feat: support custom labels for internal service

This change allows configuring labels specifically for the internal
service without affecting the main controller service, useful for
external-dns configuration.

charts/ingress-nginx/README.md

@@ -439,14 +439,16 @@ metadata:
 | controller.scope.enabled | bool | `false` | Enable 'scope' or not |
 | controller.scope.namespace | string | `""` | Namespace to limit the controller to; defaults to $(POD_NAMESPACE) |
 | controller.scope.namespaceSelector | string | `""` | When scope.enabled == false, instead of watching all namespaces, we watching namespaces whose labels only match with namespaceSelector. Format like foo=bar. Defaults to empty, means watching all namespaces. |
-| controller.service.annotations | object | `{}` | Annotations to be added to the external controller service. See `controller.service.internal.annotations` for annotations to be added to the internal controller service. |
+| controller.service.annotations | object | `{}` |  |
 | controller.service.appProtocol | bool | `true` | Declare the app protocol of the external HTTP and HTTPS listeners or not. Supersedes provider-specific annotations for declaring the backend protocol. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#application-protocol |
 | controller.service.clusterIP | string | `""` | Pre-defined cluster internal IP address of the external controller service. Take care of collisions with existing services. This value is immutable. Set once, it can not be changed without deleting and re-creating the service. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address |
 | controller.service.clusterIPs | list | `[]` | Pre-defined cluster internal IP addresses of the external controller service. Take care of collisions with existing services. This value is immutable. Set once, it can not be changed without deleting and re-creating the service. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address |
 | controller.service.enableHttp | bool | `true` | Enable the HTTP listener on both controller services or not. |
 | controller.service.enableHttps | bool | `true` | Enable the HTTPS listener on both controller services or not. |
 | controller.service.enabled | bool | `true` | Enable controller services or not. This does not influence the creation of either the admission webhook or the metrics service. |
 | controller.service.external.enabled | bool | `true` | Enable the external controller service or not. Useful for internal-only deployments. |
+| controller.service.external.labels | object | `{}` | Labels to be added to the external controller sevice. |
+| controller.service.external.labels | object | `{}` |  |
 | controller.service.externalIPs | list | `[]` | List of node IP addresses at which the external controller service is available. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips |
 | controller.service.externalTrafficPolicy | string | `""` | External traffic policy of the external controller service. Set to "Local" to preserve source IP on providers supporting it. Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip |
 | controller.service.internal.annotations | object | `{}` | Annotations to be added to the internal controller service. Mandatory for the internal controller service to be created. Varies with the cloud service. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer |
@@ -458,6 +460,7 @@ metadata:
 | controller.service.internal.externalTrafficPolicy | string | `""` | External traffic policy of the internal controller service. Set to "Local" to preserve source IP on providers supporting it. Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip |
 | controller.service.internal.ipFamilies | list | `["IPv4"]` | List of IP families (e.g. IPv4, IPv6) assigned to the internal controller service. This field is usually assigned automatically based on cluster configuration and the `ipFamilyPolicy` field. Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services |
 | controller.service.internal.ipFamilyPolicy | string | `"SingleStack"` | Represents the dual-stack capabilities of the internal controller service. Possible values are SingleStack, PreferDualStack or RequireDualStack. Fields `ipFamilies` and `clusterIP` depend on the value of this field. Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services |
+| controller.service.internal.labels | object | `{}` | Labels to be added to the internal controller service. |
 | controller.service.internal.loadBalancerClass | string | `""` | Load balancer class of the internal controller service. Used by cloud providers to select a load balancer implementation other than the cloud provider default. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-class |
 | controller.service.internal.loadBalancerIP | string | `""` | Deprecated: Pre-defined IP address of the internal controller service. Used by cloud providers to connect the resulting load balancer service to a pre-existing static IP. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer |
 | controller.service.internal.loadBalancerSourceRanges | list | `[]` | Restrict access to the internal controller service. Values must be CIDRs. Allows any source address by default. |

charts/ingress-nginx/ci/controller-service-internal-values.yaml

@@ -11,3 +11,5 @@ controller:
       enabled: true
       annotations:
         service.beta.kubernetes.io/aws-load-balancer-internal: "true"
+      labels:
+        external-dns.alpha.kubernetes.io/hostname: internal.example.com

charts/ingress-nginx/ci/controller-service-values.yaml

@@ -6,6 +6,9 @@ controller:
 
   service:
     type: NodePort
+    external:
+      labels:
+        external-dns.alpha.kubernetes.io/hostname: external.example.com
 
