diff --git a/charts/nginx-ingress/templates/_helpers.tpl b/charts/nginx-ingress/templates/_helpers.tpl index 77633c6b96..4897fa14de 100644 --- a/charts/nginx-ingress/templates/_helpers.tpl +++ b/charts/nginx-ingress/templates/_helpers.tpl @@ -391,14 +391,17 @@ List of volumes for controller. {{- if eq (include "nginx-ingress.readOnlyRootFilesystem" .) "true" }} - name: nginx-etc emptyDir: {} -- name: nginx-cache - emptyDir: {} - name: nginx-lib emptyDir: {} - name: nginx-state emptyDir: {} - name: nginx-log emptyDir: {} +{{- /* For StatefulSet, nginx-cache volume is always provided via volumeClaimTemplates */ -}} +{{- if ne .Values.controller.kind "statefulset" }} +- name: nginx-cache + emptyDir: {} +{{- end }} {{- end }} {{- if .Values.controller.appprotect.v5 }} {{ toYaml .Values.controller.appprotect.volumes }} @@ -458,6 +461,9 @@ volumeMounts: name: nginx-state - mountPath: /var/log/nginx name: nginx-log +{{- else if eq .Values.controller.kind "statefulset" }} +- mountPath: /var/cache/nginx + name: nginx-cache {{- end }} {{- if .Values.controller.appprotect.v5 }} - name: app-protect-bd-config diff --git a/charts/nginx-ingress/templates/clusterrole.yaml b/charts/nginx-ingress/templates/clusterrole.yaml index 7c3a5c89f3..06afc4739a 100644 --- a/charts/nginx-ingress/templates/clusterrole.yaml +++ b/charts/nginx-ingress/templates/clusterrole.yaml @@ -71,6 +71,7 @@ rules: resources: - replicasets - daemonsets + - statefulsets verbs: - get - apiGroups: diff --git a/charts/nginx-ingress/templates/controller-statefulset.yaml b/charts/nginx-ingress/templates/controller-statefulset.yaml new file mode 100644 index 0000000000..56db9e8fa7 --- /dev/null +++ b/charts/nginx-ingress/templates/controller-statefulset.yaml @@ -0,0 +1,240 @@ +{{- if eq .Values.controller.kind "statefulset" }} +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ include "nginx-ingress.controller.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "nginx-ingress.labels" . | nindent 4 }} +{{- if .Values.controller.annotations }} + annotations: {{ toYaml .Values.controller.annotations | nindent 4 }} +{{- end }} +spec: + {{- if not .Values.controller.autoscaling.enabled }} + replicas: {{ .Values.controller.replicaCount }} + {{- end }} + serviceName: {{ include "nginx-ingress.controller.service.name" . }} + selector: + matchLabels: + {{- include "nginx-ingress.selectorLabels" . | nindent 6 }} + template: + metadata: + labels: + {{- include "nginx-ingress.podLabels" . | nindent 8 }} +{{- if or .Values.prometheus.create .Values.controller.pod.annotations }} + annotations: +{{- if .Values.prometheus.create }} + prometheus.io/scrape: "true" + prometheus.io/port: "{{ .Values.prometheus.port }}" + prometheus.io/scheme: "{{ .Values.prometheus.scheme }}" +{{- end }} +{{- if .Values.controller.pod.annotations }} +{{ toYaml .Values.controller.pod.annotations | indent 8 }} +{{- end }} +{{- end }} + spec: +{{- if .Values.controller.nodeSelector }} + nodeSelector: +{{ toYaml .Values.controller.nodeSelector | indent 8 }} +{{- end }} +{{- if .Values.controller.tolerations }} + tolerations: +{{ toYaml .Values.controller.tolerations | indent 6 }} +{{- end }} +{{- if .Values.controller.affinity }} + affinity: +{{ toYaml .Values.controller.affinity | indent 8 }} +{{- end }} +{{- if .Values.controller.topologySpreadConstraints }} + topologySpreadConstraints: +{{ toYaml .Values.controller.topologySpreadConstraints | indent 8 }} +{{- end }} +{{- include "nginx-ingress.volumes" . | indent 6 }} +{{- if .Values.controller.priorityClassName }} + priorityClassName: {{ .Values.controller.priorityClassName }} +{{- end }} + serviceAccountName: {{ include "nginx-ingress.serviceAccountName" . }} + automountServiceAccountToken: true + securityContext: +{{ toYaml .Values.controller.podSecurityContext | indent 8 }} + terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }} + hostNetwork: {{ .Values.controller.hostNetwork }} + dnsPolicy: {{ .Values.controller.dnsPolicy }} + {{- if .Values.controller.shareProcessNamespace }} + shareProcessNamespace: true + {{- end }} + containers: + - image: {{ include "nginx-ingress.image" . }} + name: {{ include "nginx-ingress.name" . }} + imagePullPolicy: "{{ .Values.controller.image.pullPolicy }}" +{{- if .Values.controller.lifecycle }} + lifecycle: +{{ toYaml .Values.controller.lifecycle | indent 10 }} +{{- end }} + ports: +{{- range $key, $value := .Values.controller.containerPort }} + - name: {{ $key }} + containerPort: {{ $value }} + protocol: TCP + {{- if and $.Values.controller.hostPort.enable (index $.Values.controller.hostPort $key) }} + hostPort: {{ index $.Values.controller.hostPort $key }} + {{- end }} +{{- end }} +{{- if .Values.controller.customPorts }} +{{ toYaml .Values.controller.customPorts | indent 8 }} +{{- end }} +{{- if .Values.prometheus.create }} + - name: prometheus + containerPort: {{ .Values.prometheus.port }} +{{- end }} +{{- if .Values.serviceInsight.create }} + - name: service-insight + containerPort: {{ .Values.serviceInsight.port }} +{{- end }} +{{- if .Values.controller.readyStatus.enable }} + - name: readiness-port + containerPort: {{ .Values.controller.readyStatus.port }} +{{- end }} +{{- if .Values.controller.startupStatus.enable }} + - name: startup-port + containerPort: {{ .Values.controller.startupStatus.port }} +{{- end }} +{{- if .Values.controller.readyStatus.enable }} + readinessProbe: + httpGet: + path: /nginx-ready + port: readiness-port + periodSeconds: 1 + initialDelaySeconds: {{ .Values.controller.readyStatus.initialDelaySeconds }} +{{- end }} +{{- if .Values.controller.startupStatus.enable }} + startupProbe: + httpGet: + path: {{ .Values.controller.startupStatus.path }} + port: startup-port + initialDelaySeconds: {{ .Values.controller.startupStatus.initialDelaySeconds }} + periodSeconds: {{ .Values.controller.startupStatus.periodSeconds }} + timeoutSeconds: {{ .Values.controller.startupStatus.timeoutSeconds }} + successThreshold: {{ .Values.controller.startupStatus.successThreshold }} + failureThreshold: {{ .Values.controller.startupStatus.failureThreshold }} +{{- end }} + resources: +{{ toYaml .Values.controller.resources | indent 10 }} +{{- if .Values.controller.securityContext }} + securityContext: +{{ toYaml .Values.controller.securityContext | indent 10 }} +{{- else }} + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: {{ .Values.controller.readOnlyRootFilesystem }} + runAsUser: 101 #nginx + runAsNonRoot: true + capabilities: + drop: + - ALL + add: + - NET_BIND_SERVICE +{{- end }} +{{- include "nginx-ingress.volumeMounts" . | indent 8 }} + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name +{{- if .Values.controller.env }} +{{ toYaml .Values.controller.env | indent 8 }} +{{- end }} +{{- if .Values.nginxServiceMesh.enable }} + - name: POD_SERVICEACCOUNT + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName +{{- end }} +{{- if hasKey .Values.controller.mgmt "usageReport" -}} +{{- if hasKey .Values.controller.mgmt.usageReport "proxyCredentialsSecretName" }} +{{- if not (hasKey .Values.controller.mgmt.usageReport "proxyHost") -}} +{{- fail "Error: 'controller.mgmt.usageReport.proxyHost' must be set when using 'controller.mgmt.usageReport.proxyCredentialsSecretName'." }} +{{- end }} + - name: PROXY_USER + valueFrom: + secretKeyRef: + name: {{ .Values.controller.mgmt.usageReport.proxyCredentialsSecretName }} + key: username + - name: PROXY_PASS + valueFrom: + secretKeyRef: + name: {{ .Values.controller.mgmt.usageReport.proxyCredentialsSecretName }} + key: password +{{- end }} +{{- end }} + args: +{{- include "nginx-ingress.args" . | nindent 10 }} +{{- if .Values.controller.extraContainers }} + {{ toYaml .Values.controller.extraContainers | nindent 6 }} +{{- end }} + +{{- include "nginx-ingress.appprotect.v5" . | nindent 6 }} + +{{- if or ( eq (include "nginx-ingress.readOnlyRootFilesystem" .) "true" ) .Values.controller.initContainers }} + initContainers: +{{- end }} +{{- if eq (include "nginx-ingress.readOnlyRootFilesystem" .) "true" }} + - name: init-{{ include "nginx-ingress.name" . }} + image: {{ include "nginx-ingress.image" . }} + imagePullPolicy: "{{ .Values.controller.image.pullPolicy }}" + command: ['cp', '-vdR', '/etc/nginx/.', '/mnt/etc'] +{{- if .Values.controller.initContainerResources }} + resources: +{{ toYaml .Values.controller.initContainerResources | indent 10 }} +{{- end }} +{{- if .Values.controller.initContainerSecurityContext }} + securityContext: +{{ toYaml .Values.controller.initContainerSecurityContext | indent 10 }} +{{- else }} + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsUser: 101 #nginx + runAsNonRoot: true + capabilities: + drop: + - ALL +{{- end }} + volumeMounts: + - mountPath: /mnt/etc + name: nginx-etc +{{- end }} +{{- if .Values.controller.initContainers }} +{{ toYaml .Values.controller.initContainers | indent 6 }} +{{- end }} +{{- if .Values.controller.strategy }} + updateStrategy: +{{ toYaml .Values.controller.strategy | indent 4 }} +{{- end }} +{{- if .Values.controller.minReadySeconds }} + minReadySeconds: {{ .Values.controller.minReadySeconds }} +{{- end }} +{{- if .Values.controller.statefulset.podManagementPolicy }} + podManagementPolicy: {{ .Values.controller.statefulset.podManagementPolicy }} +{{- end }} +{{- if .Values.controller.statefulset.persistentVolumeClaimRetentionPolicy }} + persistentVolumeClaimRetentionPolicy: +{{ toYaml .Values.controller.statefulset.persistentVolumeClaimRetentionPolicy | indent 4 }} +{{- end }} + volumeClaimTemplates: + - metadata: + name: nginx-cache + spec: + accessModes: +{{ toYaml .Values.controller.statefulset.nginxCachePVC.accessModes | indent 8 }} +{{- if .Values.controller.statefulset.nginxCachePVC.storageClass }} + storageClassName: {{ .Values.controller.statefulset.nginxCachePVC.storageClass | quote }} +{{- end }} + resources: + requests: + storage: {{ .Values.controller.statefulset.nginxCachePVC.size | quote }} +{{- end }} diff --git a/charts/nginx-ingress/values.schema.json b/charts/nginx-ingress/values.schema.json index 1745199c36..4767ca0f8f 100644 --- a/charts/nginx-ingress/values.schema.json +++ b/charts/nginx-ingress/values.schema.json @@ -35,11 +35,13 @@ "title": "The kind of the Ingress Controller", "enum": [ "deployment", - "daemonset" + "daemonset", + "statefulset" ], "examples": [ "deployment", - "daemonset" + "daemonset", + "statefulset" ] }, "selectorLabels": { @@ -994,6 +996,55 @@ } ] }, + "statefulset": { + "type": "object", + "default": {}, + "title": "The StatefulSet configuration Schema", + "properties": { + "podManagementPolicy": { + "type": "string", + "default": "OrderedReady", + "title": "The pod management policy", + "enum": [ + "OrderedReady", + "Parallel" + ] + }, + "persistentVolumeClaimRetentionPolicy": { + "type": "object", + "default": {}, + "title": "The persistentVolumeClaimRetentionPolicy Schema", + "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.33.1/_definitions.json#/definitions/io.k8s.api.apps.v1.StatefulSetPersistentVolumeClaimRetentionPolicy" + }, + "nginxCachePVC": { + "type": "object", + "default": {}, + "title": "The nginxCachePVC Schema", + "properties": { + "size": { + "type": "string", + "default": "256Mi", + "title": "The size Schema", + "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.33.1/_definitions.json#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity" + }, + "storageClass": { + "type": "string", + "title": "The storageClass Schema", + "default": "", + "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.33.1/_definitions.json#/definitions/io.k8s.api.core.v1.PersistentVolumeClaimSpec/properties/storageClassName" + }, + "accessModes": { + "type": "array", + "default": [ + "ReadWriteOnce" + ], + "title": "The accessModes Schema", + "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.33.1/_definitions.json#/definitions/io.k8s.api.core.v1.PersistentVolumeClaimSpec/properties/accessModes" + } + } + } + } + }, "extraContainers": { "type": "array", "default": [], diff --git a/charts/nginx-ingress/values.yaml b/charts/nginx-ingress/values.yaml index e248c3bbac..abacb17cc1 100644 --- a/charts/nginx-ingress/values.yaml +++ b/charts/nginx-ingress/values.yaml @@ -1,8 +1,8 @@ controller: - ## The name of the Ingress Controller daemonset or deployment. + ## The name of the Ingress Controller daemonset, deployment, or statefulset. name: controller - ## The kind of the Ingress Controller installation - deployment or daemonset. + ## The kind of the Ingress Controller installation - deployment, daemonset, or statefulset. kind: deployment ## The selectorLabels used to override the default values. @@ -344,6 +344,30 @@ controller: ## Strategy used to replace old Pods by new ones. .spec.strategy.type can be "Recreate" or "RollingUpdate" for Deployments, and "OnDelete" or "RollingUpdate" for Daemonsets. "RollingUpdate" is the default value. strategy: {} + ## StatefulSet-specific configuration (only used when kind is "statefulset") + statefulset: + ## Pod management policy for StatefulSet. Can be "OrderedReady" or "Parallel". + ## OrderedReady will start pods one at a time in order, Parallel will start all pods at once. + podManagementPolicy: "OrderedReady" + + ## PersistentVolumeClaim retention policy for StatefulSet + ## Determines when to delete PVCs when the StatefulSet is deleted or scaled down + persistentVolumeClaimRetentionPolicy: + ## When to delete PVCs when the StatefulSet is deleted. Can be "Retain" or "Delete". + whenDeleted: "Retain" + ## When to delete PVCs when the StatefulSet is scaled down. Can be "Retain" or "Delete". + whenScaled: "Retain" + + ## Configuration for StatefulSet nginx-cache PVC + nginxCachePVC: + ## Storage size for the nginx-cache volume + size: "256Mi" + ## Storage class for the nginx-cache volume. If empty, uses the cluster default. + storageClass: "" + ## Access modes for the nginx-cache volume + accessModes: + - "ReadWriteOnce" + ## Extra containers for the Ingress Controller pods. extraContainers: [] # - name: container diff --git a/charts/tests/__snapshots__/helmunit_test.snap b/charts/tests/__snapshots__/helmunit_test.snap index 48cde77118..8ec726f885 100755 --- a/charts/tests/__snapshots__/helmunit_test.snap +++ b/charts/tests/__snapshots__/helmunit_test.snap @@ -135,6 +135,7 @@ rules: resources: - replicasets - daemonsets + - statefulsets verbs: - get - apiGroups: @@ -607,6 +608,7 @@ rules: resources: - replicasets - daemonsets + - statefulsets verbs: - get - apiGroups: @@ -1119,6 +1121,7 @@ rules: resources: - replicasets - daemonsets + - statefulsets verbs: - get - apiGroups: @@ -1611,6 +1614,7 @@ rules: resources: - replicasets - daemonsets + - statefulsets verbs: - get - apiGroups: @@ -2170,6 +2174,7 @@ rules: resources: - replicasets - daemonsets + - statefulsets verbs: - get - apiGroups: @@ -2691,6 +2696,7 @@ rules: resources: - replicasets - daemonsets + - statefulsets verbs: - get - apiGroups: @@ -3107,6 +3113,7 @@ rules: resources: - replicasets - daemonsets + - statefulsets verbs: - get - apiGroups: @@ -3430,18 +3437,18 @@ metadata: app.kubernetes.io/managed-by: Helm --- -[TestHelmNICTemplate/default_values_file - 1] +[TestHelmNICTemplate/daemonset-readonly - 1] /-/-/-/ # Source: nginx-ingress/templates/controller-serviceaccount.yaml apiVersion: v1 kind: ServiceAccount metadata: - name: default-nginx-ingress + name: daemonset-readonly-nginx-ingress namespace: default labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: default + app.kubernetes.io/instance: daemonset-readonly app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm /-/-/-/ @@ -3449,12 +3456,12 @@ metadata: apiVersion: v1 kind: ConfigMap metadata: - name: default-nginx-ingress + name: daemonset-readonly-nginx-ingress namespace: default labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: default + app.kubernetes.io/instance: daemonset-readonly app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm data: @@ -3464,12 +3471,12 @@ data: apiVersion: v1 kind: ConfigMap metadata: - name: default-nginx-ingress-leader-election + name: daemonset-readonly-nginx-ingress-leader-election namespace: default labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: default + app.kubernetes.io/instance: daemonset-readonly app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm /-/-/-/ @@ -3477,11 +3484,11 @@ metadata: kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: default-nginx-ingress + name: daemonset-readonly-nginx-ingress labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: default + app.kubernetes.io/instance: daemonset-readonly app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm rules: @@ -3550,6 +3557,7 @@ rules: resources: - replicasets - daemonsets + - statefulsets verbs: - get - apiGroups: @@ -3591,31 +3599,31 @@ rules: kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: default-nginx-ingress + name: daemonset-readonly-nginx-ingress labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: default + app.kubernetes.io/instance: daemonset-readonly app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm subjects: - kind: ServiceAccount - name: default-nginx-ingress + name: daemonset-readonly-nginx-ingress namespace: default roleRef: kind: ClusterRole - name: default-nginx-ingress + name: daemonset-readonly-nginx-ingress apiGroup: rbac.authorization.k8s.io /-/-/-/ # Source: nginx-ingress/templates/controller-role.yaml kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: default-nginx-ingress + name: daemonset-readonly-nginx-ingress labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: default + app.kubernetes.io/instance: daemonset-readonly app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm namespace: default @@ -3656,7 +3664,7 @@ rules: resources: - leases resourceNames: - - default-nginx-ingress-leader-election + - daemonset-readonly-nginx-ingress-leader-election verbs: - get - update @@ -3671,33 +3679,33 @@ rules: kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: default-nginx-ingress + name: daemonset-readonly-nginx-ingress labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: default + app.kubernetes.io/instance: daemonset-readonly app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm namespace: default roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: default-nginx-ingress + name: daemonset-readonly-nginx-ingress subjects: - kind: ServiceAccount - name: default-nginx-ingress + name: daemonset-readonly-nginx-ingress namespace: default /-/-/-/ # Source: nginx-ingress/templates/controller-service.yaml apiVersion: v1 kind: Service metadata: - name: default-nginx-ingress-controller + name: daemonset-readonly-nginx-ingress-controller namespace: default labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: default + app.kubernetes.io/instance: daemonset-readonly app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm spec: @@ -3716,48 +3724,58 @@ spec: nodePort: selector: app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: default + app.kubernetes.io/instance: daemonset-readonly /-/-/-/ -# Source: nginx-ingress/templates/controller-deployment.yaml +# Source: nginx-ingress/templates/controller-daemonset.yaml apiVersion: apps/v1 -kind: Deployment +kind: DaemonSet metadata: - name: default-nginx-ingress-controller + name: daemonset-readonly-nginx-ingress-controller namespace: default labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: default + app.kubernetes.io/instance: daemonset-readonly app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm spec: - replicas: 1 selector: matchLabels: app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: default + app.kubernetes.io/instance: daemonset-readonly template: metadata: labels: app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: default + app.kubernetes.io/instance: daemonset-readonly annotations: prometheus.io/scrape: "true" prometheus.io/port: "9113" prometheus.io/scheme: "http" - spec: - volumes: [] - serviceAccountName: default-nginx-ingress + spec: + serviceAccountName: daemonset-readonly-nginx-ingress automountServiceAccountToken: true securityContext: seccompProfile: type: RuntimeDefault - terminationGracePeriodSeconds: 30 + terminationGracePeriodSeconds: 30 + volumes: + + - name: nginx-etc + emptyDir: {} + - name: nginx-lib + emptyDir: {} + - name: nginx-state + emptyDir: {} + - name: nginx-log + emptyDir: {} + - name: nginx-cache + emptyDir: {} hostNetwork: false dnsPolicy: ClusterFirst containers: - - image: nginx/nginx-ingress:5.2.0 - name: nginx-ingress + - name: nginx-ingress + image: nginx/nginx-ingress:5.2.0 imagePullPolicy: "IfNotPresent" ports: - name: http @@ -3766,6 +3784,7 @@ spec: - name: https containerPort: 443 protocol: TCP + - name: prometheus containerPort: 9113 - name: readiness-port @@ -3776,21 +3795,28 @@ spec: port: readiness-port periodSeconds: 1 initialDelaySeconds: 0 - resources: - requests: - cpu: 100m - memory: 128Mi securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: false - runAsUser: 101 #nginx - runAsNonRoot: true + allowPrivilegeEscalation: true capabilities: + add: + - NET_BIND_SERVICE drop: - ALL - add: - - NET_BIND_SERVICE - volumeMounts: [] + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 101 + volumeMounts: + + - mountPath: /etc/nginx + name: nginx-etc + - mountPath: /var/cache/nginx + name: nginx-cache + - mountPath: /var/lib/nginx + name: nginx-lib + - mountPath: /var/lib/nginx/state + name: nginx-state + - mountPath: /var/log/nginx + name: nginx-log env: - name: POD_NAMESPACE valueFrom: @@ -3800,13 +3826,17 @@ spec: valueFrom: fieldRef: fieldPath: metadata.name + resources: + requests: + cpu: 100m + memory: 128Mi args: - -nginx-plus=false - -nginx-reload-timeout=60000 - -enable-app-protect=false - -enable-app-protect-dos=false - - -nginx-configmaps=$(POD_NAMESPACE)/default-nginx-ingress + - -nginx-configmaps=$(POD_NAMESPACE)/daemonset-readonly-nginx-ingress - -ingress-class=nginx - -health-status=false - -health-status-uri=/nginx-health @@ -3817,9 +3847,9 @@ spec: - -nginx-status-port=8080 - -nginx-status-allow-cidrs=127.0.0.1 - -report-ingress-status - - -external-service=default-nginx-ingress-controller + - -external-service=daemonset-readonly-nginx-ingress-controller - -enable-leader-election=true - - -leader-election-lock-name=default-nginx-ingress-leader-election + - -leader-election-lock-name=daemonset-readonly-nginx-ingress-leader-election - -enable-prometheus-metrics=true - -prometheus-metrics-listen-port=9113 - -prometheus-tls-secret= @@ -3841,6 +3871,27 @@ spec: - -ssl-dynamic-reload=true - -enable-telemetry-reporting=true - -weight-changes-dynamic-reload=false + + initContainers: + - name: init-nginx-ingress + image: nginx/nginx-ingress:5.2.0 + imagePullPolicy: "IfNotPresent" + command: ['cp', '-vdR', '/etc/nginx/.', '/mnt/etc'] + resources: + requests: + cpu: 100m + memory: 128Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsUser: 101 #nginx + runAsNonRoot: true + capabilities: + drop: + - ALL + volumeMounts: + - mountPath: /mnt/etc + name: nginx-etc /-/-/-/ # Source: nginx-ingress/templates/controller-ingress-class.yaml apiVersion: networking.k8s.io/v1 @@ -3850,7 +3901,7 @@ metadata: labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: default + app.kubernetes.io/instance: daemonset-readonly app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm spec: @@ -3863,28 +3914,28 @@ spec: apiVersion: coordination.k8s.io/v1 kind: Lease metadata: - name: default-nginx-ingress-leader-election + name: daemonset-readonly-nginx-ingress-leader-election namespace: default labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: default + app.kubernetes.io/instance: daemonset-readonly app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm --- -[TestHelmNICTemplate/globalConfig - 1] +[TestHelmNICTemplate/default_values_file - 1] /-/-/-/ # Source: nginx-ingress/templates/controller-serviceaccount.yaml apiVersion: v1 kind: ServiceAccount metadata: - name: global-configuration-nginx-ingress - namespace: gc + name: default-nginx-ingress + namespace: default labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: global-configuration + app.kubernetes.io/instance: default app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm /-/-/-/ @@ -3892,12 +3943,12 @@ metadata: apiVersion: v1 kind: ConfigMap metadata: - name: global-configuration-nginx-ingress - namespace: gc + name: default-nginx-ingress + namespace: default labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: global-configuration + app.kubernetes.io/instance: default app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm data: @@ -3907,12 +3958,12 @@ data: apiVersion: v1 kind: ConfigMap metadata: - name: global-configuration-nginx-ingress-leader-election - namespace: gc + name: default-nginx-ingress-leader-election + namespace: default labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: global-configuration + app.kubernetes.io/instance: default app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm /-/-/-/ @@ -3920,11 +3971,11 @@ metadata: kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: global-configuration-nginx-ingress + name: default-nginx-ingress labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: global-configuration + app.kubernetes.io/instance: default app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm rules: @@ -3993,6 +4044,7 @@ rules: resources: - replicasets - daemonsets + - statefulsets verbs: - get - apiGroups: @@ -4034,34 +4086,34 @@ rules: kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: global-configuration-nginx-ingress + name: default-nginx-ingress labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: global-configuration + app.kubernetes.io/instance: default app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm subjects: - kind: ServiceAccount - name: global-configuration-nginx-ingress - namespace: gc + name: default-nginx-ingress + namespace: default roleRef: kind: ClusterRole - name: global-configuration-nginx-ingress + name: default-nginx-ingress apiGroup: rbac.authorization.k8s.io /-/-/-/ # Source: nginx-ingress/templates/controller-role.yaml kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: global-configuration-nginx-ingress + name: default-nginx-ingress labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: global-configuration + app.kubernetes.io/instance: default app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm - namespace: gc + namespace: default rules: - apiGroups: - "" @@ -4099,7 +4151,7 @@ rules: resources: - leases resourceNames: - - global-configuration-nginx-ingress-leader-election + - default-nginx-ingress-leader-election verbs: - get - update @@ -4114,33 +4166,33 @@ rules: kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: global-configuration-nginx-ingress + name: default-nginx-ingress labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: global-configuration + app.kubernetes.io/instance: default app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm - namespace: gc + namespace: default roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: global-configuration-nginx-ingress + name: default-nginx-ingress subjects: - kind: ServiceAccount - name: global-configuration-nginx-ingress - namespace: gc + name: default-nginx-ingress + namespace: default /-/-/-/ # Source: nginx-ingress/templates/controller-service.yaml apiVersion: v1 kind: Service metadata: - name: global-configuration-nginx-ingress-controller - namespace: gc + name: default-nginx-ingress-controller + namespace: default labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: global-configuration + app.kubernetes.io/instance: default app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm spec: @@ -4159,18 +4211,18 @@ spec: nodePort: selector: app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: global-configuration + app.kubernetes.io/instance: default /-/-/-/ # Source: nginx-ingress/templates/controller-deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: - name: global-configuration-nginx-ingress-controller - namespace: gc + name: default-nginx-ingress-controller + namespace: default labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: global-configuration + app.kubernetes.io/instance: default app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm spec: @@ -4178,19 +4230,19 @@ spec: selector: matchLabels: app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: global-configuration + app.kubernetes.io/instance: default template: metadata: labels: app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: global-configuration + app.kubernetes.io/instance: default annotations: prometheus.io/scrape: "true" prometheus.io/port: "9113" prometheus.io/scheme: "http" spec: volumes: [] - serviceAccountName: global-configuration-nginx-ingress + serviceAccountName: default-nginx-ingress automountServiceAccountToken: true securityContext: seccompProfile: @@ -4249,7 +4301,7 @@ spec: - -nginx-reload-timeout=60000 - -enable-app-protect=false - -enable-app-protect-dos=false - - -nginx-configmaps=$(POD_NAMESPACE)/global-configuration-nginx-ingress + - -nginx-configmaps=$(POD_NAMESPACE)/default-nginx-ingress - -ingress-class=nginx - -health-status=false - -health-status-uri=/nginx-health @@ -4260,9 +4312,9 @@ spec: - -nginx-status-port=8080 - -nginx-status-allow-cidrs=127.0.0.1 - -report-ingress-status - - -external-service=global-configuration-nginx-ingress-controller + - -external-service=default-nginx-ingress-controller - -enable-leader-election=true - - -leader-election-lock-name=global-configuration-nginx-ingress-leader-election + - -leader-election-lock-name=default-nginx-ingress-leader-election - -enable-prometheus-metrics=true - -prometheus-metrics-listen-port=9113 - -prometheus-tls-secret= @@ -4278,7 +4330,6 @@ spec: - -enable-external-dns=false - -default-http-listener-port=80 - -default-https-listener-port=443 - - -global-configuration=$(POD_NAMESPACE)/global-configuration-nginx-ingress-controller - -ready-status=true - -ready-status-port=8081 - -enable-latency-metrics=false @@ -4294,7 +4345,7 @@ metadata: labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: global-configuration + app.kubernetes.io/instance: default app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm spec: @@ -4303,53 +4354,32 @@ spec: # Source: nginx-ingress/templates/controller-configmap.yaml /-/-/-/ /-/-/-/ -# Source: nginx-ingress/templates/controller-globalconfiguration.yaml -apiVersion: k8s.nginx.org/v1 -kind: GlobalConfiguration -metadata: - name: global-configuration-nginx-ingress-controller - namespace: gc - labels: - helm.sh/chart: nginx-ingress-2.3.