From 6b4f3ef9b37cf8012478e2de0bd341a33d300e07 Mon Sep 17 00:00:00 2001 From: John Skarbek Date: Mon, 6 Dec 2021 20:38:37 +0000 Subject: [PATCH 01/48] Add option to configure http-proxy for Pages --- .../gitlab-pages/templates/configmap.yml | 4 ++-- charts/gitlab/charts/gitlab-pages/values.yaml | 1 + doc/charts/gitlab/gitlab-pages/index.md | 1 + spec/configuration/pages_spec.rb | 24 +++++++++++++++++++ 4 files changed, 28 insertions(+), 2 deletions(-) diff --git a/charts/gitlab/charts/gitlab-pages/templates/configmap.yml b/charts/gitlab/charts/gitlab-pages/templates/configmap.yml index af8e177c00..6a059e5fa3 100644 --- a/charts/gitlab/charts/gitlab-pages/templates/configmap.yml +++ b/charts/gitlab/charts/gitlab-pages/templates/configmap.yml @@ -41,9 +41,9 @@ data: listen-http=0.0.0.0:9090 {{- else }} {{- if not (empty $.Values.global.pages.externalHttp) }} - listen-http=0.0.0.0:{{ .Values.service.internalPort }} + listen-{{ if .Values.useHTTPProxy }}proxy{{ else }}http{{ end }}=0.0.0.0:{{ .Values.service.internalPort | int }} {{- else }} - listen-http=0.0.0.0:9090 + listen-{{ if .Values.useHTTPProxy }}proxy{{ else }}http{{ end }}=0.0.0.0:9090 {{- end }} {{- if not (empty $.Values.global.pages.externalHttps) }} listen-https{{ if .Values.useProxyV2 }}-proxyv2{{ end }}=0.0.0.0:{{ .Values.service.customDomains.internalHttpsPort | int }} diff --git a/charts/gitlab/charts/gitlab-pages/values.yaml b/charts/gitlab/charts/gitlab-pages/values.yaml index 98ac4a9acf..9915aee931 100644 --- a/charts/gitlab/charts/gitlab-pages/values.yaml +++ b/charts/gitlab/charts/gitlab-pages/values.yaml @@ -144,6 +144,7 @@ statusUri: '/-/readiness' tls: minVersion: maxVersion: +useHTTPProxy: false useProxyV2: false useHttp2: true diff --git a/doc/charts/gitlab/gitlab-pages/index.md b/doc/charts/gitlab/gitlab-pages/index.md index 006424457b..37fb727283 100644 --- a/doc/charts/gitlab/gitlab-pages/index.md +++ b/doc/charts/gitlab/gitlab-pages/index.md @@ -97,6 +97,7 @@ configurations that can be supplied to the `helm install` command using the | `tls.minVersion` | | Specifies the minimum SSL/TLS version | | `tls.maxVersion` | | Specifies the maximum SSL/TLS version | | `useHttp2` | `true` | Enable HTTP2 support | +| `useHTTPProxy` | `false` | Use this option when GitLab Pages is behind a Reverse Proxy. | | `useProxyV2` | `false` | Force HTTPS request to utilize the PROXYv2 protocol. | | `zipCache.cleanup` | int | See: [Zip Serving and Cache Configuration](https://docs.gitlab.com/ee/administration/pages/index.html#zip-serving-and-cache-configuration) | | `zipCache.expiration` | int | See: [Zip Serving and Cache Configuration](https://docs.gitlab.com/ee/administration/pages/index.html#zip-serving-and-cache-configuration) | diff --git a/spec/configuration/pages_spec.rb b/spec/configuration/pages_spec.rb index b16cfa6f07..5b47f7a3e0 100644 --- a/spec/configuration/pages_spec.rb +++ b/spec/configuration/pages_spec.rb @@ -885,6 +885,30 @@ describe 'GitLab Pages' do end end end + + context 'when using HTTP Proxy' do + let(:pages_enabled_values) do + YAML.safe_load(%( + global: + pages: + enabled: true + externalHttp: + - 1.1.1.1 + externalHttps: + - 1.1.1.1 + gitlab: + gitlab-pages: + useHTTPProxy: true + )) + end + + describe 'pages configuration' do + it 'exposes proper listeners' do + expect(pages_config_data).to match(/listen-proxy=0.0.0.0:8090/) + expect(pages_config_data).not_to match(/listen-http=0.0.0.0:8090/) + end + end + end end end end -- GitLab From 3c336219942632f48603e054b69766e4826890f8 Mon Sep 17 00:00:00 2001 From: GitLab Release Tools Bot Date: Fri, 3 Dec 2021 21:40:45 +0000 Subject: [PATCH 02/48] Update changelog for 5.5.2 [ci skip] --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0c01a71787..f1d747995e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,10 @@ documentation](doc/development/changelog.md) for instructions on adding your own entry. +## 5.5.2 (2021-12-03) + +No changes. + ## 5.5.1 (2021-12-01) No changes. -- GitLab From 947a1494c1cdcc477fa71f60352da1b9df2345ae Mon Sep 17 00:00:00 2001 From: GitLab Release Tools Bot Date: Fri, 3 Dec 2021 21:41:02 +0000 Subject: [PATCH 03/48] Update Chart versions to 5.5.2 [ci skip] --- Chart.yaml | 2 +- charts/gitlab/charts/geo-logcursor/Chart.yaml | 2 +- charts/gitlab/charts/gitaly/Chart.yaml | 2 +- charts/gitlab/charts/gitlab-exporter/Chart.yaml | 2 +- charts/gitlab/charts/gitlab-grafana/Chart.yaml | 2 +- charts/gitlab/charts/gitlab-pages/Chart.yaml | 2 +- charts/gitlab/charts/gitlab-shell/Chart.yaml | 2 +- charts/gitlab/charts/kas/Chart.yaml | 2 +- charts/gitlab/charts/mailroom/Chart.yaml | 2 +- charts/gitlab/charts/migrations/Chart.yaml | 2 +- charts/gitlab/charts/operator/Chart.yaml | 2 +- charts/gitlab/charts/praefect/Chart.yaml | 2 +- charts/gitlab/charts/sidekiq/Chart.yaml | 2 +- charts/gitlab/charts/toolbox/Chart.yaml | 2 +- charts/gitlab/charts/webservice/Chart.yaml | 2 +- 15 files changed, 15 insertions(+), 15 deletions(-) diff --git a/Chart.yaml b/Chart.yaml index 0639df9c7d..32d386534e 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: gitlab -version: 5.5.1 +version: 5.5.2 appVersion: master description: Web-based Git-repository manager with wiki and issue-tracking features. keywords: diff --git a/charts/gitlab/charts/geo-logcursor/Chart.yaml b/charts/gitlab/charts/geo-logcursor/Chart.yaml index b56ad6d8af..ae46fb64ca 100644 --- a/charts/gitlab/charts/geo-logcursor/Chart.yaml +++ b/charts/gitlab/charts/geo-logcursor/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: geo-logcursor -version: 5.5.1 +version: 5.5.2 appVersion: master description: GitLab Geo logcursor keywords: diff --git a/charts/gitlab/charts/gitaly/Chart.yaml b/charts/gitlab/charts/gitaly/Chart.yaml index deb258dfb3..9fdb088ee2 100644 --- a/charts/gitlab/charts/gitaly/Chart.yaml +++ b/charts/gitlab/charts/gitaly/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: gitaly -version: 5.5.1 +version: 5.5.2 appVersion: master description: Git RPC service for handling all the git calls made by GitLab keywords: diff --git a/charts/gitlab/charts/gitlab-exporter/Chart.yaml b/charts/gitlab/charts/gitlab-exporter/Chart.yaml index b062ca7242..fd4ce2ca92 100644 --- a/charts/gitlab/charts/gitlab-exporter/Chart.yaml +++ b/charts/gitlab/charts/gitlab-exporter/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: gitlab-exporter -version: 5.5.1 +version: 5.5.2 appVersion: 11.2.0 description: Exporter for GitLab Prometheus metrics (e.g. CI, pull mirrors) keywords: diff --git a/charts/gitlab/charts/gitlab-grafana/Chart.yaml b/charts/gitlab/charts/gitlab-grafana/Chart.yaml index fed85a6582..977dbca663 100644 --- a/charts/gitlab/charts/gitlab-grafana/Chart.yaml +++ b/charts/gitlab/charts/gitlab-grafana/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: gitlab-grafana -version: 5.5.1 +version: 5.5.2 description: Adapt the Grafana chart to interface to the GitLab App keywords: - gitlab diff --git a/charts/gitlab/charts/gitlab-pages/Chart.yaml b/charts/gitlab/charts/gitlab-pages/Chart.yaml index d4c3511d7d..5642f12872 100644 --- a/charts/gitlab/charts/gitlab-pages/Chart.yaml +++ b/charts/gitlab/charts/gitlab-pages/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: gitlab-pages -version: 5.5.1 +version: 5.5.2 appVersion: master description: Daemon for serving static websites from GitLab projects keywords: diff --git a/charts/gitlab/charts/gitlab-shell/Chart.yaml b/charts/gitlab/charts/gitlab-shell/Chart.yaml index 0dcf4af437..a29b381656 100644 --- a/charts/gitlab/charts/gitlab-shell/Chart.yaml +++ b/charts/gitlab/charts/gitlab-shell/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: gitlab-shell -version: 5.5.1 +version: 5.5.2 appVersion: main description: sshd for Gitlab keywords: diff --git a/charts/gitlab/charts/kas/Chart.yaml b/charts/gitlab/charts/kas/Chart.yaml index d6b23b0397..1fbd2c76e8 100644 --- a/charts/gitlab/charts/kas/Chart.yaml +++ b/charts/gitlab/charts/kas/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: kas -version: 5.5.1 +version: 5.5.2 appVersion: latest description: GitLab Kubernetes Agent Server keywords: diff --git a/charts/gitlab/charts/mailroom/Chart.yaml b/charts/gitlab/charts/mailroom/Chart.yaml index c2709412ad..73bffee666 100644 --- a/charts/gitlab/charts/mailroom/Chart.yaml +++ b/charts/gitlab/charts/mailroom/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: mailroom -version: 5.5.1 +version: 5.5.2 appVersion: 0.0.14 description: Handling incoming emails keywords: diff --git a/charts/gitlab/charts/migrations/Chart.yaml b/charts/gitlab/charts/migrations/Chart.yaml index 43fdf17f73..7a45f1c60e 100644 --- a/charts/gitlab/charts/migrations/Chart.yaml +++ b/charts/gitlab/charts/migrations/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: migrations -version: 5.5.1 +version: 5.5.2 appVersion: master description: Database migrations and other versioning tasks for upgrading Gitlab keywords: diff --git a/charts/gitlab/charts/operator/Chart.yaml b/charts/gitlab/charts/operator/Chart.yaml index 85e505af50..bcdece56f5 100644 --- a/charts/gitlab/charts/operator/Chart.yaml +++ b/charts/gitlab/charts/operator/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: operator -version: 5.5.1 +version: 5.5.2 appVersion: master description: Gitlab operator for managing upgrades keywords: diff --git a/charts/gitlab/charts/praefect/Chart.yaml b/charts/gitlab/charts/praefect/Chart.yaml index d346e81e31..8d1e141d32 100644 --- a/charts/gitlab/charts/praefect/Chart.yaml +++ b/charts/gitlab/charts/praefect/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: praefect -version: 5.5.1 +version: 5.5.2 appVersion: master description: Praefect is a router and transaction manager for Gitaly, and a required component for running a Gitaly Cluster. diff --git a/charts/gitlab/charts/sidekiq/Chart.yaml b/charts/gitlab/charts/sidekiq/Chart.yaml index 1737ac3c0c..215a033c72 100644 --- a/charts/gitlab/charts/sidekiq/Chart.yaml +++ b/charts/gitlab/charts/sidekiq/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: sidekiq -version: 5.5.1 +version: 5.5.2 appVersion: master description: Gitlab Sidekiq for asynchronous task processing in rails keywords: diff --git a/charts/gitlab/charts/toolbox/Chart.yaml b/charts/gitlab/charts/toolbox/Chart.yaml index 05d8ae8b98..a88117dbfb 100644 --- a/charts/gitlab/charts/toolbox/Chart.yaml +++ b/charts/gitlab/charts/toolbox/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: toolbox -version: 5.5.1 +version: 5.5.2 appVersion: master description: For manually running rake tasks through kubectl keywords: diff --git a/charts/gitlab/charts/webservice/Chart.yaml b/charts/gitlab/charts/webservice/Chart.yaml index b8b141af77..5636c40a04 100644 --- a/charts/gitlab/charts/webservice/Chart.yaml +++ b/charts/gitlab/charts/webservice/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: webservice -version: 5.5.1 +version: 5.5.2 appVersion: master description: HTTP server for Gitlab keywords: -- GitLab From 32a25639cc7fe9e256c0bc7632a351f7c2998b93 Mon Sep 17 00:00:00 2001 From: GitLab Release Tools Bot Date: Fri, 3 Dec 2021 21:41:05 +0000 Subject: [PATCH 04/48] Update version mapping for 5.5.2 --- doc/installation/version_mappings.md | 1 + 1 file changed, 1 insertion(+) diff --git a/doc/installation/version_mappings.md b/doc/installation/version_mappings.md index 42e69a2826..399e08446f 100644 --- a/doc/installation/version_mappings.md +++ b/doc/installation/version_mappings.md @@ -10,6 +10,7 @@ The table below maps some of the key previous chart versions and GitLab versions | Chart version | GitLab version | |---------------|----------------| +| 5.5.2 | 14.5.2 | | 5.5.1 | 14.5.1 | | 5.5.0 | 14.5.0 | | 5.4.3 | 14.4.3 | -- GitLab From 0a00acb2ad4149ff27132900fdf31d5aa24f0424 Mon Sep 17 00:00:00 2001 From: GitLab Release Tools Bot Date: Fri, 3 Dec 2021 21:47:56 +0000 Subject: [PATCH 05/48] Update changelog for 5.4.4 [ci skip] --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index f1d747995e..626e07f535 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -36,6 +36,10 @@ No changes. - [[Docs] Operator: clarify available chart versions](gitlab-org/charts/gitlab@afcb3d95d2f997cc1d77087bb85a73b918a38101) ([merge request](gitlab-org/charts/gitlab!2268)) +## 5.4.4 (2021-12-03) + +No changes. + ## 5.4.3 (2021-12-01) No changes. -- GitLab From 5bb2ed0cc69d00cf766d70a9d82d0ebffcc9b2bb Mon Sep 17 00:00:00 2001 From: GitLab Release Tools Bot Date: Fri, 3 Dec 2021 21:48:11 +0000 Subject: [PATCH 06/48] Update version mapping for 5.4.4 --- doc/installation/version_mappings.md | 1 + 1 file changed, 1 insertion(+) diff --git a/doc/installation/version_mappings.md b/doc/installation/version_mappings.md index 399e08446f..4ed3261b18 100644 --- a/doc/installation/version_mappings.md +++ b/doc/installation/version_mappings.md @@ -13,6 +13,7 @@ The table below maps some of the key previous chart versions and GitLab versions | 5.5.2 | 14.5.2 | | 5.5.1 | 14.5.1 | | 5.5.0 | 14.5.0 | +| 5.4.4 | 14.4.4 | | 5.4.3 | 14.4.3 | | 5.4.2 | 14.4.2 | | 5.4.1 | 14.4.1 | -- GitLab From 6fdc691ebea3d76610e4a8078ba2a341bda0dc94 Mon Sep 17 00:00:00 2001 From: GitLab Release Tools Bot Date: Fri, 3 Dec 2021 22:01:55 +0000 Subject: [PATCH 07/48] Update changelog for 5.3.6 [ci skip] --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 626e07f535..3049dd38b0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -79,6 +79,10 @@ No changes. - [Remove reference to deprecated operator](gitlab-org/charts/gitlab@d03e3293fdfe698eb3b5defe0b919351ef9485eb) ([merge request](gitlab-org/charts/gitlab!2197)) - [Add $PLATFORM to installation commands](gitlab-org/charts/gitlab@8e72a88fb391cb98f64e712b07e65d65db4ab8fd) ([merge request](gitlab-org/charts/gitlab!2190)) +## 5.3.6 (2021-12-03) + +No changes. + ## 5.3.5 (2021-11-26) No changes. -- GitLab From 71182d1618fad3f771a9ee3625e2c15d30a00e0b Mon Sep 17 00:00:00 2001 From: GitLab Release Tools Bot Date: Fri, 3 Dec 2021 22:02:13 +0000 Subject: [PATCH 08/48] Update version mapping for 5.3.6 --- doc/installation/version_mappings.md | 1 + 1 file changed, 1 insertion(+) diff --git a/doc/installation/version_mappings.md b/doc/installation/version_mappings.md index 4ed3261b18..f3a26e29e0 100644 --- a/doc/installation/version_mappings.md +++ b/doc/installation/version_mappings.md @@ -18,6 +18,7 @@ The table below maps some of the key previous chart versions and GitLab versions | 5.4.2 | 14.4.2 | | 5.4.1 | 14.4.1 | | 5.4.0 | 14.4.0 | +| 5.3.6 | 14.3.6 | | 5.3.5 | 14.3.5 | | 5.3.4 | 14.3.4 | | 5.3.3 | 14.3.3 | -- GitLab From f4bd47689056b8f6b9aa9c3b4ce6f5991d48d17a Mon Sep 17 00:00:00 2001 From: Harish Ramachandran Date: Wed, 8 Dec 2021 05:10:07 +0000 Subject: [PATCH 09/48] Document the rename from task-runner to toolbox --- doc/installation/upgrade.md | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/doc/installation/upgrade.md b/doc/installation/upgrade.md index b2850ebd50..97ad392ba0 100644 --- a/doc/installation/upgrade.md +++ b/doc/installation/upgrade.md @@ -95,6 +95,28 @@ The steps have been documented in the [5.0 upgrade steps](#upgrade-steps-for-50- As part of the `4.0.0` release of this chart, we upgraded the bundled [PostgreSQL chart](https://github.com/bitnami/charts/tree/master/bitnami/postgresql) from `7.7.0` to `8.9.4`. This is not a drop in replacement. Manual steps need to be performed to upgrade the database. The steps have been documented in the [4.0 upgrade steps](#upgrade-steps-for-40-release). +## Upgrade steps for 5.5 release + +The `task-runner` chart [was renamed](https://gitlab.com/gitlab-org/charts/gitlab/-/merge_requests/2099/diffs) +to `toolbox` and removed in `5.5.0`. As a result, any mention of `task-runner` +in your configuration should be renamed to `toolbox`. In version 5.5 and newer, +use the `toolbox` chart, and in version 5.4 and older, use the `task-runner` chart. + +### Missing object storage secret error + +Upgrading to 5.5 or newer might cause an error similar to the following: + +```shell +Error: UPGRADE FAILED: execution error at (gitlab/charts/gitlab/charts/toolbox/templates/deployment.yaml:227:23): A valid backups.objectStorage.config.secret is needed! +``` + +If the secret mentioned in the error already exists and is correct, then this error +is likely because there is an object storage configuration value that still references +`task-runner` instead of the new `toolbox`. Rename `task-runner` to `toolbox` in your +configuration to fix this. + +There is an [open issue about clarifying the error message](https://gitlab.com/gitlab-org/charts/gitlab/-/issues/3004). + ## Upgrade steps for 5.0 release The `5.0.0` release requires manual steps in order to perform the upgrade. If you're using the -- GitLab From d881f58c1be570ee81141fe38819922cc784b536 Mon Sep 17 00:00:00 2001 From: Mitchell Nielsen Date: Wed, 8 Dec 2021 23:21:40 +0000 Subject: [PATCH 10/48] Ensure 'task-runner' -> 'toolbox' deprecation notice appears first --- .../charts/toolbox/templates/deployment.yaml | 4 +-- spec/integration/check_config_spec.rb | 32 +++++++++++++++++++ templates/_checkConfig.tpl | 15 +++++++++ templates/_deprecations.tpl | 1 + 4 files changed, 50 insertions(+), 2 deletions(-) diff --git a/charts/gitlab/charts/toolbox/templates/deployment.yaml b/charts/gitlab/charts/toolbox/templates/deployment.yaml index e59bedc232..94029bce66 100644 --- a/charts/gitlab/charts/toolbox/templates/deployment.yaml +++ b/charts/gitlab/charts/toolbox/templates/deployment.yaml @@ -224,14 +224,14 @@ spec: {{- include "gitlab.registry.notificationSecret.mount" $ | nindent 10 -}} {{- if or .Values.backups.objectStorage.config (not (or .Values.global.minio.enabled .Values.global.appConfig.object_store.enabled)) }} - secret: - name: {{ required "A valid backups.objectStorage.config.secret is needed!" .Values.backups.objectStorage.config.secret }} + name: {{ .Values.backups.objectStorage.config.secret }} items: - key: {{ default "config" .Values.backups.objectStorage.config.key }} path: objectstorage/.s3cfg {{- end }} {{- if eq .Values.backups.objectStorage.backend "gcs" }} - secret: - name: {{ required "A valid backups.objectStorage.config.secret is needed!" .Values.backups.objectStorage.config.secret }} + name: {{ .Values.backups.objectStorage.config.secret }} items: - key: {{ default "config" .Values.backups.objectStorage.config.key }} path: objectstorage/{{ default "config" .Values.backups.objectStorage.config.key }} diff --git a/spec/integration/check_config_spec.rb b/spec/integration/check_config_spec.rb index bcce8aaf78..78045dd9d4 100644 --- a/spec/integration/check_config_spec.rb +++ b/spec/integration/check_config_spec.rb @@ -669,6 +669,38 @@ describe 'checkConfig template' do error_description: 'when toolbox has persistence enabled and more than one replica' end + describe 'gitlab.toolbox.backups.objectStorage.config.secret' do + let(:success_values) do + YAML.safe_load(%( + gitlab: + toolbox: + backups: + objectStorage: + config: + secret: s3cmd-config + key: config + )).merge(default_required_values) + end + + let(:error_values) do + YAML.safe_load(%( + gitlab: + toolbox: + backups: + objectStorage: + config: + # secret: s3cmd-config + key: config + )).merge(default_required_values) + end + + let(:error_output) { 'A valid object storage config secret is needed for backups.' } + + include_examples 'config validation', + success_description: 'when toolbox has a valid object storage backup secret configured', + error_description: 'when toolbox does not have a valid object storage backup secret configured' + end + describe 'multipleRedis' do let(:success_values) do YAML.safe_load(%( diff --git a/templates/_checkConfig.tpl b/templates/_checkConfig.tpl index 7b67f6ffb5..3f47ad7888 100644 --- a/templates/_checkConfig.tpl +++ b/templates/_checkConfig.tpl @@ -37,6 +37,7 @@ Due to gotpl scoping, we can't make use of `range`, so we have to add action lin {{- $messages = append $messages (include "gitlab.checkConfig.geo.database" .) -}} {{- $messages = append $messages (include "gitlab.checkConfig.geo.secondary.database" .) -}} {{- $messages = append $messages (include "gitlab.toolbox.replicas" .) -}} +{{- $messages = append $messages (include "gitlab.toolbox.backups.objectStorage.config.secret" .) -}} {{- $messages = append $messages (include "gitlab.checkConfig.multipleRedis" .) -}} {{- $messages = append $messages (include "gitlab.checkConfig.hostWhenNoInstall" .) -}} {{- $messages = append $messages (include "gitlab.checkConfig.postgresql.deprecatedVersion" .) -}} @@ -310,6 +311,20 @@ gitaly: {{- end -}} {{/* END gitlab.checkConfig.gitaly.extern.repos */}} +{{/* +Ensure that a valid object storage config secret is provided. +*/}} +{{- define "gitlab.toolbox.backups.objectStorage.config.secret" -}} +{{- if or .Values.gitlab.toolbox.backups.objectStorage.config (not (or .Values.global.minio.enabled .Values.global.appConfig.object_store.enabled)) (eq .Values.gitlab.toolbox.backups.objectStorage.backend "gcs") }} +{{- if not .Values.gitlab.toolbox.backups.objectStorage.config.secret -}} +toolbox: + A valid object storage config secret is needed for backups. + Please configure it via `gitlab.toolbox.backups.objectStorage.config.secret`. +{{- end -}} +{{- end -}} +{{- end -}} +{{/* END gitlab.toolbox.backups.objectStorage.config.secret */}} + {{/* Ensure that gitlab/toolbox is not configured with `replicas` > 1 if persistence is enabled. diff --git a/templates/_deprecations.tpl b/templates/_deprecations.tpl index 90fd18f6aa..cfa360362a 100644 --- a/templates/_deprecations.tpl +++ b/templates/_deprecations.tpl @@ -420,6 +420,7 @@ global.imagePullPolicy: {{- if index .Values.gitlab "task-runner" }} gitlab.task-runner: The configuration of `gitlab.task-runner` has been renamed. Please use `gitlab.toolbox` instead. + If you have enabled persistence for `task-runner` and/or its CronJob for backups, you may need to manually bind the new `toolbox` PVC to the previous `task-runner` PV. {{- end -}} {{- end -}} -- GitLab From d42d1f4340c3403e682bfc43ef6548cdcc208289 Mon Sep 17 00:00:00 2001 From: Craig Norris Date: Thu, 9 Dec 2021 15:36:59 +0000 Subject: [PATCH 11/48] Add tier badge to Charts docs --- doc/backup-restore/backup.md | 4 ++-- doc/backup-restore/index.md | 4 ++-- doc/backup-restore/restore.md | 4 ++-- doc/charts/gitlab/gitaly/index.md | 4 ++-- doc/charts/gitlab/gitlab-exporter/index.md | 4 ++-- doc/charts/gitlab/gitlab-grafana/index.md | 4 ++-- doc/charts/gitlab/gitlab-pages/index.md | 4 ++-- doc/charts/gitlab/gitlab-runner/index.md | 4 ++-- doc/charts/gitlab/gitlab-shell/index.md | 4 ++-- doc/charts/gitlab/kas/index.md | 4 ++-- doc/charts/gitlab/mailroom/index.md | 4 ++-- doc/charts/gitlab/migrations/index.md | 4 ++-- doc/charts/gitlab/praefect/index.md | 4 ++-- doc/charts/gitlab/sidekiq/index.md | 4 ++-- doc/charts/gitlab/toolbox/index.md | 4 ++-- doc/charts/gitlab/webservice/index.md | 4 ++-- doc/charts/globals.md | 4 ++-- doc/charts/index.md | 4 ++-- doc/charts/minio/index.md | 4 ++-- doc/charts/nginx/fork.md | 4 ++-- doc/charts/nginx/index.md | 4 ++-- doc/charts/registry/index.md | 4 ++-- doc/charts/shared-secrets.md | 4 ++-- 23 files changed, 46 insertions(+), 46 deletions(-) diff --git a/doc/backup-restore/backup.md b/doc/backup-restore/backup.md index 673c1c5aad..96b9113bc5 100644 --- a/doc/backup-restore/backup.md +++ b/doc/backup-restore/backup.md @@ -1,10 +1,10 @@ --- stage: Enablement group: Distribution -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments --- -# Backing up a GitLab installation +# Backing up a GitLab installation **(FREE SELF)** GitLab backups are taken by running the `backup-utility` command in the Toolbox pod provided in the chart. Backups can also be automated by enabling the [Cron based backup](#cron-based-backup) functionality of this chart. diff --git a/doc/backup-restore/index.md b/doc/backup-restore/index.md index ffa4bccfd8..f352a81ce4 100644 --- a/doc/backup-restore/index.md +++ b/doc/backup-restore/index.md @@ -1,10 +1,10 @@ --- stage: Enablement group: Distribution -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments --- -# Backup and restore a GitLab instance +# Backup and restore a GitLab instance **(FREE SELF)** GitLab Helm chart provides a utility pod from the Toolbox sub-chart that acts as an interface for the purpose of backing up and restoring GitLab instances. It is equipped with a `backup-utility` executable which interacts with other necessary pods for this task. Technical details for how the utility works can be found in the [architecture documentation](../architecture/backup-restore.md). diff --git a/doc/backup-restore/restore.md b/doc/backup-restore/restore.md index 39afda5b42..bf2d8fd0c4 100644 --- a/doc/backup-restore/restore.md +++ b/doc/backup-restore/restore.md @@ -1,10 +1,10 @@ --- stage: Enablement group: Distribution -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments --- -# Restoring a GitLab installation +# Restoring a GitLab installation **(FREE SELF)** > To obtain a backup tarball of an existing GitLab instance that used other installation methods like an Omnibus GitLab package or Omnibus GitLab Helm chart, follow the instructions [given in documentation](https://docs.gitlab.com/ee/raketasks/backup_restore.html#creating-a-backup-of-the-gitlab-system) > diff --git a/doc/charts/gitlab/gitaly/index.md b/doc/charts/gitlab/gitaly/index.md index a19cd177be..8112f807f6 100644 --- a/doc/charts/gitlab/gitaly/index.md +++ b/doc/charts/gitlab/gitaly/index.md @@ -1,10 +1,10 @@ --- stage: Enablement group: Distribution -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments --- -# Using the GitLab-Gitaly chart +# Using the GitLab-Gitaly chart **(FREE SELF)** The `gitaly` sub-chart provides a configurable deployment of Gitaly Servers. diff --git a/doc/charts/gitlab/gitlab-exporter/index.md b/doc/charts/gitlab/gitlab-exporter/index.md index 4b2c5d8309..217a345824 100644 --- a/doc/charts/gitlab/gitlab-exporter/index.md +++ b/doc/charts/gitlab/gitlab-exporter/index.md @@ -1,10 +1,10 @@ --- stage: Enablement group: Distribution -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments --- -# Using the GitLab-Exporter chart +# Using the GitLab-Exporter chart **(FREE SELF)** The `gitlab-exporter` sub-chart provides Prometheus metrics for GitLab application-specific data. It talks to PostgreSQL directly to perform diff --git a/doc/charts/gitlab/gitlab-grafana/index.md b/doc/charts/gitlab/gitlab-grafana/index.md index caf072a0d6..a91ddcb1ed 100644 --- a/doc/charts/gitlab/gitlab-grafana/index.md +++ b/doc/charts/gitlab/gitlab-grafana/index.md @@ -1,10 +1,10 @@ --- stage: Enablement group: Distribution -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments --- -# Using the GitLab-Grafana chart +# Using the GitLab-Grafana chart **(FREE SELF)** The `gitlab-grafana` subchart adapts the [`grafana/grafana`](https://artifacthub.io/packages/helm/grafana/grafana) chart to operate correctly with the same level of configuration as the Omnibus diff --git a/doc/charts/gitlab/gitlab-pages/index.md b/doc/charts/gitlab/gitlab-pages/index.md index 37fb727283..8ef140d2e2 100644 --- a/doc/charts/gitlab/gitlab-pages/index.md +++ b/doc/charts/gitlab/gitlab-pages/index.md @@ -1,10 +1,10 @@ --- stage: Enablement group: Distribution -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments --- -# Using the GitLab Pages chart +# Using the GitLab Pages chart **(FREE SELF)** The `gitlab-pages` subchart provides a daemon for serving static websites from GitLab projects. diff --git a/doc/charts/gitlab/gitlab-runner/index.md b/doc/charts/gitlab/gitlab-runner/index.md index bcec460ef3..b23164455d 100644 --- a/doc/charts/gitlab/gitlab-runner/index.md +++ b/doc/charts/gitlab/gitlab-runner/index.md @@ -1,10 +1,10 @@ --- stage: Enablement group: Distribution -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments --- -# Using the GitLab Runner chart +# Using the GitLab Runner chart **(FREE SELF)** The GitLab Runner subchart provides a GitLab Runner for running CI jobs. It is enabled by default and should work out of the box with support for caching using s3 compatible object storage. diff --git a/doc/charts/gitlab/gitlab-shell/index.md b/doc/charts/gitlab/gitlab-shell/index.md index c97398c00f..7f11f158f4 100644 --- a/doc/charts/gitlab/gitlab-shell/index.md +++ b/doc/charts/gitlab/gitlab-shell/index.md @@ -1,10 +1,10 @@ --- stage: Enablement group: Distribution -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments --- -# Using the GitLab Shell chart +# Using the GitLab Shell chart **(FREE SELF)** The `gitlab-shell` sub-chart provides an SSH server configured for Git SSH access to GitLab. diff --git a/doc/charts/gitlab/kas/index.md b/doc/charts/gitlab/kas/index.md index 28aedb119d..c5e0e1278d 100644 --- a/doc/charts/gitlab/kas/index.md +++ b/doc/charts/gitlab/kas/index.md @@ -1,10 +1,10 @@ --- stage: Enablement group: Distribution -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments --- -# Using the GitLab-Kas chart +# Using the GitLab-Kas chart **(FREE SELF)** The `kas` sub-chart provides a configurable deployment of the [Kubernetes Agent Server](https://gitlab.com/gitlab-org/cluster-integration/gitlab-agent#gitlab-kubernetes-agent-server-kas), which is the server-side component of the [GitLab Kubernetes Agent](https://gitlab.com/gitlab-org/cluster-integration/gitlab-agent) implementation. diff --git a/doc/charts/gitlab/mailroom/index.md b/doc/charts/gitlab/mailroom/index.md index b67af142ee..e7b7060f03 100644 --- a/doc/charts/gitlab/mailroom/index.md +++ b/doc/charts/gitlab/mailroom/index.md @@ -1,10 +1,10 @@ --- stage: Enablement group: Distribution -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments --- -# Using the Mailroom chart +# Using the Mailroom chart **(FREE SELF)** The Mailroom Pod handles the ingestion of email into the GitLab application. diff --git a/doc/charts/gitlab/migrations/index.md b/doc/charts/gitlab/migrations/index.md index 62c9d4dba6..8a2fe7137d 100644 --- a/doc/charts/gitlab/migrations/index.md +++ b/doc/charts/gitlab/migrations/index.md @@ -1,10 +1,10 @@ --- stage: Enablement group: Distribution -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments --- -# Using the GitLab-Migrations Chart +# Using the GitLab-Migrations Chart **(FREE SELF)** The `migrations` sub-chart provides a single migration [Job](https://kubernetes.io/docs/concepts/workloads/controllers/job/) that handles seeding/migrating the GitLab database. The chart runs using the GitLab Rails codebase. diff --git a/doc/charts/gitlab/praefect/index.md b/doc/charts/gitlab/praefect/index.md index 62ae41cd09..854cc97fe6 100644 --- a/doc/charts/gitlab/praefect/index.md +++ b/doc/charts/gitlab/praefect/index.md @@ -1,10 +1,10 @@ --- stage: Enablement group: Distribution -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments --- -# Using the Praefect chart (alpha) +# Using the Praefect chart (alpha) **(FREE SELF)** WARNING: The Praefect chart is still under development. The alpha version is not yet suitable for production use. Upgrades may require significant manual intervention. diff --git a/doc/charts/gitlab/sidekiq/index.md b/doc/charts/gitlab/sidekiq/index.md index 50096800c9..a45ff49b92 100644 --- a/doc/charts/gitlab/sidekiq/index.md +++ b/doc/charts/gitlab/sidekiq/index.md @@ -1,10 +1,10 @@ --- stage: Enablement group: Distribution -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments --- -# Using the GitLab-Sidekiq chart +# Using the GitLab-Sidekiq chart **(FREE SELF)** The `sidekiq` sub-chart provides configurable deployment of Sidekiq workers, explicitly designed to provide separation of queues across multiple `Deployment`s with individual diff --git a/doc/charts/gitlab/toolbox/index.md b/doc/charts/gitlab/toolbox/index.md index d5f00cb4e0..eb572757d2 100644 --- a/doc/charts/gitlab/toolbox/index.md +++ b/doc/charts/gitlab/toolbox/index.md @@ -1,10 +1,10 @@ --- stage: Enablement group: Distribution -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments --- -# Toolbox +# Toolbox **(FREE SELF)** The Toolbox Pod is used to execute periodic housekeeping tasks within the GitLab application. These tasks include backups, Sidekiq maintenance, diff --git a/doc/charts/gitlab/webservice/index.md b/doc/charts/gitlab/webservice/index.md index 32572ad817..2589e3b838 100644 --- a/doc/charts/gitlab/webservice/index.md +++ b/doc/charts/gitlab/webservice/index.md @@ -1,10 +1,10 @@ --- stage: Enablement group: Distribution -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments --- -# Using the GitLab Webservice Chart +# Using the GitLab Webservice Chart **(FREE SELF)** The `webservice` sub-chart provides the GitLab Rails webserver with two Webservice workers per pod. (The minimum necessary for a single pod to be able to serve any web request in GitLab) diff --git a/doc/charts/globals.md b/doc/charts/globals.md index 671c93c33f..8ad036b8c1 100644 --- a/doc/charts/globals.md +++ b/doc/charts/globals.md @@ -1,10 +1,10 @@ --- stage: Enablement group: Distribution -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments --- -# Configure Charts using Globals +# Configure Charts using Globals **(FREE SELF)** To reduce configuration duplication when installing our wrapper Helm chart, several configuration settings are available to be set in the `global` section of `values.yaml`. diff --git a/doc/charts/index.md b/doc/charts/index.md index 5a1e10e282..5fbe7b792c 100644 --- a/doc/charts/index.md +++ b/doc/charts/index.md @@ -1,10 +1,10 @@ --- stage: Enablement group: Distribution -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments --- -# Chart documentation +# Chart documentation **(FREE SELF)** Documentation on a per-chart basis is listed here. Each chart is documented individually, and organized in a structure that matches the [charts](https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts) diff --git a/doc/charts/minio/index.md b/doc/charts/minio/index.md index c2e8a51dd9..3f9a548773 100644 --- a/doc/charts/minio/index.md +++ b/doc/charts/minio/index.md @@ -1,10 +1,10 @@ --- stage: Enablement group: Distribution -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments --- -# Using MinIO for Object storage +# Using MinIO for Object storage **(FREE SELF)** This chart is based on [`stable/minio`](https://github.com/helm/charts/tree/master/stable/minio) version [`0.4.3`](https://github.com/helm/charts/tree/aaaf98b5d25c26cc2d483925f7256f2ce06be080/stable/minio), diff --git a/doc/charts/nginx/fork.md b/doc/charts/nginx/fork.md index 2a6539df31..265c8e2bc4 100644 --- a/doc/charts/nginx/fork.md +++ b/doc/charts/nginx/fork.md @@ -1,10 +1,10 @@ --- stage: Enablement group: Distribution -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments --- -# Our NGINX fork +# Our NGINX fork **(FREE SELF)** Our [fork](https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/nginx-ingress) of the NGINX chart was pulled from [GitHub](https://github.com/kubernetes/ingress-nginx). diff --git a/doc/charts/nginx/index.md b/doc/charts/nginx/index.md index fe082b83e2..fc3354eac3 100644 --- a/doc/charts/nginx/index.md +++ b/doc/charts/nginx/index.md @@ -1,10 +1,10 @@ --- stage: Enablement group: Distribution -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments --- -# Using NGINX +# Using NGINX **(FREE SELF)** We provide a complete NGINX deployment to be used as an Ingress Controller. Not all Kubernetes providers natively support the NGINX [Ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls), diff --git a/doc/charts/registry/index.md b/doc/charts/registry/index.md index da8868e5b4..276246ab95 100644 --- a/doc/charts/registry/index.md +++ b/doc/charts/registry/index.md @@ -1,10 +1,10 @@ --- stage: Enablement group: Distribution -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments --- -# Using the Container Registry +# Using the Container Registry **(FREE SELF)** The `registry` sub-chart provides the Registry component to a complete cloud-native GitLab deployment on Kubernetes. This sub-chart makes use of the upstream diff --git a/doc/charts/shared-secrets.md b/doc/charts/shared-secrets.md index b4776f7ae2..b17ff5b618 100644 --- a/doc/charts/shared-secrets.md +++ b/doc/charts/shared-secrets.md @@ -1,10 +1,10 @@ --- stage: Enablement group: Distribution -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments --- -# Using the Shared-Secrets Job +# Using the Shared-Secrets Job **(FREE SELF)** The `shared-secrets` job is responsible for provisioning a variety of secrets used across the installation, unless otherwise manually specified. This includes: -- GitLab From 2e29c853b69381dc8edac5a99db41475f0d81ddb Mon Sep 17 00:00:00 2001 From: Kati Paizee Date: Thu, 9 Dec 2021 21:54:58 +0000 Subject: [PATCH 12/48] Update lint-html image for docs --- .gitlab-ci.yml | 2 +- doc/installation/cloud/oke.md | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 5b879fe81a..12146ab276 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -492,7 +492,7 @@ check_docs_markdown: # Perform link checks on published HTML files check_docs_links: - image: registry.gitlab.com/gitlab-org/gitlab-docs/lint-html:alpine-3.14-ruby-2.7.4-0fae0f62 + image: registry.gitlab.com/gitlab-org/gitlab-docs/lint-html:alpine-3.14-ruby-2.7.5-08847baa stage: prepare cache: {} dependencies: [] diff --git a/doc/installation/cloud/oke.md b/doc/installation/cloud/oke.md index d580adbf53..72873e3a0a 100644 --- a/doc/installation/cloud/oke.md +++ b/doc/installation/cloud/oke.md @@ -6,7 +6,7 @@ info: To determine the technical writer assigned to the Stage/Group associated w # Preparing OKE resources **(FREE SELF)** -For a fully functional GitLab instance, you will need a few resources before +For a fully functional GitLab instance, you need a few resources before deploying the `gitlab` chart to [Oracle Container Engine for Kubernetes (OKE)](https://docs.oracle.com/en-us/iaas/Content/ContEng/Concepts/contengoverview.htm). Check how to [prepare](https://docs.oracle.com/en-us/iaas/Content/ContEng/Concepts/contengprerequisites.htm) your Oracle Cloud Infrastructure tenancy before creating the OKE cluster. ## Creating the OKE cluster @@ -18,7 +18,7 @@ A cluster with 4 OCPUs and 30GB of RAM is recommended. ### External access to GitLab -By default, the GitLab Chart will deploy an Ingress Controller which creates an +By default, the GitLab Chart deploys an Ingress Controller which creates an Oracle Cloud Infrastructure Public Load Balancer with 100Mbps shape. The Load Balancer service assigns a floating public IP address which doesn't come from the host subnet. -- GitLab From 6f4d7074fc541f9167396449c19beb6718049b09 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=5B=E2=94=90=E2=88=B5=5D=E2=94=98GitLab=20Dependency=20Bot?