Bitnami/charts
2
0
Fork 0
mirror of https://github.com/bitnami/charts.git synced 2026-03-06 06:58:50 +08:00
Code Issues Packages Projects Releases Wiki Activity

Nginx Ingress Controller chart

Browse Source
This commit is contained in:
Carlos Rodriguez Hernandez
2018-09-03 13:57:01 +00:00
parent c6c6846f6d
commit b9e5b772ba
26 changed files with 1758 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
bitnami/nginx-ingress-controller/.helmignore Normal file
View File

@@ -0,0 +1 @@
.git

18
bitnami/nginx-ingress-controller/Chart.yaml Normal file
View File

@@ -0,0 +1,18 @@
name: nginx-ingress-controller
version: 0.18.0
appVersion: 0.0.1
description: Chart for the nginx Ingress controller
keywords:
- ingress
- nginx
- http
- web
- www
- reverse proxy
home: http://www.nginx.org
sources:
- https://github.com/bitnami/bitnami-docker-nginx-ingress-controller
maintainers:
- name: Bitnami
email: containers@bitnami.com
engine: gotpl

177
bitnami/nginx-ingress-controller/README.md Normal file
View File

@@ -0,0 +1,177 @@
# Nginx Ingress Controller
[nginx-ingress](https://github.com/kubernetes/ingress-nginx) is an Ingress controller that uses ConfigMap to store the Nginx configuration.
## TL;DR;
```bash
$ helm install bitnami/nginx-ingress-controller
```
## Introduction
Bitnami charts for Helm are carefully engineered, actively maintained and are the quickest and easiest way to deploy containers on a Kubernetes cluster that are ready to handle production workloads.
This chart bootstraps a [nginx-ingress](https://github.com/kubernetes/ingress-nginx) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
## Prerequisites
- Kubernetes 1.6+
## Installing the Chart
To install the chart with the release name `my-release`:
```bash
$ helm install --name my-release bitnami/nginx-ingress-controller
```
The command deploys nginx-ingress-controller on the Kubernetes cluster in the default configuration.
> **Tip**: List all releases using `helm list`
## Uninstalling the Chart
To uninstall/delete the `my-release` deployment:
```bash
$ helm delete my-release
```
The command removes all the Kubernetes components associated with the chart and deletes the release.
## Configuration
The following tables lists the configurable parameters of the nginx-ingress-controller chart and their default values.
Parameter | Description | Default
--- | --- | ---
`controller.name` | name of the controller component | `controller`
`controller.image.registry` | name of the container image registry | `docker.io`
`controller.image.repository` | controller container image repository | `bitnami/nginx-ingress-controller`
`controller.image.tag` | controller container image tag | `0.18.0-debian-9`
`controller.image.pullPolicy` | controller container image pull policy | `IfNotPresent`
`controller.config` | nginx ConfigMap entries | none
`controller.hostNetwork` | If the nginx deployment / daemonset should run on the host's network namespace. Do not set this when `controller.service.externalIPs` is set and `kube-proxy` is used as there will be a port-conflict for port `80` | false
`controller.defaultBackendService` | default 404 backend service; required only if `defaultBackend.enabled = false` | `""`
`controller.electionID` | election ID to use for the status update | `ingress-controller-leader`
`controller.extraEnvs` | any additional environment variables to set in the pods | `{}`
`controller.extraContainers` | Sidecar containers to add to the controller pod. See [LemonLDAP::NG controller](https://github.com/lemonldap-ng-controller/lemonldap-ng-controller) as example | `{}`
`controller.extraVolumeMounts` | Additional volumeMounts to the controller main container | `{}`
`controller.extraVolumes` | Additional volumes to the controller pod | `{}`
`controller.extraInitContainers` | Containers, which are run before the app containers are started | `[]`
`controller.ingressClass` | name of the ingress class to route through this controller | `nginx`
`controller.scope.enabled` | limit the scope of the ingress controller | `false` (watch all namespaces)
`controller.scope.namespace` | namespace to watch for ingress | `""` (use the release namespace)
`controller.extraArgs` | Additional controller container arguments | `{}`
`controller.kind` | install as Deployment or DaemonSet | `Deployment`
`controller.daemonset.useHostPort` | If `controller.kind` is `DaemonSet`, this will enable `hostPort` for TCP/80 and TCP/443 | false
`controller.daemonset.hostPorts.http` | If `controller.daemonset.useHostPort` is `true` and this is non-empty, it sets the hostPort | `"80"`
`controller.daemonset.hostPorts.https` | If `controller.daemonset.useHostPort` is `true` and this is non-empty, it sets the hostPort | `"443"`
`controller.tolerations` | node taints to tolerate (requires Kubernetes >=1.6) | `[]`
`controller.affinity` | node/pod affinities (requires Kubernetes >=1.6) | `{}`
`controller.minReadySeconds` | how many seconds a pod needs to be ready before killing the next, during update | `0`
`controller.nodeSelector` | node labels for pod assignment | `{}`
`controller.podAnnotations` | annotations to be added to pods | `{}`
`controller.podLabels` | labels to add to the pod container metadata | `{}`
`controller.replicaCount` | desired number of controller pods | `1`
`controller.minAvailable` | minimum number of available controller pods for PodDisruptionBudget | `1`
`controller.resources` | controller pod resource requests & limits | `{}`
`controller.priorityClassName` | controller priorityClassName | `nil`
`controller.lifecycle` | controller pod lifecycle hooks | `{}`
`controller.service.annotations` | annotations for controller service | `{}`
`controller.service.labels` | labels for controller service | `{}`
`controller.publishService.enabled` | if true, the controller will set the endpoint records on the ingress objects to reflect those on the service | `false`
`controller.publishService.pathOverride` | override of the default publish-service name | `""`
`controller.service.clusterIP` | internal controller cluster service IP | `""`
`controller.service.externalIPs` | controller service external IP addresses. Do not set this when `controller.hostNetwork` is set to `true` and `kube-proxy` is used as there will be a port-conflict for port `80` | `[]`
`controller.service.externalTrafficPolicy` | If `controller.service.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable [source IP preservation](https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-typenodeport) | `"Cluster"`
`controller.service.healthCheckNodePort` | If `controller.service.type` is `NodePort` or `LoadBalancer` and `controller.service.externalTrafficPolicy` is set to `Local`, set this to [the managed health-check port the kube-proxy will expose](https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-typenodeport). If blank, a random port in the `NodePort` range will be assigned | `""`
`controller.service.loadBalancerIP` | IP address to assign to load balancer (if supported) | `""`
`controller.service.loadBalancerSourceRanges` | list of IP CIDRs allowed access to load balancer (if supported) | `[]`
`controller.service.enableHttp` | if port 80 should be opened for service | `true`
`controller.service.enableHttps` | if port 443 should be opened for service | `true`
`controller.service.targetPorts.http` | Sets the targetPort that maps to the Ingress' port 80 | `80`
`controller.service.targetPorts.https` | Sets the targetPort that maps to the Ingress' port 443 | `443`
`controller.service.type` | type of controller service to create | `LoadBalancer`
`controller.service.nodePorts.http` | If `controller.service.type` is `NodePort` and this is non-empty, it sets the nodePort that maps to the Ingress' port 80 | `""`
`controller.service.nodePorts.https` | If `controller.service.type` is `NodePort` and this is non-empty, it sets the nodePort that maps to the Ingress' port 443 | `""`
`controller.livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 10
`controller.livenessProbe.periodSeconds` | How often to perform the probe | 10
`controller.livenessProbe.timeoutSeconds` | When the probe times out | 5
`controller.livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | 1
`controller.livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 3
`controller.livenessProbe.port` | The port number that the liveness probe will listen on. | 10254
`controller.readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated | 10
`controller.readinessProbe.periodSeconds` | How often to perform the probe | 10
`controller.readinessProbe.timeoutSeconds` | When the probe times out | 1
`controller.readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | 1
`controller.readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 3
`controller.readinessProbe.port` | The port number that the readiness probe will listen on. | 10254
`controller.stats.enabled` | if `true`, enable "vts-status" page | `false`
`controller.stats.service.annotations` | annotations for controller stats service | `{}`
`controller.stats.service.clusterIP` | internal controller stats cluster service IP | `""`
`controller.stats.service.externalIPs` | controller service stats external IP addresses | `[]`
`controller.stats.service.loadBalancerIP` | IP address to assign to load balancer (if supported) | `""`
`controller.stats.service.loadBalancerSourceRanges` | list of IP CIDRs allowed access to load balancer (if supported) | `[]`
`controller.stats.service.type` | type of controller stats service to create | `ClusterIP`
`controller.metrics.enabled` | if `true`, enable Prometheus metrics (`controller.stats.enabled` must be `true` as well) | `false`
`controller.metrics.service.annotations` | annotations for Prometheus metrics service | `{}`
`controller.metrics.service.clusterIP` | cluster IP address to assign to service | `""`
`controller.metrics.service.externalIPs` | Prometheus metrics service external IP addresses | `[]`
`controller.metrics.service.loadBalancerIP` | IP address to assign to load balancer (if supported) | `""`
`controller.metrics.service.loadBalancerSourceRanges` | list of IP CIDRs allowed access to load balancer (if supported) | `[]`
`controller.metrics.service.servicePort` | Prometheus metrics service port | `9913`
`controller.metrics.service.type` | type of Prometheus metrics service to create | `ClusterIP`
`controller.customTemplate.configMapName` | configMap containing a custom nginx template | `""`
`controller.customTemplate.configMapKey` | configMap key containing the nginx template | `""`
`controller.headers` | configMap key:value pairs containing the [custom headers](https://github.com/kubernetes/ingress-nginx/tree/master/docs/examples/customization/custom-headers) for Nginx | `{}`
`controller.updateStrategy` | allows setting of RollingUpdate strategy | `{}`
`defaultBackend.enabled` | If false, controller.defaultBackendService must be provided | `true`
`defaultBackend.name` | name of the default backend component | `default-backend`
`defaultBackend.image.repository` | default backend container image repository | `k8s.gcr.io/defaultbackend`
`defaultBackend.image.tag` | default backend container image tag | `1.4`
`defaultBackend.image.pullPolicy` | default backend container image pull policy | `IfNotPresent`
`defaultBackend.extraArgs` | Additional default backend container arguments | `{}`
`defaultBackend.port` | Http port number | `8080`
`defaultBackend.tolerations` | node taints to tolerate (requires Kubernetes >=1.6) | `[]`
`defaultBackend.affinity` | node/pod affinities (requires Kubernetes >=1.6) | `{}`
`defaultBackend.nodeSelector` | node labels for pod assignment | `{}`
`defaultBackend.podAnnotations` | annotations to be added to pods | `{}`
`defaultBackend.podLabels` | labels to add to the pod container metadata | `{}`
`defaultBackend.replicaCount` | desired number of default backend pods | `1`
`defaultBackend.minAvailable` | minimum number of available default backend pods for PodDisruptionBudget | `1`
`defaultBackend.resources` | default backend pod resource requests & limits | `{}`
`defaultBackend.priorityClassName` | default backend priorityClassName | `nil`
`defaultBackend.service.annotations` | annotations for default backend service | `{}`
`defaultBackend.service.clusterIP` | internal default backend cluster service IP | `""`
`defaultBackend.service.externalIPs` | default backend service external IP addresses | `[]`
`defaultBackend.service.loadBalancerIP` | IP address to assign to load balancer (if supported) | `""`
`defaultBackend.service.loadBalancerSourceRanges` | list of IP CIDRs allowed access to load balancer (if supported) | `[]`
`defaultBackend.service.type` | type of default backend service to create | `ClusterIP`
`imagePullSecrets` | name of Secret resource containing private registry credentials | `nil`
`rbac.create` | if `true`, create & use RBAC resources | `true`
`podSecurityPolicy.enabled` | if `true`, create & use Pod Security Policy resources | `false`
`serviceAccount.create` | if `true`, create a service account | ``
`serviceAccount.name` | The name of the service account to use. If not set and `create` is `true`, a name is generated using the fullname template. | ``
`revisionHistoryLimit` | The number of old history to retain to allow rollback. | `10`
`tcp` | TCP service key:value pairs | `{}`
`udp` | UDP service key:value pairs | `{}` |
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
```bash
$ helm install --name my-release \
--set controller.image.pullPolicy=Always \
bitnami/nginx-ingress-controller
```
The above command sets the `controller.image.pullPolicy` to `Always`.
Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example,
```bash
$ helm install --name my-release -f values.yaml bitnami/nginx-ingress-controller
```
> **Tip**: You can use the default [values.yaml](values.yaml)

