl` with the same name. If you use `helm upgrade`, do not change the values from the previous release as helm will delete IngressClass objects managed by helm. If you are upgrading from a release earlier than 3.3.0, do not set the value to false. | true | +|`controller.ingressClass.setAsDefaultIngress` | New Ingresses without an `"ingressClassName"` field specified will be assigned the class specified in `controller.ingressClass.name`. Requires `controller.ingressClass.create`. | false | |`controller.watchNamespace` | Comma separated list of namespaces the Ingress Controller should watch for resources. By default the Ingress Controller watches all namespaces. Mutually exclusive with `controller.watchNamespaceLabel`. Please note that if configuring multiple namespaces using the Helm cli `--set` option, the string needs to wrapped in double quotes and the commas escaped using a backslash - e.g. `--set controller.watchNamespace="default\,nginx-ingress"`. | "" | |`controller.watchNamespaceLabel` | Configures the Ingress Controller to watch only those namespaces with label foo=bar. By default the Ingress Controller watches all namespaces. Mutually exclusive with `controller.watchNamespace`. | "" | |`controller.watchSecretNamespace` | Comma separated list of namespaces the Ingress Controller should watch for resources of type Secret. If this arg is not configured, the Ingress Controller watches the same namespaces for all resources. See `controller.watchNamespace` and `controller.watchNamespaceLabel`. Please note that if configuring multiple namespaces using the Helm cli `--set` option, the string needs to wrapped in double quotes and the commas escaped using a backslash - e.g. `--set controller.watchSecretNamespace="default\,nginx-ingress"`. | "" | |`controller.enableCustomResources` | Enable the custom resources. | true | |`controller.enablePreviewPolicies` | Enable preview policies. This parameter is deprecated. To enable OIDC Policies please use `controller.enableOIDC` instead. | false | |`controller.enableOIDC` | Enable OIDC policies. | false | -|`controller.enableTLSPassthrough` | Enable TLS Passthrough on port 443. Requires `controller.enableCustomResources`. | false | +|`controller.enableTLSPassthrough` | Enable TLS Passthrough on default port 443. Requires `controller.enableCustomResources`. | false | +|`controller.tlsPassThroughPort` | Set the port for the TLS Passthrough. Requires `controller.enableCustomResources` and `controller.enableTLSPassthrough`. | 443 | |`controller.enableCertManager` | Enable x509 automated certificate management for VirtualServer resources using cert-manager (cert-manager.io). Requires `controller.enableCustomResources`. | false | |`controller.enableExternalDNS` | Enable integration with ExternalDNS for configuring public DNS entries for VirtualServer resources using [ExternalDNS](https://github.com/kubernetes-sigs/external-dns). Requires `controller.enableCustomResources`. | false | |`controller.globalConfiguration.create` | Creates the GlobalConfiguration custom resource. Requires `controller.enableCustomResources`. | false | @@ -236,6 +272,7 @@ The following tables lists the configurable parameters of the NGINX Ingress Cont |`controller.service.extraLabels` | The extra labels of the service. | {} | |`controller.service.loadBalancerIP` | The static IP address for the load balancer. Requires `controller.service.type` set to `LoadBalancer`. The cloud provider must support this feature. | "" | |`controller.service.externalIPs` | The list of external IPs for the Ingress Controller service. | [] | +|`controller.service.clusterIP` | The clusterIP for the Ingress Controller service, autoassigned if not specified. | "" | |`controller.service.loadBalancerSourceRanges` | The IP ranges (CIDR) that are allowed to access the load balancer. Requires `controller.service.type` set to `LoadBalancer`. The cloud provider must support this feature. | [] | |`controller.service.name` | The name of the service. | Autogenerated | |`controller.service.customPorts` | A list of custom ports to expose through the Ingress Controller service. Follows the conventional Kubernetes yaml syntax for service ports. | [] | @@ -301,5 +338,7 @@ The following tables lists the configurable parameters of the NGINX Ingress Cont ## Notes -- The values-icp.yaml file is used for deploying the Ingress Controller on IBM Cloud Private. See the [blog post](https://www.nginx.com/blog/nginx-ingress-controller-ibm-cloud-private/) for more details. -- The values-nsm.yaml file is used for deploying the Ingress Controller with NGINX Service Mesh. See the NGINX Service Mesh [docs](https://docs.nginx.com/nginx-service-mesh/tutorials/kic/deploy-with-kic/) for more details. +- The values-icp.yaml file is used for deploying the Ingress Controller on IBM Cloud Private. See the [blog + post](https://www.nginx.com/blog/nginx-ingress-controller-ibm-cloud-private/) for more details. +- The values-nsm.yaml file is used for deploying the Ingress Controller with NGINX Service Mesh. See the NGINX Service + Mesh [docs](https://docs.nginx.com/nginx-service-mesh/tutorials/kic/deploy-with-kic/) for more details. diff --git a/helm-charts/nginx-ingress/crds/appprotectdos.f5.com_dosprotectedresources.yaml b/helm-charts/nginx-ingress/crds/appprotectdos.f5.com_dosprotectedresources.yaml index 0e64a1cd..53a51c49 100644 --- a/helm-charts/nginx-ingress/crds/appprotectdos.f5.com_dosprotectedresources.yaml +++ b/helm-charts/nginx-ingress/crds/appprotectdos.f5.com_dosprotectedresources.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.13.0 name: dosprotectedresources.appprotectdos.f5.com spec: group: appprotectdos.f5.com diff --git a/helm-charts/nginx-ingress/crds/externaldns.nginx.org_dnsendpoints.yaml b/helm-charts/nginx-ingress/crds/externaldns.nginx.org_dnsendpoints.yaml index 1e07fa1a..82790713 100644 --- a/helm-charts/nginx-ingress/crds/externaldns.nginx.org_dnsendpoints.yaml +++ b/helm-charts/nginx-ingress/crds/externaldns.nginx.org_dnsendpoints.