From 269f381dfb2b7c2ee74a0ee041cbf5c2d77e0b06 Mon Sep 17 00:00:00 2001 From: dean-coakley Date: Tue, 16 Oct 2018 10:24:30 +0100 Subject: [PATCH 1/7] Add missing options to helm chart templates * Add nginxStatusAllowCidrs cli argument to deployment template * Add externalIPs to service template --- deployments/helm-chart/templates/controller-deployment.yaml | 3 +++ deployments/helm-chart/templates/controller-service.yaml | 4 ++++ deployments/helm-chart/values.yaml | 2 ++ 3 files changed, 9 insertions(+) diff --git a/deployments/helm-chart/templates/controller-deployment.yaml b/deployments/helm-chart/templates/controller-deployment.yaml index 42f0520e55..0775474905 100644 --- a/deployments/helm-chart/templates/controller-deployment.yaml +++ b/deployments/helm-chart/templates/controller-deployment.yaml @@ -66,6 +66,9 @@ spec: - -external-service={{ .Values.controller.reportIngressStatus.externalService }} - -enable-leader-election={{ .Values.controller.reportIngressStatus.enableLeaderElection }} {{- end }} +{{- if .Values.controller.nginxStatusAllowCidrs }} + - -nginx-status-allow-cidrs={{ .Values.controller.nginxStatusAllowCidrs }} +{{- end }} {{- if and .Values.prometheus.create .Values.controller.nginxStatus.enable }} - image: "{{ .Values.prometheus.image.repository }}:{{ .Values.prometheus.image.tag }}" name: nginx-prometheus-exporter diff --git a/deployments/helm-chart/templates/controller-service.yaml b/deployments/helm-chart/templates/controller-service.yaml index 2e65e99a32..fff9e5e89d 100644 --- a/deployments/helm-chart/templates/controller-service.yaml +++ b/deployments/helm-chart/templates/controller-service.yaml @@ -33,4 +33,8 @@ spec: name: https selector: app: {{ .Values.controller.name | trunc 63 }} + {{- if .Values.controller.service.externalIPs }} + externalIPs: +{{ toYaml .Values.controller.service.externalIPs | indent 4 }} + {{- end }} {{- end }} diff --git a/deployments/helm-chart/values.yaml b/deployments/helm-chart/values.yaml index d997692b56..4b9d22b769 100644 --- a/deployments/helm-chart/values.yaml +++ b/deployments/helm-chart/values.yaml @@ -31,11 +31,13 @@ controller: externalTrafficPolicy: Local annotations: {} loadBalancerIP: "" + externalIPs: [] serviceAccountName: nginx-ingress reportIngressStatus: enable: true externalService: nginx-ingress enableLeaderElection: true + nginxStatusAllowCidrs: "127.0.0.1" rbac: create: true prometheus: From 0cde73d7bbec9562a24b1a7709f9bd069a1a353a Mon Sep 17 00:00:00 2001 From: dean-coakley Date: Tue, 16 Oct 2018 10:46:43 +0100 Subject: [PATCH 2/7] Update helm chart with new config options * Add Note about nginxStatusAllowCidrs cli argument * Add Note about service externalIPs --- deployments/helm-chart/README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/deployments/helm-chart/README.md b/deployments/helm-chart/README.md index 7de1fe63d9..a5b885303d 100644 --- a/deployments/helm-chart/README.md +++ b/deployments/helm-chart/README.md @@ -77,16 +77,18 @@ Parameter | Description | Default `controller.service.externalTrafficPolicy` | The externalTrafficPolicy of the service. The value Local preserves the client source IP. | Local `controller.service.annotations` | The annotations of the Ingress controller service. | { } `controller.service.loadBalancerIP` | The static IP address for the load balancer. Requires `controller.service.type` set to `LoadBalancer`. | None +`controller.service.externalIPs` | Traffic that ingresses into the cluster with the external IP (as destination IP), on the service port, will be routed to the Ingress Controller service endpoints. externalIPs are not managed by Kubernetes and are the responsibility of the cluster administrator. | [] `controller.serviceAccountName` | The serviceAccountName of the Ingress controller