Skip to content

feat(nginx): switch to chart built-in default-backend config #839

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
May 19, 2024
Merged

feat(nginx): switch to chart built-in default-backend config #839

merged 1 commit into from
May 19, 2024

Conversation

martinohmann
Copy link
Owner

No description provided.

@github-actions github-actions bot added area/kubernetes Changes made in the kubernetes directory cluster/main cluster/storage labels May 19, 2024
@github-actions GitHub Actions
Copy link

helmrelease changes in kubernetes/storage

--- HelmRelease: networking/nginx-internal Deployment: networking/nginx-internal-controller

+++ HelmRelease: networking/nginx-internal Deployment: networking/nginx-internal-controller

@@ -37,21 +37,21 @@

           preStop:
             exec:
               command:
               - /wait-shutdown
         args:
         - /nginx-ingress-controller
+        - --default-backend-service=$(POD_NAMESPACE)/nginx-internal-default-backend
         - --publish-service=$(POD_NAMESPACE)/nginx-internal-controller
         - --election-id=nginx-internal-leader
         - --controller-class=k8s.io/internal
         - --ingress-class=nginx
         - --configmap=$(POD_NAMESPACE)/nginx-internal-controller
         - --validating-webhook=:8443
         - --validating-webhook-certificate=/usr/local/certificates/cert
         - --validating-webhook-key=/usr/local/certificates/key
-        - --default-backend-service=networking/nginx-default-backend
         - --default-ssl-certificate=networking/18b-haus-production-tls
         securityContext:
           runAsNonRoot: true
           runAsUser: 101
           allowPrivilegeEscalation: false
           seccompProfile:
--- HelmRelease: networking/nginx-internal ServiceAccount: networking/nginx-internal-backend

+++ HelmRelease: networking/nginx-internal ServiceAccount: networking/nginx-internal-backend

@@ -0,0 +1,14 @@

+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    app.kubernetes.io/name: ingress-nginx
+    app.kubernetes.io/instance: nginx-internal
+    app.kubernetes.io/part-of: ingress-nginx
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/component: default-backend
+  name: nginx-internal-backend
+  namespace: networking
+automountServiceAccountToken: true
+
--- HelmRelease: networking/nginx-internal Service: networking/nginx-internal-default-backend

+++ HelmRelease: networking/nginx-internal Service: networking/nginx-internal-default-backend

@@ -0,0 +1,25 @@

+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app.kubernetes.io/name: ingress-nginx
+    app.kubernetes.io/instance: nginx-internal
+    app.kubernetes.io/part-of: ingress-nginx
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/component: default-backend
+  name: nginx-internal-default-backend
+  namespace: networking
+spec:
+  type: ClusterIP
+  ports:
+  - name: http
+    port: 80
+    protocol: TCP
+    targetPort: http
+    appProtocol: http
+  selector:
+    app.kubernetes.io/name: ingress-nginx
+    app.kubernetes.io/instance: nginx-internal
+    app.kubernetes.io/component: default-backend
+
--- HelmRelease: networking/nginx-internal Deployment: networking/nginx-internal-default-backend

+++ HelmRelease: networking/nginx-internal Deployment: networking/nginx-internal-default-backend

@@ -0,0 +1,86 @@

+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app.kubernetes.io/name: ingress-nginx
+    app.kubernetes.io/instance: nginx-internal
+    app.kubernetes.io/part-of: ingress-nginx
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/component: default-backend
+  name: nginx-internal-default-backend
+  namespace: networking
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: ingress-nginx
+      app.kubernetes.io/instance: nginx-internal
+      app.kubernetes.io/component: default-backend
+  replicas: 1
+  revisionHistoryLimit: 3
+  minReadySeconds: 0
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: ingress-nginx
+        app.kubernetes.io/instance: nginx-internal
+        app.kubernetes.io/part-of: ingress-nginx
+        app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/component: default-backend
+    spec:
+      containers:
+      - name: ingress-nginx-default-backend
+        image: ghcr.io/tarampampam/error-pages:2.27.0
+        imagePullPolicy: IfNotPresent
+        securityContext:
+          runAsNonRoot: true
+          runAsUser: 65534
+          allowPrivilegeEscalation: false
+          seccompProfile:
+            type: RuntimeDefault
+          capabilities:
+            drop:
+            - ALL
+          readOnlyRootFilesystem: true
+        env:
+        - name: DISABLE_L10N
+          value: 'true'
+        - name: SHOW_DETAILS
+          value: 'true'
+        - name: TEMPLATE_NAME
+          value: l7-light
+        livenessProbe:
+          httpGet:
+            path: /healthz
+            port: 8080
+            scheme: HTTP
+          initialDelaySeconds: 30
+          periodSeconds: 10
+          timeoutSeconds: 5
+          successThreshold: 1
+          failureThreshold: 3
+        readinessProbe:
+          httpGet:
+            path: /healthz
+            port: 8080
+            scheme: HTTP
+          initialDelaySeconds: 0
+          periodSeconds: 5
+          timeoutSeconds: 5
+          successThreshold: 1
+          failureThreshold: 6
+        ports:
+        - name: http
+          containerPort: 8080
+          protocol: TCP
+        resources:
+          limits:
+            memory: 30Mi
+          requests:
+            cpu: 5m
+            memory: 10Mi
+      nodeSelector:
+        kubernetes.io/os: linux
+      serviceAccountName: nginx-internal-backend
+      terminationGracePeriodSeconds: 60
+
--- HelmRelease: networking/nginx-default-backend Service: networking/nginx-default-backend

