diff --git a/.github/workflows/chart.yaml b/.github/workflows/chart.yaml new file mode 100644 index 0000000000..b99374a90e --- /dev/null +++ b/.github/workflows/chart.yaml @@ -0,0 +1,64 @@ +name: Chart + +on: + push: + branches: + - main + - release-* + paths: + - charts/ingress-nginx/Chart.yaml + + workflow_dispatch: + +permissions: + contents: read + +jobs: + release: + name: Release + runs-on: ubuntu-latest + + permissions: + contents: write + + steps: + - name: Set up Python + uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 + with: + python-version: 3.x + + - name: Set up Helm + uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0 + + - name: Set up Helm Chart Testing + uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1 + + - name: Set up Artifact Hub + run: | + curl --fail --location https://github.com/artifacthub/hub/releases/download/v1.19.0/ah_1.19.0_linux_amd64.tar.gz --output /tmp/ah.tar.gz + echo "0e430493521ce387ca04d79b26646a86f92886dbcceb44985bb71082a9530ca5 /tmp/ah.tar.gz" | shasum --check + sudo tar --extract --file /tmp/ah.tar.gz --directory /usr/local/bin ah + + - name: Set up Git + run: | + git config --global user.name "${GITHUB_ACTOR}" + git config --global user.email "${GITHUB_ACTOR}@users.noreply.github.com" + + - name: Checkout code + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + fetch-depth: 0 + + - name: Lint chart + run: | + ct lint --config .ct.yaml + ah lint --path charts/ingress-nginx + + - name: Release chart + uses: helm/chart-releaser-action@a917fd15b20e8b64b94d9158ad54cd6345335584 # v1.6.0 + env: + CR_TOKEN: ${{ secrets.GITHUB_TOKEN }} + CR_RELEASE_NAME_TEMPLATE: helm-chart-{{ .Version }} + CR_SKIP_EXISTING: true + with: + charts_dir: charts diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 5a8e7a2dad..2dafb7c1da 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -192,112 +192,88 @@ jobs: path: docker.tar.gz retention-days: 5 - helm-lint: - name: Helm chart lint + chart-lint: + name: Chart / Lint runs-on: ubuntu-latest needs: - changes - if: | - (needs.changes.outputs.charts == 'true') || (needs.changes.outputs.baseimage == 'true') || ${{ github.event.workflow_dispatch.run_e2e == 'true' }} + + if: fromJSON(needs.changes.outputs.charts) || fromJSON(needs.changes.outputs.baseimage) || fromJSON(github.event.workflow_dispatch.run_e2e) steps: - - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - name: Set up Python + uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 with: - fetch-depth: 0 + python-version: 3.x - name: Set up Helm uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0 - - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 - with: - python-version: '3.x' - - - name: Set up chart-testing + - name: Set up Helm Chart Testing uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1 - - name: Install Helm Unit Test Plugin + - name: Set up Artifact Hub run: | - helm plugin install https://github.com/helm-unittest/helm-unittest + curl --fail --location https://github.com/artifacthub/hub/releases/download/v1.19.0/ah_1.19.0_linux_amd64.tar.gz --output /tmp/ah.tar.gz + echo "0e430493521ce387ca04d79b26646a86f92886dbcceb44985bb71082a9530ca5 /tmp/ah.tar.gz" | shasum --check + sudo tar --extract --file /tmp/ah.tar.gz --directory /usr/local/bin ah - - name: Run Helm Unit Tests - run: | - helm unittest charts/ingress-nginx -d + - name: Set up Helm Docs + uses: gabe565/setup-helm-docs-action@d5c35bdc9133cfbea3b671acadf50a29029e87c2 # v1.0.4 - - name: Run chart-testing (lint) - run: ct lint --config ./.ct.yaml + - name: Set up Helm Unit Test + run: helm plugin install https://github.com/helm-unittest/helm-unittest - - name: Run helm-docs + - name: Checkout code + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + fetch-depth: 0 + + - name: Lint chart run: | - GOBIN=$PWD GO111MODULE=on go install github.com/norwoodj/helm-docs/cmd/helm-docs@v1.11.0 - ./helm-docs --chart-search-root=${GITHUB_WORKSPACE}/charts - DIFF=$(git diff ${GITHUB_WORKSPACE}/charts/ingress-nginx/README.md) - if [ ! -z "$DIFF" ]; then - echo "Please use helm-docs in your clone, of your fork, of the project, and commit a updated README.md for the chart. https://github.com/kubernetes/ingress-nginx/blob/main/RELEASE.md#d-edit-the-valuesyaml-and-run-helm-docs" - fi - git diff --exit-code - rm -f ./helm-docs - - - name: Run Artifact Hub lint + ct lint --config .ct.yaml + ah lint --path charts/ingress-nginx + + - name: Check docs run: | - wget https://github.com/artifacthub/hub/releases/download/v1.5.0/ah_1.5.0_linux_amd64.tar.gz - echo 'ad0e44c6ea058ab6b85dbf582e88bad9fdbc64ded0d1dd4edbac65133e5c87da *ah_1.5.0_linux_amd64.tar.gz' | shasum -c - tar -xzvf ah_1.5.0_linux_amd64.tar.gz ah - ./ah lint -p charts/ingress-nginx || exit 1 - rm -f ./ah ./ah_1.5.0_linux_amd64.tar.gz - - helm-test: - name: Helm chart testing + helm-docs --chart-search-root charts + git diff --exit-code charts/ingress-nginx/README.md + + - name: Run tests + run: helm unittest charts/ingress-nginx + + chart-test: + name: Chart / Test runs-on: ubuntu-latest needs: - changes - build - - helm-lint - if: | - (needs.changes.outputs.charts == 