diff --git a/deployments/helm-chart/Chart.yaml b/deployments/helm-chart/Chart.yaml index 4f2e6367b0..928544bcee 100644 --- a/deployments/helm-chart/Chart.yaml +++ b/deployments/helm-chart/Chart.yaml @@ -1,5 +1,5 @@ name: nginx-ingress -version: 0.1.3 +version: 0.1.4 appVersion: edge description: NGINX Ingress Controller sources: diff --git a/deployments/helm-chart/README.md b/deployments/helm-chart/README.md index 7de1fe63d9..869d175441 100644 --- a/deployments/helm-chart/README.md +++ b/deployments/helm-chart/README.md @@ -77,13 +77,15 @@ Parameter | Description | Default `controller.service.externalTrafficPolicy` | The externalTrafficPolicy of the service. The value Local preserves the client source IP. | Local `controller.service.annotations` | The annotations of the Ingress controller service. | { } `controller.service.loadBalancerIP` | The static IP address for the load balancer. Requires `controller.service.type` set to `LoadBalancer`. | None +`controller.service.externalIPs` | The list of external IPs for the Ingress controller service. | [] `controller.serviceAccountName` | The serviceAccountName of the Ingress controller pods. Used for RBAC. | nginx-ingress `controller.ingressClass` | A class of the Ingress controller. The Ingress controller only processes Ingress resources that belong to its class - i.e. have the annotation `"kubernetes.io/ingress.class"` equal to the class. Additionally, the Ingress controller processes Ingress resources that do not have that annotation which can be disabled by setting the "-use-ingress-class-only" flag. | nginx `controller.useIngressClassOnly` | Ignore Ingress resources without the `"kubernetes.io/ingress.class"` annotation. | false `controller.watchNamespace` | Namespace to watch for Ingress resources. By default the Ingress controller watches all namespaces. | "" `controller.healthStatus` | Add a location "/nginx-health" to the default server. The location responds with the 200 status code for any request. Useful for external health-checking of the Ingress controller. | false -`controller.nginxStatus.enable` | Enable the NGINX stub_status, or the NGINX Plus API. | true +`controller.nginxStatus.enable` | Enable the NGINX stub_status, or the NGINX Plus API. | true `controller.nginxStatus.port` | Set the port where the NGINX stub_status or the NGINX Plus API is exposed. | 8080 +`controller.nginxStatus.allowCidrs` | Whitelist IPv4 IP/CIDR blocks to allow access to NGINX stub_status or the NGINX Plus API. Separate multiple IP/CIDR by commas. | 127.0.0.1 `controller.reportIngressStatus.enable` | Update the address field in the status of Ingresses resources with an external address of the Ingress controller. You must also specify the source of the external address either through an external service via `controller.reportIngressStatus.externalService` or the `external-status-address` entry in the ConfigMap via `controller.config.entries`. **Note:** `controller.config.entries.external-status-address` takes precedence if both are set. | true `controller.reportIngressStatus.externalService` | Specifies the name of the service with the type LoadBalancer through which the Ingress controller is exposed externally. The external address of the service is used when reporting the status of Ingress resources. `controller.reportIngressStatus.enable` must be set to `true`. | nginx-ingress `controller.reportIngressStatus.enableLeaderElection` | Enable Leader election to avoid multiple replicas of the controller reporting the status of Ingress resources. `controller.reportIngressStatus.enable` must be set to `true`. | true diff --git a/deployments/helm-chart/templates/controller-daemonset.yaml b/deployments/helm-chart/templates/controller-daemonset.yaml index 7ffa90cad0..f2d120e2ee 100644 --- a/deployments/helm-chart/templates/controller-daemonset.yaml +++ b/deployments/helm-chart/templates/controller-daemonset.yaml @@ -74,6 +74,7 @@ spec: {{- if .Values.controller.nginxStatus.enable }} - -nginx-status - -nginx-status-port={{ .Values.controller.nginxStatus.port }} + - -nginx-status-allow-cidrs={{ .Values.controller.nginxStatus.allowCidrs }} {{- end }} {{- if .Values.controller.reportIngressStatus.enable }} - -report-ingress-status diff --git a/deployments/helm-chart/templates/controller-deployment.yaml b/deployments/helm-chart/templates/controller-deployment.yaml index 42f0520e55..5c19374de7 100644 --- a/deployments/helm-chart/templates/controller-deployment.yaml +++ b/deployments/helm-chart/templates/controller-deployment.yaml @@ -60,6 +60,7 @@ spec: {{- if .Values.controller.nginxStatus.enable }} - -nginx-status - -nginx-status-port={{ .Values.controller.nginxStatus.port }} + - -nginx-status-allow-cidrs={{ .Values.controller.nginxStatus.allowCidrs }} {{- end }} {{- if .Values.controller.reportIngressStatus.enable }} - -report-ingress-status diff --git a/deployments/helm-chart/templates/controller-service.yaml b/deployments/helm-chart/templates/controller-service.yaml index 2e65e99a32..fff9e5e89d 100644 --- a/deployments/helm-chart/templates/controller-service.yaml +++ b/deployments/helm-chart/templates/controller-service.yaml @@ -33,4 +33,8 @@ spec: name: https selector: app: {{ .Values.controller.name | trunc 63 }} + {{- if .Values.controller.service.externalIPs }} + externalIPs: +{{ toYaml .Values.controller.service.externalIPs | indent 4 }} + {{- end }} {{- end }} diff --git a/deployments/helm-chart/values.yaml b/deployments/helm-chart/values.yaml index d997692b56..bd1ca4f27c 100644 --- a/deployments/helm-chart/values.yaml +++ b/deployments/helm-chart/values.yaml @@ -25,12 +25,14 @@ controller: nginxStatus: enable: true port: 8080 + allowCidrs: "127.0.0.1" service: create: true type: LoadBalancer externalTrafficPolicy: Local annotations: {} loadBalancerIP: "" + externalIPs: [] serviceAccountName: nginx-ingress reportIngressStatus: enable: true