= Date: Mon, 13 Dec 2021 14:49:02 +0000 Subject: [PATCH 13/48] Update gitlab-org/container-registry from 3.17.0-gitlab to 3.18.1-gitlab --- charts/registry/values.yaml | 2 +- doc/charts/registry/index.md | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/registry/values.yaml b/charts/registry/values.yaml index d9dd47016f..07476791c9 100644 --- a/charts/registry/values.yaml +++ b/charts/registry/values.yaml @@ -1,6 +1,6 @@ image: repository: registry.gitlab.com/gitlab-org/build/cng/gitlab-container-registry - tag: 'v3.17.0-gitlab' + tag: 'v3.18.1-gitlab' # pullPolicy: IfNotPresent # pullSecrets: [] diff --git a/doc/charts/registry/index.md b/doc/charts/registry/index.md index 276246ab95..f0011a4163 100644 --- a/doc/charts/registry/index.md +++ b/doc/charts/registry/index.md @@ -68,7 +68,7 @@ registry: interval: 24h dryrun: false image: - tag: 'v3.17.0-gitlab' + tag: 'v3.18.1-gitlab' pullPolicy: IfNotPresent annotations: service: @@ -153,7 +153,7 @@ If you chose to deploy this chart as a standalone, remove the `registry` at the | `image.pullPolicy` | | Pull policy for the registry image | | `image.pullSecrets` | | Secrets to use for image repository | | `image.repository` | `registry` | Registry image | -| `image.tag` | `v3.17.0-gitlab` | Version of the image to use | +| `image.tag` | `v3.18.1-gitlab` | Version of the image to use | | `init.image.repository` | | initContainer image | | `init.image.tag` | | initContainer image tag | | `log` | `{level: info, fields: {service: registry}}` | Configure the logging options | @@ -279,7 +279,7 @@ You can change the included version of the Registry and `pullPolicy`. Default settings: -- `tag: 'v3.17.0-gitlab'` +- `tag: 'v3.18.1-gitlab'` - `pullPolicy: 'IfNotPresent'` ## Configuring the `service` -- GitLab From 45b6a7276a720d9dc7ef2d3505be006a6416af86 Mon Sep 17 00:00:00 2001 From: deps Date: Mon, 13 Dec 2021 04:02:18 +0000 Subject: [PATCH 14/48] Update gitlab-org/charts/gitlab-runner from 0.35.0 to 0.35.3 Changelog: changed --- requirements.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yaml b/requirements.yaml index fc3c703ae6..939d459ed9 100644 --- a/requirements.yaml +++ b/requirements.yaml @@ -21,7 +21,7 @@ dependencies: repository: https://charts.bitnami.com/bitnami condition: postgresql.install - name: gitlab-runner - version: 0.35.0 + version: 0.35.3 repository: https://charts.gitlab.io/ condition: gitlab-runner.install - name: grafana -- GitLab From b8f75cce6339dd1c9010103e525da9983520e376 Mon Sep 17 00:00:00 2001 From: Jason Plum Date: Tue, 14 Dec 2021 17:55:41 +0000 Subject: [PATCH 15/48] Docs: fix Registry notification secret docs --- doc/installation/secrets.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/installation/secrets.md b/doc/installation/secrets.md index e155436da0..5e5e90c347 100644 --- a/doc/installation/secrets.md +++ b/doc/installation/secrets.md @@ -108,7 +108,7 @@ Consider the example where `registry-authorization-header` secret with value `RandomFooBar` is created. ```shell -kubectl create secret generic registry-authorization-header --from-literal="value=[RandomFooBar]" +kubectl create secret generic registry-authorization-header --from-literal=value="[RandomFooBar]" ``` By default, the key used within the secret is "value". However, users can use a -- GitLab From 78c5b937bb31786ca9ec58d4551c44bb1dd10a78 Mon Sep 17 00:00:00 2001 From: Gerard Hickey Date: Sat, 13 Nov 2021 14:02:31 -0800 Subject: [PATCH 16/48] Updated forked ingress-nginx chart to 4.0.6 This is a major update of the ingress-nginx Ingress Controller to support the networking.k8s.io/v1 API. Support for this API is needed to support Kubernetes v1.22 and future releases. Using the updated ingress controller drops support for Kubernetes v1.18 and earlier versions. Signed-off-by: Gerard Hickey Changelog: changed --- charts/nginx-ingress/.helmignore | 1 + charts/nginx-ingress/CHANGELOG.md | 273 ++++++++++++++++++ charts/nginx-ingress/Chart.yaml | 42 ++- charts/nginx-ingress/OWNERS | 10 + charts/nginx-ingress/README.md | 60 ++-- .../controller-custom-ingressclass-flags.yaml | 7 + .../ci/daemonset-customconfig-values.yaml | 14 + .../ci/daemonset-customnodeport-values.yaml | 22 ++ .../ci/daemonset-headers-values.yaml | 14 + .../ci/daemonset-internal-lb-values.yaml | 14 + .../ci/daemonset-nodeport-values.yaml | 10 + .../ci/daemonset-podannotations-values.yaml | 17 ++ ...set-tcp-udp-configMapNamespace-values.yaml | 20 ++ .../ci/daemonset-tcp-udp-values.yaml | 16 + .../ci/daemonset-tcp-values.yaml | 14 + .../ci/deamonset-default-values.yaml | 10 + .../ci/deamonset-metrics-values.yaml | 12 + .../ci/deamonset-psp-values.yaml | 13 + .../ci/deamonset-webhook-and-psp-values.yaml | 13 + .../ci/deamonset-webhook-values.yaml | 10 + ...eployment-autoscaling-behavior-values.yaml | 14 + .../ci/deployment-autoscaling-values.yaml | 11 + .../ci/deployment-customconfig-values.yaml | 12 + .../ci/deployment-customnodeport-values.yaml | 20 ++ .../ci/deployment-default-values.yaml | 8 + .../ci/deployment-headers-values.yaml | 13 + .../ci/deployment-internal-lb-values.yaml | 13 + .../ci/deployment-metrics-values.yaml | 11 + .../ci/deployment-nodeport-values.yaml | 9 + .../ci/deployment-podannotations-values.yaml | 16 + .../ci/deployment-psp-values.yaml | 10 + ...ent-tcp-udp-configMapNamespace-values.yaml | 19 ++ .../ci/deployment-tcp-udp-values.yaml | 15 + .../ci/deployment-tcp-values.yaml | 11 + .../ci/deployment-webhook-and-psp-values.yaml | 12 + .../deployment-webhook-resources-values.yaml | 23 ++ .../ci/deployment-webhook-values.yaml | 9 + charts/nginx-ingress/templates/NOTES.txt | 21 +- charts/nginx-ingress/templates/_helpers.tpl | 27 +- .../job-patch/clusterrole.yaml | 4 + .../job-patch/clusterrolebinding.yaml | 2 +- .../job-patch/job-createSecret.yaml | 13 +- .../job-patch/job-patchWebhook.yaml | 13 +- .../admission-webhooks/job-patch/psp.yaml | 2 +- .../admission-webhooks/job-patch/role.yaml | 1 + .../job-patch/rolebinding.yaml | 3 +- .../job-patch/serviceaccount.yaml | 1 + .../validating-webhook.yaml | 7 +- .../nginx-ingress/templates/clusterrole.yaml | 20 +- .../templates/clusterrolebinding.yaml | 3 +- .../controller-configmap-addheaders.yaml | 2 + .../controller-configmap-proxyheaders.yaml | 2 + .../templates/controller-configmap-tcp.yaml | 5 +- .../templates/controller-configmap-udp.yaml | 2 + .../templates/controller-configmap.yaml | 11 +- .../templates/controller-daemonset.yaml | 75 ++--- .../templates/controller-deployment.yaml | 67 +++-- .../templates/controller-hpa.yaml | 12 +- .../templates/controller-ingressclass.yaml | 25 ++ .../templates/controller-keda.yaml | 10 +- .../controller-poddisruptionbudget.yaml | 7 +- .../templates/controller-prometheusrules.yaml | 2 +- .../templates/controller-psp.yaml | 4 +- .../templates/controller-role.yaml | 25 +- .../templates/controller-rolebinding.yaml | 3 +- .../controller-service-internal.yaml | 34 ++- .../templates/controller-service-metrics.yaml | 4 +- .../templates/controller-service-webhook.yaml | 8 +- .../templates/controller-service.yaml | 25 +- .../templates/controller-serviceaccount.yaml | 2 + .../templates/controller-servicemonitor.yaml | 9 +- .../templates/default-backend-deployment.yaml | 21 +- .../templates/default-backend-hpa.yaml | 7 +- .../default-backend-poddisruptionbudget.yaml | 7 +- .../templates/default-backend-psp.yaml | 4 +- .../templates/default-backend-role.yaml | 7 +- .../default-backend-rolebinding.yaml | 5 +- .../templates/default-backend-service.yaml | 8 +- .../default-backend-serviceaccount.yaml | 2 + .../templates/dh-param-secret.yaml | 13 + charts/nginx-ingress/values.yaml | 226 ++++++++++++--- requirements.yaml | 2 +- 82 files changed, 1315 insertions(+), 256 deletions(-) create mode 100644 charts/nginx-ingress/CHANGELOG.md create mode 100644 charts/nginx-ingress/OWNERS create mode 100644 charts/nginx-ingress/ci/controller-custom-ingressclass-flags.yaml create mode 100644 charts/nginx-ingress/ci/daemonset-customconfig-values.yaml create mode 100644 charts/nginx-ingress/ci/daemonset-customnodeport-values.yaml create mode 100644 charts/nginx-ingress/ci/daemonset-headers-values.yaml create mode 100644 charts/nginx-ingress/ci/daemonset-internal-lb-values.yaml create mode 100644 charts/nginx-ingress/ci/daemonset-nodeport-values.yaml create mode 100644 charts/nginx-ingress/ci/daemonset-podannotations-values.yaml create mode 100644 charts/nginx-ingress/ci/daemonset-tcp-udp-configMapNamespace-values.yaml create mode 100644 charts/nginx-ingress/ci/daemonset-tcp-udp-values.yaml create mode 100644 charts/nginx-ingress/ci/daemonset-tcp-values.yaml create mode 100644 charts/nginx-ingress/ci/deamonset-default-values.yaml create mode 100644 charts/nginx-ingress/ci/deamonset-metrics-values.yaml create mode 100644 charts/nginx-ingress/ci/deamonset-psp-values.yaml create mode 100644 charts/nginx-ingress/ci/deamonset-webhook-and-psp-values.yaml create mode 100644 charts/nginx-ingress/ci/deamonset-webhook-values.yaml create mode 100644 charts/nginx-ingress/ci/deployment-autoscaling-behavior-values.yaml create mode 100644 charts/nginx-ingress/ci/deployment-autoscaling-values.yaml create mode 100644 charts/nginx-ingress/ci/deployment-customconfig-values.yaml create mode 100644 charts/nginx-ingress/ci/deployment-customnodeport-values.yaml create mode 100644 charts/nginx-ingress/ci/deployment-default-values.yaml create mode 100644 charts/nginx-ingress/ci/deployment-headers-values.yaml create mode 100644 charts/nginx-ingress/ci/deployment-internal-lb-values.yaml create mode 100644 charts/nginx-ingress/ci/deployment-metrics-values.yaml create mode 100644 charts/nginx-ingress/ci/deployment-nodeport-values.yaml create mode 100644 charts/nginx-ingress/ci/deployment-podannotations-values.yaml create mode 100644 charts/nginx-ingress/ci/deployment-psp-values.yaml create mode 100644 charts/nginx-ingress/ci/deployment-tcp-udp-configMapNamespace-values.yaml create mode 100644 charts/nginx-ingress/ci/deployment-tcp-udp-values.yaml create mode 100644 charts/nginx-ingress/ci/deployment-tcp-values.yaml create mode 100644 charts/nginx-ingress/ci/deployment-webhook-and-psp-values.yaml create mode 100644 charts/nginx-ingress/ci/deployment-webhook-resources-values.yaml create mode 100644 charts/nginx-ingress/ci/deployment-webhook-values.yaml create mode 100644 charts/nginx-ingress/templates/controller-ingressclass.yaml create mode 100644 charts/nginx-ingress/templates/dh-param-secret.yaml diff --git a/charts/nginx-ingress/.helmignore b/charts/nginx-ingress/.helmignore index f0c1319444..50af031725 100644 --- a/charts/nginx-ingress/.helmignore +++ b/charts/nginx-ingress/.helmignore @@ -19,3 +19,4 @@ .project .idea/ *.tmproj +.vscode/ diff --git a/charts/nginx-ingress/CHANGELOG.md b/charts/nginx-ingress/CHANGELOG.md new file mode 100644 index 0000000000..d61bd5db81 --- /dev/null +++ b/charts/nginx-ingress/CHANGELOG.md @@ -0,0 +1,273 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 4.0.6 + +- [7804] https://github.com/kubernetes/ingress-nginx/pull/7804 Release v1.0.4 of ingress-nginx +- [7651] https://github.com/kubernetes/ingress-nginx/pull/7651 Support ipFamilyPolicy and ipFamilies fields in Helm Chart +- [7798] https://github.com/kubernetes/ingress-nginx/pull/7798 Exoscale: use HTTP Healthcheck mode +- [7793] https://github.com/kubernetes/ingress-nginx/pull/7793 Update kube-webhook-certgen to v1.1.1 + +### 4.0.5 + +- [7740] https://github.com/kubernetes/ingress-nginx/pull/7740 Release v1.0.3 of ingress-nginx + +### 4.0.3 + +- [7707] https://github.com/kubernetes/ingress-nginx/pull/7707 Release v1.0.2 of ingress-nginx + +### 4.0.2 + +- [7681] https://github.com/kubernetes/ingress-nginx/pull/7681 Release v1.0.1 of ingress-nginx + +### 4.0.1 + +- [7535] https://github.com/kubernetes/ingress-nginx/pull/7535 Release v1.0.0 ingress-nginx + +### 3.34.0 + +- [7256] https://github.com/kubernetes/ingress-nginx/pull/7256 Add namespace field in the namespace scoped resource templates + +### 3.33.0 + +- [7164] https://github.com/kubernetes/ingress-nginx/pull/7164 Update nginx to v1.20.1 + +### 3.32.0 + +- [7117] https://github.com/kubernetes/ingress-nginx/pull/7117 Add annotations for HPA + +### 3.31.0 + +- [7137] https://github.com/kubernetes/ingress-nginx/pull/7137 Add support for custom probes + +### 3.30.0 + +- [#7092](https://github.com/kubernetes/ingress-nginx/pull/7092) Removes the possibility of using localhost in ExternalNames as endpoints + +### 3.29.0 + +- [X] [#6945](https://github.com/kubernetes/ingress-nginx/pull/7020) Add option to specify job label for ServiceMonitor + +### 3.28.0 + +- [ ] [#6900](https://github.com/kubernetes/ingress-nginx/pull/6900) Support existing PSPs + +### 3.27.0 + +- Update ingress-nginx v0.45.0 + +### 3.26.0 + +- [X] [#6979](https://github.com/kubernetes/ingress-nginx/pull/6979) Changed servicePort value for metrics + +### 3.25.0 + +- [X] [#6957](https://github.com/kubernetes/ingress-nginx/pull/6957) Add ability to specify automountServiceAccountToken + +### 3.24.0 + +- [X] [#6908](https://github.com/kubernetes/ingress-nginx/pull/6908) Add volumes to default-backend deployment + +### 3.23.0 + +- Update ingress-nginx v0.44.0 + +### 3.22.0 + +- [X] [#6802](https://github.com/kubernetes/ingress-nginx/pull/6802) Add value for configuring a custom Diffie-Hellman parameters file +- [X] [#6815](https://github.com/kubernetes/ingress-nginx/pull/6815) Allow use of numeric namespaces in helm chart + +### 3.21.0 + +- [X] [#6783](https://github.com/kubernetes/ingress-nginx/pull/6783) Add custom annotations to ScaledObject +- [X] [#6761](https://github.com/kubernetes/ingress-nginx/pull/6761) Adding quotes in the serviceAccount name in Helm values +- [X] [#6767](https://github.com/kubernetes/ingress-nginx/pull/6767) Remove ClusterRole when scope option is enabled +- [X] [#6785](https://github.com/kubernetes/ingress-nginx/pull/6785) Update kube-webhook-certgen image to v1.5.1 + +### 3.20.1 + +- Do not create KEDA in case of DaemonSets. +- Fix KEDA v2 definition + +### 3.20.0 + +- [X] [#6730](https://github.com/kubernetes/ingress-nginx/pull/6730) Do not create HPA for defaultBackend if not enabled. + +### 3.19.0 + +- Update ingress-nginx v0.43.0 + +### 3.18.0 + +- [X] [#6688](https://github.com/kubernetes/ingress-nginx/pull/6688) Allow volume-type emptyDir in controller podsecuritypolicy +- [X] [#6691](https://github.com/kubernetes/ingress-nginx/pull/6691) Improve parsing of helm parameters + +### 3.17.0 + +- Update ingress-nginx v0.42.0 + +### 3.16.1 + +- Fix chart-releaser action + +### 3.16.0 + +- [X] [#6646](https://github.com/kubernetes/ingress-nginx/pull/6646) Added LoadBalancerIP value for internal service + +### 3.15.1 + +- Fix chart-releaser action + +### 3.15.0 + +- [X] [#6586](https://github.com/kubernetes/ingress-nginx/pull/6586) Fix 'maxmindLicenseKey' location in values.yaml + +### 3.14.0 + +- [X] [#6469](https://github.com/kubernetes/ingress-nginx/pull/6469) Allow custom service names for controller and backend + +### 3.13.0 + +- [X] [#6544](https://github.com/kubernetes/ingress-nginx/pull/6544) Fix default backend HPA name variable + +### 3.12.0 + +- [X] [#6514](https://github.com/kubernetes/ingress-nginx/pull/6514) Remove helm2 support and update docs + +### 3.11.1 + +- [X] [#6505](https://github.com/kubernetes/ingress-nginx/pull/6505) Reorder HPA resource list to work with GitOps tooling + +### 3.11.0 + +- Support Keda Autoscaling + +### 3.10.1 + +- Fix regression introduced in 0.41.0 with external authentication + +### 3.10.0 + +- Fix routing regression introduced in 0.41.0 with PathType Exact + +### 3.9.0 + +- [X] [#6423](https://github.com/kubernetes/ingress-nginx/pull/6423) Add Default backend HPA autoscaling + +### 3.8.0 + +- [X] [#6395](https://github.com/kubernetes/ingress-nginx/pull/6395) Update jettech/kube-webhook-certgen image +- [X] [#6377](https://github.com/kubernetes/ingress-nginx/pull/6377) Added loadBalancerSourceRanges for internal lbs +- [X] [#6356](https://github.com/kubernetes/ingress-nginx/pull/6356) Add securitycontext settings on defaultbackend +- [X] [#6401](https://github.com/kubernetes/ingress-nginx/pull/6401) Fix controller service annotations +- [X] [#6403](https://github.com/kubernetes/ingress-nginx/pull/6403) Initial helm chart changelog + +### 3.7.1 + +- [X] [#6326](https://github.com/kubernetes/ingress-nginx/pull/6326) Fix liveness and readiness probe path in daemonset chart + +### 3.7.0 + +- [X] [#6316](https://github.com/kubernetes/ingress-nginx/pull/6316) Numerals in podAnnotations in quotes [#6315](https://github.com/kubernetes/ingress-nginx/issues/6315) + +### 3.6.0 + +- [X] [#6305](https://github.com/kubernetes/ingress-nginx/pull/6305) Add default linux nodeSelector + +### 3.5.1 + +- [X] [#6299](https://github.com/kubernetes/ingress-nginx/pull/6299) Fix helm chart release + +### 3.5.0 + +- [X] [#6260](https://github.com/kubernetes/ingress-nginx/pull/6260) Allow Helm Chart to customize admission webhook's annotations, timeoutSeconds, namespaceSelector, objectSelector and cert files locations + +### 3.4.0 + +- [X] [#6268](https://github.com/kubernetes/ingress-nginx/pull/6268) Update to 0.40.2 in helm chart #6288 + +### 3.3.1 + +- [X] [#6259](https://github.com/kubernetes/ingress-nginx/pull/6259) Release helm chart +- [X] [#6258](https://github.com/kubernetes/ingress-nginx/pull/6258) Fix chart markdown link +- [X] [#6253](https://github.com/kubernetes/ingress-nginx/pull/6253) Release v0.40.0 + +### 3.3.1 + +- [X] [#6233](https://github.com/kubernetes/ingress-nginx/pull/6233) Add admission controller e2e test + +### 3.3.0 + +- [X] [#6203](https://github.com/kubernetes/ingress-nginx/pull/6203) Refactor parsing of key values +- [X] [#6162](https://github.com/kubernetes/ingress-nginx/pull/6162) Add helm chart options to expose metrics service as NodePort +- [X] [#6180](https://github.com/kubernetes/ingress-nginx/pull/6180) Fix helm chart admissionReviewVersions regression +- [X] [#6169](https://github.com/kubernetes/ingress-nginx/pull/6169) Fix Typo in example prometheus rules + +### 3.0.0 + +- [X] [#6167](https://github.com/kubernetes/ingress-nginx/pull/6167) Update chart requirements + +### 2.16.0 + +- [X] [#6154](https://github.com/kubernetes/ingress-nginx/pull/6154) add `topologySpreadConstraint` to controller + +### 2.15.0 + +- [X] [#6087](https://github.com/kubernetes/ingress-nginx/pull/6087) Adding parameter for externalTrafficPolicy in internal controller service spec + +### 2.14.0 + +- [X] [#6104](https://github.com/kubernetes/ingress-nginx/pull/6104) Misc fixes for nginx-ingress chart for better keel and prometheus-operator integration + +### 2.13.0 + +- [X] [#6093](https://github.com/kubernetes/ingress-nginx/pull/6093) Release v0.35.0 + +### 2.13.0 + +- [X] [#6093](https://github.com/kubernetes/ingress-nginx/pull/6093) Release v0.35.0 +- [X] [#6080](https://github.com/kubernetes/ingress-nginx/pull/6080) Switch images to k8s.gcr.io after Vanity Domain Flip + +### 2.12.1 + +- [X] [#6075](https://github.com/kubernetes/ingress-nginx/pull/6075) Sync helm chart affinity examples + +### 2.12.0 + +- [X] [#6039](https://github.com/kubernetes/ingress-nginx/pull/6039) Add configurable serviceMonitor metricRelabelling and targetLabels +- [X] [#6044](https://github.com/kubernetes/ingress-nginx/pull/6044) Fix YAML linting + +### 2.11.3 + +- [X] [#6038](https://github.com/kubernetes/ingress-nginx/pull/6038) Bump chart version PATCH + +### 2.11.2 + +- [X] [#5951](https://github.com/kubernetes/ingress-nginx/pull/5951) Bump chart patch version + +### 2.11.1 + +- [X] [#5900](https://github.com/kubernetes/ingress-nginx/pull/5900) Release helm chart for v0.34.1 + +### 2.11.0 + +- [X] [#5879](https://github.com/kubernetes/ingress-nginx/pull/5879) Update helm chart for v0.34.0 +- [X] [#5671](https://github.com/kubernetes/ingress-nginx/pull/5671) Make liveness probe more fault tolerant than readiness probe + +### 2.10.0 + +- [X] [#5843](https://github.com/kubernetes/ingress-nginx/pull/5843) Update jettech/kube-webhook-certgen image + +### 2.9.1 + +- [X] [#5823](https://github.com/kubernetes/ingress-nginx/pull/5823) Add quoting to sysctls because numeric values need to be presented as strings (#5823) + +### 2.9.0 + +- [X] [#5795](https://github.com/kubernetes/ingress-nginx/pull/5795) Use fully qualified images to avoid cri-o issues + + +### TODO + +Keep building the changelog using *git log charts* checking the tag diff --git a/charts/nginx-ingress/Chart.yaml b/charts/nginx-ingress/Chart.yaml index fbb938b97b..143526cf69 100644 --- a/charts/nginx-ingress/Chart.yaml +++ b/charts/nginx-ingress/Chart.yaml @@ -1,26 +1,24 @@ -apiVersion: v1 -# GitLab: changed name here from `ingress-nginx` to match the previous versions -# to avoid a breaking change for the time being. -name: nginx-ingress -# When the version is modified, make sure the artifacthub.io/changes list is updated -# Also update CHANGELOG.md -version: 3.11.1 -appVersion: 0.41.2 -home: https://github.com/kubernetes/ingress-nginx +annotations: + artifacthub.io/changes: | + - Disable builtin ssl_session_cache + - Print warning only instead of error if no IngressClass permission is available + - Bump internal libraries versions + - Fix documentations + artifacthub.io/prerelease: "false" +apiVersion: v2 +appVersion: 1.0.4 description: Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer +home: https://github.com/kubernetes/ingress-nginx icon: https://upload.wikimedia.org/wikipedia/commons/thumb/c/c5/Nginx_logo.svg/500px-Nginx_logo.svg.png keywords: - - ingress - - nginx -sources: - - https://github.com/kubernetes/ingress-nginx - - https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/nginx-ingress +- ingress +- nginx +kubeVersion: '>=1.19.0-0' maintainers: - - name: ChiefAlexander -engine: gotpl -kubeVersion: ">=1.16.0-0" -annotations: - # List of changes for the release in artifacthub.io - # https://artifacthub.io/packages/helm/ingress-nginx/ingress-nginx?modal=changelog - artifacthub.io/changes: | - - Reorder HPA resource list to work with GitOps tooling +- name: ChiefAlexander +name: nginx-ingress +sources: +- https://github.com/kubernetes/ingress-nginx +- https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/nginx-ingress +type: application +version: 4.0.6 diff --git a/charts/nginx-ingress/OWNERS b/charts/nginx-ingress/OWNERS new file mode 100644 index 0000000000..6b7e049ca8 --- /dev/null +++ b/charts/nginx-ingress/OWNERS @@ -0,0 +1,10 @@ +# See the OWNERS docs: https://github.com/kubernetes/community/blob/master/contributors/guide/owners.md + +approvers: +- ingress-nginx-helm-maintainers + +reviewers: +- ingress-nginx-helm-reviewers + +labels: +- area/helm diff --git a/charts/nginx-ingress/README.md b/charts/nginx-ingress/README.md index 1a157d5785..fecbbcde2d 100644 --- a/charts/nginx-ingress/README.md +++ b/charts/nginx-ingress/README.md @@ -14,18 +14,15 @@ This chart bootstraps an ingress-nginx deployment on a [Kubernetes](http://kuber ```console helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx -helm repo add stable https://charts.helm.sh/stable helm repo update ``` ## Install Chart -```console -# Helm 3 -$ helm install [RELEASE_NAME] ingress-nginx/ingress-nginx +**Important:** only helm3 is supported -# Helm 2 -$ helm install --name [RELEASE_NAME] ingress-nginx/ingress-nginx +```console +helm install [RELEASE_NAME] ingress-nginx/ingress-nginx ``` The command deploys ingress-nginx on the Kubernetes cluster in the default configuration. @@ -37,11 +34,7 @@ _See [helm install](https://helm.sh/docs/helm/helm_install/) for command documen ## Uninstall Chart ```console -# Helm 3 -$ helm uninstall [RELEASE_NAME] - -# Helm 2 -# helm delete --purge [RELEASE_NAME] +helm uninstall [RELEASE_NAME] ``` This removes all the Kubernetes components associated with the chart and deletes the release. @@ -51,8 +44,7 @@ _See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall/) for command doc ## Upgrading Chart ```console -# Helm 3 or 2 -$ helm upgrade [RELEASE_NAME] [CHART] --install +helm upgrade [RELEASE_NAME] [CHART] --install ``` _See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documentation._ @@ -80,11 +72,7 @@ Note that there are some different and upgraded configurations between the two c See [Customizing the Chart Before Installing](https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing). To see all configurable options with detailed comments, visit the chart's [values.yaml](./values.yaml), or run these configuration commands: ```console -# Helm 2 -$ helm inspect values ingress-nginx/ingress-nginx - -# Helm 3 -$ helm show values ingress-nginx/ingress-nginx +helm show values ingress-nginx/ingress-nginx ``` ### PodDisruptionBudget @@ -96,15 +84,16 @@ else it would make it impossible to evacuate a node. See [gh issue #7127](https: The Nginx ingress controller can export Prometheus metrics, by setting `controller.metrics.enabled` to `true`. -You can add Prometheus annotations to the metrics service using `controller.metrics.service.annotations`. Alternatively, if you use the Prometheus Operator, you can enable ServiceMonitor creation using `controller.metrics.serviceMonitor.enabled`. +You can add Prometheus annotations to the metrics service using `controller.metrics.service.annotations`. +Alternatively, if you use the Prometheus Operator, you can enable ServiceMonitor creation using `controller.metrics.serviceMonitor.enabled`. And set `controller.metrics.serviceMonitor.additionalLabels.release="prometheus"`. "release=prometheus" should match the label configured in the prometheus servicemonitor ( see `kubectl get servicemonitor prometheus-kube-prom-prometheus -oyaml -n prometheus`) ### ingress-nginx nginx\_status page/stats server Previous versions of this chart had a `controller.stats.