Add process namespace sharing for ingress controller (#4559)

nginx · Nov 15, 2023 · 4ca9fea · 4ca9fea
1 parent dbc0ece
commit 4ca9fea
Show file tree

Hide file tree

Showing 5 changed files with 20 additions and 0 deletions.
diff --git a/charts/nginx-ingress/README.md b/charts/nginx-ingress/README.md
@@ -342,6 +342,7 @@ The following tables lists the configurable parameters of the NGINX Ingress Cont
 |`controller.hostNetwork` | Enables the Ingress Controller pods to use the host's network namespace. | false |
 |`controller.dnsPolicy` | DNS policy for the Ingress Controller pods. | ClusterFirst |
 |`controller.nginxDebug` | Enables debugging for NGINX. Uses the `nginx-debug` binary. Requires `error-log-level: debug` in the ConfigMap via `controller.config.entries`. | false |
+| `controller.shareProcessNamespace` | Enables process namespace sharing. When process namespace sharing is enabled, processes in a container are visible to all other containers in the same pod. [docs](https://kubernetes.io/docs/tasks/configure-pod-container/share-process-namespace/) | false |
 |`controller.logLevel` | The log level of the Ingress Controller. | 1 |
 |`controller.image.digest` | The image digest of the Ingress Controller. | None |
 |`controller.image.repository` | The image repository of the Ingress Controller. | nginx/nginx-ingress |

diff --git a/charts/nginx-ingress/templates/controller-daemonset.yaml b/charts/nginx-ingress/templates/controller-daemonset.yaml
@@ -76,6 +76,9 @@ spec:
 {{- end }}
       hostNetwork: {{ .Values.controller.hostNetwork }}
       dnsPolicy: {{ .Values.controller.dnsPolicy }}
+      {{- if .Values.controller.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{- end }}
       containers:
       - name: {{ include "nginx-ingress.name" . }}
         image: {{ include "nginx-ingress.image" . }}

diff --git a/charts/nginx-ingress/templates/controller-deployment.yaml b/charts/nginx-ingress/templates/controller-deployment.yaml
@@ -83,6 +83,9 @@ spec:
       terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }}
       hostNetwork: {{ .Values.controller.hostNetwork }}
       dnsPolicy: {{ .Values.controller.dnsPolicy }}
+      {{- if .Values.controller.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{- end }}
       containers:
       - image: {{ include "nginx-ingress.image" . }}
         name: {{ include "nginx-ingress.name" . }}

diff --git a/charts/nginx-ingress/values.schema.json b/charts/nginx-ingress/values.schema.json
@@ -241,6 +241,15 @@
             true
           ]
         },
+        "shareProcessNamespace": {
+          "type": "boolean",
+          "default": false,
+          "title": "Enables sharing of the process namespace between pods within the Ingress Controller",
+          "examples": [
+            false,
+            true
+          ]
+        },
         "logLevel": {
           "type": "integer",
           "default": 1,
@@ -1298,6 +1307,7 @@
           },
           "hostNetwork": false,
           "nginxDebug": false,
+          "shareProcessNamespace": false,
           "logLevel": 1,
           "customPorts": [],
           "image": {

diff --git a/charts/nginx-ingress/values.yaml b/charts/nginx-ingress/values.yaml
@@ -64,6 +64,9 @@ controller:
   ## Enables debugging for NGINX. Uses the nginx-debug binary. Requires error-log-level: debug in the ConfigMap via `controller.config.entries`.
   nginxDebug: false
 
+  ## Share process namespace between containers in the Ingress Controller pod.
+  shareProcessNamespace: false
+
   ## The log level of the Ingress Controller.
   logLevel: 1