Skip to content

Commit

Permalink
Support all nginx configmap settings
Browse files Browse the repository at this point in the history
  • Loading branch information
Stevo Slavić committed Feb 9, 2020
1 parent 1a6b264 commit b92c7ac
Show file tree
Hide file tree
Showing 6 changed files with 34 additions and 114 deletions.
3 changes: 2 additions & 1 deletion helm/nginx-ingress-controller-app/Configuration.md
Original file line number Diff line number Diff line change
Expand Up @@ -11,8 +11,9 @@ Parameter | Description | Default
--- | --- | ---
`baseDomain` | Cluster base domain. Dynamically calculated during cluster creation. Manual change doesn't affect this value | 'aws'
`provider` | Provider identifier (`aws`/`azure`/`kvm`) | 'kvm'
`configmap.ingress-class` | Ingress class, which controller processes | `nginx`
`configmap.ssl-protocols` | SSL supported protocols | ''
`controller.annotationsPrefix` | Prefix of the Ingress annotations specific to the NGINX controller. | `nginx.ingress.kubernetes.io`
`controller.ingressClass` | Ingress class, which controller processes | `nginx`
`controller.service.enabled` | If true, create service | `true`
`controller.service.type` | Applies only to `provider=aws` (`external`/`internal`) | `external`

65 changes: 1 addition & 64 deletions helm/nginx-ingress-controller-app/templates/configmap.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -7,67 +7,4 @@ metadata:
giantswarm.io/service-type: "managed"
k8s-addon: ingress-nginx.addons.k8s.io
data:

disable-access-log: "{{ index .Values.configmap "disable-access-log" }}"
{{- if index .Values.configmap "enable-underscores-in-headers" }}
enable-underscores-in-headers: "{{ index .Values.configmap "enable-underscores-in-headers" }}"
{{- end }}
enable-vts-status: "{{ index .Values.configmap "enable-vts-status" }}"
error-log-level: "{{ index .Values.configmap "error-log-level" }}"

{{- if index .Values.configmap "http2-max-field-size" }}
http2-max-field-size: "{{ index .Values.configmap "http2-max-field-size" }}"
{{- end }}

# Disables setting a 'Strict-Transport-Security' header, which can be harmful.
# See https://github.com/kubernetes/ingress-nginx/issues/549#issuecomment-291894246
hsts: "{{ .Values.configmap.hsts }}"

{{- if index .Values.configmap "http-snippet" }}
http-snippet: |
{{- range ((index .Values.configmap "http-snippet") | trimAll "\n " | split "\n") }}
{{ . }}
{{- end }}
{{- end }}

{{- if index .Values.configmap "large-client-header-buffers" }}
large-client-header-buffers: "{{ index .Values.configmap "large-client-header-buffers" }}"
{{- end }}

{{- if index .Values.configmap "log-format-upstream" }}
log-format-upstream: "{{ index .Values.configmap "log-format-upstream" }}"
{{- end }}

{{- if index .Values.configmap "proxy-buffers-size" }}
proxy-buffers-size: "{{ index .Values.configmap "proxy-buffers-size" }}"
{{- end }}

{{- if index .Values.configmap "proxy-buffers" }}
proxy-buffers: "{{ index .Values.configmap "proxy-buffers" }}"
{{- end }}

{{- if index .Values.configmap "use-forwarded-headers" }}
use-forwarded-headers: "{{ index .Values.configmap "use-forwarded-headers" }}"
{{- end }}

# Increase hash table size to allow more server names for stability reasons
server-name-hash-bucket-size: "{{ index .Values.configmap "server-name-hash-bucket-size" }}"
server-name-hash-max-size: "{{ index .Values.configmap "server-name-hash-max-size" }}"
server-tokens: "{{ index .Values.configmap "server-tokens" }}"
worker-processes: "{{ index .Values.configmap "worker-processes" }}"

{{- if index .Values.configmap "use-proxy-protocol" }}
# Allow user to override value.
use-proxy-protocol: "{{ index .Values.configmap "use-proxy-protocol" }}"
{{- else }}
# Global is used as this key is used by the migration logic.
use-proxy-protocol: "{{ .Values.global.controller.useProxyProtocol }}"
{{- end }}

{{- if index .Values.configmap "vts-default-filter-key" }}
vts-default-filter-key: "{{ index .Values.configmap "vts-default-filter-key" }}"
{{- end }}