*` configuration block, which is now obsolete due to the following changes in nginx ingress controller: -- In [0.16.1](https://github.com/kubernetes/ingress-nginx/blob/master/Changelog.md#0161), the vts (virtual host traffic status) dashboard was removed -- In [0.23.0](https://github.com/kubernetes/ingress-nginx/blob/master/Changelog.md#0230), the status page at port 18080 is now a unix socket webserver only available at localhost. - You can use `curl --unix-socket /tmp/nginx-status-server.sock http://localhost/nginx_status` inside the controller container to access it locally, or use the snippet from [nginx-ingress changelog](https://github.com/kubernetes/ingress-nginx/blob/master/Changelog.md#0230) to re-enable the http server +- In [0.16.1](https://github.com/kubernetes/ingress-nginx/blob/main/Changelog.md#0161), the vts (virtual host traffic status) dashboard was removed +- In [0.23.0](https://github.com/kubernetes/ingress-nginx/blob/main/Changelog.md#0230), the status page at port 18080 is now a unix socket webserver only available at localhost. + You can use `curl --unix-socket /tmp/nginx-status-server.sock http://localhost/nginx_status` inside the controller container to access it locally, or use the snippet from [nginx-ingress changelog](https://github.com/kubernetes/ingress-nginx/blob/main/Changelog.md#0230) to re-enable the http server ### ExternalDNS Service Configuration @@ -119,7 +108,7 @@ controller: ### AWS L7 ELB with SSL Termination -Annotate the controller as shown in the [nginx-ingress l7 patch](https://github.com/kubernetes/ingress-nginx/blob/master/deploy/aws/l7/service-l7.yaml): +Annotate the controller as shown in the [nginx-ingress l7 patch](https://github.com/kubernetes/ingress-nginx/blob/main/deploy/aws/l7/service-l7.yaml): ```yaml controller: @@ -171,7 +160,7 @@ controller: enabled: true annotations: # Create internal ELB - service.beta.kubernetes.io/aws-load-balancer-internal: 0.0.0.0/0 + service.beta.kubernetes.io/aws-load-balancer-internal: "true" # Any other annotation can be declared here. ``` @@ -183,9 +172,13 @@ controller: internal: enabled: true annotations: - # Create internal LB - cloud.google.com/load-balancer-type: "Internal" - # Any other annotation can be declared here. + # Create internal LB. More informations: https://cloud.google.com/kubernetes-engine/docs/how-to/internal-load-balancing + # For GKE versions 1.17 and later + networking.gke.io/load-balancer-type: "Internal" + # For earlier versions + # cloud.google.com/load-balancer-type: "Internal" + + # Any other annotation can be declared here. ``` Example for Azure: @@ -199,8 +192,21 @@ controller: # Any other annotation can be declared here. ``` +Example for Oracle Cloud Infrastructure: + +```yaml +controller: + service: + annotations: + # Create internal LB + service.beta.kubernetes.io/oci-load-balancer-internal: "true" + # Any other annotation can be declared here. +``` + An use case for this scenario is having a split-view DNS setup where the public zone CNAME records point to the external balancer URL while the private zone CNAME records point to the internal balancer URL. This way, you only need one ingress kubernetes object. +Optionally you can set `controller.service.loadBalancerIP` if you need a static IP for the resulting `LoadBalancer`. + ### Ingress Admission Webhooks With nginx-ingress-controller version 0.25+, the nginx ingress controller pod exposes an endpoint that will integrate with the `validatingwebhookconfiguration` Kubernetes feature to prevent bad ingress from being added to the cluster. diff --git a/charts/nginx-ingress/ci/controller-custom-ingressclass-flags.yaml b/charts/nginx-ingress/ci/controller-custom-ingressclass-flags.yaml new file mode 100644 index 0000000000..b28a2326ee --- /dev/null +++ b/charts/nginx-ingress/ci/controller-custom-ingressclass-flags.yaml @@ -0,0 +1,7 @@ +controller: + watchIngressWithoutClass: true + ingressClassResource: + name: custom-nginx + enabled: true + default: true + controllerValue: "k8s.io/custom-nginx" diff --git a/charts/nginx-ingress/ci/daemonset-customconfig-values.yaml b/charts/nginx-ingress/ci/daemonset-customconfig-values.yaml new file mode 100644 index 0000000000..4393a5bc06 --- /dev/null +++ b/charts/nginx-ingress/ci/daemonset-customconfig-values.yaml @@ -0,0 +1,14 @@ +controller: + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + kind: DaemonSet + allowSnippetAnnotations: false + admissionWebhooks: + enabled: false + service: + type: ClusterIP + + config: + use-proxy-protocol: "true" diff --git a/charts/nginx-ingress/ci/daemonset-customnodeport-values.yaml b/charts/nginx-ingress/ci/daemonset-customnodeport-values.yaml new file mode 100644 index 0000000000..1d94be219b --- /dev/null +++ b/charts/nginx-ingress/ci/daemonset-customnodeport-values.yaml @@ -0,0 +1,22 @@ +controller: + kind: DaemonSet + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + admissionWebhooks: + enabled: false + + service: + type: NodePort + nodePorts: + tcp: + 9000: 30090 + udp: + 9001: 30091 + +tcp: + 9000: "default/test:8080" + +udp: + 9001: "default/test:8080" diff --git a/charts/nginx-ingress/ci/daemonset-headers-values.yaml b/charts/nginx-ingress/ci/daemonset-headers-values.yaml new file mode 100644 index 0000000000..ab7d47bd4d --- /dev/null +++ b/charts/nginx-ingress/ci/daemonset-headers-values.yaml @@ -0,0 +1,14 @@ +controller: + kind: DaemonSet + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + admissionWebhooks: + enabled: false + addHeaders: + X-Frame-Options: deny + proxySetHeaders: + X-Forwarded-Proto: https + service: + type: ClusterIP diff --git a/charts/nginx-ingress/ci/daemonset-internal-lb-values.yaml b/charts/nginx-ingress/ci/daemonset-internal-lb-values.yaml new file mode 100644 index 0000000000..0a200a7460 --- /dev/null +++ b/charts/nginx-ingress/ci/daemonset-internal-lb-values.yaml @@ -0,0 +1,14 @@ +controller: + kind: DaemonSet + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + admissionWebhooks: + enabled: false + service: + type: ClusterIP + internal: + enabled: true + annotations: + service.beta.kubernetes.io/aws-load-balancer-internal: "true" diff --git a/charts/nginx-ingress/ci/daemonset-nodeport-values.yaml b/charts/nginx-ingress/ci/daemonset-nodeport-values.yaml new file mode 100644 index 0000000000..3b7aa2fcd2 --- /dev/null +++ b/charts/nginx-ingress/ci/daemonset-nodeport-values.yaml @@ -0,0 +1,10 @@ +controller: + kind: DaemonSet + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + admissionWebhooks: + enabled: false + service: + type: NodePort diff --git a/charts/nginx-ingress/ci/daemonset-podannotations-values.yaml b/charts/nginx-ingress/ci/daemonset-podannotations-values.yaml new file mode 100644 index 0000000000..0b55306a10 --- /dev/null +++ b/charts/nginx-ingress/ci/daemonset-podannotations-values.yaml @@ -0,0 +1,17 @@ +controller: + kind: DaemonSet + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + admissionWebhooks: + enabled: false + metrics: + enabled: true + service: + type: ClusterIP + podAnnotations: + prometheus.io/path: /metrics + prometheus.io/port: "10254" + prometheus.io/scheme: http + prometheus.io/scrape: "true" diff --git a/charts/nginx-ingress/ci/daemonset-tcp-udp-configMapNamespace-values.yaml b/charts/nginx-ingress/ci/daemonset-tcp-udp-configMapNamespace-values.yaml new file mode 100644 index 0000000000..acd86a77ab --- /dev/null +++ b/charts/nginx-ingress/ci/daemonset-tcp-udp-configMapNamespace-values.yaml @@ -0,0 +1,20 @@ +controller: + kind: DaemonSet + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + admissionWebhooks: + enabled: false + service: + type: ClusterIP + tcp: + configMapNamespace: default + udp: + configMapNamespace: default + +tcp: + 9000: "default/test:8080" + +udp: + 9001: "default/test:8080" diff --git a/charts/nginx-ingress/ci/daemonset-tcp-udp-values.yaml b/charts/nginx-ingress/ci/daemonset-tcp-udp-values.yaml new file mode 100644 index 0000000000..25ee64d856 --- /dev/null +++ b/charts/nginx-ingress/ci/daemonset-tcp-udp-values.yaml @@ -0,0 +1,16 @@ +controller: + kind: DaemonSet + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + admissionWebhooks: + enabled: false + service: + type: ClusterIP + +tcp: + 9000: "default/test:8080" + +udp: + 9001: "default/test:8080" diff --git a/charts/nginx-ingress/ci/daemonset-tcp-values.yaml b/charts/nginx-ingress/ci/daemonset-tcp-values.yaml new file mode 100644 index 0000000000..380c8b4b13 --- /dev/null +++ b/charts/nginx-ingress/ci/daemonset-tcp-values.yaml @@ -0,0 +1,14 @@ +controller: + kind: DaemonSet + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + admissionWebhooks: + enabled: false + service: + type: ClusterIP + +tcp: + 9000: "default/test:8080" + 9001: "default/test:8080" diff --git a/charts/nginx-ingress/ci/deamonset-default-values.yaml b/charts/nginx-ingress/ci/deamonset-default-values.yaml new file mode 100644 index 0000000000..82fa23e854 --- /dev/null +++ b/charts/nginx-ingress/ci/deamonset-default-values.yaml @@ -0,0 +1,10 @@ +controller: + kind: DaemonSet + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + admissionWebhooks: + enabled: false + service: + type: ClusterIP diff --git a/charts/nginx-ingress/ci/deamonset-metrics-values.yaml b/charts/nginx-ingress/ci/deamonset-metrics-values.yaml new file mode 100644 index 0000000000..cb3cb54be2 --- /dev/null +++ b/charts/nginx-ingress/ci/deamonset-metrics-values.yaml @@ -0,0 +1,12 @@ +controller: + kind: DaemonSet + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + admissionWebhooks: + enabled: false + metrics: + enabled: true + service: + type: ClusterIP diff --git a/charts/nginx-ingress/ci/deamonset-psp-values.yaml b/charts/nginx-ingress/ci/deamonset-psp-values.yaml new file mode 100644 index 0000000000..8026a6356f --- /dev/null +++ b/charts/nginx-ingress/ci/deamonset-psp-values.yaml @@ -0,0 +1,13 @@ +controller: + kind: DaemonSet + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + admissionWebhooks: + enabled: false + service: + type: ClusterIP + +podSecurityPolicy: + enabled: true diff --git a/charts/nginx-ingress/ci/deamonset-webhook-and-psp-values.yaml b/charts/nginx-ingress/ci/deamonset-webhook-and-psp-values.yaml new file mode 100644 index 0000000000..fccdb134cf --- /dev/null +++ b/charts/nginx-ingress/ci/deamonset-webhook-and-psp-values.yaml @@ -0,0 +1,13 @@ +controller: + kind: DaemonSet + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + admissionWebhooks: + enabled: true + service: + type: ClusterIP + +podSecurityPolicy: + enabled: true diff --git a/charts/nginx-ingress/ci/deamonset-webhook-values.yaml b/charts/nginx-ingress/ci/deamonset-webhook-values.yaml new file mode 100644 index 0000000000..54d364df11 --- /dev/null +++ b/charts/nginx-ingress/ci/deamonset-webhook-values.yaml @@ -0,0 +1,10 @@ +controller: + kind: DaemonSet + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + admissionWebhooks: + enabled: true + service: + type: ClusterIP diff --git a/charts/nginx-ingress/ci/deployment-autoscaling-behavior-values.yaml b/charts/nginx-ingress/ci/deployment-autoscaling-behavior-values.yaml new file mode 100644 index 0000000000..dca3f35f83 --- /dev/null +++ b/charts/nginx-ingress/ci/deployment-autoscaling-behavior-values.yaml @@ -0,0 +1,14 @@ +controller: + autoscaling: + enabled: true + behavior: + scaleDown: + stabilizationWindowSeconds: 300 + policies: + - type: Pods + value: 1 + periodSeconds: 180 + admissionWebhooks: + enabled: false + service: + type: ClusterIP diff --git a/charts/nginx-ingress/ci/deployment-autoscaling-values.yaml b/charts/nginx-ingress/ci/deployment-autoscaling-values.yaml new file mode 100644 index 0000000000..b8b3ac6862 --- /dev/null +++ b/charts/nginx-ingress/ci/deployment-autoscaling-values.yaml @@ -0,0 +1,11 @@ +controller: + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + autoscaling: + enabled: true + admissionWebhooks: + enabled: false + service: + type: ClusterIP diff --git a/charts/nginx-ingress/ci/deployment-customconfig-values.yaml b/charts/nginx-ingress/ci/deployment-customconfig-values.yaml new file mode 100644 index 0000000000..174941848e --- /dev/null +++ b/charts/nginx-ingress/ci/deployment-customconfig-values.yaml @@ -0,0 +1,12 @@ +controller: + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + config: + use-proxy-protocol: "true" + allowSnippetAnnotations: false + admissionWebhooks: + enabled: false + service: + type: ClusterIP diff --git a/charts/nginx-ingress/ci/deployment-customnodeport-values.yaml b/charts/nginx-ingress/ci/deployment-customnodeport-values.yaml new file mode 100644 index 0000000000..a564eaf931 --- /dev/null +++ b/charts/nginx-ingress/ci/deployment-customnodeport-values.yaml @@ -0,0 +1,20 @@ +controller: + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + admissionWebhooks: + enabled: false + service: + type: NodePort + nodePorts: + tcp: + 9000: 30090 + udp: + 9001: 30091 + +tcp: + 9000: "default/test:8080" + +udp: + 9001: "default/test:8080" diff --git a/charts/nginx-ingress/ci/deployment-default-values.yaml b/charts/nginx-ingress/ci/deployment-default-values.yaml new file mode 100644 index 0000000000..9f46b4e7e9 --- /dev/null +++ b/charts/nginx-ingress/ci/deployment-default-values.yaml @@ -0,0 +1,8 @@ +# Left blank to test default values +controller: + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + service: + type: ClusterIP diff --git a/charts/nginx-ingress/ci/deployment-headers-values.yaml b/charts/nginx-ingress/ci/deployment-headers-values.yaml new file mode 100644 index 0000000000..17a11ac370 --- /dev/null +++ b/charts/nginx-ingress/ci/deployment-headers-values.yaml @@ -0,0 +1,13 @@ +controller: + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + admissionWebhooks: + enabled: false + addHeaders: + X-Frame-Options: deny + proxySetHeaders: + X-Forwarded-Proto: https + service: + type: ClusterIP diff --git a/charts/nginx-ingress/ci/deployment-internal-lb-values.yaml b/charts/nginx-ingress/ci/deployment-internal-lb-values.yaml new file mode 100644 index 0000000000..fd8df8de5d --- /dev/null +++ b/charts/nginx-ingress/ci/deployment-internal-lb-values.yaml @@ -0,0 +1,13 @@ +controller: + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + admissionWebhooks: + enabled: false + service: + type: ClusterIP + internal: + enabled: true + annotations: + service.beta.kubernetes.io/aws-load-balancer-internal: "true" diff --git a/charts/nginx-ingress/ci/deployment-metrics-values.yaml b/charts/nginx-ingress/ci/deployment-metrics-values.yaml new file mode 100644 index 0000000000..9209ad5a6f --- /dev/null +++ b/charts/nginx-ingress/ci/deployment-metrics-values.yaml @@ -0,0 +1,11 @@ +controller: + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + admissionWebhooks: + enabled: false + metrics: + enabled: true + service: + type: ClusterIP diff --git a/charts/nginx-ingress/ci/deployment-nodeport-values.yaml b/charts/nginx-ingress/ci/deployment-nodeport-values.yaml new file mode 100644 index 0000000000..cd9b323528 --- /dev/null +++ b/charts/nginx-ingress/ci/deployment-nodeport-values.yaml @@ -0,0 +1,9 @@ +controller: + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + admissionWebhooks: + enabled: false + service: + type: NodePort diff --git a/charts/nginx-ingress/ci/deployment-podannotations-values.yaml b/charts/nginx-ingress/ci/deployment-podannotations-values.yaml new file mode 100644 index 0000000000..b48d93c46a --- /dev/null +++ b/charts/nginx-ingress/ci/deployment-podannotations-values.yaml @@ -0,0 +1,16 @@ +controller: + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + admissionWebhooks: + enabled: false + metrics: + enabled: true + service: + type: ClusterIP + podAnnotations: + prometheus.io/path: /metrics + prometheus.io/port: "10254" + prometheus.io/scheme: http + prometheus.io/scrape: "true" diff --git a/charts/nginx-ingress/ci/deployment-psp-values.yaml b/charts/nginx-ingress/ci/deployment-psp-values.yaml new file mode 100644 index 0000000000..2f332a7b20 --- /dev/null +++ b/charts/nginx-ingress/ci/deployment-psp-values.yaml @@ -0,0 +1,10 @@ +controller: + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + service: + type: ClusterIP + +podSecurityPolicy: + enabled: true diff --git a/charts/nginx-ingress/ci/deployment-tcp-udp-configMapNamespace-values.yaml b/charts/nginx-ingress/ci/deployment-tcp-udp-configMapNamespace-values.yaml new file mode 100644 index 0000000000..c51a4e91fa --- /dev/null +++ b/charts/nginx-ingress/ci/deployment-tcp-udp-configMapNamespace-values.yaml @@ -0,0 +1,19 @@ +controller: + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + admissionWebhooks: + enabled: false + service: + type: ClusterIP + tcp: + configMapNamespace: default + udp: + configMapNamespace: default + +tcp: + 9000: "default/test:8080" + +udp: + 9001: "default/test:8080" diff --git a/charts/nginx-ingress/ci/deployment-tcp-udp-values.yaml b/charts/nginx-ingress/ci/deployment-tcp-udp-values.yaml new file mode 100644 index 0000000000..5b45b69dcc --- /dev/null +++ b/charts/nginx-ingress/ci/deployment-tcp-udp-values.yaml @@ -0,0 +1,15 @@ +controller: + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + admissionWebhooks: + enabled: false + service: + type: ClusterIP + +tcp: + 9000: "default/test:8080" + +udp: + 9001: "default/test:8080" diff --git a/charts/nginx-ingress/ci/deployment-tcp-values.yaml b/charts/nginx-ingress/ci/deployment-tcp-values.yaml new file mode 100644 index 0000000000..ac0b6e60eb --- /dev/null +++ b/charts/nginx-ingress/ci/deployment-tcp-values.yaml @@ -0,0 +1,11 @@ +controller: + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + service: + type: ClusterIP + +tcp: + 9000: "default/test:8080" + 9001: "default/test:8080" diff --git a/charts/nginx-ingress/ci/deployment-webhook-and-psp-values.yaml b/charts/nginx-ingress/ci/deployment-webhook-and-psp-values.yaml new file mode 100644 index 0000000000..6195bb3391 --- /dev/null +++ b/charts/nginx-ingress/ci/deployment-webhook-and-psp-values.yaml @@ -0,0 +1,12 @@ +controller: + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + admissionWebhooks: + enabled: true + service: + type: ClusterIP + +podSecurityPolicy: + enabled: true diff --git a/charts/nginx-ingress/ci/deployment-webhook-resources-values.yaml b/charts/nginx-ingress/ci/deployment-webhook-resources-values.yaml new file mode 100644 index 0000000000..49ebbb02c8 --- /dev/null +++ b/charts/nginx-ingress/ci/deployment-webhook-resources-values.yaml @@ -0,0 +1,23 @@ +controller: + service: + type: ClusterIP + admissionWebhooks: + enabled: true + createSecretJob: + resources: + limits: + cpu: 10m + memory: 20Mi + requests: + cpu: 10m + memory: 20Mi + patchWebhookJob: + resources: + limits: + cpu: 10m + memory: 20Mi + requests: + cpu: 10m + memory: 20Mi + patch: + enabled: true diff --git a/charts/nginx-ingress/ci/deployment-webhook-values.yaml b/charts/nginx-ingress/ci/deployment-webhook-values.yaml new file mode 100644 index 0000000000..76669a5300 --- /dev/null +++ b/charts/nginx-ingress/ci/deployment-webhook-values.yaml @@ -0,0 +1,9 @@ +controller: + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + admissionWebhooks: + enabled: true + service: + type: ClusterIP diff --git a/charts/nginx-ingress/templates/NOTES.txt b/charts/nginx-ingress/templates/NOTES.txt index 60fb2c1f62..29aeb113a4 100644 --- a/charts/nginx-ingress/templates/NOTES.txt +++ b/charts/nginx-ingress/templates/NOTES.txt @@ -29,27 +29,30 @@ Get the application URL by running these commands: An example Ingress that makes use of the controller: - apiVersion: networking.k8s.io/v1beta1 + apiVersion: networking.k8s.io/v1 kind: Ingress metadata: annotations: - kubernetes.io/ingress.class: {{ .Values.controller.ingressClass }} + kubernetes.io/ingress.class: {{ .Values.controller.ingressClassResource.name }} name: example namespace: foo spec: + ingressClassName: example-class rules: - host: www.example.com http: paths: - - backend: - serviceName: exampleService - servicePort: 80 - path: / + - path: / + pathType: Prefix + backend: + service: + name: exampleService + port: 80 # This section is only required if TLS is to be enabled for the Ingress tls: - - hosts: - - www.example.com - secretName: example-tls + - hosts: + - www.example.com + secretName: example-tls If TLS is enabled for the Ingress, a Secret containing the certificate and key must also be provided: diff --git a/charts/nginx-ingress/templates/_helpers.tpl b/charts/nginx-ingress/templates/_helpers.tpl index bdfac406ad..72b3fe83ee 100644 --- a/charts/nginx-ingress/templates/_helpers.tpl +++ b/charts/nginx-ingress/templates/_helpers.tpl @@ -1,4 +1,6 @@ {{/* vim: set filetype=mustache: */}} +{{/* GitLab additions included at end of file */}} + {{/* Expand the name of the chart. */}} @@ -35,7 +37,7 @@ Create a default fully qualified controller name. We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). */}} {{- define "ingress-nginx.controller.fullname" -}} -{{- printf "%s-%s" (include "ingress-nginx.fullname" .) "controller" | trunc 63 | trimSuffix "-" -}} +{{- printf "%s-%s" (include "ingress-nginx.fullname" .) .Values.controller.name | trunc 63 | trimSuffix "-" -}} {{- end -}} {{/* @@ -58,7 +60,7 @@ Create a default fully qualified default backend name. We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). */}} {{- define "ingress-nginx.defaultBackend.fullname" -}} -{{- printf "%s-%s" (include "ingress-nginx.fullname" .) "default-backend" | trunc 63 | trimSuffix "-" -}} +{{- printf "%s-%s" (include "ingress-nginx.fullname" .) .Values.defaultBackend.name | trunc 63 | trimSuffix "-" -}} {{- end -}} {{/* @@ -66,6 +68,7 @@ Common labels */}} {{- define "ingress-nginx.labels" -}} helm.sh/chart: {{ include "ingress-nginx.chart" . }} +{{ include "ingress-nginx.selectorLabels" . }} {{- if .Chart.AppVersion }} app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} {{- end }} @@ -74,16 +77,10 @@ app.kubernetes.io/managed-by: {{ .Release.Service }} {{/* Selector labels -Previous values from the upstream chart: - app.kubernetes.io/name: {{ include "ingress-nginx.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - -Per-component label: - component: "{{ .Values.{controller,defaultBackend}.name }}" */}} {{- define "ingress-nginx.selectorLabels" -}} -app: {{ include "ingress-nginx.name" . }} -release: {{ .Release.Name }} +app.kubernetes.io/name: {{ include "ingress-nginx.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} {{- end -}} {{/* @@ -128,6 +125,16 @@ Check the ingress controller version tag is at most three versions behind the la {{- end -}} {{- end -}} +{{/* +IngressClass parameters. +*/}} +{{- define "ingressClass.parameters" -}} + {{- if .Values.controller.ingressClassResource.parameters -}} + parameters: +{{ toYaml .Values.controller.ingressClassResource.parameters | indent 4}} + {{ end }} +{{- end -}} + {{/* GitLab-provided partials starting below */}} {{- define "ingress-nginx.tcp-configmap" -}} diff --git a/charts/nginx-ingress/templates/admission-webhooks/job-patch/clusterrole.yaml b/charts/nginx-ingress/templates/admission-webhooks/job-patch/clusterrole.yaml index 7eb57388d2..fd762f9354 100644 --- a/charts/nginx-ingress/templates/admission-webhooks/job-patch/clusterrole.yaml +++ b/charts/nginx-ingress/templates/admission-webhooks/job-patch/clusterrole.yaml @@ -22,6 +22,10 @@ rules: resources: ['podsecuritypolicies'] verbs: ['use'] resourceNames: + {{- with .Values.controller.admissionWebhooks.existingPsp }} + - {{ . }} + {{- else }} - {{ include "ingress-nginx.fullname" . }}-admission + {{- end }} {{- end }} {{- end }} diff --git a/charts/nginx-ingress/templates/admission-webhooks/job-patch/clusterrolebinding.yaml b/charts/nginx-ingress/templates/admission-webhooks/job-patch/clusterrolebinding.yaml index 97931250ce..4990fb1c34 100644 --- a/charts/nginx-ingress/templates/admission-webhooks/job-patch/clusterrolebinding.yaml +++ b/charts/nginx-ingress/templates/admission-webhooks/job-patch/clusterrolebinding.yaml @@ -16,5 +16,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ include "ingress-nginx.fullname" . }}-admission - namespace: {{ .Release.Namespace }} + namespace: {{ .Release.Namespace | quote }} {{- end }} diff --git a/charts/nginx-ingress/templates/admission-webhooks/job-patch/job-createSecret.yaml b/charts/nginx-ingress/templates/admission-webhooks/job-patch/job-createSecret.yaml index 902815084c..2e4b2ca25f 100644 --- a/charts/nginx-ingress/templates/admission-webhooks/job-patch/job-createSecret.yaml +++ b/charts/nginx-ingress/templates/admission-webhooks/job-patch/job-createSecret.yaml @@ -3,10 +3,14 @@ apiVersion: batch/v1 kind: Job metadata: name: {{ include "ingress-nginx.fullname" . }}-admission-create + namespace: {{ .Release.Namespace }} annotations: "helm.sh/hook": pre-install,pre-upgrade "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded labels: + {{- include "gitlab.standardLabels" . | nindent 4 }} + {{- include "gitlab.commonLabels" . | nindent 4 }} + component: "{{ .Values.controller.name }}" {{- include "ingress-nginx.labels" . | nindent 4 }} app.kubernetes.io/component: admission-webhook spec: @@ -33,7 +37,7 @@ spec: containers: - name: create {{- with .Values.controller.admissionWebhooks.patch.image }} - image: "{{.repository}}:{{ .tag }}{{- if (.digest) -}} @{{.digest}} {{- end -}}" + image: "{{- if .repository -}}{{ .repository }}{{ else }}{{ .registry }}/{{ .image }}{{- end -}}:{{ .tag }}{{- if (.digest) -}} @{{.digest}} {{- end -}}" {{- end }} imagePullPolicy: {{ .Values.controller.admissionWebhooks.patch.image.pullPolicy }} args: @@ -46,12 +50,15 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace + {{- if .Values.controller.admissionWebhooks.createSecretJob.resources }} + resources: {{ toYaml .Values.controller.admissionWebhooks.createSecretJob.resources | nindent 12 }} + {{- end }} restartPolicy: OnFailure serviceAccountName: {{ include "ingress-nginx.fullname" . }}-admission {{- if .Values.controller.admissionWebhooks.patch.nodeSelector }} nodeSelector: {{ toYaml .Values.controller.admissionWebhooks.patch.nodeSelector | nindent 8 }} - {{- else }} - {{- include "gitlab.nodeSelector" . | nindent 6 }} + {{- else if include "gitlab.nodeSelector" . }} + {{- include "gitlab.nodeSelector" . | nindent 6 }} {{- end }} {{- if .Values.controller.admissionWebhooks.patch.tolerations }} tolerations: {{ toYaml .Values.controller.admissionWebhooks.patch.tolerations | nindent 8 }} diff --git a/charts/nginx-ingress/templates/admission-webhooks/job-patch/job-patchWebhook.yaml b/charts/nginx-ingress/templates/admission-webhooks/job-patch/job-patchWebhook.yaml index 5f9bc422e6..210d6cfb88 100644 --- a/charts/nginx-ingress/templates/admission-webhooks/job-patch/job-patchWebhook.yaml +++ b/charts/nginx-ingress/templates/admission-webhooks/job-patch/job-patchWebhook.yaml @@ -3,10 +3,14 @@ apiVersion: batch/v1 kind: Job metadata: name: {{ include "ingress-nginx.fullname" . }}-admission-patch + namespace: {{ .Release.Namespace }} annotations: "helm.sh/hook": post-install,post-upgrade "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded labels: + {{- include "gitlab.standardLabels" . | nindent 4 }} + {{- include "gitlab.commonLabels" . | nindent 4 }} + component: "{{ .Values.controller.name }}" {{- include "ingress-nginx.labels" . | nindent 4 }} app.kubernetes.io/component: admission-webhook spec: @@ -33,7 +37,7 @@ spec: containers: - name: patch {{- with .Values.controller.admissionWebhooks.patch.image }} - image: "{{.repository}}:{{ .tag }}{{- if (.digest) -}} @{{.digest}} {{- end -}}" + image: "{{- if .repository -}}{{ .repository }}{{ else }}{{ .registry }}/{{ .image }}{{- end -}}:{{ .tag }}{{- if (.digest) -}} @{{.digest}} {{- end -}}" {{- end }} imagePullPolicy: {{ .Values.controller.admissionWebhooks.patch.image.pullPolicy }} args: @@ -48,12 +52,15 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace + {{- if .Values.controller.admissionWebhooks.patchWebhookJob.resources }} + resources: {{ toYaml .Values.controller.admissionWebhooks.patchWebhookJob.resources | nindent 12 }} + {{- end }} restartPolicy: OnFailure serviceAccountName: {{ include "ingress-nginx.fullname" . }}-admission {{- if .Values.controller.admissionWebhooks.patch.nodeSelector }} nodeSelector: {{ toYaml .Values.controller.admissionWebhooks.patch.nodeSelector | nindent 8 }} - {{- else }} - {{- include "gitlab.nodeSelector" . | nindent 6 }} + {{- else if include "gitlab.nodeSelector" . }} + {{- include "gitlab.nodeSelector" . | nindent 6 }} {{- end }} {{- if .Values.controller.admissionWebhooks.patch.tolerations }} tolerations: {{ toYaml .Values.controller.admissionWebhooks.patch.tolerations | nindent 8 }} diff --git a/charts/nginx-ingress/templates/admission-webhooks/job-patch/psp.yaml b/charts/nginx-ingress/templates/admission-webhooks/job-patch/psp.yaml index e8c8da94ba..d2c7de6858 100644 --- a/charts/nginx-ingress/templates/admission-webhooks/job-patch/psp.yaml +++ b/charts/nginx-ingress/templates/admission-webhooks/job-patch/psp.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled .Values.podSecurityPolicy.enabled -}} +{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled .Values.podSecurityPolicy.enabled (empty .Values.controller.admissionWebhooks.existingPsp) -}} apiVersion: policy/v1beta1 kind: PodSecurityPolicy metadata: diff --git a/charts/nginx-ingress/templates/admission-webhooks/job-patch/role.yaml b/charts/nginx-ingress/templates/admission-webhooks/job-patch/role.yaml index fe1c2ee7f1..9b083ee6e3 100644 --- a/charts/nginx-ingress/templates/admission-webhooks/job-patch/role.yaml +++ b/charts/nginx-ingress/templates/admission-webhooks/job-patch/role.yaml @@ -3,6 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: {{ include "ingress-nginx.fullname" . }}-admission + namespace: {{ .Release.Namespace }} annotations: "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded diff --git a/charts/nginx-ingress/templates/admission-webhooks/job-patch/rolebinding.yaml b/charts/nginx-ingress/templates/admission-webhooks/job-patch/rolebinding.yaml index 391e5e9a33..edda07f5d9 100644 --- a/charts/nginx-ingress/templates/admission-webhooks/job-patch/rolebinding.yaml +++ b/charts/nginx-ingress/templates/admission-webhooks/job-patch/rolebinding.yaml @@ -3,6 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: {{ include "ingress-nginx.fullname" . }}-admission + namespace: {{ .Release.Namespace }} annotations: "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded @@ -16,5 +17,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ include "ingress-nginx.fullname" . }}-admission - namespace: {{ .Release.Namespace }} + namespace: {{ .Release.Namespace | quote }} {{- end }} diff --git a/charts/nginx-ingress/templates/admission-webhooks/job-patch/serviceaccount.yaml b/charts/nginx-ingress/templates/admission-webhooks/job-patch/serviceaccount.yaml index 5dfdd345a3..1ff0f7f0e5 100644 --- a/charts/nginx-ingress/templates/admission-webhooks/job-patch/serviceaccount.yaml +++ b/charts/nginx-ingress/templates/admission-webhooks/job-patch/serviceaccount.yaml @@ -3,6 +3,7 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ include "ingress-nginx.fullname" . }}-admission + namespace: {{ .Release.Namespace }} annotations: "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded diff --git a/charts/nginx-ingress/templates/admission-webhooks/validating-webhook.yaml b/charts/nginx-ingress/templates/admission-webhooks/validating-webhook.yaml index 731536bdd7..712f74fdd3 100644 --- a/charts/nginx-ingress/templates/admission-webhooks/validating-webhook.yaml +++ b/charts/nginx-ingress/templates/admission-webhooks/validating-webhook.yaml @@ -18,7 +18,7 @@ webhooks: - apiGroups: - networking.k8s.io apiVersions: - - v1beta1 + - v1 operations: - CREATE - UPDATE @@ -28,12 +28,11 @@ webhooks: sideEffects: None admissionReviewVersions: - v1 - - v1beta1 clientConfig: service: - namespace: {{ .Release.Namespace }} + namespace: {{ .Release.Namespace | quote }} name: {{ include "ingress-nginx.controller.fullname" . }}-admission - path: /networking/v1beta1/ingresses + path: /networking/v1/ingresses {{- if .Values.controller.admissionWebhooks.timeoutSeconds }} timeoutSeconds: {{ .Values.controller.admissionWebhooks.timeoutSeconds }} {{- end }} diff --git a/charts/nginx-ingress/templates/clusterrole.yaml b/charts/nginx-ingress/templates/clusterrole.yaml index f777b28a00..588fb43f3d 100644 --- a/charts/nginx-ingress/templates/clusterrole.yaml +++ b/charts/nginx-ingress/templates/clusterrole.yaml @@ -1,10 +1,17 @@ -{{- if and .Values.rbac.create (not .Values.rbac.scope) -}} +{{- if .Values.rbac.create }} + +{{- if and .Values.rbac.scope (not .Values.controller.scope.enabled) -}} + {{ required "Invalid configuration: 'rbac.scope' should be equal to 'controller.scope.enabled' (true/false)." (index (dict) ".") }} +{{- end }} + +{{- if not .Values.rbac.scope -}} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: {{- include "gitlab.standardLabels" . | nindent 4 }} {{- include "gitlab.commonLabels" . | nindent 4 }} + component: "{{ .Values.controller.name }}" {{- include "ingress-nginx.labels" . | nindent 4 }} name: {{ include "ingress-nginx.fullname" . }} rules: @@ -42,11 +49,9 @@ rules: verbs: - get - list - - update - watch - apiGroups: - - extensions - - "networking.k8s.io" # k8s 1.14+ + - networking.k8s.io resources: - ingresses verbs: @@ -61,14 +66,13 @@ rules: - create - patch - apiGroups: - - extensions - - "networking.k8s.io" # k8s 1.14+ + - networking.k8s.io resources: - ingresses/status verbs: - update - apiGroups: - - "networking.k8s.io" # k8s 1.14+ + - networking.k8s.io resources: - ingressclasses verbs: @@ -76,3 +80,5 @@ rules: - list - watch {{- end }} + +{{- end }} diff --git a/charts/nginx-ingress/templates/clusterrolebinding.yaml b/charts/nginx-ingress/templates/clusterrolebinding.yaml index 41df108a06..79253e2599 100644 --- a/charts/nginx-ingress/templates/clusterrolebinding.yaml +++ b/charts/nginx-ingress/templates/clusterrolebinding.yaml @@ -5,6 +5,7 @@ metadata: labels: {{- include "gitlab.standardLabels" . | nindent 4 }} {{- include "gitlab.commonLabels" . | nindent 4 }} + component: "{{ .Values.controller.name }}" {{- include "ingress-nginx.labels" . | nindent 4 }} name: {{ include "ingress-nginx.fullname" . }} roleRef: @@ -14,5 +15,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ template "ingress-nginx.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ .Release.Namespace | quote }} {{- end }} diff --git a/charts/nginx-ingress/templates/controller-configmap-addheaders.yaml b/charts/nginx-ingress/templates/controller-configmap-addheaders.yaml index 8c94af1f4a..c05db451b1 100644 --- a/charts/nginx-ingress/templates/controller-configmap-addheaders.yaml +++ b/charts/nginx-ingress/templates/controller-configmap-addheaders.yaml @@ -1,3 +1,4 @@ +{{/* GitLab labels included below */}} {{- if .Values.controller.addHeaders -}} apiVersion: v1 kind: ConfigMap @@ -9,5 +10,6 @@ metadata: {{- include "ingress-nginx.labels" . | nindent 4 }} app.kubernetes.io/component: controller name: {{ include "ingress-nginx.fullname" . }}-custom-add-headers + namespace: {{ .Release.Namespace }} data: {{ toYaml .Values.controller.addHeaders | nindent 2 }} {{- end }} diff --git a/charts/nginx-ingress/templates/controller-configmap-proxyheaders.yaml b/charts/nginx-ingress/templates/controller-configmap-proxyheaders.yaml index 02ed9cc209..dbc32a90be 100644 --- a/charts/nginx-ingress/templates/controller-configmap-proxyheaders.yaml +++ b/charts/nginx-ingress/templates/controller-configmap-proxyheaders.yaml @@ -1,3 +1,4 @@ +{{/* GitLab labels included below */}} {{- if or .Values.controller.proxySetHeaders .Values.controller.headers -}} apiVersion: v1 kind: ConfigMap @@ -9,6 +10,7 @@ metadata: {{- include "ingress-nginx.labels" . | nindent 4 }} app.kubernetes.io/component: controller name: {{ include "ingress-nginx.fullname" . }}-custom-proxy-headers + namespace: {{ .Release.Namespace }} data: {{- if .Values.controller.proxySetHeaders }} {{ toYaml .Values.controller.proxySetHeaders | indent 2 }} diff --git a/charts/nginx-ingress/templates/controller-configmap-tcp.yaml b/charts/nginx-ingress/templates/controller-configmap-tcp.yaml index 45f5448cf4..74ce181e6a 100644 --- a/charts/nginx-ingress/templates/controller-configmap-tcp.yaml +++ b/charts/nginx-ingress/templates/controller-configmap-tcp.yaml @@ -1,3 +1,4 @@ +{{/* GitLab labels included below */}} {{- if and .Values.tcp (not .Values.tcpExternalConfig) -}} apiVersion: v1 kind: ConfigMap @@ -11,7 +12,7 @@ metadata: {{- if .Values.controller.tcp.annotations }} annotations: {{ toYaml .Values.controller.tcp.annotations | nindent 4 }} {{- end }} - name: {{ template "ingress-nginx.tcp-configmap" . }} - namespace: {{ $.Release.Namespace }} + name: {{ include "ingress-nginx.tcp-configmap" . }}-tcp + namespace: {{ .Release.Namespace }} data: {{ tpl (toYaml .Values.tcp) . | nindent 2 }} {{- end }} diff --git a/charts/nginx-ingress/templates/controller-configmap-udp.yaml b/charts/nginx-ingress/templates/controller-configmap-udp.yaml index 4e01981f46..0ca58eab60 100644 --- a/charts/nginx-ingress/templates/controller-configmap-udp.yaml +++ b/charts/nginx-ingress/templates/controller-configmap-udp.yaml @@ -1,3 +1,4 @@ +{{/* GitLab labels included below */}} {{- if .Values.udp -}} apiVersion: v1 kind: ConfigMap @@ -12,5 +13,6 @@ metadata: annotations: {{ toYaml .Values.controller.udp.annotations | nindent 4 }} {{- end }} name: {{ include "ingress-nginx.fullname" . }}-udp + namespace: {{ .Release.Namespace }} data: {{ tpl (toYaml .Values.udp) . | nindent 2 }} {{- end }} diff --git a/charts/nginx-ingress/templates/controller-configmap.yaml b/charts/nginx-ingress/templates/controller-configmap.yaml index 500bb80340..c362b4d9c1 100644 --- a/charts/nginx-ingress/templates/controller-configmap.yaml +++ b/charts/nginx-ingress/templates/controller-configmap.yaml @@ -1,3 +1,4 @@ +{{/* GitLab labels included below */}} apiVersion: v1 kind: ConfigMap metadata: @@ -11,13 +12,19 @@ metadata: annotations: {{ toYaml .Values.controller.configAnnotations | nindent 4 }} {{- end }} name: {{ include "ingress-nginx.controller.fullname" . }} + namespace: {{ .Release.Namespace }} data: + allow-snippet-annotations: "{{ .Values.controller.allowSnippetAnnotations }}" {{- if .Values.controller.addHeaders }} add-headers: {{ .Release.Namespace }}/{{ include "ingress-nginx.fullname" . }}-custom-add-headers {{- end }} {{- if or .Values.controller.proxySetHeaders .Values.controller.headers }} proxy-set-headers: {{ .Release.Namespace }}/{{ include "ingress-nginx.fullname" . }}-custom-proxy-headers {{- end }} -{{- if .Values.controller.config }} - {{ toYaml .Values.controller.config | nindent 2 }} +{{- if .Values.dhParam }} + ssl-dh-param: {{ printf "%s/%s" .Release.Namespace (include "ingress-nginx.controller.fullname" .) }} {{- end }} +{{- range $key, $value := .Values.controller.config }} + {{ $key | nindent 2 }}: {{ $value | quote }} +{{- end }} + diff --git a/charts/nginx-ingress/templates/controller-daemonset.yaml b/charts/nginx-ingress/templates/controller-daemonset.yaml index c9d38d87b7..bebaee77e2 100644 --- a/charts/nginx-ingress/templates/controller-daemonset.yaml +++ b/charts/nginx-ingress/templates/controller-daemonset.yaml @@ -1,4 +1,5 @@ {{- if or (eq .Values.controller.kind "DaemonSet") (eq .Values.controller.kind "Both") -}} +{{- include "isControllerTagValid" . -}} apiVersion: apps/v1 kind: DaemonSet metadata: @@ -12,6 +13,7 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} name: {{ include "ingress-nginx.controller.fullname" . }} + namespace: {{ .Release.Namespace }} {{- if .Values.controller.annotations }} annotations: {{ toYaml .Values.controller.annotations | nindent 4 }} {{- end }} @@ -19,7 +21,7 @@ spec: selector: matchLabels: {{- include "ingress-nginx.selectorLabels" . | nindent 6 }} - component: "{{ .Values.controller.name }}" + app.kubernetes.io/component: controller revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} {{- if .Values.controller.updateStrategy }} updateStrategy: {{ toYaml .Values.controller.updateStrategy | nindent 4 }} @@ -34,15 +36,17 @@ spec: {{- end }} {{- end }} labels: - app: {{ template "ingress-nginx.name" . }} - component: "{{ .Values.controller.name }}" - release: {{ .Release.Name }} + {{- include "ingress-nginx.selectorLabels" . | nindent 8 }} + app.kubernetes.io/component: controller {{- if .Values.controller.podLabels }} {{- toYaml .Values.controller.podLabels | nindent 8 }} {{- end }} spec: {{- if .Values.controller.dnsConfig }} dnsConfig: {{ toYaml .Values.controller.dnsConfig | nindent 8 }} + {{- end }} + {{- if .Values.controller.hostname }} + hostname: {{ toYaml .Values.controller.hostname | nindent 8 }} {{- end }} dnsPolicy: {{ .Values.controller.dnsPolicy }} {{- if .Values.imagePullSecrets }} @@ -65,9 +69,9 @@ spec: {{- end }} {{- end }} containers: - - name: controller + - name: {{ .Values.controller.containerName }} {{- with .Values.controller.image }} - image: "{{.repository}}:{{ .tag }}{{- if (.digest) -}} @{{.digest}} {{- end -}}" + image: "{{- if .repository -}}{{ .repository }}{{ else }}{{ .registry }}/{{ .image }}{{- end -}}:{{ .tag }}{{- if (.digest) -}} @{{.digest}} {{- end -}}" {{- end }} imagePullPolicy: {{ .Values.controller.image.pullPolicy }} {{- if .Values.controller.lifecycle }} @@ -76,22 +80,24 @@ spec: args: - /nginx-ingress-controller {{- if .Values.defaultBackend.enabled }} - - --default-backend-service={{ .Release.Namespace }}/{{ include "ingress-nginx.defaultBackend.fullname" . }} + - --default-backend-service=$(POD_NAMESPACE)/{{ include "ingress-nginx.defaultBackend.fullname" . }} {{- end }} {{- if .Values.controller.publishService.enabled }} - --publish-service={{ template "ingress-nginx.controller.publishServicePath" . }} {{- end }} - --election-id={{ .Values.controller.electionID }} - - --ingress-class={{ template "ingress-nginx.controller.ingress-class" . }} - - --configmap={{ .Release.Namespace }}/{{ include "ingress-nginx.controller.fullname" . }} - {{- if or .Values.tcp (include "gitlab.shell.port" $ ) }} + - --controller-class={{ .Values.controller.ingressClassResource.controllerValue }} + - --configmap={{ default "$(POD_NAMESPACE)" .Values.controller.configMapNamespace }}/{{ include "ingress-nginx.controller.fullname" . }} + {{ if include "gitlab.shell.port" $ }} - --tcp-services-configmap={{ .Release.Namespace }}/{{ template "ingress-nginx.tcp-configmap" . }} + {{- else if .Values.tcp }} + - --tcp-services-configmap={{ default "$(POD_NAMESPACE)" .Values.controller.tcp.configMapNamespace }}/{{ include "ingress-nginx.fullname" . }}-tcp {{- end }} {{- if .Values.udp }} - - --udp-services-configmap={{ .Release.Namespace }}/{{ include "ingress-nginx.fullname" . }}-udp + - --udp-services-configmap={{ default "$(POD_NAMESPACE)" .Values.controller.udp.configMapNamespace }}/{{ include "ingress-nginx.fullname" . }}-udp {{- end }} {{- if .Values.controller.scope.enabled }} - - --watch-namespace={{ default .Release.Namespace .Values.controller.scope.namespace }} + - --watch-namespace={{ default "$(POD_NAMESPACE)" .Values.controller.scope.namespace }} {{- end }} {{- if and .Values.controller.reportNodeInternalIp .Values.controller.hostNetwork }} - --report-node-internal-ip-address={{ .Values.controller.reportNodeInternalIp }} @@ -101,12 +107,24 @@ spec: - --validating-webhook-certificate={{ .Values.controller.admissionWebhooks.certificate }} - --validating-webhook-key={{ .Values.controller.admissionWebhooks.key }} {{- end }} + {{- if .Values.controller.maxmindMirror }} + - --maxmind-mirror={{ .Values.controller.maxmindMirror }} + {{- end}} {{- if .Values.controller.maxmindLicenseKey }} - --maxmind-license-key={{ .Values.controller.maxmindLicenseKey }} {{- end }} {{- if not (eq .Values.controller.healthCheckPath "/healthz") }} - --health-check-path={{ .Values.controller.healthCheckPath }} {{- end }} + {{- if .Values.controller.healthCheckHost }} + - --healthz-host={{ .Values.controller.healthCheckHost }} + {{- end }} + {{- if .Values.controller.ingressClassByName }} + - --ingress-class-by-name=true + {{- end }} + {{- if .Values.controller.watchIngressWithoutClass }} + - --watch-ingress-without-class=true + {{- end }} {{- range $key, $value := .Values.controller.extraArgs }} {{- /* Accept keys without values or with false as value */}} {{- if eq ($value | quote | len) 2 }} @@ -139,26 +157,11 @@ spec: {{- if .Values.controller.extraEnvs }} {{- toYaml .Values.controller.extraEnvs | nindent 12 }} {{- end }} - livenessProbe: - httpGet: - path: {{ .Values.controller.healthCheckPath }} - port: {{ .Values.controller.livenessProbe.port }} - scheme: HTTP - initialDelaySeconds: {{ .Values.controller.