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.13.0 name: dnsendpoints.externaldns.nginx.org spec: group: externaldns.nginx.org diff --git a/helm-charts/nginx-ingress/crds/k8s.nginx.org_globalconfigurations.yaml b/helm-charts/nginx-ingress/crds/k8s.nginx.org_globalconfigurations.yaml index 65d5c048..b0dc371f 100644 --- a/helm-charts/nginx-ingress/crds/k8s.nginx.org_globalconfigurations.yaml +++ b/helm-charts/nginx-ingress/crds/k8s.nginx.org_globalconfigurations.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.13.0 name: globalconfigurations.k8s.nginx.org spec: group: k8s.nginx.org @@ -45,5 +45,7 @@ spec: type: integer protocol: type: string + ssl: + type: boolean served: true storage: true diff --git a/helm-charts/nginx-ingress/crds/k8s.nginx.org_policies.yaml b/helm-charts/nginx-ingress/crds/k8s.nginx.org_policies.yaml index b93bc600..907c22a8 100644 --- a/helm-charts/nginx-ingress/crds/k8s.nginx.org_policies.yaml +++ b/helm-charts/nginx-ingress/crds/k8s.nginx.org_policies.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.13.0 name: policies.k8s.nginx.org spec: group: k8s.nginx.org diff --git a/helm-charts/nginx-ingress/crds/k8s.nginx.org_transportservers.yaml b/helm-charts/nginx-ingress/crds/k8s.nginx.org_transportservers.yaml index 7c3a05a8..b1448e9e 100644 --- a/helm-charts/nginx-ingress/crds/k8s.nginx.org_transportservers.yaml +++ b/helm-charts/nginx-ingress/crds/k8s.nginx.org_transportservers.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.13.0 name: transportservers.k8s.nginx.org spec: group: k8s.nginx.org diff --git a/helm-charts/nginx-ingress/crds/k8s.nginx.org_virtualserverroutes.yaml b/helm-charts/nginx-ingress/crds/k8s.nginx.org_virtualserverroutes.yaml index 75ac6461..d21640a3 100644 --- a/helm-charts/nginx-ingress/crds/k8s.nginx.org_virtualserverroutes.yaml +++ b/helm-charts/nginx-ingress/crds/k8s.nginx.org_virtualserverroutes.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.13.0 name: virtualserverroutes.k8s.nginx.org spec: group: k8s.nginx.org diff --git a/helm-charts/nginx-ingress/crds/k8s.nginx.org_virtualservers.yaml b/helm-charts/nginx-ingress/crds/k8s.nginx.org_virtualservers.yaml index 78afe011..189cce4f 100644 --- a/helm-charts/nginx-ingress/crds/k8s.nginx.org_virtualservers.yaml +++ b/helm-charts/nginx-ingress/crds/k8s.nginx.org_virtualservers.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.13.0 name: virtualservers.k8s.nginx.org spec: group: k8s.nginx.org @@ -97,6 +97,14 @@ spec: internalRoute: description: InternalRoute allows for the configuration of internal routing. type: boolean + listener: + description: Listener references a custom http and/or https listener defined in GlobalConfiguration. + type: object + properties: + http: + type: string + https: + type: string policies: type: array items: diff --git a/helm-charts/nginx-ingress/templates/_helpers.tpl b/helm-charts/nginx-ingress/templates/_helpers.tpl index e4851329..5372053b 100644 --- a/helm-charts/nginx-ingress/templates/_helpers.tpl +++ b/helm-charts/nginx-ingress/templates/_helpers.tpl @@ -64,9 +64,13 @@ app.kubernetes.io/managed-by: {{ .Release.Service }} Selector labels */}} {{- define "nginx-ingress.selectorLabels" -}} +{{- if .Values.controller.selectorLabels -}} +{{ toYaml .Values.controller.selectorLabels }} +{{- else -}} app.kubernetes.io/name: {{ include "nginx-ingress.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} +{{- end -}} +{{- end -}} {{/* Expand the name of the configmap. @@ -125,3 +129,7 @@ Expand image name. {{- printf "%s:%s" .Values.controller.image.repository (include "nginx-ingress.tag" .) -}} {{- end -}} {{- end -}} + +{{- define "nginx-ingress.prometheus.serviceName" -}} +{{- printf "%s-%s" (include "nginx-ingress.fullname" .) "prometheus-service" -}} +{{- end -}} diff --git a/helm-charts/nginx-ingress/templates/controller-daemonset.yaml b/helm-charts/nginx-ingress/templates/controller-daemonset.yaml index b94ff9ad..d6012c3a 100644 --- a/helm-charts/nginx-ingress/templates/controller-daemonset.yaml +++ b/helm-charts/nginx-ingress/templates/controller-daemonset.yaml @@ -85,12 +85,14 @@ spec: {{ toYaml .Values.controller.lifecycle | indent 10 }} {{- end }} ports: - - name: http - containerPort: 80 - hostPort: 80 - - name: https - containerPort: 443 - hostPort: 443 +{{- range $key, $value := .Values.controller.containerPort }} + - name: {{ $key }} + containerPort: {{ $value }} + protocol: TCP + {{- if and $.Values.controller.hostPort.enable (index $.Values.controller.hostPort $key) }} + hostPort: {{ index $.Values.controller.hostPort $key }} + {{- end }} +{{- end }} {{ if .Values.controller.customPorts }} {{ toYaml .Values.controller.customPorts | indent 8 }} {{ end }} @@ -178,7 +180,7 @@ spec: {{ else if and (.Values.controller.defaultTLS.cert) (.Values.controller.defaultTLS.key) }} - -default-server-tls-secret=$(POD_NAMESPACE)/{{ include "nginx-ingress.defaultTLSName" . }} {{- end }} - - -ingress-class={{ .Values.controller.ingressClass }} + - -ingress-class={{ .Values.controller.ingressClass.name }} {{- if .Values.controller.watchNamespace }} - -watch-namespace={{ .Values.controller.watchNamespace }} {{- end }} @@ -228,6 +230,9 @@ spec: - -disable-ipv6={{ .Values.controller.disableIPV6 }} {{- if .Values.controller.enableCustomResources }} - -enable-tls-passthrough={{ .Values.controller.enableTLSPassthrough }} +{{ if .Values.controller.enableTLSPassthrough }} + - -tls-passthrough-port={{ .Values.controller.tlsPassthroughPort }} +{{ end }} - -enable-preview-policies={{ .Values.controller.enablePreviewPolicies }} - -enable-cert-manager={{ .Values.controller.enableCertManager }} - -enable-oidc={{ .Values.controller.enableOIDC }} diff --git a/helm-charts/nginx-ingress/templates/controller-deployment.yaml b/helm-charts/nginx-ingress/templates/controller-deployment.yaml index 0c1b9ad5..f23f515e 100644 --- a/helm-charts/nginx-ingress/templates/controller-deployment.yaml +++ b/helm-charts/nginx-ingress/templates/controller-deployment.yaml @@ -92,10 +92,14 @@ spec: {{ toYaml .Values.controller.lifecycle | indent 10 }} {{- end }} ports: - - name: http - containerPort: 80 - - name: https - containerPort: 443 +{{- range $key, $value := .Values.controller.containerPort }} + - name: {{ $key }} + containerPort: {{ $value }} + protocol: TCP + {{- if and $.Values.controller.hostPort.enable (index $.Values.controller.hostPort $key) }} + hostPort: {{ index $.Values.controller.hostPort $key }} + {{- end }} +{{- end }} {{- if .Values.controller.customPorts }} {{ toYaml .Values.controller.customPorts | indent 8 }} {{- end }} @@ -183,7 +187,7 @@ spec: {{ else if and (.Values.controller.defaultTLS.cert) (.Values.controller.defaultTLS.key) }} - -default-server-tls-secret=$(POD_NAMESPACE)/{{ include "nginx-ingress.defaultTLSName" . }} {{- end }} - - -ingress-class={{ .Values.controller.ingressClass }} + - -ingress-class={{ .Values.controller.ingressClass.name }} {{- if .Values.controller.watchNamespace }} - -watch-namespace={{ .Values.controller.watchNamespace }} {{- end }} @@ -233,6 +237,9 @@ spec: - -disable-ipv6={{ .Values.controller.disableIPV6 }} {{- if .Values.controller.enableCustomResources }} - -enable-tls-passthrough={{ .Values.controller.enableTLSPassthrough }} +{{ if .Values.controller.enableTLSPassthrough }} + - -tls-passthrough-port={{ .Values.controller.tlsPassthroughPort }} +{{ end }} - -enable-preview-policies={{ .Values.controller.enablePreviewPolicies }} - -enable-cert-manager={{ .Values.controller.enableCertManager }} - -enable-oidc={{ .Values.controller.enableOIDC }} diff --git a/helm-charts/nginx-ingress/templates/controller-hpa.yaml b/helm-charts/nginx-ingress/templates/controller-hpa.yaml index bc714639..b8691648 100644 --- a/helm-charts/nginx-ingress/templates/controller-hpa.yaml +++ b/helm-charts/nginx-ingress/templates/controller-hpa.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.controller.autoscaling.enabled (eq .Values.controller.kind "deployment") (semverCompare ">=1.23.0" .Capabilities.KubeVersion.Version) -}} +{{- if and .Values.controller.autoscaling.enabled (eq .Values.controller.kind "deployment") (.Capabilities.APIVersions.Has "autoscaling/v2") -}} apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: diff --git a/helm-charts/nginx-ingress/templates/controller-ingress-class.yaml b/helm-charts/nginx-ingress/templates/controller-ingress-class.yaml index c3fc202b..a351d697 100644 --- a/helm-charts/nginx-ingress/templates/controller-ingress-class.yaml +++ b/helm-charts/nginx-ingress/templates/controller-ingress-class.yaml @@ -1,12 +1,14 @@ +{{ if .Values.controller.ingressClass.create }} apiVersion: networking.k8s.io/v1 kind: IngressClass metadata: - name: {{ .Values.controller.ingressClass }} + name: {{ .Values.controller.ingressClass.name }} labels: {{- include "nginx-ingress.labels" . | nindent 4 }} -{{- if .Values.controller.setAsDefaultIngress }} +{{- if .Values.controller.ingressClass.setAsDefaultIngress }} annotations: ingressclass.kubernetes.io/is-default-class: "true" {{- end }} spec: controller: nginx.org/ingress-controller +{{ end }} diff --git a/helm-charts/nginx-ingress/templates/controller-prometheus-service.yaml b/helm-charts/nginx-ingress/templates/controller-prometheus-service.yaml new file mode 100644 index 00000000..d3651428 --- /dev/null +++ b/helm-charts/nginx-ingress/templates/controller-prometheus-service.yaml @@ -0,0 +1,21 @@ +{{- if and .Values.prometheus.create .Values.prometheus.service.create}} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "nginx-ingress.prometheus.serviceName" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "nginx-ingress.labels" . | nindent 4 }} + {{- if .Values.prometheus.service.labels -}} + {{- toYaml .Values.prometheus.service.labels | nindent 4 }} + {{- end }} +spec: + clusterIP: None + ports: + - name: prometheus + protocol: TCP + port: {{ .Values.prometheus.port }} + targetPort: {{ .Values.prometheus.port }} + selector: + {{- include "nginx-ingress.selectorLabels" . | nindent 4 }} +{{- end }} diff --git a/helm-charts/nginx-ingress/templates/controller-service.yaml b/helm-charts/nginx-ingress/templates/controller-service.yaml index 6daa9411..a25de945 100644 --- a/helm-charts/nginx-ingress/templates/controller-service.yaml +++ b/helm-charts/nginx-ingress/templates/controller-service.yaml @@ -14,6 +14,9 @@ metadata: {{ toYaml .Values.controller.service.annotations | indent 4 }} {{- end }} spec: +{{- if .Values.controller.service.clusterIP }} + clusterIP: {{ .Values.controller.service.clusterIP }} +{{- end }} {{- if or (eq .Values.controller.service.type "LoadBalancer") (eq .Values.controller.service.type "NodePort") }} {{- if .Values.controller.service.externalTrafficPolicy }} externalTrafficPolicy: {{ .Values.controller.service.externalTrafficPolicy }} diff --git a/helm-charts/nginx-ingress/templates/controller-servicemonitor.yaml b/helm-charts/nginx-ingress/templates/controller-servicemonitor.yaml index a279af33..e1a4268f 100644 --- a/helm-charts/nginx-ingress/templates/controller-servicemonitor.yaml +++ b/helm-charts/nginx-ingress/templates/controller-servicemonitor.yaml @@ -1,4 +1,4 @@ -{{- if .Values.controller.serviceMonitor.create }} +{{- if .Values.prometheus.serviceMonitor.create }} apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: @@ -6,16 +6,16 @@ metadata: namespace: {{ .Release.Namespace }} labels: {{- include "nginx-ingress.labels" . | nindent 4 }} - {{- if .Values.controller.serviceMonitor.labels -}} - {{- toYaml .Values.controller.serviceMonitor.labels | nindent 4 }} + {{- if .Values.prometheus.serviceMonitor.labels -}} + {{- toYaml .Values.prometheus.serviceMonitor.labels | nindent 4 }} {{- end }} spec: selector: matchLabels: - {{- if .Values.controller.serviceMonitor.selectorMatchLabels -}} - {{- toYaml .Values.controller.serviceMonitor.selectorMatchLabels | nindent 6 }} + {{- if .Values.prometheus.serviceMonitor.selectorMatchLabels -}} + {{- toYaml .Values.prometheus.serviceMonitor.selectorMatchLabels | nindent 6 }} {{- end }} {{- include "nginx-ingress.selectorLabels" . | nindent 6 }} endpoints: - {{- toYaml .Values.controller.serviceMonitor.endpoints | nindent 4 }} + {{- toYaml .Values.prometheus.serviceMonitor.endpoints | nindent 4 }} {{- end }} diff --git a/helm-charts/nginx-ingress/values-icp.yaml b/helm-charts/nginx-ingress/values-icp.yaml index 06a1fe8d..cadf8d6b 100644 --- a/helm-charts/nginx-ingress/values-icp.yaml +++ b/helm-charts/nginx-ingress/values-icp.yaml @@ -4,7 +4,7 @@ controller: nginxplus: true image: repository: mycluster.icp:8500/kube-system/nginx-plus-ingress - tag: "3.2.1" + tag: "3.3.0" nodeSelector: beta.kubernetes.io/arch: "amd64" proxy: true diff --git a/helm-charts/nginx-ingress/values-plus.yaml b/helm-charts/nginx-ingress/values-plus.yaml index 7852aa3b..f62b8d65 100644 --- a/helm-charts/nginx-ingress/values-plus.yaml +++ b/helm-charts/nginx-ingress/values-plus.yaml @@ -3,4 +3,4 @@ controller: nginxplus: true image: repository: nginx-plus-ingress - tag: "3.2.1" + tag: "3.3.0" diff --git a/helm-charts/nginx-ingress/values.schema.json b/helm-charts/nginx-ingress/values.schema.json index 85bbd416..39f65da6 100644 --- a/helm-charts/nginx-ingress/values.schema.json +++ b/helm-charts/nginx-ingress/values.schema.json @@ -42,11 +42,17 @@ "daemonset" ] }, + "selectorLabels": { + "type": "object", + "default": {}, + "title": "The selectorLabels Schema", + "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.27.4/_definitions.json#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector/properties/matchLabels" + }, "annotations": { "type": "object", "default": {}, "title": "The annotations Schema", - "$ref": "file://./helm-charts/nginx-ingress/v1.26.1/_definitions.json#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta/properties/annotations" + "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.27.4/_definitions.json#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta/properties/annotations" }, "nginxplus": { "type": "boolean", @@ -181,11 +187,40 @@ true ] }, + "hostPort": { + "type": "object", + "default": {}, + "title": "The hostPort Schema", + "patternProperties": { + "^.*$": { + "anyOf": [ + { + "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.27.4/_definitions.json#/definitions/io.k8s.api.core.v1.ContainerPort/properties/hostPort" + }, + { + "type": "boolean" + } + ] + } + }, + "additionalProperties": false + }, + "containerPort": { + "type": "object", + "default": {}, + "title": "The containerPort Schema", + "patternProperties": { + "^.*$": { + "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.27.4/_definitions.json#/definitions/io.k8s.api.core.v1.ContainerPort/properties/containerPort" + } + }, + "additionalProperties": false + }, "dnsPolicy": { "type": "string", "allOf": [ { - "$ref": "file://./helm-charts/nginx-ingress/v1.26.1/_definitions.json#/definitions/io.k8s.api.core.v1.PodSpec/properties/dnsPolicy" + "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.27.4/_definitions.json#/definitions/io.k8s.api.core.v1.PodSpec/properties/dnsPolicy" }, { "enum": [ @@ -226,7 +261,7 @@ "title": "The customPorts to expose on the NGINX Ingress Controller pod", "items": { "type": "object", - "$ref": "file://./helm-charts/nginx-ingress/v1.26.1/_definitions.json#/definitions/io.k8s.api.core.v1.ContainerPort" + "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.27.4/_definitions.json#/definitions/io.k8s.api.core.v1.ContainerPort" }, "examples": [ [ @@ -281,7 +316,7 @@ "title": "The pullPolicy for the Ingress Controller image", "allOf": [ { - "$ref": "file://./helm-charts/nginx-ingress/v1.26.1/_definitions.json#/definitions/io.k8s.api.core.v1.Container/properties/imagePullPolicy" + "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.27.4/_definitions.json#/definitions/io.k8s.api.core.v1.Container/properties/imagePullPolicy" }, { "enum": [ @@ -310,7 +345,7 @@ "type": "object", "default": {}, "title": "The lifecycle Schema", - "$ref": "file://./helm-charts/nginx-ingress/v1.26.1/_definitions.json#/definitions/io.k8s.api.core.v1.Lifecycle" + "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.27.4/_definitions.json#/definitions/io.k8s.api.core.v1.Lifecycle" }, "customConfigMap": { "type": "string", @@ -338,7 +373,7 @@ "type": "object", "default": {}, "title": "The annotations Schema", - "$ref": "file://./helm-charts/nginx-ingress/v1.26.1/_definitions.json#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta/properties/annotations" + "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.27.4/_definitions.json#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta/properties/annotations" }, "entries": { "type": "object", @@ -425,19 +460,19 @@ "type": "object", "default": {}, "title": "The nodeSelector Schema", - "$ref": "file://./helm-charts/nginx-ingress/v1.26.1/_definitions.json#/definitions/io.k8s.api.core.v1.PodSpec/properties/nodeSelector" + "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.27.4/_definitions.json#/definitions/io.k8s.api.core.v1.PodSpec/properties/nodeSelector" }, "terminationGracePeriodSeconds": { "type": "integer", "default": 30, "title": "The terminationGracePeriodSeconds