pods. Used for RBAC. | nginx-ingress `controller.ingressClass` | A class of the Ingress controller. The Ingress controller only processes Ingress resources that belong to its class - i.e. have the annotation `"kubernetes.io/ingress.class"` equal to the class. Additionally, the Ingress controller processes Ingress resources that do not have that annotation which can be disabled by setting the "-use-ingress-class-only" flag. | nginx `controller.useIngressClassOnly` | Ignore Ingress resources without the `"kubernetes.io/ingress.class"` annotation. | false `controller.watchNamespace` | Namespace to watch for Ingress resources. By default the Ingress controller watches all namespaces. | "" `controller.healthStatus` | Add a location "/nginx-health" to the default server. The location responds with the 200 status code for any request. Useful for external health-checking of the Ingress controller. | false -`controller.nginxStatus.enable` | Enable the NGINX stub_status, or the NGINX Plus API. | true +`controller.nginxStatus.enable` | Enable the NGINX stub_status, or the NGINX Plus API. | true `controller.nginxStatus.port` | Set the port where the NGINX stub_status or the NGINX Plus API is exposed. | 8080 `controller.reportIngressStatus.enable` | Update the address field in the status of Ingresses resources with an external address of the Ingress controller. You must also specify the source of the external address either through an external service via `controller.reportIngressStatus.externalService` or the `external-status-address` entry in the ConfigMap via `controller.config.entries`. **Note:** `controller.config.entries.external-status-address` takes precedence if both are set. | true `controller.reportIngressStatus.externalService` | Specifies the name of the service with the type LoadBalancer through which the Ingress controller is exposed externally. The external address of the service is used when reporting the status of Ingress resources. `controller.reportIngressStatus.enable` must be set to `true`. | nginx-ingress `controller.reportIngressStatus.enableLeaderElection` | Enable Leader election to avoid multiple replicas of the controller reporting the status of Ingress resources. `controller.reportIngressStatus.enable` must be set to `true`. | true +`controller.nginxStatusAllowCidrs` | Whitelist IPv4 IP/CIDR blocks to allow access to NGINX stub_status or the NGINX Plus API. Separate multiple IP/CIDR by commas. | 127.0.0.1 `rbac.create` | Configures RBAC. | true `prometheues.create` | Deploys a Prometheus exporter container within the Ingress controller pod. Requires NGINX status enabled via `controller.nginxStatus.enable`. Note: the exporter will use the port specified by `controller.nginxStatus.port`.| false `prometheus.port` | Configures the port to scrape the metrics. | 9113 From 4c2512953209fa340c2dd3eaf9c08e1608dcdd8f Mon Sep 17 00:00:00 2001 From: dean-coakley Date: Tue, 16 Oct 2018 17:25:11 +0100 Subject: [PATCH 3/7] Simplify externalIPs helm chart documentation --- deployments/helm-chart/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deployments/helm-chart/README.md b/deployments/helm-chart/README.md index a5b885303d..bf7c0e3ed1 100644 --- a/deployments/helm-chart/README.md +++ b/deployments/helm-chart/README.md @@ -77,7 +77,7 @@ Parameter | Description | Default `controller.service.externalTrafficPolicy` | The externalTrafficPolicy of the service. The value Local preserves the client source IP. | Local `controller.service.annotations` | The annotations of the Ingress controller service. | { } `controller.service.loadBalancerIP` | The static IP address for the load balancer. Requires `controller.service.type` set to `LoadBalancer`. | None -`controller.service.externalIPs` | Traffic that ingresses