'true') || (needs.changes.outputs.baseimage == 'true') || ${{ github.event.workflow_dispatch.run_e2e == 'true' }} + - chart-lint + + if: fromJSON(needs.changes.outputs.charts) || fromJSON(needs.changes.outputs.baseimage) || fromJSON(github.event.workflow_dispatch.run_e2e) strategy: matrix: k8s: [v1.26.15, v1.27.13, v1.28.9, v1.29.4, v1.30.0] steps: - - name: Checkout + - name: Checkout code uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - - name: Setup Go - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 - with: - go-version: ${{ needs.build.outputs.golangversion }} - check-latest: true - - - name: cache + - name: Download cache uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: docker.tar.gz - - name: fix permissions - run: | - sudo mkdir -p $HOME/.kube - sudo chmod -R 777 $HOME/.kube - - - name: Create Kubernetes ${{ matrix.k8s }} cluster - id: kind - run: | - kind create cluster --image=kindest/node:${{ matrix.k8s }} - - - name: Load images from cache - run: | - echo "loading docker images..." - gzip -dc docker.tar.gz | docker load + - name: Load cache + run: gzip --decompress --stdout docker.tar.gz | docker load - - name: Test + - name: Run tests env: - KIND_CLUSTER_NAME: kind - SKIP_CLUSTER_CREATION: true + K8S_VERSION: ${{ matrix.k8s }} SKIP_IMAGE_CREATION: true - SKIP_INGRESS_IMAGE_CREATION: true run: | - kind get kubeconfig > $HOME/.kube/kind-config-kind + sudo mkdir -pm 777 "${HOME}/.kube" make kind-e2e-chart-tests kubernetes: diff --git a/.github/workflows/helm.yaml b/.github/workflows/helm.yaml deleted file mode 100644 index f7a68af1aa..0000000000 --- a/.github/workflows/helm.yaml +++ /dev/null @@ -1,88 +0,0 @@ -name: Helm - -on: - push: - branches: - - main - - release-* - - workflow_dispatch: - -permissions: - contents: read - -jobs: - - changes: - runs-on: ubuntu-latest - - permissions: - contents: read # for dorny/paths-filter to fetch a list of changed files - - if: github.repository == 'kubernetes/ingress-nginx' - - outputs: - docs: ${{ steps.filter.outputs.docs }} - charts: ${{ steps.filter.outputs.charts }} - - steps: - - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - - - name: Run Artifact Hub lint - run: | - wget https://github.com/artifacthub/hub/releases/download/v1.5.0/ah_1.5.0_linux_amd64.tar.gz - echo 'ad0e44c6ea058ab6b85dbf582e88bad9fdbc64ded0d1dd4edbac65133e5c87da *ah_1.5.0_linux_amd64.tar.gz' | shasum -c - tar -xzvf ah_1.5.0_linux_amd64.tar.gz ah - ./ah lint -p charts/ingress-nginx || exit 1 - rm -f ./ah ./ah_1.5.0_linux_amd64.tar.gz - - - name: Set up chart-testing - uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1 - - - name: Run chart-testing (lint) - run: ct lint --target-branch ${{ github.ref_name }} --config ./.ct.yaml - - - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 - id: filter - with: - token: ${{ secrets.GITHUB_TOKEN }} - filters: | - charts: - - 'charts/ingress-nginx/Chart.yaml' - - 'charts/ingress-nginx/values.yaml' - - chart: - name: Release Chart - runs-on: ubuntu-latest - - permissions: - contents: write # needed to write releases - - needs: - - changes - - if: ${{ needs.changes.outputs.charts == 'true' }} - - steps: - - name: Checkout master - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - with: - # Fetch entire history. Required for chart-releaser; see https://github.com/helm/chart-releaser-action/issues/13#issuecomment-602063896 - fetch-depth: 0 - ref: ${{ github.ref_name }} - - - name: Setup - shell: bash - run: | - git config --global user.name "$GITHUB_ACTOR" - git config --global user.email "$GITHUB_ACTOR@users.noreply.github.com" - - - name: Helm Chart Releaser - uses: helm/chart-releaser-action@a917fd15b20e8b64b94d9158ad54cd6345335584 # v1.6.0 - env: - CR_SKIP_EXISTING: true - CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" - CR_RELEASE_NAME_TEMPLATE: "helm-chart-{{ .Version }}" - with: - charts_dir: charts diff --git a/.gitignore b/.gitignore index 73108f6274..5eac1a800c 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,3 @@ -helm-docs # OSX ._* .DS_Store diff --git a/MANUAL_RELEASE.md b/MANUAL_RELEASE.md index b1c1fd0683..8a6b10bc11 100644 --- a/MANUAL_RELEASE.md +++ b/MANUAL_RELEASE.md @@ -226,19 +226,18 @@ Promoting the images basically means that images, that were pushed to staging co ``` ### d. Edit the values.yaml and run helm-docs + - [Fields to edit in values.yaml](https://github.com/kubernetes/ingress-nginx/blob/main/charts/ingress-nginx/values.yaml) - tag - digest - - [helm-docs](https://github.com/norwoodj/helm-docs) is a tool that generates the README.md for a helm-chart automatically. In the CI pipeline workflow of github actions (/.github/workflows/ci.yaml), you can see how helm-docs is used. But the CI pipeline is not designed to make commits back into the project. So we need to run helm-docs manually, and check in the resulting autogenerated README.md at the path /charts/ingress-nginx/README.md + - [helm-docs](https://github.com/norwoodj/helm-docs) is a tool that generates the README.md for a Helm chart automatically. In the CI pipeline workflow of GitHub actions (.github/workflows/ci.yaml), you can see how helm-docs