64
bitnami/nginx-ingress-controller/templates/NOTES.txt Normal file
View File

@@ -0,0 +1,64 @@
The nginx-ingress controller has been installed.
{{- if contains "NodePort" .Values.controller.service.type }}
Get the application URL by running these commands:
{{- if (not (empty .Values.controller.service.nodePorts.http)) }}
export HTTP_NODE_PORT={{ .Values.controller.service.nodePorts.http }}
{{- else }}
export HTTP_NODE_PORT=$(kubectl --namespace {{ .Release.Namespace }} get services -o jsonpath="{.spec.ports[0].nodePort}" {{ template "nginx-ingress.controller.fullname" . }})
{{- end }}
{{- if (not (empty .Values.controller.service.nodePorts.https)) }}
export HTTPS_NODE_PORT={{ .Values.controller.service.nodePorts.https }}
{{- else }}
export HTTPS_NODE_PORT=$(kubectl --namespace {{ .Release.Namespace }} get services -o jsonpath="{.spec.ports[1].nodePort}" {{ template "nginx-ingress.controller.fullname" . }})
{{- end }}
export NODE_IP=$(kubectl --namespace {{ .Release.Namespace }} get nodes -o jsonpath="{.items[0].status.addresses[1].address}")
echo "Visit http://$NODE_IP:$HTTP_NODE_PORT to access your application via HTTP."
echo "Visit https://$NODE_IP:$HTTPS_NODE_PORT to access your application via HTTPS."
{{- else if contains "LoadBalancer" .Values.controller.service.type }}
It may take a few minutes for the LoadBalancer IP to be available.
You can watch the status by running 'kubectl --namespace {{ .Release.Namespace }} get services -o wide -w {{ template "nginx-ingress.controller.fullname" . }}'
{{- else if contains "ClusterIP" .Values.controller.service.type }}
Get the application URL by running these commands:
export POD_NAME=$(kubectl --namespace {{ .Release.Namespace }} get pods -o jsonpath="{.items[0].metadata.name}" -l "app={{ template "nginx-ingress.name" . }},component={{ .Values.controller.name }},release={{ .Release.Name }}")
kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:80
echo "Visit http://127.0.0.1:8080 to access your application."
{{- end }}
An example Ingress that makes use of the controller:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: {{ .Values.controller.ingressClass }}
name: example
namespace: foo
spec:
rules:
- host: www.example.com
http:
paths:
- backend:
serviceName: exampleService
servicePort: 80
path: /
# This section is only required if TLS is to be enabled for the Ingress
tls:
- hosts:
- www.example.com
secretName: example-tls
If TLS is enabled for the Ingress, a Secret containing the certificate and key must also be provided:
apiVersion: v1
kind: Secret
metadata:
name: example-tls
namespace: foo
data:
tls.crt: <base64 encoded cert>
tls.key: <base64 encoded key>
type: kubernetes.io/tls