into the cluster with the external IP (as destination IP), on the service port, will be routed to the Ingress Controller service endpoints. externalIPs are not managed by Kubernetes and are the responsibility of the cluster administrator. | [] +`controller.service.externalIPs` | The list of external IPs for the Ingress controller service. | [] `controller.serviceAccountName` | The serviceAccountName of the Ingress controller pods. Used for RBAC. | nginx-ingress `controller.ingressClass` | A class of the Ingress controller. The Ingress controller only processes Ingress resources that belong to its class - i.e. have the annotation `"kubernetes.io/ingress.class"` equal to the class. Additionally, the Ingress controller processes Ingress resources that do not have that annotation which can be disabled by setting the "-use-ingress-class-only" flag. | nginx `controller.useIngressClassOnly` | Ignore Ingress resources without the `"kubernetes.io/ingress.class"` annotation. | false From 7f1cf364dd1c4edaa3e115dec0e56fc35e7f2c29 Mon Sep 17 00:00:00 2001 From: dean-coakley Date: Thu, 18 Oct 2018 16:55:32 +0100 Subject: [PATCH 4/7] Fix allowCidr value. Add allowCidr to daemonset nginxStatusAllowCidrs -> nginxStatus.allowCidrs * Update Helm documentation to match allowCidrs key change * Add missing template value to daemonset template * Update values to match allowCidrs key change --- deployments/helm-chart/README.md | 2 +- deployments/helm-chart/templates/controller-daemonset.yaml | 3 +++ deployments/helm-chart/templates/controller-deployment.yaml | 4 ++-- deployments/helm-chart/values.yaml | 2 +- 4 files changed, 7 insertions(+), 4 deletions(-) diff --git a/deployments/helm-chart/README.md b/deployments/helm-chart/README.md index bf7c0e3ed1..869d175441 100644 --- a/deployments/helm-chart/README.md +++ b/deployments/helm-chart/README.md @@ -85,10 +85,10 @@ Parameter | Description | Default `controller.healthStatus` | Add a location "/nginx-health" to the default server. The location responds with the 200 status code for any request. Useful for external health-checking of the Ingress controller. | false `controller.nginxStatus.enable` | Enable the NGINX stub_status, or the NGINX Plus API. | true `controller.nginxStatus.port` | Set the port where the NGINX stub_status or the NGINX Plus API is exposed. | 8080 +`controller.nginxStatus.allowCidrs` | Whitelist IPv4 IP/CIDR blocks to allow access to NGINX stub_status or the NGINX Plus API. Separate multiple IP/CIDR by commas. | 127.0.0.1 `controller.reportIngressStatus.enable` | Update the address field in the status of Ingresses resources with an external address of the Ingress controller. You must also specify the source of the external address either through an external service via `controller.reportIngressStatus.externalService` or the `external-status-address` entry in the ConfigMap via `controller.config.entries`. **Note:** `controller.config.entries.external-status-address` takes precedence if both are set. | true `controller.reportIngressStatus.externalService` | Specifies the name of the service with the type LoadBalancer through which the Ingress controller is exposed externally. The external address of the service is used when reporting the status of Ingress resources. `controller.reportIngressStatus.enable` must be set to `true`. | nginx-ingress `controller.reportIngressStatus.enableLeaderElection` | Enable Leader election to avoid multiple replicas of the controller reporting the status of Ingress resources. `controller.reportIngressStatus.enable` must be set to `true`. | true -`controller.nginxStatusAllowCidrs` | Whitelist IPv4 IP/CIDR blocks to allow access to NGINX stub_status or the NGINX Plus API. Separate multiple IP/CIDR by commas. | 127.0.0.1 `rbac.create` | Configures RBAC. | true `prometheues.create` | Deploys a Prometheus exporter container within the Ingress controller pod. Requires NGINX status enabled via `controller.nginxStatus.enable`. Note: the exporter will use the port specified by `controller.nginxStatus.port`.