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.controller.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.controller.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.controller.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.controller.livenessProbe.failureThreshold }} - readinessProbe: - httpGet: - path: {{ .Values.controller.healthCheckPath }} - port: {{ .Values.controller.readinessProbe.port }} - scheme: HTTP - initialDelaySeconds: {{ .Values.controller.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.controller.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.controller.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }} + {{- if .Values.controller.startupProbe }} + startupProbe: {{ toYaml .Values.controller.startupProbe | nindent 12 }} + {{- end }} + livenessProbe: {{ toYaml .Values.controller.livenessProbe | nindent 12 }} + readinessProbe: {{ toYaml .Values.controller.readinessProbe | nindent 12 }} ports: {{- range $key, $value := .Values.controller.containerPort }} - name: {{ $key }} @@ -178,9 +181,11 @@ spec: containerPort: {{ .Values.controller.admissionWebhooks.port }} protocol: TCP {{- end }} + {{- if include "gitlab.shell.port" . }} - name: gitlab-shell - containerPort: {{ include "gitlab.shell.port" $ | int }} + containerPort: {{ include "gitlab.shell.port" . | int }} protocol: TCP + {{- end }} {{- range $key, $value := .Values.tcp }} - name: {{ $key }}-tcp containerPort: {{ $key }} @@ -227,8 +232,8 @@ spec: {{- end }} {{- if .Values.controller.nodeSelector }} nodeSelector: {{ toYaml .Values.controller.nodeSelector | nindent 8 }} - {{- else }} - {{- include "gitlab.nodeSelector" . | nindent 6 }} + {{- else if include "gitlab.nodeSelector" . -}} + {{- include "gitlab.nodeSelector" . | nindent 8 }} {{- end }} {{- if .Values.controller.tolerations }} tolerations: {{ toYaml .Values.controller.tolerations | nindent 8 }} diff --git a/charts/nginx-ingress/templates/controller-deployment.yaml b/charts/nginx-ingress/templates/controller-deployment.yaml index ae956cea23..c03c20d1c5 100644 --- a/charts/nginx-ingress/templates/controller-deployment.yaml +++ b/charts/nginx-ingress/templates/controller-deployment.yaml @@ -1,4 +1,5 @@ {{- if or (eq .Values.controller.kind "Deployment") (eq .Values.controller.kind "Both") -}} +{{- include "isControllerTagValid" . -}} apiVersion: apps/v1 kind: Deployment metadata: @@ -12,16 +13,20 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} name: {{ include "ingress-nginx.controller.fullname" . }} + namespace: {{ .Release.Namespace }} annotations: + {{- if include "gitlab.deploymentAnnotations" . }} {{- include "gitlab.deploymentAnnotations" . | nindent 4 }} - {{- if .Values.controller.annotations }} + {{- end }} + {{- if .Values.controller.annotations }} {{ toYaml .Values.controller.annotations | nindent 4 }} - {{- end }} + {{- end }} spec: selector: matchLabels: {{- include "ingress-nginx.selectorLabels" . | nindent 6 }} component: "{{ .Values.controller.name }}" + app.kubernetes.io/component: controller {{- if not .Values.controller.autoscaling.enabled }} replicas: {{ .Values.controller.replicaCount }} {{- end }} @@ -42,12 +47,16 @@ spec: labels: {{- include "ingress-nginx.selectorLabels" . | nindent 8 }} component: "{{ .Values.controller.name }}" + app.kubernetes.io/component: controller {{- if .Values.controller.podLabels }} {{- toYaml .Values.controller.podLabels | nindent 8 }} {{- end }} spec: {{- if .Values.controller.dnsConfig }} dnsConfig: {{ toYaml .Values.controller.dnsConfig | nindent 8 }} + {{- end }} + {{- if .Values.controller.hostname }} + hostname: {{ toYaml .Values.controller.hostname | nindent 8 }} {{- end }} dnsPolicy: {{ .Values.controller.dnsPolicy }} {{- if .Values.imagePullSecrets }} @@ -70,9 +79,9 @@ spec: {{- end }} {{- end }} containers: - - name: controller + - name: {{ .Values.controller.containerName }} {{- with .Values.controller.image }} - image: "{{.repository}}:{{ .tag }}{{- if (.digest) -}} @{{.digest}} {{- end -}}" + image: "{{- if .repository -}}{{ .repository }}{{ else }}{{ .registry }}/{{ .image }}{{- end -}}:{{ .tag }}{{- if (.digest) -}} @{{.digest}} {{- end -}}" {{- end }} imagePullPolicy: {{ .Values.controller.image.pullPolicy }} {{- if .Values.controller.lifecycle }} @@ -87,13 +96,15 @@ spec: - --publish-service={{ template "ingress-nginx.controller.publishServicePath" . }} {{- end }} - --election-id={{ .Values.controller.electionID }} - - --ingress-class={{ template "ingress-nginx.controller.ingress-class" . }} - - --configmap=$(POD_NAMESPACE)/{{ include "ingress-nginx.controller.fullname" . }} - {{- if or .Values.tcp ( include "gitlab.shell.port" $ ) }} + - --controller-class={{ .Values.controller.ingressClassResource.controllerValue }} + - --configmap={{ default "$(POD_NAMESPACE)" .Values.controller.configMapNamespace }}/{{ include "ingress-nginx.controller.fullname" . }} + {{ if include "gitlab.shell.port" $ }} - --tcp-services-configmap={{ .Release.Namespace }}/{{ template "ingress-nginx.tcp-configmap" . }} + {{- else if .Values.tcp }} + - --tcp-services-configmap={{ default "$(POD_NAMESPACE)" .Values.controller.tcp.configMapNamespace }}/{{ include "ingress-nginx.fullname" . }}-tcp {{- end }} {{- if .Values.udp }} - - --udp-services-configmap=$(POD_NAMESPACE)/{{ include "ingress-nginx.fullname" . }}-udp + - --udp-services-configmap={{ default "$(POD_NAMESPACE)" .Values.controller.udp.configMapNamespace }}/{{ include "ingress-nginx.fullname" . }}-udp {{- end }} {{- if .Values.controller.scope.enabled }} - --watch-namespace={{ default "$(POD_NAMESPACE)" .Values.controller.scope.namespace }} @@ -109,9 +120,18 @@ spec: {{- if .Values.controller.maxmindLicenseKey }} - --maxmind-license-key={{ .Values.controller.maxmindLicenseKey }} {{- end }} + {{- if .Values.controller.healthCheckHost }} + - --healthz-host={{ .Values.controller.healthCheckHost }} + {{- end }} {{- if not (eq .Values.controller.healthCheckPath "/healthz") }} - --health-check-path={{ .Values.controller.healthCheckPath }} {{- end }} + {{- if .Values.controller.ingressClassByName }} + - --ingress-class-by-name=true + {{- end }} + {{- if .Values.controller.watchIngressWithoutClass }} + - --watch-ingress-without-class=true + {{- end }} {{- range $key, $value := .Values.controller.extraArgs }} {{- /* Accept keys without values or with false as value */}} {{- if eq ($value | quote | len) 2 }} @@ -144,26 +164,11 @@ spec: {{- if .Values.controller.extraEnvs }} {{- toYaml .Values.controller.extraEnvs | nindent 12 }} {{- end }} - livenessProbe: - httpGet: - path: {{ .Values.controller.healthCheckPath }} - port: {{ .Values.controller.livenessProbe.port }} - scheme: HTTP - initialDelaySeconds: {{ .Values.controller.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.controller.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.controller.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.controller.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.controller.livenessProbe.failureThreshold }} - readinessProbe: - httpGet: - path: {{ .Values.controller.healthCheckPath }} - port: {{ .Values.controller.readinessProbe.port }} - scheme: HTTP - initialDelaySeconds: {{ .Values.controller.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.controller.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.controller.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }} + {{- if .Values.controller.startupProbe }} + startupProbe: {{ toYaml .Values.controller.startupProbe | nindent 12 }} + {{- end }} + livenessProbe: {{ toYaml .Values.controller.livenessProbe | nindent 12 }} + readinessProbe: {{ toYaml .Values.controller.readinessProbe | nindent 12 }} ports: {{- range $key, $value := .Values.controller.containerPort }} - name: {{ $key }} @@ -183,9 +188,11 @@ spec: containerPort: {{ .Values.controller.admissionWebhooks.port }} protocol: TCP {{- end }} + {{- if include "gitlab.shell.port" $ }} - name: gitlab-shell containerPort: {{ include "gitlab.shell.port" $ | int }} protocol: TCP + {{- end }} {{- range $key, $value := .Values.tcp }} - name: {{ $key }}-tcp containerPort: {{ $key }} @@ -232,8 +239,8 @@ spec: {{- end }} {{- if .Values.controller.nodeSelector }} nodeSelector: {{ toYaml .Values.controller.nodeSelector | nindent 8 }} - {{- else }} - {{- include "gitlab.nodeSelector" . | nindent 6 }} + {{- else if include "gitlab.nodeSelector" . }} + {{- include "gitlab.nodeSelector" . | nindent 6 }} {{- end }} {{- if .Values.controller.tolerations }} tolerations: {{ toYaml .Values.controller.tolerations | nindent 8 }} diff --git a/charts/nginx-ingress/templates/controller-hpa.yaml b/charts/nginx-ingress/templates/controller-hpa.yaml index 01e2fb2de3..37e050d11a 100644 --- a/charts/nginx-ingress/templates/controller-hpa.yaml +++ b/charts/nginx-ingress/templates/controller-hpa.yaml @@ -4,6 +4,10 @@ apiVersion: autoscaling/v2beta2 kind: HorizontalPodAutoscaler metadata: + annotations: + {{- with .Values.controller.autoscaling.annotations }} + {{- toYaml . | trimSuffix "\n" | nindent 4 }} + {{- end }} labels: {{- include "gitlab.standardLabels" . | nindent 4 }} {{- include "gitlab.commonLabels" . | nindent 4 }} @@ -11,6 +15,7 @@ metadata: {{- include "ingress-nginx.labels" . | nindent 4 }} app.kubernetes.io/component: controller name: {{ include "ingress-nginx.controller.fullname" . }} + namespace: {{ .Release.Namespace }} spec: scaleTargetRef: apiVersion: apps/v1 @@ -36,7 +41,12 @@ spec: averageUtilization: {{ . }} {{- end }} {{- with .Values.controller.autoscalingTemplate }} -{{- toYaml . | nindent 2 }} + {{- toYaml . | nindent 2 }} + {{- end }} + {{- with .Values.controller.autoscaling.behavior }} + behavior: + {{- toYaml . | nindent 4 }} {{- end }} {{- end }} {{- end }} + diff --git a/charts/nginx-ingress/templates/controller-ingressclass.yaml b/charts/nginx-ingress/templates/controller-ingressclass.yaml new file mode 100644 index 0000000000..f305fe32cf --- /dev/null +++ b/charts/nginx-ingress/templates/controller-ingressclass.yaml @@ -0,0 +1,25 @@ +{{- if .Values.controller.ingressClassResource.enabled -}} +# We don't support namespaced ingressClass yet +# So a ClusterRole and a ClusterRoleBinding is required +apiVersion: networking.k8s.io/v1 +kind: IngressClass +metadata: + labels: + {{- include "gitlab.standardLabels" . | nindent 4 }} + {{- include "gitlab.commonLabels" . | nindent 4 }} + component: "{{ .Values.controller.name }}" + {{- include "ingress-nginx.labels" . | nindent 4 }} + app.kubernetes.io/component: controller + {{- with .Values.controller.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + name: {{ tpl .Values.controller.ingressClassResource.name . }} + namespace: {{ .Release.Namespace }} +{{- if .Values.controller.ingressClassResource.default }} + annotations: + ingressclass.kubernetes.io/is-default-class: "true" +{{- end }} +spec: + controller: {{ .Values.controller.ingressClassResource.controllerValue }} + {{ template "ingressClass.parameters" . }} +{{- end }} diff --git a/charts/nginx-ingress/templates/controller-keda.yaml b/charts/nginx-ingress/templates/controller-keda.yaml index 581f6ec772..f1beb5c12b 100644 --- a/charts/nginx-ingress/templates/controller-keda.yaml +++ b/charts/nginx-ingress/templates/controller-keda.yaml @@ -1,4 +1,4 @@ -{{- if .Values.controller.keda.enabled }} +{{- if and .Values.controller.keda.enabled (or (eq .Values.controller.kind "Deployment") (eq .Values.controller.kind "Both")) -}} # https://keda.sh/docs/ apiVersion: {{ .Values.controller.keda.apiVersion }} @@ -11,10 +11,16 @@ metadata: {{- include "ingress-nginx.labels" . | nindent 4 }} app.kubernetes.io/component: controller name: {{ include "ingress-nginx.controller.fullname" . }} - + {{- if .Values.controller.keda.scaledObject.annotations }} + annotations: {{ toYaml .Values.controller.keda.scaledObject.annotations | nindent 4 }} + {{- end }} spec: scaleTargetRef: +{{- if eq .Values.controller.keda.apiVersion "keda.k8s.io/v1alpha1" }} deploymentName: {{ include "ingress-nginx.controller.fullname" . }} +{{- else if eq .Values.controller.keda.apiVersion "keda.sh/v1alpha1" }} + name: {{ include "ingress-nginx.controller.fullname" . }} +{{- end }} pollingInterval: {{ .Values.controller.keda.pollingInterval }} cooldownPeriod: {{ .Values.controller.keda.cooldownPeriod }} minReplicaCount: {{ .Values.controller.keda.minReplicas }} diff --git a/charts/nginx-ingress/templates/controller-poddisruptionbudget.yaml b/charts/nginx-ingress/templates/controller-poddisruptionbudget.yaml index a1ff64ca89..20e0a6f8a9 100644 --- a/charts/nginx-ingress/templates/controller-poddisruptionbudget.yaml +++ b/charts/nginx-ingress/templates/controller-poddisruptionbudget.yaml @@ -1,5 +1,5 @@ -{{- if or (and .Values.controller.autoscaling.enabled (gt (.Values.controller.autoscaling.minReplicas | int) 1)) (gt (.Values.controller.replicaCount | int) 1) -}} -apiVersion: policy/v1beta1 +{{- if or (and .Values.controller.autoscaling.enabled (gt (.Values.controller.autoscaling.minReplicas | int) 1)) (and (not .Values.controller.autoscaling.enabled) (gt (.Values.controller.replicaCount | int) 1)) }} +apiVersion: {{ ternary "policy/v1" "policy/v1beta1" (semverCompare ">=1.21.0-0" .Capabilities.KubeVersion.Version) }} kind: PodDisruptionBudget metadata: labels: @@ -9,10 +9,11 @@ metadata: {{- include "ingress-nginx.labels" . | nindent 4 }} app.kubernetes.io/component: controller name: {{ include "ingress-nginx.controller.fullname" . }} + namespace: {{ .Release.Namespace }} spec: selector: matchLabels: {{- include "ingress-nginx.selectorLabels" . | nindent 6 }} - component: "{{ .Values.controller.name }}" + app.kubernetes.io/component: controller minAvailable: {{ .Values.controller.minAvailable }} {{- end }} diff --git a/charts/nginx-ingress/templates/controller-prometheusrules.yaml b/charts/nginx-ingress/templates/controller-prometheusrules.yaml index 3d67c19aa5..4d31a4e158 100644 --- a/charts/nginx-ingress/templates/controller-prometheusrules.yaml +++ b/charts/nginx-ingress/templates/controller-prometheusrules.yaml @@ -4,7 +4,7 @@ kind: PrometheusRule metadata: name: {{ include "ingress-nginx.controller.fullname" . }} {{- if .Values.controller.metrics.prometheusRule.namespace }} - namespace: {{ .Values.controller.metrics.prometheusRule.namespace }} + namespace: {{ .Values.controller.metrics.prometheusRule.namespace | quote }} {{- end }} labels: {{- include "gitlab.standardLabels" . | nindent 4 }} diff --git a/charts/nginx-ingress/templates/controller-psp.yaml b/charts/nginx-ingress/templates/controller-psp.yaml index c70c0aedc8..2bf0c07238 100644 --- a/charts/nginx-ingress/templates/controller-psp.yaml +++ b/charts/nginx-ingress/templates/controller-psp.yaml @@ -1,4 +1,4 @@ -{{- if .Values.podSecurityPolicy.enabled -}} +{{- if and .Values.podSecurityPolicy.enabled (empty .Values.controller.existingPsp) -}} apiVersion: policy/v1beta1 kind: PodSecurityPolicy metadata: @@ -23,7 +23,7 @@ spec: # Allow core volume types. volumes: - 'configMap' - #- 'emptyDir' + - 'emptyDir' #- 'projected' - 'secret' #- 'downwardAPI' diff --git a/charts/nginx-ingress/templates/controller-role.yaml b/charts/nginx-ingress/templates/controller-role.yaml index 835f396acc..7a93af7117 100644 --- a/charts/nginx-ingress/templates/controller-role.yaml +++ b/charts/nginx-ingress/templates/controller-role.yaml @@ -9,6 +9,7 @@ metadata: {{- include "ingress-nginx.labels" . | nindent 4 }} app.kubernetes.io/component: controller name: {{ include "ingress-nginx.fullname" . }} + namespace: {{ .Release.Namespace }} rules: - apiGroups: - "" @@ -23,6 +24,7 @@ rules: - pods - secrets - endpoints + - ingressclasses verbs: - get - list @@ -34,11 +36,9 @@ rules: verbs: - get - list - - update - watch - apiGroups: - - extensions - - "networking.k8s.io" # k8s 1.14+ + - networking.k8s.io resources: - ingresses verbs: @@ -46,14 +46,13 @@ rules: - list - watch - apiGroups: - - extensions - - "networking.k8s.io" # k8s 1.14+ + - networking.k8s.io resources: - ingresses/status verbs: - update - apiGroups: - - "networking.k8s.io" # k8s 1.14+ + - networking.k8s.io resources: - ingressclasses verbs: @@ -65,7 +64,7 @@ rules: resources: - configmaps resourceNames: - - {{ .Values.controller.electionID }}-{{ template "ingress-nginx.controller.ingress-class" . }} + - {{ .Values.controller.electionID }} verbs: - get - update @@ -75,14 +74,6 @@ rules: - configmaps verbs: - create - - apiGroups: - - "" - resources: - - endpoints - verbs: - - create - - get - - update - apiGroups: - "" resources: @@ -94,6 +85,10 @@ rules: - apiGroups: [{{ template "podSecurityPolicy.apiGroup" . }}] resources: ['podsecuritypolicies'] verbs: ['use'] + {{- with .Values.controller.existingPsp }} + resourceNames: [{{ . }}] + {{- else }} resourceNames: [{{ include "ingress-nginx.fullname" . }}] + {{- end }} {{- end }} {{- end }} diff --git a/charts/nginx-ingress/templates/controller-rolebinding.yaml b/charts/nginx-ingress/templates/controller-rolebinding.yaml index df384e9bc4..ef6708f66e 100644 --- a/charts/nginx-ingress/templates/controller-rolebinding.yaml +++ b/charts/nginx-ingress/templates/controller-rolebinding.yaml @@ -9,6 +9,7 @@ metadata: {{- include "ingress-nginx.labels" . | nindent 4 }} app.kubernetes.io/component: controller name: {{ include "ingress-nginx.fullname" . }} + namespace: {{ .Release.Namespace }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role @@ -16,5 +17,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ template "ingress-nginx.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ .Release.Namespace | quote }} {{- end }} diff --git a/charts/nginx-ingress/templates/controller-service-internal.yaml b/charts/nginx-ingress/templates/controller-service-internal.yaml index 0bd7b0a170..7e841519d8 100644 --- a/charts/nginx-ingress/templates/controller-service-internal.yaml +++ b/charts/nginx-ingress/templates/controller-service-internal.yaml @@ -16,8 +16,12 @@ metadata: {{- toYaml .Values.controller.service.labels | nindent 4 }} {{- end }} name: {{ include "ingress-nginx.controller.fullname" . }}-internal + namespace: {{ .Release.Namespace }} spec: type: "{{ .Values.controller.service.type }}" +{{- if .Values.controller.service.internal.loadBalancerIP }} + loadBalancerIP: {{ .Values.controller.service.internal.loadBalancerIP }} +{{- end }} {{- if .Values.controller.service.internal.loadBalancerSourceRanges }} loadBalancerSourceRanges: {{ toYaml .Values.controller.service.internal.loadBalancerSourceRanges | nindent 4 }} {{- end }} @@ -31,6 +35,9 @@ spec: port: {{ .Values.controller.service.ports.http }} protocol: TCP targetPort: {{ .Values.controller.service.targetPorts.http }} + {{- if semverCompare ">=1.20" .Capabilities.KubeVersion.Version }} + appProtocol: http + {{- end }} {{- if (and $setNodePorts (not (empty .Values.controller.service.nodePorts.http))) }} nodePort: {{ .Values.controller.service.nodePorts.http }} {{- end }} @@ -40,11 +47,36 @@ spec: port: {{ .Values.controller.service.ports.https }} protocol: TCP targetPort: {{ .Values.controller.service.targetPorts.https }} + {{- if semverCompare ">=1.20" .Capabilities.KubeVersion.Version }} + appProtocol: https + {{- end }} {{- if (and $setNodePorts (not (empty .Values.controller.service.nodePorts.https))) }} nodePort: {{ .Values.controller.service.nodePorts.https }} {{- end }} {{- end }} + {{- range $key, $value := .Values.tcp }} + - name: {{ $key }}-tcp + port: {{ $key }} + protocol: TCP + targetPort: {{ $key }}-tcp + {{- if $.Values.controller.service.nodePorts.tcp }} + {{- if index $.Values.controller.service.nodePorts.tcp $key }} + nodePort: {{ index $.Values.controller.service.nodePorts.tcp $key }} + {{- end }} + {{- end }} + {{- end }} + {{- range $key, $value := .Values.udp }} + - name: {{ $key }}-udp + port: {{ $key }} + protocol: UDP + targetPort: {{ $key }}-udp + {{- if $.Values.controller.service.nodePorts.udp }} + {{- if index $.Values.controller.service.nodePorts.udp $key }} + nodePort: {{ index $.Values.controller.service.nodePorts.udp $key }} + {{- end }} + {{- end }} + {{- end }} selector: {{- include "ingress-nginx.selectorLabels" . | nindent 4 }} - component: "{{ .Values.controller.name }}" + app.kubernetes.io/component: controller {{- end }} diff --git a/charts/nginx-ingress/templates/controller-service-metrics.yaml b/charts/nginx-ingress/templates/controller-service-metrics.yaml index a100559441..aea69bcdde 100644 --- a/charts/nginx-ingress/templates/controller-service-metrics.yaml +++ b/charts/nginx-ingress/templates/controller-service-metrics.yaml @@ -15,6 +15,7 @@ metadata: {{- toYaml .Values.controller.metrics.service.labels | nindent 4 }} {{- end }} name: {{ include "ingress-nginx.controller.fullname" . }}-metrics + namespace: {{ .Release.Namespace }} spec: type: {{ .Values.controller.metrics.service.type }} {{- if .Values.controller.metrics.service.clusterIP }} @@ -35,6 +36,7 @@ spec: ports: - name: metrics port: {{ .Values.controller.metrics.service.servicePort }} + protocol: TCP targetPort: metrics {{- $setNodePorts := (or (eq .Values.controller.metrics.service.type "NodePort") (eq .Values.controller.metrics.service.type "LoadBalancer")) }} {{- if (and $setNodePorts (not (empty .Values.controller.metrics.service.nodePort))) }} @@ -42,5 +44,5 @@ spec: {{- end }} selector: {{- include "ingress-nginx.selectorLabels" . | nindent 4 }} - component: "{{ .Values.controller.name }}" + app.kubernetes.io/component: controller {{- end }} diff --git a/charts/nginx-ingress/templates/controller-service-webhook.yaml b/charts/nginx-ingress/templates/controller-service-webhook.yaml index 91db703833..d93447a0bf 100644 --- a/charts/nginx-ingress/templates/controller-service-webhook.yaml +++ b/charts/nginx-ingress/templates/controller-service-webhook.yaml @@ -6,12 +6,13 @@ metadata: annotations: {{ toYaml .Values.controller.admissionWebhooks.service.annotations | nindent 4 }} {{- end }} labels: - component: "{{ .Values.controller.name }}" {{- include "gitlab.standardLabels" . | nindent 4 }} {{- include "gitlab.commonLabels" . | nindent 4 }} + component: "{{ .Values.controller.name }}" {{- include "ingress-nginx.labels" . | nindent 4 }} app.kubernetes.io/component: controller name: {{ include "ingress-nginx.controller.fullname" . }}-admission + namespace: {{ .Release.Namespace }} spec: type: {{ .Values.controller.admissionWebhooks.service.type }} {{- if .Values.controller.admissionWebhooks.service.clusterIP }} @@ -30,7 +31,10 @@ spec: - name: https-webhook port: 443 targetPort: webhook + {{- if semverCompare ">=1.20" .Capabilities.KubeVersion.Version }} + appProtocol: https + {{- end }} selector: {{- include "ingress-nginx.selectorLabels" . | nindent 4 }} - component: "{{ .Values.controller.name }}" + app.kubernetes.io/component: controller {{- end }} diff --git a/charts/nginx-ingress/templates/controller-service.yaml b/charts/nginx-ingress/templates/controller-service.yaml index 40e8942e76..36f6cfdcd3 100644 --- a/charts/nginx-ingress/templates/controller-service.yaml +++ b/charts/nginx-ingress/templates/controller-service.yaml @@ -16,6 +16,7 @@ metadata: {{- toYaml .Values.controller.service.labels | nindent 4 }} {{- end }} name: {{ include "ingress-nginx.controller.fullname" . }} + namespace: {{ .Release.Namespace }} spec: type: {{ .Values.controller.service.type }} {{- if .Values.controller.service.clusterIP }} @@ -24,8 +25,8 @@ spec: {{- if .Values.controller.service.externalIPs }} externalIPs: {{ toYaml .Values.controller.service.externalIPs | nindent 4 }} {{- end }} -{{- if .Values.global.hosts.externalIP }} - loadBalancerIP: {{ .Values.global.hosts.externalIP }} +{{- if .Values.controller.service.loadBalancerIP }} + loadBalancerIP: {{ .Values.controller.service.loadBalancerIP }} {{- end }} {{- if .Values.controller.service.loadBalancerSourceRanges }} loadBalancerSourceRanges: {{ toYaml .Values.controller.service.loadBalancerSourceRanges | nindent 4 }} @@ -38,6 +39,16 @@ spec: {{- end }} {{- if .Values.controller.service.healthCheckNodePort }} healthCheckNodePort: {{ .Values.controller.service.healthCheckNodePort }} +{{- end }} +{{- if semverCompare ">=1.20.0-0" .Capabilities.KubeVersion.Version -}} +{{- if .Values.controller.service.ipFamilyPolicy }} + ipFamilyPolicy: {{ .Values.controller.service.ipFamilyPolicy }} +{{- end }} +{{- end }} +{{- if semverCompare ">=1.20.0-0" .Capabilities.KubeVersion.Version -}} +{{- if .Values.controller.service.ipFamilies }} + ipFamilies: {{ toYaml .Values.controller.service.ipFamilies | nindent 4 }} +{{- end }} {{- end }} ports: {{- $setNodePorts := (or (eq .Values.controller.service.type "NodePort") (eq .Values.controller.service.type "LoadBalancer")) }} @@ -46,6 +57,9 @@ spec: port: {{ .Values.controller.service.ports.http }} protocol: TCP targetPort: {{ .Values.controller.service.targetPorts.http }} + {{- if semverCompare ">=1.20" .Capabilities.KubeVersion.Version }} + appProtocol: http + {{- end }} {{- if (and $setNodePorts (not (empty .Values.controller.service.nodePorts.http))) }} nodePort: {{ .Values.controller.service.nodePorts.http }} {{- end }} @@ -55,10 +69,14 @@ spec: port: {{ .Values.controller.service.ports.https }} protocol: TCP targetPort: {{ .Values.controller.service.targetPorts.https }} + {{- if semverCompare ">=1.20" .Capabilities.KubeVersion.Version }} + appProtocol: https + {{- end }} {{- if (and $setNodePorts (not (empty .Values.controller.service.nodePorts.https))) }} nodePort: {{ .Values.controller.service.nodePorts.https }} {{- end }} {{- end }} + {{- if include "gitlab.shell.port" $ }} - name: gitlab-shell port: {{ include "gitlab.shell.port" $ | int }} protocol: TCP @@ -67,6 +85,7 @@ spec: {{- if (and (eq .Values.controller.service.type "NodePort") (not (empty $nodePort))) }} nodePort: {{ $nodePort }} {{- end }} + {{- end }} {{- range $key, $value := .Values.tcp }} - name: {{ $key }}-tcp port: {{ $key }} @@ -91,5 +110,5 @@ spec: {{- end }} selector: {{- include "ingress-nginx.selectorLabels" . | nindent 4 }} - component: "{{ .Values.controller.name }}" + app.kubernetes.io/component: controller {{- end }} diff --git a/charts/nginx-ingress/templates/controller-serviceaccount.yaml b/charts/nginx-ingress/templates/controller-serviceaccount.yaml index ac9bb5319e..b811d01f1c 100644 --- a/charts/nginx-ingress/templates/controller-serviceaccount.yaml +++ b/charts/nginx-ingress/templates/controller-serviceaccount.yaml @@ -9,4 +9,6 @@ metadata: {{- include "ingress-nginx.labels" . | nindent 4 }} app.kubernetes.io/component: controller name: {{ template "ingress-nginx.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} {{- end }} diff --git a/charts/nginx-ingress/templates/controller-servicemonitor.yaml b/charts/nginx-ingress/templates/controller-servicemonitor.yaml index 5bc0aa78f5..2d93cc2d99 100644 --- a/charts/nginx-ingress/templates/controller-servicemonitor.yaml +++ b/charts/nginx-ingress/templates/controller-servicemonitor.yaml @@ -1,10 +1,10 @@ -{{- if and .Values.controller.metrics.enabled .Values.controller.metrics.serviceMonitor.enabled -}} +{{- if and ( .Capabilities.APIVersions.Has "monitoring.coreos.com/v1" ) .Values.controller.metrics.enabled .Values.controller.metrics.serviceMonitor.enabled -}} apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: {{ include "ingress-nginx.controller.fullname" . }} {{- if .Values.controller.metrics.serviceMonitor.namespace }} - namespace: {{ .Values.controller.metrics.serviceMonitor.namespace }} + namespace: {{ .Values.controller.metrics.serviceMonitor.namespace | quote }} {{- end }} labels: {{- include "gitlab.standardLabels" . | nindent 4 }} @@ -25,6 +25,9 @@ spec: {{- if .Values.controller.metrics.serviceMonitor.metricRelabelings }} metricRelabelings: {{ toYaml .Values.controller.metrics.serviceMonitor.metricRelabelings | nindent 8 }} {{- end }} +{{- if .Values.controller.metrics.serviceMonitor.jobLabel }} + jobLabel: {{ .Values.controller.metrics.serviceMonitor.jobLabel | quote }} +{{- end }} {{- if .Values.controller.metrics.serviceMonitor.namespaceSelector }} namespaceSelector: {{ toYaml .Values.controller.metrics.serviceMonitor.namespaceSelector | nindent 4 }} {{ else }} @@ -41,5 +44,5 @@ spec: selector: matchLabels: {{- include "ingress-nginx.selectorLabels" . | nindent 6 }} - component: "{{ .Values.controller.name }}" + app.kubernetes.io/component: controller {{- end }} diff --git a/charts/nginx-ingress/templates/default-backend-deployment.yaml b/charts/nginx-ingress/templates/default-backend-deployment.yaml index c671609fc6..c7f539cb68 100644 --- a/charts/nginx-ingress/templates/default-backend-deployment.yaml +++ b/charts/nginx-ingress/templates/default-backend-deployment.yaml @@ -5,17 +5,20 @@ metadata: labels: {{- include "gitlab.standardLabels" . | nindent 4 }} {{- include "gitlab.commonLabels" . | nindent 4 }} - component: "{{ .Values.defaultBackend.name }}" + component: "{{ .Values.controller.name }}" {{- include "ingress-nginx.labels" . | nindent 4 }} app.kubernetes.io/component: default-backend name: {{ include "ingress-nginx.defaultBackend.fullname" . }} + {{- if include "gitlab.deploymentAnnotations" . }} annotations: {{- include "gitlab.deploymentAnnotations" . | nindent 4 }} + {{- end }} + namespace: {{ .Release.Namespace }} spec: selector: matchLabels: {{- include "ingress-nginx.selectorLabels" . | nindent 6 }} - component: "{{ .Values.defaultBackend.name }}" + app.kubernetes.io/component: default-backend {{- if not .Values.defaultBackend.autoscaling.enabled }} replicas: {{ .Values.defaultBackend.replicaCount }} {{- end }} @@ -27,7 +30,7 @@ spec: {{- end }} labels: {{- include "ingress-nginx.selectorLabels" . | nindent 8 }} - component: "{{ .Values.defaultBackend.name }}" + app.kubernetes.io/component: default-backend {{- if .Values.defaultBackend.podLabels }} {{- toYaml .Values.defaultBackend.podLabels | nindent 8 }} {{- end }} @@ -44,7 +47,7 @@ spec: containers: - name: {{ template "ingress-nginx.name" . }}-default-backend {{- with .Values.defaultBackend.image }} - image: "{{.repository}}:{{ .tag }}{{- if (.digest) -}} @{{.digest}} {{- end -}}" + image: "{{- if .repository -}}{{ .repository }}{{ else }}{{ .registry }}/{{ .image }}{{- end -}}:{{ .tag }}{{- if (.digest) -}} @{{.digest}} {{- end -}}" {{- end }} imagePullPolicy: {{ .Values.defaultBackend.image.pullPolicy }} {{- if .Values.defaultBackend.extraArgs }} @@ -93,13 +96,16 @@ spec: - name: http containerPort: {{ .Values.defaultBackend.port }} protocol: TCP + {{- if .Values.defaultBackend.extraVolumeMounts }} + volumeMounts: {{- toYaml .Values.defaultBackend.extraVolumeMounts | nindent 12 }} + {{- end }} {{- if .Values.defaultBackend.resources }} resources: {{ toYaml .Values.defaultBackend.resources | nindent 12 }} {{- end }} {{- if .Values.defaultBackend.nodeSelector }} nodeSelector: {{ toYaml .Values.defaultBackend.nodeSelector | nindent 8 }} - {{- else }} - {{- include "gitlab.nodeSelector" . | nindent 6 }} + {{- else if include "gitlab.nodeSelector" . }} + {{- include "gitlab.nodeSelector" . | nindent 6 }} {{- end }} serviceAccountName: {{ template "ingress-nginx.defaultBackend.serviceAccountName" . }} {{- if .Values.defaultBackend.tolerations }} @@ -109,4 +115,7 @@ spec: affinity: {{ toYaml .Values.defaultBackend.affinity | nindent 8 }} {{- end }} terminationGracePeriodSeconds: 60 + {{- if .Values.defaultBackend.extraVolumes }} + volumes: {{ toYaml .Values.defaultBackend.extraVolumes | nindent 8 }} + {{- end }} {{- end }} diff --git a/charts/nginx-ingress/templates/default-backend-hpa.yaml b/charts/nginx-ingress/templates/default-backend-hpa.yaml index c024b8e51e..f8a510e9dd 100644 --- a/charts/nginx-ingress/templates/default-backend-hpa.yaml +++ b/charts/nginx-ingress/templates/default-backend-hpa.yaml @@ -1,17 +1,18 @@ -{{- if .Values.defaultBackend.autoscaling.enabled }} +{{- if and .Values.defaultBackend.enabled .Values.defaultBackend.autoscaling.enabled }} apiVersion: autoscaling/v2beta1 kind: HorizontalPodAutoscaler metadata: labels: {{- include "gitlab.standardLabels" . | nindent 4 }} {{- include "gitlab.commonLabels" . | nindent 4 }} - component: "{{ .Values.defaultBackend.name }}" + component: "{{ .Values.controller.name }}" {{- include "ingress-nginx.labels" . | nindent 4 }} app.kubernetes.io/component: default-backend name: {{ template "ingress-nginx.defaultBackend.fullname" . }} + namespace: {{ .Release.Namespace }} spec: scaleTargetRef: - apiVersion: {{ template "deployment.apiVersion" . }} + apiVersion: apps/v1 kind: Deployment name: {{ template "ingress-nginx.defaultBackend.fullname" . }} minReplicas: {{ .Values.defaultBackend.autoscaling.minReplicas }} diff --git a/charts/nginx-ingress/templates/default-backend-poddisruptionbudget.yaml b/charts/nginx-ingress/templates/default-backend-poddisruptionbudget.yaml index 1a9b82cf18..cf0747c01c 100644 --- a/charts/nginx-ingress/templates/default-backend-poddisruptionbudget.yaml +++ b/charts/nginx-ingress/templates/default-backend-poddisruptionbudget.yaml @@ -1,18 +1,19 @@ {{- if or (gt (.Values.defaultBackend.replicaCount | int) 1) (gt (.Values.defaultBackend.autoscaling.minReplicas | int) 1) }} -apiVersion: policy/v1beta1 +apiVersion: {{ ternary "policy/v1" "policy/v1beta1" (semverCompare ">=1.21.0-0" .Capabilities.KubeVersion.Version) }} kind: PodDisruptionBudget metadata: labels: {{- include "gitlab.standardLabels" . | nindent 4 }} {{- include "gitlab.commonLabels" . | nindent 4 }} - component: "{{ .Values.defaultBackend.name }}" + component: "{{ .Values.controller.name }}" {{- include "ingress-nginx.labels" . | nindent 4 }} app.kubernetes.io/component: default-backend name: {{ include "ingress-nginx.defaultBackend.fullname" . }} + namespace: {{ .Release.Namespace }} spec: selector: matchLabels: {{- include "ingress-nginx.selectorLabels" . | nindent 6 }} - component: "{{ .Values.defaultBackend.name }}" + app.kubernetes.io/component: default-backend minAvailable: {{ .Values.defaultBackend.minAvailable }} {{- end }} diff --git a/charts/nginx-ingress/templates/default-backend-psp.yaml b/charts/nginx-ingress/templates/default-backend-psp.yaml index 624bbbc7a6..e8687ea311 100644 --- a/charts/nginx-ingress/templates/default-backend-psp.yaml +++ b/charts/nginx-ingress/templates/default-backend-psp.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.podSecurityPolicy.enabled .Values.defaultBackend.enabled -}} +{{- if and .Values.podSecurityPolicy.enabled .Values.defaultBackend.enabled (empty .Values.defaultBackend.existingPsp) -}} apiVersion: policy/v1beta1 kind: PodSecurityPolicy metadata: @@ -6,7 +6,7 @@ metadata: labels: {{- include "gitlab.standardLabels" . | nindent 4 }} {{- include "gitlab.commonLabels" . | nindent 4 }} - component: "{{ .Values.defaultBackend.name }}" + component: "{{ .Values.controller.name }}" {{- include "ingress-nginx.labels" . | nindent 4 }} app.kubernetes.io/component: default-backend spec: diff --git a/charts/nginx-ingress/templates/default-backend-role.yaml b/charts/nginx-ingress/templates/default-backend-role.yaml index 030752c218..56dcb86c95 100644 --- a/charts/nginx-ingress/templates/default-backend-role.yaml +++ b/charts/nginx-ingress/templates/default-backend-role.yaml @@ -5,13 +5,18 @@ metadata: labels: {{- include "gitlab.standardLabels" . | nindent 4 }} {{- include "gitlab.commonLabels" . | nindent 4 }} - component: "{{ .Values.defaultBackend.name }}" + component: "{{ .Values.controller.name }}" {{- include "ingress-nginx.labels" . | nindent 4 }} app.kubernetes.io/component: default-backend name: {{ include "ingress-nginx.fullname" . }}-backend + namespace: {{ .Release.Namespace }} rules: - apiGroups: [{{ template "podSecurityPolicy.apiGroup" . }}] resources: ['podsecuritypolicies'] verbs: ['use'] + {{- with .Values.defaultBackend.existingPsp }} + resourceNames: [{{ . }}] + {{- else }} resourceNames: [{{ include "ingress-nginx.fullname" . }}-backend] + {{- end }} {{- end }} diff --git a/charts/nginx-ingress/templates/default-backend-rolebinding.yaml b/charts/nginx-ingress/templates/default-backend-rolebinding.yaml index 66ab7e6f1b..0bc5e3b3e7 100644 --- a/charts/nginx-ingress/templates/default-backend-rolebinding.yaml +++ b/charts/nginx-ingress/templates/default-backend-rolebinding.yaml @@ -5,10 +5,11 @@ metadata: labels: {{- include "gitlab.standardLabels" . | nindent 4 }} {{- include "gitlab.commonLabels" . | nindent 4 }} - component: "{{ .Values.defaultBackend.name }}" + component: "{{ .Values.controller.name }}" {{- include "ingress-nginx.labels" . | nindent 4 }} app.kubernetes.io/component: default-backend name: {{ include "ingress-nginx.fullname" . }}-backend + namespace: {{ .Release.Namespace }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role @@ -16,5 +17,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ template "ingress-nginx.defaultBackend.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ .Release.Namespace | quote }} {{- end }} diff --git a/charts/nginx-ingress/templates/default-backend-service.yaml b/charts/nginx-ingress/templates/default-backend-service.yaml index 6473012f41..5b54bc2562 100644 --- a/charts/nginx-ingress/templates/default-backend-service.yaml +++ b/charts/nginx-ingress/templates/default-backend-service.yaml @@ -8,10 +8,11 @@ metadata: labels: {{- include "gitlab.standardLabels" . | nindent 4 }} {{- include "gitlab.commonLabels" . | nindent 4 }} - component: "{{ .Values.defaultBackend.name }}" + component: "{{ .Values.controller.name }}" {{- include "ingress-nginx.labels" . | nindent 4 }} app.kubernetes.io/component: default-backend name: {{ include "ingress-nginx.defaultBackend.fullname" . }} + namespace: {{ .Release.Namespace }} spec: type: {{ .Values.defaultBackend.service.type }} {{- if .Values.defaultBackend.service.clusterIP }} @@ -31,7 +32,10 @@ spec: port: {{ .Values.defaultBackend.service.servicePort }} protocol: TCP targetPort: http + {{- if semverCompare ">=1.20" .Capabilities.KubeVersion.Version }} + appProtocol: http + {{- end }} selector: {{- include "ingress-nginx.selectorLabels" . | nindent 4 }} - component: "{{ .Values.defaultBackend.name }}" + app.kubernetes.io/component: default-backend {{- end }} diff --git a/charts/nginx-ingress/templates/default-backend-serviceaccount.yaml b/charts/nginx-ingress/templates/default-backend-serviceaccount.yaml index 02ed2c1aa5..c01f2c5479 100644 --- a/charts/nginx-ingress/templates/default-backend-serviceaccount.yaml +++ b/charts/nginx-ingress/templates/default-backend-serviceaccount.yaml @@ -9,4 +9,6 @@ metadata: {{- include "ingress-nginx.labels" . | nindent 4 }} app.kubernetes.io/component: default-backend name: {{ template "ingress-nginx.defaultBackend.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +automountServiceAccountToken: {{ .Values.defaultBackend.serviceAccount.automountServiceAccountToken }} {{- end }} diff --git a/charts/nginx-ingress/templates/dh-param-secret.yaml b/charts/nginx-ingress/templates/dh-param-secret.yaml new file mode 100644 index 0000000000..bed6f5e016 --- /dev/null +++ b/charts/nginx-ingress/templates/dh-param-secret.yaml @@ -0,0 +1,13 @@ +{{- with .Values.dhParam -}} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "ingress-nginx.controller.fullname" $ }} + labels: + {{- include "gitlab.standardLabels" . | nindent 4 }} + {{- include "gitlab.commonLabels" . | nindent 4 }} + component: "{{ .Values.controller.name }}" + {{- include "ingress-nginx.labels" $ | nindent 4 }} +data: + dhparam.pem: {{ . }} +{{- end }} diff --git a/charts/nginx-ingress/values.yaml b/charts/nginx-ingress/values.yaml index d86bfe17ca..62a3546b0a 100644 --- a/charts/nginx-ingress/values.yaml +++ b/charts/nginx-ingress/values.yaml @@ -1,18 +1,30 @@ ## nginx configuration -## Ref: https://github.com/kubernetes/ingress-nginx/blob/master/controllers/nginx/configuration.md +## Ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/index.md ## + +## Overrides for generated resource names +# See templates/_helpers.tpl +# nameOverride: +# fullnameOverride: + controller: - # Added by GitLab for parity with previous version. name: controller image: + registry: k8s.gcr.io repository: registry.gitlab.com/gitlab-org/cloud-native/mirror/images/ingress-nginx/controller - tag: "v0.41.2" - digest: sha256:1f4f402b9c14f3ae92b11ada1dfe9893a88f0faeb0b2f4b903e2c67a0c3bf0de + tag: "v1.0.4" + digest: sha256:a7fb797e0b1c919a49cf9b3f9bb90ebca39bc85d0edd11c9a5cf897da5eb5a3f pullPolicy: IfNotPresent # www-data -> uid 101 runAsUser: 101 allowPrivilegeEscalation: true + # Use an existing PSP instead of creating one + existingPsp: "" + + # Configures the controller container name + containerName: controller + # Configures the ports the nginx-controller listens on containerPort: http: 80 @@ -25,7 +37,7 @@ controller: ## configAnnotations: {} - # Will add custom headers before sending traffic to backends according to https://github.com/kubernetes/ingress-nginx/tree/master/docs/examples/customization/custom-headers + # Will add custom headers before sending traffic to backends according to https://github.com/kubernetes/ingress-nginx/tree/main/docs/examples/customization/custom-headers proxySetHeaders: {} # Will add custom headers before sending response traffic to the client according to: https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#add-headers @@ -34,6 +46,9 @@ controller: # Optionally customize the pod dnsConfig. dnsConfig: {} + # Optionally customize the pod hostname. + hostname: {} + # Optionally change this to ClusterFirstWithHostNet in case you have 'hostNetwork: true'. # By default, while using host network, name resolution uses the host's DNS. If you wish nginx-controller # to keep resolving names inside the k8s network, use ClusterFirstWithHostNet. @@ -43,6 +58,20 @@ controller: # Ingress status was blank because there is no Service exposing the NGINX Ingress controller in a configuration using the host network, the default --publish-service flag used in standard cloud setups does not apply reportNodeInternalIp: false + # Process Ingress objects without ingressClass annotation/ingressClassName field + # Overrides value for --watch-ingress-without-class flag of the controller binary + # Defaults to false + watchIngressWithoutClass: false + + # Process IngressClass per name (additionally as per spec.controller) + ingressClassByName: false + + # This configuration defines if Ingress Controller should allow users to set + # their own *-snippet annotations, otherwise this is forbidden / dropped + # when users add those annotations. + # Global snippets in ConfigMap are still respected + allowSnippetAnnotations: true + # Required for use with CNI based kubernetes installations (such as ones set up by kubeadm), # since CNI and hostport don't mix yet. Can be deprecated once https://github.com/kubernetes/kubernetes/issues/23920 # is merged @@ -61,9 +90,18 @@ controller: ## electionID: ingress-controller-leader - ## Name of the ingress class to route through this controller - ## - ingressClass: nginx + # This section refers to the creation of the IngressClass resource + # IngressClass resources are supported since k8s >= 1.18 and required since k8s >= 1.19 + ingressClassResource: + name: nginx + enabled: true + default: false + controllerValue: "k8s.io/ingress-nginx" + + # Parameters is a link to a custom resource containing additional + # configuration for the controller. This is optional if the controller + # does not require extra parameters. + parameters: {} # labels to add to the pod container metadata podLabels: {} @@ -95,27 +133,31 @@ controller: ## scope: enabled: false - namespace: "" # defaults to .Release.Namespace + namespace: "" # defaults to $(POD_NAMESPACE) ## Allows customization of the configmap / nginx-configmap namespace ## - configMapNamespace: "" # defaults to .Release.Namespace + configMapNamespace: "" # defaults to $(POD_NAMESPACE) ## Allows customization of the tcp-services-configmap ## tcp: - configMapNamespace: "" # defaults to .Release.Namespace + configMapNamespace: "" # defaults to $(POD_NAMESPACE) ## Annotations to be added to the tcp config configmap annotations: {} ## Allows customization of the udp-services-configmap ## udp: - configMapNamespace: "" # defaults to .Release.Namespace + configMapNamespace: "" # defaults to $(POD_NAMESPACE) ## Annotations to be added to the udp config configmap annotations: {} - ## Additional command line arguments to pass to ingress-nginx-controller + # Maxmind license key to download GeoLite2 Databases + # https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-geolite2-databases + maxmindLicenseKey: "" + + ## Additional command line arguments to pass to nginx-ingress-controller ## E.g. to specify the default SSL certificate you can use ## extraArgs: ## default-ssl-certificate: "/" @@ -230,30 +272,56 @@ controller: ## Node labels for controller pod assignment ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ ## - nodeSelector: {} + nodeSelector: + kubernetes.io/os: linux ## Liveness and readiness probe values ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes ## + # startupProbe: + # httpGet: + # # should match container.healthCheckPath + # path: "/healthz" + # port: 10254 + # scheme: HTTP + # initialDelaySeconds: 5 + # periodSeconds: 5 + # timeoutSeconds: 2 + # successThreshold: 1 + # failureThreshold: 5 livenessProbe: - failureThreshold: 5 + httpGet: + # should match container.healthCheckPath + path: "/healthz" + port: 10254 + scheme: HTTP initialDelaySeconds: 10 periodSeconds: 10 - successThreshold: 1 timeoutSeconds: 1 - port: 10254 + successThreshold: 1 + failureThreshold: 5 readinessProbe: - failureThreshold: 3 + httpGet: + # should match container.healthCheckPath + path: "/healthz" + port: 10254 + scheme: HTTP initialDelaySeconds: 10 periodSeconds: 10 - successThreshold: 1 timeoutSeconds: 1 - port: 10254 + successThreshold: 1 + failureThreshold: 3 + # Path of the health check endpoint. All requests received on the port defined by # the healthz-port parameter are forwarded internally to this path. healthCheckPath: "/healthz" + # Address to bind the health check endpoint. + # It is better to set this option to the internal node address + # if the ingress nginx controller is running in the hostNetwork: true mode. + healthCheckHost: "" + ## Annotations to be added to controller pods ## podAnnotations: {} @@ -281,6 +349,19 @@ controller: maxReplicas: 11 targetCPUUtilizationPercentage: 50 targetMemoryUtilizationPercentage: 50 + behavior: {} + # scaleDown: + # stabilizationWindowSeconds: 300 + # policies: + # - type: Pods + # value: 1 + # periodSeconds: 180 + # scaleUp: + # stabilizationWindowSeconds: 300 + # policies: + # - type: Pods + # value: 2 + # periodSeconds: 60 autoscalingTemplate: [] # Custom or additional autoscaling metrics @@ -305,6 +386,11 @@ controller: pollingInterval: 30 cooldownPeriod: 300 restoreToOriginalReplicaCount: false + scaledObject: + annotations: {} + # Custom annotations for ScaledObject resource + # annotations: + # key: value triggers: [] # - type: prometheus # metadata: @@ -355,20 +441,31 @@ controller: enableHttp: true enableHttps: true - ## Set external traffic policy to: "Local" to preserve source IP on - ## providers supporting it + ## Set external traffic policy to: "Local" to preserve source IP on providers supporting it. ## Ref: https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-typeloadbalancer # externalTrafficPolicy: "" - # Must be either "None" or "ClientIP" if set. Kubernetes will default to "None". - # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + ## Must be either "None" or "ClientIP" if set. Kubernetes will default to "None". + ## Ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies # sessionAffinity: "" - # specifies the health check node port (numeric port number) for the service. If healthCheckNodePort isn’t specified, - # the service controller allocates a port from your cluster’s NodePort range. - # Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## Specifies the health check node port (numeric port number) for the service. If healthCheckNodePort isn’t specified, + ## the service controller allocates a port from your cluster’s NodePort range. + ## Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip # healthCheckNodePort: 0 + ## Represents the dual-stack-ness requested or required by this Service. Possible values are + ## SingleStack, PreferDualStack or RequireDualStack. + ## The ipFamilies and clusterIPs fields depend on the value of this field. + ## Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/ + ipFamilyPolicy: "SingleStack" + + ## List of IP families (e.g. IPv4, IPv6) assigned to the service. This field is usually assigned automatically + ## based on cluster configuration and the ipFamilyPolicy field. + ## Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/ + ipFamilies: + - IPv4 + ports: http: 80 https: 443 @@ -397,6 +494,8 @@ controller: enabled: false annotations: {} + # loadBalancerIP: "" + ## Restrict access For LoadBalancer service. Defaults to 0.0.0.0/0. loadBalancerSourceRanges: [] @@ -456,6 +555,9 @@ controller: namespaceSelector: {} objectSelector: {} + # Use an existing PSP instead of creating one + existingPsp: "" + service: annotations: {} # clusterIP: "" @@ -465,17 +567,35 @@ controller: servicePort: 443 type: ClusterIP + createSecretJob: + resources: {} + # limits: + # cpu: 10m + # memory: 20Mi + # requests: + # cpu: 10m + # memory: 20Mi + + patchWebhookJob: + resources: {} + patch: enabled: true image: - repository: docker.io/jettech/kube-webhook-certgen - tag: v1.5.0 + registry: k8s.gcr.io + image: ingress-nginx/kube-webhook-certgen + # for backwards compatibility consider setting the full image url via the repository value below + # use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail + # repository: + tag: v1.1.1 + digest: sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 pullPolicy: IfNotPresent ## Provide a priority class name to the webhook patching job ## priorityClassName: "" podAnnotations: {} - nodeSelector: {} + nodeSelector: + kubernetes.io/os: linux tolerations: [] runAsUser: 2000 @@ -498,7 +618,7 @@ controller: # loadBalancerIP: "" loadBalancerSourceRanges: [] - servicePort: 9913 + servicePort: 10254 type: ClusterIP # externalTrafficPolicy: "" # nodePort: "" @@ -506,6 +626,8 @@ controller: serviceMonitor: enabled: false additionalLabels: {} + # The label to use to retrieve the job name from. + # jobLabel: "app.kubernetes.io/name" namespace: "" namespaceSelector: {} # Default: scrape .Release.Namespace only @@ -575,20 +697,17 @@ controller: ## revisionHistoryLimit: 10 -# Maxmind license key to download GeoLite2 Databases -# https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-geolite2-databases -maxmindLicenseKey: "" - ## Default 404 backend ## defaultBackend: ## enabled: false - name: default-backend + name: defaultbackend image: repository: registry.gitlab.com/gitlab-org/cloud-native/mirror/images/defaultbackend-amd64 tag: "1.5" + digest: sha256:4dc5e07c8ca4e23bddb3153737d7b8c556e5fb2f29c4558b7cd6e6df99c512c7 pullPolicy: IfNotPresent # nobody user -> uid 65534 runAsUser: 65534 @@ -596,11 +715,15 @@ defaultBackend: readOnlyRootFilesystem: true allowPrivilegeEscalation: false + # Use an existing PSP instead of creating one + existingPsp: "" + extraArgs: {} serviceAccount: create: true - name: + name: "" + automountServiceAccountToken: true ## Additional environment variables to set for defaultBackend pods extraEnvs: [] @@ -646,7 +769,8 @@ defaultBackend: ## Node labels for default backend pod assignment ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ ## - nodeSelector: {} + nodeSelector: + kubernetes.io/os: linux ## Annotations to be added to default backend pods ## @@ -664,7 +788,18 @@ defaultBackend: # cpu: 10m # memory: 20Mi + extraVolumeMounts: [] + ## Additional volumeMounts to the default backend container. + # - name: copy-portal-skins + # mountPath: /var/lib/lemonldap-ng/portal/skins + + extraVolumes: [] + ## Additional volumes to the default backend pod. + # - name: copy-portal-skins + # emptyDir: {} + autoscaling: + annotations: {} enabled: false minReplicas: 1 maxReplicas: 2 @@ -688,7 +823,7 @@ defaultBackend: priorityClassName: "" -## Enable RBAC as per https://github.com/kubernetes/ingress/tree/master/examples/rbac/nginx and https://github.com/kubernetes/ingress/issues/266 +## Enable RBAC as per https://github.com/kubernetes/ingress-nginx/blob/main/docs/deploy/rbac.md and https://github.com/kubernetes/ingress-nginx/issues/266 rbac: create: true scope: false @@ -700,7 +835,8 @@ podSecurityPolicy: serviceAccount: create: true - name: + name: "" + automountServiceAccountToken: true ## Optional array of imagePullSecrets containing private registry credentials ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ @@ -708,17 +844,21 @@ imagePullSecrets: [] # - name: secretName # TCP service key:value pairs -# Ref: https://github.com/kubernetes/contrib/tree/master/ingress/controllers/nginx/examples/tcp +# Ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/exposing-tcp-udp-services.md ## tcp: {} # 8080: "default/example-tcp-svc:9000" # UDP service key:value pairs -# Ref: https://github.com/kubernetes/contrib/tree/master/ingress/controllers/nginx/examples/udp +# Ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/exposing-tcp-udp-services.md ## udp: {} # 53: "kube-system/kube-dns:53" +# A base64ed Diffie-Hellman parameter +# This can be generated with: openssl dhparam 4096 2> /dev/null | base64 +# Ref: https://github.com/kubernetes/ingress-nginx/tree/main/docs/examples/customization/ssl-dh-param +dhParam: ## GitLab-provided values starting below @@ -732,4 +872,4 @@ udp: {} tcpExternalConfig: "" common: - labels: {} \ No newline at end of file + labels: {} diff --git a/requirements.yaml b/requirements.yaml index 939d459ed9..da4d662c95 100644 --- a/requirements.yaml +++ b/requirements.yaml @@ -8,7 +8,7 @@ dependencies: - name: registry version: '*.*.*' - name: cert-manager - version: 1.5.4 + version: 1.6.1 repository: https://charts.jetstack.io/ condition: certmanager.install alias: certmanager -- GitLab From 1aea885f253f5f67e7423fa227920b5fb087265a Mon Sep 17 00:00:00 2001 From: Gerard Hickey Date: Mon, 15 Nov 2021 07:43:47 -0800 Subject: [PATCH 17/48] Fixed Helm APIVersions testing --- charts/gitlab/charts/gitlab-grafana/templates/ingress.yaml | 5 ++++- charts/gitlab/charts/webservice/templates/ingress.yaml | 7 +++++-- charts/minio/templates/ingress.yaml | 7 +++++-- 3 files changed, 14 insertions(+), 5 deletions(-) diff --git a/charts/gitlab/charts/gitlab-grafana/templates/ingress.yaml b/charts/gitlab/charts/gitlab-grafana/templates/ingress.yaml index 8390b17ad2..96e46ab170 100644 --- a/charts/gitlab/charts/gitlab-grafana/templates/ingress.yaml +++ b/charts/gitlab/charts/gitlab-grafana/templates/ingress.yaml @@ -14,7 +14,9 @@ metadata: {{- include "gitlab.standardLabels" . | nindent 4 }} {{- include "gitlab.commonLabels" . | nindent 4 }} annotations: + {{- if not (.Capabilities.APIVersions.Has "networking.k8s.io/v1") }} kubernetes.io/ingress.class: "{{ template "gitlab.ingressclass" . }}" + {{- end }} kubernetes.io/ingress.provider: "{{ template "gitlab.ingress.provider" $ingressCfg }}" {{- if eq "nginx" .Values.global.ingress.provider }} nginx.ingress.kubernetes.io/proxy-body-size: {{ .Values.ingress.proxyBodySize | quote }} @@ -26,12 +28,13 @@ metadata: {{ $key }}: {{ $value | quote }} {{- end }} spec: + {{ template "ingress.classNameField" $ }} rules: - host: {{ $gitlabHostname }} http: paths: - path: /-/grafana{{ coalesce $.Values.ingress.path $.Values.global.ingress.path }} - {{ if $.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" -}} + {{ if $.Capabilities.APIVersions.Has "networking.k8s.io/v1" -}} pathType: {{ default "Prefix" $.Values.global.ingress.pathType }} backend: service: diff --git a/charts/gitlab/charts/webservice/templates/ingress.yaml b/charts/gitlab/charts/webservice/templates/ingress.yaml index 8a13349eca..f221403581 100644 --- a/charts/gitlab/charts/webservice/templates/ingress.yaml +++ b/charts/gitlab/charts/webservice/templates/ingress.yaml @@ -26,7 +26,9 @@ metadata: {{- include "webservice.labels" . | nindent 4 }} {{- include "webservice.commonLabels" . | nindent 4 }} annotations: - kubernetes.io/ingress.class: "{{ template "gitlab.ingressclass" $ }}" + {{- if not ($.Capabilities.APIVersions.Has "networking.k8s.io/v1") }} + kubernetes.io/ingress.class: "{{ template "gitlab.ingressclass" . }}" + {{- end }} kubernetes.io/ingress.provider: "{{ template "gitlab.ingress.provider" $ingressCfg }}" {{- if eq "nginx" (default $.Values.global.ingress.provider .ingress.provider) }} nginx.ingress.kubernetes.io/proxy-body-size: {{ .ingress.proxyBodySize | quote }} @@ -38,12 +40,13 @@ metadata: {{ $key }}: {{ $value | quote }} {{- end }} spec: + {{ include "ingress.classNameField" $ }} rules: - host: {{ $gitlabHostname }} http: paths: - path: {{ .ingress.path }} - {{ if $.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" -}} + {{ if $.Capabilities.APIVersions.Has "networking.k8s.io/v1" -}} pathType: {{ default .ingress.pathType $.Values.global.ingress.pathType }} backend: service: diff --git a/charts/minio/templates/ingress.yaml b/charts/minio/templates/ingress.yaml index 1769e10311..caa0cc8b08 100644 --- a/charts/minio/templates/ingress.yaml +++ b/charts/minio/templates/ingress.yaml @@ -13,7 +13,9 @@ metadata: {{- include "gitlab.standardLabels" . | nindent 4 }} {{- include "gitlab.commonLabels" . | nindent 4 }} annotations: - kubernetes.io/ingress.class: "{{ template "minio.ingressclass" . }}" + {{- if not (.Capabilities.APIVersions.Has "networking.k8s.io/v1") }} + kubernetes.io/ingress.class: "{{ template "gitlab.ingressclass" . }}" + {{- end }} kubernetes.io/ingress.provider: "{{ template "gitlab.ingress.provider" $ingressCfg }}" {{- if eq "nginx" .Values.global.ingress.provider }} nginx.ingress.kubernetes.io/proxy-body-size: {{ .Values.ingress.proxyBodySize | quote }} @@ -26,12 +28,13 @@ metadata: {{ $key }}: {{ $value | quote }} {{- end }} spec: + {{ include "ingress.classNameField" $ }} rules: - host: {{ $minioHostname }} http: paths: - path: {{ coalesce $.Values.ingress.path $.Values.global.ingress.path }} - {{ if $.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" -}} + {{ if $.Capabilities.APIVersions.Has "networking.k8s.io/v1" -}} pathType: {{ default "Prefix" $.Values.global.ingress.pathType }} backend: service: -- GitLab From 119f53d766cf549cb6084182f4dbce14ffec46e7 Mon Sep 17 00:00:00 2001 From: Gerard Hickey Date: Mon, 15 Nov 2021 07:44:30 -0800 Subject: [PATCH 18/48] Added nginx-ingress value for IngressClassName resource --- values.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/values.yaml b/values.yaml index 9cf812afef..ee2ca4c60c 100644 --- a/values.yaml +++ b/values.yaml @@ -744,6 +744,9 @@ nginx-ingress: server-tokens: "false" service: externalTrafficPolicy: "Local" + ingressClassByName: false + ingressClassResource: + name: "{{ .Release.Name }}-nginx" resources: requests: cpu: 100m -- GitLab From 0c57c9713d7792a399477f4001cf45c798013ceb Mon Sep 17 00:00:00 2001 From: Gerard Hickey Date: Mon, 15 Nov 2021 07:45:17 -0800 Subject: [PATCH 19/48] Fixed Helm APIVersions testing --- charts/registry/templates/ingress.yaml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/charts/registry/templates/ingress.yaml b/charts/registry/templates/ingress.yaml index b6648035de..c373587f82 100644 --- a/charts/registry/templates/ingress.yaml +++ b/charts/registry/templates/ingress.yaml @@ -13,7 +13,9 @@ metadata: {{- include "gitlab.standardLabels" . | nindent 4 }} {{- include "gitlab.commonLabels" . | nindent 4 }} annotations: - kubernetes.io/ingress.class: "{{ template "registry.ingressclass" . }}" + {{- if not (.Capabilities.APIVersions.Has "networking.k8s.io/v1") }} + kubernetes.io/ingress.class: "{{ template "gitlab.ingressclass" . }}" + {{- end }} kubernetes.io/ingress.provider: "{{ template "gitlab.ingress.provider" $ingressCfg }}" {{- if eq "nginx" .Values.global.ingress.provider }} nginx.ingress.kubernetes.io/proxy-body-size: {{ .Values.ingress.proxyBodySize | quote }} @@ -26,12 +28,13 @@ metadata: {{ $key }}: {{ $value | quote }} {{- end }} spec: + {{ include "ingress.classNameField" $ }} rules: - host: {{ $hostname }} http: paths: - path: {{ coalesce $.Values.ingress.path $.Values.global.ingress.path }} - {{ if $.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" -}} + {{ if $.Capabilities.APIVersions.Has "networking.k8s.io/v1" -}} pathType: {{ default "Prefix" $.Values.global.ingress.pathType }} backend: service: -- GitLab From 42b826743458bf5a91c1c7e258af49670ae1ffc7 Mon Sep 17 00:00:00 2001 From: Gerard Hickey Date: Mon, 15 Nov 2021 07:46:36 -0800 Subject: [PATCH 20/48] Added IngressClassName support to helper functions --- templates/_helpers.tpl | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 4007eca909..774b003bd3 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -544,6 +544,35 @@ Override upstream redis secret key name {{ template "gitlab.redis.password.key" . }} {{- end -}} +{{/* +Return the appropriate apiVersion for Ingress. +*/}} +{{- define "ingress.apiVersion" -}} +{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" -}} +{{- print "networking.k8s.io/v1" -}} +{{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" -}} +{{- print "networking.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "extensions/v1beta1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return an ingressClassName field if the Ingress apiVersion allows it +*/}} +{{- define "ingress.classNameField" -}} +{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" -}} +ingressClassName: {{ include "ingress.className" . }} +{{- end -}} +{{- end -}} + +{{/* +Return the ingressClassName +*/}} +{{- define "ingress.className" -}} +{{ .Release.Name }}-nginx +{{- end -}} + {{/* Return the fullname template for shared-secrets job. */}} -- GitLab From 1b7f703e50270bc09732bf2df08c2002c0fadf73 Mon Sep 17 00:00:00 2001 From: Gerard Hickey Date: Mon, 15 Nov 2021 12:50:46 -0800 Subject: [PATCH 21/48] Changes nginx-ingress to use ClusterRoles In later Kubernetes versions (1.20, 1.21 and maybe 1.22) the ingress controller is not able to get a list of IngressClasses unless the service account permissions are created as a ClusterRole. https://github.com/kubernetes/ingress-nginx/issues/7519 Signed-off-by: Gerard Hickey --- values.yaml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/values.yaml b/values.yaml index ee2ca4c60c..5d70866ae4 100644 --- a/values.yaml +++ b/values.yaml @@ -777,7 +777,10 @@ nginx-ingress: memory: 5Mi rbac: create: true - scope: true + # Needed for k8s 1.20 and 1.21 + # https://github.com/kubernetes/ingress-nginx/issues/7510 + # https://github.com/kubernetes/ingress-nginx/issues/7519 + scope: false serviceAccount: create: true -- GitLab From a75f8c603928635c42cf8b543f755da6945bc278 Mon Sep 17 00:00:00 2001 From: Gerard Hickey Date: Wed, 17 Nov 2021 17:29:05 -0800 Subject: [PATCH 22/48] Rebased against master to utilize updated helper functions --- .../gitlab-grafana/templates/ingress.yaml | 8 ++-- .../gitlab-pages/templates/ingress.yaml | 3 +- .../gitlab/charts/kas/templates/ingress.yaml | 3 +- .../charts/webservice/templates/ingress.yaml | 8 ++-- .../templates/ingress_smartcard.yaml | 3 +- charts/minio/templates/ingress.yaml | 8 ++-- charts/registry/templates/ingress.yaml | 8 ++-- templates/_helpers.tpl | 47 +++++++------------ 8 files changed, 36 insertions(+), 52 deletions(-) diff --git a/charts/gitlab/charts/gitlab-grafana/templates/ingress.yaml b/charts/gitlab/charts/gitlab-grafana/templates/ingress.yaml index 96e46ab170..31badbeb06 100644 --- a/charts/gitlab/charts/gitlab-grafana/templates/ingress.yaml +++ b/charts/gitlab/charts/gitlab-grafana/templates/ingress.yaml @@ -14,9 +14,7 @@ metadata: {{- include "gitlab.standardLabels" . | nindent 4 }} {{- include "gitlab.commonLabels" . | nindent 4 }} annotations: - {{- if not (.Capabilities.APIVersions.Has "networking.k8s.io/v1") }} - kubernetes.io/ingress.class: "{{ template "gitlab.ingressclass" . }}" - {{- end }} + {{- template "gitlab.ingress.classAnnotation" $ }} kubernetes.io/ingress.provider: "{{ template "gitlab.ingress.provider" $ingressCfg }}" {{- if eq "nginx" .Values.global.ingress.provider }} nginx.ingress.kubernetes.io/proxy-body-size: {{ .Values.ingress.proxyBodySize | quote }} @@ -28,13 +26,13 @@ metadata: {{ $key }}: {{ $value | quote }} {{- end }} spec: - {{ template "ingress.classNameField" $ }} + {{ template "gitlab.ingress.classnameField" $ }} rules: - host: {{ $gitlabHostname }} http: paths: - path: /-/grafana{{ coalesce $.Values.ingress.path $.Values.global.ingress.path }} - {{ if $.Capabilities.APIVersions.Has "networking.k8s.io/v1" -}} + {{ if $.