72
bitnami/nginx-ingress-controller/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,72 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "nginx-ingress.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "nginx-ingress.fullname" -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{/*
Create a default fully qualified controller name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "nginx-ingress.controller.fullname" -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- printf "%s-%s" .Release.Name .Values.controller.name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s-%s" .Release.Name $name .Values.controller.name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{/*
Construct the path for the publish-service.
By convention this will simply use the <namespace>/<controller-name> to match the name of the
service generated.
Users can provide an override for an explicit service they want bound via `.Values.controller.publishService.pathOverride`
*/}}
{{- define "nginx-ingress.controller.publishServicePath" -}}
{{- $defServiceName := printf "%s/%s" .Release.Namespace (include "nginx-ingress.controller.fullname" .) -}}
{{- $servicePath := default $defServiceName .Values.controller.publishService.pathOverride }}
{{- print $servicePath | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified default backend name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "nginx-ingress.defaultBackend.fullname" -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- printf "%s-%s" .Release.Name .Values.defaultBackend.name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s-%s" .Release.Name $name .Values.defaultBackend.name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{/*
Create the name of the service account to use
*/}}
{{- define "nginx-ingress.serviceAccountName" -}}
{{- if .Values.serviceAccount.create -}}
{{ default (include "nginx-ingress.fullname" .) .Values.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.serviceAccount.name }}
{{- end -}}
{{- end -}}

69
bitnami/nginx-ingress-controller/templates/clusterrole.yaml Normal file
View File

@@ -0,0 +1,69 @@
{{- if and .Values.rbac.create (not .Values.controller.scope.enabled) -}}
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
labels:
app: {{ template "nginx-ingress.name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
name: {{ template "nginx-ingress.fullname" . }}
rules:
- apiGroups:
- ""
resources:
- configmaps
- endpoints
- nodes
- pods
- secrets
verbs:
- list
- watch
{{- if and .Values.controller.scope.enabled .Values.controller.scope.namespace }}
- apiGroups:
- ""
resources:
- namespaces
resourceNames:
- "{{ .Values.controller.scope.namespace }}"
verbs:
- get
{{- end }}
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- apiGroups:
- ""
resources:
- services
verbs:
- get
- list
- update
- watch
- apiGroups:
- extensions
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- extensions
resources:
- ingresses/status
verbs:
- update
{{- end -}}

19
bitnami/nginx-ingress-controller/templates/clusterrolebinding.yaml Normal file
View File

@@ -0,0 +1,19 @@
{{- if and .Values.rbac.create (not .Values.controller.scope.enabled) -}}
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
labels:
app: {{ template "nginx-ingress.name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
name: {{ template "nginx-ingress.fullname" . }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ template "nginx-ingress.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ template "nginx-ingress.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
{{- end -}}

18
bitnami/nginx-ingress-controller/templates/controller-configmap.yaml Normal file
View File

@@ -0,0 +1,18 @@
apiVersion: v1
kind: ConfigMap
metadata:
labels:
app: {{ template "nginx-ingress.name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version }}
component: "{{ .Values.controller.name }}"
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
name: {{ template "nginx-ingress.controller.fullname" . }}
data:
enable-vts-status: "{{ .Values.controller.stats.enabled }}"
{{- if .Values.controller.headers }}
proxy-set-headers: {{ .Release.Namespace }}/{{ template "nginx-ingress.fullname" . }}-custom-headers
{{- end }}
{{- if .Values.controller.config }}
{{ toYaml .Values.controller.config | indent 2 }}
{{- end }}

205
bitnami/nginx-ingress-controller/templates/controller-daemonset.yaml Normal file
View File

@@ -0,0 +1,205 @@
{{- if eq .Values.controller.kind "DaemonSet" }}
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
labels:
app: {{ template "nginx-ingress.name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version }}
component: "{{ .Values.controller.name }}"
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
name: {{ template "nginx-ingress.controller.fullname" . }}
spec:
revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
updateStrategy:
{{ toYaml .Values.controller.updateStrategy | indent 4 }}
minReadySeconds: {{ .Values.controller.minReadySeconds }}
template:
metadata:
annotations:
checksum/config: {{ include (print $.Template.BasePath "/controller-configmap.yaml") . | sha256sum }}
{{- if .Values.controller.podAnnotations }}
{{ toYaml .Values.controller.podAnnotations | indent 8}}
{{- end }}
labels:
app: {{ template "nginx-ingress.name" . }}
component: "{{ .Values.controller.name }}"
release: {{ .Release.Name }}
{{- if .Values.controller.podLabels }}
{{ toYaml .Values.controller.podLabels | indent 8}}
{{- end }}
spec:
dnsPolicy: {{ .Values.controller.dnsPolicy }}
{{- if .Values.imagePullSecrets }}
imagePullSecrets:
{{ toYaml .Values.imagePullSecrets | indent 8 }}
{{- end }}
{{- if .Values.controller.priorityClassName }}
priorityClassName: "{{ .Values.controller.priorityClassName }}"
{{- end }}
containers:
- name: {{ template "nginx-ingress.name" . }}-{{ .Values.controller.name }}
image: "{{ .Values.controller.image.repository }}:{{ .Values.controller.image.tag }}"
imagePullPolicy: "{{ .Values.controller.image.pullPolicy }}"
{{- if .Values.controller.lifecycle }}
lifecycle:
{{ toYaml .Values.controller.lifecycle | indent 12 }}
{{- end }}
args:
- /nginx-ingress-controller
- --default-backend-service={{ if .Values.defaultBackend.enabled }}{{ .Release.Namespace }}/{{ template "nginx-ingress.defaultBackend.fullname" . }}{{ else }}{{ .Values.controller.defaultBackendService }}{{ end }}
{{- if and (semverCompare ">=0.9.0-beta.1" .Values.controller.image.tag) .Values.controller.publishService.enabled }}
- --publish-service={{ template "nginx-ingress.controller.publishServicePath" . }}
{{- end }}
{{- if (semverCompare ">=0.9.0-beta.1" .Values.controller.image.tag) }}
- --election-id={{ .Values.controller.electionID }}
{{- end }}
{{- if (semverCompare ">=0.9.0-beta.1" .Values.controller.image.tag) }}
- --ingress-class={{ .Values.controller.ingressClass }}
{{- end }}
{{- if (semverCompare ">=0.9.0-beta.1" .Values.controller.image.tag) }}
- --configmap={{ .Release.Namespace }}/{{ template "nginx-ingress.controller.fullname" . }}
{{- else }}
- --nginx-configmap={{ .Release.Namespace }}/{{ template "nginx-ingress.controller.fullname" . }}
{{- end }}
{{- if .Values.tcp }}
- --tcp-services-configmap={{ .Release.Namespace }}/{{ template "nginx-ingress.fullname" . }}-tcp
{{- end }}
{{- if .Values.udp }}
- --udp-services-configmap={{ .Release.Namespace }}/{{ template "nginx-ingress.fullname" . }}-udp
{{- end }}
{{- if .Values.controller.scope.enabled }}
- --watch-namespace={{ default .Release.Namespace .Values.controller.scope.namespace }}
{{- end }}
{{- range $key, $value := .Values.controller.extraArgs }}
{{- if $value }}
- --{{ $key }}={{ $value }}
{{- else }}
- --{{ $key }}
{{- end }}
{{- end }}
{{- if (semverCompare ">=0.16.0" .Values.controller.image.tag) }}
securityContext:
capabilities:
drop:
- ALL
add:
- NET_BIND_SERVICE
# www-data -> 33
runAsUser: 33
{{- end }}
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
{{- if .Values.controller.extraEnvs }}
{{ toYaml .Values.controller.extraEnvs | indent 12 }}
{{- end }}
livenessProbe:
httpGet:
path: /healthz
port: {{ .Values.controller.livenessProbe.port }}
scheme: HTTP
initialDelaySeconds: {{ .Values.controller.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.controller.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.controller.livenessProbe.timeoutSeconds }}
successThreshold: {{ .Values.controller.livenessProbe.successThreshold }}
failureThreshold: {{ .Values.controller.livenessProbe.failureThreshold }}
ports:
- name: http
containerPort: 80
protocol: TCP
{{- if .Values.controller.daemonset.useHostPort }}
hostPort: {{ .Values.controller.daemonset.hostPorts.http }}
{{- end }}
- name: https
containerPort: 443
protocol: TCP
{{- if .Values.controller.daemonset.useHostPort }}
hostPort: {{ .Values.controller.daemonset.hostPorts.https }}
{{- end }}
{{- if .Values.controller.stats.enabled }}
- name: stats
containerPort: 18080
protocol: TCP
{{- if .Values.controller.metrics.enabled }}
- name: metrics
containerPort: 10254
protocol: TCP
{{- end }}
{{- end }}
{{- range $key, $value := .Values.tcp }}
- name: "{{ $key }}-tcp"
containerPort: {{ $key }}
protocol: TCP
{{- end }}
{{- range $key, $value := .Values.udp }}
- name: "{{ $key }}-udp"
containerPort: {{ $key }}
protocol: UDP
{{- end }}
readinessProbe:
httpGet:
path: /healthz
port: {{ .Values.controller.readinessProbe.port }}
scheme: HTTP
initialDelaySeconds: {{ .Values.controller.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.controller.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.controller.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }}
{{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts) }}
volumeMounts:
{{- end }}
{{- if .Values.controller.customTemplate.configMapName }}
- mountPath: /etc/nginx/template
name: nginx-template-volume
readOnly: true
{{- end }}
{{- if .Values.controller.extraVolumeMounts }}
{{ toYaml .Values.controller.extraVolumeMounts | indent 10}}
{{- end }}
resources:
{{ toYaml .Values.controller.resources | indent 12 }}
{{- if .Values.controller.extraContainers }}
{{ toYaml .Values.controller.extraContainers | indent 8}}
{{- end }}
{{- if .Values.controller.extraInitContainers }}
initContainers:
{{ toYaml .Values.controller.extraInitContainers | indent 8}}
{{- end }}
hostNetwork: {{ .Values.controller.hostNetwork }}
{{- if .Values.controller.nodeSelector }}
nodeSelector:
{{ toYaml .Values.controller.nodeSelector | indent 8 }}
{{- end }}
{{- if .Values.controller.tolerations }}
tolerations:
{{ toYaml .Values.controller.tolerations | indent 8 }}
{{- end }}
{{- if .Values.controller.affinity }}
affinity:
{{ toYaml .Values.controller.affinity | indent 8 }}
{{- end }}
serviceAccountName: {{ template "nginx-ingress.serviceAccountName" . }}
terminationGracePeriodSeconds: 60
{{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumes) }}
volumes:
{{- end }}
{{- if .Values.controller.customTemplate.configMapName }}
- name: nginx-template-volume
configMap:
name: {{ .Values.controller.customTemplate.configMapName }}
items:
- key: {{ .Values.controller.customTemplate.configMapKey }}
path: nginx.tmpl
{{- end }}
{{- if .Values.controller.extraVolumes }}
{{ toYaml .Values.controller.extraVolumes | indent 6}}
{{- end }}
{{- end }}

199
bitnami/nginx-ingress-controller/templates/controller-deployment.yaml Normal file
View File