is used. The CI pipeline is not designed to make commits back into the project, so we need to run helm-docs manually and commit the resulting generated README.md. You can obtain a recent version of the helm-docs binary here: https://github.com/norwoodj/helm-docs/releases. ``` - GOBIN=$PWD GO111MODULE=on go install github.com/norwoodj/helm-docs/cmd/helm-docs@v1.11.0 - ./helm-docs --chart-search-root=${GITHUB_WORKSPACE}/charts - git diff --exit-code - rm -f ./helm-docs + helm-docs --chart-search-root charts + git diff charts/ingress-nginx/README.md ``` - Watchout for mistakes like leaving the helm-docs executable in your clone workspace or not checking the new README.md manually etc. + Take care of not leaving the helm-docs executable in your clone workspace or not committing the new README.md. ### e. Edit the static manifests diff --git a/charts/ingress-nginx/ci/deamonset-default-values.yaml b/charts/ingress-nginx/ci/admission-webhooks-cert-manager-values.yaml similarity index 79% rename from charts/ingress-nginx/ci/deamonset-default-values.yaml rename to charts/ingress-nginx/ci/admission-webhooks-cert-manager-values.yaml index 82fa23e854..7eafd0c5be 100644 --- a/charts/ingress-nginx/ci/deamonset-default-values.yaml +++ b/charts/ingress-nginx/ci/admission-webhooks-cert-manager-values.yaml @@ -1,10 +1,12 @@ controller: - kind: DaemonSet image: repository: ingress-controller/controller tag: 1.0.0-dev digest: null - admissionWebhooks: - enabled: false + service: type: ClusterIP + + admissionWebhooks: + certManager: + enabled: true diff --git a/charts/ingress-nginx/ci/controller-admission-tls-cert-manager-values.yaml b/charts/ingress-nginx/ci/controller-admission-tls-cert-manager-values.yaml deleted file mode 100644 index a13241cd4c..0000000000 --- a/charts/ingress-nginx/ci/controller-admission-tls-cert-manager-values.yaml +++ /dev/null @@ -1,6 +0,0 @@ -controller: - admissionWebhooks: - certManager: - enabled: true - service: - type: ClusterIP diff --git a/charts/ingress-nginx/ci/controller-configmap-addheaders-values.yaml b/charts/ingress-nginx/ci/controller-configmap-addheaders-values.yaml new file mode 100644 index 0000000000..460a610bac --- /dev/null +++ b/charts/ingress-nginx/ci/controller-configmap-addheaders-values.yaml @@ -0,0 +1,11 @@ +controller: + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + + service: + type: ClusterIP + + addHeaders: + X-Frame-Options: deny diff --git a/charts/ingress-nginx/ci/controller-configmap-proxyheaders-values.yaml b/charts/ingress-nginx/ci/controller-configmap-proxyheaders-values.yaml new file mode 100644 index 0000000000..e23a13c0c6 --- /dev/null +++ b/charts/ingress-nginx/ci/controller-configmap-proxyheaders-values.yaml @@ -0,0 +1,11 @@ +controller: + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + + service: + type: ClusterIP + + proxySetHeaders: + X-Forwarded-Proto: https diff --git a/charts/ingress-nginx/ci/deployment-customconfig-values.yaml b/charts/ingress-nginx/ci/controller-configmap-values.yaml similarity index 70% rename from charts/ingress-nginx/ci/deployment-customconfig-values.yaml rename to charts/ingress-nginx/ci/controller-configmap-values.yaml index 174941848e..a7029895ca 100644 --- a/charts/ingress-nginx/ci/deployment-customconfig-values.yaml +++ b/charts/ingress-nginx/ci/controller-configmap-values.yaml @@ -3,10 +3,9 @@ controller: repository: ingress-controller/controller tag: 1.0.0-dev digest: null - config: - use-proxy-protocol: "true" - allowSnippetAnnotations: false - admissionWebhooks: - enabled: false + service: type: ClusterIP + + config: + use-proxy-protocol: "true" diff --git a/charts/ingress-nginx/ci/controller-custom-ingressclass-flags.yaml b/charts/ingress-nginx/ci/controller-custom-ingressclass-flags.yaml deleted file mode 100644 index b28a2326ee..0000000000 --- a/charts/ingress-nginx/ci/controller-custom-ingressclass-flags.yaml +++ /dev/null @@ -1,7 +0,0 @@ -controller: - watchIngressWithoutClass: true - ingressClassResource: - name: custom-nginx - enabled: true - default: true - controllerValue: "k8s.io/custom-nginx" diff --git a/charts/ingress-nginx/ci/controller-daemonset-extra-modules-values.yaml b/charts/ingress-nginx/ci/controller-daemonset-extra-modules-values.yaml new file mode 100644 index 0000000000..edf12e77ed --- /dev/null +++ b/charts/ingress-nginx/ci/controller-daemonset-extra-modules-values.yaml @@ -0,0 +1,30 @@ +controller: + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + + service: + type: ClusterIP + + kind: DaemonSet + + extraModules: + - name: opentelemetry + image: + registry: registry.k8s.io + image: ingress-nginx/opentelemetry-1.25.3 + tag: v20240813-b933310d + digest: sha256:f7604ac0547ed64d79b98d92133234e66c2c8aade3c1f4809fed5eec1fb7f922 + distroless: true + containerSecurityContext: + runAsNonRoot: true + runAsUser: 65532 + runAsGroup: 65532 + allowPrivilegeEscalation: false + seccompProfile: + type: RuntimeDefault + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true diff --git a/charts/ingress-nginx/ci/deamonset-webhook-values.yaml b/charts/ingress-nginx/ci/controller-daemonset-metrics-values.yaml similarity index 