{{- if index .Values.configmap "ssl-protocols" }}
ssl-protocols: "{{ index .Values.configmap "ssl-protocols" }}"
{{- end }}
{{- toYaml .Values.configmap | trim | nindent 2 }}
Original file line number Diff line number Diff line change
Expand Up @@ -51,13 +51,13 @@ spec:
args:
- /nginx-ingress-controller
- --configmap=$(POD_NAMESPACE)/{{ .Values.controller.configmap.name }}
- --annotations-prefix={{ index .Values.configmap "annotations-prefix" }}
{{- if index .Values.configmap "default-ssl-certificate" }}
- --default-ssl-certificate={{ index .Values.configmap "default-ssl-certificate" }}
- --annotations-prefix={{ .Values.controller.annotationsPrefix }}
{{- if .Values.controller.defaultSSLCertificate" }}
- --default-ssl-certificate={{ .Values.controller.defaultSSLCertificate }}
{{- end}}
- --enable-ssl-chain-completion=false
- --enable-dynamic-certificates=true
- --ingress-class={{ index .Values.configmap "ingress-class" }}
- --ingress-class={{ .Values.controller.ingressClass }}
{{- if not .Values.ingressController.legacy }}
- --publish-service={{ .Release.Namespace }}/{{ .Values.controller.name }}
{{- end }}
Expand Down
14 changes: 9 additions & 5 deletions helm/nginx-ingress-controller-app/templates/controller-hpa.yaml
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
{{- if (index .Values.configmap "hpa-enabled") eq "true" }}
{{- if .Values.controller.autoscaling.enabled }}
apiVersion: autoscaling/v2beta1
kind: HorizontalPodAutoscaler
metadata:
Expand All @@ -13,15 +13,19 @@ spec:
apiVersion: apps/v1
kind: Deployment
name: {{ .Values.controller.name }}
minReplicas: {{ index .Values.configmap "hpa-min-replicas" }}
maxReplicas: {{ index .Values.configmap "hpa-max-replicas" }}
minReplicas: {{ .Values.controller.autoscaling.minReplicas }}
maxReplicas: {{ .Values.controller.autoscaling.maxReplicas }}
metrics:
{{- with .Values.controller.autoscaling.targetCPUUtilizationPercentage }}
- type: Resource
resource:
name: cpu
targetAverageUtilization: {{ index .Values.configmap "hpa-target-cpu-utilization-percentage" }}
targetAverageUtilization: {{ . }}
{{- end }}
{{- with .Values.controller.autoscaling.targetMemoryUtilizationPercentage }}
- type: Resource
resource:
name: memory
targetAverageUtilization: {{ index .Values.configmap "hpa-target-memory-utilization-percentage" }}
targetAverageUtilization: {{ . }}
{{- end }}
{{- end }}
2 changes: 1 addition & 1 deletion helm/nginx-ingress-controller-app/templates/rbac.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -120,7 +120,7 @@ rules:
# Here: "<ingress-controller-leader>-<nginx>"
# This has to be adapted if you change either parameter
# when launching the nginx-ingress-controller.
- "ingress-controller-leader-{{ index .Values.configmap "ingress-class" }}"
- "ingress-controller-leader-{{ .Values.controller.ingressClass }}"
verbs:
- get
- update
Expand Down
56 changes: 17 additions & 39 deletions helm/nginx-ingress-controller-app/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,6 @@
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.

namespace: kube-system

# baseDomain is a dynamic value, it comes from the cluster values configmap
# applies only to Giant Swarm clusters
baseDomain: uun5a.k8s.ginger.eu-central-1.aws.gigantic.io
Expand All @@ -19,44 +17,18 @@ ingressController:
legacy: false
replicas: 3

# configmap contains settings that can be overridden with a custom values
# configmap.
# for all the nginx configmap config options see https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/configmap.md#configmaps
configmap:
disable-access-log: "false"
enable-vts-status: "true"
error-log-level: "error"
# Disables setting a 'Strict-Transport-Security' header, which can be harmful.
# See https://github.com/kubernetes/ingress-nginx/issues/549#issuecomment-291894246
hsts: "false"
# Increase hash table size to allow more server names for stability reasons
server-name-hash-bucket-size: "1024"
server-name-hash-max-size: "1024"
server-tokens: "false"
worker-processes: "4"
use-forwarded-headers: "true"

# optional settings that can be set.
enable-underscores-in-headers: ""
http-snippet: ""
http2-max-field-size: ""
large-client-header-buffers: ""
log-format-upstream: ""
proxy-buffers-size: ""
proxy-buffers: ""
use-proxy-protocol: ""
vts-default-filter-key: ""
# Enable the specified protocols (cf. http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_protocols for the list of valid protocols)
ssl-protocols: ""

# optional hpa settings
hpa-enabled: false
hpa-min-replicas: 2
hpa-max-replicas: 11
hpa-target-cpu-utilization-percentage: 50
hpa-target-memory-utilization-percentage: 50

# command args options
annotations-prefix: nginx.ingress.kubernetes.io
default-ssl-certificate: ""
ingress-class: nginx

controller:
name: nginx-ingress-controller
k8sAppLabel: nginx-ingress-controller
Expand Down Expand Up @@ -100,19 +72,25 @@ controller:
cpu: 500m
memory: 600Mi

# optional hpa settings
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 20
targetCPUUtilizationPercentage: 50
targetMemoryUtilizationPercentage: 50

# command args options
annotationsPrefix: nginx.ingress.kubernetes.io
defaultSSLCertificate: ""
ingressClass: nginx

userID: 101
groupID: 101

image:
registry: quay.io

global:
controller:
tempReplicas: 2
useProxyProtocol: false
migration:
enabled: false

test:
image:
registry: quay.io
Expand Down

0 comments on commit b92c7ac

Please sign in to comment.