diff --git a/charts/ingress-nginx/README.md b/charts/ingress-nginx/README.md index 64abf33cc4..e65876f643 100644 --- a/charts/ingress-nginx/README.md +++ b/charts/ingress-nginx/README.md @@ -252,6 +252,7 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu | controller.admissionWebhooks.name | string | `"admission"` | | | controller.admissionWebhooks.namespaceSelector | object | `{}` | | | controller.admissionWebhooks.objectSelector | object | `{}` | | +| controller.admissionWebhooks.patch.affinity | object | `{}` | | | controller.admissionWebhooks.patch.enabled | bool | `true` | | | controller.admissionWebhooks.patch.image.digest | string | `"sha256:36d05b4077fb8e3d13663702fa337f124675ba8667cbd949c03a8e8ea6fa4366"` | | | controller.admissionWebhooks.patch.image.image | string | `"ingress-nginx/kube-webhook-certgen"` | | diff --git a/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml b/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml index 176616467c..bac435435d 100644 --- a/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml +++ b/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml @@ -73,6 +73,9 @@ spec: {{- if .Values.controller.admissionWebhooks.patch.tolerations }} tolerations: {{ toYaml .Values.controller.admissionWebhooks.patch.tolerations | nindent 8 }} {{- end }} + {{- if .Values.controller.admissionWebhooks.patch.affinity }} + affinity: {{ toYaml .Values.controller.admissionWebhooks.patch.affinity | nindent 8 }} + {{- end }} {{- if .Values.controller.admissionWebhooks.patch.securityContext }} securityContext: {{ toYaml .Values.controller.admissionWebhooks.patch.securityContext | nindent 8 }} {{- end }} diff --git a/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml b/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml index f7d44a24db..bfdd8fb89b 100644 --- a/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml +++ b/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml @@ -75,6 +75,9 @@ spec: {{- if .Values.controller.admissionWebhooks.patch.tolerations }} tolerations: {{ toYaml .Values.controller.admissionWebhooks.patch.tolerations | nindent 8 }} {{- end }} + {{- if .Values.controller.admissionWebhooks.patch.affinity }} + affinity: {{ toYaml .Values.controller.admissionWebhooks.patch.affinity | nindent 8 }} + {{- end }} {{- if .Values.controller.admissionWebhooks.patch.securityContext }} securityContext: {{ toYaml .Values.controller.admissionWebhooks.patch.securityContext | nindent 8 }} {{- end }} diff --git a/charts/ingress-nginx/values.yaml b/charts/ingress-nginx/values.yaml index 9d309627d8..03c807bf0b 100644 --- a/charts/ingress-nginx/values.yaml +++ b/charts/ingress-nginx/values.yaml @@ -826,6 +826,30 @@ controller: nodeSelector: kubernetes.io/os: linux tolerations: [] + # Affinity for patch webhook + ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + affinity: {} + # # An example of preferred pod anti-affinity, weight is in the range 1-100 + # podAntiAffinity: + # preferredDuringSchedulingIgnoredDuringExecution: + # - weight: 100 + # podAffinityTerm: + # labelSelector: + # matchExpressions: + # - key: app.kubernetes.io/name + # operator: In + # values: + # - '{{ include "ingress-nginx.name" . }}' + # topologyKey: kubernetes.io/hostname + # # An example of required pod nodeAffinity + # nodeAffinity: + # requiredDuringSchedulingIgnoredDuringExecution: + # nodeSelectorTerms: + # - matchExpressions: + # - key: app + # operator: In + # values: + # - nginx # -- Labels to be added to patch job resources labels: {} # -- Security context for secret creation & webhook patch pods