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" -}} pathType: {{ default "Prefix" $.Values.global.ingress.pathType }} backend: service: diff --git a/charts/gitlab/charts/gitlab-pages/templates/ingress.yaml b/charts/gitlab/charts/gitlab-pages/templates/ingress.yaml index c4d78060ca..64d50d55f8 100644 --- a/charts/gitlab/charts/gitlab-pages/templates/ingress.yaml +++ b/charts/gitlab/charts/gitlab-pages/templates/ingress.yaml @@ -12,13 +12,14 @@ metadata: {{- include "gitlab.standardLabels" . | nindent 4 }} {{- include "gitlab.commonLabels" . | nindent 4 }} annotations: - kubernetes.io/ingress.class: "{{ template "gitlab.ingressclass" . }}" + {{- template "gitlab.ingress.classAnnotation" $ }} kubernetes.io/ingress.provider: "{{ template "gitlab.ingress.provider" $ingressCfg }}" {{ include "gitlab.certmanager_annotations" . }} {{- range $key, $value := merge .Values.ingress.annotations .Values.global.ingress.annotations }} {{ $key }}: {{ $value | quote }} {{- end }} spec: + {{ template "gitlab.ingress.classnameField" $ }} rules: - host: "*.{{ $hostname }}" http: diff --git a/charts/gitlab/charts/kas/templates/ingress.yaml b/charts/gitlab/charts/kas/templates/ingress.yaml index b8817a192b..2ea333ea3c 100644 --- a/charts/gitlab/charts/kas/templates/ingress.yaml +++ b/charts/gitlab/charts/kas/templates/ingress.yaml @@ -12,13 +12,14 @@ metadata: {{- include "gitlab.standardLabels" . | nindent 4 }} {{- include "gitlab.commonLabels" . | nindent 4 }} annotations: - kubernetes.io/ingress.class: "{{ template "gitlab.ingressclass" . }}" + {{- template "gitlab.ingress.classAnnotation" $ }} kubernetes.io/ingress.provider: "{{ template "gitlab.ingress.provider" $ingressCfg }}" {{ include "gitlab.certmanager_annotations" . }} {{- range $key, $value := merge .Values.ingress.annotations .Values.global.ingress.annotations }} {{ $key }}: {{ $value | quote }} {{- end }} spec: + {{ template "gitlab.ingress.classnameField" $ }} rules: - host: {{ $hostname }} http: diff --git a/charts/gitlab/charts/webservice/templates/ingress.yaml b/charts/gitlab/charts/webservice/templates/ingress.yaml index f221403581..3d1b32ba97 100644 --- a/charts/gitlab/charts/webservice/templates/ingress.yaml +++ b/charts/gitlab/charts/webservice/templates/ingress.yaml @@ -26,9 +26,7 @@ metadata: {{- include "webservice.labels" . | nindent 4 }} {{- include "webservice.commonLabels" . | nindent 4 }} annotations: - {{- if not ($.Capabilities.APIVersions.Has "networking.k8s.io/v1") }} - kubernetes.io/ingress.class: "{{ template "gitlab.ingressclass" . }}" - {{- end }} + {{- template "gitlab.ingress.classAnnotation" $ }} kubernetes.io/ingress.provider: "{{ template "gitlab.ingress.provider" $ingressCfg }}" {{- if eq "nginx" (default $.Values.global.ingress.provider .ingress.provider) }} nginx.ingress.kubernetes.io/proxy-body-size: {{ .ingress.proxyBodySize | quote }} @@ -40,13 +38,13 @@ metadata: {{ $key }}: {{ $value | quote }} {{- end }} spec: - {{ include "ingress.classNameField" $ }} + {{ template "gitlab.ingress.classnameField" $ }} rules: - host: {{ $gitlabHostname }} http: paths: - path: {{ .ingress.path }} - {{ if $.Capabilities.APIVersions.Has "networking.k8s.io/v1" -}} + {{ if $.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" -}} pathType: {{ default .ingress.pathType $.Values.global.ingress.pathType }} backend: service: diff --git a/charts/gitlab/charts/webservice/templates/ingress_smartcard.yaml b/charts/gitlab/charts/webservice/templates/ingress_smartcard.yaml index 8c9dc1763e..fe0d59cb43 100644 --- a/charts/gitlab/charts/webservice/templates/ingress_smartcard.yaml +++ b/charts/gitlab/charts/webservice/templates/ingress_smartcard.yaml @@ -21,7 +21,7 @@ metadata: {{- include "gitlab.standardLabels" $ | nindent 4 }} {{- include "gitlab.commonLabels" $ | nindent 4 }} annotations: - kubernetes.io/ingress.class: "{{ template "gitlab.ingressclass" $ }}" + {{- template "gitlab.ingress.classAnnotation" $ }} kubernetes.io/ingress.provider: "{{ template "gitlab.ingress.provider" $ingressCfg }}" {{- if eq "nginx" $.Values.global.ingress.provider }} nginx.ingress.kubernetes.io/proxy-body-size: {{ $.Values.ingress.proxyBodySize | quote }} @@ -38,6 +38,7 @@ metadata: {{ $key }}: {{ $value | quote }} {{- end }} spec: + {{ template "gitlab.ingress.classnameField" $ }} rules: - host: {{ $smartcardHostname }} http: diff --git a/charts/minio/templates/ingress.yaml b/charts/minio/templates/ingress.yaml index caa0cc8b08..064b932c6f 100644 --- a/charts/minio/templates/ingress.yaml +++ b/charts/minio/templates/ingress.yaml @@ -13,9 +13,7 @@ metadata: {{- include "gitlab.standardLabels" . | nindent 4 }} {{- include "gitlab.commonLabels" . | nindent 4 }} annotations: - {{- if not (.Capabilities.APIVersions.Has "networking.k8s.io/v1") }} - kubernetes.io/ingress.class: "{{ template "gitlab.ingressclass" . }}" - {{- end }} + {{- template "gitlab.ingress.classAnnotation" $ }} kubernetes.io/ingress.provider: "{{ template "gitlab.ingress.provider" $ingressCfg }}" {{- if eq "nginx" .Values.global.ingress.provider }} nginx.ingress.kubernetes.io/proxy-body-size: {{ .Values.ingress.proxyBodySize | quote }} @@ -28,13 +26,13 @@ metadata: {{ $key }}: {{ $value | quote }} {{- end }} spec: - {{ include "ingress.classNameField" $ }} + {{ template "gitlab.ingress.classnameField" $ }} rules: - host: {{ $minioHostname }} http: paths: - path: {{ coalesce $.Values.ingress.path $.Values.global.ingress.path }} - {{ if $.Capabilities.APIVersions.Has "networking.k8s.io/v1" -}} + {{ if $.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" -}} pathType: {{ default "Prefix" $.Values.global.ingress.pathType }} backend: service: diff --git a/charts/registry/templates/ingress.yaml b/charts/registry/templates/ingress.yaml index c373587f82..74d884656e 100644 --- a/charts/registry/templates/ingress.yaml +++ b/charts/registry/templates/ingress.yaml @@ -13,9 +13,7 @@ metadata: {{- include "gitlab.standardLabels" . | nindent 4 }} {{- include "gitlab.commonLabels" . | nindent 4 }} annotations: - {{- if not (.Capabilities.APIVersions.Has "networking.k8s.io/v1") }} - kubernetes.io/ingress.class: "{{ template "gitlab.ingressclass" . }}" - {{- end }} + {{- template "gitlab.ingress.classAnnotation" $ }} kubernetes.io/ingress.provider: "{{ template "gitlab.ingress.provider" $ingressCfg }}" {{- if eq "nginx" .Values.global.ingress.provider }} nginx.ingress.kubernetes.io/proxy-body-size: {{ .Values.ingress.proxyBodySize | quote }} @@ -28,13 +26,13 @@ metadata: {{ $key }}: {{ $value | quote }} {{- end }} spec: - {{ include "ingress.classNameField" $ }} + {{ template "gitlab.ingress.classnameField" $ }} rules: - host: {{ $hostname }} http: paths: - path: {{ coalesce $.Values.ingress.path $.Values.global.ingress.path }} - {{ if $.Capabilities.APIVersions.Has "networking.k8s.io/v1" -}} + {{ if $.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" -}} pathType: {{ default "Prefix" $.Values.global.ingress.pathType }} backend: service: diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 774b003bd3..d5246616d1 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -347,6 +347,24 @@ kubernetes.io/ingress.provider: "{{ template "gitlab.ingress.provider" $ingressC {{- end -}} {{- end -}} +{{/* +Return an ingressClassName field if the Ingress apiVersion allows it +*/}} +{{- define "gitlab.ingress.classnameField" -}} +{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" -}} +ingressClassName: {{ include "gitlab.ingressclass" . }} +{{- end -}} +{{- end -}} + +{{/* +Return an ingress.class if the Ingress apiVersion allows it +*/}} +{{- define "gitlab.ingress.classAnnotation" -}} +{{- if not ($.Capabilities.APIVersions.Has "networking.k8s.io/v1/IngressClass") }} +kubernetes.io/ingress.class: "{{ template "gitlab.ingressclass" . }}" +{{- end }} +{{- end -}} + {{/* Returns the nginx ingress class */}} @@ -544,35 +562,6 @@ Override upstream redis secret key name {{ template "gitlab.redis.password.key" . }} {{- end -}} -{{/* -Return the appropriate apiVersion for Ingress. -*/}} -{{- define "ingress.apiVersion" -}} -{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" -}} -{{- print "networking.k8s.io/v1" -}} -{{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" -}} -{{- print "networking.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "extensions/v1beta1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return an ingressClassName field if the Ingress apiVersion allows it -*/}} -{{- define "ingress.classNameField" -}} -{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" -}} -ingressClassName: {{ include "ingress.className" . }} -{{- end -}} -{{- end -}} - -{{/* -Return the ingressClassName -*/}} -{{- define "ingress.className" -}} -{{ .Release.Name }}-nginx -{{- end -}} - {{/* Return the fullname template for shared-secrets job. */}} -- GitLab From fa26964f5f04d50c9ee4d5322c1dca7d92196df9 Mon Sep 17 00:00:00 2001 From: Gerard Hickey Date: Wed, 17 Nov 2021 17:30:25 -0800 Subject: [PATCH 23/48] Reverted to cert-manager 1.5.4 --- .gitlab-ci.yml | 8 ++++---- requirements.yaml | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 12146ab276..7348147a25 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -144,16 +144,16 @@ lint_package: - /(^docs[\/-].+|.+-docs$)/ - *com_auto_deploy_branch_ref -"Validate 1.16.15": +"Validate 1.20.7": extends: .kubeval variables: - KUBE_VERSION: "1.16.15" + KUBE_VERSION: "1.20.7" KUBEVAL_SCHEMA_LOCATION: "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/" -"Validate 1.20.7": +"Validate 1.22.3": extends: .kubeval variables: - KUBE_VERSION: "1.20.7" + KUBE_VERSION: "1.22.3" KUBEVAL_SCHEMA_LOCATION: "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/" .review_template: diff --git a/requirements.yaml b/requirements.yaml index da4d662c95..939d459ed9 100644 --- a/requirements.yaml +++ b/requirements.yaml @@ -8,7 +8,7 @@ dependencies: - name: registry version: '*.*.*' - name: cert-manager - version: 1.6.1 + version: 1.5.4 repository: https://charts.jetstack.io/ condition: certmanager.install alias: certmanager -- GitLab From 81de0f8ac79054efff0b607b3f484656f3cdf344 Mon Sep 17 00:00:00 2001 From: Gerard Hickey Date: Tue, 30 Nov 2021 01:56:37 -0800 Subject: [PATCH 24/48] Fixed ingress-class annotation for RSpec tests --- charts/gitlab/charts/gitlab-grafana/templates/ingress.yaml | 2 +- charts/gitlab/charts/gitlab-pages/templates/ingress.yaml | 2 +- charts/gitlab/charts/kas/templates/ingress.yaml | 2 +- charts/gitlab/charts/webservice/templates/ingress.yaml | 2 +- .../gitlab/charts/webservice/templates/ingress_smartcard.yaml | 2 +- charts/minio/templates/ingress.yaml | 2 +- charts/registry/templates/ingress.yaml | 2 +- templates/_helpers.tpl | 4 ++-- 8 files changed, 9 insertions(+), 9 deletions(-) diff --git a/charts/gitlab/charts/gitlab-grafana/templates/ingress.yaml b/charts/gitlab/charts/gitlab-grafana/templates/ingress.yaml index 31badbeb06..7819cccaa6 100644 --- a/charts/gitlab/charts/gitlab-grafana/templates/ingress.yaml +++ b/charts/gitlab/charts/gitlab-grafana/templates/ingress.yaml @@ -14,7 +14,7 @@ metadata: {{- include "gitlab.standardLabels" . | nindent 4 }} {{- include "gitlab.commonLabels" . | nindent 4 }} annotations: - {{- template "gitlab.ingress.classAnnotation" $ }} + {{ include "gitlab.ingress.classAnnotation" . }} kubernetes.io/ingress.provider: "{{ template "gitlab.ingress.provider" $ingressCfg }}" {{- if eq "nginx" .Values.global.ingress.provider }} nginx.ingress.kubernetes.io/proxy-body-size: {{ .Values.ingress.proxyBodySize | quote }} diff --git a/charts/gitlab/charts/gitlab-pages/templates/ingress.yaml b/charts/gitlab/charts/gitlab-pages/templates/ingress.yaml index 64d50d55f8..240359ca91 100644 --- a/charts/gitlab/charts/gitlab-pages/templates/ingress.yaml +++ b/charts/gitlab/charts/gitlab-pages/templates/ingress.yaml @@ -12,7 +12,7 @@ metadata: {{- include "gitlab.standardLabels" . | nindent 4 }} {{- include "gitlab.commonLabels" . | nindent 4 }} annotations: - {{- template "gitlab.ingress.classAnnotation" $ }} + {{ include "gitlab.ingress.classAnnotation" . }} kubernetes.io/ingress.provider: "{{ template "gitlab.ingress.provider" $ingressCfg }}" {{ include "gitlab.certmanager_annotations" . }} {{- range $key, $value := merge .Values.ingress.annotations .Values.global.ingress.annotations }} diff --git a/charts/gitlab/charts/kas/templates/ingress.yaml b/charts/gitlab/charts/kas/templates/ingress.yaml index 2ea333ea3c..0d5b9efbc4 100644 --- a/charts/gitlab/charts/kas/templates/ingress.yaml +++ b/charts/gitlab/charts/kas/templates/ingress.yaml @@ -12,7 +12,7 @@ metadata: {{- include "gitlab.standardLabels" . | nindent 4 }} {{- include "gitlab.commonLabels" . | nindent 4 }} annotations: - {{- template "gitlab.ingress.classAnnotation" $ }} + {{ include "gitlab.ingress.classAnnotation" . }} kubernetes.io/ingress.provider: "{{ template "gitlab.ingress.provider" $ingressCfg }}" {{ include "gitlab.certmanager_annotations" . }} {{- range $key, $value := merge .Values.ingress.annotations .Values.global.ingress.annotations }} diff --git a/charts/gitlab/charts/webservice/templates/ingress.yaml b/charts/gitlab/charts/webservice/templates/ingress.yaml index 3d1b32ba97..0e946ae8e3 100644 --- a/charts/gitlab/charts/webservice/templates/ingress.yaml +++ b/charts/gitlab/charts/webservice/templates/ingress.yaml @@ -26,7 +26,7 @@ metadata: {{- include "webservice.labels" . | nindent 4 }} {{- include "webservice.commonLabels" . | nindent 4 }} annotations: - {{- template "gitlab.ingress.classAnnotation" $ }} + {{ include "gitlab.ingress.classAnnotation" $ }} kubernetes.io/ingress.provider: "{{ template "gitlab.ingress.provider" $ingressCfg }}" {{- if eq "nginx" (default $.Values.global.ingress.provider .ingress.provider) }} nginx.ingress.kubernetes.io/proxy-body-size: {{ .ingress.proxyBodySize | quote }} diff --git a/charts/gitlab/charts/webservice/templates/ingress_smartcard.yaml b/charts/gitlab/charts/webservice/templates/ingress_smartcard.yaml index fe0d59cb43..8944bd4845 100644 --- a/charts/gitlab/charts/webservice/templates/ingress_smartcard.yaml +++ b/charts/gitlab/charts/webservice/templates/ingress_smartcard.yaml @@ -21,7 +21,7 @@ metadata: {{- include "gitlab.standardLabels" $ | nindent 4 }} {{- include "gitlab.commonLabels" $ | nindent 4 }} annotations: - {{- template "gitlab.ingress.classAnnotation" $ }} + {{ include "gitlab.ingress.classAnnotation" $ }} kubernetes.io/ingress.provider: "{{ template "gitlab.ingress.provider" $ingressCfg }}" {{- if eq "nginx" $.Values.global.ingress.provider }} nginx.ingress.kubernetes.io/proxy-body-size: {{ $.Values.ingress.proxyBodySize | quote }} diff --git a/charts/minio/templates/ingress.yaml b/charts/minio/templates/ingress.yaml index 064b932c6f..1e8dc0672b 100644 --- a/charts/minio/templates/ingress.yaml +++ b/charts/minio/templates/ingress.yaml @@ -13,7 +13,7 @@ metadata: {{- include "gitlab.standardLabels" . | nindent 4 }} {{- include "gitlab.commonLabels" . | nindent 4 }} annotations: - {{- template "gitlab.ingress.classAnnotation" $ }} + {{ include "gitlab.ingress.classAnnotation" . }} kubernetes.io/ingress.provider: "{{ template "gitlab.ingress.provider" $ingressCfg }}" {{- if eq "nginx" .Values.global.ingress.provider }} nginx.ingress.kubernetes.io/proxy-body-size: {{ .Values.ingress.proxyBodySize | quote }} diff --git a/charts/registry/templates/ingress.yaml b/charts/registry/templates/ingress.yaml index 74d884656e..83a2450822 100644 --- a/charts/registry/templates/ingress.yaml +++ b/charts/registry/templates/ingress.yaml @@ -13,7 +13,7 @@ metadata: {{- include "gitlab.standardLabels" . | nindent 4 }} {{- include "gitlab.commonLabels" . | nindent 4 }} annotations: - {{- template "gitlab.ingress.classAnnotation" $ }} + {{ include "gitlab.ingress.classAnnotation" . }} kubernetes.io/ingress.provider: "{{ template "gitlab.ingress.provider" $ingressCfg }}" {{- if eq "nginx" .Values.global.ingress.provider }} nginx.ingress.kubernetes.io/proxy-body-size: {{ .Values.ingress.proxyBodySize | quote }} diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index d5246616d1..085ecd90a5 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -360,9 +360,9 @@ ingressClassName: {{ include "gitlab.ingressclass" . }} Return an ingress.class if the Ingress apiVersion allows it */}} {{- define "gitlab.ingress.classAnnotation" -}} -{{- if not ($.Capabilities.APIVersions.Has "networking.k8s.io/v1/IngressClass") }} +{{- if not ($.Capabilities.APIVersions.Has "networking.k8s.io/v1/IngressClass") -}} kubernetes.io/ingress.class: "{{ template "gitlab.ingressclass" . }}" -{{- end }} +{{- end -}} {{- end -}} {{/* -- GitLab From ce8c7b86f3729223079c012f3fe5ed1c16b8505e Mon Sep 17 00:00:00 2001 From: Gerard Hickey Date: Tue, 30 Nov 2021 05:00:38 -0800 Subject: [PATCH 25/48] Added spec tests to test Ingress class annotation and resource --- spec/configuration/ingress_spec.rb | 68 ++++++++++++++++++++++++++++++ templates/_helpers.tpl | 12 +++++- 2 files changed, 78 insertions(+), 2 deletions(-) diff --git a/spec/configuration/ingress_spec.rb b/spec/configuration/ingress_spec.rb index a0f6c6d9e8..dd2cbbbc7e 100644 --- a/spec/configuration/ingress_spec.rb +++ b/spec/configuration/ingress_spec.rb @@ -206,5 +206,73 @@ describe 'GitLab Ingress configuration(s)' do end end end + + context 'when using ingress with networking.k8s.io/v1beta1 API' do + it 'does not set ingressClassName resource' do + api_version = enable_all_ingress.deep_merge(YAML.safe_load(%( + global: + ingress: + apiVersion: networking.k8s.io/v1beta1 + ))) + + template = HelmTemplate.new(api_version) + expect(template.exit_code).to eq(0) + + ingress_names.each do |ingress_name| + classResource = template.dig("Ingress/#{ingress_name}", 'spec', 'ingressClassName') + expect(classResource).to eq(nil) + end + end + + it 'sets ingress-class annotation' do + api_version = enable_all_ingress.deep_merge(YAML.safe_load(%( + global: + ingress: + apiVersion: networking.k8s.io/v1beta1 + ))) + + template = HelmTemplate.new(api_version) + expect(template.exit_code).to eq(0) + + ingress_names.each do |ingress_name| + annotation = template.dig("Ingress/#{ingress_name}", 'metadata', 'annotations', 'kubernetes.io/ingress.class') + expect(annotation).to eq('test-nginx') + end + end + end + + context 'when using ingress with networking.k8s.io/v1 API' do + it 'sets ingressClassName resource' do + api_version = enable_all_ingress.deep_merge(YAML.safe_load(%( + global: + ingress: + apiVersion: networking.k8s.io/v1 + ))) + + template = HelmTemplate.new(api_version) + expect(template.exit_code).to eq(0) + + ingress_names.each do |ingress_name| + classResource = template.dig("Ingress/#{ingress_name}", 'spec', 'ingressClassName') + expect(classResource).to eq('test-nginx') + end + end + + it 'does not set ingress-class annotation' do + api_version = enable_all_ingress.deep_merge(YAML.safe_load(%( + global: + ingress: + apiVersion: networking.k8s.io/v1 + ))) + + template = HelmTemplate.new(api_version) + expect(template.exit_code).to eq(0) + + ingress_names.each do |ingress_name| + annotation = template.dig("Ingress/#{ingress_name}", 'metadata', 'annotations', 'kubernetes.io/ingress.class') + expect(annotation).to eq(nil) + end + end + end end end diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 085ecd90a5..d974aee40f 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -351,7 +351,11 @@ kubernetes.io/ingress.provider: "{{ template "gitlab.ingress.provider" $ingressC Return an ingressClassName field if the Ingress apiVersion allows it */}} {{- define "gitlab.ingress.classnameField" -}} -{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" -}} +{{- if .Values.global.ingress.apiVersion -}} +{{- if eq .Values.global.ingress.apiVersion "networking.k8s.io/v1" -}} +ingressClassName: {{ include "gitlab.ingressclass" . }} +{{- end -}} +{{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" -}} ingressClassName: {{ include "gitlab.ingressclass" . }} {{- end -}} {{- end -}} @@ -360,7 +364,11 @@ ingressClassName: {{ include "gitlab.ingressclass" . }} Return an ingress.class if the Ingress apiVersion allows it */}} {{- define "gitlab.ingress.classAnnotation" -}} -{{- if not ($.Capabilities.APIVersions.Has "networking.k8s.io/v1/IngressClass") -}} +{{- if .Values.global.ingress.apiVersion -}} +{{- if not (eq .Values.global.ingress.apiVersion "networking.k8s.io/v1") -}} +kubernetes.io/ingress.class: "{{ template "gitlab.ingressclass" . }}" +{{- end -}} +{{- else if not (.Capabilities.APIVersions.Has "networking.k8s.io/v1/IngressClass") -}} kubernetes.io/ingress.class: "{{ template "gitlab.ingressclass" . }}" {{- end -}} {{- end -}} -- GitLab From 41fb2cef37e27b4d8d21588a1a9de996efc98bec Mon Sep 17 00:00:00 2001 From: Gerard Hickey Date: Tue, 30 Nov 2021 05:16:57 -0800 Subject: [PATCH 26/48] Updated nginx-ingress doc concerning Kubernetes 1.22 --- doc/charts/nginx/index.md | 5 +++-- spec/configuration/ingress_spec.rb | 8 ++++---- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/doc/charts/nginx/index.md b/doc/charts/nginx/index.md index fc3354eac3..3f0ad5a1b6 100644 --- a/doc/charts/nginx/index.md +++ b/doc/charts/nginx/index.md @@ -18,8 +18,9 @@ Our [fork](https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/nginx- [GitHub](https://github.com/kubernetes/ingress-nginx). See [Our NGINX fork](fork.md) for details on what was modified in our fork. NOTE: -The version of the NGINX Ingress Helm Chart bundled with the GitLab Helm Charts does not support Kubernetes 1.22. -See [#2852](https://gitlab.com/gitlab-org/charts/gitlab/-/issues/2852) for more information. +The version of the NGINX Ingress Helm Chart bundled with the GitLab Helm Charts +has been updated to support Kubernetes 1.22. As a result, the GitLab Helm +Chart can not longer support Kubernetes versions prior to 1.19. ## Configuring NGINX diff --git a/spec/configuration/ingress_spec.rb b/spec/configuration/ingress_spec.rb index dd2cbbbc7e..f48efabafb 100644 --- a/spec/configuration/ingress_spec.rb +++ b/spec/configuration/ingress_spec.rb @@ -219,8 +219,8 @@ describe 'GitLab Ingress configuration(s)' do expect(template.exit_code).to eq(0) ingress_names.each do |ingress_name| - classResource = template.dig("Ingress/#{ingress_name}", 'spec', 'ingressClassName') - expect(classResource).to eq(nil) + class_resource = template.dig("Ingress/#{ingress_name}", 'spec', 'ingressClassName') + expect(class_resource).to eq(nil) end end @@ -253,8 +253,8 @@ describe 'GitLab Ingress configuration(s)' do expect(template.exit_code).to eq(0) ingress_names.each do |ingress_name| - classResource = template.dig("Ingress/#{ingress_name}", 'spec', 'ingressClassName') - expect(classResource).to eq('test-nginx') + class_resource = template.dig("Ingress/#{ingress_name}", 'spec', 'ingressClassName') + expect(class_resource).to eq('test-nginx') end end -- GitLab From 209dde580b935adaf22dbde0d1fe6a8c384315f0 Mon Sep 17 00:00:00 2001 From: Gerard Hickey Date: Tue, 30 Nov 2021 13:12:25 -0800 Subject: [PATCH 27/48] Setting ingress API version in 1.22 validation --- .gitlab-ci.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 7348147a25..dfb98dfcad 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -135,7 +135,7 @@ lint_package: - helm repo add gitlab https://charts.gitlab.io - helm repo add jetstack https://charts.jetstack.io - helm dependencies update - - helm kubeval . --force-color --strict --set certmanager-issuer.email=support@gitlab.com --skip-kinds "CustomResourceDefinition" -v $KUBE_VERSION + - helm kubeval . --force-color --strict --set certmanager-issuer.email=support@gitlab.com $HELM_EXTRAS --skip-kinds "CustomResourceDefinition" -v $KUBE_VERSION except: <<: *deps_pipeline refs: @@ -155,6 +155,7 @@ lint_package: variables: KUBE_VERSION: "1.22.3" KUBEVAL_SCHEMA_LOCATION: "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/" + HELM_EXTRAS: "--set global.ingress.apiVersion=networking.k8s.io/v1" .review_template: stage: review -- GitLab From 08a2d28c05bcdef10a94c21376639783be325a02 Mon Sep 17 00:00:00 2001 From: Gerard Hickey Date: Tue, 30 Nov 2021 13:25:29 -0800 Subject: [PATCH 28/48] Updated conditional on some ingresses when API version manually set --- charts/gitlab/charts/webservice/templates/ingress.yaml | 2 +- charts/minio/templates/ingress.yaml | 2 +- charts/registry/templates/ingress.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/gitlab/charts/webservice/templates/ingress.yaml b/charts/gitlab/charts/webservice/templates/ingress.yaml index 0e946ae8e3..72362ee02a 100644 --- a/charts/gitlab/charts/webservice/templates/ingress.yaml +++ b/charts/gitlab/charts/webservice/templates/ingress.yaml @@ -44,7 +44,7 @@ spec: http: paths: - path: {{ .ingress.path }} - {{ if $.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" -}} + {{ if or ($.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress") (eq $.Values.global.ingress.apiVersion "networking.k8s.io/v1") -}} pathType: {{ default .ingress.pathType $.Values.global.ingress.pathType }} backend: service: diff --git a/charts/minio/templates/ingress.yaml b/charts/minio/templates/ingress.yaml index 1e8dc0672b..0d82992ed1 100644 --- a/charts/minio/templates/ingress.yaml +++ b/charts/minio/templates/ingress.yaml @@ -32,7 +32,7 @@ spec: http: paths: - path: {{ coalesce $.Values.ingress.path $.Values.global.ingress.path }} - {{ if $.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" -}} + {{ if or ($.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress") (eq $.Values.global.ingress.apiVersion "networking.k8s.io/v1") -}} pathType: {{ default "Prefix" $.Values.global.ingress.pathType }} backend: service: diff --git a/charts/registry/templates/ingress.yaml b/charts/registry/templates/ingress.yaml index 83a2450822..3734f86fc4 100644 --- a/charts/registry/templates/ingress.yaml +++ b/charts/registry/templates/ingress.yaml @@ -32,7 +32,7 @@ spec: http: paths: - path: {{ coalesce $.Values.ingress.path $.Values.global.ingress.path }} - {{ if $.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" -}} + {{ if or ($.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress") (eq $.Values.global.ingress.apiVersion "networking.k8s.io/v1") -}} pathType: {{ default "Prefix" $.Values.global.ingress.pathType }} backend: service: -- GitLab From 19f481c2dc2d024b98ae150c8f2d0dd2d1feab10 Mon Sep 17 00:00:00 2001 From: Gerard Hickey Date: Thu, 2 Dec 2021 15:26:57 -0800 Subject: [PATCH 29/48] Handle manual Ingress apiVersion specification When global.ingress.apiVersion is specified, the ingress class annotation and ingressClassName resource are incorrectly added to Ingress objects. Change to the conditionals for generating the annotation and resource now take into account the setting of global.ingress.apiVersion. Signed-off-by: Gerard HIckey --- spec/helm_template_helper.rb | 14 +++++++++++--- templates/_helpers.tpl | 12 ++---------- values.yaml | 2 +- 3 files changed, 14 insertions(+), 14 deletions(-) diff --git a/spec/helm_template_helper.rb b/spec/helm_template_helper.rb index 7648b239b0..cc2195d37e 100644 --- a/spec/helm_template_helper.rb +++ b/spec/helm_template_helper.rb @@ -61,9 +61,17 @@ class HelmTemplate stdin_data: YAML.dump(values)) @stdout, @stderr, @exit_code = result # handle common failures when helm or chart not setup properly - case @exit_code - when 256 - fail "Chart dependencies not installed, run 'helm dependency update'" if @stderr.include? 'found in Chart.yaml, but missing in charts/ directory' + if @exit_code == 256 + case + when @stderr.start_with?('FATAL') + # errors that start with FATAL are expected failures, pass to RSpec + when @stderr.start_with?('Error: template: gitlab/templates/NOTES.txt') + # checkConfig failure, pass to RSpec + when @stderr.include?('found in Chart.yaml, but missing in charts/ directory') + fail "Chart dependencies not installed, run 'helm dependency update'" + when @stderr.include?('Error: template') + fail "Helm template syntax error.\n#{@stderr}" + end end # load the complete output's YAML documents into an array yaml = YAML.load_stream(@stdout) diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index d974aee40f..363e5a3e0d 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -351,11 +351,7 @@ kubernetes.io/ingress.provider: "{{ template "gitlab.ingress.provider" $ingressC Return an ingressClassName field if the Ingress apiVersion allows it */}} {{- define "gitlab.ingress.classnameField" -}} -{{- if .Values.global.ingress.apiVersion -}} -{{- if eq .Values.global.ingress.apiVersion "networking.k8s.io/v1" -}} -ingressClassName: {{ include "gitlab.ingressclass" . }} -{{- end -}} -{{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" -}} +{{- if or (.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress") (eq .Values.global.ingress.apiVersion "networking.k8s.io/v1") -}} ingressClassName: {{ include "gitlab.ingressclass" . }} {{- end -}} {{- end -}} @@ -364,11 +360,7 @@ ingressClassName: {{ include "gitlab.ingressclass" . }} Return an ingress.class if the Ingress apiVersion allows it */}} {{- define "gitlab.ingress.classAnnotation" -}} -{{- if .Values.global.ingress.apiVersion -}} -{{- if not (eq .Values.global.ingress.apiVersion "networking.k8s.io/v1") -}} -kubernetes.io/ingress.class: "{{ template "gitlab.ingressclass" . }}" -{{- end -}} -{{- else if not (.Capabilities.APIVersions.Has "networking.k8s.io/v1/IngressClass") -}} +{{- if and (not (.Capabilities.APIVersions.Has "networking.k8s.io/v1/IngressClass")) (not (eq .Values.global.ingress.apiVersion "networking.k8s.io/v1")) -}} kubernetes.io/ingress.class: "{{ template "gitlab.ingressclass" . }}" {{- end -}} {{- end -}} diff --git a/values.yaml b/values.yaml index 5d70866ae4..7230c2038e 100644 --- a/values.yaml +++ b/values.yaml @@ -69,7 +69,7 @@ global: ## https://docs.gitlab.com/charts/charts/globals#configure-ingress-settings ingress: - apiVersion: + apiVersion: "" configureCertmanager: true provider: nginx annotations: {} -- GitLab From d44ebdae885ed721e3ba528c894946e4775e2ef9 Mon Sep 17 00:00:00 2001 From: Gerard Hickey Date: Thu, 2 Dec 2021 20:06:59 -0800 Subject: [PATCH 30/48] Clean up of nginx-ingress chart and re-added selectors --- charts/nginx-ingress/CHANGELOG.md | 273 ------------------ charts/nginx-ingress/OWNERS | 10 - .../controller-custom-ingressclass-flags.yaml | 7 - .../ci/daemonset-customconfig-values.yaml | 14 - .../ci/daemonset-customnodeport-values.yaml | 22 -- .../ci/daemonset-headers-values.yaml | 14 - .../ci/daemonset-internal-lb-values.yaml | 14 - .../ci/daemonset-nodeport-values.yaml | 10 - .../ci/daemonset-podannotations-values.yaml | 17 -- ...set-tcp-udp-configMapNamespace-values.yaml | 20 -- .../ci/daemonset-tcp-udp-values.yaml | 16 - .../ci/daemonset-tcp-values.yaml | 14 - .../ci/deamonset-default-values.yaml | 10 - .../ci/deamonset-metrics-values.yaml | 12 - .../ci/deamonset-psp-values.yaml | 13 - .../ci/deamonset-webhook-and-psp-values.yaml | 13 - .../ci/deamonset-webhook-values.yaml | 10 - ...eployment-autoscaling-behavior-values.yaml | 14 - .../ci/deployment-autoscaling-values.yaml | 11 - .../ci/deployment-customconfig-values.yaml | 12 - .../ci/deployment-customnodeport-values.yaml | 20 -- .../ci/deployment-default-values.yaml | 8 - .../ci/deployment-headers-values.yaml | 13 - .../ci/deployment-internal-lb-values.yaml | 13 - .../ci/deployment-metrics-values.yaml | 11 - .../ci/deployment-nodeport-values.yaml | 9 - .../ci/deployment-podannotations-values.yaml | 16 - .../ci/deployment-psp-values.yaml | 10 - ...ent-tcp-udp-configMapNamespace-values.yaml | 19 -- .../ci/deployment-tcp-udp-values.yaml | 15 - .../ci/deployment-tcp-values.yaml | 11 - .../ci/deployment-webhook-and-psp-values.yaml | 12 - .../deployment-webhook-resources-values.yaml | 23 -- .../ci/deployment-webhook-values.yaml | 9 - charts/nginx-ingress/templates/_helpers.tpl | 8 + spec/helm_template_helper.rb | 25 +- 36 files changed, 22 insertions(+), 726 deletions(-) delete mode 100644 charts/nginx-ingress/CHANGELOG.md delete mode 100644 charts/nginx-ingress/OWNERS delete mode 100644 charts/nginx-ingress/ci/controller-custom-ingressclass-flags.yaml delete mode 100644 charts/nginx-ingress/ci/daemonset-customconfig-values.yaml delete mode 100644 charts/nginx-ingress/ci/daemonset-customnodeport-values.yaml delete mode 100644 charts/nginx-ingress/ci/daemonset-headers-values.yaml delete mode 100644 charts/nginx-ingress/ci/daemonset-internal-lb-values.yaml delete mode 100644 charts/nginx-ingress/ci/daemonset-nodeport-values.yaml delete mode 100644 charts/nginx-ingress/ci/daemonset-podannotations-values.yaml delete mode 100644 charts/nginx-ingress/ci/daemonset-tcp-udp-configMapNamespace-values.yaml delete mode 100644 charts/nginx-ingress/ci/daemonset-tcp-udp-values.yaml delete mode 100644 charts/nginx-ingress/ci/daemonset-tcp-values.yaml delete mode 100644 charts/nginx-ingress/ci/deamonset-default-values.yaml delete mode 100644 charts/nginx-ingress/ci/deamonset-metrics-values.yaml delete mode 100644 charts/nginx-ingress/ci/deamonset-psp-values.yaml delete mode 100644 charts/nginx-ingress/ci/deamonset-webhook-and-psp-values.yaml delete mode 100644 charts/nginx-ingress/ci/deamonset-webhook-values.yaml delete mode 100644 charts/nginx-ingress/ci/deployment-autoscaling-behavior-values.yaml delete mode 100644 charts/nginx-ingress/ci/deployment-autoscaling-values.yaml delete mode 100644 charts/nginx-ingress/ci/deployment-customconfig-values.yaml delete mode 100644 charts/nginx-ingress/ci/deployment-customnodeport-values.yaml delete mode 100644 charts/nginx-ingress/ci/deployment-default-values.yaml delete mode 100644 charts/nginx-ingress/ci/deployment-headers-values.yaml delete mode 100644 charts/nginx-ingress/ci/deployment-internal-lb-values.yaml delete mode 100644 charts/nginx-ingress/ci/deployment-metrics-values.yaml delete mode 100644 charts/nginx-ingress/ci/deployment-nodeport-values.yaml delete mode 100644 charts/nginx-ingress/ci/deployment-podannotations-values.yaml delete mode 100644 charts/nginx-ingress/ci/deployment-psp-values.yaml delete mode 100644 charts/nginx-ingress/ci/deployment-tcp-udp-configMapNamespace-values.yaml delete mode 100644 charts/nginx-ingress/ci/deployment-tcp-udp-values.yaml delete mode 100644 charts/nginx-ingress/ci/deployment-tcp-values.yaml delete mode 100644 charts/nginx-ingress/ci/deployment-webhook-and-psp-values.yaml delete mode 100644 charts/nginx-ingress/ci/deployment-webhook-resources-values.yaml delete mode 100644 charts/nginx-ingress/ci/deployment-webhook-values.yaml diff --git a/charts/nginx-ingress/CHANGELOG.md b/charts/nginx-ingress/CHANGELOG.md deleted file mode 100644 index d61bd5db81..0000000000 --- a/charts/nginx-ingress/CHANGELOG.md +++ /dev/null @@ -1,273 +0,0 @@ -# Changelog - -This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). - -### 4.0.6 - -- [7804] https://github.com/kubernetes/ingress-nginx/pull/7804 Release v1.0.4 of ingress-nginx -- [7651] https://github.com/kubernetes/ingress-nginx/pull/7651 Support ipFamilyPolicy and ipFamilies fields in Helm Chart -- [7798] https://github.com/kubernetes/ingress-nginx/pull/7798 Exoscale: use HTTP Healthcheck mode -- [7793] https://github.com/kubernetes/ingress-nginx/pull/7793 Update kube-webhook-certgen to v1.1.1 - -### 4.0.5 - -- [7740] https://github.com/kubernetes/ingress-nginx/pull/7740 Release v1.0.3 of ingress-nginx - -### 4.0.3 - -- [7707] https://github.com/kubernetes/ingress-nginx/pull/7707 Release v1.0.2 of ingress-nginx - -### 4.0.2 - -- [7681] https://github.com/kubernetes/ingress-nginx/pull/7681 Release v1.0.1 of ingress-nginx - -### 4.0.1 - -- [7535] https://github.com/kubernetes/ingress-nginx/pull/7535 Release v1.0.0 ingress-nginx - -### 3.34.0 - -- [7256] https://github.com/kubernetes/ingress-nginx/pull/7256 Add namespace field in the namespace scoped resource templates - -### 3.33.0 - -- [7164] https://github.com/kubernetes/ingress-nginx/pull/7164 Update nginx to v1.20.1 - -### 3.32.0 - -- [7117] https://github.com/kubernetes/ingress-nginx/pull/7117 Add annotations for HPA - -### 3.31.0 - -- [7137] https://github.com/kubernetes/ingress-nginx/pull/7137 Add support for custom probes - -### 3.30.0 - -- [#7092](https://github.com/kubernetes/ingress-nginx/pull/7092) Removes the possibility of using localhost in ExternalNames as endpoints - -### 3.29.0 - -- [X] [#6945](https://github.com/kubernetes/ingress-nginx/pull/7020) Add option to specify job label for ServiceMonitor - -### 3.28.0 - -- [ ] [#6900](https://github.com/kubernetes/ingress-nginx/pull/6900) Support existing PSPs - -### 3.27.0 - -- Update ingress-nginx v0.45.0 - -### 3.26.0 - -- [X] [#6979](https://github.com/kubernetes/ingress-nginx/pull/6979) Changed servicePort value for metrics - -### 3.25.0 - -- [X] [#6957](https://github.com/kubernetes/ingress-nginx/pull/6957) Add ability to specify automountServiceAccountToken - -### 3.24.0 - -- [X] [#6908](https://github.com/kubernetes/ingress-nginx/pull/6908) Add volumes to default-backend deployment - -### 3.23.0 - -- Update ingress-nginx v0.44.0 - -### 3.22.0 - -- [X] [#6802](https://github.com/kubernetes/ingress-nginx/pull/6802) Add value for configuring a custom Diffie-Hellman parameters file -- [X] [#6815](https://github.com/kubernetes/ingress-nginx/pull/6815) Allow use of numeric namespaces in helm chart - -### 3.21.0 - -- [X] [#6783](https://github.com/kubernetes/ingress-nginx/pull/6783) Add custom annotations to ScaledObject -- [X] [#6761](https://github.com/kubernetes/ingress-nginx/pull/6761) Adding quotes in the serviceAccount name in Helm values -- [X] [#6767](https://github.com/kubernetes/ingress-nginx/pull/6767) Remove ClusterRole when scope option is enabled -- [X] [#6785](https://github.com/kubernetes/ingress-nginx/pull/6785) Update kube-webhook-certgen image to v1.5.1 - -### 3.20.1 - -- Do not create KEDA in case of DaemonSets. -- Fix KEDA v2 definition - -### 3.20.0 - -- [X] [#6730](https://github.com/kubernetes/ingress-nginx/pull/6730) Do not create HPA for defaultBackend if not enabled. - -### 3.19.0 - -- Update ingress-nginx v0.43.0 - -### 3.18.0 - -- [X] [#6688](https://github.com/kubernetes/ingress-nginx/pull/6688) Allow volume-type emptyDir in controller podsecuritypolicy -- [X] [#6691](https://github.com/kubernetes/ingress-nginx/pull/6691) Improve parsing of helm parameters - -### 3.17.0 - -- Update ingress-nginx v0.42.0 - -### 3.16.1 - -- Fix chart-releaser action - -### 3.16.0 - -- [X] [#6646](https://github.com/kubernetes/ingress-nginx/pull/6646) Added LoadBalancerIP value for internal service - -### 3.15.1 - -- Fix chart-releaser action - -### 3.15.0 - -- [X] [#6586](https://github.com/kubernetes/ingress-nginx/pull/6586) Fix 'maxmindLicenseKey' location in values.yaml - -### 3.14.0 - -- [X] [#6469](https://github.com/kubernetes/ingress-nginx/pull/6469) Allow custom service names for controller and backend - -### 3.13.0 - -- [X] [#6544](https://github.com/kubernetes/ingress-nginx/pull/6544) Fix default backend HPA name variable - -### 3.12.0 - -- [X] [#6514](https://github.com/kubernetes/ingress-nginx/pull/6514) Remove helm2 support and update docs - -### 3.11.1 - -- [X] [#6505](https://github.com/kubernetes/ingress-nginx/pull/6505) Reorder HPA resource list to work with GitOps tooling - -### 3.11.0 - -- Support Keda Autoscaling - -### 3.10.1 - -- Fix regression introduced in 0.41.0 with external authentication - -### 3.10.0 - -- Fix routing regression introduced in 0.41.0 with PathType Exact - -### 3.9.0 - -- [X] [#6423](https://github.com/kubernetes/ingress-nginx/pull/6423) Add Default backend HPA autoscaling - -### 3.8.0 - -- [X] [#6395](https://github.com/kubernetes/ingress-nginx/pull/6395) Update jettech/kube-webhook-certgen image -- [X] [#6377](https://github.com/kubernetes/ingress-nginx/pull/6377) Added loadBalancerSourceRanges for internal lbs -- [X] [#6356](https://github.com/kubernetes/ingress-nginx/pull/6356) Add securitycontext settings on defaultbackend -- [X] [#6401](https://github.com/kubernetes/ingress-nginx/pull/6401) Fix controller service annotations -- [X] [#6403](https://github.com/kubernetes/ingress-nginx/pull/6403) Initial helm chart changelog - -### 3.7.1 - -- [X] [#6326](https://github.com/kubernetes/ingress-nginx/pull/6326) Fix liveness and readiness probe path in daemonset chart - -### 3.7.0 - -- [X] [#6316](https://github.com/kubernetes/ingress-nginx/pull/6316) Numerals in podAnnotations in quotes [#6315](https://github.com/kubernetes/ingress-nginx/issues/6315) - -### 3.6.0 - -- [X] [#6305](https://github.com/kubernetes/ingress-nginx/pull/6305) Add default linux nodeSelector - -### 3.5.1 - -- [X] [#6299](https://github.com/kubernetes/ingress-nginx/pull/6299) Fix helm chart release - -### 3.5.0 - -- [X] [#6260](https://github.com/kubernetes/ingress-nginx/pull/6260) Allow Helm Chart to customize admission webhook's annotations, timeoutSeconds, namespaceSelector, objectSelector and cert files locations - -### 3.4.0 - -- [X] [#6268](https://github.com/kubernetes/ingress-nginx/pull/6268) Update to 0.40.2 in helm chart #6288 - -### 3.3.1 - -- [X] [#6259](https://github.com/kubernetes/ingress-nginx/pull/6259) Release helm chart -- [X] [#6258](https://github.com/kubernetes/ingress-nginx/pull/6258) Fix chart markdown link -- [X] [#6253](https://github.com/kubernetes/ingress-nginx/pull/6253) Release v0.40.0 - -### 3.3.1 - -- [X] [#6233](https://github.com/kubernetes/ingress-nginx/pull/6233) Add admission controller e2e test - -### 3.3.0 - -- [X] [#6203](https://github.com/kubernetes/ingress-nginx/pull/6203) Refactor parsing of key values -- [X] [#6162](https://github.com/kubernetes/ingress-nginx/pull/6162) Add helm chart options to expose metrics service as NodePort -- [X] [#6180](https://github.com/kubernetes/ingress-nginx/pull/6180) Fix helm chart admissionReviewVersions regression -- [X] [#6169](https://github.com/kubernetes/ingress-nginx/pull/6169) Fix Typo in example prometheus rules - -### 3.0.0 - -- [X] [#6167](https://github.com/kubernetes/ingress-nginx/pull/6167) Update chart requirements - -### 2.16.0 - -- [X] [#6154](https://github.com/kubernetes/ingress-nginx/pull/6154) add `topologySpreadConstraint` to controller - -### 2.15.0 - -- [X] [#6087](https://github.com/kubernetes/ingress-nginx/pull/6087) Adding parameter for externalTrafficPolicy in internal controller service spec - -### 2.14.0 - -- [X] [#6104](https://github.com/kubernetes/ingress-nginx/pull/6104) Misc fixes for nginx-ingress chart for better keel and prometheus-operator integration - -### 2.13.0 - -- [X] [#6093](https://github.com/kubernetes/ingress-nginx/pull/6093) Release v0.35.0 - -### 2.13.0 - -- [X] [#6093](https://github.com/kubernetes/ingress-nginx/pull/6093) Release v0.35.0 -- [X] [#6080](https://github.com/kubernetes/ingress-nginx/pull/6080) Switch images to k8s.gcr.io after Vanity Domain Flip - -### 2.12.1 - -- [X] [#6075](https://github.com/kubernetes/ingress-nginx/pull/6075) Sync helm chart affinity examples - -### 2.12.0 - -- [X] [#6039](https://github.com/kubernetes/ingress-nginx/pull/6039) Add configurable serviceMonitor metricRelabelling and targetLabels -- [X] [#6044](https://github.com/kubernetes/ingress-nginx/pull/6044) Fix YAML linting - -### 2.11.3 - -- [X] [#6038](https://github.com/kubernetes/ingress-nginx/pull/6038) Bump chart version PATCH - -### 2.11.2 - -- [X] [#5951](https://github.com/kubernetes/ingress-nginx/pull/5951) Bump chart patch version - -### 2.11.1 - -- [X] [#5900](https://github.com/kubernetes/ingress-nginx/pull/5900) Release helm chart for v0.34.1 - -### 2.11.0 - -- [X] [#5879](https://github.com/kubernetes/ingress-nginx/pull/5879) Update helm chart for v0.34.0 -- [X] [#5671](https://github.com/kubernetes/ingress-nginx/pull/5671) Make liveness probe more fault tolerant than readiness probe - -### 2.10.0 - -- [X] [#5843](https://github.com/kubernetes/ingress-nginx/pull/5843) Update jettech/kube-webhook-certgen image - -### 2.9.1 - -- [X] [#5823](https://github.com/kubernetes/ingress-nginx/pull/5823) Add quoting to sysctls because numeric values need to be presented as strings (#5823) - -### 2.9.0 - -- [X] [#5795](https://github.com/kubernetes/ingress-nginx/pull/5795) Use fully qualified images to avoid cri-o issues - - -### TODO - -Keep building the changelog using *git log charts* checking the tag diff --git a/charts/nginx-ingress/OWNERS b/charts/nginx-ingress/OWNERS deleted file mode 100644 index 6b7e049ca8..0000000000 --- a/charts/nginx-ingress/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -# See the OWNERS docs: https://github.com/kubernetes/community/blob/master/contributors/guide/owners.md - -approvers: -- ingress-nginx-helm-maintainers - -reviewers: -- ingress-nginx-helm-reviewers - -labels: -- area/helm diff --git a/charts/nginx-ingress/ci/controller-custom-ingressclass-flags.yaml b/charts/nginx-ingress/ci/controller-custom-ingressclass-flags.yaml deleted file mode 100644 index b28a2326ee..0000000000 --- a/charts/nginx-ingress/ci/controller-custom-ingressclass-flags.yaml +++ /dev/null @@ -1,7 +0,0 @@ -controller: - watchIngressWithoutClass: true - ingressClassResource: - name: custom-nginx - enabled: true - default: true - controllerValue: "k8s.io/custom-nginx" diff --git a/charts/nginx-ingress/ci/daemonset-customconfig-values.yaml b/charts/nginx-ingress/ci/daemonset-customconfig-values.yaml deleted file mode 100644 index 4393a5bc06..0000000000 --- a/charts/nginx-ingress/ci/daemonset-customconfig-values.yaml +++ /dev/null @@ -1,14 +0,0 @@ -controller: - image: - repository: ingress-controller/controller - tag: 1.0.0-dev - digest: null - kind: DaemonSet - allowSnippetAnnotations: false - admissionWebhooks: - enabled: false - service: - type: ClusterIP - - config: - use-proxy-protocol: "true" diff --git a/charts/nginx-ingress/ci/daemonset-customnodeport-values.yaml b/charts/nginx-ingress/ci/daemonset-customnodeport-values.yaml deleted file mode 100644 index 1d94be219b..0000000000 --- a/charts/nginx-ingress/ci/daemonset-customnodeport-values.yaml +++ /dev/null @@ -1,22 +0,0 @@ -controller: - kind: DaemonSet - image: - repository: ingress-controller/controller - tag: 1.0.0-dev - digest: null - admissionWebhooks: - enabled: false - - service: - type: NodePort - nodePorts: - tcp: - 9000: 30090 - udp: - 9001: 30091 - -tcp: - 9000: "default/test:8080" - -udp: - 9001: "default/test:8080" diff --git a/charts/nginx-ingress/ci/daemonset-headers-values.yaml b/charts/nginx-ingress/ci/daemonset-headers-values.yaml deleted file mode 100644 index ab7d47bd4d..0000000000 --- a/charts/nginx-ingress/ci/daemonset-headers-values.yaml +++ /dev/null @@ -1,14 +0,0 @@ -controller: - kind: DaemonSet - image: - repository: ingress-controller/controller - tag: 1.0.0-dev - digest: null - admissionWebhooks: - enabled: false - addHeaders: - X-Frame-Options: deny - proxySetHeaders: - X-Forwarded-Proto: https - service: - type: ClusterIP diff --git a/charts/nginx-ingress/ci/daemonset-internal-lb-values.yaml b/charts/nginx-ingress/ci/daemonset-internal-lb-values.yaml deleted file mode 100644 index 0a200a7460..0000000000 --- a/charts/nginx-ingress/ci/daemonset-internal-lb-values.yaml +++ /dev/null @@ -1,14 +0,0 @@ -controller: - kind: DaemonSet - image: - repository: ingress-controller/controller - tag: 1.0.0-dev - digest: null - admissionWebhooks: - enabled: false - service: - type: ClusterIP - internal: - enabled: true - annotations: - service.beta.kubernetes.io/aws-load-balancer-internal: "true" diff --git a/charts/nginx-ingress/ci/daemonset-nodeport-values.yaml b/charts/nginx-ingress/ci/daemonset-nodeport-values.yaml deleted file mode 100644 index 3b7aa2fcd2..0000000000 --- a/charts/nginx-ingress/ci/daemonset-nodeport-values.yaml +++ /dev/null @@ -1,10 +0,0 @@ -controller: - kind: DaemonSet - image: - repository: ingress-controller/controller - tag: 1.0.0-dev - digest: null - admissionWebhooks: - enabled: false - service: - type: NodePort diff --git a/charts/nginx-ingress/ci/daemonset-podannotations-values.yaml b/charts/nginx-ingress/ci/daemonset-podannotations-values.yaml deleted file mode 100644 index 0b55306a10..0000000000 --- a/charts/nginx-ingress/ci/daemonset-podannotations-values.yaml +++ /dev/null @@ -1,17 +0,0 @@ -controller: - kind: DaemonSet - image: - repository: ingress-controller/controller - tag: 1.0.0-dev - digest: null - admissionWebhooks: - enabled: false - metrics: - enabled: true - service: - type: ClusterIP - podAnnotations: - prometheus.io/path: /metrics - prometheus.io/port: "10254" - prometheus.io/scheme: http - prometheus.io/scrape: "true" diff --git a/charts/nginx-ingress/ci/daemonset-tcp-udp-configMapNamespace-values.yaml b/charts/nginx-ingress/ci/daemonset-tcp-udp-configMapNamespace-values.yaml deleted file mode 100644 index acd86a77ab..0000000000 --- a/charts/nginx-ingress/ci/daemonset-tcp-udp-configMapNamespace-values.yaml +++ /dev/null @@ -1,20 +0,0 @@ -controller: - kind: DaemonSet - image: - repository: ingress-controller/controller - tag: 1.0.0-dev - digest: null - admissionWebhooks: - enabled: false - service: - type: ClusterIP - tcp: - configMapNamespace: default - udp: - configMapNamespace: default - -tcp: - 9000: "default/test:8080" - -udp: - 9001: "default/test:8080" diff --git a/charts/nginx-ingress/ci/daemonset-tcp-udp-values.yaml b/charts/nginx-ingress/ci/daemonset-tcp-udp-values.yaml deleted file mode 100644 index 25ee64d856..0000000000 --- a/charts/nginx-ingress/ci/daemonset-tcp-udp-values.yaml +++ /dev/null @@ -1,16 +0,0 @@ -controller: - kind: DaemonSet - image: - repository: ingress-controller/controller - tag: 1.0.0-dev - digest: null - admissionWebhooks: - enabled: false - service: - type: ClusterIP - -tcp: - 9000: "default/test:8080" - -udp: - 9001: "default/test:8080" diff --git a/charts/nginx-ingress/ci/daemonset-tcp-values.yaml b/charts/nginx-ingress/ci/daemonset-tcp-values.yaml deleted file mode 100644 index 380c8b4b13..0000000000 --- a/charts/nginx-ingress/ci/daemonset-tcp-values.yaml +++ /dev/null @@ -1,14 +0,0 @@ -controller: - kind: DaemonSet - image: - repository: ingress-controller/controller - tag: 1.0.0-dev - digest: null - admissionWebhooks: - enabled: false - service: - type: ClusterIP - -tcp: - 9000: "default/test:8080" - 9001: "default/test:8080" diff --git a/charts/nginx-ingress/ci/deamonset-default-values.yaml b/charts/nginx-ingress/ci/deamonset-default-values.yaml deleted file mode 100644 index 82fa23e854..0000000000 --- a/charts/nginx-ingress/ci/deamonset-default-values.yaml +++ /dev/null @@ -1,10 +0,0 @@ -controller: - kind: DaemonSet - image: - repository: ingress-controller/controller - tag: 1.0.0-dev - digest: null - admissionWebhooks: - enabled: false - service: - type: ClusterIP diff --git a/charts/nginx-ingress/ci/deamonset-metrics-values.yaml b/charts/nginx-ingress/ci/deamonset-metrics-values.yaml deleted file mode 100644 index cb3cb54be2..0000000000 --- a/charts/nginx-ingress/ci/deamonset-metrics-values.yaml +++ /dev/null @@ -1,12 +0,0 @@ -controller: - kind: DaemonSet - image: - repository: ingress-controller/controller - tag: 1.0.0-dev - digest: null - admissionWebhooks: - enabled: false - metrics: - enabled: true - service: - type: ClusterIP diff --git a/charts/nginx-ingress/ci/deamonset-psp-values.yaml b/charts/nginx-ingress/ci/deamonset-psp-values.yaml deleted file mode 100644 index 8026a6356f..0000000000 --- a/charts/nginx-ingress/ci/deamonset-psp-values.yaml +++ /dev/null @@ -1,13 +0,0 @@ -controller: - kind: DaemonSet - image: - repository: ingress-controller/controller - tag: 1.0.0-dev - digest: null - admissionWebhooks: - enabled: false - service: - type: ClusterIP - -podSecurityPolicy: - enabled: true diff --git a/charts/nginx-ingress/ci/deamonset-webhook-and-psp-values.yaml b/charts/nginx-ingress/ci/deamonset-webhook-and-psp-values.yaml deleted file mode 100644 index fccdb134cf..0000000000 --- a/charts/nginx-ingress/ci/deamonset-webhook-and-psp-values.yaml +++ /dev/null @@ -1,13 +0,0 @@ -controller: - kind: DaemonSet - image: - repository: ingress-controller/controller - tag: 1.0.0-dev - digest: null - admissionWebhooks: - enabled: true - service: - type: ClusterIP - -podSecurityPolicy: - enabled: true diff --git a/charts/nginx-ingress/ci/deamonset-webhook-values.yaml b/charts/nginx-ingress/ci/deamonset-webhook-values.yaml deleted file mode 100644 index 54d364df11..0000000000 --- a/charts/nginx-ingress/ci/deamonset-webhook-values.yaml +++ /dev/null @@ -1,10 +0,0 @@ -controller: - kind: DaemonSet - image: - repository: ingress-controller/controller - tag: 1.0.0-dev - digest: null - admissionWebhooks: - enabled: true - service: - type: ClusterIP diff --git a/charts/nginx-ingress/ci/deployment-autoscaling-behavior-values.yaml b/charts/nginx-ingress/ci/deployment-autoscaling-behavior-values.yaml deleted file mode 100644 index dca3f35f83..0000000000 --- a/charts/nginx-ingress/ci/deployment-autoscaling-behavior-values.yaml +++ /dev/null @@ -1,14 +0,0 @@ -controller: - autoscaling: - enabled: true - behavior: - scaleDown: - stabilizationWindowSeconds: 300 - policies: - - type: Pods - value: 1 - periodSeconds: 180 - admissionWebhooks: - enabled: false - service: - type: ClusterIP diff --git a/charts/nginx-ingress/ci/deployment-autoscaling-values.yaml b/charts/nginx-ingress/ci/deployment-autoscaling-values.yaml deleted file mode 100644 index b8b3ac6862..0000000000 --- a/charts/nginx-ingress/ci/deployment-autoscaling-values.yaml +++ /dev/null @@ -1,11 +0,0 @@ -controller: - image: - repository: ingress-controller/controller - tag: 1.0.0-dev - digest: null - autoscaling: - enabled: true - admissionWebhooks: - enabled: false - service: - type: ClusterIP diff --git a/charts/nginx-ingress/ci/deployment-customconfig-values.yaml b/charts/nginx-ingress/ci/deployment-customconfig-values.yaml deleted file mode 100644 index 174941848e..0000000000 --- a/charts/nginx-ingress/ci/deployment-customconfig-values.yaml +++ /dev/null @@ -1,12 +0,0 @@ -controller: - image: - repository: ingress-controller/controller - tag: 1.0.0-dev - digest: null - config: - use-proxy-protocol: "true" - allowSnippetAnnotations: false - admissionWebhooks: - enabled: false - service: - type: ClusterIP diff --git a/charts/nginx-ingress/ci/deployment-customnodeport-values.yaml b/charts/nginx-ingress/ci/deployment-customnodeport-values.yaml deleted file mode 100644 index a564eaf931..0000000000 --- a/charts/nginx-ingress/ci/deployment-customnodeport-values.yaml +++ /dev/null @@ -1,20 +0,0 @@ -controller: - image: - repository: ingress-controller/controller - tag: 1.0.0-dev - digest: null - admissionWebhooks: - enabled: false - service: - type: NodePort - nodePorts: - tcp: - 9000: 30090 - udp: - 9001: 30091 - -tcp: - 9000: "default/test:8080" - -udp: - 9001: "default/test:8080" diff --git a/charts/nginx-ingress/ci/deployment-default-values.yaml b/charts/nginx-ingress/ci/deployment-default-values.yaml deleted file mode 100644 index 9f46b4e7e9..0000000000 --- a/charts/nginx-ingress/ci/deployment-default-values.yaml +++ /dev/null @@ -1,8 +0,0 @@ -# Left blank to test default values -controller: - image: - repository: ingress-controller/controller - tag: 1.0.0-dev - digest: null - service: - type: ClusterIP diff --git a/charts/nginx-ingress/ci/deployment-headers-values.yaml b/charts/nginx-ingress/ci/deployment-headers-values.yaml deleted file mode 100644 index 17a11ac370..0000000000 --- a/charts/nginx-ingress/ci/deployment-headers-values.yaml +++ /dev/null @@ -1,13 +0,0 @@ -controller: - image: - repository: ingress-controller/controller - tag: 1.0.0-dev - digest: null - admissionWebhooks: - enabled: false - addHeaders: - X-Frame-Options: deny - proxySetHeaders: - X-Forwarded-Proto: https - service: - type: ClusterIP diff --git a/charts/nginx-ingress/ci/deployment-internal-lb-values.yaml b/charts/nginx-ingress/ci/deployment-internal-lb-values.yaml deleted file mode 100644 index fd8df8de5d..0000000000 --- a/charts/nginx-ingress/ci/deployment-internal-lb-values.yaml +++ /dev/null @@ -1,13 +0,0 @@ -controller: - image: - repository: ingress-controller/controller - tag: 1.0.0-dev - digest: null - admissionWebhooks: - enabled: false - service: - type: ClusterIP - internal: - enabled: true - annotations: - service.beta.kubernetes.io/aws-load-balancer-internal: "true" diff --git a/charts/nginx-ingress/ci/deployment-metrics-values.yaml b/charts/nginx-ingress/ci/deployment-metrics-values.yaml deleted file mode 100644 index 9209ad5a6f..0000000000 --- a/charts/nginx-ingress/ci/deployment-metrics-values.yaml +++ /dev/null @@ -1,11 +0,0 @@ -controller: - image: - repository: ingress-controller/controller - tag: 1.0.0-dev - digest: null - admissionWebhooks: - enabled: false - metrics: - enabled: true - service: - type: ClusterIP diff --git a/charts/nginx-ingress/ci/deployment-nodeport-values.yaml b/charts/nginx-ingress/ci/deployment-nodeport-values.yaml deleted file mode 100644 index cd9b323528..0000000000 --- a/charts/nginx-ingress/ci/deployment-nodeport-values.yaml +++ /dev/null @@ -1,9 +0,0 @@ -controller: - image: - repository: ingress-controller/controller - tag: 1.0.0-dev - digest: null - admissionWebhooks: - enabled: false - service: - type: NodePort diff --git a/charts/nginx-ingress/ci/deployment-podannotations-values.yaml b/charts/nginx-ingress/ci/deployment-podannotations-values.yaml deleted file mode 100644 index b48d93c46a..0000000000 --- a/charts/nginx-ingress/ci/deployment-podannotations-values.yaml +++ /dev/null @@ -1,16 +0,0 @@ -controller: - image: - repository: ingress-controller/controller - tag: 1.0.0-dev - digest: null - admissionWebhooks: - enabled: false - metrics: - enabled: true - service: - type: ClusterIP - podAnnotations: - prometheus.io/path: /metrics - prometheus.io/port: "10254" - prometheus.io/scheme: http - prometheus.io/scrape: "true" diff --git a/charts/nginx-ingress/ci/deployment-psp-values.yaml b/charts/nginx-ingress/ci/deployment-psp-values.yaml deleted file mode 100644 index 2f332a7b20..0000000000 --- a/charts/nginx-ingress/ci/deployment-psp-values.yaml +++ /dev/null @@ -1,10 +0,0 @@ -controller: - image: - repository: ingress-controller/controller - tag: 1.0.0-dev - digest: null - service: - type: ClusterIP - -podSecurityPolicy: - enabled: true diff --git a/charts/nginx-ingress/ci/deployment-tcp-udp-configMapNamespace-values.yaml b/charts/nginx-ingress/ci/deployment-tcp-udp-configMapNamespace-values.yaml deleted file mode 100644 index c51a4e91fa..0000000000 --- a/charts/nginx-ingress/ci/deployment-tcp-udp-configMapNamespace-values.yaml +++ /dev/null @@ -1,19 +0,0 @@ -controller: - image: - repository: ingress-controller/controller - tag: 1.0.0-dev - digest: null - admissionWebhooks: - enabled: false - service: - type: ClusterIP - tcp: - configMapNamespace: default - udp: - configMapNamespace: default - -tcp: - 9000: "default/test:8080" - -udp: - 9001: "default/test:8080" diff --git a/charts/nginx-ingress/ci/deployment-tcp-udp-values.yaml b/charts/nginx-ingress/ci/deployment-tcp-udp-values.yaml deleted file mode 100644 index 5b45b69dcc..0000000000 --- a/charts/nginx-ingress/ci/deployment-tcp-udp-values.yaml +++ /dev/null @@ -1,15 +0,0 @@ -controller: - image: - repository: ingress-controller/controller - tag: 1.0.0-dev - digest: null - admissionWebhooks: - enabled: false - service: - type: ClusterIP - -tcp: - 9000: "default/test:8080" - -udp: - 9001: "default/test:8080" diff --git a/charts/nginx-ingress/ci/deployment-tcp-values.yaml b/charts/nginx-ingress/ci/deployment-tcp-values.yaml deleted file mode 100644 index ac0b6e60eb..0000000000 --- a/charts/nginx-ingress/ci/deployment-tcp-values.yaml +++ /dev/null @@ -1,11 +0,0 @@ -controller: - image: - repository: ingress-controller/controller - tag: 1.0.0-dev - digest: null - service: - type: ClusterIP - -tcp: - 9000: "default/test:8080" - 9001: "default/test:8080" diff --git a/charts/nginx-ingress/ci/deployment-webhook-and-psp-values.yaml b/charts/nginx-ingress/ci/deployment-webhook-and-psp-values.yaml deleted file mode 100644 index 6195bb3391..0000000000 --- a/charts/nginx-ingress/ci/deployment-webhook-and-psp-values.yaml +++ /dev/null @@ -1,12 +0,0 @@ -controller: - image: - repository: ingress-controller/controller - tag: 1.0.0-dev - digest: null - admissionWebhooks: - enabled: true - service: - type: ClusterIP - -podSecurityPolicy: - enabled: true diff --git a/charts/nginx-ingress/ci/deployment-webhook-resources-values.yaml b/charts/nginx-ingress/ci/deployment-webhook-resources-values.yaml deleted file mode 100644 index 49ebbb02c8..0000000000 --- a/charts/nginx-ingress/ci/deployment-webhook-resources-values.yaml +++ /dev/null @@ -1,23 +0,0 @@ -controller: - service: - type: ClusterIP - admissionWebhooks: - enabled: true - createSecretJob: - resources: - limits: - cpu: 10m - memory: 20Mi - requests: - cpu: 10m - memory: 20Mi - patchWebhookJob: - resources: - limits: - cpu: 10m - memory: 20Mi - requests: - cpu: 10m - memory: 20Mi - patch: - enabled: true diff --git a/charts/nginx-ingress/ci/deployment-webhook-values.yaml b/charts/nginx-ingress/ci/deployment-webhook-values.yaml deleted file mode 100644 index 76669a5300..0000000000 --- a/charts/nginx-ingress/ci/deployment-webhook-values.yaml +++ /dev/null @@ -1,9 +0,0 @@ -controller: - image: - repository: ingress-controller/controller - tag: 1.0.0-dev - digest: null - admissionWebhooks: - enabled: true - service: - type: ClusterIP diff --git a/charts/nginx-ingress/templates/_helpers.tpl b/charts/nginx-ingress/templates/_helpers.tpl index 72b3fe83ee..654d5dcdbf 100644 --- a/charts/nginx-ingress/templates/_helpers.tpl +++ b/charts/nginx-ingress/templates/_helpers.tpl @@ -77,8 +77,16 @@ app.kubernetes.io/managed-by: {{ .Release.Service }} {{/* Selector labels +Previous values from the upstream chart: + app.kubernetes.io/name: {{ include "ingress-nginx.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + +Per-component label: + component: "{{ .Values.{controller,defaultBackend}.name }}" */}} {{- define "ingress-nginx.selectorLabels" -}} +app: {{ include "ingress-nginx.name" . }} +release: {{ .Release.Name }} app.kubernetes.io/name: {{ include "ingress-nginx.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} {{- end -}} diff --git a/spec/helm_template_helper.rb b/spec/helm_template_helper.rb index cc2195d37e..1655ef0c5a 100644 --- a/spec/helm_template_helper.rb +++ b/spec/helm_template_helper.rb @@ -61,18 +61,21 @@ class HelmTemplate stdin_data: YAML.dump(values)) @stdout, @stderr, @exit_code = result # handle common failures when helm or chart not setup properly - if @exit_code == 256 - case - when @stderr.start_with?('FATAL') - # errors that start with FATAL are expected failures, pass to RSpec - when @stderr.start_with?('Error: template: gitlab/templates/NOTES.txt') - # checkConfig failure, pass to RSpec - when @stderr.include?('found in Chart.yaml, but missing in charts/ directory') - fail "Chart dependencies not installed, run 'helm dependency update'" - when @stderr.include?('Error: template') - fail "Helm template syntax error.\n#{@stderr}" - end + case @exit_code + when 256 + fail "Chart dependencies not installed, run 'helm dependency update'" if @stderr.include? 'found in Chart.yaml, but missing in charts/ directory' end + # if @exit_code == 256 + # # rubocop:disable Style/GuardClause + # if !@stderr.include?('webservice.datamodel.prepare') + # if @stderr.include?('found in Chart.yaml, but missing in charts/ directory') + # fail "Chart dependencies not installed, run 'helm dependency update'" + # elsif @stderr.include?('Error: template') && !@stderr.include?('gitlab/templates/NOTES.txt') + # fail "Helm template syntax error.\n#{@stderr}" + # end + # end + # # rubocop:enable Style/GuardClause + # end # load the complete output's YAML documents into an array yaml = YAML.load_stream(@stdout) # filter out any empty YAML documents (nil) -- GitLab From 785d893d691ebe67c869c6e922b5232ca9477aa3 Mon Sep 17 00:00:00 2001 From: Gerard Hickey Date: Wed, 8 Dec 2021 13:48:49 -0800 Subject: [PATCH 31/48] Favor GitLab's nodeSelectors instead nginx-ingress --- charts/nginx-ingress/templates/controller-deployment.yaml | 5 +++-- .../nginx-ingress/templates/default-backend-deployment.yaml | 5 +++-- doc/charts/nginx/fork.md | 2 ++ 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/charts/nginx-ingress/templates/controller-deployment.yaml b/charts/nginx-ingress/templates/controller-deployment.yaml index c03c20d1c5..6fd39ba910 100644 --- a/charts/nginx-ingress/templates/controller-deployment.yaml +++ b/charts/nginx-ingress/templates/controller-deployment.yaml @@ -237,9 +237,10 @@ spec: {{- if .Values.controller.hostNetwork }} hostNetwork: {{ .Values.controller.hostNetwork }} {{- end }} + {{/* GitLab change: disable ingress-nginx use of nodeSelector {{- if .Values.controller.nodeSelector }} - nodeSelector: {{ toYaml .Values.controller.nodeSelector | nindent 8 }} - {{- else if include "gitlab.nodeSelector" . }} + nodeSelector: {{ toYaml .Values.controller.nodeSelector | nindent 8 */}} + {{- if include "gitlab.nodeSelector" . }} {{- include "gitlab.nodeSelector" . | nindent 6 }} {{- end }} {{- if .Values.controller.tolerations }} diff --git a/charts/nginx-ingress/templates/default-backend-deployment.yaml b/charts/nginx-ingress/templates/default-backend-deployment.yaml index c7f539cb68..b813a30dca 100644 --- a/charts/nginx-ingress/templates/default-backend-deployment.yaml +++ b/charts/nginx-ingress/templates/default-backend-deployment.yaml @@ -102,9 +102,10 @@ spec: {{- if .Values.defaultBackend.resources }} resources: {{ toYaml .Values.defaultBackend.resources | nindent 12 }} {{- end }} + {{/* GitLab change: disable ingress-nginx use of nodeSelector {{- if .Values.defaultBackend.nodeSelector }} - nodeSelector: {{ toYaml .Values.defaultBackend.nodeSelector | nindent 8 }} - {{- else if include "gitlab.nodeSelector" . }} + nodeSelector: {{ toYaml .Values.defaultBackend.nodeSelector | nindent 8 */}} + {{- if include "gitlab.nodeSelector" . }} {{- include "gitlab.nodeSelector" . | nindent 6 }} {{- end }} serviceAccountName: {{ template "ingress-nginx.defaultBackend.serviceAccountName" . }} diff --git a/doc/charts/nginx/fork.md b/doc/charts/nginx/fork.md index 265c8e2bc4..c5cc773b00 100644 --- a/doc/charts/nginx/fork.md +++ b/doc/charts/nginx/fork.md @@ -22,3 +22,5 @@ The following adjustments were made to the NGINX fork: - `role.yaml`: rule for editing leader ConfigMap uses `ingress-nginx.controller.ingress-class` - Replace `controller.service.loadBalancerIP` with `global.hosts.externalIP` - Added support to add common labels through `common.labels` configuration option +- `controller-deployment.yaml`: Disabled the use of `controller.nodeSelector` value +- `default-backend-deployment.yaml`: Disable the use of `defaultbackend.nodeSelector` value -- GitLab From b75fad22849d5b1e859b5a8bd539ac222c59f3ff Mon Sep 17 00:00:00 2001 From: Gerard Hickey Date: Wed, 8 Dec 2021 14:14:27 -0800 Subject: [PATCH 32/48] Added podLabels to nginx-ingress deployments --- charts/nginx-ingress/templates/controller-deployment.yaml | 1 + .../templates/default-backend-deployment.yaml | 1 + doc/charts/nginx/fork.md | 8 ++++++-- 3 files changed, 8 insertions(+), 2 deletions(-) diff --git a/charts/nginx-ingress/templates/controller-deployment.yaml b/charts/nginx-ingress/templates/controller-deployment.yaml index 6fd39ba910..71d5455b16 100644 --- a/charts/nginx-ingress/templates/controller-deployment.yaml +++ b/charts/nginx-ingress/templates/controller-deployment.yaml @@ -48,6 +48,7 @@ spec: {{- include "ingress-nginx.selectorLabels" . | nindent 8 }} component: "{{ .Values.controller.name }}" app.kubernetes.io/component: controller + {{- include "gitlab.podLabels" . | nindent 8 }} {{- if .Values.controller.podLabels }} {{- toYaml .Values.controller.podLabels | nindent 8 }} {{- end }} diff --git a/charts/nginx-ingress/templates/default-backend-deployment.yaml b/charts/nginx-ingress/templates/default-backend-deployment.yaml index b813a30dca..82365c0217 100644 --- a/charts/nginx-ingress/templates/default-backend-deployment.yaml +++ b/charts/nginx-ingress/templates/default-backend-deployment.yaml @@ -31,6 +31,7 @@ spec: labels: {{- include "ingress-nginx.selectorLabels" . | nindent 8 }} app.kubernetes.io/component: default-backend + {{- include "gitlab.podLabels" . | nindent 8 }} {{- if .Values.defaultBackend.podLabels }} {{- toYaml .Values.defaultBackend.podLabels | nindent 8 }} {{- end }} diff --git a/doc/charts/nginx/fork.md b/doc/charts/nginx/fork.md index c5cc773b00..85e413566c 100644 --- a/doc/charts/nginx/fork.md +++ b/doc/charts/nginx/fork.md @@ -22,5 +22,9 @@ The following adjustments were made to the NGINX fork: - `role.yaml`: rule for editing leader ConfigMap uses `ingress-nginx.controller.ingress-class` - Replace `controller.service.loadBalancerIP` with `global.hosts.externalIP` - Added support to add common labels through `common.labels` configuration option -- `controller-deployment.yaml`: Disabled the use of `controller.nodeSelector` value -- `default-backend-deployment.yaml`: Disable the use of `defaultbackend.nodeSelector` value +- `controller-deployment.yaml`: + - Disabled the use of `nginx-ingress.controller.nodeSelector` value + - Add `podlabels` and `global.pod.labels` to `.spec.template.metadata.labels` +- `default-backend-deployment.yaml`: + - Disable the use of `nginx-ingress.defaultbackend.nodeSelector` value + - Add `podlabels` and `global.pod.labels` to `.spec.template.metadata.labels` -- GitLab From 5fa20558fb3e1b574ec666d85ab676ffc8edc419 Mon Sep 17 00:00:00 2001 From: Gerard Hickey Date: Wed, 8 Dec 2021 14:52:03 -0800 Subject: [PATCH 33/48] Fixed nginx-ingress defaultbackend name in strategy spec --- spec/configuration/strategy_spec.rb | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/spec/configuration/strategy_spec.rb b/spec/configuration/strategy_spec.rb index 5e495c0527..27f627574b 100644 --- a/spec/configuration/strategy_spec.rb +++ b/spec/configuration/strategy_spec.rb @@ -99,7 +99,7 @@ describe 'Strategy configuration' do 'Deployment/test-certmanager', 'Deployment/test-prometheus-server', 'Deployment/test-nginx-ingress-controller', - 'Deployment/test-nginx-ingress-default-backend', + 'Deployment/test-nginx-ingress-defaultbackend', 'Deployment/test-toolbox', 'Deployment/test-minio', 'Deployment/test-gitlab-runner', @@ -143,7 +143,9 @@ describe 'Strategy configuration' do resources_by_kind = local_template.resources_by_kind('Deployment').reject { |key, _| ignored_charts.include? key } resources_by_kind.each do |key, _| - expect(local_template.dig(key, 'spec', 'strategy')['type']).to eq('Recreate') + resource = local_template.dig(key, 'spec', 'strategy') + expect(resource).not_to be_nil, "Unable to find strategy for #{key}" + expect(resource['type']).to eq('Recreate'), "#{key} Deployment strategy: #{resource['type']}" end end -- GitLab From ddd1bc17c03074bfc3e174aa003b004d2e3eb507 Mon Sep 17 00:00:00 2001 From: Gerard Hickey Date: Wed, 8 Dec 2021 15:08:45 -0800 Subject: [PATCH 34/48] Set image tag to semver value for ingress-nginx validation --- examples/custom-images/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/custom-images/values.yaml b/examples/custom-images/values.yaml index 4b60127540..eea320b2bb 100644 --- a/examples/custom-images/values.yaml +++ b/examples/custom-images/values.yaml @@ -6,7 +6,7 @@ certmanager-issuer: .custom: &custom image: repository: custom-repository - tag: custom-tag + tag: 1.2.3-example # --- Global settings --- -- GitLab From d1e49d9268bbf80d899a9b330805c4b324bf3223 Mon Sep 17 00:00:00 2001 From: Gerard Hickey Date: Wed, 8 Dec 2021 15:12:51 -0800 Subject: [PATCH 35/48] Added example template name to examples spec failures --- spec/helm_template_helper.rb | 12 +----------- spec/integration/examples_spec.rb | 2 +- 2 files changed, 2 insertions(+), 12 deletions(-) diff --git a/spec/helm_template_helper.rb b/spec/helm_template_helper.rb index 1655ef0c5a..a9d21a3f67 100644 --- a/spec/helm_template_helper.rb +++ b/spec/helm_template_helper.rb @@ -65,17 +65,7 @@ class HelmTemplate when 256 fail "Chart dependencies not installed, run 'helm dependency update'" if @stderr.include? 