     nodePorts:
       tcp:

charts/ingress-nginx/templates/controller-service-internal.yaml

@@ -12,6 +12,9 @@ metadata:
   {{- if .Values.controller.service.labels }}
     {{- toYaml .Values.controller.service.labels | nindent 4 }}
   {{- end }}
+  {{- if .Values.controller.service.internal.labels }}
+    {{- toYaml .Values.controller.service.internal.labels | nindent 4 }}
+  {{- end }}
   name: {{ include "ingress-nginx.controller.fullname" . }}-internal
   namespace: {{ include "ingress-nginx.namespace" . }}
 spec:

charts/ingress-nginx/templates/controller-service.yaml

@@ -12,6 +12,9 @@ metadata:
   {{- if .Values.controller.service.labels }}
     {{- toYaml .Values.controller.service.labels | nindent 4 }}
   {{- end }}
+  {{- if .Values.controller.service.external.labels }}
+    {{- toYaml .Values.controller.service.external.labels | nindent 4 }}
+  {{- end }}
   name: {{ include "ingress-nginx.controller.fullname" . }}
   namespace: {{ include "ingress-nginx.namespace" . }}
 spec:

charts/ingress-nginx/tests/controller-service-internal_test.yaml

@@ -61,3 +61,40 @@ tests:
       - equal:
           path: spec.trafficDistribution
           value: PreferClose
+
+ - it: should create a Service with custom labels if `controller.service.internal.labels` is set
+   set: 
+     controller.service.internal.enabled: true
+     controller.service.internal.annotations:
+       test.annotation: "true"
+     controller.service.internal.labels:
+       external-dns.alpha.kubernetes.io/hostname: internal.example.com
+   asserts:
+     - hasDocuments:
+         count: 1
+     - isKind:
+         of: Service
+     - equal:
+         path: metadata.labels.external-dns\.alpha\.kubernetes\.io/hostname
+         value: internal.example.com
+
+ - it: should merge service labels with internal labels maintaining backward compatibility
+   set:
+     controller.service.internal.enabled: true
+     controller.service.internal.annotations:
+       test.annotation: "true"
+     controller.service.labels:
+       global-service: "true"
+     controller.service.internal.labels:
+       internal-specific: "true"
+   asserts:
+     - hasDocuments:
+         count: 1
+     - isKind:
+         of: Service
+     - equal:
+         path: metadata.labels.global-service
+         value: "true"
+     - equal:
+         path: metadata.labels.internal-specific
+         value: "true"

charts/ingress-nginx/tests/controller-service_test.yaml

@@ -62,3 +62,36 @@ tests:
       - equal:
           path: spec.trafficDistribution
           value: PreferClose
+
+ - it: should create a Service with custom external labels if `controller.service.external.labels` is set
+   set:
+     controller.service.external.enabled: true
+     controller.service.external.labels:
+       custom-external: test-value
+   asserts:
+     - hasDocuments:
+         count: 1
+     - isKind:
+         of: Service
+     - equal:
+         path: metadata.labels.custom-external
+         value: test-value
+
+ - it: should merge service labels with external labels maintaining backward compatibility
+   set:
+     controller.service.external.enabled: true
+     controller.service.labels:
+       global-service: "true"
+     controller.service.external.labels:
+       external-specific: "true"
+   asserts:
+     - hasDocuments:
+         count: 1
+     - isKind:
+         of: Service
+     - equal:
+         path: metadats.labels.global-service
+         value: "true"
+     - equal:
+         path: metadata.labels.external-specific
+         value: "true"

charts/ingress-nginx/values.yaml

@@ -486,7 +486,10 @@ controller:
     external:
       # -- Enable the external controller service or not. Useful for internal-only deployments.
       enabled: true
-    # -- Annotations to be added to the external controller service. See `controller.service.internal.annotations` for annotations to be added to the internal controller service.
+      labels: {}
+      # -- Labels to be added to the external controller sevice.
+      labels: {}
+      # -- Annotations to be added to the external controller service. See `controller.service.internal.annotations` for annotations to be added to the internal controller service.
     annotations: {}
     # -- Labels to be added to both controller services.
     labels: {}
@@ -577,6 +580,8 @@ controller:
       # -- Annotations to be added to the internal controller service. Mandatory for the internal controller service to be created. Varies with the cloud service.
       # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
       annotations: {}
+      # -- Labels to be added to the internal controller service.
+      labels: {}
       # -- Type of the internal controller service.
       # Defaults to the value of `controller.service.type`.
       # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types