From 9815becc800a2f5d61d66af9778c209d552ad10c Mon Sep 17 00:00:00 2001 From: Alexandre Allard Date: Mon, 10 May 2021 11:46:24 +0200 Subject: [PATCH 1/4] charts: Bump nginx-ingress chart to 3.30.0 Update nginx-ingress chart using: ``` rm -rf charts/nginx-ingress helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx helm repo update helm fetch -d charts --untar ingress-nginx/ingress-nginx ``` Refs: #3279 --- charts/ingress-nginx/CHANGELOG.md | 87 ++++++++++++++++++- charts/ingress-nginx/Chart.yaml | 6 +- charts/ingress-nginx/README.md | 23 ++++- charts/ingress-nginx/templates/_helpers.tpl | 4 +- .../job-patch/clusterrole.yaml | 4 + .../job-patch/clusterrolebinding.yaml | 2 +- .../admission-webhooks/job-patch/psp.yaml | 2 +- .../job-patch/rolebinding.yaml | 2 +- .../validating-webhook.yaml | 2 +- .../ingress-nginx/templates/clusterrole.yaml | 1 - .../templates/clusterrolebinding.yaml | 2 +- .../templates/controller-configmap.yaml | 8 +- .../templates/controller-daemonset.yaml | 3 + .../templates/controller-keda.yaml | 10 ++- .../templates/controller-prometheusrules.yaml | 2 +- .../templates/controller-psp.yaml | 4 +- .../templates/controller-role.yaml | 13 +-- .../templates/controller-rolebinding.yaml | 2 +- .../controller-service-internal.yaml | 3 + .../templates/controller-serviceaccount.yaml | 1 + .../templates/controller-servicemonitor.yaml | 5 +- .../templates/default-backend-deployment.yaml | 6 ++ .../templates/default-backend-hpa.yaml | 2 +- .../templates/default-backend-psp.yaml | 2 +- .../templates/default-backend-role.yaml | 4 + .../default-backend-rolebinding.yaml | 2 +- .../default-backend-serviceaccount.yaml | 1 + .../templates/dh-param-secret.yaml | 10 +++ charts/ingress-nginx/values.yaml | 65 +++++++++++--- 29 files changed, 231 insertions(+), 47 deletions(-) create mode 100644 charts/ingress-nginx/templates/dh-param-secret.yaml diff --git a/charts/ingress-nginx/CHANGELOG.md b/charts/ingress-nginx/CHANGELOG.md index 3aa8e4a3d5..5f957e3e51 100644 --- a/charts/ingress-nginx/CHANGELOG.md +++ b/charts/ingress-nginx/CHANGELOG.md @@ -2,7 +2,92 @@ This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). -### Unreleased +### 3.30.0 + +- [#7092](https://github.com/kubernetes/ingress-nginx/pull/7092) Removes the possibility of using localhost in ExternalNames as endpoints + + +### 3.29.0 + +- [X] [#6945](https://github.com/kubernetes/ingress-nginx/pull/7020) Add option to specify job label for ServiceMonitor + +### 3.28.0 + +- [ ] [#6900](https://github.com/kubernetes/ingress-nginx/pull/6900) Support existing PSPs + +### 3.27.0 + +- Update ingress-nginx v0.45.0 + +### 3.26.0 + +- [X] [#6979](https://github.com/kubernetes/ingress-nginx/pull/6979) Changed servicePort value for metrics + +### 3.25.0 + +- [X] [#6957](https://github.com/kubernetes/ingress-nginx/pull/6957) Add ability to specify automountServiceAccountToken + +### 3.24.0 + +- [X] [#6908](https://github.com/kubernetes/ingress-nginx/pull/6908) Add volumes to default-backend deployment + +### 3.23.0 + +- Update ingress-nginx v0.44.0 + +### 3.22.0 + +- [X] [#6802](https://github.com/kubernetes/ingress-nginx/pull/6802) Add value for configuring a custom Diffie-Hellman parameters file +- [X] [#6815](https://github.com/kubernetes/ingress-nginx/pull/6815) Allow use of numeric namespaces in helm chart + +### 3.21.0 + +- [X] [#6783](https://github.com/kubernetes/ingress-nginx/pull/6783) Add custom annotations to ScaledObject +- [X] [#6761](https://github.com/kubernetes/ingress-nginx/pull/6761) Adding quotes in the serviceAccount name in Helm values +- [X] [#6767](https://github.com/kubernetes/ingress-nginx/pull/6767) Remove ClusterRole when scope option is enabled +- [X] [#6785](https://github.com/kubernetes/ingress-nginx/pull/6785) Update kube-webhook-certgen image to v1.5.1 + +### 3.20.1 + +- Do not create KEDA in case of DaemonSets. +- Fix KEDA v2 definition + +### 3.20.0 + +- [X] [#6730](https://github.com/kubernetes/ingress-nginx/pull/6730) Do not create HPA for defaultBackend if not enabled. + +### 3.19.0 + +- Update ingress-nginx v0.43.0 + +### 3.18.0 + +- [X] [#6688](https://github.com/kubernetes/ingress-nginx/pull/6688) Allow volume-type emptyDir in controller podsecuritypolicy +- [X] [#6691](https://github.com/kubernetes/ingress-nginx/pull/6691) Improve parsing of helm parameters + +### 3.17.0 + +- Update ingress-nginx v0.42.0 + +### 3.16.1 + +- Fix chart-releaser action + +### 3.16.0 + +- [X] [#6646](https://github.com/kubernetes/ingress-nginx/pull/6646) Added LoadBalancerIP value for internal service + +### 3.15.1 + +- Fix chart-releaser action + +### 3.15.0 + +- [X] [#6586](https://github.com/kubernetes/ingress-nginx/pull/6586) Fix 'maxmindLicenseKey' location in values.yaml + +### 3.14.0 + +- [X] [#6469](https://github.com/kubernetes/ingress-nginx/pull/6469) Allow custom service names for controller and backend ### 3.13.0 diff --git a/charts/ingress-nginx/Chart.yaml b/charts/ingress-nginx/Chart.yaml index 5af4b497a4..e6add60a9b 100644 --- a/charts/ingress-nginx/Chart.yaml +++ b/charts/ingress-nginx/Chart.yaml @@ -1,8 +1,8 @@ annotations: artifacthub.io/changes: | - - Fix default backend HPA name variable + - Removes the possibility of using localhost in ExternalNames as endpoints apiVersion: v2 -appVersion: 0.41.2 +appVersion: 0.46.0 description: Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer home: https://github.com/kubernetes/ingress-nginx icon: https://upload.wikimedia.org/wikipedia/commons/thumb/c/c5/Nginx_logo.svg/500px-Nginx_logo.svg.png @@ -16,4 +16,4 @@ name: ingress-nginx sources: - https://github.com/kubernetes/ingress-nginx type: application -version: 3.13.0 +version: 3.30.0 diff --git a/charts/ingress-nginx/README.md b/charts/ingress-nginx/README.md index 37b0ca1fbd..53657e56ff 100644 --- a/charts/ingress-nginx/README.md +++ b/charts/ingress-nginx/README.md @@ -171,9 +171,13 @@ controller: internal: enabled: true annotations: - # Create internal LB - cloud.google.com/load-balancer-type: "Internal" - # Any other annotation can be declared here. + # Create internal LB. More informations: https://cloud.google.com/kubernetes-engine/docs/how-to/internal-load-balancing + # For GKE versions 1.17 and later + networking.gke.io/load-balancer-type: "Internal" + # For earlier versions + # cloud.google.com/load-balancer-type: "Internal" + + # Any other annotation can be declared here. ``` Example for Azure: @@ -187,8 +191,21 @@ controller: # Any other annotation can be declared here. ``` +Example for Oracle Cloud Infrastructure: + +```yaml +controller: + service: + annotations: + # Create internal LB + service.beta.kubernetes.io/oci-load-balancer-internal: "true" + # Any other annotation can be declared here. +``` + An use case for this scenario is having a split-view DNS setup where the public zone CNAME records point to the external balancer URL while the private zone CNAME records point to the internal balancer URL. This way, you only need one ingress kubernetes object. +Optionally you can set `controller.service.loadBalancerIP` if you need a static IP for the resulting `LoadBalancer`. + ### Ingress Admission Webhooks With nginx-ingress-controller version 0.25+, the nginx ingress controller pod exposes an endpoint that will integrate with the `validatingwebhookconfiguration` Kubernetes feature to prevent bad ingress from being added to the cluster. diff --git a/charts/ingress-nginx/templates/_helpers.tpl b/charts/ingress-nginx/templates/_helpers.tpl index d516a593cb..b48bf4a4a6 100644 --- a/charts/ingress-nginx/templates/_helpers.tpl +++ b/charts/ingress-nginx/templates/_helpers.tpl @@ -35,7 +35,7 @@ Create a default fully qualified controller name. We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). */}} {{- define "ingress-nginx.controller.fullname" -}} -{{- printf "%s-%s" (include "ingress-nginx.fullname" .) "controller" | trunc 63 | trimSuffix "-" -}} +{{- printf "%s-%s" (include "ingress-nginx.fullname" .) .Values.controller.name | trunc 63 | trimSuffix "-" -}} {{- end -}} {{/* @@ -58,7 +58,7 @@ Create a default fully qualified default backend name. We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). */}} {{- define "ingress-nginx.defaultBackend.fullname" -}} -{{- printf "%s-%s" (include "ingress-nginx.fullname" .) "defaultbackend" | trunc 63 | trimSuffix "-" -}} +{{- printf "%s-%s" (include "ingress-nginx.fullname" .) .Values.defaultBackend.name | trunc 63 | trimSuffix "-" -}} {{- end -}} {{/* diff --git a/charts/ingress-nginx/templates/admission-webhooks/job-patch/clusterrole.yaml b/charts/ingress-nginx/templates/admission-webhooks/job-patch/clusterrole.yaml index 7eb57388d2..fd762f9354 100644 --- a/charts/ingress-nginx/templates/admission-webhooks/job-patch/clusterrole.yaml +++ b/charts/ingress-nginx/templates/admission-webhooks/job-patch/clusterrole.yaml @@ -22,6 +22,10 @@ rules: resources: ['podsecuritypolicies'] verbs: ['use'] resourceNames: + {{- with .Values.controller.admissionWebhooks.existingPsp }} + - {{ . }} + {{- else }} - {{ include "ingress-nginx.fullname" . }}-admission + {{- end }} {{- end }} {{- end }} diff --git a/charts/ingress-nginx/templates/admission-webhooks/job-patch/clusterrolebinding.yaml b/charts/ingress-nginx/templates/admission-webhooks/job-patch/clusterrolebinding.yaml index 97931250ce..4990fb1c34 100644 --- a/charts/ingress-nginx/templates/admission-webhooks/job-patch/clusterrolebinding.yaml +++ b/charts/ingress-nginx/templates/admission-webhooks/job-patch/clusterrolebinding.yaml @@ -16,5 +16,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ include "ingress-nginx.fullname" . }}-admission - namespace: {{ .Release.Namespace }} + namespace: {{ .Release.Namespace | quote }} {{- end }} diff --git a/charts/ingress-nginx/templates/admission-webhooks/job-patch/psp.yaml b/charts/ingress-nginx/templates/admission-webhooks/job-patch/psp.yaml index e8c8da94ba..d2c7de6858 100644 --- a/charts/ingress-nginx/templates/admission-webhooks/job-patch/psp.yaml +++ b/charts/ingress-nginx/templates/admission-webhooks/job-patch/psp.