From 69e071f8c4e60a66fa4e53900120e0bd99af832f Mon Sep 17 00:00:00 2001 From: Luca Comellini Date: Wed, 3 May 2023 19:14:33 -0700 Subject: [PATCH] Updated NGINX Service Mesh references in Helm templates (#3602) (#3848) Updated NGINX Service Mesh references in Helm templates (#3602) Update NGINX Service Mesh Helm templates refs Signed-off-by: Jared Byers (cherry picked from commit 97da5d3695333f28f16cdc443170ca2231637b7a) Co-authored-by: Jared Byers --- .../templates/controller-daemonset.yaml | 31 +++++-------------- .../templates/controller-deployment.yaml | 27 +++------------- 2 files changed, 12 insertions(+), 46 deletions(-) diff --git a/deployments/helm-chart/templates/controller-daemonset.yaml b/deployments/helm-chart/templates/controller-daemonset.yaml index 5d69a93645..4133f1cd96 100644 --- a/deployments/helm-chart/templates/controller-daemonset.yaml +++ b/deployments/helm-chart/templates/controller-daemonset.yaml @@ -18,23 +18,20 @@ spec: labels: {{- include "nginx-ingress.selectorLabels" . | nindent 8 }} {{- if .Values.nginxServiceMesh.enable }} + nsm.nginx.com/enable-ingress: "true" + nsm.nginx.com/enable-egress: "{{ .Values.nginxServiceMesh.enableEgress }}" nsm.nginx.com/daemonset: {{ include "nginx-ingress.controller.fullname" . }} - spiffe.io/spiffeid: "true" {{- end }} {{- if .Values.controller.pod.extraLabels }} {{ toYaml .Values.controller.pod.extraLabels | indent 8 }} {{- end }} -{{- if or .Values.prometheus.create (or .Values.controller.pod.annotations .Values.nginxServiceMesh.enable) }} +{{- if or .Values.prometheus.create .Values.controller.pod.annotations }} annotations: {{- if .Values.prometheus.create }} prometheus.io/scrape: "true" prometheus.io/port: "{{ .Values.prometheus.port }}" prometheus.io/scheme: "{{ .Values.prometheus.scheme }}" {{- end }} -{{- if .Values.nginxServiceMesh.enable }} - nsm.nginx.com/enable-ingress: "true" - nsm.nginx.com/enable-egress: "{{ .Values.nginxServiceMesh.enableEgress }}" -{{- end }} {{- if .Values.controller.pod.annotations }} {{ toYaml .Values.controller.pod.annotations | indent 8 }} {{- end }} @@ -64,7 +61,7 @@ spec: affinity: {{ toYaml .Values.controller.affinity | indent 8 }} {{- end }} -{{- if or .Values.controller.readOnlyRootFilesystem .Values.nginxServiceMesh.enable .Values.controller.volumes }} +{{- if or .Values.controller.readOnlyRootFilesystem .Values.controller.volumes }} volumes: {{- end }} {{- if .Values.controller.readOnlyRootFilesystem }} @@ -77,12 +74,6 @@ spec: - name: nginx-log emptyDir: {} {{- end }} -{{- if .Values.nginxServiceMesh.enable }} - - hostPath: - path: /run/spire/sockets - type: DirectoryOrCreate - name: spire-agent-socket -{{- end }} {{- if .Values.controller.volumes }} {{ toYaml .Values.controller.volumes | indent 6 }} {{- end }} @@ -135,7 +126,7 @@ spec: capabilities: drop: - ALL -{{- if or .Values.controller.readOnlyRootFilesystem .Values.nginxServiceMesh.enable .Values.controller.volumeMounts }} +{{- if or .Values.controller.readOnlyRootFilesystem .Values.controller.volumeMounts }} volumeMounts: {{- end }} {{- if .Values.controller.readOnlyRootFilesystem }} @@ -148,10 +139,6 @@ spec: - mountPath: /var/log/nginx name: nginx-log {{- end }} -{{- if .Values.nginxServiceMesh.enable }} - - mountPath: /run/spire/sockets - name: spire-agent-socket -{{- end }} {{- if .Values.controller.volumeMounts }} {{ toYaml .Values.controller.volumeMounts | indent 8 }} {{- end }} @@ -225,9 +212,9 @@ spec: {{- end }} {{- end }} - -enable-leader-election={{ .Values.controller.reportIngressStatus.enableLeaderElection }} - {{- if .Values.controller.reportIngressStatus.enableLeaderElection }} +{{- if .Values.controller.reportIngressStatus.enableLeaderElection }} - -leader-election-lock-name={{ include "nginx-ingress.leaderElectionName" . }} - {{- end }} +{{- end }} {{- if .Values.controller.wildcardTLS.secret }} - -wildcard-tls-secret={{ .Values.controller.wildcardTLS.secret }} {{- else if and .Values.controller.wildcardTLS.cert .Values.controller.wildcardTLS.key }} @@ -256,10 +243,6 @@ spec: - -ready-status={{ .Values.controller.readyStatus.enable }} - -ready-status-port={{ .Values.controller.readyStatus.port }} - -enable-latency-metrics={{ .Values.controller.enableLatencyMetrics }} -{{- if .Values.nginxServiceMesh.enable }} - - -spire-agent-address=/run/spire/sockets/agent.sock - - -enable-internal-routes={{ .Values.nginxServiceMesh.enableEgress }} -{{- end }} {{- if .Values.controller.extraContainers }} {{ toYaml .Values.controller.extraContainers | nindent 6 }} {{- end }} diff --git a/deployments/helm-chart/templates/controller-deployment.yaml b/deployments/helm-chart/templates/controller-deployment.yaml index 888e7a0588..48b5375659 100644 --- a/deployments/helm-chart/templates/controller-deployment.yaml +++ b/deployments/helm-chart/templates/controller-deployment.yaml @@ -21,23 +21,20 @@ spec: labels: {{- include "nginx-ingress.selectorLabels" . | nindent 8 }} {{- if .Values.nginxServiceMesh.enable }} + nsm.nginx.com/enable-ingress: "true" + nsm.nginx.com/enable-egress: "{{ .Values.nginxServiceMesh.enableEgress }}" nsm.nginx.com/deployment: {{ include "nginx-ingress.controller.fullname" . }} - spiffe.io/spiffeid: "true" {{- end }} {{- if .Values.controller.pod.extraLabels }} {{ toYaml .Values.controller.pod.extraLabels | indent 8 }} {{- end }} -{{- if or .Values.prometheus.create (or .Values.controller.pod.annotations .Values.nginxServiceMesh.enable) }} +{{- if or .Values.prometheus.create .Values.controller.pod.annotations }} annotations: {{- if .Values.prometheus.create }} prometheus.io/scrape: "true" prometheus.io/port: "{{ .Values.prometheus.port }}" prometheus.io/scheme: "{{ .Values.prometheus.scheme }}" {{- end }} -{{- if .Values.nginxServiceMesh.enable }} - nsm.nginx.com/enable-ingress: "true" - nsm.nginx.com/enable-egress: "{{ .Values.nginxServiceMesh.enableEgress }}" -{{- end }} {{- if .Values.controller.pod.annotations }} {{ toYaml .Values.controller.pod.annotations | indent 8 }} {{- end }} @@ -59,7 +56,7 @@ spec: topologySpreadConstraints: {{ toYaml .Values.controller.topologySpreadConstraints | indent 8 }} {{- end }} -{{- if or .Values.controller.readOnlyRootFilesystem .Values.nginxServiceMesh.enable .Values.controller.volumes }} +{{- if or .Values.controller.readOnlyRootFilesystem .Values.controller.volumes }} volumes: {{- end }} {{- if .Values.controller.readOnlyRootFilesystem }} @@ -72,12 +69,6 @@ spec: - name: nginx-log emptyDir: {} {{- end }} -{{- if .Values.nginxServiceMesh.enable }} - - hostPath: - path: /run/spire/sockets - type: DirectoryOrCreate - name: spire-agent-socket -{{- end }} {{- if .Values.controller.volumes }} {{ toYaml .Values.controller.volumes | indent 6 }} {{- end }} @@ -142,7 +133,7 @@ spec: capabilities: drop: - ALL -{{- if or .Values.controller.readOnlyRootFilesystem .Values.nginxServiceMesh.enable .Values.controller.volumeMounts }} +{{- if or .Values.controller.readOnlyRootFilesystem .Values.controller.volumeMounts }} volumeMounts: {{- end }} {{- if .Values.controller.readOnlyRootFilesystem }} @@ -155,10 +146,6 @@ spec: - mountPath: /var/log/nginx name: nginx-log {{- end }} -{{- if .Values.nginxServiceMesh.enable }} - - mountPath: /run/spire/sockets - name: spire-agent-socket -{{- end }} {{- if .Values.controller.volumeMounts}} {{ toYaml .Values.controller.volumeMounts | indent 8 }} {{- end }} @@ -261,10 +248,6 @@ spec: - -ready-status={{ .Values.controller.readyStatus.enable }} - -ready-status-port={{ .Values.controller.readyStatus.port }} - -enable-latency-metrics={{ .Values.controller.enableLatencyMetrics }} -{{- if .Values.nginxServiceMesh.enable }} - - -spire-agent-address=/run/spire/sockets/agent.sock - - -enable-internal-routes={{ .Values.nginxServiceMesh.enableEgress }} -{{- end }} {{- if .Values.controller.extraContainers }} {{ toYaml .Values.controller.extraContainers | nindent 6 }} {{- end }}