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: global-configuration - app.kubernetes.io/version: "5.2.0" - app.kubernetes.io/managed-by: Helm -spec: - listeners: - - name: dns-udp - port: 5353 - protocol: UDP - - name: dns-tcp - port: 5353 - protocol: TCP -/-/-/-/ # Source: nginx-ingress/templates/controller-lease.yaml apiVersion: coordination.k8s.io/v1 kind: Lease metadata: - name: global-configuration-nginx-ingress-leader-election - namespace: gc + name: default-nginx-ingress-leader-election + namespace: default labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: global-configuration + app.kubernetes.io/instance: default app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm --- -[TestHelmNICTemplate/globalConfigCustomName - 1] +[TestHelmNICTemplate/globalConfig - 1] /-/-/-/ # Source: nginx-ingress/templates/controller-serviceaccount.yaml apiVersion: v1 kind: ServiceAccount metadata: - name: global-config-custom-name-nginx-ingress - namespace: default + name: global-configuration-nginx-ingress + namespace: gc labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: global-config-custom-name + app.kubernetes.io/instance: global-configuration app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm /-/-/-/ @@ -4357,12 +4387,12 @@ metadata: apiVersion: v1 kind: ConfigMap metadata: - name: global-config-custom-name-nginx-ingress - namespace: default + name: global-configuration-nginx-ingress + namespace: gc labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: global-config-custom-name + app.kubernetes.io/instance: global-configuration app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm data: @@ -4372,12 +4402,12 @@ data: apiVersion: v1 kind: ConfigMap metadata: - name: global-config-custom-name-nginx-ingress-leader-election - namespace: default + name: global-configuration-nginx-ingress-leader-election + namespace: gc labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: global-config-custom-name + app.kubernetes.io/instance: global-configuration app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm /-/-/-/ @@ -4385,11 +4415,11 @@ metadata: kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: global-config-custom-name-nginx-ingress + name: global-configuration-nginx-ingress labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: global-config-custom-name + app.kubernetes.io/instance: global-configuration app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm rules: @@ -4458,6 +4488,7 @@ rules: resources: - replicasets - daemonsets + - statefulsets verbs: - get - apiGroups: @@ -4499,34 +4530,34 @@ rules: kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: global-config-custom-name-nginx-ingress + name: global-configuration-nginx-ingress labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: global-config-custom-name + app.kubernetes.io/instance: global-configuration app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm subjects: - kind: ServiceAccount - name: global-config-custom-name-nginx-ingress - namespace: default + name: global-configuration-nginx-ingress + namespace: gc roleRef: kind: ClusterRole - name: global-config-custom-name-nginx-ingress + name: global-configuration-nginx-ingress apiGroup: rbac.authorization.k8s.io /-/-/-/ # Source: nginx-ingress/templates/controller-role.yaml kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: global-config-custom-name-nginx-ingress + name: global-configuration-nginx-ingress labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: global-config-custom-name + app.kubernetes.io/instance: global-configuration app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm - namespace: default + namespace: gc rules: - apiGroups: - "" @@ -4564,7 +4595,7 @@ rules: resources: - leases resourceNames: - - global-config-custom-name-nginx-ingress-leader-election + - global-configuration-nginx-ingress-leader-election verbs: - get - update @@ -4579,33 +4610,33 @@ rules: kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: global-config-custom-name-nginx-ingress + name: global-configuration-nginx-ingress labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: global-config-custom-name + app.kubernetes.io/instance: global-configuration app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm - namespace: default + namespace: gc roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: global-config-custom-name-nginx-ingress + name: global-configuration-nginx-ingress subjects: - kind: ServiceAccount - name: global-config-custom-name-nginx-ingress - namespace: default + name: global-configuration-nginx-ingress + namespace: gc /-/-/-/ # Source: nginx-ingress/templates/controller-service.yaml apiVersion: v1 kind: Service metadata: - name: global-config-custom-name-nginx-ingress-controller - namespace: default + name: global-configuration-nginx-ingress-controller + namespace: gc labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: global-config-custom-name + app.kubernetes.io/instance: global-configuration app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm spec: @@ -4624,18 +4655,18 @@ spec: nodePort: selector: app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: global-config-custom-name + app.kubernetes.io/instance: global-configuration /-/-/-/ # Source: nginx-ingress/templates/controller-deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: - name: global-config-custom-name-nginx-ingress-controller - namespace: default + name: global-configuration-nginx-ingress-controller + namespace: gc labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: global-config-custom-name + app.kubernetes.io/instance: global-configuration app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm spec: @@ -4643,19 +4674,19 @@ spec: selector: matchLabels: app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: global-config-custom-name + app.kubernetes.io/instance: global-configuration template: metadata: labels: app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: global-config-custom-name + app.kubernetes.io/instance: global-configuration annotations: prometheus.io/scrape: "true" prometheus.io/port: "9113" prometheus.io/scheme: "http" spec: volumes: [] - serviceAccountName: global-config-custom-name-nginx-ingress + serviceAccountName: global-configuration-nginx-ingress automountServiceAccountToken: true securityContext: seccompProfile: @@ -4714,7 +4745,7 @@ spec: - -nginx-reload-timeout=60000 - -enable-app-protect=false - -enable-app-protect-dos=false - - -nginx-configmaps=$(POD_NAMESPACE)/global-config-custom-name-nginx-ingress + - -nginx-configmaps=$(POD_NAMESPACE)/global-configuration-nginx-ingress - -ingress-class=nginx - -health-status=false - -health-status-uri=/nginx-health @@ -4725,9 +4756,9 @@ spec: - -nginx-status-port=8080 - -nginx-status-allow-cidrs=127.0.0.1 - -report-ingress-status - - -external-service=global-config-custom-name-nginx-ingress-controller + - -external-service=global-configuration-nginx-ingress-controller - -enable-leader-election=true - - -leader-election-lock-name=global-config-custom-name-nginx-ingress-leader-election + - -leader-election-lock-name=global-configuration-nginx-ingress-leader-election - -enable-prometheus-metrics=true - -prometheus-metrics-listen-port=9113 - -prometheus-tls-secret= @@ -4743,7 +4774,7 @@ spec: - -enable-external-dns=false - -default-http-listener-port=80 - -default-https-listener-port=443 - - -global-configuration=test-namespace/my-custom-global-config + - -global-configuration=$(POD_NAMESPACE)/global-configuration-nginx-ingress-controller - -ready-status=true - -ready-status-port=8081 - -enable-latency-metrics=false @@ -4759,7 +4790,7 @@ metadata: labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: global-config-custom-name + app.kubernetes.io/instance: global-configuration app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm spec: @@ -4772,12 +4803,12 @@ spec: apiVersion: k8s.nginx.org/v1 kind: GlobalConfiguration metadata: - name: my-custom-global-config - namespace: test-namespace + name: global-configuration-nginx-ingress-controller + namespace: gc labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: global-config-custom-name + app.kubernetes.io/instance: global-configuration app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm spec: @@ -4785,33 +4816,36 @@ spec: - name: dns-udp port: 5353 protocol: UDP + - name: dns-tcp + port: 5353 + protocol: TCP /-/-/-/ # Source: nginx-ingress/templates/controller-lease.yaml apiVersion: coordination.k8s.io/v1 kind: Lease metadata: - name: global-config-custom-name-nginx-ingress-leader-election - namespace: default + name: global-configuration-nginx-ingress-leader-election + namespace: gc labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: global-config-custom-name + app.kubernetes.io/instance: global-configuration app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm --- -[TestHelmNICTemplate/ingressClass - 1] +[TestHelmNICTemplate/globalConfigCustomName - 1] /-/-/-/ # Source: nginx-ingress/templates/controller-serviceaccount.yaml apiVersion: v1 kind: ServiceAccount metadata: - name: ingress-class-nginx-ingress + name: global-config-custom-name-nginx-ingress namespace: default labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: ingress-class + app.kubernetes.io/instance: global-config-custom-name app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm /-/-/-/ @@ -4819,12 +4853,12 @@ metadata: apiVersion: v1 kind: ConfigMap metadata: - name: ingress-class-nginx-ingress + name: global-config-custom-name-nginx-ingress namespace: default labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: ingress-class + app.kubernetes.io/instance: global-config-custom-name app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm data: @@ -4834,12 +4868,12 @@ data: apiVersion: v1 kind: ConfigMap metadata: - name: ingress-class-nginx-ingress-leader-election + name: global-config-custom-name-nginx-ingress-leader-election namespace: default labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: ingress-class + app.kubernetes.io/instance: global-config-custom-name app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm /-/-/-/ @@ -4847,11 +4881,11 @@ metadata: kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: ingress-class-nginx-ingress + name: global-config-custom-name-nginx-ingress labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: ingress-class + app.kubernetes.io/instance: global-config-custom-name app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm rules: @@ -4920,6 +4954,7 @@ rules: resources: - replicasets - daemonsets + - statefulsets verbs: - get - apiGroups: @@ -4961,31 +4996,31 @@ rules: kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: ingress-class-nginx-ingress + name: global-config-custom-name-nginx-ingress labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: ingress-class + app.kubernetes.io/instance: global-config-custom-name app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm subjects: - kind: ServiceAccount - name: ingress-class-nginx-ingress + name: global-config-custom-name-nginx-ingress namespace: default roleRef: kind: ClusterRole - name: ingress-class-nginx-ingress + name: global-config-custom-name-nginx-ingress apiGroup: rbac.authorization.k8s.io /-/-/-/ # Source: nginx-ingress/templates/controller-role.yaml kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: ingress-class-nginx-ingress + name: global-config-custom-name-nginx-ingress labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: ingress-class + app.kubernetes.io/instance: global-config-custom-name app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm namespace: default @@ -5026,7 +5061,7 @@ rules: resources: - leases resourceNames: - - ingress-class-nginx-ingress-leader-election + - global-config-custom-name-nginx-ingress-leader-election verbs: - get - update @@ -5041,33 +5076,33 @@ rules: kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: ingress-class-nginx-ingress + name: global-config-custom-name-nginx-ingress labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: ingress-class + app.kubernetes.io/instance: global-config-custom-name app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm namespace: default roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: ingress-class-nginx-ingress + name: global-config-custom-name-nginx-ingress subjects: - kind: ServiceAccount - name: ingress-class-nginx-ingress + name: global-config-custom-name-nginx-ingress namespace: default /-/-/-/ # Source: nginx-ingress/templates/controller-service.yaml apiVersion: v1 kind: Service metadata: - name: ingress-class-nginx-ingress-controller + name: global-config-custom-name-nginx-ingress-controller namespace: default labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: ingress-class + app.kubernetes.io/instance: global-config-custom-name app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm spec: @@ -5086,18 +5121,18 @@ spec: nodePort: selector: app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: ingress-class + app.kubernetes.io/instance: global-config-custom-name /-/-/-/ # Source: nginx-ingress/templates/controller-deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: - name: ingress-class-nginx-ingress-controller + name: global-config-custom-name-nginx-ingress-controller namespace: default labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: ingress-class + app.kubernetes.io/instance: global-config-custom-name app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm spec: @@ -5105,19 +5140,19 @@ spec: selector: matchLabels: app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: ingress-class + app.kubernetes.io/instance: global-config-custom-name template: metadata: labels: app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: ingress-class + app.kubernetes.io/instance: global-config-custom-name annotations: prometheus.io/scrape: "true" prometheus.io/port: "9113" prometheus.io/scheme: "http" spec: volumes: [] - serviceAccountName: ingress-class-nginx-ingress + serviceAccountName: global-config-custom-name-nginx-ingress automountServiceAccountToken: true securityContext: seccompProfile: @@ -5176,8 +5211,8 @@ spec: - -nginx-reload-timeout=60000 - -enable-app-protect=false - -enable-app-protect-dos=false - - -nginx-configmaps=$(POD_NAMESPACE)/ingress-class-nginx-ingress - - -ingress-class=changed + - -nginx-configmaps=$(POD_NAMESPACE)/global-config-custom-name-nginx-ingress + - -ingress-class=nginx - -health-status=false - -health-status-uri=/nginx-health - -nginx-debug=false @@ -5187,9 +5222,9 @@ spec: - -nginx-status-port=8080 - -nginx-status-allow-cidrs=127.0.0.1 - -report-ingress-status - - -external-service=ingress-class-nginx-ingress-controller + - -external-service=global-config-custom-name-nginx-ingress-controller - -enable-leader-election=true - - -leader-election-lock-name=ingress-class-nginx-ingress-leader-election + - -leader-election-lock-name=global-config-custom-name-nginx-ingress-leader-election - -enable-prometheus-metrics=true - -prometheus-metrics-listen-port=9113 - -prometheus-tls-secret= @@ -5205,6 +5240,7 @@ spec: - -enable-external-dns=false - -default-http-listener-port=80 - -default-https-listener-port=443 + - -global-configuration=test-namespace/my-custom-global-config - -ready-status=true - -ready-status-port=8081 - -enable-latency-metrics=false @@ -5216,47 +5252,63 @@ spec: apiVersion: networking.k8s.io/v1 kind: IngressClass metadata: - name: changed + name: nginx labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: ingress-class + app.kubernetes.io/instance: global-config-custom-name app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm - annotations: - ingressclass.kubernetes.io/is-default-class: "true" spec: controller: nginx.org/ingress-controller /-/-/-/ # Source: nginx-ingress/templates/controller-configmap.yaml /-/-/-/ /-/-/-/ +# Source: nginx-ingress/templates/controller-globalconfiguration.yaml +apiVersion: k8s.nginx.org/v1 +kind: GlobalConfiguration +metadata: + name: my-custom-global-config + namespace: test-namespace + labels: + helm.sh/chart: nginx-ingress-2.3.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: global-config-custom-name + app.kubernetes.io/version: "5.2.0" + app.kubernetes.io/managed-by: Helm +spec: + listeners: + - name: dns-udp + port: 5353 + protocol: UDP +/-/-/-/ # Source: nginx-ingress/templates/controller-lease.yaml apiVersion: coordination.k8s.io/v1 kind: Lease metadata: - name: ingress-class-nginx-ingress-leader-election + name: global-config-custom-name-nginx-ingress-leader-election namespace: default labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: ingress-class + app.kubernetes.io/instance: global-config-custom-name app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm --- -[TestHelmNICTemplate/namespace - 1] +[TestHelmNICTemplate/globalConfigCustomName - 1] /-/-/-/ # Source: nginx-ingress/templates/controller-serviceaccount.yaml apiVersion: v1 kind: ServiceAccount metadata: - name: namespace-nginx-ingress - namespace: nginx-ingress + name: global-config-custom-name-nginx-ingress + namespace: default labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: namespace + app.kubernetes.io/instance: global-config-custom-name app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm /-/-/-/ @@ -5264,12 +5316,12 @@ metadata: apiVersion: v1 kind: ConfigMap metadata: - name: namespace-nginx-ingress - namespace: nginx-ingress + name: global-config-custom-name-nginx-ingress + namespace: default labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: namespace + app.kubernetes.io/instance: global-config-custom-name app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm data: @@ -5279,12 +5331,12 @@ data: apiVersion: v1 kind: ConfigMap metadata: - name: namespace-nginx-ingress-leader-election - namespace: nginx-ingress + name: global-config-custom-name-nginx-ingress-leader-election + namespace: default labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: namespace + app.kubernetes.io/instance: global-config-custom-name app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm /-/-/-/ @@ -5292,11 +5344,11 @@ metadata: kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: namespace-nginx-ingress + name: global-config-custom-name-nginx-ingress labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: namespace + app.kubernetes.io/instance: global-config-custom-name app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm rules: @@ -5365,6 +5417,7 @@ rules: resources: - replicasets - daemonsets + - statefulsets verbs: - get - apiGroups: @@ -5406,34 +5459,34 @@ rules: kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: namespace-nginx-ingress + name: global-config-custom-name-nginx-ingress labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: namespace + app.kubernetes.io/instance: global-config-custom-name app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm subjects: - kind: ServiceAccount - name: namespace-nginx-ingress - namespace: nginx-ingress + name: global-config-custom-name-nginx-ingress + namespace: default roleRef: kind: ClusterRole - name: namespace-nginx-ingress + name: global-config-custom-name-nginx-ingress apiGroup: rbac.authorization.k8s.io /-/-/-/ # Source: nginx-ingress/templates/controller-role.yaml kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: namespace-nginx-ingress + name: global-config-custom-name-nginx-ingress labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: namespace + app.kubernetes.io/instance: global-config-custom-name app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm - namespace: nginx-ingress + namespace: default rules: - apiGroups: - "" @@ -5471,7 +5524,7 @@ rules: resources: - leases resourceNames: - - namespace-nginx-ingress-leader-election + - global-config-custom-name-nginx-ingress-leader-election verbs: - get - update @@ -5486,33 +5539,33 @@ rules: kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: namespace-nginx-ingress + name: global-config-custom-name-nginx-ingress labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: namespace + app.kubernetes.io/instance: global-config-custom-name app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm - namespace: nginx-ingress + namespace: default roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: namespace-nginx-ingress + name: global-config-custom-name-nginx-ingress subjects: - kind: ServiceAccount - name: namespace-nginx-ingress - namespace: nginx-ingress + name: global-config-custom-name-nginx-ingress + namespace: default /-/-/-/ # Source: nginx-ingress/templates/controller-service.yaml apiVersion: v1 kind: Service metadata: - name: namespace-nginx-ingress-controller - namespace: nginx-ingress + name: global-config-custom-name-nginx-ingress-controller + namespace: default labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: namespace + app.kubernetes.io/instance: global-config-custom-name app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm spec: @@ -5531,18 +5584,18 @@ spec: nodePort: selector: app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: namespace + app.kubernetes.io/instance: global-config-custom-name /-/-/-/ # Source: nginx-ingress/templates/controller-deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: - name: namespace-nginx-ingress-controller - namespace: nginx-ingress + name: global-config-custom-name-nginx-ingress-controller + namespace: default labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: namespace + app.kubernetes.io/instance: global-config-custom-name app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm spec: @@ -5550,19 +5603,19 @@ spec: selector: matchLabels: app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: namespace + app.kubernetes.io/instance: global-config-custom-name template: metadata: labels: app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: namespace + app.kubernetes.io/instance: global-config-custom-name annotations: prometheus.io/scrape: "true" prometheus.io/port: "9113" prometheus.io/scheme: "http" spec: volumes: [] - serviceAccountName: namespace-nginx-ingress + serviceAccountName: global-config-custom-name-nginx-ingress automountServiceAccountToken: true securityContext: seccompProfile: @@ -5621,7 +5674,7 @@ spec: - -nginx-reload-timeout=60000 - -enable-app-protect=false - -enable-app-protect-dos=false - - -nginx-configmaps=$(POD_NAMESPACE)/namespace-nginx-ingress + - -nginx-configmaps=$(POD_NAMESPACE)/global-config-custom-name-nginx-ingress - -ingress-class=nginx - -health-status=false - -health-status-uri=/nginx-health @@ -5632,9 +5685,9 @@ spec: - -nginx-status-port=8080 - -nginx-status-allow-cidrs=127.0.0.1 - -report-ingress-status - - -external-service=namespace-nginx-ingress-controller + - -external-service=global-config-custom-name-nginx-ingress-controller - -enable-leader-election=true - - -leader-election-lock-name=namespace-nginx-ingress-leader-election + - -leader-election-lock-name=global-config-custom-name-nginx-ingress-leader-election - -enable-prometheus-metrics=true - -prometheus-metrics-listen-port=9113 - -prometheus-tls-secret= @@ -5650,6 +5703,7 @@ spec: - -enable-external-dns=false - -default-http-listener-port=80 - -default-https-listener-port=443 + - -global-configuration=test-namespace/my-custom-global-config - -ready-status=true - -ready-status-port=8081 - -enable-latency-metrics=false @@ -5665,7 +5719,7 @@ metadata: labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: namespace + app.kubernetes.io/instance: global-config-custom-name app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm spec: @@ -5674,32 +5728,50 @@ spec: # Source: nginx-ingress/templates/controller-configmap.yaml /-/-/-/ /-/-/-/ +# Source: nginx-ingress/templates/controller-globalconfiguration.yaml +apiVersion: k8s.nginx.org/v1 +kind: GlobalConfiguration +metadata: + name: my-custom-global-config + namespace: test-namespace + labels: + helm.sh/chart: nginx-ingress-2.3.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: global-config-custom-name + app.kubernetes.io/version: "5.2.0" + app.kubernetes.io/managed-by: Helm +spec: + listeners: + - name: dns-udp + port: 5353 + protocol: UDP +/-/-/-/ # Source: nginx-ingress/templates/controller-lease.yaml apiVersion: coordination.k8s.io/v1 kind: Lease metadata: - name: namespace-nginx-ingress-leader-election - namespace: nginx-ingress + name: global-config-custom-name-nginx-ingress-leader-election + namespace: default labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: namespace + app.kubernetes.io/instance: global-config-custom-name app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm --- -[TestHelmNICTemplate/ossAgentV3 - 1] +[TestHelmNICTemplate/ingressClass - 1] /-/-/-/ # Source: nginx-ingress/templates/controller-serviceaccount.yaml apiVersion: v1 kind: ServiceAccount metadata: - name: oss-agent-nginx-ingress + name: ingress-class-nginx-ingress namespace: default labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: oss-agent + app.kubernetes.io/instance: ingress-class app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm /-/-/-/ @@ -5707,68 +5779,27 @@ metadata: apiVersion: v1 kind: ConfigMap metadata: - name: oss-agent-nginx-ingress + name: ingress-class-nginx-ingress namespace: default labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: oss-agent + app.kubernetes.io/instance: ingress-class app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm data: {} /-/-/-/ -# Source: nginx-ingress/templates/controller-configmap.yaml +# Source: nginx-ingress/templates/controller-leader-election-configmap.yaml apiVersion: v1 kind: ConfigMap metadata: - name: oss-agent-nginx-ingress-agent-config - namespace: default - labels: - helm.sh/chart: nginx-ingress-2.3.