89% rename from charts/ingress-nginx/ci/deamonset-webhook-values.yaml rename to charts/ingress-nginx/ci/controller-daemonset-metrics-values.yaml index 54d364df11..7a98580cd7 100644 --- a/charts/ingress-nginx/ci/deamonset-webhook-values.yaml +++ b/charts/ingress-nginx/ci/controller-daemonset-metrics-values.yaml @@ -1,10 +1,13 @@ controller: - kind: DaemonSet image: repository: ingress-controller/controller tag: 1.0.0-dev digest: null - admissionWebhooks: - enabled: true + service: type: ClusterIP + + kind: DaemonSet + + metrics: + enabled: true diff --git a/charts/ingress-nginx/ci/deployment-opentelemetry-customregistry-values.yaml b/charts/ingress-nginx/ci/controller-daemonset-opentelemetry-values.yaml similarity index 88% rename from charts/ingress-nginx/ci/deployment-opentelemetry-customregistry-values.yaml rename to charts/ingress-nginx/ci/controller-daemonset-opentelemetry-values.yaml index fb3ef44465..179ab2a85a 100644 --- a/charts/ingress-nginx/ci/deployment-opentelemetry-customregistry-values.yaml +++ b/charts/ingress-nginx/ci/controller-daemonset-opentelemetry-values.yaml @@ -3,7 +3,11 @@ controller: repository: ingress-controller/controller tag: 1.0.0-dev digest: null + service: type: ClusterIP + + kind: DaemonSet + opentelemetry: enabled: true diff --git a/charts/ingress-nginx/ci/daemonset-podannotations-values.yaml b/charts/ingress-nginx/ci/controller-daemonset-podannotations-values.yaml similarity index 81% rename from charts/ingress-nginx/ci/daemonset-podannotations-values.yaml rename to charts/ingress-nginx/ci/controller-daemonset-podannotations-values.yaml index 0b55306a10..405992ef30 100644 --- a/charts/ingress-nginx/ci/daemonset-podannotations-values.yaml +++ b/charts/ingress-nginx/ci/controller-daemonset-podannotations-values.yaml @@ -1,17 +1,16 @@ controller: - kind: DaemonSet image: repository: ingress-controller/controller tag: 1.0.0-dev digest: null - admissionWebhooks: - enabled: false - metrics: - enabled: true + service: type: ClusterIP + + kind: DaemonSet + podAnnotations: - prometheus.io/path: /metrics + prometheus.io/scrape: "true" prometheus.io/port: "10254" prometheus.io/scheme: http - prometheus.io/scrape: "true" + prometheus.io/path: /metrics diff --git a/charts/ingress-nginx/ci/deployment-default-values.yaml b/charts/ingress-nginx/ci/controller-daemonset-values.yaml similarity index 78% rename from charts/ingress-nginx/ci/deployment-default-values.yaml rename to charts/ingress-nginx/ci/controller-daemonset-values.yaml index 9f46b4e7e9..d34025c80f 100644 --- a/charts/ingress-nginx/ci/deployment-default-values.yaml +++ b/charts/ingress-nginx/ci/controller-daemonset-values.yaml @@ -1,8 +1,10 @@ -# Left blank to test default values controller: image: repository: ingress-controller/controller tag: 1.0.0-dev digest: null + service: type: ClusterIP + + kind: DaemonSet diff --git a/charts/ingress-nginx/ci/controller-deployment-extra-modules-values.yaml b/charts/ingress-nginx/ci/controller-deployment-extra-modules-values.yaml new file mode 100644 index 0000000000..d4083cc375 --- /dev/null +++ b/charts/ingress-nginx/ci/controller-deployment-extra-modules-values.yaml @@ -0,0 +1,30 @@ +controller: + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + + service: + type: ClusterIP + + kind: Deployment + + extraModules: + - name: opentelemetry + image: + registry: registry.k8s.io + image: ingress-nginx/opentelemetry-1.25.3 + tag: v20240813-b933310d + digest: sha256:f7604ac0547ed64d79b98d92133234e66c2c8aade3c1f4809fed5eec1fb7f922 + distroless: true + containerSecurityContext: + runAsNonRoot: true + runAsUser: 65532 + runAsGroup: 65532 + allowPrivilegeEscalation: false + seccompProfile: + type: RuntimeDefault + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true diff --git a/charts/ingress-nginx/ci/deployment-webhook-values.yaml b/charts/ingress-nginx/ci/controller-deployment-metrics-values.yaml similarity index 82% rename from charts/ingress-nginx/ci/deployment-webhook-values.yaml rename to charts/ingress-nginx/ci/controller-deployment-metrics-values.yaml index 76669a5300..9c95d347c4 100644 --- a/charts/ingress-nginx/ci/deployment-webhook-values.yaml +++ b/charts/ingress-nginx/ci/controller-deployment-metrics-values.yaml @@ -3,7 +3,11 @@ controller: repository: ingress-controller/controller tag: 1.0.0-dev digest: null - admissionWebhooks: - enabled: true + service: type: ClusterIP + + kind: Deployment + + metrics: + enabled: true diff --git a/charts/ingress-nginx/ci/deployment-metrics-values.yaml b/charts/ingress-nginx/ci/controller-deployment-opentelemetry-values.yaml similarity index 74% rename from charts/ingress-nginx/ci/deployment-metrics-values.yaml rename to charts/ingress-nginx/ci/controller-deployment-opentelemetry-values.yaml index 9209ad5a6f..9443ddefcc 100644 --- a/charts/ingress-nginx/ci/deployment-metrics-values.yaml +++ b/charts/ingress-nginx/ci/controller-deployment-opentelemetry-values.yaml @@ -3,9 +3,11 @@ controller: repository: ingress-controller/controller tag: 1.0.0-dev digest: null - admissionWebhooks: - enabled: false - metrics: - enabled: true + service: type: ClusterIP + + kind: Deployment + + opentelemetry: + enabled: true diff --git a/charts/ingress-nginx/ci/deployment-podannotations-values.yaml b/charts/ingress-nginx/ci/controller-deployment-podannotations-values.yaml similarity index 80% rename from charts/ingress-nginx/ci/deployment-podannotations-values.yaml rename to charts/ingress-nginx/ci/controller-deployment-podannotations-values.yaml index b48d93c46a..cf1f2611e6 100644 --- a/charts/ingress-nginx/ci/deployment-podannotations-values.yaml +++ b/charts/ingress-nginx/ci/controller-deployment-podannotations-values.yaml @@ -3,14 +3,14 @@ controller: repository: ingress-controller/controller tag: 1.0.0-dev digest: null - admissionWebhooks: - enabled: false - metrics: - enabled: true + service: type: ClusterIP + + kind: Deployment + podAnnotations: - prometheus.io/path: /metrics + prometheus.io/scrape: "true" prometheus.io/port: "10254" prometheus.io/scheme: http - prometheus.io/scrape: "true" + prometheus.io/path: /metrics diff --git a/charts/ingress-nginx/ci/controller-deployment-values.yaml b/charts/ingress-nginx/ci/controller-deployment-values.yaml new file mode 100644 index 0000000000..1b092dc0c1 --- /dev/null +++ b/charts/ingress-nginx/ci/controller-deployment-values.yaml @@ -0,0 +1,10 @@ +controller: + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + + service: + type: ClusterIP + + kind: Deployment diff --git a/charts/ingress-nginx/ci/deployment-autoscaling-behavior-values.yaml b/charts/ingress-nginx/ci/controller-hpa-values.yaml similarity index 71% rename from charts/ingress-nginx/ci/deployment-autoscaling-behavior-values.yaml rename to charts/ingress-nginx/ci/controller-hpa-values.yaml index dca3f35f83..54a0d2f75a 100644 --- a/charts/ingress-nginx/ci/deployment-autoscaling-behavior-values.yaml +++ b/charts/ingress-nginx/ci/controller-hpa-values.yaml @@ -1,4 +1,12 @@ controller: + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + + service: + type: ClusterIP + autoscaling: enabled: true behavior: @@ -8,7 +16,3 @@ controller: - type: Pods value: 1 periodSeconds: 180 - admissionWebhooks: - enabled: false - service: - type: ClusterIP diff --git a/charts/ingress-nginx/ci/controller-ingressclass-values.yaml b/charts/ingress-nginx/ci/controller-ingressclass-values.yaml new file mode 100644 index 0000000000..c06429f975 --- /dev/null +++ b/charts/ingress-nginx/ci/controller-ingressclass-values.yaml @@ -0,0 +1,15 @@ +controller: + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + + service: + type: ClusterIP + + ingressClassResource: + name: custom-nginx + default: true + controllerValue: k8s.io/custom-nginx + + watchIngressWithoutClass: true diff --git a/charts/ingress-nginx/ci/daemonset-internal-lb-values.yaml b/charts/ingress-nginx/ci/controller-service-internal-values.yaml similarity index 81% rename from charts/ingress-nginx/ci/daemonset-internal-lb-values.yaml rename to charts/ingress-nginx/ci/controller-service-internal-values.yaml index 0a200a7460..11108fbce9 100644 --- a/charts/ingress-nginx/ci/daemonset-internal-lb-values.yaml +++ b/charts/ingress-nginx/ci/controller-service-internal-values.yaml @@ -1,13 +1,12 @@ controller: - kind: DaemonSet image: repository: ingress-controller/controller tag: 1.0.0-dev digest: null - admissionWebhooks: - enabled: false + service: type: ClusterIP + internal: enabled: true annotations: diff --git a/charts/ingress-nginx/ci/deployment-customnodeport-values.yaml b/charts/ingress-nginx/ci/controller-service-values.yaml similarity index 69% rename from charts/ingress-nginx/ci/deployment-customnodeport-values.yaml rename to charts/ingress-nginx/ci/controller-service-values.yaml index a564eaf931..9039368c28 100644 --- a/charts/ingress-nginx/ci/deployment-customnodeport-values.yaml +++ b/charts/ingress-nginx/ci/controller-service-values.yaml @@ -3,18 +3,20 @@ controller: repository: ingress-controller/controller tag: 1.0.0-dev digest: null - admissionWebhooks: - enabled: false + service: type: NodePort + nodePorts: tcp: 9000: 30090 udp: 9001: 30091 +portNamePrefix: port + tcp: - 9000: "default/test:8080" + 9000: default/test:8080 udp: - 9001: "default/test:8080" + 9001: default/test:8080 diff --git a/charts/ingress-nginx/ci/daemonset-customconfig-values.yaml b/charts/ingress-nginx/ci/daemonset-customconfig-values.yaml deleted file mode 100644 index 4393a5bc06..0000000000 --- a/charts/ingress-nginx/ci/daemonset-customconfig-values.yaml +++ /dev/null @@ -1,14 +0,0 @@ -controller: - image: - repository: ingress-controller/controller - tag: 1.0.0-dev - digest: null - kind: DaemonSet - allowSnippetAnnotations: false - admissionWebhooks: - enabled: false - service: - type: ClusterIP - - config: - use-proxy-protocol: "true" diff --git a/charts/ingress-nginx/ci/daemonset-customnodeport-values.yaml b/charts/ingress-nginx/ci/daemonset-customnodeport-values.yaml deleted file mode 100644 index 1d94be219b..0000000000 --- a/charts/ingress-nginx/ci/daemonset-customnodeport-values.yaml +++ /dev/null @@ -1,22 +0,0 @@ -controller: - kind: DaemonSet - image: - repository: ingress-controller/controller - tag: 1.0.0-dev - digest: null - admissionWebhooks: - enabled: false - - service: - type: NodePort - nodePorts: - tcp: - 9000: 30090 - udp: - 9001: 30091 - -tcp: - 9000: "default/test:8080" - -udp: - 9001: "default/test:8080" diff --git a/charts/ingress-nginx/ci/daemonset-extra-modules.yaml b/charts/ingress-nginx/ci/daemonset-extra-modules.yaml deleted file mode 100644 index 52a32fcbd4..0000000000 --- a/charts/ingress-nginx/ci/daemonset-extra-modules.yaml +++ /dev/null @@ -1,13 +0,0 @@ -controller: - kind: DaemonSet - image: - repository: ingress-controller/controller - tag: 1.0.0-dev - service: - type: ClusterIP - extraModules: - - name: opentelemetry - image: - registry: registry.k8s.io - image: busybox - tag: latest diff --git a/charts/ingress-nginx/ci/daemonset-headers-values.yaml b/charts/ingress-nginx/ci/daemonset-headers-values.yaml deleted file mode 100644 index ab7d47bd4d..0000000000 --- a/charts/ingress-nginx/ci/daemonset-headers-values.yaml +++ /dev/null @@ -1,14 +0,0 @@ -controller: - kind: DaemonSet - image: - repository: ingress-controller/controller - tag: 1.0.0-dev - digest: null - admissionWebhooks: - enabled: false - addHeaders: - X-Frame-Options: deny - proxySetHeaders: - X-Forwarded-Proto: https - service: - type: ClusterIP diff --git a/charts/ingress-nginx/ci/daemonset-nodeport-values.yaml b/charts/ingress-nginx/ci/daemonset-nodeport-values.yaml deleted file mode 100644 index 3b7aa2fcd2..0000000000 --- a/charts/ingress-nginx/ci/daemonset-nodeport-values.yaml +++ /dev/null @@ -1,10 +0,0 @@ -controller: - kind: DaemonSet - image: - repository: ingress-controller/controller - tag: 1.0.0-dev - digest: null - admissionWebhooks: - enabled: false - service: - type: NodePort diff --git a/charts/ingress-nginx/ci/daemonset-tcp-udp-configMapNamespace-values.yaml b/charts/ingress-nginx/ci/daemonset-tcp-udp-configMapNamespace-values.yaml deleted file mode 100644 index acd86a77ab..0000000000 --- a/charts/ingress-nginx/ci/daemonset-tcp-udp-configMapNamespace-values.yaml +++ /dev/null @@ -1,20 +0,0 @@ -controller: - kind: DaemonSet - image: - repository: ingress-controller/controller - tag: 1.0.0-dev - digest: null - admissionWebhooks: - enabled: false - service: - type: ClusterIP - tcp: - configMapNamespace: default - udp: - configMapNamespace: default - -tcp: - 9000: "default/test:8080" - -udp: - 9001: "default/test:8080" diff --git a/charts/ingress-nginx/ci/daemonset-tcp-udp-portNamePrefix-values.yaml b/charts/ingress-nginx/ci/daemonset-tcp-udp-portNamePrefix-values.yaml deleted file mode 100644 index 90b0f57a58..0000000000 --- a/charts/ingress-nginx/ci/daemonset-tcp-udp-portNamePrefix-values.yaml +++ /dev/null @@ -1,18 +0,0 @@ -controller: - kind: DaemonSet - image: - repository: ingress-controller/controller - tag: 1.0.0-dev - digest: null - admissionWebhooks: - enabled: false - service: - type: ClusterIP - -tcp: - 9000: "default/test:8080" - -udp: - 9001: "default/test:8080" - -portNamePrefix: "port" diff --git a/charts/ingress-nginx/ci/daemonset-tcp-udp-values.yaml b/charts/ingress-nginx/ci/daemonset-tcp-udp-values.yaml deleted file mode 100644 index 25ee64d856..0000000000 --- a/charts/ingress-nginx/ci/daemonset-tcp-udp-values.yaml +++ /dev/null @@ -1,16 +0,0 @@ -controller: - kind: DaemonSet - image: - repository: ingress-controller/controller - tag: 1.0.0-dev - digest: null - admissionWebhooks: - enabled: false - service: - type: ClusterIP - -tcp: - 9000: "default/test:8080" - -udp: - 9001: "default/test:8080" diff --git a/charts/ingress-nginx/ci/daemonset-tcp-values.yaml b/charts/ingress-nginx/ci/daemonset-tcp-values.yaml deleted file mode 100644 index 380c8b4b13..0000000000 --- a/charts/ingress-nginx/ci/daemonset-tcp-values.yaml +++ /dev/null @@ -1,14 +0,0 @@ -controller: - kind: DaemonSet - image: - repository: ingress-controller/controller - tag: 1.0.0-dev - digest: null - admissionWebhooks: - enabled: false - service: - type: ClusterIP - -tcp: - 9000: "default/test:8080" - 9001: "default/test:8080" diff --git a/charts/ingress-nginx/ci/deamonset-metrics-values.yaml b/charts/ingress-nginx/ci/deamonset-metrics-values.yaml deleted file mode 100644 index cb3cb54be2..0000000000 --- a/charts/ingress-nginx/ci/deamonset-metrics-values.yaml +++ /dev/null @@ -1,12 +0,0 @@ -controller: - kind: DaemonSet - image: - repository: ingress-controller/controller - tag: 1.0.0-dev - digest: null - admissionWebhooks: - enabled: false - metrics: - enabled: true - service: - type: ClusterIP diff --git a/charts/ingress-nginx/ci/deployment-autoscaling-values.yaml b/charts/ingress-nginx/ci/deployment-autoscaling-values.yaml deleted file mode 100644 index b8b3ac6862..0000000000 --- a/charts/ingress-nginx/ci/deployment-autoscaling-values.yaml +++ /dev/null @@ -1,11 +0,0 @@ -controller: - image: - repository: ingress-controller/controller - tag: 1.0.0-dev - digest: null - autoscaling: - enabled: true - admissionWebhooks: - enabled: false - service: - type: ClusterIP diff --git a/charts/ingress-nginx/ci/deployment-extra-modules-default-container-sec-context.yaml b/charts/ingress-nginx/ci/deployment-extra-modules-default-container-sec-context.yaml deleted file mode 100644 index 91b1b98a80..0000000000 --- a/charts/ingress-nginx/ci/deployment-extra-modules-default-container-sec-context.yaml +++ /dev/null @@ -1,15 +0,0 @@ -controller: - image: - repository: ingress-controller/controller - tag: 1.0.0-dev - digest: null - service: - type: ClusterIP - containerSecurityContext: - allowPrivilegeEscalation: false - extraModules: - - name: opentelemetry - image: - registry: registry.k8s.io - image: busybox - tag: latest diff --git a/charts/ingress-nginx/ci/deployment-extra-modules-specific-container-sec-context.yaml b/charts/ingress-nginx/ci/deployment-extra-modules-specific-container-sec-context.yaml deleted file mode 100644 index b6013c7d0a..0000000000 --- a/charts/ingress-nginx/ci/deployment-extra-modules-specific-container-sec-context.yaml +++ /dev/null @@ -1,15 +0,0 @@ -controller: - image: - repository: ingress-controller/controller - tag: 1.0.0-dev - digest: null - service: - type: ClusterIP - extraModules: - - name: opentelemetry - image: - registry: registry.k8s.io - image: busybox - tag: latest - containerSecurityContext: - allowPrivilegeEscalation: false diff --git a/charts/ingress-nginx/ci/deployment-extra-modules.yaml b/charts/ingress-nginx/ci/deployment-extra-modules.yaml deleted file mode 100644 index 2fbe1cc013..0000000000 --- a/charts/ingress-nginx/ci/deployment-extra-modules.yaml +++ /dev/null @@ -1,13 +0,0 @@ -controller: - image: - repository: ingress-controller/controller - tag: 1.0.0-dev - digest: null - service: - type: ClusterIP - extraModules: - - name: opentelemetry - image: - registry: registry.k8s.io - image: busybox - tag: latest diff --git a/charts/ingress-nginx/ci/deployment-headers-values.yaml b/charts/ingress-nginx/ci/deployment-headers-values.yaml deleted file mode 100644 index 17a11ac370..0000000000 --- a/charts/ingress-nginx/ci/deployment-headers-values.yaml +++ /dev/null @@ -1,13 +0,0 @@ -controller: - image: - repository: ingress-controller/controller - tag: 1.0.0-dev - digest: null - admissionWebhooks: - enabled: false - addHeaders: - X-Frame-Options: deny - proxySetHeaders: - X-Forwarded-Proto: https - service: - type: ClusterIP diff --git a/charts/ingress-nginx/ci/deployment-internal-lb-values.yaml b/charts/ingress-nginx/ci/deployment-internal-lb-values.yaml deleted file mode 100644 index 663ccb9d1c..0000000000 --- a/charts/ingress-nginx/ci/deployment-internal-lb-values.yaml +++ /dev/null @@ -1,19 +0,0 @@ -controller: - image: - repository: ingress-controller/controller - tag: 1.0.0-dev - digest: null - admissionWebhooks: - enabled: false - service: - type: ClusterIP - internal: - enabled: true - annotations: - service.beta.kubernetes.io/aws-load-balancer-internal: "true" - ports: - http: 443 - https: 80 - targetPorts: - http: 443 - https: 80 diff --git a/charts/ingress-nginx/ci/deployment-nodeport-values.yaml b/charts/ingress-nginx/ci/deployment-nodeport-values.yaml deleted file mode 100644 index cd9b323528..0000000000 --- a/charts/ingress-nginx/ci/deployment-nodeport-values.yaml +++ /dev/null @@ -1,9 +0,0 @@ -controller: - image: - repository: ingress-controller/controller - tag: 1.0.0-dev - digest: null - admissionWebhooks: - enabled: false - service: - type: NodePort diff --git a/charts/ingress-nginx/ci/deployment-tcp-udp-configMapNamespace-values.yaml b/charts/ingress-nginx/ci/deployment-tcp-udp-configMapNamespace-values.yaml deleted file mode 100644 index c51a4e91fa..0000000000 --- a/charts/ingress-nginx/ci/deployment-tcp-udp-configMapNamespace-values.yaml +++ /dev/null @@ -1,19 +0,0 @@ -controller: - image: - repository: ingress-controller/controller - tag: 1.0.0-dev - digest: null - admissionWebhooks: - enabled: false - service: - type: ClusterIP - tcp: - configMapNamespace: default - udp: - configMapNamespace: default - -tcp: - 9000: "default/test:8080" - -udp: - 9001: "default/test:8080" diff --git a/charts/ingress-nginx/ci/deployment-tcp-udp-portNamePrefix-values.yaml b/charts/ingress-nginx/ci/deployment-tcp-udp-portNamePrefix-values.yaml deleted file mode 100644 index 56323c5eeb..0000000000 --- a/charts/ingress-nginx/ci/deployment-tcp-udp-portNamePrefix-values.yaml +++ /dev/null @@ -1,17 +0,0 @@ -controller: - image: - repository: ingress-controller/controller - tag: 1.0.0-dev - digest: null - admissionWebhooks: - enabled: false - service: - type: ClusterIP - -tcp: - 9000: "default/test:8080" - -udp: - 9001: "default/test:8080" - -portNamePrefix: "port" diff --git a/charts/ingress-nginx/ci/deployment-tcp-udp-values.yaml b/charts/ingress-nginx/ci/deployment-tcp-udp-values.yaml deleted file mode 100644 index 5b45b69dcc..0000000000 --- a/charts/ingress-nginx/ci/deployment-tcp-udp-values.yaml +++ /dev/null @@ -1,15 +0,0 @@ -controller: - image: - repository: ingress-controller/controller - tag: 1.0.0-dev - digest: null - admissionWebhooks: - enabled: false - service: - type: ClusterIP - -tcp: - 9000: "default/test:8080" - -udp: - 9001: "default/test:8080" diff --git a/charts/ingress-nginx/ci/deployment-tcp-values.yaml b/charts/ingress-nginx/ci/deployment-tcp-values.yaml deleted file mode 100644 index ac0b6e60eb..0000000000 --- a/charts/ingress-nginx/ci/deployment-tcp-values.yaml +++ /dev/null @@ -1,11 +0,0 @@ -controller: - image: - repository: ingress-controller/controller - tag: 1.0.0-dev - digest: null - service: - type: ClusterIP - -tcp: - 9000: "default/test:8080" - 9001: "default/test:8080" diff --git a/charts/ingress-nginx/ci/deployment-webhook-extraEnvs-values.yaml b/charts/ingress-nginx/ci/deployment-webhook-extraEnvs-values.yaml deleted file mode 100644 index 95487b071f..0000000000 --- a/charts/ingress-nginx/ci/deployment-webhook-extraEnvs-values.yaml +++ /dev/null @@ -1,12 +0,0 @@ -controller: - service: - type: ClusterIP - admissionWebhooks: - enabled: true - extraEnvs: - - name: FOO - value: foo - - name: TEST - value: test - patch: - enabled: true diff --git a/charts/ingress-nginx/ci/deployment-webhook-resources-values.yaml b/charts/ingress-nginx/ci/deployment-webhook-resources-values.yaml deleted file mode 100644 index 49ebbb02c8..0000000000 --- a/charts/ingress-nginx/ci/deployment-webhook-resources-values.yaml +++ /dev/null @@ -1,23 +0,0 @@ -controller: - service: - type: ClusterIP - admissionWebhooks: - enabled: true - createSecretJob: - resources: - limits: - cpu: 10m - memory: 20Mi - requests: - cpu: 10m - memory: 20Mi - patchWebhookJob: - resources: - limits: - cpu: 10m - memory: 20Mi - requests: - cpu: 10m - memory: 20Mi - patch: - enabled: true diff --git a/docs/user-guide/third-party-addons/opentelemetry.md b/docs/user-guide/third-party-addons/opentelemetry.md index af7fd2b145..32b17d2ca2 100644 --- a/docs/user-guide/third-party-addons/opentelemetry.md +++ b/docs/user-guide/third-party-addons/opentelemetry.md @@ -191,7 +191,7 @@ To install the example and collectors run: helm repo add grafana https://grafana.github.io/helm-charts helm repo update # deploy cert-manager needed for OpenTelemetry collector operator - kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.9.1/cert-manager.yaml + kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.15.3/cert-manager.yaml # create observability namespace kubectl apply -f https://raw.githubusercontent.com/esigo/nginx-example/main/observability/namespace.yaml # install OpenTelemetry collector operator diff --git a/magefiles/steps/helm.go b/magefiles/steps/helm.go index 245f5e1c0e..73c9b0b3b4 100644 --- a/magefiles/steps/helm.go +++ b/magefiles/steps/helm.go @@ -170,7 +170,7 @@ func runHelmDocs() error { if err != nil { return err } - err = sh.RunV("helm-docs", "--chart-search-root=${PWD}/charts") + err = sh.RunV("helm-docs", "--chart-search-root", "${PWD}/charts") if err != nil { return err } @@ -181,7 +181,7 @@ func installHelmDocs() error { utils.Info("HELM Install HelmDocs") g0 := sh.RunCmd("go") - err := g0("install", "github.com/norwoodj/helm-docs/cmd/helm-docs@v1.11.0") + err := g0("install", "github.com/norwoodj/helm-docs/cmd/helm-docs@latest") if err != nil { return err } diff --git a/test/e2e/run-chart-test.sh b/test/e2e/run-chart-test.sh index 95465ee32f..b6748f129d 100755 --- a/test/e2e/run-chart-test.sh +++ b/test/e2e/run-chart-test.sh @@ -91,25 +91,28 @@ echo "[dev-env] copying docker images to cluster..." kind load docker-image --name="${KIND_CLUSTER_NAME}" --nodes=${KIND_WORKERS} ${REGISTRY}/controller:${TAG} if [ "${SKIP_CERT_MANAGER_CREATION:-false}" = "false" ]; then - curl -fsSL -o cmctl.tar.gz https://github.com/cert-manager/cert-manager/releases/download/v1.11.1/cmctl-linux-amd64.tar.gz - tar xzf cmctl.tar.gz - chmod +x cmctl - ./cmctl help - echo "[dev-env] apply cert-manager ..." - kubectl apply --wait -f https://github.com/cert-manager/cert-manager/releases/download/v1.11.0/cert-manager.yaml - kubectl wait --timeout=30s --for=condition=available deployment/cert-manager -n cert-manager - kubectl get validatingwebhookconfigurations cert-manager-webhook -ojson | jq '.webhooks[].clientConfig' - kubectl get endpoints -n cert-manager cert-manager-webhook - ./cmctl check api --wait=2m + echo "[dev-env] deploying cert-manager..." + + # Get OS & platform for downloading cmctl. + os="$(uname -o | tr "[:upper:]" "[:lower:]" | sed "s/gnu\///")" + platform="$(uname -m | sed "s/aarch64/arm64/;s/x86_64/amd64/")" + + # Download cmctl. Cannot validate checksum as OS & platform may vary. + curl --fail --location "https://github.com/cert-manager/cmctl/releases/download/v2.1.1/cmctl_${os}_${platform}.tar.gz" | tar --extract --gzip cmctl + + # Install cert-manager. + ./cmctl x install + ./cmctl check api --wait 1m fi echo "[dev-env] running helm chart e2e tests..." -docker run --rm --interactive --network host \ - --name ct \ - --volume $KUBECONFIG:/root/.kube/config \ - --volume "${DIR}/../../":/workdir \ - --workdir /workdir \ - registry.k8s.io/ingress-nginx/e2e-test-runner:v20240829-2c421762@sha256:5b7809bfe9cbd9cd6bcb8033ca27576ca704f05ce729fe4dcb574810f7a25785 \ - ct install \ - --charts charts/ingress-nginx \ - --helm-extra-args "--timeout 60s" +docker run \ + --name ct \ + --volume "${KUBECONFIG}:/root/.kube/config:ro" \ + --volume "${DIR}/../../:/workdir" \ + --network host \ + --workdir /workdir \ + --entrypoint ct \ + --rm \ + registry.k8s.io/ingress-nginx/e2e-test-runner:v20240829-2c421762@sha256:5b7809bfe9cbd9cd6bcb8033ca27576ca704f05ce729fe4dcb574810f7a25785 \ + install --charts charts/ingress-nginx