| false `prometheus.port` | Configures the port to scrape the metrics. | 9113 diff --git a/deployments/helm-chart/templates/controller-daemonset.yaml b/deployments/helm-chart/templates/controller-daemonset.yaml index 7ffa90cad0..4b2c6c41c3 100644 --- a/deployments/helm-chart/templates/controller-daemonset.yaml +++ b/deployments/helm-chart/templates/controller-daemonset.yaml @@ -80,6 +80,9 @@ spec: - -external-service={{ .Values.controller.reportIngressStatus.externalService }} - -enable-leader-election={{ .Values.controller.reportIngressStatus.enableLeaderElection }} {{- end }} +{{- if .Values.controller.nginxStatus.allowCidrs }} + - -nginx-status-allow-cidrs={{ .Values.controller.nginxStatus.allowCidrs }} +{{- end }} {{- if and .Values.prometheus.create .Values.controller.nginxStatus.enable }} - image: "{{ .Values.prometheus.image.repository }}:{{ .Values.prometheus.image.tag }}" name: nginx-prometheus-exporter diff --git a/deployments/helm-chart/templates/controller-deployment.yaml b/deployments/helm-chart/templates/controller-deployment.yaml index 0775474905..4af49085c3 100644 --- a/deployments/helm-chart/templates/controller-deployment.yaml +++ b/deployments/helm-chart/templates/controller-deployment.yaml @@ -66,8 +66,8 @@ spec: - -external-service={{ .Values.controller.reportIngressStatus.externalService }} - -enable-leader-election={{ .Values.controller.reportIngressStatus.enableLeaderElection }} {{- end }} -{{- if .Values.controller.nginxStatusAllowCidrs }} - - -nginx-status-allow-cidrs={{ .Values.controller.nginxStatusAllowCidrs }} +{{- if .Values.controller.nginxStatus.allowCidrs }} + - -nginx-status-allow-cidrs={{ .Values.controller.nginxStatus.allowCidrs }} {{- end }} {{- if and .Values.prometheus.create .Values.controller.nginxStatus.enable }} - image: "{{ .Values.prometheus.image.repository }}:{{ .Values.prometheus.image.tag }}" diff --git a/deployments/helm-chart/values.yaml b/deployments/helm-chart/values.yaml index 4b9d22b769..bd1ca4f27c 100644 --- a/deployments/helm-chart/values.yaml +++ b/deployments/helm-chart/values.yaml @@ -25,6 +25,7 @@ controller: nginxStatus: enable: true port: 8080 + allowCidrs: "127.0.0.1" service: create: true type: LoadBalancer @@ -37,7 +38,6 @@ controller: enable: true externalService: nginx-ingress enableLeaderElection: true - nginxStatusAllowCidrs: "127.0.0.1" rbac: create: true prometheus: From dbf233e4badf682ac786bfbb15f1a7ffd1ada659 Mon Sep 17 00:00:00 2001 From: dean-coakley Date: Mon, 22 Oct 2018 16:18:14 +0100 Subject: [PATCH 5/7] Add reportIngressStatus as dep for allowCidrs --- deployments/helm-chart/templates/controller-daemonset.yaml | 2 -- deployments/helm-chart/templates/controller-deployment.yaml | 2 -- 2 files changed, 4 deletions(-) diff --git a/deployments/helm-chart/templates/controller-daemonset.yaml b/deployments/helm-chart/templates/controller-daemonset.yaml index 4b2c6c41c3..3b21b4c2cc 100644 --- a/deployments/helm-chart/templates/controller-daemonset.yaml +++ b/deployments/helm-chart/templates/controller-daemonset.yaml @@ -79,8 +79,6 @@ spec: - -report-ingress-status - -external-service={{ .Values.controller.reportIngressStatus.externalService }} - -enable-leader-election={{ .Values.controller.reportIngressStatus.enableLeaderElection }} -{{- end }} -{{- if .Values.controller.nginxStatus.allowCidrs }} - -nginx-status-allow-cidrs={{ .Values.controller.nginxStatus.allowCidrs }} {{- end }} {{- if and .Values.prometheus.create .Values.controller.nginxStatus.enable }} diff --git