@@ -0,0 +1,199 @@
{{- if eq .Values.controller.kind "Deployment" }}
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
labels:
app: {{ template "nginx-ingress.name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version }}
component: "{{ .Values.controller.name }}"
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
name: {{ template "nginx-ingress.controller.fullname" . }}
spec:
replicas: {{ .Values.controller.replicaCount }}
revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
strategy:
{{ toYaml .Values.controller.updateStrategy | indent 4 }}
minReadySeconds: {{ .Values.controller.minReadySeconds }}
template:
metadata:
{{- if .Values.controller.podAnnotations }}
annotations:
{{ toYaml .Values.controller.podAnnotations | indent 8}}
{{- end }}
labels:
app: {{ template "nginx-ingress.name" . }}
component: "{{ .Values.controller.name }}"
release: {{ .Release.Name }}
{{- if .Values.controller.podLabels }}
{{ toYaml .Values.controller.podLabels | indent 8 }}
{{- end }}
spec:
dnsPolicy: {{ .Values.controller.dnsPolicy }}
{{- if .Values.imagePullSecrets }}
imagePullSecrets:
{{ toYaml .Values.imagePullSecrets | indent 8 }}
{{- end }}
{{- if .Values.controller.priorityClassName }}
priorityClassName: "{{ .Values.controller.priorityClassName }}"
{{- end }}
containers:
- name: {{ template "nginx-ingress.name" . }}-{{ .Values.controller.name }}
image: "{{ .Values.controller.image.repository }}:{{ .Values.controller.image.tag }}"
imagePullPolicy: "{{ .Values.controller.image.pullPolicy }}"
{{- if .Values.controller.lifecycle }}
lifecycle:
{{ toYaml .Values.controller.lifecycle | indent 12 }}
{{- end }}
args:
- /nginx-ingress-controller
- --default-backend-service={{ if .Values.defaultBackend.enabled }}{{ .Release.Namespace }}/{{ template "nginx-ingress.defaultBackend.fullname" . }}{{ else }}{{ .Values.controller.defaultBackendService }}{{ end }}
{{- if and (semverCompare ">=0.9.0-beta.1" .Values.controller.image.tag) .Values.controller.publishService.enabled }}
- --publish-service={{ template "nginx-ingress.controller.publishServicePath" . }}
{{- end }}
{{- if (semverCompare ">=0.9.0-beta.1" .Values.controller.image.tag) }}
- --election-id={{ .Values.controller.electionID }}
{{- end }}
{{- if (semverCompare ">=0.9.0-beta.1" .Values.controller.image.tag) }}
- --ingress-class={{ .Values.controller.ingressClass }}
{{- end }}
{{- if (semverCompare ">=0.9.0-beta.1" .Values.controller.image.tag) }}
- --configmap={{ .Release.Namespace }}/{{ template "nginx-ingress.controller.fullname" . }}
{{- else }}
- --nginx-configmap={{ .Release.Namespace }}/{{ template "nginx-ingress.controller.fullname" . }}
{{- end }}
{{- if .Values.tcp }}
- --tcp-services-configmap={{ .Release.Namespace }}/{{ template "nginx-ingress.fullname" . }}-tcp
{{- end }}
{{- if .Values.udp }}
- --udp-services-configmap={{ .Release.Namespace }}/{{ template "nginx-ingress.fullname" . }}-udp
{{- end }}
{{- if .Values.controller.scope.enabled }}
- --watch-namespace={{ default .Release.Namespace .Values.controller.scope.namespace }}
{{- end }}
{{- range $key, $value := .Values.controller.extraArgs }}
{{- if $value }}
- --{{ $key }}={{ $value }}
{{- else }}
- --{{ $key }}
{{- end }}
{{- end }}
{{- if (semverCompare ">=0.16.0" .Values.controller.image.tag) }}
securityContext:
capabilities:
drop:
- ALL
add:
- NET_BIND_SERVICE
# www-data -> 33
runAsUser: 33
{{- end }}
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
{{- if .Values.controller.extraEnvs }}
{{ toYaml .Values.controller.extraEnvs | indent 12 }}
{{- end }}
livenessProbe:
httpGet:
path: /healthz
port: {{ .Values.controller.livenessProbe.port }}
scheme: HTTP
initialDelaySeconds: {{ .Values.controller.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.controller.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.controller.livenessProbe.timeoutSeconds }}
successThreshold: {{ .Values.controller.livenessProbe.successThreshold }}
failureThreshold: {{ .Values.controller.livenessProbe.failureThreshold }}
ports:
- name: http
containerPort: 80
protocol: TCP
- name: https
containerPort: 443
protocol: TCP
{{- if .Values.controller.stats.enabled }}
- name: stats
containerPort: 18080
protocol: TCP
{{- if .Values.controller.metrics.enabled }}
- name: metrics
containerPort: 10254
protocol: TCP
{{- end }}
{{- end }}
{{- range $key, $value := .Values.tcp }}
- name: "{{ $key }}-tcp"
containerPort: {{ $key }}
protocol: TCP
{{- end }}
{{- range $key, $value := .Values.udp }}
- name: "{{ $key }}-udp"
containerPort: {{ $key }}
protocol: UDP
{{- end }}
readinessProbe:
httpGet:
path: /healthz
port: {{ .Values.controller.readinessProbe.port }}
scheme: HTTP
initialDelaySeconds: {{ .Values.controller.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.controller.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.controller.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }}
{{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts) }}
volumeMounts:
{{- end }}
{{- if .Values.controller.customTemplate.configMapName }}
- mountPath: /etc/nginx/template
name: nginx-template-volume
readOnly: true
{{- end }}
{{- if .Values.controller.extraVolumeMounts }}
{{ toYaml .Values.controller.extraVolumeMounts | indent 12}}
{{- end }}
resources:
{{ toYaml .Values.controller.resources | indent 12 }}
{{- if .Values.controller.extraContainers }}
{{ toYaml .Values.controller.extraContainers | indent 8}}
{{- end }}
{{- if .Values.controller.extraInitContainers }}
initContainers:
{{ toYaml .Values.controller.extraInitContainers | indent 8}}
{{- end }}
hostNetwork: {{ .Values.controller.hostNetwork }}
{{- if .Values.controller.nodeSelector }}
nodeSelector:
{{ toYaml .Values.controller.nodeSelector | indent 8 }}
{{- end }}
{{- if .Values.controller.tolerations }}
tolerations:
{{ toYaml .Values.controller.tolerations | indent 8 }}
{{- end }}
{{- if .Values.controller.affinity }}
affinity:
{{ toYaml .Values.controller.affinity | indent 8 }}
{{- end }}
serviceAccountName: {{ template "nginx-ingress.serviceAccountName" . }}
terminationGracePeriodSeconds: 60
{{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumes) }}
volumes:
{{- end }}
{{- if .Values.controller.customTemplate.configMapName }}
- name: nginx-template-volume
configMap:
name: {{ .Values.controller.customTemplate.configMapName }}
items:
- key: {{ .Values.controller.customTemplate.configMapKey }}
path: nginx.tmpl
{{- end }}
{{- if .Values.controller.extraVolumes }}
{{ toYaml .Values.controller.extraVolumes | indent 8}}
{{- end }}
{{- end }}

30
bitnami/nginx-ingress-controller/templates/controller-hpa.yaml Normal file
View File

@@ -0,0 +1,30 @@
{{- if eq .Values.controller.kind "Deployment" }}
{{- if .Values.controller.autoscaling.enabled }}
apiVersion: autoscaling/v2beta1
kind: HorizontalPodAutoscaler
metadata:
labels:
app: {{ template "nginx-ingress.name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version }}
component: "{{ .Values.controller.name }}"
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
name: {{ template "nginx-ingress.controller.fullname" . }}
spec:
scaleTargetRef:
apiVersion: apps/v1beta1
kind: Deployment
name: {{ template "nginx-ingress.controller.fullname" . }}
minReplicas: {{ .Values.controller.autoscaling.minReplicas }}
maxReplicas: {{ .Values.controller.autoscaling.maxReplicas }}
metrics:
- type: Resource
resource:
name: cpu
targetAverageUtilization: {{ .Values.controller.autoscaling.targetCPUUtilizationPercentage }}
- type: Resource
resource:
name: memory
targetAverageUtilization: {{ .Values.controller.autoscaling.targetMemoryUtilizationPercentage }}
{{- end }}
{{- end }}

38
bitnami/nginx-ingress-controller/templates/controller-metrics-service.yaml Normal file
View File

@@ -0,0 +1,38 @@
{{- if and .Values.controller.stats.enabled .Values.controller.metrics.enabled }}
apiVersion: v1
kind: Service
metadata:
{{- if .Values.controller.metrics.service.annotations }}
annotations:
{{ toYaml .Values.controller.metrics.service.annotations | indent 4 }}
{{- end }}
labels:
app: {{ template "nginx-ingress.name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version }}
component: "{{ .Values.controller.name }}"
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
name: {{ template "nginx-ingress.controller.fullname" . }}-metrics
spec:
clusterIP: "{{ .Values.controller.metrics.service.clusterIP }}"
{{- if .Values.controller.metrics.service.externalIPs }}
externalIPs:
{{ toYaml .Values.controller.metrics.service.externalIPs | indent 4 }}
{{- end }}
{{- if .Values.controller.metrics.service.loadBalancerIP }}
loadBalancerIP: "{{ .Values.controller.metrics.service.loadBalancerIP }}"
{{- end }}
{{- if .Values.controller.metrics.service.loadBalancerSourceRanges }}
loadBalancerSourceRanges:
{{ toYaml .Values.controller.metrics.service.loadBalancerSourceRanges | indent 4 }}
{{- end }}
ports:
- name: metrics
port: {{ .Values.controller.metrics.service.servicePort }}
targetPort: metrics
selector:
app: {{ template "nginx-ingress.name" . }}
component: "{{ .Values.controller.name }}"
release: {{ .Release.Name }}
type: "{{ .Values.controller.metrics.service.type }}"
{{- end }}

17
bitnami/nginx-ingress-controller/templates/controller-poddisruptionbudget.yaml Normal file
View File

@@ -0,0 +1,17 @@
apiVersion: policy/v1beta1
kind: PodDisruptionBudget
metadata:
labels:
app: {{ template "nginx-ingress.name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version }}
component: "{{ .Values.controller.name }}"
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
name: {{ template "nginx-ingress.controller.fullname" . }}
spec:
selector:
matchLabels:
app: {{ template "nginx-ingress.name" . }}
release: {{ .Release.Name }}
component: "{{ .Values.controller.name }}"
minAvailable: {{ .Values.controller.minAvailable }}

72
bitnami/nginx-ingress-controller/templates/controller-service.yaml Normal file
View File

@@ -0,0 +1,72 @@
apiVersion: v1
kind: Service
metadata:
{{- if .Values.controller.service.annotations }}
annotations:
{{ toYaml .Values.controller.service.annotations | indent 4 }}
{{- end }}
labels:
{{- if .Values.controller.service.labels }}
{{ toYaml .Values.controller.service.labels | indent 4 }}
{{- end }}
app: {{ template "nginx-ingress.name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version }}
component: "{{ .Values.controller.name }}"
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
name: {{ template "nginx-ingress.controller.fullname" . }}
spec:
clusterIP: "{{ .Values.controller.service.clusterIP }}"
{{- if .Values.controller.service.externalIPs }}
externalIPs:
{{ toYaml .Values.controller.service.externalIPs | indent 4 }}
{{- end }}
{{- if .Values.controller.service.loadBalancerIP }}
loadBalancerIP: "{{ .Values.controller.service.loadBalancerIP }}"
{{- end }}
{{- if .Values.controller.service.loadBalancerSourceRanges }}
loadBalancerSourceRanges:
{{ toYaml .Values.controller.service.loadBalancerSourceRanges | indent 4 }}
{{- end }}
{{- if and (semverCompare ">=1.7-0" .Capabilities.KubeVersion.GitVersion) (.Values.controller.service.externalTrafficPolicy) }}
externalTrafficPolicy: "{{ .Values.controller.service.externalTrafficPolicy }}"
{{- end }}
{{- if and (semverCompare ">=1.7-0" .Capabilities.KubeVersion.GitVersion) (.Values.controller.service.healthCheckNodePort) }}
healthCheckNodePort: {{ .Values.controller.service.healthCheckNodePort }}
{{- end }}
ports:
{{- if .Values.controller.service.enableHttp }}
- name: http
port: 80
protocol: TCP
targetPort: {{ .Values.controller.service.targetPorts.http }}
{{- if (and (eq .Values.controller.service.type "NodePort") (not (empty .Values.controller.service.nodePorts.http))) }}
nodePort: {{ .Values.controller.service.nodePorts.http }}
{{- end }}
{{- end }}
{{- if .Values.controller.service.enableHttps }}
- name: https
port: 443
protocol: TCP
targetPort: {{ .Values.controller.service.targetPorts.https }}
{{- if (and (eq .Values.controller.service.type "NodePort") (not (empty .Values.controller.service.nodePorts.https))) }}
nodePort: {{ .Values.controller.service.nodePorts.https }}
{{- end }}
{{- end }}
{{- range $key, $value := .Values.tcp }}
- name: "{{ $key }}-tcp"
port: {{ $key }}
protocol: TCP
targetPort: "{{ $key }}-tcp"
{{- end }}
{{- range $key, $value := .Values.udp }}
- name: "{{ $key }}-udp"
port: {{ $key }}
protocol: UDP
targetPort: "{{ $key }}-udp"
{{- end }}
selector:
app: {{ template "nginx-ingress.name" . }}
component: "{{ .Values.controller.name }}"
release: {{ .Release.Name }}
type: "{{ .Values.controller.service.type }}"

38
bitnami/nginx-ingress-controller/templates/controller-stats-service.yaml Normal file
View File

@@ -0,0 +1,38 @@
{{- if .Values.controller.stats.enabled }}
apiVersion: v1
kind: Service
metadata:
{{- if .Values.controller.stats.service.annotations }}
annotations:
{{ toYaml .Values.controller.stats.service.annotations | indent 4 }}
{{- end }}
labels:
app: {{ template "nginx-ingress.name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version }}
component: "{{ .Values.controller.name }}"
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
name: {{ template "nginx-ingress.controller.fullname" . }}-stats
spec:
clusterIP: "{{ .Values.controller.stats.service.clusterIP }}"
{{- if .Values.controller.stats.service.externalIPs }}
externalIPs:
{{ toYaml .Values.controller.stats.service.externalIPs | indent 4 }}
{{- end }}
{{- if .Values.controller.stats.service.loadBalancerIP }}
loadBalancerIP: "{{ .Values.controller.stats.service.loadBalancerIP }}"
{{- end }}
{{- if .Values.controller.stats.service.loadBalancerSourceRanges }}
loadBalancerSourceRanges:
{{ toYaml .Values.controller.stats.service.loadBalancerSourceRanges | indent 4 }}
{{- end }}
ports:
- name: stats
port: {{ .Values.controller.stats.service.servicePort }}
targetPort: stats
selector:
app: {{ template "nginx-ingress.name" . }}
component: "{{ .Values.controller.name }}"
release: {{ .Release.Name }}
type: "{{ .Values.controller.stats.service.type }}"
{{- end }}

74
bitnami/nginx-ingress-controller/templates/default-backend-deployment.yaml Normal file
View File

@@ -0,0 +1,74 @@
{{- if .Values.defaultBackend.enabled }}
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
labels:
app: {{ template "nginx-ingress.name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version }}
component: "{{ .Values.defaultBackend.name }}"
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
name: {{ template "nginx-ingress.defaultBackend.fullname" . }}
spec:
replicas: {{ .Values.defaultBackend.replicaCount }}
revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
template:
metadata:
{{- if .Values.defaultBackend.podAnnotations }}
annotations:
{{ toYaml .Values.defaultBackend.podAnnotations | indent 8 }}
{{- end }}
labels:
app: {{ template "nginx-ingress.name" . }}
component: "{{ .Values.defaultBackend.name }}"
release: {{ .Release.Name }}
{{- if .Values.defaultBackend.podLabels }}
{{ toYaml .Values.defaultBackend.podLabels | indent 8 }}
{{- end }}
spec:
{{- if .Values.imagePullSecrets }}
imagePullSecrets:
{{ toYaml .Values.imagePullSecrets | indent 8 }}
{{- end }}
{{- if .Values.defaultBackend.priorityClassName }}
priorityClassName: "{{ .Values.defaultBackend.priorityClassName }}"
{{- end }}
containers:
- name: {{ template "nginx-ingress.name" . }}-{{ .Values.defaultBackend.name }}
image: "{{ .Values.defaultBackend.image.repository }}:{{ .Values.defaultBackend.image.tag }}"
imagePullPolicy: "{{ .Values.defaultBackend.image.pullPolicy }}"
args:
{{- range $key, $value := .Values.defaultBackend.extraArgs }}
{{- if $value }}
- --{{ $key }}={{ $value }}
{{- else }}
- --{{ $key }}
{{- end }}
{{- end }}
livenessProbe:
httpGet:
path: /healthz
port: {{ .Values.defaultBackend.port }}
scheme: HTTP
initialDelaySeconds: 30
timeoutSeconds: 5
ports:
- name: http
containerPort: {{ .Values.defaultBackend.port }}
protocol: TCP
resources:
{{ toYaml .Values.defaultBackend.resources | indent 12 }}
{{- if .Values.defaultBackend.nodeSelector }}
nodeSelector:
{{ toYaml .Values.defaultBackend.nodeSelector | indent 8 }}
{{- end }}
{{- if .Values.defaultBackend.tolerations }}
tolerations:
{{ toYaml .Values.defaultBackend.tolerations | indent 8 }}
{{- end }}
{{- if .Values.defaultBackend.affinity }}
affinity:
{{ toYaml .Values.defaultBackend.affinity | indent 8 }}
{{- end }}
terminationGracePeriodSeconds: 60
{{- end }}

17
bitnami/nginx-ingress-controller/templates/default-backend-poddisruptionbudget.yaml Normal file
View File