Schema", - "$ref": "file://./helm-charts/nginx-ingress/v1.26.1/_definitions.json#/definitions/io.k8s.api.core.v1.PodSpec/properties/terminationGracePeriodSeconds" + "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.27.4/_definitions.json#/definitions/io.k8s.api.core.v1.PodSpec/properties/terminationGracePeriodSeconds" }, "resources": { "type": "object", "default": {}, "title": "The resources Schema", - "$ref": "file://./helm-charts/nginx-ingress/v1.26.1/_definitions.json#/definitions/io.k8s.api.core.v1.ResourceRequirements" + "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.27.4/_definitions.json#/definitions/io.k8s.api.core.v1.ResourceRequirements" }, "tolerations": { "type": "array", @@ -445,20 +480,20 @@ "title": "The tolerations Schema", "items": { "type": "object", - "$ref": "file://./helm-charts/nginx-ingress/v1.26.1/_definitions.json#/definitions/io.k8s.api.core.v1.Toleration" + "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.27.4/_definitions.json#/definitions/io.k8s.api.core.v1.Toleration" } }, "affinity": { "type": "object", "default": {}, "title": "The affinity Schema", - "$ref": "file://./helm-charts/nginx-ingress/v1.26.1/_definitions.json#/definitions/io.k8s.api.core.v1.Affinity" + "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.27.4/_definitions.json#/definitions/io.k8s.api.core.v1.Affinity" }, "topologySpreadConstraints": { "type": "object", "default": {}, "title": "The topologySpreadConstraints Schema", - "$ref": "file://./helm-charts/nginx-ingress/v1.26.1/_definitions.json#/definitions/io.k8s.api.core.v1.PodSpec/properties/topologySpreadConstraints" + "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.27.4/_definitions.json#/definitions/io.k8s.api.core.v1.PodSpec/properties/topologySpreadConstraints" }, "env": { "type": "array", @@ -466,7 +501,7 @@ "title": "The env Schema", "items": { "type": "object", - "$ref": "file://./helm-charts/nginx-ingress/v1.26.1/_definitions.json#/definitions/io.k8s.api.core.v1.EnvVar" + "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.27.4/_definitions.json#/definitions/io.k8s.api.core.v1.EnvVar" } }, "volumes": { @@ -475,7 +510,7 @@ "title": "The volumes Schema", "items": { "type": "object", - "$ref": "file://./helm-charts/nginx-ingress/v1.26.1/_definitions.json#/definitions/io.k8s.api.core.v1.Volume" + "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.27.4/_definitions.json#/definitions/io.k8s.api.core.v1.Volume" } }, "volumeMounts": { @@ -484,7 +519,7 @@ "title": "The volumeMounts Schema", "items": { "type": "object", - "$ref": "file://./helm-charts/nginx-ingress/v1.26.1/_definitions.json#/definitions/io.k8s.api.core.v1.VolumeMount" + "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.27.4/_definitions.json#/definitions/io.k8s.api.core.v1.VolumeMount" } }, "initContainers": { @@ -493,14 +528,14 @@ "title": "The initContainers Schema", "items": { "type": "object", - "$ref": "file://./helm-charts/nginx-ingress/v1.26.1/_definitions.json#/definitions/io.k8s.api.core.v1.Container" + "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.27.4/_definitions.json#/definitions/io.k8s.api.core.v1.Container" } }, "minReadySeconds": { "type": "integer", "default": 0, "title": "The minReadySeconds Schema", - "$ref": "file://./helm-charts/nginx-ingress/v1.26.1/_definitions.json#/definitions/io.k8s.api.apps.v1.DeploymentSpec/properties/minReadySeconds" + "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.27.4/_definitions.json#/definitions/io.k8s.api.apps.v1.DeploymentSpec/properties/minReadySeconds" }, "strategy": { "type": "object", @@ -508,7 +543,7 @@ "title": "The strategy Schema", "allOf": [ { - "$ref": "file://./helm-charts/nginx-ingress/v1.26.1/_definitions.json#/definitions/io.k8s.api.apps.v1.DeploymentStrategy" + "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.27.4/_definitions.json#/definitions/io.k8s.api.apps.v1.DeploymentStrategy" }, { "properties": { @@ -530,7 +565,7 @@ "title": "The extraContainers Schema", "items": { "type": "object", - "$ref": "file://./helm-charts/nginx-ingress/v1.26.1/_definitions.json#/definitions/io.k8s.api.core.v1.Container" + "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.27.4/_definitions.json#/definitions/io.k8s.api.core.v1.Container" } }, "replicaCount": { @@ -542,20 +577,36 @@ ] }, "ingressClass": { - "type": "string", - "default": "", + "type": "object", + "default": {}, "title": "The ingressClass", - "examples": [ - "nginx" - ] - }, - "setAsDefaultIngress": { - "type": "boolean", - "default": false, - "title": "The setAsDefaultIngress", - "examples": [ - false - ] + "required": [], + "properties": { + "create": { + "type": "boolean", + "default": true, + "title": "The create", + "examples": [ + true + ] + }, + "name": { + "type": "string", + "default": "", + "title": "The ingressClass name", + "examples": [ + "nginx" + ] + }, + "setAsDefaultIngress": { + "type": "boolean", + "default": false, + "title": "The setAsDefaultIngress", + "examples": [ + false + ] + } + } }, "watchNamespace": { "type": "string", @@ -613,6 +664,14 @@ false ] }, + "tlsPassthroughPort": { + "type": "integer", + "default": 443, + "title": "The tlsPassthroughPort", + "examples": [ + 443 + ] + }, "enableCertManager": { "type": "boolean", "default": false, @@ -782,19 +841,19 @@ "type": "string", "default": "", "title": "The type", - "$ref": "file://./helm-charts/nginx-ingress/v1.26.1/_definitions.json#/definitions/io.k8s.api.core.v1.ServiceSpec/properties/type" + "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.27.4/_definitions.json#/definitions/io.k8s.api.core.v1.ServiceSpec/properties/type" }, "externalTrafficPolicy": { "type": "string", "default": "", "title": "The externalTrafficPolicy", - "$ref": "file://./helm-charts/nginx-ingress/v1.26.1/_definitions.json#/definitions/io.k8s.api.core.v1.ServiceSpec/properties/externalTrafficPolicy" + "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.27.4/_definitions.json#/definitions/io.k8s.api.core.v1.ServiceSpec/properties/externalTrafficPolicy" }, "annotations": { "type": "object", "default": {}, "title": "The