a/deployments/helm-chart/templates/controller-deployment.yaml b/deployments/helm-chart/templates/controller-deployment.yaml index 4af49085c3..e63c932307 100644 --- a/deployments/helm-chart/templates/controller-deployment.yaml +++ b/deployments/helm-chart/templates/controller-deployment.yaml @@ -65,8 +65,6 @@ spec: - -report-ingress-status - -external-service={{ .Values.controller.reportIngressStatus.externalService }} - -enable-leader-election={{ .Values.controller.reportIngressStatus.enableLeaderElection }} -{{- end }} -{{- if .Values.controller.nginxStatus.allowCidrs }} - -nginx-status-allow-cidrs={{ .Values.controller.nginxStatus.allowCidrs }} {{- end }} {{- if and .Values.prometheus.create .Values.controller.nginxStatus.enable }} From fd24be89fdb73e1f39ca3da20c118744c697fc8e Mon Sep 17 00:00:00 2001 From: Michael Pleshakov Date: Wed, 24 Oct 2018 14:05:16 +0100 Subject: [PATCH 6/7] Move cidr param under the right condition --- deployments/helm-chart/templates/controller-daemonset.yaml | 2 +- deployments/helm-chart/templates/controller-deployment.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/deployments/helm-chart/templates/controller-daemonset.yaml b/deployments/helm-chart/templates/controller-daemonset.yaml index 3b21b4c2cc..f2d120e2ee 100644 --- a/deployments/helm-chart/templates/controller-daemonset.yaml +++ b/deployments/helm-chart/templates/controller-daemonset.yaml @@ -74,12 +74,12 @@ spec: {{- if .Values.controller.nginxStatus.enable }} - -nginx-status - -nginx-status-port={{ .Values.controller.nginxStatus.port }} + - -nginx-status-allow-cidrs={{ .Values.controller.nginxStatus.allowCidrs }} {{- end }} {{- if .Values.controller.reportIngressStatus.enable }} - -report-ingress-status - -external-service={{ .Values.controller.reportIngressStatus.externalService }} - -enable-leader-election={{ .Values.controller.reportIngressStatus.enableLeaderElection }} - - -nginx-status-allow-cidrs={{ .Values.controller.nginxStatus.allowCidrs }} {{- end }} {{- if and .Values.prometheus.create .Values.controller.nginxStatus.enable }} - image: "{{ .Values.prometheus.image.repository }}:{{ .Values.prometheus.image.tag }}" diff --git a/deployments/helm-chart/templates/controller-deployment.yaml b/deployments/helm-chart/templates/controller-deployment.yaml index e63c932307..5c19374de7 100644 --- a/deployments/helm-chart/templates/controller-deployment.yaml +++ b/deployments/helm-chart/templates/controller-deployment.yaml @@ -60,12 +60,12 @@ spec: {{- if .Values.controller.nginxStatus.enable }} - -nginx-status - -nginx-status-port={{ .Values.controller.nginxStatus.port }} + - -nginx-status-allow-cidrs={{ .Values.controller.nginxStatus.allowCidrs }} {{- end }} {{- if .Values.controller.reportIngressStatus.enable }} - -report-ingress-status - -external-service={{ .Values.controller.reportIngressStatus.externalService }} - -enable-leader-election={{ .Values.controller.reportIngressStatus.enableLeaderElection }} - - -nginx-status-allow-cidrs={{ .Values.controller.nginxStatus.allowCidrs }} {{- end }} {{- if and .Values.prometheus.create .Values.controller.nginxStatus.enable }} - image: "{{ .Values.prometheus.image.repository }}:{{ .Values.prometheus.image.tag }}" From 092086341c53278e4adae38f78ba259f6468e444 Mon Sep 17 00:00:00 2001 From: Michael Pleshakov Date: Wed, 24 Oct 2018 14:24:57 +0100 Subject: [PATCH 7/7] Bump helm chart version --- deployments/helm-chart/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deployments/helm-chart/Chart.yaml b/deployments/helm-chart/Chart.yaml index 4f2e6367b0..928544bcee 100644 --- a/deployments/helm-chart/Chart.yaml +++ b/deployments/helm-chart/Chart.yaml @@ -1,5 +1,5 @@ name: nginx-ingress -version: 0.1.3 +version: 0.1.4 appVersion: edge description: NGINX Ingress Controller sources: