diff --git a/charts/ingress-nginx/templates/admission-webhooks/validating-webhook.yaml b/charts/ingress-nginx/templates/admission-webhooks/validating-webhook.yaml index 4cd36a62e9..0949cea75a 100644 --- a/charts/ingress-nginx/templates/admission-webhooks/validating-webhook.yaml +++ b/charts/ingress-nginx/templates/admission-webhooks/validating-webhook.yaml @@ -40,6 +40,7 @@ webhooks: service: name: {{ include "ingress-nginx.controller.fullname" . }}-admission namespace: {{ include "ingress-nginx.namespace" . }} + port: {{ .Values.controller.admissionWebhooks.service.servicePort }} path: /networking/v1/ingresses {{- if .Values.controller.admissionWebhooks.timeoutSeconds }} timeoutSeconds: {{ .Values.controller.admissionWebhooks.timeoutSeconds }} diff --git a/charts/ingress-nginx/templates/controller-service-webhook.yaml b/charts/ingress-nginx/templates/controller-service-webhook.yaml index 6dcf1a10a6..67aac0d9a2 100644 --- a/charts/ingress-nginx/templates/controller-service-webhook.yaml +++ b/charts/ingress-nginx/templates/controller-service-webhook.yaml @@ -29,7 +29,7 @@ spec: {{- end }} ports: - name: https-webhook - port: 443 + port: {{ .Values.controller.admissionWebhooks.service.servicePort }} targetPort: webhook {{- if semverCompare ">=1.20.0-0" .Capabilities.KubeVersion.Version }} appProtocol: https diff --git a/charts/ingress-nginx/tests/admission-webhooks/validating-webhook_test.yaml b/charts/ingress-nginx/tests/admission-webhooks/validating-webhook_test.yaml new file mode 100644 index 0000000000..b9d6d780bb --- /dev/null +++ b/charts/ingress-nginx/tests/admission-webhooks/validating-webhook_test.yaml @@ -0,0 +1,32 @@ +suite: Admission Webhooks > ValidatingWebhookConfiguration +templates: + - admission-webhooks/validating-webhook.yaml + +tests: + - it: should not create a ValidatingWebhookConfiguration if `controller.admissionWebhooks.enabled` is false + set: + controller.admissionWebhooks.enabled: false + asserts: + - hasDocuments: + count: 0 + + - it: should create a ValidatingWebhookConfiguration if `controller.admissionWebhooks.enabled` is true + set: + controller.admissionWebhooks.enabled: true + asserts: + - hasDocuments: + count: 1 + - isKind: + of: ValidatingWebhookConfiguration + - equal: + path: metadata.name + value: RELEASE-NAME-admission + + - it: should create a ValidatingWebhookConfiguration with a custom port if `controller.admissionWebhooks.service.servicePort` is set + set: + controller.admissionWebhooks.enabled: true + controller.admissionWebhooks.service.servicePort: 9443 + asserts: + - equal: + path: webhooks[0].clientConfig.service.port + value: 9443 diff --git a/charts/ingress-nginx/tests/controller-service-webhook_test.yaml b/charts/ingress-nginx/tests/controller-service-webhook_test.yaml new file mode 100644 index 0000000000..1c759edbe6 --- /dev/null +++ b/charts/ingress-nginx/tests/controller-service-webhook_test.yaml @@ -0,0 +1,32 @@ +suite: Controller > Service > Webhook +templates: + - controller-service-webhook.yaml + +tests: + - it: should not create a webhook Service if `controller.admissionWebhooks.enabled` is false + set: + controller.admissionWebhooks.enabled: false + asserts: + - hasDocuments: + count: 0 + + - it: should create a webhook Service if `controller.admissionWebhooks.enabled` is true + set: + controller.admissionWebhooks.enabled: true + asserts: + - hasDocuments: + count: 1 + - isKind: + of: Service + - equal: + path: metadata.name + value: RELEASE-NAME-ingress-nginx-controller-admission + + - it: should create a webhook Service with a custom port if `controller.admissionWebhooks.service.servicePort` is set + set: + controller.admissionWebhooks.enabled: true + controller.admissionWebhooks.service.servicePort: 9443 + asserts: + - equal: + path: spec.ports[0].port + value: 9443