From a5595f268fd61047072d6cbfbbbfbb9b3a1de7b1 Mon Sep 17 00:00:00 2001 From: samuelarogbonlo Date: Tue, 14 Jan 2025 09:32:03 +0100 Subject: [PATCH] feat: support custom labels for internal service This change allows configuring labels specifically for the internal service without affecting the main controller service, useful for external-dns configuration. --- charts/ingress-nginx/README.md | 5 ++- .../controller-service-internal-values.yaml | 2 + .../ci/controller-service-values.yaml | 3 ++ .../controller-service-internal.yaml | 3 ++ .../templates/controller-service.yaml | 3 ++ .../controller-service-internal_test.yaml | 37 +++++++++++++++++++ .../tests/controller-service_test.yaml | 33 +++++++++++++++++ charts/ingress-nginx/values.yaml | 7 +++- 8 files changed, 91 insertions(+), 2 deletions(-) diff --git a/charts/ingress-nginx/README.md b/charts/ingress-nginx/README.md index dbb0f68c78..178856f800 100644 --- a/charts/ingress-nginx/README.md +++ b/charts/ingress-nginx/README.md @@ -439,7 +439,7 @@ metadata: | controller.scope.enabled | bool | `false` | Enable 'scope' or not | | controller.scope.namespace | string | `""` | Namespace to limit the controller to; defaults to $(POD_NAMESPACE) | | controller.scope.namespaceSelector | string | `""` | When scope.enabled == false, instead of watching all namespaces, we watching namespaces whose labels only match with namespaceSelector. Format like foo=bar. Defaults to empty, means watching all namespaces. | -| controller.service.annotations | object | `{}` | Annotations to be added to the external controller service. See `controller.service.internal.annotations` for annotations to be added to the internal controller service. | +| controller.service.annotations | object | `{}` | | | controller.service.appProtocol | bool | `true` | Declare the app protocol of the external HTTP and HTTPS listeners or not. Supersedes provider-specific annotations for declaring the backend protocol. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#application-protocol | | controller.service.clusterIP | string | `""` | Pre-defined cluster internal IP address of the external controller service. Take care of collisions with existing services. This value is immutable. Set once, it can not be changed without deleting and re-creating the service. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address | | controller.service.clusterIPs | list | `[]` | Pre-defined cluster internal IP addresses of the external controller service. Take care of collisions with existing services. This value is immutable. Set once, it can not be changed without deleting and re-creating the service. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address | @@ -447,6 +447,8 @@ metadata: | controller.service.enableHttps | bool | `true` | Enable the HTTPS listener on both controller services or not. | | controller.service.enabled | bool | `true` | Enable controller services or not. This does not influence the creation of either the admission webhook or the metrics service. | | controller.service.external.enabled | bool | `true` | Enable the external controller service or not. Useful for internal-only deployments. | +| controller.service.external.labels | object | `{}` | Labels to be added to the external controller sevice. | +| controller.service.external.labels | object | `{}` | | | controller.service.externalIPs | list | `[]` | List of node IP addresses at which the external controller service is available. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips | | controller.service.externalTrafficPolicy | string | `""` | External traffic policy of the external controller service. Set to "Local" to preserve source IP on providers supporting it. Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip | | controller.service.internal.annotations | object | `{}` | Annotations to be added to the internal controller service. Mandatory for the internal controller service to be created. Varies with the cloud service. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer | @@ -458,6 +460,7 @@ metadata: | controller.service.internal.externalTrafficPolicy | string | `""` | External traffic policy of the internal controller service. Set to "Local" to preserve source IP on providers supporting it. Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip | | controller.service.internal.ipFamilies | list | `["IPv4"]` | List of IP families (e.g. IPv4, IPv6) assigned to the internal controller service. This field is usually assigned automatically based on cluster configuration and the `ipFamilyPolicy` field. Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services | | controller.service.internal.ipFamilyPolicy | string | `"SingleStack"` | Represents the dual-stack capabilities of the internal controller service. Possible values are SingleStack, PreferDualStack or RequireDualStack. Fields `ipFamilies` and `clusterIP` depend on the value of this field. Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services | +| controller.service.internal.labels | object | `{}` | Labels to be added to the internal controller service. | | controller.service.internal.loadBalancerClass | string | `""` | Load balancer class of the internal controller service. Used by cloud providers to select a load balancer implementation other than the cloud provider default. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-class | | controller.service.internal.loadBalancerIP | string | `""` | Deprecated: Pre-defined IP address of the internal controller service. Used by cloud providers to connect the resulting load balancer service to a pre-existing static IP. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer | | controller.service.internal.loadBalancerSourceRanges | list | `[]` | Restrict access to the internal controller service. Values must be CIDRs. Allows any source address by default. | diff --git a/charts/ingress-nginx/ci/controller-service-internal-values.yaml b/charts/ingress-nginx/ci/controller-service-internal-values.yaml index 11108fbce9..0d1a1f49a2 100644 --- a/charts/ingress-nginx/ci/controller-service-internal-values.yaml +++ b/charts/ingress-nginx/ci/controller-service-internal-values.yaml @@ -11,3 +11,5 @@ controller: enabled: true annotations: service.beta.kubernetes.io/aws-load-balancer-internal: "true" + labels: + external-dns.alpha.kubernetes.io/hostname: internal.example.com diff --git a/charts/ingress-nginx/ci/controller-service-values.yaml b/charts/ingress-nginx/ci/controller-service-values.yaml index 9039368c28..f62a1f0eb5 100644 --- a/charts/ingress-nginx/ci/controller-service-values.yaml +++ b/charts/ingress-nginx/ci/controller-service-values.yaml @@ -6,6 +6,9 @@ controller: service: type: NodePort + external: + labels: + external-dns.alpha.kubernetes.io/hostname: external.example.com nodePorts: tcp: diff --git a/charts/ingress-nginx/templates/controller-service-internal.yaml b/charts/ingress-nginx/templates/controller-service-internal.yaml index 24ac032acc..8d369526da 100644 --- a/charts/ingress-nginx/templates/controller-service-internal.yaml +++ b/charts/ingress-nginx/templates/controller-service-internal.yaml @@ -12,6 +12,9 @@ metadata: {{- if .Values.controller.service.labels }} {{- toYaml .Values.controller.service.labels | nindent 4 }} {{- end }} + {{- if .Values.controller.service.internal.labels }} + {{- toYaml .Values.controller.service.internal.labels | nindent 4 }} + {{- end }} name: {{ include "ingress-nginx.controller.fullname" . }}-internal namespace: {{ include "ingress-nginx.namespace" . }} spec: diff --git a/charts/ingress-nginx/templates/controller-service.yaml b/charts/ingress-nginx/templates/controller-service.yaml index c56d957b14..36d2e48847 100644 --- a/charts/ingress-nginx/templates/controller-service.yaml +++ b/charts/ingress-nginx/templates/controller-service.yaml @@ -12,6 +12,9 @@ metadata: {{- if .Values.controller.service.labels }} {{- toYaml .Values.controller.service.labels | nindent 4 }} {{- end }} + {{- if .Values.controller.service.external.labels }} + {{- toYaml .Values.controller.service.external.labels | nindent 4 }} + {{- end }} name: {{ include "ingress-nginx.controller.fullname" . }} namespace: {{ include "ingress-nginx.namespace" . }} spec: diff --git a/charts/ingress-nginx/tests/controller-service-internal_test.yaml b/charts/ingress-nginx/tests/controller-service-internal_test.yaml index 2680894069..3356cda2d2 100644 --- a/charts/ingress-nginx/tests/controller-service-internal_test.yaml +++ b/charts/ingress-nginx/tests/controller-service-internal_test.yaml @@ -61,3 +61,40 @@ tests: - equal: path: spec.trafficDistribution value: PreferClose + + - it: should create a Service with custom labels if `controller.service.internal.labels` is set + set: + controller.service.internal.enabled: true + controller.service.internal.annotations: + test.annotation: "true" + controller.service.internal.labels: + external-dns.alpha.kubernetes.io/hostname: internal.example.com + asserts: + - hasDocuments: + count: 1 + - isKind: + of: Service + - equal: + path: metadata.labels.external-dns\.alpha\.kubernetes\.io/hostname + value: internal.example.com + + - it: should merge service labels with internal labels maintaining backward compatibility + set: + controller.service.internal.enabled: true + controller.service.internal.annotations: + test.annotation: "true" + controller.service.labels: + global-service: "true" + controller.service.internal.labels: + internal-specific: "true" + asserts: + - hasDocuments: + count: 1 + - isKind: + of: Service + - equal: + path: metadata.labels.global-service + value: "true" + - equal: + path: metadata.labels.internal-specific + value: "true" diff --git a/charts/ingress-nginx/tests/controller-service_test.yaml b/charts/ingress-nginx/tests/controller-service_test.yaml index 4741cdde9a..e072a91bd8 100644 --- a/charts/ingress-nginx/tests/controller-service_test.yaml +++ b/charts/ingress-nginx/tests/controller-service_test.yaml @@ -62,3 +62,36 @@ tests: - equal: path: spec.trafficDistribution value: PreferClose + + - it: should create a Service with custom external labels if `controller.service.external.labels` is set + set: + controller.service.external.enabled: true + controller.service.external.labels: + custom-external: test-value + asserts: + - hasDocuments: + count: 1 + - isKind: + of: Service + - equal: + path: metadata.labels.custom-external + value: test-value + + - it: should merge service labels with external labels maintaining backward compatibility + set: + controller.service.external.enabled: true + controller.service.labels: + global-service: "true" + controller.service.external.labels: + external-specific: "true" + asserts: + - hasDocuments: + count: 1 + - isKind: + of: Service + - equal: + path: metadats.labels.global-service + value: "true" + - equal: + path: metadata.labels.external-specific + value: "true" diff --git a/charts/ingress-nginx/values.yaml b/charts/ingress-nginx/values.yaml index 9875b36933..2f8d44cbb5 100644 --- a/charts/ingress-nginx/values.yaml +++ b/charts/ingress-nginx/values.yaml @@ -486,7 +486,10 @@ controller: external: # -- Enable the external controller service or not. Useful for internal-only deployments. enabled: true - # -- Annotations to be added to the external controller service. See `controller.service.internal.annotations` for annotations to be added to the internal controller service. + labels: {} + # -- Labels to be added to the external controller sevice. + labels: {} + # -- Annotations to be added to the external controller service. See `controller.service.internal.annotations` for annotations to be added to the internal controller service. annotations: {} # -- Labels to be added to both controller services. labels: {} @@ -577,6 +580,8 @@ controller: # -- Annotations to be added to the internal controller service. Mandatory for the internal controller service to be created. Varies with the cloud service. # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer annotations: {} + # -- Labels to be added to the internal controller service. + labels: {} # -- Type of the internal controller service. # Defaults to the value of `controller.service.type`. # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types