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: oss-agent - app.kubernetes.io/version: "5.2.0" - app.kubernetes.io/managed-by: Helm -data: - nginx-agent.conf: |- - - log: - # set log level (error, info, debug; default "info") - level: info - # set log path. if empty, don't log to file. - path: "" - - allowed_directories: - - /etc/nginx - - /usr/lib/nginx/modules - - features: - - certificates - - connection - - metrics - - file-watcher - - ## command server settings - command: - server: - host: agent.connect.nginx.com - port: 443 - auth: - tokenpath: "/etc/nginx-agent/secrets/dataplane.key" - tls: - skip_verify: false -/-/-/-/ -# Source: nginx-ingress/templates/controller-leader-election-configmap.yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: oss-agent-nginx-ingress-leader-election + name: ingress-class-nginx-ingress-leader-election namespace: default labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: oss-agent + app.kubernetes.io/instance: ingress-class app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm /-/-/-/ @@ -5776,11 +5807,11 @@ metadata: kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: oss-agent-nginx-ingress + name: ingress-class-nginx-ingress labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: oss-agent + app.kubernetes.io/instance: ingress-class app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm rules: @@ -5849,6 +5880,7 @@ rules: resources: - replicasets - daemonsets + - statefulsets verbs: - get - apiGroups: @@ -5890,31 +5922,31 @@ rules: kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: oss-agent-nginx-ingress + name: ingress-class-nginx-ingress labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: oss-agent + app.kubernetes.io/instance: ingress-class app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm subjects: - kind: ServiceAccount - name: oss-agent-nginx-ingress + name: ingress-class-nginx-ingress namespace: default roleRef: kind: ClusterRole - name: oss-agent-nginx-ingress + name: ingress-class-nginx-ingress apiGroup: rbac.authorization.k8s.io /-/-/-/ # Source: nginx-ingress/templates/controller-role.yaml kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: oss-agent-nginx-ingress + name: ingress-class-nginx-ingress labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: oss-agent + app.kubernetes.io/instance: ingress-class app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm namespace: default @@ -5955,7 +5987,7 @@ rules: resources: - leases resourceNames: - - oss-agent-nginx-ingress-leader-election + - ingress-class-nginx-ingress-leader-election verbs: - get - update @@ -5970,33 +6002,33 @@ rules: kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: oss-agent-nginx-ingress + name: ingress-class-nginx-ingress labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: oss-agent + app.kubernetes.io/instance: ingress-class app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm namespace: default roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: oss-agent-nginx-ingress + name: ingress-class-nginx-ingress subjects: - kind: ServiceAccount - name: oss-agent-nginx-ingress + name: ingress-class-nginx-ingress namespace: default /-/-/-/ # Source: nginx-ingress/templates/controller-service.yaml apiVersion: v1 kind: Service metadata: - name: oss-agent-nginx-ingress-controller + name: ingress-class-nginx-ingress-controller namespace: default labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: oss-agent + app.kubernetes.io/instance: ingress-class app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm spec: @@ -6015,18 +6047,18 @@ spec: nodePort: selector: app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: oss-agent + app.kubernetes.io/instance: ingress-class /-/-/-/ # Source: nginx-ingress/templates/controller-deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: - name: oss-agent-nginx-ingress-controller + name: ingress-class-nginx-ingress-controller namespace: default labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: oss-agent + app.kubernetes.io/instance: ingress-class app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm spec: @@ -6034,27 +6066,19 @@ spec: selector: matchLabels: app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: oss-agent + app.kubernetes.io/instance: ingress-class template: metadata: labels: app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: oss-agent - agent-configuration-revision-hash: "e150cd8a" + app.kubernetes.io/instance: ingress-class annotations: prometheus.io/scrape: "true" prometheus.io/port: "9113" prometheus.io/scheme: "http" spec: - volumes: - - - name: agent-conf - configMap: - name: oss-agent-nginx-ingress-agent-config - - name: dataplane-key - secret: - secretName: dataplane-key - serviceAccountName: oss-agent-nginx-ingress + volumes: [] + serviceAccountName: ingress-class-nginx-ingress automountServiceAccountToken: true securityContext: seccompProfile: @@ -6097,13 +6121,7 @@ spec: - ALL add: - NET_BIND_SERVICE - volumeMounts: - - - name: agent-conf - mountPath: /etc/nginx-agent/nginx-agent.conf - subPath: nginx-agent.conf - - name: dataplane-key - mountPath: /etc/nginx-agent/secrets + volumeMounts: [] env: - name: POD_NAMESPACE valueFrom: @@ -6119,8 +6137,8 @@ spec: - -nginx-reload-timeout=60000 - -enable-app-protect=false - -enable-app-protect-dos=false - - -nginx-configmaps=$(POD_NAMESPACE)/oss-agent-nginx-ingress - - -ingress-class=nginx + - -nginx-configmaps=$(POD_NAMESPACE)/ingress-class-nginx-ingress + - -ingress-class=changed - -health-status=false - -health-status-uri=/nginx-health - -nginx-debug=false @@ -6130,9 +6148,9 @@ spec: - -nginx-status-port=8080 - -nginx-status-allow-cidrs=127.0.0.1 - -report-ingress-status - - -external-service=oss-agent-nginx-ingress-controller + - -external-service=ingress-class-nginx-ingress-controller - -enable-leader-election=true - - -leader-election-lock-name=oss-agent-nginx-ingress-leader-election + - -leader-election-lock-name=ingress-class-nginx-ingress-leader-election - -enable-prometheus-metrics=true - -prometheus-metrics-listen-port=9113 - -prometheus-tls-secret= @@ -6154,48 +6172,52 @@ spec: - -ssl-dynamic-reload=true - -enable-telemetry-reporting=true - -weight-changes-dynamic-reload=false - - -agent=true /-/-/-/ # Source: nginx-ingress/templates/controller-ingress-class.yaml apiVersion: networking.k8s.io/v1 kind: IngressClass metadata: - name: nginx + name: changed labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: oss-agent + app.kubernetes.io/instance: ingress-class app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm + annotations: + ingressclass.kubernetes.io/is-default-class: "true" spec: controller: nginx.org/ingress-controller /-/-/-/ +# Source: nginx-ingress/templates/controller-configmap.yaml +/-/-/-/ +/-/-/-/ # Source: nginx-ingress/templates/controller-lease.yaml apiVersion: coordination.k8s.io/v1 kind: Lease metadata: - name: oss-agent-nginx-ingress-leader-election + name: ingress-class-nginx-ingress-leader-election namespace: default labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: oss-agent + app.kubernetes.io/instance: ingress-class app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm --- -[TestHelmNICTemplate/plus - 1] +[TestHelmNICTemplate/namespace - 1] /-/-/-/ # Source: nginx-ingress/templates/controller-serviceaccount.yaml apiVersion: v1 kind: ServiceAccount metadata: - name: plus-nginx-ingress - namespace: default + name: namespace-nginx-ingress + namespace: nginx-ingress labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus + app.kubernetes.io/instance: namespace app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm /-/-/-/ @@ -6203,43 +6225,27 @@ metadata: apiVersion: v1 kind: ConfigMap metadata: - name: plus-nginx-ingress - namespace: default + name: namespace-nginx-ingress + namespace: nginx-ingress labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus + app.kubernetes.io/instance: namespace app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm data: {} /-/-/-/ -# Source: nginx-ingress/templates/controller-configmap.yaml -/-/-/-/ -apiVersion: v1 -kind: ConfigMap -metadata: - name: plus-nginx-ingress-mgmt - namespace: default - labels: - helm.sh/chart: nginx-ingress-2.3.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus - app.kubernetes.io/version: "5.2.0" - app.kubernetes.io/managed-by: Helm -data: - license-token-secret-name: license-token -/-/-/-/ # Source: nginx-ingress/templates/controller-leader-election-configmap.yaml apiVersion: v1 kind: ConfigMap metadata: - name: plus-nginx-ingress-leader-election - namespace: default + name: namespace-nginx-ingress-leader-election + namespace: nginx-ingress labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus + app.kubernetes.io/instance: namespace app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm /-/-/-/ @@ -6247,11 +6253,11 @@ metadata: kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: plus-nginx-ingress + name: namespace-nginx-ingress labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus + app.kubernetes.io/instance: namespace app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm rules: @@ -6320,6 +6326,7 @@ rules: resources: - replicasets - daemonsets + - statefulsets verbs: - get - apiGroups: @@ -6361,34 +6368,34 @@ rules: kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: plus-nginx-ingress + name: namespace-nginx-ingress labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus + app.kubernetes.io/instance: namespace app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm subjects: - kind: ServiceAccount - name: plus-nginx-ingress - namespace: default + name: namespace-nginx-ingress + namespace: nginx-ingress roleRef: kind: ClusterRole - name: plus-nginx-ingress + name: namespace-nginx-ingress apiGroup: rbac.authorization.k8s.io /-/-/-/ # Source: nginx-ingress/templates/controller-role.yaml kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: plus-nginx-ingress + name: namespace-nginx-ingress labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus + app.kubernetes.io/instance: namespace app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm - namespace: default + namespace: nginx-ingress rules: - apiGroups: - "" @@ -6426,7 +6433,7 @@ rules: resources: - leases resourceNames: - - plus-nginx-ingress-leader-election + - namespace-nginx-ingress-leader-election verbs: - get - update @@ -6441,33 +6448,33 @@ rules: kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: plus-nginx-ingress + name: namespace-nginx-ingress labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus + app.kubernetes.io/instance: namespace app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm - namespace: default + namespace: nginx-ingress roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: plus-nginx-ingress + name: namespace-nginx-ingress subjects: - kind: ServiceAccount - name: plus-nginx-ingress - namespace: default + name: namespace-nginx-ingress + namespace: nginx-ingress /-/-/-/ # Source: nginx-ingress/templates/controller-service.yaml apiVersion: v1 kind: Service metadata: - name: plus-nginx-ingress-controller - namespace: default + name: namespace-nginx-ingress-controller + namespace: nginx-ingress labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus + app.kubernetes.io/instance: namespace app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm spec: @@ -6486,18 +6493,18 @@ spec: nodePort: selector: app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus + app.kubernetes.io/instance: namespace /-/-/-/ # Source: nginx-ingress/templates/controller-deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: - name: plus-nginx-ingress-controller - namespace: default + name: namespace-nginx-ingress-controller + namespace: nginx-ingress labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus + app.kubernetes.io/instance: namespace app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm spec: @@ -6505,19 +6512,19 @@ spec: selector: matchLabels: app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus + app.kubernetes.io/instance: namespace template: metadata: labels: app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus + app.kubernetes.io/instance: namespace annotations: prometheus.io/scrape: "true" prometheus.io/port: "9113" prometheus.io/scheme: "http" spec: volumes: [] - serviceAccountName: plus-nginx-ingress + serviceAccountName: namespace-nginx-ingress automountServiceAccountToken: true securityContext: seccompProfile: @@ -6572,12 +6579,11 @@ spec: fieldPath: metadata.name args: - - -nginx-plus=true + - -nginx-plus=false - -nginx-reload-timeout=60000 - -enable-app-protect=false - -enable-app-protect-dos=false - - -nginx-configmaps=$(POD_NAMESPACE)/plus-nginx-ingress - - -mgmt-configmap=$(POD_NAMESPACE)/plus-nginx-ingress-mgmt + - -nginx-configmaps=$(POD_NAMESPACE)/namespace-nginx-ingress - -ingress-class=nginx - -health-status=false - -health-status-uri=/nginx-health @@ -6588,9 +6594,9 @@ spec: - -nginx-status-port=8080 - -nginx-status-allow-cidrs=127.0.0.1 - -report-ingress-status - - -external-service=plus-nginx-ingress-controller + - -external-service=namespace-nginx-ingress-controller - -enable-leader-election=true - - -leader-election-lock-name=plus-nginx-ingress-leader-election + - -leader-election-lock-name=namespace-nginx-ingress-leader-election - -enable-prometheus-metrics=true - -prometheus-metrics-listen-port=9113 - -prometheus-tls-secret= @@ -6621,38 +6627,41 @@ metadata: labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus + app.kubernetes.io/instance: namespace app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm spec: controller: nginx.org/ingress-controller /-/-/-/ +# Source: nginx-ingress/templates/controller-configmap.yaml +/-/-/-/ +/-/-/-/ # Source: nginx-ingress/templates/controller-lease.yaml apiVersion: coordination.k8s.io/v1 kind: Lease metadata: - name: plus-nginx-ingress-leader-election - namespace: default + name: namespace-nginx-ingress-leader-election + namespace: nginx-ingress labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus + app.kubernetes.io/instance: namespace app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm --- -[TestHelmNICTemplate/plus-debug - 1] +[TestHelmNICTemplate/ossAgentV3 - 1] /-/-/-/ # Source: nginx-ingress/templates/controller-serviceaccount.yaml apiVersion: v1 kind: ServiceAccount metadata: - name: plus-debug-nginx-ingress + name: oss-agent-nginx-ingress namespace: default labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus-debug + app.kubernetes.io/instance: oss-agent app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm /-/-/-/ @@ -6660,43 +6669,68 @@ metadata: apiVersion: v1 kind: ConfigMap metadata: - name: plus-debug-nginx-ingress + name: oss-agent-nginx-ingress namespace: default labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus-debug + app.kubernetes.io/instance: oss-agent app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm data: {} /-/-/-/ # Source: nginx-ingress/templates/controller-configmap.yaml -/-/-/-/ apiVersion: v1 kind: ConfigMap metadata: - name: plus-debug-nginx-ingress-mgmt + name: oss-agent-nginx-ingress-agent-config namespace: default labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus-debug + app.kubernetes.io/instance: oss-agent app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm data: - license-token-secret-name: license-token -/-/-/-/ -# Source: nginx-ingress/templates/controller-leader-election-configmap.yaml -apiVersion: v1 -kind: ConfigMap + nginx-agent.conf: |- + + log: + # set log level (error, info, debug; default "info") + level: info + # set log path. if empty, don't log to file. + path: "" + + allowed_directories: + - /etc/nginx + - /usr/lib/nginx/modules + + features: + - certificates + - connection + - metrics + - file-watcher + + ## command server settings + command: + server: + host: agent.connect.nginx.com + port: 443 + auth: + tokenpath: "/etc/nginx-agent/secrets/dataplane.key" + tls: + skip_verify: false +/-/-/-/ +# Source: nginx-ingress/templates/controller-leader-election-configmap.yaml +apiVersion: v1 +kind: ConfigMap metadata: - name: plus-debug-nginx-ingress-leader-election + name: oss-agent-nginx-ingress-leader-election namespace: default labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus-debug + app.kubernetes.io/instance: oss-agent app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm /-/-/-/ @@ -6704,11 +6738,11 @@ metadata: kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: plus-debug-nginx-ingress + name: oss-agent-nginx-ingress labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus-debug + app.kubernetes.io/instance: oss-agent app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm rules: @@ -6777,6 +6811,7 @@ rules: resources: - replicasets - daemonsets + - statefulsets verbs: - get - apiGroups: @@ -6818,31 +6853,31 @@ rules: kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: plus-debug-nginx-ingress + name: oss-agent-nginx-ingress labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus-debug + app.kubernetes.io/instance: oss-agent app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm subjects: - kind: ServiceAccount - name: plus-debug-nginx-ingress + name: oss-agent-nginx-ingress namespace: default roleRef: kind: ClusterRole - name: plus-debug-nginx-ingress + name: oss-agent-nginx-ingress apiGroup: rbac.authorization.k8s.io /-/-/-/ # Source: nginx-ingress/templates/controller-role.yaml kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: plus-debug-nginx-ingress + name: oss-agent-nginx-ingress labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus-debug + app.kubernetes.io/instance: oss-agent app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm namespace: default @@ -6883,7 +6918,7 @@ rules: resources: - leases resourceNames: - - plus-debug-nginx-ingress-leader-election + - oss-agent-nginx-ingress-leader-election verbs: - get - update @@ -6898,33 +6933,33 @@ rules: kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: plus-debug-nginx-ingress + name: oss-agent-nginx-ingress labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus-debug + app.kubernetes.io/instance: oss-agent app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm namespace: default roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: plus-debug-nginx-ingress + name: oss-agent-nginx-ingress subjects: - kind: ServiceAccount - name: plus-debug-nginx-ingress + name: oss-agent-nginx-ingress namespace: default /-/-/-/ # Source: nginx-ingress/templates/controller-service.yaml apiVersion: v1 kind: Service metadata: - name: plus-debug-nginx-ingress-controller + name: oss-agent-nginx-ingress-controller namespace: default labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus-debug + app.kubernetes.io/instance: oss-agent app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm spec: @@ -6943,18 +6978,18 @@ spec: nodePort: selector: app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus-debug + app.kubernetes.io/instance: oss-agent /-/-/-/ # Source: nginx-ingress/templates/controller-deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: - name: plus-debug-nginx-ingress-controller + name: oss-agent-nginx-ingress-controller namespace: default labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus-debug + app.kubernetes.io/instance: oss-agent app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm spec: @@ -6962,19 +6997,27 @@ spec: selector: matchLabels: app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus-debug + app.kubernetes.io/instance: oss-agent template: metadata: labels: app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus-debug + app.kubernetes.io/instance: oss-agent + agent-configuration-revision-hash: "e150cd8a" annotations: prometheus.io/scrape: "true" prometheus.io/port: "9113" prometheus.io/scheme: "http" spec: - volumes: [] - serviceAccountName: plus-debug-nginx-ingress + volumes: + + - name: agent-conf + configMap: + name: oss-agent-nginx-ingress-agent-config + - name: dataplane-key + secret: + secretName: dataplane-key + serviceAccountName: oss-agent-nginx-ingress automountServiceAccountToken: true securityContext: seccompProfile: @@ -7017,7 +7060,13 @@ spec: - ALL add: - NET_BIND_SERVICE - volumeMounts: [] + volumeMounts: + + - name: agent-conf + mountPath: /etc/nginx-agent/nginx-agent.conf + subPath: nginx-agent.conf + - name: dataplane-key + mountPath: /etc/nginx-agent/secrets env: - name: POD_NAMESPACE valueFrom: @@ -7029,22 +7078,11 @@ spec: fieldPath: metadata.name args: - - --listen=:2345 - - --headless=true - - --log=true - - --log-output=debugger,debuglineerr,gdbwire,lldbout,rpc,dap,fncall,minidump,stack - - --accept-multiclient - - --api-version=2 - - exec - - ./nginx-ingress - - --continue - - -- - - -nginx-plus=true + - -nginx-plus=false - -nginx-reload-timeout=60000 - -enable-app-protect=false - -enable-app-protect-dos=false - - -nginx-configmaps=$(POD_NAMESPACE)/plus-debug-nginx-ingress - - -mgmt-configmap=$(POD_NAMESPACE)/plus-debug-nginx-ingress-mgmt + - -nginx-configmaps=$(POD_NAMESPACE)/oss-agent-nginx-ingress - -ingress-class=nginx - -health-status=false - -health-status-uri=/nginx-health @@ -7055,9 +7093,9 @@ spec: - -nginx-status-port=8080 - -nginx-status-allow-cidrs=127.0.0.1 - -report-ingress-status - - -external-service=plus-debug-nginx-ingress-controller + - -external-service=oss-agent-nginx-ingress-controller - -enable-leader-election=true - - -leader-election-lock-name=plus-debug-nginx-ingress-leader-election + - -leader-election-lock-name=oss-agent-nginx-ingress-leader-election - -enable-prometheus-metrics=true - -prometheus-metrics-listen-port=9113 - -prometheus-tls-secret= @@ -7079,6 +7117,7 @@ spec: - -ssl-dynamic-reload=true - -enable-telemetry-reporting=true - -weight-changes-dynamic-reload=false + - -agent=true /-/-/-/ # Source: nginx-ingress/templates/controller-ingress-class.yaml apiVersion: networking.k8s.io/v1 @@ -7088,7 +7127,7 @@ metadata: labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus-debug + app.kubernetes.io/instance: oss-agent app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm spec: @@ -7098,28 +7137,28 @@ spec: apiVersion: coordination.k8s.io/v1 kind: Lease metadata: - name: plus-debug-nginx-ingress-leader-election + name: oss-agent-nginx-ingress-leader-election namespace: default labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus-debug + app.kubernetes.io/instance: oss-agent app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm --- -[TestHelmNICTemplate/plus-mgmt - 1] +[TestHelmNICTemplate/plus - 1] /-/-/-/ # Source: nginx-ingress/templates/controller-serviceaccount.yaml apiVersion: v1 kind: ServiceAccount metadata: - name: plus-mgmt-nginx-ingress + name: plus-nginx-ingress namespace: default labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus-mgmt + app.kubernetes.io/instance: plus app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm /-/-/-/ @@ -7127,12 +7166,12 @@ metadata: apiVersion: v1 kind: ConfigMap metadata: - name: plus-mgmt-nginx-ingress + name: plus-nginx-ingress namespace: default labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus-mgmt + app.kubernetes.io/instance: plus app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm data: @@ -7143,37 +7182,27 @@ data: apiVersion: v1 kind: ConfigMap metadata: - name: plus-mgmt-nginx-ingress-mgmt + name: plus-nginx-ingress-mgmt namespace: default labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus-mgmt + app.kubernetes.io/instance: plus app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm data: - license-token-secret-name: license - ssl-verify: "false" - enforce-initial-report: "true" - usage-report-endpoint: "11.22.33.44" - usage-report-interval: "7h" - usage-report-proxy-host: "44.55.66.77:88" - ssl-trusted-certificate-secret-name: "ssl-trusted" - ssl-certificate-secret-name: "ssl-cert" - resolver-addresses: "example.com" - resolver-ipv6: "false" - resolver-valid: "15s" + license-token-secret-name: license-token /-/-/-/ # Source: nginx-ingress/templates/controller-leader-election-configmap.yaml apiVersion: v1 kind: ConfigMap metadata: - name: plus-mgmt-nginx-ingress-leader-election + name: plus-nginx-ingress-leader-election namespace: default labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus-mgmt + app.kubernetes.io/instance: plus app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm /-/-/-/ @@ -7181,11 +7210,11 @@ metadata: kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: plus-mgmt-nginx-ingress + name: plus-nginx-ingress labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus-mgmt + app.kubernetes.io/instance: plus app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm rules: @@ -7254,6 +7283,7 @@ rules: resources: - replicasets - daemonsets + - statefulsets verbs: - get - apiGroups: @@ -7295,31 +7325,31 @@ rules: kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: plus-mgmt-nginx-ingress + name: plus-nginx-ingress labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus-mgmt + app.kubernetes.io/instance: plus app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm subjects: - kind: ServiceAccount - name: plus-mgmt-nginx-ingress + name: plus-nginx-ingress namespace: default roleRef: kind: ClusterRole - name: plus-mgmt-nginx-ingress + name: plus-nginx-ingress apiGroup: rbac.authorization.k8s.io /-/-/-/ # Source: nginx-ingress/templates/controller-role.yaml kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: plus-mgmt-nginx-ingress + name: plus-nginx-ingress labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus-mgmt + app.kubernetes.io/instance: plus app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm namespace: default @@ -7360,7 +7390,7 @@ rules: resources: - leases resourceNames: - - plus-mgmt-nginx-ingress-leader-election + - plus-nginx-ingress-leader-election verbs: - get - update @@ -7375,33 +7405,33 @@ rules: kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: plus-mgmt-nginx-ingress + name: plus-nginx-ingress labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus-mgmt + app.kubernetes.io/instance: plus app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm namespace: default roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: plus-mgmt-nginx-ingress + name: plus-nginx-ingress subjects: - kind: ServiceAccount - name: plus-mgmt-nginx-ingress + name: plus-nginx-ingress namespace: default /-/-/-/ # Source: nginx-ingress/templates/controller-service.yaml apiVersion: v1 kind: Service metadata: - name: plus-mgmt-nginx-ingress-controller + name: plus-nginx-ingress-controller namespace: default labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus-mgmt + app.kubernetes.io/instance: plus app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm spec: @@ -7420,18 +7450,18 @@ spec: nodePort: selector: app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus-mgmt + app.kubernetes.io/instance: plus /-/-/-/ # Source: nginx-ingress/templates/controller-deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: - name: plus-mgmt-nginx-ingress-controller + name: plus-nginx-ingress-controller namespace: default labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus-mgmt + app.kubernetes.io/instance: plus app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm spec: @@ -7439,19 +7469,19 @@ spec: selector: matchLabels: app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus-mgmt + app.kubernetes.io/instance: plus template: metadata: labels: app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus-mgmt + app.kubernetes.io/instance: plus annotations: prometheus.io/scrape: "true" prometheus.io/port: "9113" prometheus.io/scheme: "http" spec: volumes: [] - serviceAccountName: plus-mgmt-nginx-ingress + serviceAccountName: plus-nginx-ingress automountServiceAccountToken: true securityContext: seccompProfile: @@ -7504,24 +7534,14 @@ spec: valueFrom: fieldRef: fieldPath: metadata.name - - name: PROXY_USER - valueFrom: - secretKeyRef: - name: proxy-credentials - key: username - - name: PROXY_PASS - valueFrom: - secretKeyRef: - name: proxy-credentials - key: password args: - -nginx-plus=true - -nginx-reload-timeout=60000 - -enable-app-protect=false - -enable-app-protect-dos=false - - -nginx-configmaps=$(POD_NAMESPACE)/plus-mgmt-nginx-ingress - - -mgmt-configmap=$(POD_NAMESPACE)/plus-mgmt-nginx-ingress-mgmt + - -nginx-configmaps=$(POD_NAMESPACE)/plus-nginx-ingress + - -mgmt-configmap=$(POD_NAMESPACE)/plus-nginx-ingress-mgmt - -ingress-class=nginx - -health-status=false - -health-status-uri=/nginx-health @@ -7532,9 +7552,9 @@ spec: - -nginx-status-port=8080 - -nginx-status-allow-cidrs=127.0.0.1 - -report-ingress-status - - -external-service=plus-mgmt-nginx-ingress-controller + - -external-service=plus-nginx-ingress-controller - -enable-leader-election=true - - -leader-election-lock-name=plus-mgmt-nginx-ingress-leader-election + - -leader-election-lock-name=plus-nginx-ingress-leader-election - -enable-prometheus-metrics=true - -prometheus-metrics-listen-port=9113 - -prometheus-tls-secret= @@ -7565,7 +7585,7 @@ metadata: labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus-mgmt + app.kubernetes.io/instance: plus app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm spec: @@ -7575,28 +7595,28 @@ spec: apiVersion: coordination.k8s.io/v1 kind: Lease metadata: - name: plus-mgmt-nginx-ingress-leader-election + name: plus-nginx-ingress-leader-election namespace: default labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus-mgmt + app.kubernetes.io/instance: plus app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm --- -[TestHelmNICTemplate/plus-mgmt-custom-endpoint - 1] +[TestHelmNICTemplate/plus-debug - 1] /-/-/-/ # Source: nginx-ingress/templates/controller-serviceaccount.yaml apiVersion: v1 kind: ServiceAccount metadata: - name: plus-mgmt-custom-endpoint-nginx-ingress + name: plus-debug-nginx-ingress namespace: default labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus-mgmt-custom-endpoint + app.kubernetes.io/instance: plus-debug app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm /-/-/-/ @@ -7604,12 +7624,12 @@ metadata: apiVersion: v1 kind: ConfigMap metadata: - name: plus-mgmt-custom-endpoint-nginx-ingress + name: plus-debug-nginx-ingress namespace: default labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus-mgmt-custom-endpoint + app.kubernetes.io/instance: plus-debug app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm data: @@ -7620,28 +7640,27 @@ data: apiVersion: v1 kind: ConfigMap metadata: - name: plus-mgmt-custom-endpoint-nginx-ingress-mgmt + name: plus-debug-nginx-ingress-mgmt namespace: default labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus-mgmt-custom-endpoint + app.kubernetes.io/instance: plus-debug app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm data: license-token-secret-name: license-token - usage-report-endpoint: "11.22.33.44" /-/-/-/ # Source: nginx-ingress/templates/controller-leader-election-configmap.yaml apiVersion: v1 kind: ConfigMap metadata: - name: plus-mgmt-custom-endpoint-nginx-ingress-leader-election + name: plus-debug-nginx-ingress-leader-election namespace: default labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus-mgmt-custom-endpoint + app.kubernetes.io/instance: plus-debug app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm /-/-/-/ @@ -7649,11 +7668,11 @@ metadata: kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: plus-mgmt-custom-endpoint-nginx-ingress + name: plus-debug-nginx-ingress labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus-mgmt-custom-endpoint + app.kubernetes.io/instance: plus-debug app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm rules: @@ -7722,6 +7741,7 @@ rules: resources: - replicasets - daemonsets + - statefulsets verbs: - get - apiGroups: @@ -7763,31 +7783,31 @@ rules: kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: plus-mgmt-custom-endpoint-nginx-ingress + name: plus-debug-nginx-ingress labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus-mgmt-custom-endpoint + app.kubernetes.io/instance: plus-debug app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm subjects: - kind: ServiceAccount - name: plus-mgmt-custom-endpoint-nginx-ingress + name: plus-debug-nginx-ingress namespace: default roleRef: kind: ClusterRole - name: plus-mgmt-custom-endpoint-nginx-ingress + name: plus-debug-nginx-ingress apiGroup: rbac.authorization.k8s.io /-/-/-/ # Source: nginx-ingress/templates/controller-role.yaml kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: plus-mgmt-custom-endpoint-nginx-ingress + name: plus-debug-nginx-ingress labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus-mgmt-custom-endpoint + app.kubernetes.io/instance: plus-debug app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm namespace: default @@ -7828,7 +7848,7 @@ rules: resources: - leases resourceNames: - - plus-mgmt-custom-endpoint-nginx-ingress-leader-election + - plus-debug-nginx-ingress-leader-election verbs: - get - update @@ -7843,33 +7863,33 @@ rules: kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: plus-mgmt-custom-endpoint-nginx-ingress + name: plus-debug-nginx-ingress labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus-mgmt-custom-endpoint + app.kubernetes.io/instance: plus-debug app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm namespace: default roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: plus-mgmt-custom-endpoint-nginx-ingress + name: plus-debug-nginx-ingress subjects: - kind: ServiceAccount - name: plus-mgmt-custom-endpoint-nginx-ingress + name: plus-debug-nginx-ingress namespace: default /-/-/-/ # Source: nginx-ingress/templates/controller-service.yaml apiVersion: v1 kind: Service metadata: - name: plus-mgmt-custom-endpoint-nginx-ingress-controller + name: plus-debug-nginx-ingress-controller namespace: default labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus-mgmt-custom-endpoint + app.kubernetes.io/instance: plus-debug app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm spec: @@ -7888,18 +7908,18 @@ spec: nodePort: selector: app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus-mgmt-custom-endpoint + app.kubernetes.io/instance: plus-debug /-/-/-/ # Source: nginx-ingress/templates/controller-deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: - name: plus-mgmt-custom-endpoint-nginx-ingress-controller + name: plus-debug-nginx-ingress-controller namespace: default labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus-mgmt-custom-endpoint + app.kubernetes.io/instance: plus-debug app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm spec: @@ -7907,19 +7927,19 @@ spec: selector: matchLabels: app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus-mgmt-custom-endpoint + app.kubernetes.io/instance: plus-debug template: metadata: labels: app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus-mgmt-custom-endpoint + app.kubernetes.io/instance: plus-debug annotations: prometheus.io/scrape: "true" prometheus.io/port: "9113" prometheus.io/scheme: "http" spec: volumes: [] - serviceAccountName: plus-mgmt-custom-endpoint-nginx-ingress + serviceAccountName: plus-debug-nginx-ingress automountServiceAccountToken: true securityContext: seccompProfile: @@ -7974,12 +7994,22 @@ spec: fieldPath: metadata.name args: + - --listen=:2345 + - --headless=true + - --log=true + - --log-output=debugger,debuglineerr,gdbwire,lldbout,rpc,dap,fncall,minidump,stack + - --accept-multiclient + - --api-version=2 + - exec + - ./nginx-ingress + - --continue + - -- - -nginx-plus=true - -nginx-reload-timeout=60000 - -enable-app-protect=false - -enable-app-protect-dos=false - - -nginx-configmaps=$(POD_NAMESPACE)/plus-mgmt-custom-endpoint-nginx-ingress - - -mgmt-configmap=$(POD_NAMESPACE)/plus-mgmt-custom-endpoint-nginx-ingress-mgmt + - -nginx-configmaps=$(POD_NAMESPACE)/plus-debug-nginx-ingress + - -mgmt-configmap=$(POD_NAMESPACE)/plus-debug-nginx-ingress-mgmt - -ingress-class=nginx - -health-status=false - -health-status-uri=/nginx-health @@ -7990,9 +8020,9 @@ spec: - -nginx-status-port=8080 - -nginx-status-allow-cidrs=127.0.0.1 - -report-ingress-status - - -external-service=plus-mgmt-custom-endpoint-nginx-ingress-controller + - -external-service=plus-debug-nginx-ingress-controller - -enable-leader-election=true - - -leader-election-lock-name=plus-mgmt-custom-endpoint-nginx-ingress-leader-election + - -leader-election-lock-name=plus-debug-nginx-ingress-leader-election - -enable-prometheus-metrics=true - -prometheus-metrics-listen-port=9113 - -prometheus-tls-secret= @@ -8023,7 +8053,7 @@ metadata: labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus-mgmt-custom-endpoint + app.kubernetes.io/instance: plus-debug app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm spec: @@ -8033,28 +8063,2919 @@ spec: apiVersion: coordination.k8s.io/v1 kind: Lease metadata: - name: plus-mgmt-custom-endpoint-nginx-ingress-leader-election + name: plus-debug-nginx-ingress-leader-election + namespace: default + labels: + helm.sh/chart: nginx-ingress-2.3.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus-debug + app.kubernetes.io/version: "5.2.0" + app.kubernetes.io/managed-by: Helm +--- + +[TestHelmNICTemplate/plus-mgmt - 1] +/-/-/-/ +# Source: nginx-ingress/templates/controller-serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: plus-mgmt-nginx-ingress + namespace: default + labels: + helm.sh/chart: nginx-ingress-2.3.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus-mgmt + app.kubernetes.io/version: "5.2.0" + app.kubernetes.io/managed-by: Helm +/-/-/-/ +# Source: nginx-ingress/templates/controller-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: plus-mgmt-nginx-ingress + namespace: default + labels: + helm.sh/chart: nginx-ingress-2.3.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus-mgmt + app.kubernetes.io/version: "5.2.0" + app.kubernetes.io/managed-by: Helm +data: + {} +/-/-/-/ +# Source: nginx-ingress/templates/controller-configmap.yaml +/-/-/-/ +apiVersion: v1 +kind: ConfigMap +metadata: + name: plus-mgmt-nginx-ingress-mgmt + namespace: default + labels: + helm.sh/chart: nginx-ingress-2.3.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus-mgmt + app.kubernetes.io/version: "5.2.0" + app.kubernetes.io/managed-by: Helm +data: + license-token-secret-name: license + ssl-verify: "false" + enforce-initial-report: "true" + usage-report-endpoint: "11.22.33.44" + usage-report-interval: "7h" + usage-report-proxy-host: "44.55.66.77:88" + ssl-trusted-certificate-secret-name: "ssl-trusted" + ssl-certificate-secret-name: "ssl-cert" + resolver-addresses: "example.com" + resolver-ipv6: "false" + resolver-valid: "15s" +/-/-/-/ +# Source: nginx-ingress/templates/controller-leader-election-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: plus-mgmt-nginx-ingress-leader-election + namespace: default + labels: + helm.sh/chart: nginx-ingress-2.3.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus-mgmt + app.kubernetes.io/version: "5.2.0" + app.kubernetes.io/managed-by: Helm +/-/-/-/ +# Source: nginx-ingress/templates/clusterrole.yaml +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: plus-mgmt-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-2.3.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus-mgmt + app.kubernetes.io/version: "5.2.0" + app.kubernetes.io/managed-by: Helm +rules: +- apiGroups: + - "" + resources: + - configmaps + - namespaces + - pods + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - list +- apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - list +- apiGroups: + - "apps" + resources: + - replicasets + - daemonsets + - statefulsets + verbs: + - get +- apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list +- apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - update +- apiGroups: + - k8s.nginx.org + resources: + - virtualservers + - virtualserverroutes + - globalconfigurations + - transportservers + - policies + verbs: + - list + - watch + - get +- apiGroups: + - k8s.nginx.org + resources: + - virtualservers/status + - virtualserverroutes/status + - policies/status + - transportservers/status + verbs: + - update +/-/-/-/ +# Source: nginx-ingress/templates/clusterrolebinding.yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: plus-mgmt-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-2.3.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus-mgmt + app.kubernetes.io/version: "5.2.0" + app.kubernetes.io/managed-by: Helm +subjects: +- kind: ServiceAccount + name: plus-mgmt-nginx-ingress namespace: default +roleRef: + kind: ClusterRole + name: plus-mgmt-nginx-ingress + apiGroup: rbac.authorization.k8s.io +/-/-/-/ +# Source: nginx-ingress/templates/controller-role.yaml +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: plus-mgmt-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-2.3.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus-mgmt + app.kubernetes.io/version: "5.2.0" + app.kubernetes.io/managed-by: Helm + namespace: default +rules: +- apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + - services + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get +- apiGroups: + - "" + resources: + - pods + verbs: + - update +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - list +- apiGroups: + - coordination.k8s.io + resources: + - leases + resourceNames: + - plus-mgmt-nginx-ingress-leader-election + verbs: + - get + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create +/-/-/-/ +# Source: nginx-ingress/templates/controller-rolebinding.yaml +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: plus-mgmt-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-2.3.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus-mgmt + app.kubernetes.io/version: "5.2.0" + app.kubernetes.io/managed-by: Helm + namespace: default +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: plus-mgmt-nginx-ingress +subjects: +- kind: ServiceAccount + name: plus-mgmt-nginx-ingress + namespace: default +/-/-/-/ +# Source: nginx-ingress/templates/controller-service.yaml +apiVersion: v1 +kind: Service +metadata: + name: plus-mgmt-nginx-ingress-controller + namespace: default + labels: + helm.sh/chart: nginx-ingress-2.3.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus-mgmt + app.kubernetes.io/version: "5.2.0" + app.kubernetes.io/managed-by: Helm +spec: + externalTrafficPolicy: Local + type: LoadBalancer + ports: + - port: 80 + targetPort: 80 + protocol: TCP + name: http + nodePort: + - port: 443 + targetPort: 443 + protocol: TCP + name: https + nodePort: + selector: + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus-mgmt +/-/-/-/ +# Source: nginx-ingress/templates/controller-deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: plus-mgmt-nginx-ingress-controller + namespace: default + labels: + helm.sh/chart: nginx-ingress-2.3.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus-mgmt + app.kubernetes.io/version: "5.2.0" + app.kubernetes.io/managed-by: Helm +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus-mgmt + template: + metadata: + labels: + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus-mgmt + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "9113" + prometheus.io/scheme: "http" + spec: + volumes: [] + serviceAccountName: plus-mgmt-nginx-ingress + automountServiceAccountToken: true + securityContext: + seccompProfile: + type: RuntimeDefault + terminationGracePeriodSeconds: 30 + hostNetwork: false + dnsPolicy: ClusterFirst + containers: + - image: nginx/nginx-ingress:5.2.0 + name: nginx-ingress + imagePullPolicy: "IfNotPresent" + ports: + - name: http + containerPort: 80 + protocol: TCP + - name: https + containerPort: 443 + protocol: TCP + - name: prometheus + containerPort: 9113 + - name: readiness-port + containerPort: 8081 + readinessProbe: + httpGet: + path: /nginx-ready + port: readiness-port + periodSeconds: 1 + initialDelaySeconds: 0 + resources: + requests: + cpu: 100m + memory: 128Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: false + runAsUser: 101 #nginx + runAsNonRoot: true + capabilities: + drop: + - ALL + add: + - NET_BIND_SERVICE + volumeMounts: [] + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: PROXY_USER + valueFrom: + secretKeyRef: + name: proxy-credentials + key: username + - name: PROXY_PASS + valueFrom: + secretKeyRef: + name: proxy-credentials + key: password + args: + + - -nginx-plus=true + - -nginx-reload-timeout=60000 + - -enable-app-protect=false + - -enable-app-protect-dos=false + - -nginx-configmaps=$(POD_NAMESPACE)/plus-mgmt-nginx-ingress + - -mgmt-configmap=$(POD_NAMESPACE)/plus-mgmt-nginx-ingress-mgmt + - -ingress-class=nginx + - -health-status=false + - -health-status-uri=/nginx-health + - -nginx-debug=false + - -log-level=info + - -log-format=glog + - -nginx-status=true + - -nginx-status-port=8080 + - -nginx-status-allow-cidrs=127.0.0.1 + - -report-ingress-status + - -external-service=plus-mgmt-nginx-ingress-controller + - -enable-leader-election=true + - -leader-election-lock-name=plus-mgmt-nginx-ingress-leader-election + - -enable-prometheus-metrics=true + - -prometheus-metrics-listen-port=9113 + - -prometheus-tls-secret= + - -enable-service-insight=false + - -service-insight-listen-port=9114 + - -service-insight-tls-secret= + - -enable-custom-resources=true + - -enable-snippets=false + - -disable-ipv6=false + - -enable-tls-passthrough=false + - -enable-cert-manager=false + - -enable-oidc=false + - -enable-external-dns=false + - -default-http-listener-port=80 + - -default-https-listener-port=443 + - -ready-status=true + - -ready-status-port=8081 + - -enable-latency-metrics=false + - -ssl-dynamic-reload=true + - -enable-telemetry-reporting=true + - -weight-changes-dynamic-reload=false +/-/-/-/ +# Source: nginx-ingress/templates/controller-ingress-class.yaml +apiVersion: networking.k8s.io/v1 +kind: IngressClass +metadata: + name: nginx + labels: + helm.sh/chart: nginx-ingress-2.3.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus-mgmt + app.kubernetes.io/version: "5.2.0" + app.kubernetes.io/managed-by: Helm +spec: + controller: nginx.org/ingress-controller +/-/-/-/ +# Source: nginx-ingress/templates/controller-lease.yaml +apiVersion: coordination.k8s.io/v1 +kind: Lease +metadata: + name: plus-mgmt-nginx-ingress-leader-election + namespace: default + labels: + helm.sh/chart: nginx-ingress-2.3.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus-mgmt + app.kubernetes.io/version: "5.2.0" + app.kubernetes.io/managed-by: Helm +--- + +[TestHelmNICTemplate/plus-mgmt-custom-endpoint - 1] +/-/-/-/ +# Source: nginx-ingress/templates/controller-serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: plus-mgmt-custom-endpoint-nginx-ingress + namespace: default + labels: + helm.sh/chart: nginx-ingress-2.3.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus-mgmt-custom-endpoint + app.kubernetes.io/version: "5.2.0" + app.kubernetes.io/managed-by: Helm +/-/-/-/ +# Source: nginx-ingress/templates/controller-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: plus-mgmt-custom-endpoint-nginx-ingress + namespace: default + labels: + helm.sh/chart: nginx-ingress-2.3.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus-mgmt-custom-endpoint + app.kubernetes.io/version: "5.2.0" + app.kubernetes.io/managed-by: Helm +data: + {} +/-/-/-/ +# Source: nginx-ingress/templates/controller-configmap.yaml +/-/-/-/ +apiVersion: v1 +kind: ConfigMap +metadata: + name: plus-mgmt-custom-endpoint-nginx-ingress-mgmt + namespace: default + labels: + helm.sh/chart: nginx-ingress-2.3.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus-mgmt-custom-endpoint + app.kubernetes.io/version: "5.2.0" + app.kubernetes.io/managed-by: Helm +data: + license-token-secret-name: license-token + usage-report-endpoint: "11.22.33.44" +/-/-/-/ +# Source: nginx-ingress/templates/controller-leader-election-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: plus-mgmt-custom-endpoint-nginx-ingress-leader-election + namespace: default + labels: + helm.sh/chart: nginx-ingress-2.3.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus-mgmt-custom-endpoint + app.kubernetes.io/version: "5.2.0" + app.kubernetes.io/managed-by: Helm +/-/-/-/ +# Source: nginx-ingress/templates/clusterrole.yaml +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: plus-mgmt-custom-endpoint-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-2.3.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus-mgmt-custom-endpoint + app.kubernetes.io/version: "5.2.0" + app.kubernetes.io/managed-by: Helm +rules: +- apiGroups: + - "" + resources: + - configmaps + - namespaces + - pods + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - list +- apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - list +- apiGroups: + - "apps" + resources: + - replicasets + - daemonsets + - statefulsets + verbs: + - get +- apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list +- apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - update +- apiGroups: + - k8s.nginx.org + resources: + - virtualservers + - virtualserverroutes + - globalconfigurations + - transportservers + - policies + verbs: + - list + - watch + - get +- apiGroups: + - k8s.nginx.org + resources: + - virtualservers/status + - virtualserverroutes/status + - policies/status + - transportservers/status + verbs: + - update +/-/-/-/ +# Source: nginx-ingress/templates/clusterrolebinding.yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: plus-mgmt-custom-endpoint-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-2.3.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus-mgmt-custom-endpoint + app.kubernetes.io/version: "5.2.0" + app.kubernetes.io/managed-by: Helm +subjects: +- kind: ServiceAccount + name: plus-mgmt-custom-endpoint-nginx-ingress + namespace: default +roleRef: + kind: ClusterRole + name: plus-mgmt-custom-endpoint-nginx-ingress + apiGroup: rbac.authorization.k8s.io +/-/-/-/ +# Source: nginx-ingress/templates/controller-role.yaml +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: plus-mgmt-custom-endpoint-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-2.3.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus-mgmt-custom-endpoint + app.kubernetes.io/version: "5.2.0" + app.kubernetes.io/managed-by: Helm + namespace: default +rules: +- apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + - services + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get +- apiGroups: + - "" + resources: + - pods + verbs: + - update +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - list +- apiGroups: + - coordination.k8s.io + resources: + - leases + resourceNames: + - plus-mgmt-custom-endpoint-nginx-ingress-leader-election + verbs: + - get + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create +/-/-/-/ +# Source: nginx-ingress/templates/controller-rolebinding.yaml +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: plus-mgmt-custom-endpoint-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-2.3.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus-mgmt-custom-endpoint + app.kubernetes.io/version: "5.2.0" + app.kubernetes.io/managed-by: Helm + namespace: default +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: plus-mgmt-custom-endpoint-nginx-ingress +subjects: +- kind: ServiceAccount + name: plus-mgmt-custom-endpoint-nginx-ingress + namespace: default +/-/-/-/ +# Source: nginx-ingress/templates/controller-service.yaml +apiVersion: v1 +kind: Service +metadata: + name: plus-mgmt-custom-endpoint-nginx-ingress-controller + namespace: default + labels: + helm.sh/chart: nginx-ingress-2.3.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus-mgmt-custom-endpoint + app.kubernetes.io/version: "5.2.0" + app.kubernetes.io/managed-by: Helm +spec: + externalTrafficPolicy: Local + type: LoadBalancer + ports: + - port: 80 + targetPort: 80 + protocol: TCP + name: http + nodePort: + - port: 443 + targetPort: 443 + protocol: TCP + name: https + nodePort: + selector: + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus-mgmt-custom-endpoint +/-/-/-/ +# Source: nginx-ingress/templates/controller-deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: plus-mgmt-custom-endpoint-nginx-ingress-controller + namespace: default + labels: + helm.sh/chart: nginx-ingress-2.3.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus-mgmt-custom-endpoint + app.kubernetes.io/version: "5.2.0" + app.kubernetes.io/managed-by: Helm +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus-mgmt-custom-endpoint + template: + metadata: + labels: + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus-mgmt-custom-endpoint + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "9113" + prometheus.io/scheme: "http" + spec: + volumes: [] + serviceAccountName: plus-mgmt-custom-endpoint-nginx-ingress + automountServiceAccountToken: true + securityContext: + seccompProfile: + type: RuntimeDefault + terminationGracePeriodSeconds: 30 + hostNetwork: false + dnsPolicy: ClusterFirst + containers: + - image: nginx/nginx-ingress:5.2.0 + name: nginx-ingress + imagePullPolicy: "IfNotPresent" + ports: + - name: http + containerPort: 80 + protocol: TCP + - name: https + containerPort: 443 + protocol: TCP + - name: prometheus + containerPort: 9113 + - name: readiness-port + containerPort: 8081 + readinessProbe: + httpGet: + path: /nginx-ready + port: readiness-port + periodSeconds: 1 + initialDelaySeconds: 0 + resources: + requests: + cpu: 100m + memory: 128Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: false + runAsUser: 101 #nginx + runAsNonRoot: true + capabilities: + drop: + - ALL + add: + - NET_BIND_SERVICE + volumeMounts: [] + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + args: + + - -nginx-plus=true + - -nginx-reload-timeout=60000 + - -enable-app-protect=false + - -enable-app-protect-dos=false + - -nginx-configmaps=$(POD_NAMESPACE)/plus-mgmt-custom-endpoint-nginx-ingress + - -mgmt-configmap=$(POD_NAMESPACE)/plus-mgmt-custom-endpoint-nginx-ingress-mgmt + - -ingress-class=nginx + - -health-status=false + - -health-status-uri=/nginx-health + - -nginx-debug=false + - -log-level=info + - -log-format=glog + - -nginx-status=true + - -nginx-status-port=8080 + - -nginx-status-allow-cidrs=127.0.0.1 + - -report-ingress-status + - -external-service=plus-mgmt-custom-endpoint-nginx-ingress-controller + - -enable-leader-election=true + - -leader-election-lock-name=plus-mgmt-custom-endpoint-nginx-ingress-leader-election + - -enable-prometheus-metrics=true + - -prometheus-metrics-listen-port=9113 + - -prometheus-tls-secret= + - -enable-service-insight=false + - -service-insight-listen-port=9114 + - -service-insight-tls-secret= + - -enable-custom-resources=true + - -enable-snippets=false + - -disable-ipv6=false + - -enable-tls-passthrough=false + - -enable-cert-manager=false + - -enable-oidc=false + - -enable-external-dns=false + - -default-http-listener-port=80 + - -default-https-listener-port=443 + - -ready-status=true + - -ready-status-port=8081 + - -enable-latency-metrics=false + - -ssl-dynamic-reload=true + - -enable-telemetry-reporting=true + - -weight-changes-dynamic-reload=false +/-/-/-/ +# Source: nginx-ingress/templates/controller-ingress-class.yaml +apiVersion: networking.k8s.io/v1 +kind: IngressClass +metadata: + name: nginx + labels: + helm.sh/chart: nginx-ingress-2.3.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus-mgmt-custom-endpoint + app.kubernetes.io/version: "5.2.0" + app.kubernetes.io/managed-by: Helm +spec: + controller: nginx.org/ingress-controller +/-/-/-/ +# Source: nginx-ingress/templates/controller-lease.yaml +apiVersion: coordination.k8s.io/v1 +kind: Lease +metadata: + name: plus-mgmt-custom-endpoint-nginx-ingress-leader-election + namespace: default + labels: + helm.sh/chart: nginx-ingress-2.3.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus-mgmt-custom-endpoint + app.kubernetes.io/version: "5.2.0" + app.kubernetes.io/managed-by: Helm +--- + +[TestHelmNICTemplate/plus-mgmt-proxy-host - 1] +/-/-/-/ +# Source: nginx-ingress/templates/controller-serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: plus-mgmt-proxy-host-nginx-ingress + namespace: default + labels: + helm.sh/chart: nginx-ingress-2.3.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus-mgmt-proxy-host + app.kubernetes.io/version: "5.2.0" + app.kubernetes.io/managed-by: Helm +/-/-/-/ +# Source: nginx-ingress/templates/controller-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: plus-mgmt-proxy-host-nginx-ingress + namespace: default + labels: + helm.sh/chart: nginx-ingress-2.3.