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled .Values.podSecurityPolicy.enabled -}} +{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled .Values.podSecurityPolicy.enabled (empty .Values.controller.admissionWebhooks.existingPsp) -}} apiVersion: policy/v1beta1 kind: PodSecurityPolicy metadata: diff --git a/charts/ingress-nginx/templates/admission-webhooks/job-patch/rolebinding.yaml b/charts/ingress-nginx/templates/admission-webhooks/job-patch/rolebinding.yaml index 391e5e9a33..b4af7fbcf3 100644 --- a/charts/ingress-nginx/templates/admission-webhooks/job-patch/rolebinding.yaml +++ b/charts/ingress-nginx/templates/admission-webhooks/job-patch/rolebinding.yaml @@ -16,5 +16,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ include "ingress-nginx.fullname" . }}-admission - namespace: {{ .Release.Namespace }} + namespace: {{ .Release.Namespace | quote }} {{- end }} diff --git a/charts/ingress-nginx/templates/admission-webhooks/validating-webhook.yaml b/charts/ingress-nginx/templates/admission-webhooks/validating-webhook.yaml index 731536bdd7..2f3dd77848 100644 --- a/charts/ingress-nginx/templates/admission-webhooks/validating-webhook.yaml +++ b/charts/ingress-nginx/templates/admission-webhooks/validating-webhook.yaml @@ -31,7 +31,7 @@ webhooks: - v1beta1 clientConfig: service: - namespace: {{ .Release.Namespace }} + namespace: {{ .Release.Namespace | quote }} name: {{ include "ingress-nginx.controller.fullname" . }}-admission path: /networking/v1beta1/ingresses {{- if .Values.controller.admissionWebhooks.timeoutSeconds }} diff --git a/charts/ingress-nginx/templates/clusterrole.yaml b/charts/ingress-nginx/templates/clusterrole.yaml index 2035f549a2..8ec5f49fa4 100644 --- a/charts/ingress-nginx/templates/clusterrole.yaml +++ b/charts/ingress-nginx/templates/clusterrole.yaml @@ -40,7 +40,6 @@ rules: verbs: - get - list - - update - watch - apiGroups: - extensions diff --git a/charts/ingress-nginx/templates/clusterrolebinding.yaml b/charts/ingress-nginx/templates/clusterrolebinding.yaml index a341f5280e..81be52b87d 100644 --- a/charts/ingress-nginx/templates/clusterrolebinding.yaml +++ b/charts/ingress-nginx/templates/clusterrolebinding.yaml @@ -12,5 +12,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ template "ingress-nginx.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ .Release.Namespace | quote }} {{- end }} diff --git a/charts/ingress-nginx/templates/controller-configmap.yaml b/charts/ingress-nginx/templates/controller-configmap.yaml index 5b0d371055..0706fa0ebb 100644 --- a/charts/ingress-nginx/templates/controller-configmap.yaml +++ b/charts/ingress-nginx/templates/controller-configmap.yaml @@ -15,6 +15,10 @@ data: {{- if or .Values.controller.proxySetHeaders .Values.controller.headers }} proxy-set-headers: {{ .Release.Namespace }}/{{ include "ingress-nginx.fullname" . }}-custom-proxy-headers {{- end }} -{{- if .Values.controller.config }} - {{ toYaml .Values.controller.config | nindent 2 }} +{{- if .Values.dhParam }} + ssl-dh-param: {{ printf "%s/%s" .Release.Namespace (include "ingress-nginx.controller.fullname" .) }} {{- end }} +{{- range $key, $value := .Values.controller.config }} + {{ $key | nindent 2 }}: {{ $value | quote }} +{{- end }} + diff --git a/charts/ingress-nginx/templates/controller-daemonset.yaml b/charts/ingress-nginx/templates/controller-daemonset.yaml index aa8693b47e..27d2ed1014 100644 --- a/charts/ingress-nginx/templates/controller-daemonset.yaml +++ b/charts/ingress-nginx/templates/controller-daemonset.yaml @@ -98,6 +98,9 @@ spec: - --validating-webhook-certificate={{ .Values.controller.admissionWebhooks.certificate }} - --validating-webhook-key={{ .Values.controller.admissionWebhooks.key }} {{- end }} + {{- if .Values.controller.maxmindMirror }} + - --maxmind-mirror={{ .Values.controller.maxmindMirror }} + {{- end}} {{- if .Values.controller.maxmindLicenseKey }} - --maxmind-license-key={{ .Values.controller.maxmindLicenseKey }} {{- end }} diff --git a/charts/ingress-nginx/templates/controller-keda.yaml b/charts/ingress-nginx/templates/controller-keda.yaml index 7c391de9dc..c7eebf5c86 100644 --- a/charts/ingress-nginx/templates/controller-keda.yaml +++ b/charts/ingress-nginx/templates/controller-keda.yaml @@ -1,4 +1,4 @@ -{{- if .Values.controller.keda.enabled }} +{{- if and .Values.controller.keda.enabled (or (eq .Values.controller.kind "Deployment") (eq .Values.controller.kind "Both")) -}} # https://keda.sh/docs/ apiVersion: {{ .Values.controller.keda.apiVersion }} @@ -8,10 +8,16 @@ metadata: {{- include "ingress-nginx.labels" . | nindent 4 }} app.kubernetes.io/component: controller name: {{ include "ingress-nginx.controller.fullname" . }} - + {{- if .Values.controller.keda.scaledObject.annotations }} + annotations: {{ toYaml .Values.controller.keda.scaledObject.annotations | nindent 4 }} + {{- end }} spec: scaleTargetRef: +{{- if eq .Values.controller.keda.apiVersion "keda.k8s.io/v1alpha1" }} deploymentName: {{ include "ingress-nginx.controller.fullname" . }} +{{- else if eq .Values.controller.keda.apiVersion "keda.sh/v1alpha1" }} + name: {{ include "ingress-nginx.controller.fullname" . }} +{{- end }} pollingInterval: {{ .Values.controller.keda.pollingInterval }} cooldownPeriod: {{ .Values.controller.keda.cooldownPeriod }} minReplicaCount: {{ .Values.controller.keda.minReplicas }} diff --git a/charts/ingress-nginx/templates/controller-prometheusrules.yaml b/charts/ingress-nginx/templates/controller-prometheusrules.yaml index c0b7e89ca5..ca5427523d 100644 --- a/charts/ingress-nginx/templates/controller-prometheusrules.yaml +++ b/charts/ingress-nginx/templates/controller-prometheusrules.yaml @@ -4,7 +4,7 @@ kind: PrometheusRule metadata: name: {{ include "ingress-nginx.controller.fullname" . }} {{- if .Values.controller.metrics.prometheusRule.namespace }} - namespace: {{ .Values.controller.metrics.prometheusRule.namespace }} + namespace: {{ .Values.controller.metrics.prometheusRule.namespace | quote }} {{- end }} labels: {{- include "ingress-nginx.labels" . | nindent 4 }} diff --git a/charts/ingress-nginx/templates/controller-psp.yaml b/charts/ingress-nginx/templates/controller-psp.yaml index bcf588c3c4..bdb8563105 100644 --- a/charts/ingress-nginx/templates/controller-psp.yaml +++ b/charts/ingress-nginx/templates/controller-psp.yaml @@ -1,4 +1,4 @@ -{{- if .Values.podSecurityPolicy.enabled -}} +{{- if and .Values.podSecurityPolicy.enabled (empty .Values.controller.existingPsp) -}} apiVersion: policy/v1beta1 kind: PodSecurityPolicy metadata: @@ -20,7 +20,7 @@ spec: # Allow core volume types. volumes: - 'configMap' - #- 'emptyDir' + - 'emptyDir' #- 'projected' - 'secret' #- 'downwardAPI' diff --git a/charts/ingress-nginx/templates/controller-role.yaml b/charts/ingress-nginx/templates/controller-role.yaml index f2e3927448..52f8303151 100644 --- a/charts/ingress-nginx/templates/controller-role.yaml +++ b/charts/ingress-nginx/templates/controller-role.yaml @@ -31,7 +31,6 @@ rules: verbs: - get - list - - update - watch - apiGroups: - extensions @@ -72,14 +71,6 @@ rules: - configmaps verbs: - create - - apiGroups: - - "" - resources: - - endpoints - verbs: - - create - - get - - update - apiGroups: - "" resources: @@ -91,6 +82,10 @@ rules: - apiGroups: [{{ template "podSecurityPolicy.apiGroup" . }}] resources: ['podsecuritypolicies'] verbs: ['use'] + {{- with .Values.controller.existingPsp }} + resourceNames: [{{ . }}] + {{- else }} resourceNames: [{{ include "ingress-nginx.fullname" . }}] + {{- end }} {{- end }} {{- end }} diff --git a/charts/ingress-nginx/templates/controller-rolebinding.yaml b/charts/ingress-nginx/templates/controller-rolebinding.yaml index 5031350884..9ab3b461cb 100644 --- a/charts/ingress-nginx/templates/controller-rolebinding.yaml +++ b/charts/ingress-nginx/templates/controller-rolebinding.yaml @@ -13,5 +13,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ template "ingress-nginx.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ .Release.Namespace | quote }} {{- end }} diff --git a/charts/ingress-nginx/templates/controller-service-internal.yaml b/charts/ingress-nginx/templates/controller-service-internal.yaml index 54888e9658..49b4ee1d67 100644 --- a/charts/ingress-nginx/templates/controller-service-internal.yaml +++ b/charts/ingress-nginx/templates/controller-service-internal.yaml @@ -15,6 +15,9 @@ metadata: name: {{ include "ingress-nginx.controller.fullname" . }}-internal spec: type: "{{ .Values.controller.service.type }}" +{{- if .Values.controller.service.internal.loadBalancerIP }} + loadBalancerIP: {{ .Values.controller.service.internal.loadBalancerIP }} +{{- end }} {{- if .Values.controller.service.internal.loadBalancerSourceRanges }} loadBalancerSourceRanges: {{ toYaml .Values.controller.service.internal.loadBalancerSourceRanges | nindent 4 }} {{- end }} diff --git a/charts/ingress-nginx/templates/controller-serviceaccount.yaml b/charts/ingress-nginx/templates/controller-serviceaccount.yaml index 43585076c6..f4b1278f6f 100644 --- a/charts/ingress-nginx/templates/controller-serviceaccount.yaml +++ b/charts/ingress-nginx/templates/controller-serviceaccount.yaml @@ -6,4 +6,5 @@ metadata: {{- include "ingress-nginx.labels" . | nindent 4 }} app.kubernetes.io/component: controller name: {{ template "ingress-nginx.serviceAccountName" . }} +automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} {{- end }} diff --git a/charts/ingress-nginx/templates/controller-servicemonitor.yaml b/charts/ingress-nginx/templates/controller-servicemonitor.yaml index 68b1c922ba..066488a040 100644 --- a/charts/ingress-nginx/templates/controller-servicemonitor.yaml +++ b/charts/ingress-nginx/templates/controller-servicemonitor.yaml @@ -4,7 +4,7 @@ kind: ServiceMonitor metadata: name: {{ include "ingress-nginx.controller.fullname" . }} {{- if .Values.controller.metrics.serviceMonitor.namespace }} - namespace: {{ .Values.controller.metrics.serviceMonitor.namespace }} + namespace: {{ .Values.controller.metrics.serviceMonitor.namespace | quote }} {{- end }} labels: {{- include "ingress-nginx.labels" . | nindent 4 }} @@ -22,6 +22,9 @@ spec: {{- if .Values.controller.metrics.serviceMonitor.metricRelabelings }} metricRelabelings: {{ toYaml .Values.controller.metrics.serviceMonitor.metricRelabelings | nindent 8 }} {{- end }} +{{- if .Values.controller.metrics.serviceMonitor.jobLabel }} + jobLabel: {{ .Values.controller.metrics.serviceMonitor.jobLabel | quote }} +{{- end }} {{- if .Values.controller.metrics.serviceMonitor.namespaceSelector }} namespaceSelector: {{ toYaml .Values.controller.metrics.serviceMonitor.namespaceSelector | nindent 4 }} {{ else }} diff --git a/charts/ingress-nginx/templates/default-backend-deployment.yaml b/charts/ingress-nginx/templates/default-backend-deployment.yaml index 0baec8b46a..07c0df740c 100644 --- a/charts/ingress-nginx/templates/default-backend-deployment.yaml +++ b/charts/ingress-nginx/templates/default-backend-deployment.yaml @@ -88,6 +88,9 @@ spec: - name: http containerPort: {{ .Values.defaultBackend.port }} protocol: TCP + {{- if .Values.defaultBackend.extraVolumeMounts }} + volumeMounts: {{- toYaml .Values.defaultBackend.extraVolumeMounts | nindent 12 }} + {{- end }} {{- if .Values.defaultBackend.resources }} resources: {{ toYaml .Values.defaultBackend.resources | nindent 12 }} {{- end }} @@ -102,4 +105,7 @@ spec: affinity: {{ toYaml .Values.defaultBackend.affinity | nindent 8 }} {{- end }} terminationGracePeriodSeconds: 60 + {{- if .Values.defaultBackend.extraVolumes }} + volumes: {{ toYaml .Values.defaultBackend.extraVolumes | nindent 8 }} + {{- end }} {{- end }} diff --git a/charts/ingress-nginx/templates/default-backend-hpa.yaml b/charts/ingress-nginx/templates/default-backend-hpa.yaml index 36b8bf221e..a007d03154 100644 --- a/charts/ingress-nginx/templates/default-backend-hpa.yaml +++ b/charts/ingress-nginx/templates/default-backend-hpa.yaml @@ -1,4 +1,4 @@ -{{- if .Values.defaultBackend.autoscaling.enabled }} +{{- if and .Values.defaultBackend.enabled .Values.defaultBackend.autoscaling.enabled }} apiVersion: autoscaling/v2beta1 kind: HorizontalPodAutoscaler metadata: diff --git a/charts/ingress-nginx/templates/default-backend-psp.yaml b/charts/ingress-nginx/templates/default-backend-psp.yaml index 055f434dbe..716dbf16fe 100644 --- a/charts/ingress-nginx/templates/default-backend-psp.yaml +++ b/charts/ingress-nginx/templates/default-backend-psp.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.podSecurityPolicy.enabled .Values.defaultBackend.enabled -}} +{{- if and .Values.podSecurityPolicy.enabled .Values.defaultBackend.enabled (empty .Values.defaultBackend.existingPsp) -}} apiVersion: policy/v1beta1 kind: PodSecurityPolicy metadata: diff --git a/charts/ingress-nginx/templates/default-backend-role.yaml b/charts/ingress-nginx/templates/default-backend-role.yaml index 23498de22e..53b63b6bf1 100644 --- a/charts/ingress-nginx/templates/default-backend-role.yaml +++ b/charts/ingress-nginx/templates/default-backend-role.yaml @@ -10,5 +10,9 @@ rules: - apiGroups: [{{ template "podSecurityPolicy.apiGroup" . }}] resources: ['podsecuritypolicies'] verbs: ['use'] + {{- with .Values.defaultBackend.existingPsp }} + resourceNames: [{{ . }}] + {{- else }} resourceNames: [{{ include "ingress-nginx.fullname" . }}-backend] + {{- end }} {{- end }} diff --git a/charts/ingress-nginx/templates/default-backend-rolebinding.yaml b/charts/ingress-nginx/templates/default-backend-rolebinding.yaml index 45558aac1a..03eac869f6 100644 --- a/charts/ingress-nginx/templates/default-backend-rolebinding.yaml +++ b/charts/ingress-nginx/templates/default-backend-rolebinding.yaml @@ -13,5 +13,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ template "ingress-nginx.defaultBackend.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ .Release.Namespace | quote }} {{- end }} diff --git a/charts/ingress-nginx/templates/default-backend-serviceaccount.yaml b/charts/ingress-nginx/templates/default-backend-serviceaccount.yaml index 96419cfa0a..a95826bda9 100644 --- a/charts/ingress-nginx/templates/default-backend-serviceaccount.yaml +++ b/charts/ingress-nginx/templates/default-backend-serviceaccount.yaml @@ -6,4 +6,5 @@ metadata: {{- include "ingress-nginx.labels" . | nindent 4 }} app.kubernetes.io/component: default-backend name: {{ template "ingress-nginx.defaultBackend.serviceAccountName" . }} +automountServiceAccountToken: {{ .Values.defaultBackend.serviceAccount.automountServiceAccountToken }} {{- end }} diff --git a/charts/ingress-nginx/templates/dh-param-secret.yaml b/charts/ingress-nginx/templates/dh-param-secret.yaml new file mode 100644 index 0000000000..12e7a4f633 --- /dev/null +++ b/charts/ingress-nginx/templates/dh-param-secret.yaml @@ -0,0 +1,10 @@ +{{- with .Values.dhParam -}} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "ingress-nginx.controller.fullname" $ }} + labels: + {{- include "ingress-nginx.labels" $ | nindent 4 }} +data: + dhparam.pem: {{ . }} +{{- end }} diff --git a/charts/ingress-nginx/values.yaml b/charts/ingress-nginx/values.yaml index 7e2e54c723..b0d0e0153a 100644 --- a/charts/ingress-nginx/values.yaml +++ b/charts/ingress-nginx/values.yaml @@ -1,16 +1,26 @@ ## nginx configuration -## Ref: https://github.com/kubernetes/ingress-nginx/blob/master/controllers/nginx/configuration.md +## Ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/index.md ## + +## Overrides for generated resource names +# See templates/_helpers.tpl +# nameOverride: +# fullnameOverride: + controller: + name: controller image: repository: k8s.gcr.io/ingress-nginx/controller - tag: "v0.41.2" - digest: sha256:1f4f402b9c14f3ae92b11ada1dfe9893a88f0faeb0b2f4b903e2c67a0c3bf0de + tag: "v0.46.0" + digest: sha256:52f0058bed0a17ab0fb35628ba97e8d52b5d32299fbc03cc0f6c7b9ff036b61a pullPolicy: IfNotPresent # www-data -> uid 101 runAsUser: 101 allowPrivilegeEscalation: true + # Use an existing PSP instead of creating one + existingPsp: "" + # Configures the ports the nginx-controller listens on containerPort: http: 80 @@ -113,6 +123,10 @@ controller: ## Annotations to be added to the udp config configmap annotations: {} + # Maxmind license key to download GeoLite2 Databases + # https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-geolite2-databases + maxmindLicenseKey: "" + ## Additional command line arguments to pass to nginx-ingress-controller ## E.g. to specify the default SSL certificate you can use ## extraArgs: @@ -304,6 +318,11 @@ controller: pollingInterval: 30 cooldownPeriod: 300 restoreToOriginalReplicaCount: false + scaledObject: + annotations: {} + # Custom annotations for ScaledObject resource + # annotations: + # key: value triggers: [] # - type: prometheus # metadata: @@ -396,6 +415,8 @@ controller: enabled: false annotations: {} + # loadBalancerIP: "" + ## Restrict access For LoadBalancer service. Defaults to 0.0.0.0/0. loadBalancerSourceRanges: [] @@ -455,6 +476,9 @@ controller: namespaceSelector: {} objectSelector: {} + # Use an existing PSP instead of creating one + existingPsp: "" + service: annotations: {} # clusterIP: "" @@ -468,7 +492,7 @@ controller: enabled: true image: repository: docker.io/jettech/kube-webhook-certgen - tag: v1.5.0 + tag: v1.5.1 pullPolicy: IfNotPresent ## Provide a priority class name to the webhook patching job ## @@ -497,7 +521,7 @@ controller: # loadBalancerIP: "" loadBalancerSourceRanges: [] - servicePort: 9913 + servicePort: 10254 type: ClusterIP # externalTrafficPolicy: "" # nodePort: "" @@ -505,6 +529,8 @@ controller: serviceMonitor: enabled: false additionalLabels: {} + # The label to use to retrieve the job name from. + # jobLabel: "app.kubernetes.io/name" namespace: "" namespaceSelector: {} # Default: scrape .Release.Namespace only @@ -574,16 +600,13 @@ controller: ## revisionHistoryLimit: 10 -# Maxmind license key to download GeoLite2 Databases -# https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-geolite2-databases -maxmindLicenseKey: "" - ## Default 404 backend ## defaultBackend: ## enabled: false + name: defaultbackend image: repository: k8s.gcr.io/defaultbackend-amd64 tag: "1.5" @@ -594,11 +617,15 @@ defaultBackend: readOnlyRootFilesystem: true allowPrivilegeEscalation: false + # Use an existing PSP instead of creating one + existingPsp: "" + extraArgs: {} serviceAccount: create: true - name: + name: "" + automountServiceAccountToken: true ## Additional environment variables to set for defaultBackend pods extraEnvs: [] @@ -662,6 +689,16 @@ defaultBackend: # cpu: 10m # memory: 20Mi + extraVolumeMounts: [] + ## Additional volumeMounts to the default backend container. + # - name: copy-portal-skins + # mountPath: /var/lib/lemonldap-ng/portal/skins + + extraVolumes: [] + ## Additional volumes to the default backend pod. + # - name: copy-portal-skins + # emptyDir: {} + autoscaling: enabled: false minReplicas: 1 @@ -698,7 +735,8 @@ podSecurityPolicy: serviceAccount: create: true - name: + name: "" + automountServiceAccountToken: true ## Optional array of imagePullSecrets containing private registry credentials ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ @@ -716,3 +754,8 @@ tcp: {} ## udp: {} # 53: "kube-system/kube-dns:53" + +# A base64ed Diffie-Hellman parameter +# This can be generated with: openssl dhparam 4096 2> /dev/null | base64 +# Ref: https://github.com/krmichel/ingress-nginx/blob/master/docs/examples/customization/ssl-dh-param +dhParam: From 57770c6b25e7f73ebf5dabbdf0ea3f8a1230a450 Mon Sep 17 00:00:00 2001 From: Alexandre Allard Date: Mon, 10 May 2021 12:00:57 +0200 Subject: [PATCH 2/4] build: Bump ingress-nginx image to v0.46.0 Needed by the update of the helm charts to version 3.30.0 Refs: #3279 --- buildchain/buildchain/versions.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/buildchain/buildchain/versions.py b/buildchain/buildchain/versions.py index 41ae2d343c..ee8de17ad1 100644 --- a/buildchain/buildchain/versions.py +++ b/buildchain/buildchain/versions.py @@ -161,8 +161,8 @@ def _version_prefix(version: str, prefix: str = "v") -> str: ), Image( name="nginx-ingress-controller", - version="v0.41.2", - digest="sha256:1f4f402b9c14f3ae92b11ada1dfe9893a88f0faeb0b2f4b903e2c67a0c3bf0de", + version="v0.46.0", + digest="sha256:52f0058bed0a17ab0fb35628ba97e8d52b5d32299fbc03cc0f6c7b9ff036b61a", ), Image( name="nginx-ingress-defaultbackend-amd64", From 5e1122d5d4160d4f3282ec6fa2a2d110b1b8720d Mon Sep 17 00:00:00 2001 From: Alexandre Allard Date: Mon, 10 May 2021 12:02:25 +0200 Subject: [PATCH 3/4] salt: Re-render ingress-nginx Salt formulas Needed as we have bumped the Helm chart version to 3.30.0, re-render using: ``` ./charts/render.py ingress-nginx --namespace metalk8s-ingress \ charts/ingress-nginx.yaml charts/ingress-nginx/ \ > salt/metalk8s/addons/nginx-ingress/deployed/chart.sls ./charts/render.py ingress-nginx-control-plane --namespace metalk8s-ingress \ charts/ingress-nginx-control-plane.yaml charts/ingress-nginx/ \ > salt/metalk8s/addons/nginx-ingress-control-plane/deployed/chart.sls ``` Refs: #3279 --- .../deployed/chart.sls | 45 ++++++-------- .../addons/nginx-ingress/deployed/chart.sls | 58 ++++++++----------- 2 files changed, 43 insertions(+), 60 deletions(-) diff --git a/salt/metalk8s/addons/nginx-ingress-control-plane/deployed/chart.sls b/salt/metalk8s/addons/nginx-ingress-control-plane/deployed/chart.sls index 526f7d1235..c647b1448d 100644 --- a/salt/metalk8s/addons/nginx-ingress-control-plane/deployed/chart.sls +++ b/salt/metalk8s/addons/nginx-ingress-control-plane/deployed/chart.sls @@ -7,6 +7,7 @@ {% raw %} apiVersion: v1 +automountServiceAccountToken: true kind: ServiceAccount metadata: labels: @@ -15,8 +16,8 @@ metadata: app.kubernetes.io/managed-by: salt app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: metalk8s - app.kubernetes.io/version: 0.41.2 - helm.sh/chart: ingress-nginx-3.13.0 + app.kubernetes.io/version: 0.46.0 + helm.sh/chart: ingress-nginx-3.30.0 heritage: metalk8s name: ingress-nginx-control-plane namespace: metalk8s-ingress @@ -31,8 +32,8 @@ metadata: app.kubernetes.io/managed-by: salt app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: metalk8s - app.kubernetes.io/version: 0.41.2 - helm.sh/chart: ingress-nginx-3.13.0 + app.kubernetes.io/version: 0.46.0 + helm.sh/chart: ingress-nginx-3.30.0 heritage: metalk8s name: ingress-nginx-control-plane-controller namespace: metalk8s-ingress @@ -45,8 +46,8 @@ metadata: app.kubernetes.io/managed-by: salt app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: metalk8s - app.kubernetes.io/version: 0.41.2 - helm.sh/chart: ingress-nginx-3.13.0 + app.kubernetes.io/version: 0.46.0 + helm.sh/chart: ingress-nginx-3.30.0 heritage: metalk8s name: ingress-nginx-control-plane namespace: metalk8s-ingress @@ -75,7 +76,6 @@ rules: verbs: - get - list - - update - watch - apiGroups: - extensions @@ -117,8 +117,8 @@ metadata: app.kubernetes.io/managed-by: salt app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: metalk8s - app.kubernetes.io/version: 0.41.2 - helm.sh/chart: ingress-nginx-3.13.0 + app.kubernetes.io/version: 0.46.0 + helm.sh/chart: ingress-nginx-3.30.0 heritage: metalk8s name: ingress-nginx-control-plane namespace: metalk8s-ingress @@ -140,8 +140,8 @@ metadata: app.kubernetes.io/managed-by: salt app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: metalk8s - app.kubernetes.io/version: 0.41.2 - helm.sh/chart: ingress-nginx-3.13.0 + app.kubernetes.io/version: 0.46.0 + helm.sh/chart: ingress-nginx-3.30.0 heritage: metalk8s name: ingress-nginx-control-plane namespace: metalk8s-ingress @@ -170,7 +170,6 @@ rules: verbs: - get - list - - update - watch - apiGroups: - extensions @@ -211,14 +210,6 @@ rules: - configmaps verbs: - create -- apiGroups: - - '' - resources: - - endpoints - verbs: - - create - - get - - update - apiGroups: - '' resources: @@ -236,8 +227,8 @@ metadata: app.kubernetes.io/managed-by: salt app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: metalk8s - app.kubernetes.io/version: 0.41.2 - helm.sh/chart: ingress-nginx-3.13.0 + app.kubernetes.io/version: 0.46.0 + helm.sh/chart: ingress-nginx-3.30.0 heritage: metalk8s name: ingress-nginx-control-plane namespace: metalk8s-ingress @@ -260,8 +251,8 @@ metadata: app.kubernetes.io/managed-by: salt app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: metalk8s - app.kubernetes.io/version: 0.41.2 - helm.sh/chart: ingress-nginx-3.13.0 + app.kubernetes.io/version: 0.46.0 + helm.sh/chart: ingress-nginx-3.30.0 heritage: metalk8s name: ingress-nginx-control-plane-controller namespace: metalk8s-ingress @@ -288,8 +279,8 @@ metadata: app.kubernetes.io/managed-by: salt app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: metalk8s - app.kubernetes.io/version: 0.41.2 - helm.sh/chart: ingress-nginx-3.13.0 + app.kubernetes.io/version: 0.46.0 + helm.sh/chart: ingress-nginx-3.30.0 heritage: metalk8s name: ingress-nginx-control-plane-controller namespace: metalk8s-ingress @@ -328,7 +319,7 @@ spec: - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so image: '{%- endraw -%}{{ build_image_name("nginx-ingress-controller", False) - }}{%- raw -%}:v0.41.2' + }}{%- raw -%}:v0.46.0' imagePullPolicy: IfNotPresent lifecycle: preStop: diff --git a/salt/metalk8s/addons/nginx-ingress/deployed/chart.sls b/salt/metalk8s/addons/nginx-ingress/deployed/chart.sls index dc5fd4cadc..484fab5f94 100644 --- a/salt/metalk8s/addons/nginx-ingress/deployed/chart.sls +++ b/salt/metalk8s/addons/nginx-ingress/deployed/chart.sls @@ -7,6 +7,7 @@ {% raw %} apiVersion: v1 +automountServiceAccountToken: true kind: ServiceAccount metadata: labels: @@ -15,13 +16,14 @@ metadata: app.kubernetes.io/managed-by: salt app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: metalk8s - app.kubernetes.io/version: 0.41.2 - helm.sh/chart: ingress-nginx-3.13.0 + app.kubernetes.io/version: 0.46.0 + helm.sh/chart: ingress-nginx-3.30.0 heritage: metalk8s name: ingress-nginx