@@ -0,0 +1,17 @@
apiVersion: policy/v1beta1
kind: PodDisruptionBudget
metadata:
labels:
app: {{ template "nginx-ingress.name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version }}
component: "{{ .Values.defaultBackend.name }}"
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
name: {{ template "nginx-ingress.defaultBackend.fullname" . }}
spec:
selector:
matchLabels:
app: {{ template "nginx-ingress.name" . }}
release: {{ .Release.Name }}
component: "{{ .Values.defaultBackend.name }}"
minAvailable: {{ .Values.defaultBackend.minAvailable }}

39
bitnami/nginx-ingress-controller/templates/default-backend-service.yaml Normal file
View File

@@ -0,0 +1,39 @@
{{- if .Values.defaultBackend.enabled }}
apiVersion: v1
kind: Service
metadata:
{{- if .Values.defaultBackend.service.annotations }}
annotations:
{{ toYaml .Values.defaultBackend.service.annotations | indent 4 }}
{{- end }}
labels:
app: {{ template "nginx-ingress.name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version }}
component: "{{ .Values.defaultBackend.name }}"
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
name: {{ template "nginx-ingress.defaultBackend.fullname" . }}
spec:
clusterIP: "{{ .Values.defaultBackend.service.clusterIP }}"
{{- if .Values.defaultBackend.service.externalIPs }}
externalIPs:
{{ toYaml .Values.defaultBackend.service.externalIPs | indent 4 }}
{{- end }}
{{- if .Values.defaultBackend.service.loadBalancerIP }}
loadBalancerIP: "{{ .Values.defaultBackend.service.loadBalancerIP }}"
{{- end }}
{{- if .Values.defaultBackend.service.loadBalancerSourceRanges }}
loadBalancerSourceRanges:
{{ toYaml .Values.defaultBackend.service.loadBalancerSourceRanges | indent 4 }}
{{- end }}
ports:
- name: http
port: {{ .Values.defaultBackend.service.servicePort }}
protocol: TCP
targetPort: http
selector:
app: {{ template "nginx-ingress.name" . }}
component: "{{ .Values.defaultBackend.name }}"
release: {{ .Release.Name }}
type: "{{ .Values.defaultBackend.service.type }}"
{{- end }}

14
bitnami/nginx-ingress-controller/templates/headers-configmap.yaml Normal file
View File

@@ -0,0 +1,14 @@
{{- if .Values.controller.headers }}
apiVersion: v1
kind: ConfigMap
metadata:
labels:
app: {{ template "nginx-ingress.name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version }}
component: "{{ .Values.controller.name }}"
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
name: {{ template "nginx-ingress.fullname" . }}-custom-headers
data:
{{ toYaml .Values.controller.headers | indent 2 }}
{{- end }}

47
bitnami/nginx-ingress-controller/templates/podsecuritypolicy.yaml Normal file
View File

@@ -0,0 +1,47 @@
{{- if .Values.podSecurityPolicy.enabled}}
apiVersion: extensions/v1beta1
kind: PodSecurityPolicy
metadata:
name: {{ template "nginx-ingress.fullname" . }}
labels:
app: {{ template "nginx-ingress.name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
spec:
allowedCapabilities:
- NET_BIND_SERVICE
privileged: false
allowPrivilegeEscalation: true
# Allow core volume types.
volumes:
- 'configMap'
#- 'emptyDir'
#- 'projected'
- 'secret'
#- 'downwardAPI'
hostNetwork: false
hostIPC: false
hostPID: false
runAsUser:
# Require the container to run without root privileges.
rule: 'MustRunAsNonRoot'
supplementalGroups:
rule: 'MustRunAs'
ranges:
# Forbid adding the root group.
- min: 1
max: 65535
fsGroup:
rule: 'MustRunAs'
ranges:
# Forbid adding the root group.
- min: 1
max: 65535
readOnlyRootFilesystem: false
seLinux:
rule: 'RunAsAny'
hostPorts:
- max: 65535
min: 1
{{- end }}

89
bitnami/nginx-ingress-controller/templates/role.yaml Normal file
View File

@@ -0,0 +1,89 @@
{{- if .Values.rbac.create -}}
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: Role
metadata:
labels:
app: {{ template "nginx-ingress.name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
name: {{ template "nginx-ingress.fullname" . }}
rules:
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- apiGroups:
- ""
resources:
- configmaps
- pods
- secrets
- endpoints
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- services
verbs:
- get
- list
- update
- watch
- apiGroups:
- extensions
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- extensions
resources:
- ingresses/status
verbs:
- update
- apiGroups:
- ""
resources:
- configmaps
resourceNames:
- {{ .Values.controller.electionID }}-{{ .Values.controller.ingressClass }}
verbs:
- get
- update
- apiGroups:
- ""
resources:
- configmaps
verbs:
- create
- apiGroups:
- ""
resources:
- endpoints
verbs:
- create
- get
- update
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
{{- if .Values.podSecurityPolicy.enabled }}
- apiGroups: ['extensions']
resources: ['podsecuritypolicies']
verbs: ['use']
resourceNames: [{{ template "nginx-ingress.fullname" . }}]
{{- end }}
{{- end -}}

19
bitnami/nginx-ingress-controller/templates/rolebinding.yaml Normal file
View File

@@ -0,0 +1,19 @@
{{- if .Values.rbac.create -}}
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
labels:
app: {{ template "nginx-ingress.name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
name: {{ template "nginx-ingress.fullname" . }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ template "nginx-ingress.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ template "nginx-ingress.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
{{- end -}}

11
bitnami/nginx-ingress-controller/templates/serviceaccount.yaml Normal file
View File

@@ -0,0 +1,11 @@
{{- if or .Values.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app: {{ template "nginx-ingress.name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
name: {{ template "nginx-ingress.serviceAccountName" . }}
{{- end -}}

14
bitnami/nginx-ingress-controller/templates/tcp-configmap.yaml Normal file
View File

@@ -0,0 +1,14 @@
{{- if .Values.tcp }}
apiVersion: v1
kind: ConfigMap
metadata:
labels:
app: {{ template "nginx-ingress.name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version }}
component: "{{ .Values.controller.name }}"
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
name: {{ template "nginx-ingress.fullname" . }}-tcp
data:
{{ toYaml .Values.tcp | indent 2 }}
{{- end }}

14
bitnami/nginx-ingress-controller/templates/udp-configmap.yaml Normal file
View File

@@ -0,0 +1,14 @@
{{- if .Values.udp }}
apiVersion: v1
kind: ConfigMap
metadata:
labels:
app: {{ template "nginx-ingress.name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version }}
component: "{{ .Values.controller.name }}"
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
name: {{ template "nginx-ingress.fullname" . }}-udp
data:
{{ toYaml .Values.udp | indent 2 }}
{{- end }}