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus-mgmt-proxy-host + app.kubernetes.io/version: "5.2.0" + app.kubernetes.io/managed-by: Helm +data: + {} +/-/-/-/ +# Source: nginx-ingress/templates/controller-configmap.yaml +/-/-/-/ +apiVersion: v1 +kind: ConfigMap +metadata: + name: plus-mgmt-proxy-host-nginx-ingress-mgmt + namespace: default + labels: + helm.sh/chart: nginx-ingress-2.3.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus-mgmt-proxy-host + app.kubernetes.io/version: "5.2.0" + app.kubernetes.io/managed-by: Helm +data: + license-token-secret-name: license-token + usage-report-proxy-host: "44.55.66.77:88" +/-/-/-/ +# Source: nginx-ingress/templates/controller-leader-election-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: plus-mgmt-proxy-host-nginx-ingress-leader-election + namespace: default + labels: + helm.sh/chart: nginx-ingress-2.3.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus-mgmt-proxy-host + app.kubernetes.io/version: "5.2.0" + app.kubernetes.io/managed-by: Helm +/-/-/-/ +# Source: nginx-ingress/templates/clusterrole.yaml +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: plus-mgmt-proxy-host-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-2.3.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus-mgmt-proxy-host + app.kubernetes.io/version: "5.2.0" + app.kubernetes.io/managed-by: Helm +rules: +- apiGroups: + - "" + resources: + - configmaps + - namespaces + - pods + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - list +- apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - list +- apiGroups: + - "apps" + resources: + - replicasets + - daemonsets + - statefulsets + verbs: + - get +- apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list +- apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - update +- apiGroups: + - k8s.nginx.org + resources: + - virtualservers + - virtualserverroutes + - globalconfigurations + - transportservers + - policies + verbs: + - list + - watch + - get +- apiGroups: + - k8s.nginx.org + resources: + - virtualservers/status + - virtualserverroutes/status + - policies/status + - transportservers/status + verbs: + - update +/-/-/-/ +# Source: nginx-ingress/templates/clusterrolebinding.yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: plus-mgmt-proxy-host-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-2.3.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus-mgmt-proxy-host + app.kubernetes.io/version: "5.2.0" + app.kubernetes.io/managed-by: Helm +subjects: +- kind: ServiceAccount + name: plus-mgmt-proxy-host-nginx-ingress + namespace: default +roleRef: + kind: ClusterRole + name: plus-mgmt-proxy-host-nginx-ingress + apiGroup: rbac.authorization.k8s.io +/-/-/-/ +# Source: nginx-ingress/templates/controller-role.yaml +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: plus-mgmt-proxy-host-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-2.3.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus-mgmt-proxy-host + app.kubernetes.io/version: "5.2.0" + app.kubernetes.io/managed-by: Helm + namespace: default +rules: +- apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + - services + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get +- apiGroups: + - "" + resources: + - pods + verbs: + - update +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - list +- apiGroups: + - coordination.k8s.io + resources: + - leases + resourceNames: + - plus-mgmt-proxy-host-nginx-ingress-leader-election + verbs: + - get + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create +/-/-/-/ +# Source: nginx-ingress/templates/controller-rolebinding.yaml +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: plus-mgmt-proxy-host-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-2.3.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus-mgmt-proxy-host + app.kubernetes.io/version: "5.2.0" + app.kubernetes.io/managed-by: Helm + namespace: default +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: plus-mgmt-proxy-host-nginx-ingress +subjects: +- kind: ServiceAccount + name: plus-mgmt-proxy-host-nginx-ingress + namespace: default +/-/-/-/ +# Source: nginx-ingress/templates/controller-service.yaml +apiVersion: v1 +kind: Service +metadata: + name: plus-mgmt-proxy-host-nginx-ingress-controller + namespace: default + labels: + helm.sh/chart: nginx-ingress-2.3.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus-mgmt-proxy-host + app.kubernetes.io/version: "5.2.0" + app.kubernetes.io/managed-by: Helm +spec: + externalTrafficPolicy: Local + type: LoadBalancer + ports: + - port: 80 + targetPort: 80 + protocol: TCP + name: http + nodePort: + - port: 443 + targetPort: 443 + protocol: TCP + name: https + nodePort: + selector: + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus-mgmt-proxy-host +/-/-/-/ +# Source: nginx-ingress/templates/controller-deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: plus-mgmt-proxy-host-nginx-ingress-controller + namespace: default + labels: + helm.sh/chart: nginx-ingress-2.3.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus-mgmt-proxy-host + app.kubernetes.io/version: "5.2.0" + app.kubernetes.io/managed-by: Helm +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus-mgmt-proxy-host + template: + metadata: + labels: + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus-mgmt-proxy-host + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "9113" + prometheus.io/scheme: "http" + spec: + volumes: [] + serviceAccountName: plus-mgmt-proxy-host-nginx-ingress + automountServiceAccountToken: true + securityContext: + seccompProfile: + type: RuntimeDefault + terminationGracePeriodSeconds: 30 + hostNetwork: false + dnsPolicy: ClusterFirst + containers: + - image: nginx/nginx-ingress:5.2.0 + name: nginx-ingress + imagePullPolicy: "IfNotPresent" + ports: + - name: http + containerPort: 80 + protocol: TCP + - name: https + containerPort: 443 + protocol: TCP + - name: prometheus + containerPort: 9113 + - name: readiness-port + containerPort: 8081 + readinessProbe: + httpGet: + path: /nginx-ready + port: readiness-port + periodSeconds: 1 + initialDelaySeconds: 0 + resources: + requests: + cpu: 100m + memory: 128Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: false + runAsUser: 101 #nginx + runAsNonRoot: true + capabilities: + drop: + - ALL + add: + - NET_BIND_SERVICE + volumeMounts: [] + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + args: + + - -nginx-plus=true + - -nginx-reload-timeout=60000 + - -enable-app-protect=false + - -enable-app-protect-dos=false + - -nginx-configmaps=$(POD_NAMESPACE)/plus-mgmt-proxy-host-nginx-ingress + - -mgmt-configmap=$(POD_NAMESPACE)/plus-mgmt-proxy-host-nginx-ingress-mgmt + - -ingress-class=nginx + - -health-status=false + - -health-status-uri=/nginx-health + - -nginx-debug=false + - -log-level=info + - -log-format=glog + - -nginx-status=true + - -nginx-status-port=8080 + - -nginx-status-allow-cidrs=127.0.0.1 + - -report-ingress-status + - -external-service=plus-mgmt-proxy-host-nginx-ingress-controller + - -enable-leader-election=true + - -leader-election-lock-name=plus-mgmt-proxy-host-nginx-ingress-leader-election + - -enable-prometheus-metrics=true + - -prometheus-metrics-listen-port=9113 + - -prometheus-tls-secret= + - -enable-service-insight=false + - -service-insight-listen-port=9114 + - -service-insight-tls-secret= + - -enable-custom-resources=true + - -enable-snippets=false + - -disable-ipv6=false + - -enable-tls-passthrough=false + - -enable-cert-manager=false + - -enable-oidc=false + - -enable-external-dns=false + - -default-http-listener-port=80 + - -default-https-listener-port=443 + - -ready-status=true + - -ready-status-port=8081 + - -enable-latency-metrics=false + - -ssl-dynamic-reload=true + - -enable-telemetry-reporting=true + - -weight-changes-dynamic-reload=false +/-/-/-/ +# Source: nginx-ingress/templates/controller-ingress-class.yaml +apiVersion: networking.k8s.io/v1 +kind: IngressClass +metadata: + name: nginx + labels: + helm.sh/chart: nginx-ingress-2.3.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus-mgmt-proxy-host + app.kubernetes.io/version: "5.2.0" + app.kubernetes.io/managed-by: Helm +spec: + controller: nginx.org/ingress-controller +/-/-/-/ +# Source: nginx-ingress/templates/controller-lease.yaml +apiVersion: coordination.k8s.io/v1 +kind: Lease +metadata: + name: plus-mgmt-proxy-host-nginx-ingress-leader-election + namespace: default + labels: + helm.sh/chart: nginx-ingress-2.3.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus-mgmt-proxy-host + app.kubernetes.io/version: "5.2.0" + app.kubernetes.io/managed-by: Helm +--- + +[TestHelmNICTemplate/plus-mgmt-proxy-host-auth - 1] +/-/-/-/ +# Source: nginx-ingress/templates/controller-serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: plus-mgmt-proxy-host-auth-nginx-ingress + namespace: default + labels: + helm.sh/chart: nginx-ingress-2.3.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus-mgmt-proxy-host-auth + app.kubernetes.io/version: "5.2.0" + app.kubernetes.io/managed-by: Helm +/-/-/-/ +# Source: nginx-ingress/templates/controller-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: plus-mgmt-proxy-host-auth-nginx-ingress + namespace: default + labels: + helm.sh/chart: nginx-ingress-2.3.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus-mgmt-proxy-host-auth + app.kubernetes.io/version: "5.2.0" + app.kubernetes.io/managed-by: Helm +data: + {} +/-/-/-/ +# Source: nginx-ingress/templates/controller-configmap.yaml +/-/-/-/ +apiVersion: v1 +kind: ConfigMap +metadata: + name: plus-mgmt-proxy-host-auth-nginx-ingress-mgmt + namespace: default + labels: + helm.sh/chart: nginx-ingress-2.3.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus-mgmt-proxy-host-auth + app.kubernetes.io/version: "5.2.0" + app.kubernetes.io/managed-by: Helm +data: + license-token-secret-name: license-token + usage-report-proxy-host: "44.55.66.77:88" +/-/-/-/ +# Source: nginx-ingress/templates/controller-leader-election-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: plus-mgmt-proxy-host-auth-nginx-ingress-leader-election + namespace: default + labels: + helm.sh/chart: nginx-ingress-2.3.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus-mgmt-proxy-host-auth + app.kubernetes.io/version: "5.2.0" + app.kubernetes.io/managed-by: Helm +/-/-/-/ +# Source: nginx-ingress/templates/clusterrole.yaml +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: plus-mgmt-proxy-host-auth-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-2.3.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus-mgmt-proxy-host-auth + app.kubernetes.io/version: "5.2.0" + app.kubernetes.io/managed-by: Helm +rules: +- apiGroups: + - "" + resources: + - configmaps + - namespaces + - pods + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - list +- apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - list +- apiGroups: + - "apps" + resources: + - replicasets + - daemonsets + - statefulsets + verbs: + - get +- apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list +- apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - update +- apiGroups: + - k8s.nginx.org + resources: + - virtualservers + - virtualserverroutes + - globalconfigurations + - transportservers + - policies + verbs: + - list + - watch + - get +- apiGroups: + - k8s.nginx.org + resources: + - virtualservers/status + - virtualserverroutes/status + - policies/status + - transportservers/status + verbs: + - update +/-/-/-/ +# Source: nginx-ingress/templates/clusterrolebinding.yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: plus-mgmt-proxy-host-auth-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-2.3.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus-mgmt-proxy-host-auth + app.kubernetes.io/version: "5.2.0" + app.kubernetes.io/managed-by: Helm +subjects: +- kind: ServiceAccount + name: plus-mgmt-proxy-host-auth-nginx-ingress + namespace: default +roleRef: + kind: ClusterRole + name: plus-mgmt-proxy-host-auth-nginx-ingress + apiGroup: rbac.authorization.k8s.io +/-/-/-/ +# Source: nginx-ingress/templates/controller-role.yaml +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: plus-mgmt-proxy-host-auth-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-2.3.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus-mgmt-proxy-host-auth + app.kubernetes.io/version: "5.2.0" + app.kubernetes.io/managed-by: Helm + namespace: default +rules: +- apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + - services + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get +- apiGroups: + - "" + resources: + - pods + verbs: + - update +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - list +- apiGroups: + - coordination.k8s.io + resources: + - leases + resourceNames: + - plus-mgmt-proxy-host-auth-nginx-ingress-leader-election + verbs: + - get + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create +/-/-/-/ +# Source: nginx-ingress/templates/controller-rolebinding.yaml +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: plus-mgmt-proxy-host-auth-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-2.3.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus-mgmt-proxy-host-auth + app.kubernetes.io/version: "5.2.0" + app.kubernetes.io/managed-by: Helm + namespace: default +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: plus-mgmt-proxy-host-auth-nginx-ingress +subjects: +- kind: ServiceAccount + name: plus-mgmt-proxy-host-auth-nginx-ingress + namespace: default +/-/-/-/ +# Source: nginx-ingress/templates/controller-service.yaml +apiVersion: v1 +kind: Service +metadata: + name: plus-mgmt-proxy-host-auth-nginx-ingress-controller + namespace: default + labels: + helm.sh/chart: nginx-ingress-2.3.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus-mgmt-proxy-host-auth + app.kubernetes.io/version: "5.2.0" + app.kubernetes.io/managed-by: Helm +spec: + externalTrafficPolicy: Local + type: LoadBalancer + ports: + - port: 80 + targetPort: 80 + protocol: TCP + name: http + nodePort: + - port: 443 + targetPort: 443 + protocol: TCP + name: https + nodePort: + selector: + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus-mgmt-proxy-host-auth +/-/-/-/ +# Source: nginx-ingress/templates/controller-deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: plus-mgmt-proxy-host-auth-nginx-ingress-controller + namespace: default + labels: + helm.sh/chart: nginx-ingress-2.3.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus-mgmt-proxy-host-auth + app.kubernetes.io/version: "5.2.0" + app.kubernetes.io/managed-by: Helm +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus-mgmt-proxy-host-auth + template: + metadata: + labels: + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus-mgmt-proxy-host-auth + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "9113" + prometheus.io/scheme: "http" + spec: + volumes: [] + serviceAccountName: plus-mgmt-proxy-host-auth-nginx-ingress + automountServiceAccountToken: true + securityContext: + seccompProfile: + type: RuntimeDefault + terminationGracePeriodSeconds: 30 + hostNetwork: false + dnsPolicy: ClusterFirst + containers: + - image: nginx/nginx-ingress:5.2.0 + name: nginx-ingress + imagePullPolicy: "IfNotPresent" + ports: + - name: http + containerPort: 80 + protocol: TCP + - name: https + containerPort: 443 + protocol: TCP + - name: prometheus + containerPort: 9113 + - name: readiness-port + containerPort: 8081 + readinessProbe: + httpGet: + path: /nginx-ready + port: readiness-port + periodSeconds: 1 + initialDelaySeconds: 0 + resources: + requests: + cpu: 100m + memory: 128Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: false + runAsUser: 101 #nginx + runAsNonRoot: true + capabilities: + drop: + - ALL + add: + - NET_BIND_SERVICE + volumeMounts: [] + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: PROXY_USER + valueFrom: + secretKeyRef: + name: custom-credentials + key: username + - name: PROXY_PASS + valueFrom: + secretKeyRef: + name: custom-credentials + key: password + args: + + - -nginx-plus=true + - -nginx-reload-timeout=60000 + - -enable-app-protect=false + - -enable-app-protect-dos=false + - -nginx-configmaps=$(POD_NAMESPACE)/plus-mgmt-proxy-host-auth-nginx-ingress + - -mgmt-configmap=$(POD_NAMESPACE)/plus-mgmt-proxy-host-auth-nginx-ingress-mgmt + - -ingress-class=nginx + - -health-status=false + - -health-status-uri=/nginx-health + - -nginx-debug=false + - -log-level=info + - -log-format=glog + - -nginx-status=true + - -nginx-status-port=8080 + - -nginx-status-allow-cidrs=127.0.0.1 + - -report-ingress-status + - -external-service=plus-mgmt-proxy-host-auth-nginx-ingress-controller + - -enable-leader-election=true + - -leader-election-lock-name=plus-mgmt-proxy-host-auth-nginx-ingress-leader-election + - -enable-prometheus-metrics=true + - -prometheus-metrics-listen-port=9113 + - -prometheus-tls-secret= + - -enable-service-insight=false + - -service-insight-listen-port=9114 + - -service-insight-tls-secret= + - -enable-custom-resources=true + - -enable-snippets=false + - -disable-ipv6=false + - -enable-tls-passthrough=false + - -enable-cert-manager=false + - -enable-oidc=false + - -enable-external-dns=false + - -default-http-listener-port=80 + - -default-https-listener-port=443 + - -ready-status=true + - -ready-status-port=8081 + - -enable-latency-metrics=false + - -ssl-dynamic-reload=true + - -enable-telemetry-reporting=true + - -weight-changes-dynamic-reload=false +/-/-/-/ +# Source: nginx-ingress/templates/controller-ingress-class.yaml +apiVersion: networking.k8s.io/v1 +kind: IngressClass +metadata: + name: nginx + labels: + helm.sh/chart: nginx-ingress-2.3.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus-mgmt-proxy-host-auth + app.kubernetes.io/version: "5.2.0" + app.kubernetes.io/managed-by: Helm +spec: + controller: nginx.org/ingress-controller +/-/-/-/ +# Source: nginx-ingress/templates/controller-lease.yaml +apiVersion: coordination.k8s.io/v1 +kind: Lease +metadata: + name: plus-mgmt-proxy-host-auth-nginx-ingress-leader-election + namespace: default + labels: + helm.sh/chart: nginx-ingress-2.3.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus-mgmt-proxy-host-auth + app.kubernetes.io/version: "5.2.0" + app.kubernetes.io/managed-by: Helm +--- + +[TestHelmNICTemplate/plusAgentV3 - 1] +/-/-/-/ +# Source: nginx-ingress/templates/controller-serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: plus-agent-nginx-ingress + namespace: default + labels: + helm.sh/chart: nginx-ingress-2.3.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus-agent + app.kubernetes.io/version: "5.2.0" + app.kubernetes.io/managed-by: Helm +/-/-/-/ +# Source: nginx-ingress/templates/controller-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: plus-agent-nginx-ingress + namespace: default + labels: + helm.sh/chart: nginx-ingress-2.3.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus-agent + app.kubernetes.io/version: "5.2.0" + app.kubernetes.io/managed-by: Helm +data: + {} +/-/-/-/ +# Source: nginx-ingress/templates/controller-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: plus-agent-nginx-ingress-agent-config + namespace: default + labels: + helm.sh/chart: nginx-ingress-2.3.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus-agent + app.kubernetes.io/version: "5.2.0" + app.kubernetes.io/managed-by: Helm +data: + nginx-agent.conf: |- + + log: + # set log level (error, info, debug; default "info") + level: info + # set log path. if empty, don't log to file. + path: "" + + allowed_directories: + - /etc/nginx + - /usr/lib/nginx/modules + + features: + - certificates + - connection + - metrics + - file-watcher + + ## command server settings + command: + server: + host: agent.connect.nginx.com + port: 443 + auth: + tokenpath: "/etc/nginx-agent/secrets/dataplane.key" + tls: + skip_verify: false +/-/-/-/ +# Source: nginx-ingress/templates/controller-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: plus-agent-nginx-ingress-mgmt + namespace: default + labels: + helm.sh/chart: nginx-ingress-2.3.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus-agent + app.kubernetes.io/version: "5.2.0" + app.kubernetes.io/managed-by: Helm +data: + license-token-secret-name: license-token +/-/-/-/ +# Source: nginx-ingress/templates/controller-leader-election-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: plus-agent-nginx-ingress-leader-election + namespace: default + labels: + helm.sh/chart: nginx-ingress-2.3.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus-agent + app.kubernetes.io/version: "5.2.0" + app.kubernetes.io/managed-by: Helm +/-/-/-/ +# Source: nginx-ingress/templates/clusterrole.yaml +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: plus-agent-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-2.3.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus-agent + app.kubernetes.io/version: "5.2.0" + app.kubernetes.io/managed-by: Helm +rules: +- apiGroups: + - "" + resources: + - configmaps + - namespaces + - pods + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - list +- apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - list +- apiGroups: + - "apps" + resources: + - replicasets + - daemonsets + - statefulsets + verbs: + - get +- apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list +- apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - update +- apiGroups: + - k8s.nginx.org + resources: + - virtualservers + - virtualserverroutes + - globalconfigurations + - transportservers + - policies + verbs: + - list + - watch + - get +- apiGroups: + - k8s.nginx.org + resources: + - virtualservers/status + - virtualserverroutes/status + - policies/status + - transportservers/status + verbs: + - update +/-/-/-/ +# Source: nginx-ingress/templates/clusterrolebinding.yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: plus-agent-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-2.3.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus-agent + app.kubernetes.io/version: "5.2.0" + app.kubernetes.io/managed-by: Helm +subjects: +- kind: ServiceAccount + name: plus-agent-nginx-ingress + namespace: default +roleRef: + kind: ClusterRole + name: plus-agent-nginx-ingress + apiGroup: rbac.authorization.k8s.io +/-/-/-/ +# Source: nginx-ingress/templates/controller-role.yaml +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: plus-agent-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-2.3.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus-agent + app.kubernetes.io/version: "5.2.0" + app.kubernetes.io/managed-by: Helm + namespace: default +rules: +- apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + - services + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get +- apiGroups: + - "" + resources: + - pods + verbs: + - update +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - list +- apiGroups: + - coordination.k8s.io + resources: + - leases + resourceNames: + - plus-agent-nginx-ingress-leader-election + verbs: + - get + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create +/-/-/-/ +# Source: nginx-ingress/templates/controller-rolebinding.yaml +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: plus-agent-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-2.3.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus-agent + app.kubernetes.io/version: "5.2.0" + app.kubernetes.io/managed-by: Helm + namespace: default +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: plus-agent-nginx-ingress +subjects: +- kind: ServiceAccount + name: plus-agent-nginx-ingress + namespace: default +/-/-/-/ +# Source: nginx-ingress/templates/controller-service.yaml +apiVersion: v1 +kind: Service +metadata: + name: plus-agent-nginx-ingress-controller + namespace: default + labels: + helm.sh/chart: nginx-ingress-2.3.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus-agent + app.kubernetes.io/version: "5.2.0" + app.kubernetes.io/managed-by: Helm +spec: + externalTrafficPolicy: Local + type: LoadBalancer + ports: + - port: 80 + targetPort: 80 + protocol: TCP + name: http + nodePort: + - port: 443 + targetPort: 443 + protocol: TCP + name: https + nodePort: + selector: + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus-agent +/-/-/-/ +# Source: nginx-ingress/templates/controller-deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: plus-agent-nginx-ingress-controller + namespace: default + labels: + helm.sh/chart: nginx-ingress-2.3.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus-agent + app.kubernetes.io/version: "5.2.0" + app.kubernetes.io/managed-by: Helm +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus-agent + template: + metadata: + labels: + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus-agent + agent-configuration-revision-hash: "e150cd8a" + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "9113" + prometheus.io/scheme: "http" + spec: + volumes: + + - name: agent-conf + configMap: + name: plus-agent-nginx-ingress-agent-config + - name: dataplane-key + secret: + secretName: dataplane-key + serviceAccountName: plus-agent-nginx-ingress + automountServiceAccountToken: true + securityContext: + seccompProfile: + type: RuntimeDefault + terminationGracePeriodSeconds: 30 + hostNetwork: false + dnsPolicy: ClusterFirst + containers: + - image: nginx/nginx-ingress:5.2.0 + name: nginx-ingress + imagePullPolicy: "IfNotPresent" + ports: + - name: http + containerPort: 80 + protocol: TCP + - name: https + containerPort: 443 + protocol: TCP + - name: prometheus + containerPort: 9113 + - name: readiness-port + containerPort: 8081 + readinessProbe: + httpGet: + path: /nginx-ready + port: readiness-port + periodSeconds: 1 + initialDelaySeconds: 0 + resources: + requests: + cpu: 100m + memory: 128Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: false + runAsUser: 101 #nginx + runAsNonRoot: true + capabilities: + drop: + - ALL + add: + - NET_BIND_SERVICE + volumeMounts: + + - name: agent-conf + mountPath: /etc/nginx-agent/nginx-agent.conf + subPath: nginx-agent.conf + - name: dataplane-key + mountPath: /etc/nginx-agent/secrets + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + args: + + - -nginx-plus=true + - -nginx-reload-timeout=60000 + - -enable-app-protect=false + - -enable-app-protect-dos=false + - -nginx-configmaps=$(POD_NAMESPACE)/plus-agent-nginx-ingress + - -mgmt-configmap=$(POD_NAMESPACE)/plus-agent-nginx-ingress-mgmt + - -ingress-class=nginx + - -health-status=false + - -health-status-uri=/nginx-health + - -nginx-debug=false + - -log-level=info + - -log-format=glog + - -nginx-status=true + - -nginx-status-port=8080 + - -nginx-status-allow-cidrs=127.0.0.1 + - -report-ingress-status + - -external-service=plus-agent-nginx-ingress-controller + - -enable-leader-election=true + - -leader-election-lock-name=plus-agent-nginx-ingress-leader-election + - -enable-prometheus-metrics=true + - -prometheus-metrics-listen-port=9113 + - -prometheus-tls-secret= + - -enable-service-insight=false + - -service-insight-listen-port=9114 + - -service-insight-tls-secret= + - -enable-custom-resources=true + - -enable-snippets=false + - -disable-ipv6=false + - -enable-tls-passthrough=false + - -enable-cert-manager=false + - -enable-oidc=false + - -enable-external-dns=false + - -default-http-listener-port=80 + - -default-https-listener-port=443 + - -ready-status=true + - -ready-status-port=8081 + - -enable-latency-metrics=false + - -ssl-dynamic-reload=true + - -enable-telemetry-reporting=true + - -weight-changes-dynamic-reload=false + - -agent=true +/-/-/-/ +# Source: nginx-ingress/templates/controller-ingress-class.yaml +apiVersion: networking.k8s.io/v1 +kind: IngressClass +metadata: + name: nginx + labels: + helm.sh/chart: nginx-ingress-2.3.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus-agent + app.kubernetes.io/version: "5.2.0" + app.kubernetes.io/managed-by: Helm +spec: + controller: nginx.org/ingress-controller +/-/-/-/ +# Source: nginx-ingress/templates/controller-lease.yaml +apiVersion: coordination.k8s.io/v1 +kind: Lease +metadata: + name: plus-agent-nginx-ingress-leader-election + namespace: default + labels: + helm.sh/chart: nginx-ingress-2.3.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus-agent + app.kubernetes.io/version: "5.2.0" + app.kubernetes.io/managed-by: Helm +--- + +[TestHelmNICTemplate/plusAgentV3All - 1] +/-/-/-/ +# Source: nginx-ingress/templates/controller-serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: plus-agent-all-nginx-ingress + namespace: custom + labels: + helm.sh/chart: nginx-ingress-2.3.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus-agent-all + app.kubernetes.io/version: "5.2.0" + app.kubernetes.io/managed-by: Helm +/-/-/-/ +# Source: nginx-ingress/templates/controller-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: plus-agent-all-nginx-ingress + namespace: custom + labels: + helm.sh/chart: nginx-ingress-2.3.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus-agent-all + app.kubernetes.io/version: "5.2.0" + app.kubernetes.io/managed-by: Helm +data: + {} +/-/-/-/ +# Source: nginx-ingress/templates/controller-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: plus-agent-all-nginx-ingress-agent-config + namespace: custom + labels: + helm.sh/chart: nginx-ingress-2.3.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus-agent-all + app.kubernetes.io/version: "5.2.0" + app.kubernetes.io/managed-by: Helm +data: + nginx-agent.conf: |- + + log: + # set log level (error, info, debug; default "info") + level: debug + # set log path. if empty, don't log to file. + path: "" + + allowed_directories: + - /etc/nginx + - /usr/lib/nginx/modules + + features: + - certificates + - connection + - metrics + - file-watcher + + ## command server settings + command: + server: + host: my-host.example.com + port: 8443 + auth: + tokenpath: "/etc/nginx-agent/secrets/dataplane.key" + tls: + skip_verify: true +/-/-/-/ +# Source: nginx-ingress/templates/controller-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: plus-agent-all-nginx-ingress-mgmt + namespace: custom + labels: + helm.sh/chart: nginx-ingress-2.3.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus-agent-all + app.kubernetes.io/version: "5.2.0" + app.kubernetes.io/managed-by: Helm +data: + license-token-secret-name: license-token +/-/-/-/ +# Source: nginx-ingress/templates/controller-leader-election-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: plus-agent-all-nginx-ingress-leader-election + namespace: custom + labels: + helm.sh/chart: nginx-ingress-2.3.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus-agent-all + app.kubernetes.io/version: "5.2.0" + app.kubernetes.io/managed-by: Helm +/-/-/-/ +# Source: nginx-ingress/templates/clusterrole.yaml +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: plus-agent-all-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-2.3.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus-agent-all + app.kubernetes.io/version: "5.2.0" + app.kubernetes.io/managed-by: Helm +rules: +- apiGroups: + - "" + resources: + - configmaps + - namespaces + - pods + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - list +- apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - list +- apiGroups: + - "apps" + resources: + - replicasets + - daemonsets + - statefulsets + verbs: + - get +- apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list +- apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - update +- apiGroups: + - k8s.nginx.org + resources: + - virtualservers + - virtualserverroutes + - globalconfigurations + - transportservers + - policies + verbs: + - list + - watch + - get +- apiGroups: + - k8s.nginx.org + resources: + - virtualservers/status + - virtualserverroutes/status + - policies/status + - transportservers/status + verbs: + - update +/-/-/-/ +# Source: nginx-ingress/templates/clusterrolebinding.yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: plus-agent-all-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-2.3.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus-agent-all + app.kubernetes.io/version: "5.2.0" + app.kubernetes.io/managed-by: Helm +subjects: +- kind: ServiceAccount + name: plus-agent-all-nginx-ingress + namespace: custom +roleRef: + kind: ClusterRole + name: plus-agent-all-nginx-ingress + apiGroup: rbac.authorization.k8s.io +/-/-/-/ +# Source: nginx-ingress/templates/controller-role.yaml +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: plus-agent-all-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-2.3.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus-agent-all + app.kubernetes.io/version: "5.2.0" + app.kubernetes.io/managed-by: Helm + namespace: custom +rules: +- apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + - services + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get +- apiGroups: + - "" + resources: + - pods + verbs: + - update +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - list +- apiGroups: + - coordination.k8s.io + resources: + - leases + resourceNames: + - plus-agent-all-nginx-ingress-leader-election + verbs: + - get + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create +/-/-/-/ +# Source: nginx-ingress/templates/controller-rolebinding.yaml +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: plus-agent-all-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-2.3.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus-agent-all + app.kubernetes.io/version: "5.2.0" + app.kubernetes.io/managed-by: Helm + namespace: custom +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: plus-agent-all-nginx-ingress +subjects: +- kind: ServiceAccount + name: plus-agent-all-nginx-ingress + namespace: custom +/-/-/-/ +# Source: nginx-ingress/templates/controller-service.yaml +apiVersion: v1 +kind: Service +metadata: + name: plus-agent-all-nginx-ingress-controller + namespace: custom + labels: + helm.sh/chart: nginx-ingress-2.3.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus-agent-all + app.kubernetes.io/version: "5.2.0" + app.kubernetes.io/managed-by: Helm +spec: + externalTrafficPolicy: Local + type: LoadBalancer + ports: + - port: 80 + targetPort: 80 + protocol: TCP + name: http + nodePort: + - port: 443 + targetPort: 443 + protocol: TCP + name: https + nodePort: + selector: + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus-agent-all +/-/-/-/ +# Source: nginx-ingress/templates/controller-deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: plus-agent-all-nginx-ingress-controller + namespace: custom + labels: + helm.sh/chart: nginx-ingress-2.3.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus-agent-all + app.kubernetes.io/version: "5.2.0" + app.kubernetes.io/managed-by: Helm +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus-agent-all + template: + metadata: + labels: + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus-agent-all + agent-configuration-revision-hash: "8c900020" + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "9113" + prometheus.io/scheme: "http" + spec: + volumes: + + - name: agent-conf + configMap: + name: plus-agent-all-nginx-ingress-agent-config + - name: dataplane-key + secret: + secretName: dataplane-key + serviceAccountName: plus-agent-all-nginx-ingress + automountServiceAccountToken: true + securityContext: + seccompProfile: + type: RuntimeDefault + terminationGracePeriodSeconds: 30 + hostNetwork: false + dnsPolicy: ClusterFirst + containers: + - image: nginx/nginx-ingress:5.2.0 + name: nginx-ingress + imagePullPolicy: "IfNotPresent" + ports: + - name: http + containerPort: 80 + protocol: TCP + - name: https + containerPort: 443 + protocol: TCP + - name: prometheus + containerPort: 9113 + - name: readiness-port + containerPort: 8081 + readinessProbe: + httpGet: + path: /nginx-ready + port: readiness-port + periodSeconds: 1 + initialDelaySeconds: 0 + resources: + requests: + cpu: 100m + memory: 128Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: false + runAsUser: 101 #nginx + runAsNonRoot: true + capabilities: + drop: + - ALL + add: + - NET_BIND_SERVICE + volumeMounts: + + - name: agent-conf + mountPath: /etc/nginx-agent/nginx-agent.conf + subPath: nginx-agent.conf + - name: dataplane-key + mountPath: /etc/nginx-agent/secrets + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + args: + + - -nginx-plus=true + - -nginx-reload-timeout=60000 + - -enable-app-protect=false + - -enable-app-protect-dos=false + - -nginx-configmaps=$(POD_NAMESPACE)/plus-agent-all-nginx-ingress + - -mgmt-configmap=$(POD_NAMESPACE)/plus-agent-all-nginx-ingress-mgmt + - -ingress-class=nginx + - -health-status=false + - -health-status-uri=/nginx-health + - -nginx-debug=false + - -log-level=info + - -log-format=glog + - -nginx-status=true + - -nginx-status-port=8080 + - -nginx-status-allow-cidrs=127.0.0.1 + - -report-ingress-status + - -external-service=plus-agent-all-nginx-ingress-controller + - -enable-leader-election=true + - -leader-election-lock-name=plus-agent-all-nginx-ingress-leader-election + - -enable-prometheus-metrics=true + - -prometheus-metrics-listen-port=9113 + - -prometheus-tls-secret= + - -enable-service-insight=false + - -service-insight-listen-port=9114 + - -service-insight-tls-secret= + - -enable-custom-resources=true + - -enable-snippets=false + - -disable-ipv6=false + - -enable-tls-passthrough=false + - -enable-cert-manager=false + - -enable-oidc=false + - -enable-external-dns=false + - -default-http-listener-port=80 + - -default-https-listener-port=443 + - -ready-status=true + - -ready-status-port=8081 + - -enable-latency-metrics=false + - -ssl-dynamic-reload=true + - -enable-telemetry-reporting=true + - -weight-changes-dynamic-reload=false + - -agent=true +/-/-/-/ +# Source: nginx-ingress/templates/controller-ingress-class.yaml +apiVersion: networking.k8s.io/v1 +kind: IngressClass +metadata: + name: nginx + labels: + helm.sh/chart: nginx-ingress-2.3.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus-agent-all + app.kubernetes.io/version: "5.2.0" + app.kubernetes.io/managed-by: Helm +spec: + controller: nginx.org/ingress-controller +/-/-/-/ +# Source: nginx-ingress/templates/controller-lease.yaml +apiVersion: coordination.k8s.io/v1 +kind: Lease +metadata: + name: plus-agent-all-nginx-ingress-leader-election + namespace: custom labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus-mgmt-custom-endpoint + app.kubernetes.io/instance: plus-agent-all app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm --- -[TestHelmNICTemplate/plus-mgmt-proxy-host - 1] +[TestHelmNICTemplate/startupStatusValid - 1] /-/-/-/ # Source: nginx-ingress/templates/controller-serviceaccount.yaml apiVersion: v1 kind: ServiceAccount metadata: - name: plus-mgmt-proxy-host-nginx-ingress + name: startupstatus-nginx-ingress namespace: default labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus-mgmt-proxy-host + app.kubernetes.io/instance: startupstatus app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm /-/-/-/ @@ -8062,44 +10983,27 @@ metadata: apiVersion: v1 kind: ConfigMap metadata: - name: plus-mgmt-proxy-host-nginx-ingress + name: startupstatus-nginx-ingress namespace: default labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus-mgmt-proxy-host + app.kubernetes.io/instance: startupstatus app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm data: {} /-/-/-/ -# Source: nginx-ingress/templates/controller-configmap.yaml -/-/-/-/ -apiVersion: v1 -kind: ConfigMap -metadata: - name: plus-mgmt-proxy-host-nginx-ingress-mgmt - namespace: default - labels: - helm.sh/chart: nginx-ingress-2.3.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus-mgmt-proxy-host - app.kubernetes.io/version: "5.2.0" - app.kubernetes.io/managed-by: Helm -data: - license-token-secret-name: license-token - usage-report-proxy-host: "44.55.66.77:88" -/-/-/-/ # Source: nginx-ingress/templates/controller-leader-election-configmap.yaml apiVersion: v1 kind: ConfigMap metadata: - name: plus-mgmt-proxy-host-nginx-ingress-leader-election + name: startupstatus-nginx-ingress-leader-election namespace: default labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus-mgmt-proxy-host + app.kubernetes.io/instance: startupstatus app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm /-/-/-/ @@ -8107,11 +11011,11 @@ metadata: kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: plus-mgmt-proxy-host-nginx-ingress + name: startupstatus-nginx-ingress labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus-mgmt-proxy-host + app.kubernetes.io/instance: startupstatus app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm rules: @@ -8180,6 +11084,7 @@ rules: resources: - replicasets - daemonsets + - statefulsets verbs: - get - apiGroups: @@ -8221,31 +11126,31 @@ rules: kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: plus-mgmt-proxy-host-nginx-ingress + name: startupstatus-nginx-ingress labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus-mgmt-proxy-host + app.kubernetes.io/instance: startupstatus app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm subjects: - kind: ServiceAccount - name: plus-mgmt-proxy-host-nginx-ingress + name: startupstatus-nginx-ingress namespace: default roleRef: kind: ClusterRole - name: plus-mgmt-proxy-host-nginx-ingress + name: startupstatus-nginx-ingress apiGroup: rbac.authorization.k8s.io /-/-/-/ # Source: nginx-ingress/templates/controller-role.yaml kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: plus-mgmt-proxy-host-nginx-ingress + name: startupstatus-nginx-ingress labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus-mgmt-proxy-host + app.kubernetes.io/instance: startupstatus app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm namespace: default @@ -8286,7 +11191,7 @@ rules: resources: - leases resourceNames: - - plus-mgmt-proxy-host-nginx-ingress-leader-election + - startupstatus-nginx-ingress-leader-election verbs: - get - update @@ -8301,33 +11206,33 @@ rules: kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: plus-mgmt-proxy-host-nginx-ingress + name: startupstatus-nginx-ingress labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus-mgmt-proxy-host + app.kubernetes.io/instance: startupstatus app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm namespace: default roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: plus-mgmt-proxy-host-nginx-ingress + name: startupstatus-nginx-ingress subjects: - kind: ServiceAccount - name: plus-mgmt-proxy-host-nginx-ingress + name: startupstatus-nginx-ingress namespace: default /-/-/-/ # Source: nginx-ingress/templates/controller-service.yaml apiVersion: v1 kind: Service metadata: - name: plus-mgmt-proxy-host-nginx-ingress-controller + name: startupstatus-nginx-ingress-controller namespace: default labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus-mgmt-proxy-host + app.kubernetes.io/instance: startupstatus app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm spec: @@ -8346,18 +11251,18 @@ spec: nodePort: selector: app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus-mgmt-proxy-host + app.kubernetes.io/instance: startupstatus /-/-/-/ # Source: nginx-ingress/templates/controller-deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: - name: plus-mgmt-proxy-host-nginx-ingress-controller + name: startupstatus-nginx-ingress-controller namespace: default labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus-mgmt-proxy-host + app.kubernetes.io/instance: startupstatus app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm spec: @@ -8365,19 +11270,19 @@ spec: selector: matchLabels: app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus-mgmt-proxy-host + app.kubernetes.io/instance: startupstatus template: metadata: labels: app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus-mgmt-proxy-host + app.kubernetes.io/instance: startupstatus annotations: prometheus.io/scrape: "true" prometheus.io/port: "9113" prometheus.io/scheme: "http" spec: volumes: [] - serviceAccountName: plus-mgmt-proxy-host-nginx-ingress + serviceAccountName: startupstatus-nginx-ingress automountServiceAccountToken: true securityContext: seccompProfile: @@ -8400,12 +11305,23 @@ spec: containerPort: 9113 - name: readiness-port containerPort: 8081 + - name: startup-port + containerPort: 9999 readinessProbe: httpGet: path: /nginx-ready port: readiness-port periodSeconds: 1 initialDelaySeconds: 0 + startupProbe: + httpGet: + path: / + port: startup-port + initialDelaySeconds: 7 + periodSeconds: 2 + timeoutSeconds: 3 + successThreshold: 1 + failureThreshold: 5 resources: requests: cpu: 100m @@ -8432,12 +11348,11 @@ spec: fieldPath: metadata.name args: - - -nginx-plus=true + - -nginx-plus=false - -nginx-reload-timeout=60000 - -enable-app-protect=false - -enable-app-protect-dos=false - - -nginx-configmaps=$(POD_NAMESPACE)/plus-mgmt-proxy-host-nginx-ingress - - -mgmt-configmap=$(POD_NAMESPACE)/plus-mgmt-proxy-host-nginx-ingress-mgmt + - -nginx-configmaps=$(POD_NAMESPACE)/startupstatus-nginx-ingress - -ingress-class=nginx - -health-status=false - -health-status-uri=/nginx-health @@ -8448,9 +11363,9 @@ spec: - -nginx-status-port=8080 - -nginx-status-allow-cidrs=127.0.0.1 - -report-ingress-status - - -external-service=plus-mgmt-proxy-host-nginx-ingress-controller + - -external-service=startupstatus-nginx-ingress-controller - -enable-leader-election=true - - -leader-election-lock-name=plus-mgmt-proxy-host-nginx-ingress-leader-election + - -leader-election-lock-name=startupstatus-nginx-ingress-leader-election - -enable-prometheus-metrics=true - -prometheus-metrics-listen-port=9113 - -prometheus-tls-secret= @@ -8481,38 +11396,41 @@ metadata: labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus-mgmt-proxy-host + app.kubernetes.io/instance: startupstatus app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm spec: controller: nginx.org/ingress-controller /-/-/-/ +# Source: nginx-ingress/templates/controller-configmap.yaml +/-/-/-/ +/-/-/-/ # Source: nginx-ingress/templates/controller-lease.yaml apiVersion: coordination.k8s.io/v1 kind: Lease metadata: - name: plus-mgmt-proxy-host-nginx-ingress-leader-election + name: startupstatus-nginx-ingress-leader-election namespace: default labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus-mgmt-proxy-host + app.kubernetes.io/instance: startupstatus app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm --- -[TestHelmNICTemplate/plus-mgmt-proxy-host-auth - 1] +[TestHelmNICTemplate/statefulset - 1] /-/-/-/ # Source: nginx-ingress/templates/controller-serviceaccount.yaml apiVersion: v1 kind: ServiceAccount metadata: - name: plus-mgmt-proxy-host-auth-nginx-ingress + name: statefulset-nginx-ingress namespace: default labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus-mgmt-proxy-host-auth + app.kubernetes.io/instance: statefulset app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm /-/-/-/ @@ -8520,44 +11438,27 @@ metadata: apiVersion: v1 kind: ConfigMap metadata: - name: plus-mgmt-proxy-host-auth-nginx-ingress + name: statefulset-nginx-ingress namespace: default labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus-mgmt-proxy-host-auth + app.kubernetes.io/instance: statefulset app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm data: {} /-/-/-/ -# Source: nginx-ingress/templates/controller-configmap.yaml -/-/-/-/ -apiVersion: v1 -kind: ConfigMap -metadata: - name: plus-mgmt-proxy-host-auth-nginx-ingress-mgmt - namespace: default - labels: - helm.sh/chart: nginx-ingress-2.3.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus-mgmt-proxy-host-auth - app.kubernetes.io/version: "5.2.0" - app.kubernetes.io/managed-by: Helm -data: - license-token-secret-name: license-token - usage-report-proxy-host: "44.55.66.77:88" -/-/-/-/ # Source: nginx-ingress/templates/controller-leader-election-configmap.yaml apiVersion: v1 kind: ConfigMap metadata: - name: plus-mgmt-proxy-host-auth-nginx-ingress-leader-election + name: statefulset-nginx-ingress-leader-election namespace: default labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus-mgmt-proxy-host-auth + app.kubernetes.io/instance: statefulset app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm /-/-/-/ @@ -8565,11 +11466,11 @@ metadata: kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: plus-mgmt-proxy-host-auth-nginx-ingress + name: statefulset-nginx-ingress labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus-mgmt-proxy-host-auth + app.kubernetes.io/instance: statefulset app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm rules: @@ -8638,6 +11539,7 @@ rules: resources: - replicasets - daemonsets + - statefulsets verbs: - get - apiGroups: @@ -8679,31 +11581,31 @@ rules: kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: plus-mgmt-proxy-host-auth-nginx-ingress + name: statefulset-nginx-ingress labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus-mgmt-proxy-host-auth + app.kubernetes.io/instance: statefulset app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm subjects: - kind: ServiceAccount - name: plus-mgmt-proxy-host-auth-nginx-ingress + name: statefulset-nginx-ingress namespace: default roleRef: kind: ClusterRole - name: plus-mgmt-proxy-host-auth-nginx-ingress + name: statefulset-nginx-ingress apiGroup: rbac.authorization.k8s.io /-/-/-/ # Source: nginx-ingress/templates/controller-role.yaml kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: plus-mgmt-proxy-host-auth-nginx-ingress + name: statefulset-nginx-ingress labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus-mgmt-proxy-host-auth + app.kubernetes.io/instance: statefulset app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm namespace: default @@ -8744,7 +11646,7 @@ rules: resources: - leases resourceNames: - - plus-mgmt-proxy-host-auth-nginx-ingress-leader-election + - statefulset-nginx-ingress-leader-election verbs: - get - update @@ -8759,33 +11661,33 @@ rules: kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: plus-mgmt-proxy-host-auth-nginx-ingress + name: statefulset-nginx-ingress labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus-mgmt-proxy-host-auth + app.kubernetes.io/instance: statefulset app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm namespace: default roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: plus-mgmt-proxy-host-auth-nginx-ingress + name: statefulset-nginx-ingress subjects: - kind: ServiceAccount - name: plus-mgmt-proxy-host-auth-nginx-ingress + name: statefulset-nginx-ingress namespace: default /-/-/-/ # Source: nginx-ingress/templates/controller-service.yaml apiVersion: v1 kind: Service metadata: - name: plus-mgmt-proxy-host-auth-nginx-ingress-controller + name: statefulset-nginx-ingress-controller namespace: default labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus-mgmt-proxy-host-auth + app.kubernetes.io/instance: statefulset app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm spec: @@ -8804,38 +11706,39 @@ spec: nodePort: selector: app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus-mgmt-proxy-host-auth + app.kubernetes.io/instance: statefulset /-/-/-/ -# Source: nginx-ingress/templates/controller-deployment.yaml +# Source: nginx-ingress/templates/controller-statefulset.yaml apiVersion: apps/v1 -kind: Deployment +kind: StatefulSet metadata: - name: plus-mgmt-proxy-host-auth-nginx-ingress-controller + name: statefulset-nginx-ingress-controller namespace: default labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus-mgmt-proxy-host-auth + app.kubernetes.io/instance: statefulset app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm spec: replicas: 1 + serviceName: statefulset-nginx-ingress-controller selector: matchLabels: app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus-mgmt-proxy-host-auth + app.kubernetes.io/instance: statefulset template: metadata: labels: app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus-mgmt-proxy-host-auth + app.kubernetes.io/instance: statefulset annotations: prometheus.io/scrape: "true" prometheus.io/port: "9113" prometheus.io/scheme: "http" spec: volumes: [] - serviceAccountName: plus-mgmt-proxy-host-auth-nginx-ingress + serviceAccountName: statefulset-nginx-ingress automountServiceAccountToken: true securityContext: seccompProfile: @@ -8878,7 +11781,10 @@ spec: - ALL add: - NET_BIND_SERVICE - volumeMounts: [] + volumeMounts: + + - mountPath: /var/cache/nginx + name: nginx-cache env: - name: POD_NAMESPACE valueFrom: @@ -8888,24 +11794,13 @@ spec: valueFrom: fieldRef: fieldPath: metadata.name - - name: PROXY_USER - valueFrom: - secretKeyRef: - name: custom-credentials - key: username - - name: PROXY_PASS - valueFrom: - secretKeyRef: - name: custom-credentials - key: password args: - - -nginx-plus=true + - -nginx-plus=false - -nginx-reload-timeout=60000 - -enable-app-protect=false - -enable-app-protect-dos=false - - -nginx-configmaps=$(POD_NAMESPACE)/plus-mgmt-proxy-host-auth-nginx-ingress - - -mgmt-configmap=$(POD_NAMESPACE)/plus-mgmt-proxy-host-auth-nginx-ingress-mgmt + - -nginx-configmaps=$(POD_NAMESPACE)/statefulset-nginx-ingress - -ingress-class=nginx - -health-status=false - -health-status-uri=/nginx-health @@ -8916,9 +11811,9 @@ spec: - -nginx-status-port=8080 - -nginx-status-allow-cidrs=127.0.0.1 - -report-ingress-status - - -external-service=plus-mgmt-proxy-host-auth-nginx-ingress-controller + - -external-service=statefulset-nginx-ingress-controller - -enable-leader-election=true - - -leader-election-lock-name=plus-mgmt-proxy-host-auth-nginx-ingress-leader-election + - -leader-election-lock-name=statefulset-nginx-ingress-leader-election - -enable-prometheus-metrics=true - -prometheus-metrics-listen-port=9113 - -prometheus-tls-secret= @@ -8940,6 +11835,20 @@ spec: - -ssl-dynamic-reload=true - -enable-telemetry-reporting=true - -weight-changes-dynamic-reload=false + + podManagementPolicy: OrderedReady + persistentVolumeClaimRetentionPolicy: + whenDeleted: Retain + whenScaled: Retain + volumeClaimTemplates: + - metadata: + name: nginx-cache + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: "256Mi" /-/-/-/ # Source: nginx-ingress/templates/controller-ingress-class.yaml apiVersion: networking.k8s.io/v1 @@ -8949,38 +11858,41 @@ metadata: labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus-mgmt-proxy-host-auth + app.kubernetes.io/instance: statefulset app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm spec: controller: nginx.org/ingress-controller /-/-/-/ +# Source: nginx-ingress/templates/controller-configmap.yaml +/-/-/-/ +/-/-/-/ # Source: nginx-ingress/templates/controller-lease.yaml apiVersion: coordination.k8s.io/v1 kind: Lease metadata: - name: plus-mgmt-proxy-host-auth-nginx-ingress-leader-election + name: statefulset-nginx-ingress-leader-election namespace: default labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus-mgmt-proxy-host-auth + app.kubernetes.io/instance: statefulset app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm --- -[TestHelmNICTemplate/plusAgentV3 - 1] +[TestHelmNICTemplate/statefulset-config - 1] /-/-/-/ # Source: nginx-ingress/templates/controller-serviceaccount.yaml apiVersion: v1 kind: ServiceAccount metadata: - name: plus-agent-nginx-ingress + name: statefulset-config-nginx-ingress namespace: default labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus-agent + app.kubernetes.io/instance: statefulset-config app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm /-/-/-/ @@ -8988,83 +11900,27 @@ metadata: apiVersion: v1 kind: ConfigMap metadata: - name: plus-agent-nginx-ingress + name: statefulset-config-nginx-ingress namespace: default labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus-agent + app.kubernetes.io/instance: statefulset-config app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm data: {} /-/-/-/ -# Source: nginx-ingress/templates/controller-configmap.yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: plus-agent-nginx-ingress-agent-config - namespace: default - labels: - helm.sh/chart: nginx-ingress-2.3.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus-agent - app.kubernetes.io/version: "5.2.0" - app.kubernetes.io/managed-by: Helm -data: - nginx-agent.conf: |- - - log: - # set log level (error, info, debug; default "info") - level: info - # set log path. if empty, don't log to file. - path: "" - - allowed_directories: - - /etc/nginx - - /usr/lib/nginx/modules - - features: - - certificates - - connection - - metrics - - file-watcher - - ## command server settings - command: - server: - host: agent.connect.nginx.com - port: 443 - auth: - tokenpath: "/etc/nginx-agent/secrets/dataplane.key" - tls: - skip_verify: false -/-/-/-/ -# Source: nginx-ingress/templates/controller-configmap.yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: plus-agent-nginx-ingress-mgmt - namespace: default - labels: - helm.sh/chart: nginx-ingress-2.3.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus-agent - app.kubernetes.io/version: "5.2.0" - app.kubernetes.io/managed-by: Helm -data: - license-token-secret-name: license-token -/-/-/-/ # Source: nginx-ingress/templates/controller-leader-election-configmap.yaml apiVersion: v1 kind: ConfigMap metadata: - name: plus-agent-nginx-ingress-leader-election + name: statefulset-config-nginx-ingress-leader-election namespace: default labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus-agent + app.kubernetes.io/instance: statefulset-config app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm /-/-/-/ @@ -9072,11 +11928,11 @@ metadata: kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: plus-agent-nginx-ingress + name: statefulset-config-nginx-ingress labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus-agent + app.kubernetes.io/instance: statefulset-config app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm rules: @@ -9145,6 +12001,7 @@ rules: resources: - replicasets - daemonsets + - statefulsets verbs: - get - apiGroups: @@ -9186,31 +12043,31 @@ rules: kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: plus-agent-nginx-ingress + name: statefulset-config-nginx-ingress labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus-agent + app.kubernetes.io/instance: statefulset-config app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm subjects: - kind: ServiceAccount - name: plus-agent-nginx-ingress + name: statefulset-config-nginx-ingress namespace: default roleRef: kind: ClusterRole - name: plus-agent-nginx-ingress + name: statefulset-config-nginx-ingress apiGroup: rbac.authorization.k8s.io /-/-/-/ # Source: nginx-ingress/templates/controller-role.yaml kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: plus-agent-nginx-ingress + name: statefulset-config-nginx-ingress labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus-agent + app.kubernetes.io/instance: statefulset-config app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm namespace: default @@ -9251,7 +12108,7 @@ rules: resources: - leases resourceNames: - - plus-agent-nginx-ingress-leader-election + - statefulset-config-nginx-ingress-leader-election verbs: - get - update @@ -9266,33 +12123,33 @@ rules: kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: plus-agent-nginx-ingress + name: statefulset-config-nginx-ingress labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus-agent + app.kubernetes.io/instance: statefulset-config app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm namespace: default roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: plus-agent-nginx-ingress + name: statefulset-config-nginx-ingress subjects: - kind: ServiceAccount - name: plus-agent-nginx-ingress + name: statefulset-config-nginx-ingress namespace: default /-/-/-/ # Source: nginx-ingress/templates/controller-service.yaml apiVersion: v1 kind: Service metadata: - name: plus-agent-nginx-ingress-controller + name: statefulset-config-nginx-ingress-controller namespace: default labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus-agent + app.kubernetes.io/instance: statefulset-config app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm spec: @@ -9311,46 +12168,39 @@ spec: nodePort: selector: app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus-agent + app.kubernetes.io/instance: statefulset-config /-/-/-/ -# Source: nginx-ingress/templates/controller-deployment.yaml +# Source: nginx-ingress/templates/controller-statefulset.yaml apiVersion: apps/v1 -kind: Deployment +kind: StatefulSet metadata: - name: plus-agent-nginx-ingress-controller + name: statefulset-config-nginx-ingress-controller namespace: default labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus-agent + app.kubernetes.io/instance: statefulset-config app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm spec: replicas: 1 + serviceName: statefulset-config-nginx-ingress-controller selector: matchLabels: app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus-agent + app.kubernetes.io/instance: statefulset-config template: metadata: labels: app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus-agent - agent-configuration-revision-hash: "e150cd8a" + app.kubernetes.io/instance: statefulset-config annotations: prometheus.io/scrape: "true" prometheus.io/port: "9113" prometheus.io/scheme: "http" spec: - volumes: - - - name: agent-conf - configMap: - name: plus-agent-nginx-ingress-agent-config - - name: dataplane-key - secret: - secretName: dataplane-key - serviceAccountName: plus-agent-nginx-ingress + volumes: [] + serviceAccountName: statefulset-config-nginx-ingress automountServiceAccountToken: true securityContext: seccompProfile: @@ -9395,11 +12245,8 @@ spec: - NET_BIND_SERVICE volumeMounts: - - name: agent-conf - mountPath: /etc/nginx-agent/nginx-agent.conf - subPath: nginx-agent.conf - - name: dataplane-key - mountPath: /etc/nginx-agent/secrets + - mountPath: /var/cache/nginx + name: nginx-cache env: - name: POD_NAMESPACE valueFrom: @@ -9411,12 +12258,11 @@ spec: fieldPath: metadata.name args: - - -nginx-plus=true + - -nginx-plus=false - -nginx-reload-timeout=60000 - -enable-app-protect=false - -enable-app-protect-dos=false - - -nginx-configmaps=$(POD_NAMESPACE)/plus-agent-nginx-ingress - - -mgmt-configmap=$(POD_NAMESPACE)/plus-agent-nginx-ingress-mgmt + - -nginx-configmaps=$(POD_NAMESPACE)/statefulset-config-nginx-ingress - -ingress-class=nginx - -health-status=false - -health-status-uri=/nginx-health @@ -9427,9 +12273,9 @@ spec: - -nginx-status-port=8080 - -nginx-status-allow-cidrs=127.0.0.1 - -report-ingress-status - - -external-service=plus-agent-nginx-ingress-controller + - -external-service=statefulset-config-nginx-ingress-controller - -enable-leader-election=true - - -leader-election-lock-name=plus-agent-nginx-ingress-leader-election + - -leader-election-lock-name=statefulset-config-nginx-ingress-leader-election - -enable-prometheus-metrics=true - -prometheus-metrics-listen-port=9113 - -prometheus-tls-secret= @@ -9451,7 +12297,21 @@ spec: - -ssl-dynamic-reload=true - -enable-telemetry-reporting=true - -weight-changes-dynamic-reload=false - - -agent=true + + podManagementPolicy: Parallel + persistentVolumeClaimRetentionPolicy: + whenDeleted: Delete + whenScaled: Delete + volumeClaimTemplates: + - metadata: + name: nginx-cache + spec: + accessModes: + - ReadWriteMany + storageClassName: "premium-rwx" + resources: + requests: + storage: "2Gi" /-/-/-/ # Source: nginx-ingress/templates/controller-ingress-class.yaml apiVersion: networking.k8s.io/v1 @@ -9461,38 +12321,41 @@ metadata: labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus-agent + app.kubernetes.io/instance: statefulset-config app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm spec: controller: nginx.org/ingress-controller /-/-/-/ +# Source: nginx-ingress/templates/controller-configmap.yaml +/-/-/-/ +/-/-/-/ # Source: nginx-ingress/templates/controller-lease.yaml apiVersion: coordination.k8s.io/v1 kind: Lease metadata: - name: plus-agent-nginx-ingress-leader-election + name: statefulset-config-nginx-ingress-leader-election namespace: default labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus-agent + app.kubernetes.io/instance: statefulset-config app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm --- -[TestHelmNICTemplate/plusAgentV3All - 1] +[TestHelmNICTemplate/statefulset-no-storageclass - 1] /-/-/-/ # Source: nginx-ingress/templates/controller-serviceaccount.yaml apiVersion: v1 kind: ServiceAccount metadata: - name: plus-agent-all-nginx-ingress - namespace: custom + name: statefulset-no-storageclass-nginx-ingress + namespace: default labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus-agent-all + app.kubernetes.io/instance: statefulset-no-storageclass app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm /-/-/-/ @@ -9500,83 +12363,27 @@ metadata: apiVersion: v1 kind: ConfigMap metadata: - name: plus-agent-all-nginx-ingress - namespace: custom + name: statefulset-no-storageclass-nginx-ingress + namespace: default labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus-agent-all + app.kubernetes.io/instance: statefulset-no-storageclass app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm data: {} /-/-/-/ -# Source: nginx-ingress/templates/controller-configmap.yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: plus-agent-all-nginx-ingress-agent-config - namespace: custom - labels: - helm.sh/chart: nginx-ingress-2.3.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus-agent-all - app.kubernetes.io/version: "5.2.0" - app.kubernetes.io/managed-by: Helm -data: - nginx-agent.conf: |- - - log: - # set log level (error, info, debug; default "info") - level: debug - # set log path. if empty, don't log to file. - path: "" - - allowed_directories: - - /etc/nginx - - /usr/lib/nginx/modules - - features: - - certificates - - connection - - metrics - - file-watcher - - ## command server settings - command: - server: - host: my-host.example.com - port: 8443 - auth: - tokenpath: "/etc/nginx-agent/secrets/dataplane.key" - tls: - skip_verify: true -/-/-/-/ -# Source: nginx-ingress/templates/controller-configmap.yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: plus-agent-all-nginx-ingress-mgmt - namespace: custom - labels: - helm.sh/chart: nginx-ingress-2.3.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus-agent-all - app.kubernetes.io/version: "5.2.0" - app.kubernetes.io/managed-by: Helm -data: - license-token-secret-name: license-token -/-/-/-/ # Source: nginx-ingress/templates/controller-leader-election-configmap.yaml apiVersion: v1 kind: ConfigMap metadata: - name: plus-agent-all-nginx-ingress-leader-election - namespace: custom + name: statefulset-no-storageclass-nginx-ingress-leader-election + namespace: default labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus-agent-all + app.kubernetes.io/instance: statefulset-no-storageclass app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm /-/-/-/ @@ -9584,11 +12391,11 @@ metadata: kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: plus-agent-all-nginx-ingress + name: statefulset-no-storageclass-nginx-ingress labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus-agent-all + app.kubernetes.io/instance: statefulset-no-storageclass app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm rules: @@ -9657,6 +12464,7 @@ rules: resources: - replicasets - daemonsets + - statefulsets verbs: - get - apiGroups: @@ -9698,34 +12506,34 @@ rules: kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: plus-agent-all-nginx-ingress + name: statefulset-no-storageclass-nginx-ingress labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus-agent-all + app.kubernetes.io/instance: statefulset-no-storageclass app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm subjects: - kind: ServiceAccount - name: plus-agent-all-nginx-ingress - namespace: custom + name: statefulset-no-storageclass-nginx-ingress + namespace: default roleRef: kind: ClusterRole - name: plus-agent-all-nginx-ingress + name: statefulset-no-storageclass-nginx-ingress apiGroup: rbac.authorization.k8s.io /-/-/-/ # Source: nginx-ingress/templates/controller-role.yaml kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: plus-agent-all-nginx-ingress + name: statefulset-no-storageclass-nginx-ingress labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus-agent-all + app.kubernetes.io/instance: statefulset-no-storageclass app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm - namespace: custom + namespace: default rules: - apiGroups: - "" @@ -9763,7 +12571,7 @@ rules: resources: - leases resourceNames: - - plus-agent-all-nginx-ingress-leader-election + - statefulset-no-storageclass-nginx-ingress-leader-election verbs: - get - update @@ -9778,33 +12586,33 @@ rules: kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: plus-agent-all-nginx-ingress + name: statefulset-no-storageclass-nginx-ingress labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus-agent-all + app.kubernetes.io/instance: statefulset-no-storageclass app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm - namespace: custom + namespace: default roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: plus-agent-all-nginx-ingress + name: statefulset-no-storageclass-nginx-ingress subjects: - kind: ServiceAccount - name: plus-agent-all-nginx-ingress - namespace: custom + name: statefulset-no-storageclass-nginx-ingress + namespace: default /-/-/-/ # Source: nginx-ingress/templates/controller-service.yaml apiVersion: v1 kind: Service metadata: - name: plus-agent-all-nginx-ingress-controller - namespace: custom + name: statefulset-no-storageclass-nginx-ingress-controller + namespace: default labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus-agent-all + app.kubernetes.io/instance: statefulset-no-storageclass app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm spec: @@ -9823,46 +12631,39 @@ spec: nodePort: selector: app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus-agent-all + app.kubernetes.io/instance: statefulset-no-storageclass /-/-/-/ -# Source: nginx-ingress/templates/controller-deployment.yaml +# Source: nginx-ingress/templates/controller-statefulset.yaml apiVersion: apps/v1 -kind: Deployment +kind: StatefulSet metadata: - name: plus-agent-all-nginx-ingress-controller - namespace: custom + name: statefulset-no-storageclass-nginx-ingress-controller + namespace: default labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus-agent-all + app.kubernetes.io/instance: statefulset-no-storageclass app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm spec: replicas: 1 + serviceName: statefulset-no-storageclass-nginx-ingress-controller selector: matchLabels: app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus-agent-all + app.kubernetes.io/instance: statefulset-no-storageclass template: metadata: labels: app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus-agent-all - agent-configuration-revision-hash: "8c900020" + app.kubernetes.io/instance: statefulset-no-storageclass annotations: prometheus.io/scrape: "true" prometheus.io/port: "9113" prometheus.io/scheme: "http" spec: - volumes: - - - name: agent-conf - configMap: - name: plus-agent-all-nginx-ingress-agent-config - - name: dataplane-key - secret: - secretName: dataplane-key - serviceAccountName: plus-agent-all-nginx-ingress + volumes: [] + serviceAccountName: statefulset-no-storageclass-nginx-ingress automountServiceAccountToken: true securityContext: seccompProfile: @@ -9907,11 +12708,8 @@ spec: - NET_BIND_SERVICE volumeMounts: - - name: agent-conf - mountPath: /etc/nginx-agent/nginx-agent.conf - subPath: nginx-agent.conf - - name: dataplane-key - mountPath: /etc/nginx-agent/secrets + - mountPath: /var/cache/nginx + name: nginx-cache env: - name: POD_NAMESPACE valueFrom: @@ -9923,12 +12721,11 @@ spec: fieldPath: metadata.name args: - - -nginx-plus=true + - -nginx-plus=false - -nginx-reload-timeout=60000 - -enable-app-protect=false - -enable-app-protect-dos=false - - -nginx-configmaps=$(POD_NAMESPACE)/plus-agent-all-nginx-ingress - - -mgmt-configmap=$(POD_NAMESPACE)/plus-agent-all-nginx-ingress-mgmt + - -nginx-configmaps=$(POD_NAMESPACE)/statefulset-no-storageclass-nginx-ingress - -ingress-class=nginx - -health-status=false - -health-status-uri=/nginx-health @@ -9939,9 +12736,9 @@ spec: - -nginx-status-port=8080 - -nginx-status-allow-cidrs=127.0.0.1 - -report-ingress-status - - -external-service=plus-agent-all-nginx-ingress-controller + - -external-service=statefulset-no-storageclass-nginx-ingress-controller - -enable-leader-election=true - - -leader-election-lock-name=plus-agent-all-nginx-ingress-leader-election + - -leader-election-lock-name=statefulset-no-storageclass-nginx-ingress-leader-election - -enable-prometheus-metrics=true - -prometheus-metrics-listen-port=9113 - -prometheus-tls-secret= @@ -9963,7 +12760,20 @@ spec: - -ssl-dynamic-reload=true - -enable-telemetry-reporting=true - -weight-changes-dynamic-reload=false - - -agent=true + + podManagementPolicy: Parallel + persistentVolumeClaimRetentionPolicy: + whenDeleted: Delete + whenScaled: Delete + volumeClaimTemplates: + - metadata: + name: nginx-cache + spec: + accessModes: + - ReadWriteMany + resources: + requests: + storage: "2Gi" /-/-/-/ # Source: nginx-ingress/templates/controller-ingress-class.yaml apiVersion: networking.k8s.io/v1 @@ -9973,38 +12783,41 @@ metadata: labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus-agent-all + app.kubernetes.io/instance: statefulset-no-storageclass app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm spec: controller: nginx.org/ingress-controller /-/-/-/ +# Source: nginx-ingress/templates/controller-configmap.yaml +/-/-/-/ +/-/-/-/ # Source: nginx-ingress/templates/controller-lease.yaml apiVersion: coordination.k8s.io/v1 kind: Lease metadata: - name: plus-agent-all-nginx-ingress-leader-election - namespace: custom + name: statefulset-no-storageclass-nginx-ingress-leader-election + namespace: default labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus-agent-all + app.kubernetes.io/instance: statefulset-no-storageclass app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm --- -[TestHelmNICTemplate/startupStatusValid - 1] +[TestHelmNICTemplate/statefulset-readonly - 1] /-/-/-/ # Source: nginx-ingress/templates/controller-serviceaccount.yaml apiVersion: v1 kind: ServiceAccount metadata: - name: startupstatus-nginx-ingress + name: statefulset-readonly-nginx-ingress namespace: default labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: startupstatus + app.kubernetes.io/instance: statefulset-readonly app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm /-/-/-/ @@ -10012,12 +12825,12 @@ metadata: apiVersion: v1 kind: ConfigMap metadata: - name: startupstatus-nginx-ingress + name: statefulset-readonly-nginx-ingress namespace: default labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: startupstatus + app.kubernetes.io/instance: statefulset-readonly app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm data: @@ -10027,12 +12840,12 @@ data: apiVersion: v1 kind: ConfigMap metadata: - name: startupstatus-nginx-ingress-leader-election + name: statefulset-readonly-nginx-ingress-leader-election namespace: default labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: startupstatus + app.kubernetes.io/instance: statefulset-readonly app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm /-/-/-/ @@ -10040,11 +12853,11 @@ metadata: kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: startupstatus-nginx-ingress + name: statefulset-readonly-nginx-ingress labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: startupstatus + app.kubernetes.io/instance: statefulset-readonly app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm rules: @@ -10113,6 +12926,7 @@ rules: resources: - replicasets - daemonsets + - statefulsets verbs: - get - apiGroups: @@ -10154,31 +12968,31 @@ rules: kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: startupstatus-nginx-ingress + name: statefulset-readonly-nginx-ingress labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: startupstatus + app.kubernetes.io/instance: statefulset-readonly app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm subjects: - kind: ServiceAccount - name: startupstatus-nginx-ingress + name: statefulset-readonly-nginx-ingress namespace: default roleRef: kind: ClusterRole - name: startupstatus-nginx-ingress + name: statefulset-readonly-nginx-ingress apiGroup: rbac.authorization.k8s.io /-/-/-/ # Source: nginx-ingress/templates/controller-role.yaml kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: startupstatus-nginx-ingress + name: statefulset-readonly-nginx-ingress labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: startupstatus + app.kubernetes.io/instance: statefulset-readonly app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm namespace: default @@ -10219,7 +13033,7 @@ rules: resources: - leases resourceNames: - - startupstatus-nginx-ingress-leader-election + - statefulset-readonly-nginx-ingress-leader-election verbs: - get - update @@ -10234,33 +13048,33 @@ rules: kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: startupstatus-nginx-ingress + name: statefulset-readonly-nginx-ingress labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: startupstatus + app.kubernetes.io/instance: statefulset-readonly app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm namespace: default roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: startupstatus-nginx-ingress + name: statefulset-readonly-nginx-ingress subjects: - kind: ServiceAccount - name: startupstatus-nginx-ingress + name: statefulset-readonly-nginx-ingress namespace: default /-/-/-/ # Source: nginx-ingress/templates/controller-service.yaml apiVersion: v1 kind: Service metadata: - name: startupstatus-nginx-ingress-controller + name: statefulset-readonly-nginx-ingress-controller namespace: default labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: startupstatus + app.kubernetes.io/instance: statefulset-readonly app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm spec: @@ -10279,38 +13093,48 @@ spec: nodePort: selector: app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: startupstatus + app.kubernetes.io/instance: statefulset-readonly /-/-/-/ -# Source: nginx-ingress/templates/controller-deployment.yaml +# Source: nginx-ingress/templates/controller-statefulset.yaml apiVersion: apps/v1 -kind: Deployment +kind: StatefulSet metadata: - name: startupstatus-nginx-ingress-controller + name: statefulset-readonly-nginx-ingress-controller namespace: default labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: startupstatus + app.kubernetes.io/instance: statefulset-readonly app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm spec: replicas: 1 + serviceName: statefulset-readonly-nginx-ingress-controller selector: matchLabels: app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: startupstatus + app.kubernetes.io/instance: statefulset-readonly template: metadata: labels: app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: startupstatus + app.kubernetes.io/instance: statefulset-readonly annotations: prometheus.io/scrape: "true" prometheus.io/port: "9113" prometheus.io/scheme: "http" spec: - volumes: [] - serviceAccountName: startupstatus-nginx-ingress + volumes: + + - name: nginx-etc + emptyDir: {} + - name: nginx-lib + emptyDir: {} + - name: nginx-state + emptyDir: {} + - name: nginx-log + emptyDir: {} + serviceAccountName: statefulset-readonly-nginx-ingress automountServiceAccountToken: true securityContext: seccompProfile: @@ -10333,38 +13157,38 @@ spec: containerPort: 9113 - name: readiness-port containerPort: 8081 - - name: startup-port - containerPort: 9999 readinessProbe: httpGet: path: /nginx-ready port: readiness-port periodSeconds: 1 initialDelaySeconds: 0 - startupProbe: - httpGet: - path: / - port: startup-port - initialDelaySeconds: 7 - periodSeconds: 2 - timeoutSeconds: 3 - successThreshold: 1 - failureThreshold: 5 resources: requests: cpu: 100m memory: 128Mi securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: false - runAsUser: 101 #nginx - runAsNonRoot: true + allowPrivilegeEscalation: true capabilities: + add: + - NET_BIND_SERVICE drop: - ALL - add: - - NET_BIND_SERVICE - volumeMounts: [] + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 101 + volumeMounts: + + - mountPath: /etc/nginx + name: nginx-etc + - mountPath: /var/cache/nginx + name: nginx-cache + - mountPath: /var/lib/nginx + name: nginx-lib + - mountPath: /var/lib/nginx/state + name: nginx-state + - mountPath: /var/log/nginx + name: nginx-log env: - name: POD_NAMESPACE valueFrom: @@ -10380,7 +13204,7 @@ spec: - -nginx-reload-timeout=60000 - -enable-app-protect=false - -enable-app-protect-dos=false - - -nginx-configmaps=$(POD_NAMESPACE)/startupstatus-nginx-ingress + - -nginx-configmaps=$(POD_NAMESPACE)/statefulset-readonly-nginx-ingress - -ingress-class=nginx - -health-status=false - -health-status-uri=/nginx-health @@ -10391,9 +13215,9 @@ spec: - -nginx-status-port=8080 - -nginx-status-allow-cidrs=127.0.0.1 - -report-ingress-status - - -external-service=startupstatus-nginx-ingress-controller + - -external-service=statefulset-readonly-nginx-ingress-controller - -enable-leader-election=true - - -leader-election-lock-name=startupstatus-nginx-ingress-leader-election + - -leader-election-lock-name=statefulset-readonly-nginx-ingress-leader-election - -enable-prometheus-metrics=true - -prometheus-metrics-listen-port=9113 - -prometheus-tls-secret= @@ -10415,6 +13239,40 @@ spec: - -ssl-dynamic-reload=true - -enable-telemetry-reporting=true - -weight-changes-dynamic-reload=false + + initContainers: + - name: init-nginx-ingress + image: nginx/nginx-ingress:5.2.0 + imagePullPolicy: "IfNotPresent" + command: ['cp', '-vdR', '/etc/nginx/.', '/mnt/etc'] + resources: + requests: + cpu: 100m + memory: 128Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsUser: 101 #nginx + runAsNonRoot: true + capabilities: + drop: + - ALL + volumeMounts: + - mountPath: /mnt/etc + name: nginx-etc + podManagementPolicy: OrderedReady + persistentVolumeClaimRetentionPolicy: + whenDeleted: Retain + whenScaled: Retain + volumeClaimTemplates: + - metadata: + name: nginx-cache + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: "256Mi" /-/-/-/ # Source: nginx-ingress/templates/controller-ingress-class.yaml apiVersion: networking.k8s.io/v1 @@ -10424,7 +13282,7 @@ metadata: labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: startupstatus + app.kubernetes.io/instance: statefulset-readonly app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm spec: @@ -10437,12 +13295,12 @@ spec: apiVersion: coordination.k8s.io/v1 kind: Lease metadata: - name: startupstatus-nginx-ingress-leader-election + name: statefulset-readonly-nginx-ingress-leader-election namespace: default labels: helm.sh/chart: nginx-ingress-2.3.0 app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: startupstatus + app.kubernetes.io/instance: statefulset-readonly app.kubernetes.io/version: "5.2.0" app.kubernetes.io/managed-by: Helm --- diff --git a/charts/tests/helmunit_test.go b/charts/tests/helmunit_test.go index 489aef2e50..dd459e7820 100644 --- a/charts/tests/helmunit_test.go +++ b/charts/tests/helmunit_test.go @@ -41,6 +41,31 @@ func TestHelmNICTemplate(t *testing.T) { releaseName: "daemonset", namespace: "default", }, + "daemonset-readonly": { + valuesFile: "testdata/daemonset-readonly.yaml", + releaseName: "daemonset-readonly", + namespace: "default", + }, + "statefulset": { + valuesFile: "testdata/statefulset.yaml", + releaseName: "statefulset", + namespace: "default", + }, + "statefulset-readonly": { + valuesFile: "testdata/statefulset-readonly.yaml", + releaseName: "statefulset-readonly", + namespace: "default", + }, + "statefulset-config": { + valuesFile: "testdata/statefulset-config.yaml", + releaseName: "statefulset-config", + namespace: "default", + }, + "statefulset-no-storageclass": { + valuesFile: "testdata/statefulset-no-storageclass.yaml", + releaseName: "statefulset-no-storageclass", + namespace: "default", + }, "namespace": { valuesFile: "", releaseName: "namespace", diff --git a/charts/tests/testdata/daemonset-readonly.yaml b/charts/tests/testdata/daemonset-readonly.yaml new file mode 100644 index 0000000000..08a91a78b0 --- /dev/null +++ b/charts/tests/testdata/daemonset-readonly.yaml @@ -0,0 +1,12 @@ +controller: + kind: daemonset + securityContext: + allowPrivilegeEscalation: true + readOnlyRootFilesystem: true + runAsUser: 101 #nginx + runAsNonRoot: true + capabilities: + drop: + - ALL + add: + - NET_BIND_SERVICE diff --git a/charts/tests/testdata/statefulset-config.yaml b/charts/tests/testdata/statefulset-config.yaml new file mode 100644 index 0000000000..22c7bfc3a6 --- /dev/null +++ b/charts/tests/testdata/statefulset-config.yaml @@ -0,0 +1,12 @@ +controller: + kind: statefulset + statefulset: + podManagementPolicy: "Parallel" + persistentVolumeClaimRetentionPolicy: + whenDeleted: "Delete" + whenScaled: "Delete" + nginxCachePVC: + size: "2Gi" + storageClass: "premium-rwx" + accessModes: + - "ReadWriteMany" diff --git a/charts/tests/testdata/statefulset-no-storageclass.yaml b/charts/tests/testdata/statefulset-no-storageclass.yaml new file mode 100644 index 0000000000..b0d468fb15 --- /dev/null +++ b/charts/tests/testdata/statefulset-no-storageclass.yaml @@ -0,0 +1,13 @@ +controller: + kind: statefulset + statefulset: + podManagementPolicy: "Parallel" + persistentVolumeClaimRetentionPolicy: + whenDeleted: "Delete" + whenScaled: "Delete" + nginxCachePVC: + size: "2Gi" + # storageClass is intentionally omitted to test empty storageClass behavior + # storageClass: "premium-rwx" + accessModes: + - "ReadWriteMany" diff --git a/charts/tests/testdata/statefulset-readonly.yaml b/charts/tests/testdata/statefulset-readonly.yaml new file mode 100644 index 0000000000..efae0a7b6b --- /dev/null +++ b/charts/tests/testdata/statefulset-readonly.yaml @@ -0,0 +1,12 @@ +controller: + kind: statefulset + securityContext: + allowPrivilegeEscalation: true + readOnlyRootFilesystem: true + runAsUser: 101 #nginx + runAsNonRoot: true + capabilities: + drop: + - ALL + add: + - NET_BIND_SERVICE diff --git a/charts/tests/testdata/statefulset.yaml b/charts/tests/testdata/statefulset.yaml new file mode 100644 index 0000000000..67a18475af --- /dev/null +++ b/charts/tests/testdata/statefulset.yaml @@ -0,0 +1,2 @@ +controller: + kind: statefulset diff --git a/cmd/nginx-ingress/main.go b/cmd/nginx-ingress/main.go index 97c827defb..9b039002d2 100644 --- a/cmd/nginx-ingress/main.go +++ b/cmd/nginx-ingress/main.go @@ -1123,7 +1123,11 @@ func createHeadlessService(l *slog.Logger, kubeClient kubernetes.Interface, cont return err } - requiredSelectors := pod.Labels + // Create uniform selector labels across deployment types (ReplicaSet, DaemonSet, StatefulSet) + requiredSelectors, err := k8s.CreateUniformSelectorsFromController(kubeClient, pod) + if err != nil { + return err + } requiredOwnerReferences := []meta_v1.OwnerReference{ { APIVersion: "v1", diff --git a/cmd/nginx-ingress/main_test.go b/cmd/nginx-ingress/main_test.go index 941c5ef48d..c2572d65ac 100644 --- a/cmd/nginx-ingress/main_test.go +++ b/cmd/nginx-ingress/main_test.go @@ -14,6 +14,7 @@ import ( nic_glog "github.com/nginx/kubernetes-ingress/internal/logger/glog" "github.com/nginx/kubernetes-ingress/internal/logger/levels" "github.com/stretchr/testify/assert" + apps_v1 "k8s.io/api/apps/v1" api_v1 "k8s.io/api/core/v1" meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" @@ -146,17 +147,15 @@ func TestCreateHeadlessService(t *testing.T) { configMapNamespace := "default" configMapNamespacedName := fmt.Sprintf("%s/%s", configMapNamespace, configMapName) podName := "test-pod" - podLabels := map[string]string{"app": "my-app", "pod-hash": "12345"} - svcName := "test-hl-service" - pod := &api_v1.Pod{ - ObjectMeta: meta_v1.ObjectMeta{ - Name: podName, - Namespace: controllerNamespace, - Labels: podLabels, - }, + podLabels := map[string]string{ + "app.kubernetes.io/name": "nginx-ingress", + "app.kubernetes.io/instance": "my-release", + "pod-template-hash": "abc123", } + svcName := "test-hl-service" + configMap := &api_v1.ConfigMap{ ObjectMeta: meta_v1.ObjectMeta{ Name: configMapName, @@ -177,22 +176,75 @@ func TestCreateHeadlessService(t *testing.T) { } testCases := []struct { - name string - existingService *api_v1.Service - expectedAction string - expectedSelector map[string]string - expectedOwnerRefs []meta_v1.OwnerReference - initialClientObjects []runtime.Object + name string + ownerKind string + controllerName string + controllerSelectors map[string]string + expectedSelector map[string]string + existingService *api_v1.Service + expectedAction string + expectedOwnerRefs []meta_v1.OwnerReference }{ { - name: "Create service if none found", - expectedAction: "create", - expectedSelector: podLabels, - expectedOwnerRefs: expectedOwnerReferences, - initialClientObjects: []runtime.Object{pod, configMap}, + name: "Create service for ReplicaSet controller", + ownerKind: "ReplicaSet", + controllerName: "nginx-ingress-123", + controllerSelectors: map[string]string{ + "app.kubernetes.io/name": "nginx-ingress", + "app.kubernetes.io/instance": "my-release", + "pod-template-hash": "abc123", + }, + // For ReplicaSet, pod-template-hash should be excluded + expectedSelector: map[string]string{ + "app.kubernetes.io/name": "nginx-ingress", + "app.kubernetes.io/instance": "my-release", + }, + expectedAction: "create", + expectedOwnerRefs: expectedOwnerReferences, + }, + { + name: "Create service for DaemonSet controller", + ownerKind: "DaemonSet", + controllerName: "nginx-ingress-ds", + controllerSelectors: map[string]string{ + "app.kubernetes.io/name": "nginx-ingress", + "app.kubernetes.io/instance": "my-release", + }, + expectedSelector: map[string]string{ + "app.kubernetes.io/name": "nginx-ingress", + "app.kubernetes.io/instance": "my-release", + }, + expectedAction: "create", + expectedOwnerRefs: expectedOwnerReferences, + }, + { + name: "Create service for StatefulSet controller", + ownerKind: "StatefulSet", + controllerName: "nginx-ingress-sts", + controllerSelectors: map[string]string{ + "app.kubernetes.io/name": "nginx-ingress", + "app.kubernetes.io/instance": "my-release", + }, + expectedSelector: map[string]string{ + "app.kubernetes.io/name": "nginx-ingress", + "app.kubernetes.io/instance": "my-release", + }, + expectedAction: "create", + expectedOwnerRefs: expectedOwnerReferences, }, { - name: "Skip update if labels and ownerReferences are the same", + name: "Skip update if selectors match", + ownerKind: "ReplicaSet", + controllerName: "nginx-ingress-123", + controllerSelectors: map[string]string{ + "app.kubernetes.io/name": "nginx-ingress", + "app.kubernetes.io/instance": "my-release", + "pod-template-hash": "abc123", + }, + expectedSelector: map[string]string{ + "app.kubernetes.io/name": "nginx-ingress", + "app.kubernetes.io/instance": "my-release", + }, existingService: &api_v1.Service{ ObjectMeta: meta_v1.ObjectMeta{ Name: svcName, @@ -200,16 +252,28 @@ func TestCreateHeadlessService(t *testing.T) { OwnerReferences: expectedOwnerReferences, }, Spec: api_v1.ServiceSpec{ - Selector: podLabels, + Selector: map[string]string{ + "app.kubernetes.io/name": "nginx-ingress", + "app.kubernetes.io/instance": "my-release", + }, }, }, - expectedAction: "none", - expectedSelector: podLabels, - expectedOwnerRefs: expectedOwnerReferences, - initialClientObjects: []runtime.Object{pod, configMap}, + expectedAction: "none", + expectedOwnerRefs: expectedOwnerReferences, }, { - name: "Update service if labels differ", + name: "Update service if selectors differ", + ownerKind: "ReplicaSet", + controllerName: "nginx-ingress-123", + controllerSelectors: map[string]string{ + "app.kubernetes.io/name": "nginx-ingress", + "app.kubernetes.io/instance": "my-release", + "pod-template-hash": "abc123", + }, + expectedSelector: map[string]string{ + "app.kubernetes.io/name": "nginx-ingress", + "app.kubernetes.io/instance": "my-release", + }, existingService: &api_v1.Service{ ObjectMeta: meta_v1.ObjectMeta{ Name: svcName, @@ -217,57 +281,76 @@ func TestCreateHeadlessService(t *testing.T) { OwnerReferences: expectedOwnerReferences, }, Spec: api_v1.ServiceSpec{ - Selector: map[string]string{"pod-hash": "67890"}, + Selector: map[string]string{"old-label": "true"}, }, }, - expectedAction: "update", - expectedSelector: podLabels, - expectedOwnerRefs: expectedOwnerReferences, - initialClientObjects: []runtime.Object{pod, configMap}, + expectedAction: "update", + expectedOwnerRefs: expectedOwnerReferences, }, - { - name: "Update service if ownerReferences differ", - existingService: &api_v1.Service{ + } + + for _, tc := range testCases { + t.Run(tc.name, func(t *testing.T) { + // Create pod with owner reference to the controller + pod := &api_v1.Pod{ ObjectMeta: meta_v1.ObjectMeta{ - Name: svcName, + Name: podName, Namespace: controllerNamespace, + Labels: podLabels, OwnerReferences: []meta_v1.OwnerReference{ - {Name: "old-owner"}, + { + APIVersion: "apps/v1", + Kind: tc.ownerKind, + Name: tc.controllerName, + UID: types.UID("controller-uid-123"), + Controller: commonhelpers.BoolToPointerBool(true), + }, }, }, - Spec: api_v1.ServiceSpec{ - Selector: podLabels, - }, - }, - expectedAction: "update", - expectedSelector: podLabels, - expectedOwnerRefs: expectedOwnerReferences, - initialClientObjects: []runtime.Object{pod, configMap}, - }, - { - name: "Update service if both labels and ownerReferences differ", - existingService: &api_v1.Service{ - ObjectMeta: meta_v1.ObjectMeta{ - Name: svcName, - Namespace: controllerNamespace, - OwnerReferences: []meta_v1.OwnerReference{ - {Name: "old-owner"}, + } + + // Create the appropriate controller object + var controllerObj runtime.Object + switch tc.ownerKind { + case "ReplicaSet": + controllerObj = &apps_v1.ReplicaSet{ + ObjectMeta: meta_v1.ObjectMeta{ + Name: tc.controllerName, + Namespace: controllerNamespace, }, - }, - Spec: api_v1.ServiceSpec{ - Selector: map[string]string{"old-label": "true"}, - }, - }, - expectedAction: "update", - expectedSelector: podLabels, - expectedOwnerRefs: expectedOwnerReferences, - initialClientObjects: []runtime.Object{pod, configMap}, - }, - } + Spec: apps_v1.ReplicaSetSpec{ + Selector: &meta_v1.LabelSelector{ + MatchLabels: tc.controllerSelectors, + }, + }, + } + case "DaemonSet": + controllerObj = &apps_v1.DaemonSet{ + ObjectMeta: meta_v1.ObjectMeta{ + Name: tc.controllerName, + Namespace: controllerNamespace, + }, + Spec: apps_v1.DaemonSetSpec{ + Selector: &meta_v1.LabelSelector{ + MatchLabels: tc.controllerSelectors, + }, + }, + } + case "StatefulSet": + controllerObj = &apps_v1.StatefulSet{ + ObjectMeta: meta_v1.ObjectMeta{ + Name: tc.controllerName, + Namespace: controllerNamespace, + }, + Spec: apps_v1.StatefulSetSpec{ + Selector: &meta_v1.LabelSelector{ + MatchLabels: tc.controllerSelectors, + }, + }, + } + } - for _, tc := range testCases { - t.Run(tc.name, func(t *testing.T) { - clientObjects := tc.initialClientObjects + clientObjects := []runtime.Object{pod, configMap, controllerObj} if tc.existingService != nil { clientObjects = append(clientObjects, tc.existingService) } diff --git a/deployments/rbac/rbac.yaml b/deployments/rbac/rbac.yaml index ff40856203..f747a3c7cd 100644 --- a/deployments/rbac/rbac.yaml +++ b/deployments/rbac/rbac.yaml @@ -16,6 +16,7 @@ rules: resources: - replicasets - daemonsets + - statefulsets verbs: - get - apiGroups: diff --git a/deployments/stateful-set/nginx-ingress.yaml b/deployments/stateful-set/nginx-ingress.yaml new file mode 100644 index 0000000000..1e91fafcea --- /dev/null +++ b/deployments/stateful-set/nginx-ingress.yaml @@ -0,0 +1,135 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: nginx-ingress + namespace: nginx-ingress +spec: + replicas: 1 + serviceName: nginx-ingress + selector: + matchLabels: + app: nginx-ingress + template: + metadata: + labels: + app: nginx-ingress + app.kubernetes.io/name: nginx-ingress + #annotations: + #prometheus.io/scrape: "true" + #prometheus.io/port: "9113" + #prometheus.io/scheme: http + spec: + serviceAccountName: nginx-ingress + automountServiceAccountToken: true + securityContext: + seccompProfile: + type: RuntimeDefault +# volumes: +# - name: nginx-etc +# emptyDir: {} +# - name: nginx-cache +# emptyDir: {} +# - name: nginx-lib +# emptyDir: {} +# - name: nginx-lib-state +# emptyDir: {} +# - name: nginx-log +# emptyDir: {} + containers: + - image: nginx/nginx-ingress:5.1.1 + imagePullPolicy: IfNotPresent + name: nginx-ingress + ports: + - name: http + containerPort: 80 + - name: https + containerPort: 443 + - name: readiness-port + containerPort: 8081 + - name: prometheus + containerPort: 9113 + readinessProbe: + httpGet: + path: /nginx-ready + port: readiness-port + periodSeconds: 1 + resources: + requests: + cpu: "100m" + memory: "128Mi" + #limits: + # cpu: "1" + # memory: "1Gi" + securityContext: + allowPrivilegeEscalation: false +# readOnlyRootFilesystem: true + runAsUser: 101 #nginx + runAsNonRoot: true + capabilities: + drop: + - ALL + add: + - NET_BIND_SERVICE + volumeMounts: + - mountPath: /var/cache/nginx + name: nginx-cache +# - mountPath: /etc/nginx +# name: nginx-etc +# - mountPath: /var/lib/nginx +# name: nginx-lib +# - mountPath: /var/lib/nginx/state +# name: nginx-lib-state +# - mountPath: /var/log/nginx +# name: nginx-log + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + args: + - -nginx-configmaps=$(POD_NAMESPACE)/nginx-config + - -report-ingress-status + - -external-service=nginx-ingress + #- -default-server-tls-secret=$(POD_NAMESPACE)/default-server-secret + #- -log-level=debug # Enables extensive logging. Useful for troubleshooting. Options include: trace, debug, info, warning, error, fatal + #- -log-format=glog # Sets the log format. Options include: glog, json, text + #- -enable-prometheus-metrics + #- -global-configuration=$(POD_NAMESPACE)/nginx-configuration +# initContainers: +# - image: nginx/nginx-ingress:5.1.1 +# imagePullPolicy: IfNotPresent +# name: init-nginx-ingress +# command: ['cp', '-vdR', '/etc/nginx/.', '/mnt/etc'] +# securityContext: +# allowPrivilegeEscalation: false +# readOnlyRootFilesystem: true +# runAsUser: 101 #nginx +# runAsNonRoot: true +# capabilities: +# drop: +# - ALL +# volumeMounts: +# - mountPath: /mnt/etc +# name: nginx-etc + # StatefulSet-specific configuration + podManagementPolicy: "OrderedReady" + persistentVolumeClaimRetentionPolicy: + whenDeleted: "Retain" + whenScaled: "Retain" + updateStrategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 1 + volumeClaimTemplates: + - metadata: + name: nginx-cache + spec: + accessModes: [ "ReadWriteOnce" ] +# storageClassName: "standard" + resources: + requests: + storage: 256Mi diff --git a/deployments/stateful-set/nginx-plus-ingress.yaml b/deployments/stateful-set/nginx-plus-ingress.yaml new file mode 100644 index 0000000000..fe380ac109 --- /dev/null +++ b/deployments/stateful-set/nginx-plus-ingress.yaml @@ -0,0 +1,144 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: nginx-ingress + namespace: nginx-ingress +spec: + replicas: 1 + serviceName: nginx-ingress + selector: + matchLabels: + app: nginx-ingress + template: + metadata: + labels: + app: nginx-ingress + app.kubernetes.io/name: nginx-ingress + #annotations: + #prometheus.io/scrape: "true" + #prometheus.io/port: "9113" + #prometheus.io/scheme: http + spec: + serviceAccountName: nginx-ingress + automountServiceAccountToken: true + securityContext: + seccompProfile: + type: RuntimeDefault +# volumes: +# - name: nginx-etc +# emptyDir: {} +# - name: nginx-cache +# emptyDir: {} +# - name: nginx-lib +# emptyDir: {} +# - name: nginx-lib-state +# emptyDir: {} +# - name: nginx-log +# emptyDir: {} + containers: + - image: nginx-plus-ingress:5.1.1 + imagePullPolicy: IfNotPresent + name: nginx-plus-ingress + ports: + - name: http + containerPort: 80 + - name: https + containerPort: 443 + - name: readiness-port + containerPort: 8081 + - name: prometheus + containerPort: 9113 + - name: service-insight + containerPort: 9114 + readinessProbe: + httpGet: + path: /nginx-ready + port: readiness-port + periodSeconds: 1 + resources: + requests: + cpu: "100m" + memory: "128Mi" + #limits: + # cpu: "1" + # memory: "1Gi" + securityContext: + allowPrivilegeEscalation: false +# readOnlyRootFilesystem: true + runAsUser: 101 #nginx + runAsNonRoot: true + capabilities: + drop: + - ALL + add: + - NET_BIND_SERVICE + volumeMounts: + - mountPath: /var/cache/nginx + name: nginx-cache +# - mountPath: /etc/nginx +# name: nginx-etc +# - mountPath: /var/lib/nginx +# name: nginx-lib +# - mountPath: /var/lib/nginx/state +# name: nginx-lib-state +# - mountPath: /var/log/nginx +# name: nginx-log + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + args: + - -nginx-plus + - -nginx-configmaps=$(POD_NAMESPACE)/nginx-config + - -mgmt-configmap=$(POD_NAMESPACE)/nginx-config-mgmt + - -report-ingress-status + - -external-service=nginx-ingress + #- -default-server-tls-secret=$(POD_NAMESPACE)/default-server-secret + #- -enable-cert-manager + #- -enable-external-dns + #- -enable-app-protect + #- -enable-app-protect-dos + #- -log-level=debug # Enables extensive logging. Useful for troubleshooting. Options include: trace, debug, info, warning, error, fatal + #- -log-format=glog # Sets the log format. Options include: glog, json, text + #- -enable-prometheus-metrics + #- -enable-service-insight + #- -global-configuration=$(POD_NAMESPACE)/nginx-configuration +# initContainers: +# - image: nginx/nginx-ingress:5.1.1 +# imagePullPolicy: IfNotPresent +# name: init-nginx-ingress +# command: ['cp', '-vdR', '/etc/nginx/.', '/mnt/etc'] +# securityContext: +# allowPrivilegeEscalation: false +# readOnlyRootFilesystem: true +# runAsUser: 101 #nginx +# runAsNonRoot: true +# capabilities: +# drop: +# - ALL +# volumeMounts: +# - mountPath: /mnt/etc +# name: nginx-etc + # StatefulSet-specific configuration + podManagementPolicy: "OrderedReady" + persistentVolumeClaimRetentionPolicy: + whenDeleted: "Retain" + whenScaled: "Retain" + updateStrategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 1 + volumeClaimTemplates: + - metadata: + name: nginx-cache + spec: + accessModes: [ "ReadWriteOnce" ] +# storageClassName: "standard" + resources: + requests: + storage: 256Mi diff --git a/internal/k8s/service.go b/internal/k8s/service.go index 0de6fba26c..8fb0af4d70 100644 --- a/internal/k8s/service.go +++ b/internal/k8s/service.go @@ -144,6 +144,11 @@ func (lbc *LoadBalancerController) syncZoneSyncHeadlessService(svcName string) e return nil } + selectors, err := CreateUniformSelectorsFromController(lbc.client, lbc.metadata.pod) + if err != nil { + return err + } + newSvc := &v1.Service{ ObjectMeta: meta_v1.ObjectMeta{ Name: svcName, @@ -161,12 +166,16 @@ func (lbc *LoadBalancerController) syncZoneSyncHeadlessService(svcName string) e }, Spec: v1.ServiceSpec{ ClusterIP: v1.ClusterIPNone, - Selector: lbc.metadata.pod.Labels, + Selector: selectors, }, } createdSvc, err := lbc.client.CoreV1().Services(lbc.metadata.namespace).Create(context.Background(), newSvc, meta_v1.CreateOptions{}) if err != nil { + if apierrors.IsAlreadyExists(err) { + nl.Infof(lbc.Logger, "headless service already created by another pod: %s/%s", lbc.metadata.namespace, svcName) + return nil + } lbc.recorder.Eventf(lbc.metadata.pod, v1.EventTypeWarning, nl.EventReasonServiceFailedToCreate, "error creating headless service: %v", err) return fmt.Errorf("error creating headless service: %w", err) } diff --git a/internal/k8s/utils.go b/internal/k8s/utils.go index 9d741136c6..a105bb0437 100644 --- a/internal/k8s/utils.go +++ b/internal/k8s/utils.go @@ -17,6 +17,7 @@ limitations under the License. package k8s import ( + "context" "fmt" "reflect" "strings" @@ -25,6 +26,7 @@ import ( v1 "k8s.io/api/core/v1" networking "k8s.io/api/networking/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/labels" "k8s.io/apimachinery/pkg/util/intstr" @@ -170,3 +172,46 @@ func GetK8sVersion(client kubernetes.Interface) (v *version.Version, err error) } return runningVersion, nil } + +// CreateUniformSelectorsFromController creates uniform selector labels by getting them from the actual controller object +func CreateUniformSelectorsFromController(kubeClient kubernetes.Interface, pod *v1.Pod) (map[string]string, error) { + if len(pod.OwnerReferences) == 0 { + return nil, fmt.Errorf("pod has no owner references") + } + + owner := pod.OwnerReferences[0] + + switch strings.ToLower(owner.Kind) { + case "daemonset": + ds, err := kubeClient.AppsV1().DaemonSets(pod.Namespace).Get(context.Background(), owner.Name, meta_v1.GetOptions{}) + if err != nil { + return nil, fmt.Errorf("failed to get DaemonSet %s: %w", owner.Name, err) + } + return ds.Spec.Selector.MatchLabels, nil + + case "statefulset": + sts, err := kubeClient.AppsV1().StatefulSets(pod.Namespace).Get(context.Background(), owner.Name, meta_v1.GetOptions{}) + if err != nil { + return nil, fmt.Errorf("failed to get StatefulSet %s: %w", owner.Name, err) + } + return sts.Spec.Selector.MatchLabels, nil + + case "replicaset": + rs, err := kubeClient.AppsV1().ReplicaSets(pod.Namespace).Get(context.Background(), owner.Name, meta_v1.GetOptions{}) + if err != nil { + return nil, fmt.Errorf("failed to get ReplicaSet %s: %w", owner.Name, err) + } + + // For ReplicaSet, exclude pod-template-hash + selectors := make(map[string]string) + for k, v := range rs.Spec.Selector.MatchLabels { + if k != "pod-template-hash" { + selectors[k] = v + } + } + return selectors, nil + + default: + return nil, fmt.Errorf("unsupported: %s", owner.Kind) + } +} diff --git a/tests/README.md b/tests/README.md index 1683bedf2d..5c657f9f57 100644 --- a/tests/README.md +++ b/tests/README.md @@ -119,7 +119,7 @@ The table below shows various configuration options for the tests. If you use Py | `--context` | `CONTEXT`, not supported by `run-tests-in-kind` target. | The context to use in the kubeconfig file. | `""` | | `--image` | `BUILD_IMAGE` | The Ingress Controller image. | `nginx/nginx-ingress:edge` | | `--image-pull-policy` | `PULL_POLICY` | The pull policy of the Ingress Controller image. | `IfNotPresent` | -| `--deployment-type` | `DEPLOYMENT_TYPE` | The type of the IC deployment: deployment or daemon-set. | `deployment` | +| `--deployment-type` | `DEPLOYMENT_TYPE` | The type of the IC deployment: deployment, daemon-set or stateful-set. | `deployment` | | `--ic-type` | `IC_TYPE` | The type of the Ingress Controller: nginx-ingress or nginx-plus-ingress. | `nginx-ingress` | | `--service` | `SERVICE`, not supported by `run-tests-in-kind` target. | The type of the Ingress Controller service: nodeport or loadbalancer. | `nodeport` | | `--node-ip` | `NODE_IP`, not supported by `run-tests-in-kind` target. | The public IP of a cluster node. Not required if you use the loadbalancer service (see --service argument). | `""` | diff --git a/tests/conftest.py b/tests/conftest.py index cac19fc9ff..51540fae51 100644 --- a/tests/conftest.py +++ b/tests/conftest.py @@ -47,7 +47,7 @@ def pytest_addoption(parser) -> None: "--deployment-type", action="store", default=DEFAULT_DEPLOYMENT_TYPE, - help="The type of the IC deployment: deployment or daemon-set.", + help="The type of the IC deployment: deployment, daemon-set, or stateful-set.", ) parser.addoption( "--ic-type", diff --git a/tests/settings.py b/tests/settings.py index 65b730c1ba..585a7b86aa 100644 --- a/tests/settings.py +++ b/tests/settings.py @@ -16,7 +16,7 @@ DEFAULT_SERVICE = "nodeport" ALLOWED_SERVICE_TYPES = ["nodeport", "loadbalancer"] DEFAULT_DEPLOYMENT_TYPE = "deployment" -ALLOWED_DEPLOYMENT_TYPES = ["deployment", "daemon-set"] +ALLOWED_DEPLOYMENT_TYPES = ["deployment", "daemon-set", "stateful-set"] # Time in seconds to ensure reconfiguration changes in cluster RECONFIGURATION_DELAY = 3 NGINX_API_VERSION = 4 diff --git a/tests/suite/fixtures/fixtures.py b/tests/suite/fixtures/fixtures.py index c22dc10b64..23d6d94ba4 100644 --- a/tests/suite/fixtures/fixtures.py +++ b/tests/suite/fixtures/fixtures.py @@ -241,7 +241,6 @@ def ingress_controller_prerequisites(cli_arguments, kube_apis, request) -> Ingre ] ) config_map_yaml = f"{DEPLOYMENTS}/common/nginx-config.yaml" - mgmt_config_map_yaml = f"{DEPLOYMENTS}/common/plus-mgmt-configmap.yaml" create_configmap_from_yaml(kube_apis.v1, namespace, config_map_yaml) mgmt_config_map_yaml = f"{DEPLOYMENTS}/common/plus-mgmt-configmap.yaml" with open(config_map_yaml) as f: diff --git a/tests/suite/test_zone_sync.py b/tests/suite/test_zone_sync.py index 8c1ef359b7..96bff611b6 100644 --- a/tests/suite/test_zone_sync.py +++ b/tests/suite/test_zone_sync.py @@ -97,6 +97,8 @@ def service_exists(v1, cli_arguments, namespace) -> bool: service_name = f"{DEPLOYMENT_NAME}-replicaset-hl" if deployment_type == "daemon-set": service_name = f"{DEPLOYMENT_NAME}-daemonset-hl" + elif deployment_type == "stateful-set": + service_name = f"{DEPLOYMENT_NAME}-statefulset-hl" try: svc = read_service(v1, service_name, namespace) diff --git a/tests/suite/utils/resources_utils.py b/tests/suite/utils/resources_utils.py index 4ec4072df1..e0cd22bb26 100644 --- a/tests/suite/utils/resources_utils.py +++ b/tests/suite/utils/resources_utils.py @@ -283,6 +283,21 @@ def create_daemon_set(apps_v1_api: AppsV1Api, namespace, body) -> str: return body["metadata"]["name"] +def create_stateful_set(apps_v1_api, namespace, body) -> str: + """ + Create a stateful-set based on a dict. + + :param apps_v1_api: AppsV1Api + :param namespace: namespace name + :param body: dict + :return: str + """ + print("Create a statefulset:") + apps_v1_api.create_namespaced_stateful_set(namespace, body) + print(f"StatefulSet created with name '{body['metadata']['name']}'") + return body["metadata"]["name"] + + class PodNotReadyException(Exception): def __init__(self, message="After several seconds the pods aren't ContainerReady. Exiting!"): self.message = message @@ -1162,6 +1177,25 @@ def delete_daemon_set(apps_v1_api: AppsV1Api, name, namespace) -> None: print(f"Daemon-set was removed with name '{name}'") +def delete_stateful_set(apps_v1_api: AppsV1Api, name, namespace) -> None: + """ + Delete a stateful-set. + + :param apps_v1_api: AppsV1Api + :param name: + :param namespace: + :return: + """ + delete_options = { + "grace_period_seconds": 0, + "propagation_policy": "Foreground", + } + print(f"Delete a statefulset: {name}") + apps_v1_api.delete_namespaced_stateful_set(name, namespace, **delete_options) + ensure_item_removal(apps_v1_api.read_namespaced_stateful_set_status, name, namespace) + print(f"StatefulSet was removed with name '{name}'") + + def wait_before_test(delay=RECONFIGURATION_DELAY) -> None: """ Wait for a time in seconds. @@ -1226,8 +1260,12 @@ def create_ingress_controller(v1: CoreV1Api, apps_v1_api: AppsV1Api, cli_argumen dep["spec"]["template"]["spec"]["containers"][0]["args"].extend(args) if cli_arguments["deployment-type"] == "deployment": name = create_deployment(apps_v1_api, namespace, dep) - else: + elif cli_arguments["deployment-type"] == "daemon-set": name = create_daemon_set(apps_v1_api, namespace, dep) + elif cli_arguments["deployment-type"] == "stateful-set": + name = create_stateful_set(apps_v1_api, namespace, dep) + else: + raise ValueError(f"Unknown deployment-type: {cli_arguments['deployment-type']}") before = time.time() wait_until_all_pods_are_ready(v1, namespace) after = time.time() @@ -1431,8 +1469,12 @@ def create_ingress_controller_wafv5( dep["spec"]["template"]["spec"]["containers"][0]["args"].extend(args) if cli_arguments["deployment-type"] == "deployment": name = create_deployment(apps_v1_api, namespace, dep) - else: + elif cli_arguments["deployment-type"] == "daemon-set": name = create_daemon_set(apps_v1_api, namespace, dep) + elif cli_arguments["deployment-type"] == "stateful-set": + name = create_stateful_set(apps_v1_api, namespace, dep) + else: + raise ValueError(f"Unknown deployment-type: {cli_arguments['deployment-type']}") before = time.time() wait_until_all_pods_are_ready(v1, namespace) after = time.time() @@ -1455,6 +1497,10 @@ def delete_ingress_controller(apps_v1_api: AppsV1Api, name, dep_type, namespace) delete_deployment(apps_v1_api, name, namespace) elif dep_type == "daemon-set": delete_daemon_set(apps_v1_api, name, namespace) + elif dep_type == "stateful-set": + delete_stateful_set(apps_v1_api, name, namespace) + else: + raise ValueError(f"Unknown deployment-type: {dep_type}") def create_dos_arbitrator( @@ -1554,6 +1600,8 @@ def create_items_from_yaml(kube_apis, yaml_manifest, namespace) -> {}: res["Deployment"] = create_deployment(kube_apis.apps_v1_api, namespace, doc) elif doc["kind"] == "DaemonSet": res["DaemonSet"] = create_daemon_set(kube_apis.apps_v1_api, namespace, doc) + elif doc["kind"] == "StatefulSet": + res["StatefulSet"] = create_stateful_set(kube_apis.apps_v1_api, namespace, doc) elif doc["kind"] == "Namespace": res["Namespace"] = create_namespace(kube_apis.v1, doc)