namespace: metalk8s-ingress --- apiVersion: v1 +automountServiceAccountToken: true kind: ServiceAccount metadata: labels: @@ -30,8 +32,8 @@ metadata: app.kubernetes.io/managed-by: salt app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: metalk8s - app.kubernetes.io/version: 0.41.2 - helm.sh/chart: ingress-nginx-3.13.0 + app.kubernetes.io/version: 0.46.0 + helm.sh/chart: ingress-nginx-3.30.0 heritage: metalk8s name: ingress-nginx-backend namespace: metalk8s-ingress @@ -46,8 +48,8 @@ metadata: app.kubernetes.io/managed-by: salt app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: metalk8s - app.kubernetes.io/version: 0.41.2 - helm.sh/chart: ingress-nginx-3.13.0 + app.kubernetes.io/version: 0.46.0 + helm.sh/chart: ingress-nginx-3.30.0 heritage: metalk8s name: ingress-nginx-controller namespace: metalk8s-ingress @@ -60,8 +62,8 @@ metadata: app.kubernetes.io/managed-by: salt app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: metalk8s - app.kubernetes.io/version: 0.41.2 - helm.sh/chart: ingress-nginx-3.13.0 + app.kubernetes.io/version: 0.46.0 + helm.sh/chart: ingress-nginx-3.30.0 heritage: metalk8s name: ingress-nginx namespace: metalk8s-ingress @@ -90,7 +92,6 @@ rules: verbs: - get - list - - update - watch - apiGroups: - extensions @@ -132,8 +133,8 @@ metadata: app.kubernetes.io/managed-by: salt app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: metalk8s - app.kubernetes.io/version: 0.41.2 - helm.sh/chart: ingress-nginx-3.13.0 + app.kubernetes.io/version: 0.46.0 + helm.sh/chart: ingress-nginx-3.30.0 heritage: metalk8s name: ingress-nginx namespace: metalk8s-ingress @@ -155,8 +156,8 @@ metadata: app.kubernetes.io/managed-by: salt app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: metalk8s - app.kubernetes.io/version: 0.41.2 - helm.sh/chart: ingress-nginx-3.13.0 + app.kubernetes.io/version: 0.46.0 + helm.sh/chart: ingress-nginx-3.30.0 heritage: metalk8s name: ingress-nginx namespace: metalk8s-ingress @@ -185,7 +186,6 @@ rules: verbs: - get - list - - update - watch - apiGroups: - extensions @@ -226,14 +226,6 @@ rules: - configmaps verbs: - create -- apiGroups: - - '' - resources: - - endpoints - verbs: - - create - - get - - update - apiGroups: - '' resources: @@ -251,8 +243,8 @@ metadata: app.kubernetes.io/managed-by: salt app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: metalk8s - app.kubernetes.io/version: 0.41.2 - helm.sh/chart: ingress-nginx-3.13.0 + app.kubernetes.io/version: 0.46.0 + helm.sh/chart: ingress-nginx-3.30.0 heritage: metalk8s name: ingress-nginx namespace: metalk8s-ingress @@ -275,8 +267,8 @@ metadata: app.kubernetes.io/managed-by: salt app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: metalk8s - app.kubernetes.io/version: 0.41.2 - helm.sh/chart: ingress-nginx-3.13.0 + app.kubernetes.io/version: 0.46.0 + helm.sh/chart: ingress-nginx-3.30.0 heritage: metalk8s name: ingress-nginx-controller namespace: metalk8s-ingress @@ -305,8 +297,8 @@ metadata: app.kubernetes.io/managed-by: salt app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: metalk8s - app.kubernetes.io/version: 0.41.2 - helm.sh/chart: ingress-nginx-3.13.0 + app.kubernetes.io/version: 0.46.0 + helm.sh/chart: ingress-nginx-3.30.0 heritage: metalk8s name: ingress-nginx-defaultbackend namespace: metalk8s-ingress @@ -331,8 +323,8 @@ metadata: app.kubernetes.io/managed-by: salt app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: metalk8s - app.kubernetes.io/version: 0.41.2 - helm.sh/chart: ingress-nginx-3.13.0 + app.kubernetes.io/version: 0.46.0 + helm.sh/chart: ingress-nginx-3.30.0 heritage: metalk8s name: ingress-nginx-controller namespace: metalk8s-ingress @@ -372,7 +364,7 @@ spec: - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so image: '{%- endraw -%}{{ build_image_name("nginx-ingress-controller", False) - }}{%- raw -%}:v0.41.2' + }}{%- raw -%}:v0.46.0' imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -443,8 +435,8 @@ metadata: app.kubernetes.io/managed-by: salt app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: metalk8s - app.kubernetes.io/version: 0.41.2 - helm.sh/chart: ingress-nginx-3.13.0 + app.kubernetes.io/version: 0.46.0 + helm.sh/chart: ingress-nginx-3.30.0 heritage: metalk8s name: ingress-nginx-defaultbackend namespace: metalk8s-ingress From be2e22f700ecc08ade334af2e30cc591b3764cd3 Mon Sep 17 00:00:00 2001 From: Alexandre Allard Date: Mon, 10 May 2021 15:54:53 +0200 Subject: [PATCH 4/4] Add CHANGELOG entry for ingress-nginx version bump Refs: #3279 --- CHANGELOG.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index bd4f04090b..59f139a2da 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -40,6 +40,11 @@ - prometheus-operator from v0.43.2 to v0.47.0 (PR[#3360](https://github.com/scality/metalk8s/pull/3360)) +- [#3279](https://github.com/scality/metalk8s/issues/3279) - Bump + ingress-nginx chart version from 3.13.0 to 3.30.0 + nginx-ingress-controller image has been bump accordingly from v0.41.2 + to v0.46.0 (PR[#3371](https://github.com/scality/metalk8s/pull/3371)) + ### Breaking changes - [#2199](https://github.com/scality/metalk8s/issues/2199) - Prometheus label