383
bitnami/nginx-ingress-controller/values.yaml Normal file
View File

@@ -0,0 +1,383 @@
## Bitnami NGINX image version
## ref: https://hub.docker.com/r/bitnami/nginx/tags/
controller:
name: controller
image:
registry: docker.io
repository: bitnami/nginx-ingress-controller
tag: 0.18.0-debian-9
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
##
pullPolicy: IfNotPresent
config: {}
# Will add custom header to Nginx https://github.com/kubernetes/ingress-nginx/tree/master/docs/examples/customization/custom-headers
headers: {}
# Required for use with CNI based kubernetes installations (such as ones set up by kubeadm),
# since CNI and hostport don't mix yet. Can be deprecated once https://github.com/kubernetes/kubernetes/issues/23920
# is merged
hostNetwork: false
# Optionally change this to ClusterFirstWithHostNet in case you have 'hostNetwork: true'.
# By default, while using host network, name resolution uses the host's DNS. If you wish nginx-controller
# to keep resolving names inside the k8s network, use ClusterFirstWithHostNet.
dnsPolicy: ClusterFirst
## Use host ports 80 and 443
daemonset:
useHostPort: false
hostPorts:
http: 80
https: 443
## Required only if defaultBackend.enabled = false
## Must be <namespace>/<service_name>
##
defaultBackendService: ""
## Election ID to use for status update
##
electionID: ingress-controller-leader
## Name of the ingress class to route through this controller
##
ingressClass: nginx
# labels to add to the pod container metadata
podLabels: {}
# key: value
## Allows customization of the external service
## the ingress will be bound to via DNS
publishService:
enabled: false
## Allows overriding of the publish service to bind to
## Must be <namespace>/<service_name>
##
pathOverride: ""
## Limit the scope of the controller
##
scope:
enabled: false
namespace: "" # defaults to .Release.Namespace
## Additional command line arguments to pass to nginx-ingress-controller
## E.g. to specify the default SSL certificate you can use
## extraArgs:
## default-ssl-certificate: "<namespace>/<secret_name>"
extraArgs: {}
## Additional environment variables to set
extraEnvs: []
# extraEnvs:
# - name: FOO
# valueFrom:
# secretKeyRef:
# key: FOO
# name: secret-resource
## DaemonSet or Deployment
##
kind: Deployment
# The update strategy to apply to the Deployment or DaemonSet
##
updateStrategy: {}
# rollingUpdate:
# maxUnavailable: 1
# type: RollingUpdate
# minReadySeconds to avoid killing pods before we are ready
##
minReadySeconds: 0
## Node tolerations for server scheduling to nodes with taints
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
##
tolerations: []
# - key: "key"
# operator: "Equal|Exists"
# value: "value"
# effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)"
affinity: {}
## Node labels for controller pod assignment
## Ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: {}
## Liveness and readiness probe values
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
##
livenessProbe:
failureThreshold: 3
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
port: 10254
readinessProbe:
failureThreshold: 3
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
port: 10254
## Annotations to be added to controller pods
##
podAnnotations: {}
replicaCount: 1
minAvailable: 1
resources: {}
# limits:
# cpu: 100m
# memory: 64Mi
# requests:
# cpu: 100m
# memory: 64Mi
autoscaling:
enabled: false
# minReplicas: 1
# maxReplicas: 11
# targetCPUUtilizationPercentage: 50
# targetMemoryUtilizationPercentage: 50
## Override NGINX template
customTemplate:
configMapName: ""
configMapKey: ""
service:
annotations: {}
labels: {}
clusterIP: ""
## List of IP addresses at which the controller services are available
## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips
##
externalIPs: []
loadBalancerIP: ""
loadBalancerSourceRanges: []
enableHttp: true
enableHttps: true
## Set external traffic policy to: "Local" to preserve source IP on
## providers supporting it
## Ref: https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-typeloadbalancer
externalTrafficPolicy: ""
healthCheckNodePort: 0
targetPorts:
http: http
https: https
type: LoadBalancer
# type: NodePort
# nodePorts:
# http: 32080
# https: 32443
nodePorts:
http: ""
https: ""
extraContainers: []
## Additional containers to be added to the controller pod.
## See https://github.com/lemonldap-ng-controller/lemonldap-ng-controller as example.
# - name: my-sidecar
# image: nginx:latest
# - name: lemonldap-ng-controller
# image: lemonldapng/lemonldap-ng-controller:0.2.0
# args:
# - /lemonldap-ng-controller
# - --alsologtostderr
# - --configmap=$(POD_NAMESPACE)/lemonldap-ng-configuration
# env:
# - name: POD_NAME
# valueFrom:
# fieldRef:
# fieldPath: metadata.name
# - name: POD_NAMESPACE
# valueFrom:
# fieldRef:
# fieldPath: metadata.namespace
# volumeMounts:
# - name: copy-portal-skins
# mountPath: /srv/var/lib/lemonldap-ng/portal/skins
extraVolumeMounts: []
## Additional volumeMounts to the controller main container.
# - name: copy-portal-skins
# mountPath: /var/lib/lemonldap-ng/portal/skins
extraVolumes: []
## Additional volumes to the controller pod.
# - name: copy-portal-skins
# emptyDir: {}
extraInitContainers: []
## Containers, which are run before the app containers are started.
# - name: init-myservice
# image: busybox
# command: ['sh', '-c', 'until nslookup myservice; do echo waiting for myservice; sleep 2; done;']
stats:
enabled: false
service:
annotations: {}
clusterIP: ""
## List of IP addresses at which the stats service is available
## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips
##
externalIPs: []
loadBalancerIP: ""
loadBalancerSourceRanges: []
servicePort: 18080
type: ClusterIP
## If controller.stats.enabled = true and controller.metrics.enabled = true, Prometheus metrics will be exported
##
metrics:
enabled: false
service:
annotations: {}
# prometheus.io/scrape: "true"
# prometheus.io/port: "10254"
clusterIP: ""
## List of IP addresses at which the stats-exporter service is available
## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips
##
externalIPs: []
loadBalancerIP: ""
loadBalancerSourceRanges: []
servicePort: 9913
type: ClusterIP
lifecycle: {}
priorityClassName: ""
## Rollback limit
##
revisionHistoryLimit: 10
## Default 404 backend
##
defaultBackend:
## If false, controller.defaultBackendService must be provided
##
enabled: true
name: default-backend
image:
repository: k8s.gcr.io/defaultbackend
tag: "1.4"
pullPolicy: IfNotPresent
extraArgs: {}
port: 8080
## Node tolerations for server scheduling to nodes with taints
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
##
tolerations: []
# - key: "key"
# operator: "Equal|Exists"
# value: "value"
# effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)"
affinity: {}
# labels to add to the pod container metadata
podLabels: {}
# key: value
## Node labels for default backend pod assignment
## Ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: {}
## Annotations to be added to default backend pods
##
podAnnotations: {}
replicaCount: 1
minAvailable: 1
resources: {}
# limits:
# cpu: 10m
# memory: 20Mi
# requests:
# cpu: 10m
# memory: 20Mi
service:
annotations: {}
clusterIP: ""
## List of IP addresses at which the default backend service is available
## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips
##
externalIPs: []
loadBalancerIP: ""
loadBalancerSourceRanges: []
servicePort: 80
type: ClusterIP
priorityClassName: ""
## Enable RBAC as per https://github.com/kubernetes/ingress/tree/master/examples/rbac/nginx and https://github.com/kubernetes/ingress/issues/266
rbac:
create: true
# If true, create & use Pod Security Policy resources
# https://kubernetes.io/docs/concepts/policy/pod-security-policy/
podSecurityPolicy:
enabled: false
serviceAccount:
create: true
name:
## Optional array of imagePullSecrets containing private registry credentials
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
imagePullSecrets: []
# - name: secretName
# TCP service key:value pairs
# Ref: https://github.com/kubernetes/contrib/tree/master/ingress/controllers/nginx/examples/tcp
##
tcp: {}
# 8080: "default/example-tcp-svc:9000"
# UDP service key:value pairs
# Ref: https://github.com/kubernetes/contrib/tree/master/ingress/controllers/nginx/examples/udp
##
udp: {}
# 53: "kube-system/kube-dns:53"