annotations", - "$ref": "file://./helm-charts/nginx-ingress/v1.26.1/_definitions.json#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta/properties/annotations" + "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.27.4/_definitions.json#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta/properties/annotations" }, "extraLabels": { "type": "object", @@ -810,13 +869,13 @@ "type": "string", "default": "", "title": "The loadBalancerIP", - "$ref": "file://./helm-charts/nginx-ingress/v1.26.1/_definitions.json#/definitions/io.k8s.api.core.v1.ServiceSpec/properties/loadBalancerIP" + "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.27.4/_definitions.json#/definitions/io.k8s.api.core.v1.ServiceSpec/properties/loadBalancerIP" }, "externalIPs": { "type": "array", "default": [], "title": "The externalIPs", - "$ref": "file://./helm-charts/nginx-ingress/v1.26.1/_definitions.json#/definitions/io.k8s.api.core.v1.ServiceSpec/properties/externalIPs" + "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.27.4/_definitions.json#/definitions/io.k8s.api.core.v1.ServiceSpec/properties/externalIPs" }, "loadBalancerSourceRanges": { "type": "array", @@ -831,13 +890,13 @@ "type": "boolean", "default": false, "title": "The allocateLoadBalancerNodePorts Schema", - "ref": "file://./helm-charts/nginx-ingress/v1.26.1/_definitions.json#/definitions/io.k8s.api.core.v1.ServiceSpec/properties/allocateLoadBalancerNodePorts" + "ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.27.4/_definitions.json#/definitions/io.k8s.api.core.v1.ServiceSpec/properties/allocateLoadBalancerNodePorts" }, "ipFamilyPolicy": { "type": "string", "default": "", "title": "The ipFamilyPolicy Schema", - "$ref": "file://./helm-charts/nginx-ingress/v1.26.1/_definitions.json#/definitions/io.k8s.api.core.v1.ServiceSpec/properties/ipFamilyPolicy", + "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.27.4/_definitions.json#/definitions/io.k8s.api.core.v1.ServiceSpec/properties/ipFamilyPolicy", "examples": [ "" ] @@ -846,7 +905,7 @@ "type": "array", "default": [], "title": "The ipFamilies Schema", - "ref": "file://./helm-charts/nginx-ingress/v1.26.1/_definitions.json#/definitions/io.k8s.api.core.v1.ServiceSpec/properties/ipFamilies" + "ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.27.4/_definitions.json#/definitions/io.k8s.api.core.v1.ServiceSpec/properties/ipFamilies" }, "httpPort": { "type": "object", @@ -950,7 +1009,7 @@ "title": "The customPorts", "items": { "type": "object", - "ref": "file://./helm-charts/nginx-ingress/v1.26.1/_definitions.json#/definitions/io.k8s.api.core.v1.ServicePort" + "ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.27.4/_definitions.json#/definitions/io.k8s.api.core.v1.ServicePort" } } }, @@ -992,7 +1051,7 @@ "type": "object", "default": {}, "title": "The annotations Schema", - "$ref": "file://./helm-charts/nginx-ingress/v1.26.1/_definitions.json#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta/properties/annotations" + "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.27.4/_definitions.json#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta/properties/annotations" }, "name": { "type": "string", @@ -1018,49 +1077,6 @@ } ] }, - "serviceMonitor": { - "type": "object", - "default": {}, - "title": "The serviceMonitor Schema", - "required": [], - "properties": { - "create": { - "type": "boolean", - "default": false, - "title": "The create", - "examples": [ - false - ] - }, - "labels": { - "type": "object", - "default": {}, - "title": "The labels Schema", - "$ref": "file://./helm-charts/nginx-ingress/v1.26.1/_definitions.json#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta/properties/labels" - }, - "selectorMatchLabels": { - "type": "object", - "default": {}, - "title": "The selectorMatchLabels Schema", - "$ref": "file://./helm-charts/nginx-ingress/v1.26.1/_definitions.json#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector/properties/matchLabels" - }, - "endpoints": { - "type": "array", - "default": [], - "title": "The endpoints", - "required": [], - "items": {} - } - }, - "examples": [ - { - "create": false, - "labels": {}, - "selectorMatchLabels": {}, - "endpoints": [] - } - ] - }, "reportIngressStatus": { "type": "object", "default": {}, @@ -1113,7 +1129,7 @@ "type": "object", "default": {}, "title": "The annotations Schema", - "$ref": "file://./helm-charts/nginx-ingress/v1.26.1/_definitions.json#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta/properties/annotations" + "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.27.4/_definitions.json#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta/properties/annotations" } }, "examples": [ @@ -1137,13 +1153,13 @@ "type": "object", "default": {}, "title": "The annotations Schema", - "$ref": "file://./helm-charts/nginx-ingress/v1.26.1/_definitions.json#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta/properties/annotations" + "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.27.4/_definitions.json#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta/properties/annotations" }, "extraLabels": { "type": "object", "default": {}, "title": "The extraLabels Schema", - "$ref": "file://./helm-charts/nginx-ingress/v1.26.1/_definitions.json#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta/properties/labels" + "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.27.4/_definitions.json#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta/properties/labels" } }, "examples": [ @@ -1157,7 +1173,7 @@ "type": "string", "default": "", "title": "The priorityClassName", - "$ref": "file://./helm-charts/nginx-ingress/v1.26.1/_definitions.json#/definitions/io.k8s.api.core.v1.PodSpec/properties/priorityClassName" + "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.27.4/_definitions.json#/definitions/io.k8s.api.core.v1.PodSpec/properties/priorityClassName" }, "podDisruptionBudget": { "type": "object", @@ -1174,13 +1190,13 @@ "type": "object", "default": {}, "title": "The annotations Schema", - "$ref": "file://./helm-charts/nginx-ingress/v1.26.1/_definitions.json#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta/properties/annotations" + "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.27.4/_definitions.json#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta/properties/annotations" }, "minAvailable": { - "$ref": "file://./helm-charts/nginx-ingress/v1.26.1/_definitions.json#/definitions/io.k8s.api.policy.v1.PodDisruptionBudgetSpec/properties/minAvailable" + "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.27.4/_definitions.json#/definitions/io.k8s.api.policy.v1.PodDisruptionBudgetSpec/properties/minAvailable" }, "maxUnavailable": { - "$ref": "file://./helm-charts/nginx-ingress/v1.26.1/_definitions.json#/definitions/io.k8s.api.policy.v1.PodDisruptionBudgetSpec/properties/maxUnavailable" + "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.27.4/_definitions.json#/definitions/io.k8s.api.policy.v1.PodDisruptionBudgetSpec/properties/maxUnavailable" } }, "examples": [ @@ -1219,7 +1235,7 @@ "initialDelaySeconds": { "type": "integer", "default": 0, - "$ref": "file://./helm-charts/nginx-ingress/v1.26.1/_definitions.json#/definitions/io.k8s.api.core.v1.Probe/properties/initialDelaySeconds" + "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.27.4/_definitions.json#/definitions/io.k8s.api.core.v1.Probe/properties/initialDelaySeconds" } }, "examples": [ @@ -1326,6 +1342,7 @@ "enableOIDC": false, "includeYear": false, "enableTLSPassthrough": false, + "tlsPassthroughPort": 443, "enableCertManager": false, "enableExternalDNS": false, "globalConfiguration": { @@ -1460,6 +1477,69 @@ "examples": [ "http" ] + }, + "service": { + "type": "object", + "default": {}, + "properties": { + "create": { + "type": "boolean", + "default": false, + "title": "The create", + "examples": [ + true + ] + }, + "labels": { + "type": "object", + "default": {}, + "title": "The labels Schema", + "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.27.4/_definitions.json#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta/properties/labels" + } + } + }, + "serviceMonitor": { + "type": "object", + "default": {}, + "title": "The serviceMonitor Schema", + "required": [], + "properties": { + "create": { + "type": "boolean", + "default": false, + "title": "The create", + "examples": [ + false + ] + }, + "labels": { + "type": "object", + "default": {}, + "title": "The labels Schema", + "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.27.4/_definitions.json#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta/properties/labels" + }, + "selectorMatchLabels": { + "type": "object", + "default": {}, + "title": "The selectorMatchLabels Schema", + "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.27.4/_definitions.json#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector/properties/matchLabels" + }, + "endpoints": { + "type": "array", + "default": [], + "title": "The endpoints", + "required": [], + "items": {} + } + }, + "examples": [ + { + "create": false, + "labels": {}, + "selectorMatchLabels": {}, + "endpoints": [] + } + ] } }, "examples": [ @@ -1676,12 +1756,6 @@ "minAvailable": 0, "minUnavailable": 0 }, - "serviceMonitor": { - "create": false, - "labels": {}, - "selectorMatchLabels": {}, - "endpoints": {} - }, "reportIngressStatus": { "enable": true, "externalService": "", @@ -1711,7 +1785,17 @@ "create": true, "port": 9113, "secret": "", - "scheme": "http" + "scheme": "http", + "service": { + "create": false, + "labels": {} + }, + "serviceMonitor": { + "create": false, + "labels": {}, + "selectorMatchLabels": {}, + "endpoints": {} + } }, "serviceInsight": { "create": true, diff --git a/helm-charts/nginx-ingress/values.yaml b/helm-charts/nginx-ingress/values.yaml index 4595802e..13ed1e85 100644 --- a/helm-charts/nginx-ingress/values.yaml +++ b/helm-charts/nginx-ingress/values.yaml @@ -5,6 +5,9 @@ controller: ## The kind of the Ingress Controller installation - deployment or daemonset. kind: deployment + ## The selectorLabels used to override the default values. + selectorLabels: {} + ## Annotations for deployments and daemonsets annotations: {} @@ -37,6 +40,24 @@ controller: ## Enables the Ingress Controller pods to use the host's network namespace. hostNetwork: false + ## The hostPort configuration for the Ingress Controller pods. + hostPort: + ## Enables hostPort for the Ingress Controller pods. + enable: false + + ## The HTTP hostPort configuration for the Ingress Controller pods. + http: 80 + + ## The HTTPS hostPort configuration for the Ingress Controller pods. + https: 443 + + containerPort: + ## The HTTP containerPort configuration for the Ingress Controller pods. + http: 80 + + ## The HTTPS containerPort configuration for the Ingress Controller pods. + https: 443 + ## DNS policy for the Ingress Controller pods dnsPolicy: ClusterFirst @@ -54,7 +75,7 @@ controller: repository: nginx/nginx-ingress ## The tag of the Ingress Controller image. If not specified the appVersion from Chart.yaml is used as a tag. - # tag: "3.2.1" + # tag: "3.3.0" ## The digest of the Ingress Controller image. ## If digest is specified it has precedence over tag and will be used instead @@ -82,11 +103,11 @@ controller: ## It is recommended to use your own TLS certificates and keys defaultTLS: - ## The base64-encoded TLS certificate for the default HTTPS server. By default, a pre-generated self-signed certificate is used. + ## The base64-encoded TLS certificate for the default HTTPS server. ## Note: It is recommended that you specify your own certificate. Alternatively, omitting the default server secret completely will configure NGINX to reject TLS connections to the default server. cert: "" - ## The base64-encoded TLS key for the default HTTPS server. By default, a pre-generated key is used. + ## The base64-encoded TLS key for the default HTTPS server. ## Note: It is recommended that you specify your own key. Alternatively, omitting the default server secret completely will configure NGINX to reject TLS connections to the default server. key: "" @@ -200,17 +221,22 @@ controller: ## The number of replicas of the Ingress Controller deployment. replicaCount: 1 - ## A class of the Ingress Controller. + # Configures the ingress class the Ingress Controller uses. + ingressClass: + ## A class of the Ingress Controller. - ## IngressClass resource with the name equal to the class must be deployed. Otherwise, - ## the Ingress Controller will fail to start. - ## The Ingress Controller only processes resources that belong to its class - i.e. have the "ingressClassName" field resource equal to the class. + ## IngressClass resource with the name equal to the class must be deployed. Otherwise, + ## the Ingress Controller will fail to start. + ## The Ingress Controller only processes resources that belong to its class - i.e. have the "ingressClassName" field resource equal to the class. - ## The Ingress Controller processes all the resources that do not have the "ingressClassName" field for all versions of kubernetes. - ingressClass: nginx + ## The Ingress Controller processes all the resources that do not have the "ingressClassName" field for all versions of kubernetes. + name: nginx - ## New Ingresses without an ingressClassName field specified will be assigned the class specified in `controller.ingressClass`. - setAsDefaultIngress: false + ## Creates a new IngressClass object with the name "controller.ingressClass.name". Set to false to use an existing IngressClass with the same name. If you use helm upgrade, do not change the values from the previous release as helm will delete IngressClass objects managed by helm. If you are upgrading from a release earlier than 3.3.0, do not set the value to false. + create: true + + ## New Ingresses without an ingressClassName field specified will be assigned the class specified in `controller.ingressClass`. Requires "controller.ingressClass.create". + setAsDefaultIngress: false ## Comma separated list of namespaces to watch for Ingress resources. By default the Ingress Controller watches all namespaces. Mutually exclusive with "controller.watchNamespaceLabel". watchNamespace: "" @@ -236,6 +262,9 @@ controller: ## Enable TLS Passthrough on port 443. Requires controller.enableCustomResources. enableTLSPassthrough: false + ## Set the port for TLS Passthrough. Requires controller.enableCustomResources and controller.enableTLSPassthrough. + tlsPassthroughPort: 443 + ## Enable cert manager for Virtual Server resources. Requires controller.enableCustomResources. enableCertManager: false @@ -247,14 +276,15 @@ controller: create: false ## The spec of the GlobalConfiguration for defining the global configuration parameters of the Ingress Controller. - spec: {} - # listeners: - # - name: dns-udp - # port: 5353 - # protocol: UDP - # - name: dns-tcp - # port: 5353 - # protocol: TCP + spec: {} ## Ensure both curly brackets are removed when adding listeners in YAML format. + # listeners: + # - name: dns-udp + # port: 5353 + # protocol: UDP + # - name: dns-tcp + # port: 5353 + # protocol: TCP + ## Enable custom NGINX configuration snippets in Ingress, VirtualServer, VirtualServerRoute and TransportServer resources. enableSnippets: false @@ -295,6 +325,9 @@ controller: ## The static IP address for the load balancer. Requires controller.service.type set to LoadBalancer. The cloud provider must support this feature. loadBalancerIP: "" + ## The ClusterIP for the Ingress Controller service, autoassigned if not specified. + clusterIP: "" + ## The list of external IPs for the Ingress Controller service. externalIPs: [] @@ -354,19 +387,6 @@ controller: ## Secret must exist in the same namespace as the helm release. imagePullSecretName: "" - serviceMonitor: - ## Creates a serviceMonitor to expose statistics on the kubernetes pods. - create: false - - ## Kubernetes object labels to attach to the serviceMonitor object. - labels: {} - - ## A set of labels to allow the selection of endpoints for the ServiceMonitor. - selectorMatchLabels: {} - - ## A list of endpoints allowed as part of this ServiceMonitor. - endpoints: [] - reportIngressStatus: ## Updates the address field in the status of Ingress resources with an external address of the Ingress Controller. ## You must also specify the source of the external address either through an external service via controller.reportIngressStatus.externalService, @@ -441,6 +461,30 @@ prometheus: ## Configures the HTTP scheme used. scheme: http + service: + ## Creates a ClusterIP Service to expose Prometheus metrics internally + ## Requires prometheus.create=true + create: false + + labels: + service: "nginx-ingress-prometheus-service" + + serviceMonitor: + ## Creates a serviceMonitor to expose statistics on the kubernetes pods. + create: false + + ## Kubernetes object labels to attach to the serviceMonitor object. + labels: {} + + ## A set of labels to allow the selection of endpoints for the ServiceMonitor. + selectorMatchLabels: + service: "nginx-ingress-prometheus-service" + + ## A list of endpoints allowed as part of this ServiceMonitor. + ## Matches on the name of a Service port. + endpoints: + - port: prometheus + serviceInsight: ## Expose NGINX Plus Service Insight endpoint. create: false