'found in Chart.yaml, but missing in charts/ directory' end - # if @exit_code == 256 - # # rubocop:disable Style/GuardClause - # if !@stderr.include?('webservice.datamodel.prepare') - # if @stderr.include?('found in Chart.yaml, but missing in charts/ directory') - # fail "Chart dependencies not installed, run 'helm dependency update'" - # elsif @stderr.include?('Error: template') && !@stderr.include?('gitlab/templates/NOTES.txt') - # fail "Helm template syntax error.\n#{@stderr}" - # end - # end - # # rubocop:enable Style/GuardClause - # end + # load the complete output's YAML documents into an array yaml = YAML.load_stream(@stdout) # filter out any empty YAML documents (nil) diff --git a/spec/integration/examples_spec.rb b/spec/integration/examples_spec.rb index 4e90ae2139..dcafaf0556 100644 --- a/spec/integration/examples_spec.rb +++ b/spec/integration/examples_spec.rb @@ -10,7 +10,7 @@ describe 'example configurations' do stdout, stderr, exit_code = result - expect(exit_code.to_i).to eq(0) + expect(exit_code.to_i).to eq(0), "helm template generated error for #{path}" expect(stdout).to include('name: gitlab-examples-test') expect(stderr).to be_empty end -- GitLab From fbb84254f5bc18ae5129d709f512860fe6a5c397 Mon Sep 17 00:00:00 2001 From: Gerard Hickey Date: Wed, 15 Dec 2021 14:34:11 -0800 Subject: [PATCH 36/48] Added checkConfig for nginx-ingress.rbac.scope Removed test at top of nginx-ingress clusterrole.yaml as it was testing and invalid configuration. nginx-ingress.rbac.scope must now be false. See: https://github.com/kubernetes/ingress-nginx/issues/7519 Added a checkConfig to verify that nginx-ingress.rbac.scope is set correctly. Signed-off-by: Gerard Hickey --- .../nginx-ingress/templates/clusterrole.yaml | 10 +------- spec/integration/check_config_spec.rb | 25 +++++++++++++++++++ templates/_checkConfig.tpl | 10 ++++++++ 3 files changed, 36 insertions(+), 9 deletions(-) diff --git a/charts/nginx-ingress/templates/clusterrole.yaml b/charts/nginx-ingress/templates/clusterrole.yaml index 588fb43f3d..f290ad5386 100644 --- a/charts/nginx-ingress/templates/clusterrole.yaml +++ b/charts/nginx-ingress/templates/clusterrole.yaml @@ -1,10 +1,4 @@ -{{- if .Values.rbac.create }} - -{{- if and .Values.rbac.scope (not .Values.controller.scope.enabled) -}} - {{ required "Invalid configuration: 'rbac.scope' should be equal to 'controller.scope.enabled' (true/false)." (index (dict) ".") }} -{{- end }} - -{{- if not .Values.rbac.scope -}} +{{- if and .Values.rbac.create (not .Values.rbac.scope) -}} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -80,5 +74,3 @@ rules: - list - watch {{- end }} - -{{- end }} diff --git a/spec/integration/check_config_spec.rb b/spec/integration/check_config_spec.rb index 78045dd9d4..1f437c4fe7 100644 --- a/spec/integration/check_config_spec.rb +++ b/spec/integration/check_config_spec.rb @@ -1354,4 +1354,29 @@ describe 'checkConfig template' do success_description: 'when Registry replication is enabled for Geo and primary API URL is specified', error_description: 'when Registry replication is enabled for Geo but no primary API URL is specified' end + + describe 'nginx-ingress.rbac.scope' do + let(:success_values) do + YAML.safe_load(%( + nginx-ingress: + rbac: + scope: false + )).merge(default_required_values) + end + + let(:error_values) do + YAML.safe_load(%( + nginx-ingress: + rbac: + scope: true + )).merge(default_required_values) + end + + let(:error_output) { 'Namespaced IngressClasses do not exist' } + + include_examples 'config validation', + success_description: 'when set to false', + error_description: 'when set to true' + end + end diff --git a/templates/_checkConfig.tpl b/templates/_checkConfig.tpl index 3f47ad7888..9897652877 100644 --- a/templates/_checkConfig.tpl +++ b/templates/_checkConfig.tpl @@ -56,6 +56,7 @@ Due to gotpl scoping, we can't make use of `range`, so we have to add action lin {{- $messages = append $messages (include "gitlab.checkConfig.objectStorage.consolidatedConfig" .) -}} {{- $messages = append $messages (include "gitlab.checkConfig.objectStorage.typeSpecificConfig" .) -}} {{- $messages = append $messages (include "gitlab.checkConfig.nginx.controller.extraArgs" .) -}} +{{- $messages = append $messages (include "gitlab.checkConfig.nginx.clusterrole.scope" .) -}} {{- $messages = append $messages (include "gitlab.checkConfig.webservice.loadBalancer" .) -}} {{- $messages = append $messages (include "gitlab.checkConfig.smtp.openssl_verify_mode" .) -}} {{- $messages = append $messages (include "gitlab.checkConfig.geo.registry.replication.primaryApiUrl" .) -}} @@ -665,6 +666,15 @@ nginx-ingress: {{- end -}} {{/* END "gitlab.checkConfig.nginx.controller" */}} +{{- define "gitlab.checkConfig.nginx.clusterrole.scope" -}} +{{- if (index $.Values "nginx-ingress").rbac.scope -}} +nginx-ingress: + 'rbac.scope' should be false. Namespaced IngressClasses do not exist. + See https://github.com/kubernetes/ingress-nginx/issues/7519 +{{- end -}} +{{- end -}} +{{/* END "gitlab.checkConfig.nginx.clusterrole" */}} + {{/* Ensure that when type is set to LoadBalancer that loadBalancerSourceRanges are set */}} -- GitLab From 3434d9a53f46020fd5d5f9808463d4f9c453f6fe Mon Sep 17 00:00:00 2001 From: Gerard Hickey Date: Wed, 15 Dec 2021 14:36:43 -0800 Subject: [PATCH 37/48] Missed change to ConfigMap rbac rule --- charts/nginx-ingress/templates/controller-role.yaml | 2 +- doc/charts/nginx/fork.md | 2 +- spec/integration/check_config_spec.rb | 1 - 3 files changed, 2 insertions(+), 3 deletions(-) diff --git a/charts/nginx-ingress/templates/controller-role.yaml b/charts/nginx-ingress/templates/controller-role.yaml index 7a93af7117..b0851762ed 100644 --- a/charts/nginx-ingress/templates/controller-role.yaml +++ b/charts/nginx-ingress/templates/controller-role.yaml @@ -64,7 +64,7 @@ rules: resources: - configmaps resourceNames: - - {{ .Values.controller.electionID }} + - {{ .Values.controller.electionID }}-{{ template "ingress-nginx.controller.ingress-class" . }} verbs: - get - update diff --git a/doc/charts/nginx/fork.md b/doc/charts/nginx/fork.md index 85e413566c..6412a60524 100644 --- a/doc/charts/nginx/fork.md +++ b/doc/charts/nginx/fork.md @@ -19,7 +19,7 @@ The following adjustments were made to the NGINX fork: - GitLab chart overrides `ingress-nginx.tcp-configmap` so that `gitlab/gitlab-org/charts/gitlab-shell` can configure its TCP service - Ability to use a templated Ingress name based on the release name - `controller-deployment.yaml`: `.spec.template.spec.containers[0].args` uses `ingress-nginx.controller.ingress-class` - - `role.yaml`: rule for editing leader ConfigMap uses `ingress-nginx.controller.ingress-class` + - `controller-role.yaml`: rule for editing leader ConfigMap uses `ingress-nginx.controller.ingress-class` - Replace `controller.service.loadBalancerIP` with `global.hosts.externalIP` - Added support to add common labels through `common.labels` configuration option - `controller-deployment.yaml`: diff --git a/spec/integration/check_config_spec.rb b/spec/integration/check_config_spec.rb index 1f437c4fe7..0ba07db528 100644 --- a/spec/integration/check_config_spec.rb +++ b/spec/integration/check_config_spec.rb @@ -1378,5 +1378,4 @@ describe 'checkConfig template' do success_description: 'when set to false', error_description: 'when set to true' end - end -- GitLab From 834f82b4f85d7fa826d8dcb5475ac4bb3d1e8d55 Mon Sep 17 00:00:00 2001 From: Jason Plum Date: Wed, 15 Dec 2021 22:50:49 +0000 Subject: [PATCH 38/48] Validate minimum Kubernetes version (1.19.16) --- .gitlab-ci.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index dfb98dfcad..7dd0f2fd8c 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -147,7 +147,10 @@ lint_package: "Validate 1.20.7": extends: .kubeval variables: - KUBE_VERSION: "1.20.7" +"Validate 1.19.16": + extends: .kubeval + variables: + KUBE_VERSION: "1.19.16" KUBEVAL_SCHEMA_LOCATION: "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/" "Validate 1.22.3": -- GitLab From f73d290f2bd5382a1ac718e668c907d27ce2815a Mon Sep 17 00:00:00 2001 From: Gerard Hickey Date: Wed, 15 Dec 2021 15:36:17 -0800 Subject: [PATCH 39/48] Fixed Validate 1.20.7 CI job --- .gitlab-ci.yml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 7dd0f2fd8c..538d047e48 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -144,15 +144,18 @@ lint_package: - /(^docs[\/-].+|.+-docs$)/ - *com_auto_deploy_branch_ref -"Validate 1.20.7": - extends: .kubeval - variables: "Validate 1.19.16": extends: .kubeval variables: KUBE_VERSION: "1.19.16" KUBEVAL_SCHEMA_LOCATION: "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/" +"Validate 1.20.7": + extends: .kubeval + variables: + KUBE_VERSION: "1.20.7" + KUBEVAL_SCHEMA_LOCATION: "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/" + "Validate 1.22.3": extends: .kubeval variables: -- GitLab From 4591715bfba9ee5b849a7f288b45f9e9a2f11b91 Mon Sep 17 00:00:00 2001 From: Gerard Hickey Date: Wed, 15 Dec 2021 16:20:17 -0800 Subject: [PATCH 40/48] Reverted to use template for object name --- charts/nginx-ingress/templates/controller-configmap-tcp.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/nginx-ingress/templates/controller-configmap-tcp.yaml b/charts/nginx-ingress/templates/controller-configmap-tcp.yaml index 74ce181e6a..cd299fa428 100644 --- a/charts/nginx-ingress/templates/controller-configmap-tcp.yaml +++ b/charts/nginx-ingress/templates/controller-configmap-tcp.yaml @@ -12,7 +12,7 @@ metadata: {{- if .Values.controller.tcp.annotations }} annotations: {{ toYaml .Values.controller.tcp.annotations | nindent 4 }} {{- end }} - name: {{ include "ingress-nginx.tcp-configmap" . }}-tcp + name: {{ template "ingress-nginx.tcp-configmap" . }} namespace: {{ .Release.Namespace }} data: {{ tpl (toYaml .Values.tcp) . | nindent 2 }} {{- end }} -- GitLab From 6d0c97a9a666017585a7e0dfa684089f3868cf77 Mon Sep 17 00:00:00 2001 From: Mitchell Nielsen Date: Thu, 16 Dec 2021 13:03:09 -0600 Subject: [PATCH 41/48] Revert changes to label selectors Reverts the changes to the label selectors for the Controller Deployment, Daemonset, and Services. This is to avoid upgrade failure due to these fields being immutable. --- charts/nginx-ingress/templates/_helpers.tpl | 2 -- charts/nginx-ingress/templates/controller-daemonset.yaml | 4 ++-- charts/nginx-ingress/templates/controller-deployment.yaml | 2 -- .../nginx-ingress/templates/controller-service-metrics.yaml | 2 +- .../nginx-ingress/templates/controller-service-webhook.yaml | 2 +- charts/nginx-ingress/templates/controller-service.yaml | 2 +- 6 files changed, 5 insertions(+), 9 deletions(-) diff --git a/charts/nginx-ingress/templates/_helpers.tpl b/charts/nginx-ingress/templates/_helpers.tpl index 654d5dcdbf..8102f97c8b 100644 --- a/charts/nginx-ingress/templates/_helpers.tpl +++ b/charts/nginx-ingress/templates/_helpers.tpl @@ -87,8 +87,6 @@ Per-component label: {{- define "ingress-nginx.selectorLabels" -}} app: {{ include "ingress-nginx.name" . }} release: {{ .Release.Name }} -app.kubernetes.io/name: {{ include "ingress-nginx.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} {{- end -}} {{/* diff --git a/charts/nginx-ingress/templates/controller-daemonset.yaml b/charts/nginx-ingress/templates/controller-daemonset.yaml index bebaee77e2..c87a140397 100644 --- a/charts/nginx-ingress/templates/controller-daemonset.yaml +++ b/charts/nginx-ingress/templates/controller-daemonset.yaml @@ -21,7 +21,7 @@ spec: selector: matchLabels: {{- include "ingress-nginx.selectorLabels" . | nindent 6 }} - app.kubernetes.io/component: controller + component: "{{ .Values.controller.name }}" revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} {{- if .Values.controller.updateStrategy }} updateStrategy: {{ toYaml .Values.controller.updateStrategy | nindent 4 }} @@ -37,7 +37,7 @@ spec: {{- end }} labels: {{- include "ingress-nginx.selectorLabels" . | nindent 8 }} - app.kubernetes.io/component: controller + component: "{{ .Values.controller.name }}" {{- if .Values.controller.podLabels }} {{- toYaml .Values.controller.podLabels | nindent 8 }} {{- end }} diff --git a/charts/nginx-ingress/templates/controller-deployment.yaml b/charts/nginx-ingress/templates/controller-deployment.yaml index 71d5455b16..be5e290716 100644 --- a/charts/nginx-ingress/templates/controller-deployment.yaml +++ b/charts/nginx-ingress/templates/controller-deployment.yaml @@ -26,7 +26,6 @@ spec: matchLabels: {{- include "ingress-nginx.selectorLabels" . | nindent 6 }} component: "{{ .Values.controller.name }}" - app.kubernetes.io/component: controller {{- if not .Values.controller.autoscaling.enabled }} replicas: {{ .Values.controller.replicaCount }} {{- end }} @@ -47,7 +46,6 @@ spec: labels: {{- include "ingress-nginx.selectorLabels" . | nindent 8 }} component: "{{ .Values.controller.name }}" - app.kubernetes.io/component: controller {{- include "gitlab.podLabels" . | nindent 8 }} {{- if .Values.controller.podLabels }} {{- toYaml .Values.controller.podLabels | nindent 8 }} diff --git a/charts/nginx-ingress/templates/controller-service-metrics.yaml b/charts/nginx-ingress/templates/controller-service-metrics.yaml index aea69bcdde..d785c632ae 100644 --- a/charts/nginx-ingress/templates/controller-service-metrics.yaml +++ b/charts/nginx-ingress/templates/controller-service-metrics.yaml @@ -44,5 +44,5 @@ spec: {{- end }} selector: {{- include "ingress-nginx.selectorLabels" . | nindent 4 }} - app.kubernetes.io/component: controller + component: "{{ .Values.controller.name }}" {{- end }} diff --git a/charts/nginx-ingress/templates/controller-service-webhook.yaml b/charts/nginx-ingress/templates/controller-service-webhook.yaml index d93447a0bf..96ac60feb0 100644 --- a/charts/nginx-ingress/templates/controller-service-webhook.yaml +++ b/charts/nginx-ingress/templates/controller-service-webhook.yaml @@ -36,5 +36,5 @@ spec: {{- end }} selector: {{- include "ingress-nginx.selectorLabels" . | nindent 4 }} - app.kubernetes.io/component: controller + component: "{{ .Values.controller.name }}" {{- end }} diff --git a/charts/nginx-ingress/templates/controller-service.yaml b/charts/nginx-ingress/templates/controller-service.yaml index 36f6cfdcd3..7346c13cbd 100644 --- a/charts/nginx-ingress/templates/controller-service.yaml +++ b/charts/nginx-ingress/templates/controller-service.yaml @@ -110,5 +110,5 @@ spec: {{- end }} selector: {{- include "ingress-nginx.selectorLabels" . | nindent 4 }} - app.kubernetes.io/component: controller + component: "{{ .Values.controller.name }}" {{- end }} -- GitLab From 1a0d8361e7eda97681425902c13bfd09cb0c5ce8 Mon Sep 17 00:00:00 2001 From: Mitchell Nielsen Date: Thu, 16 Dec 2021 13:04:11 -0600 Subject: [PATCH 42/48] Fix name of leader election ConfigMap Fixes the name of the leader election ConfigMap. The Role for v0.41.2 does have the suffix: https://github.com/kubernetes/ingress-nginx/blob/controller-v0.41.2/charts/ingress-nginx/templates/controller-role.yaml#L65 The Role for v1.0.4 does not have the suffix: https://github.com/kubernetes/ingress-nginx/blob/controller-v1.0.4/charts/ingress-nginx/templates/controller-role.yaml#L63 --- charts/nginx-ingress/templates/controller-role.yaml | 2 +- doc/charts/nginx/fork.md | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/charts/nginx-ingress/templates/controller-role.yaml b/charts/nginx-ingress/templates/controller-role.yaml index b0851762ed..7a93af7117 100644 --- a/charts/nginx-ingress/templates/controller-role.yaml +++ b/charts/nginx-ingress/templates/controller-role.yaml @@ -64,7 +64,7 @@ rules: resources: - configmaps resourceNames: - - {{ .Values.controller.electionID }}-{{ template "ingress-nginx.controller.ingress-class" . }} + - {{ .Values.controller.electionID }} verbs: - get - update diff --git a/doc/charts/nginx/fork.md b/doc/charts/nginx/fork.md index 6412a60524..1d233b1f36 100644 --- a/doc/charts/nginx/fork.md +++ b/doc/charts/nginx/fork.md @@ -19,7 +19,6 @@ The following adjustments were made to the NGINX fork: - GitLab chart overrides `ingress-nginx.tcp-configmap` so that `gitlab/gitlab-org/charts/gitlab-shell` can configure its TCP service - Ability to use a templated Ingress name based on the release name - `controller-deployment.yaml`: `.spec.template.spec.containers[0].args` uses `ingress-nginx.controller.ingress-class` - - `controller-role.yaml`: rule for editing leader ConfigMap uses `ingress-nginx.controller.ingress-class` - Replace `controller.service.loadBalancerIP` with `global.hosts.externalIP` - Added support to add common labels through `common.labels` configuration option - `controller-deployment.yaml`: -- GitLab From a6e001944e5a03c04ffceca5f09bbd31284bfe8e Mon Sep 17 00:00:00 2001 From: Jason Plum Date: Thu, 16 Dec 2021 22:41:44 +0000 Subject: [PATCH 43/48] Apply 1 suggestion(s) to 1 file(s) --- charts/nginx-ingress/templates/controller-role.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/charts/nginx-ingress/templates/controller-role.yaml b/charts/nginx-ingress/templates/controller-role.yaml index 7a93af7117..7e69d201da 100644 --- a/charts/nginx-ingress/templates/controller-role.yaml +++ b/charts/nginx-ingress/templates/controller-role.yaml @@ -24,7 +24,6 @@ rules: - pods - secrets - endpoints - - ingressclasses verbs: - get - list -- GitLab From c5f93981a4891a6d51382e2dfe8d8fc250693c01 Mon Sep 17 00:00:00 2001 From: Mitchell Nielsen Date: Fri, 17 Dec 2021 15:35:17 +0000 Subject: [PATCH 44/48] Revert matchLabels for controller component Reverts the changes to the matchLabels for the controlelr component so upgrade path is not broken due to field immutability. --- .../nginx-ingress/templates/controller-poddisruptionbudget.yaml | 2 +- charts/nginx-ingress/templates/controller-service-internal.yaml | 2 +- charts/nginx-ingress/templates/controller-servicemonitor.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/nginx-ingress/templates/controller-poddisruptionbudget.yaml b/charts/nginx-ingress/templates/controller-poddisruptionbudget.yaml index 20e0a6f8a9..a9be4b87a2 100644 --- a/charts/nginx-ingress/templates/controller-poddisruptionbudget.yaml +++ b/charts/nginx-ingress/templates/controller-poddisruptionbudget.yaml @@ -14,6 +14,6 @@ spec: selector: matchLabels: {{- include "ingress-nginx.selectorLabels" . | nindent 6 }} - app.kubernetes.io/component: controller + component: "{{ .Values.controller.name }}" minAvailable: {{ .Values.controller.minAvailable }} {{- end }} diff --git a/charts/nginx-ingress/templates/controller-service-internal.yaml b/charts/nginx-ingress/templates/controller-service-internal.yaml index 7e841519d8..7548756c0e 100644 --- a/charts/nginx-ingress/templates/controller-service-internal.yaml +++ b/charts/nginx-ingress/templates/controller-service-internal.yaml @@ -78,5 +78,5 @@ spec: {{- end }} selector: {{- include "ingress-nginx.selectorLabels" . | nindent 4 }} - app.kubernetes.io/component: controller + component: "{{ .Values.controller.name }}" {{- end }} diff --git a/charts/nginx-ingress/templates/controller-servicemonitor.yaml b/charts/nginx-ingress/templates/controller-servicemonitor.yaml index 2d93cc2d99..9705189a48 100644 --- a/charts/nginx-ingress/templates/controller-servicemonitor.yaml +++ b/charts/nginx-ingress/templates/controller-servicemonitor.yaml @@ -44,5 +44,5 @@ spec: selector: matchLabels: {{- include "ingress-nginx.selectorLabels" . | nindent 6 }} - app.kubernetes.io/component: controller + component: "{{ .Values.controller.name }}" {{- end }} -- GitLab From 1f39c27920d3df75d85c3562939fbb1ad49f3e4a Mon Sep 17 00:00:00 2001 From: Mitchell Nielsen Date: Fri, 17 Dec 2021 15:38:06 +0000 Subject: [PATCH 45/48] Revert changes to backend matchLabels Reverts changes to backend matchLabels to ensure upgrades are not broken due to field immutability, and to maintain consistency with other reverted changes. --- .../nginx-ingress/templates/default-backend-deployment.yaml | 4 ++-- .../templates/default-backend-poddisruptionbudget.yaml | 2 +- charts/nginx-ingress/templates/default-backend-service.yaml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/nginx-ingress/templates/default-backend-deployment.yaml b/charts/nginx-ingress/templates/default-backend-deployment.yaml index 82365c0217..8145138f6d 100644 --- a/charts/nginx-ingress/templates/default-backend-deployment.yaml +++ b/charts/nginx-ingress/templates/default-backend-deployment.yaml @@ -18,7 +18,7 @@ spec: selector: matchLabels: {{- include "ingress-nginx.selectorLabels" . | nindent 6 }} - app.kubernetes.io/component: default-backend + component: "{{ .Values.defaultBackend.name }}" {{- if not .Values.defaultBackend.autoscaling.enabled }} replicas: {{ .Values.defaultBackend.replicaCount }} {{- end }} @@ -30,7 +30,7 @@ spec: {{- end }} labels: {{- include "ingress-nginx.selectorLabels" . | nindent 8 }} - app.kubernetes.io/component: default-backend + component: "{{ .Values.defaultBackend.name }}" {{- include "gitlab.podLabels" . | nindent 8 }} {{- if .Values.defaultBackend.podLabels }} {{- toYaml .Values.defaultBackend.podLabels | nindent 8 }} diff --git a/charts/nginx-ingress/templates/default-backend-poddisruptionbudget.yaml b/charts/nginx-ingress/templates/default-backend-poddisruptionbudget.yaml index cf0747c01c..bf35d50643 100644 --- a/charts/nginx-ingress/templates/default-backend-poddisruptionbudget.yaml +++ b/charts/nginx-ingress/templates/default-backend-poddisruptionbudget.yaml @@ -14,6 +14,6 @@ spec: selector: matchLabels: {{- include "ingress-nginx.selectorLabels" . | nindent 6 }} - app.kubernetes.io/component: default-backend + component: "{{ .Values.defaultBackend.name }}" minAvailable: {{ .Values.defaultBackend.minAvailable }} {{- end }} diff --git a/charts/nginx-ingress/templates/default-backend-service.yaml b/charts/nginx-ingress/templates/default-backend-service.yaml index 5b54bc2562..f7e062db45 100644 --- a/charts/nginx-ingress/templates/default-backend-service.yaml +++ b/charts/nginx-ingress/templates/default-backend-service.yaml @@ -37,5 +37,5 @@ spec: {{- end }} selector: {{- include "ingress-nginx.selectorLabels" . | nindent 4 }} - app.kubernetes.io/component: default-backend + component: "{{ .Values.defaultBackend.name }}" {{- end }} -- GitLab From a805dade9b7bb864850faae56283b25fec485e2c Mon Sep 17 00:00:00 2001 From: Mitchell Nielsen Date: Fri, 17 Dec 2021 15:39:43 +0000 Subject: [PATCH 46/48] Revert changes to backend component labels Reverts changes to backend component labels, which were changed to print `controller` rather than `defaultbackend`. --- charts/nginx-ingress/templates/default-backend-deployment.yaml | 2 +- charts/nginx-ingress/templates/default-backend-hpa.yaml | 2 +- .../templates/default-backend-poddisruptionbudget.yaml | 2 +- charts/nginx-ingress/templates/default-backend-psp.yaml | 2 +- charts/nginx-ingress/templates/default-backend-role.yaml | 2 +- charts/nginx-ingress/templates/default-backend-rolebinding.yaml | 2 +- charts/nginx-ingress/templates/default-backend-service.yaml | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) diff --git a/charts/nginx-ingress/templates/default-backend-deployment.yaml b/charts/nginx-ingress/templates/default-backend-deployment.yaml index 8145138f6d..d6dc636de3 100644 --- a/charts/nginx-ingress/templates/default-backend-deployment.yaml +++ b/charts/nginx-ingress/templates/default-backend-deployment.yaml @@ -5,7 +5,7 @@ metadata: labels: {{- include "gitlab.standardLabels" . | nindent 4 }} {{- include "gitlab.commonLabels" . | nindent 4 }} - component: "{{ .Values.controller.name }}" + component: "{{ .Values.defaultBackend.name }}" {{- include "ingress-nginx.labels" . | nindent 4 }} app.kubernetes.io/component: default-backend name: {{ include "ingress-nginx.defaultBackend.fullname" . }} diff --git a/charts/nginx-ingress/templates/default-backend-hpa.yaml b/charts/nginx-ingress/templates/default-backend-hpa.yaml index f8a510e9dd..bcab496399 100644 --- a/charts/nginx-ingress/templates/default-backend-hpa.yaml +++ b/charts/nginx-ingress/templates/default-backend-hpa.yaml @@ -5,7 +5,7 @@ metadata: labels: {{- include "gitlab.standardLabels" . | nindent 4 }} {{- include "gitlab.commonLabels" . | nindent 4 }} - component: "{{ .Values.controller.name }}" + component: "{{ .Values.defaultBackend.name }}" {{- include "ingress-nginx.labels" . | nindent 4 }} app.kubernetes.io/component: default-backend name: {{ template "ingress-nginx.defaultBackend.fullname" . }} diff --git a/charts/nginx-ingress/templates/default-backend-poddisruptionbudget.yaml b/charts/nginx-ingress/templates/default-backend-poddisruptionbudget.yaml index bf35d50643..04590d2ed8 100644 --- a/charts/nginx-ingress/templates/default-backend-poddisruptionbudget.yaml +++ b/charts/nginx-ingress/templates/default-backend-poddisruptionbudget.yaml @@ -5,7 +5,7 @@ metadata: labels: {{- include "gitlab.standardLabels" . | nindent 4 }} {{- include "gitlab.commonLabels" . | nindent 4 }} - component: "{{ .Values.controller.name }}" + component: "{{ .Values.defaultBackend.name }}" {{- include "ingress-nginx.labels" . | nindent 4 }} app.kubernetes.io/component: default-backend name: {{ include "ingress-nginx.defaultBackend.fullname" . }} diff --git a/charts/nginx-ingress/templates/default-backend-psp.yaml b/charts/nginx-ingress/templates/default-backend-psp.yaml index e8687ea311..515106817b 100644 --- a/charts/nginx-ingress/templates/default-backend-psp.yaml +++ b/charts/nginx-ingress/templates/default-backend-psp.yaml @@ -6,7 +6,7 @@ metadata: labels: {{- include "gitlab.standardLabels" . | nindent 4 }} {{- include "gitlab.commonLabels" . | nindent 4 }} - component: "{{ .Values.controller.name }}" + component: "{{ .Values.defaultBackend.name }}" {{- include "ingress-nginx.labels" . | nindent 4 }} app.kubernetes.io/component: default-backend spec: diff --git a/charts/nginx-ingress/templates/default-backend-role.yaml b/charts/nginx-ingress/templates/default-backend-role.yaml index 56dcb86c95..2c1b9546bd 100644 --- a/charts/nginx-ingress/templates/default-backend-role.yaml +++ b/charts/nginx-ingress/templates/default-backend-role.yaml @@ -5,7 +5,7 @@ metadata: labels: {{- include "gitlab.standardLabels" . | nindent 4 }} {{- include "gitlab.commonLabels" . | nindent 4 }} - component: "{{ .Values.controller.name }}" + component: "{{ .Values.defaultBackend.name }}" {{- include "ingress-nginx.labels" . | nindent 4 }} app.kubernetes.io/component: default-backend name: {{ include "ingress-nginx.fullname" . }}-backend diff --git a/charts/nginx-ingress/templates/default-backend-rolebinding.yaml b/charts/nginx-ingress/templates/default-backend-rolebinding.yaml index 0bc5e3b3e7..6a7b4bae20 100644 --- a/charts/nginx-ingress/templates/default-backend-rolebinding.yaml +++ b/charts/nginx-ingress/templates/default-backend-rolebinding.yaml @@ -5,7 +5,7 @@ metadata: labels: {{- include "gitlab.standardLabels" . | nindent 4 }} {{- include "gitlab.commonLabels" . | nindent 4 }} - component: "{{ .Values.controller.name }}" + component: "{{ .Values.defaultBackend.name }}" {{- include "ingress-nginx.labels" . | nindent 4 }} app.kubernetes.io/component: default-backend name: {{ include "ingress-nginx.fullname" . }}-backend diff --git a/charts/nginx-ingress/templates/default-backend-service.yaml b/charts/nginx-ingress/templates/default-backend-service.yaml index f7e062db45..9bbd8325d1 100644 --- a/charts/nginx-ingress/templates/default-backend-service.yaml +++ b/charts/nginx-ingress/templates/default-backend-service.yaml @@ -8,7 +8,7 @@ metadata: labels: {{- include "gitlab.standardLabels" . | nindent 4 }} {{- include "gitlab.commonLabels" . | nindent 4 }} - component: "{{ .Values.controller.name }}" + component: "{{ .Values.defaultBackend.name }}" {{- include "ingress-nginx.labels" . | nindent 4 }} app.kubernetes.io/component: default-backend name: {{ include "ingress-nginx.defaultBackend.fullname" . }} -- GitLab From c68662568205f200709423ecd1961b8ab0b7c404 Mon Sep 17 00:00:00 2001 From: Mitchell Nielsen Date: Fri, 17 Dec 2021 09:57:41 -0600 Subject: [PATCH 47/48] Ensure all Ingresses are updated with API checks Ensures that all Ingresses get the updated API checks, which look for Capabilities and Values. --- charts/gitlab/charts/gitlab-grafana/templates/ingress.yaml | 2 +- charts/gitlab/charts/gitlab-pages/templates/ingress.yaml | 2 +- charts/gitlab/charts/kas/templates/ingress.yaml | 4 ++-- .../gitlab/charts/webservice/templates/ingress_smartcard.yaml | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/charts/gitlab/charts/gitlab-grafana/templates/ingress.yaml b/charts/gitlab/charts/gitlab-grafana/templates/ingress.yaml index 7819cccaa6..d6e67988d1 100644 --- a/charts/gitlab/charts/gitlab-grafana/templates/ingress.yaml +++ b/charts/gitlab/charts/gitlab-grafana/templates/ingress.yaml @@ -32,7 +32,7 @@ spec: http: paths: - path: /-/grafana{{ coalesce $.Values.ingress.path $.Values.global.ingress.path }} - {{ if $.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" -}} + {{ if or ($.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress") (eq $.Values.global.ingress.apiVersion "networking.k8s.io/v1") -}} pathType: {{ default "Prefix" $.Values.global.ingress.pathType }} backend: service: diff --git a/charts/gitlab/charts/gitlab-pages/templates/ingress.yaml b/charts/gitlab/charts/gitlab-pages/templates/ingress.yaml index 240359ca91..ff54a50455 100644 --- a/charts/gitlab/charts/gitlab-pages/templates/ingress.yaml +++ b/charts/gitlab/charts/gitlab-pages/templates/ingress.yaml @@ -25,7 +25,7 @@ spec: http: paths: - path: {{ coalesce $.Values.ingress.path $.Values.global.ingress.path }} - {{ if $.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" -}} + {{ if or ($.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress") (eq $.Values.global.ingress.apiVersion "networking.k8s.io/v1") -}} pathType: {{ default "Prefix" $.Values.global.ingress.pathType }} backend: service: diff --git a/charts/gitlab/charts/kas/templates/ingress.yaml b/charts/gitlab/charts/kas/templates/ingress.yaml index 0d5b9efbc4..4c91bc7048 100644 --- a/charts/gitlab/charts/kas/templates/ingress.yaml +++ b/charts/gitlab/charts/kas/templates/ingress.yaml @@ -25,7 +25,7 @@ spec: http: paths: - path: "{{ trimSuffix "/" $.Values.ingress.agentPath }}{{ $.Values.global.ingress.path }}" - {{ if $.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" -}} + {{ if or ($.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress") (eq $.Values.global.ingress.apiVersion "networking.k8s.io/v1") -}} pathType: {{ default "Prefix" $.Values.global.ingress.pathType }} backend: service: @@ -38,7 +38,7 @@ spec: servicePort: {{ .Values.service.externalPort }} {{- end }} - path: "{{ trimSuffix "/" $.Values.ingress.k8sApiPath }}{{ $.Values.global.ingress.path }}" - {{ if $.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" -}} + {{ if or ($.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress") (eq $.Values.global.ingress.apiVersion "networking.k8s.io/v1") -}} pathType: {{ default "Prefix" $.Values.global.ingress.pathType }} backend: service: diff --git a/charts/gitlab/charts/webservice/templates/ingress_smartcard.yaml b/charts/gitlab/charts/webservice/templates/ingress_smartcard.yaml index 8944bd4845..19e1b01953 100644 --- a/charts/gitlab/charts/webservice/templates/ingress_smartcard.yaml +++ b/charts/gitlab/charts/webservice/templates/ingress_smartcard.yaml @@ -44,7 +44,7 @@ spec: http: paths: - path: {{ .ingress.path }} - {{ if $.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" -}} + {{ if or ($.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress") (eq $.Values.global.ingress.apiVersion "networking.k8s.io/v1") -}} pathType: {{ default $.Values.global.ingress.pathType .ingress.pathType }} backend: service: -- GitLab From 4f118f23d8331313a5800b957a03f727047e6f7b Mon Sep 17 00:00:00 2001 From: Mitchell Nielsen Date: Fri, 17 Dec 2021 11:26:43 -0600 Subject: [PATCH 48/48] Add simple notice for NGINX requirements Adds a simple notice in NOTES.txt if NGINX is enabled, communicating that K8s 1.19+ is required and that all Ingresses must be at `networking.k8s.io/v1`. --- templates/NOTES.txt | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/templates/NOTES.txt b/templates/NOTES.txt index 0ab4250a16..7bca46fca8 100644 --- a/templates/NOTES.txt +++ b/templates/NOTES.txt @@ -114,6 +114,13 @@ WARNING: GitLab Pages configured to use disk storage via `{{ $component }}.extra {{- end }} {{- end }} +{{/* In-chart NGINX Ingress Controller notices */}} +{{- if eq true (index $.Values "nginx-ingress").enabled -}} +NOTICE: The in-chart NGINX Ingress Controller has the following requirements: + - Kubernetes version must be 1.19 or newer. + - Ingress objects must be in group/version `networking.k8s.io/v1`. +{{ end }} + {{/* run deprecations */}} {{ include "gitlab.deprecations" . }} {{/* run checkConfig */}} -- GitLab