+++ HelmRelease: networking/nginx-default-backend Service: networking/nginx-default-backend

@@ -1,22 +0,0 @@

----
-apiVersion: v1
-kind: Service
-metadata:
-  name: nginx-default-backend
-  labels:
-    app.kubernetes.io/instance: nginx-default-backend
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/name: nginx-default-backend
-    app.kubernetes.io/service: nginx-default-backend
-spec:
-  type: ClusterIP
-  ports:
-  - port: 8080
-    targetPort: 8080
-    protocol: TCP
-    name: http
-  selector:
-    app.kubernetes.io/component: nginx-default-backend
-    app.kubernetes.io/instance: nginx-default-backend
-    app.kubernetes.io/name: nginx-default-backend
-
--- HelmRelease: networking/nginx-default-backend Deployment: networking/nginx-default-backend

+++ HelmRelease: networking/nginx-default-backend Deployment: networking/nginx-default-backend

@@ -1,68 +0,0 @@

----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: nginx-default-backend
-  labels:
-    app.kubernetes.io/component: nginx-default-backend
-    app.kubernetes.io/instance: nginx-default-backend
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/name: nginx-default-backend
-spec:
-  revisionHistoryLimit: 3
-  replicas: 1
-  strategy:
-    type: RollingUpdate
-  selector:
-    matchLabels:
-      app.kubernetes.io/component: nginx-default-backend
-      app.kubernetes.io/name: nginx-default-backend
-      app.kubernetes.io/instance: nginx-default-backend
-  template:
-    metadata:
-      labels:
-        app.kubernetes.io/component: nginx-default-backend
-        app.kubernetes.io/instance: nginx-default-backend
-        app.kubernetes.io/name: nginx-default-backend
-    spec:
-      enableServiceLinks: false
-      serviceAccountName: default
-      automountServiceAccountToken: true
-      securityContext:
-        runAsGroup: 568
-        runAsUser: 568
-      hostIPC: false
-      hostNetwork: false
-      hostPID: false
-      dnsPolicy: ClusterFirst
-      containers:
-      - env:
-        - name: DISABLE_L10N
-          value: 'true'
-        - name: TEMPLATE_NAME
-          value: l7-light
-        image: ghcr.io/tarampampam/error-pages:2.27.0
-        livenessProbe:
-          failureThreshold: 3
-          httpGet:
-            path: /healthz
-            port: 8080
-          initialDelaySeconds: 0
-          periodSeconds: 10
-          timeoutSeconds: 1
-        name: app
-        readinessProbe:
-          failureThreshold: 3
-          httpGet:
-            path: /healthz
-            port: 8080
-          initialDelaySeconds: 0
-          periodSeconds: 10
-          timeoutSeconds: 1
-        resources:
-          limits:
-            memory: 30Mi
-          requests:
-            cpu: 5m
-            memory: 10Mi
-

@github-actions GitHub Actions
Copy link

kustomization changes in kubernetes/storage

--- kubernetes/storage/apps/networking/nginx/default-backend Kustomization: flux-system/nginx-default-backend HelmRelease: networking/nginx-default-backend

+++ kubernetes/storage/apps/networking/nginx/default-backend Kustomization: flux-system/nginx-default-backend HelmRelease: networking/nginx-default-backend

@@ -1,84 +0,0 @@

----
-apiVersion: helm.toolkit.fluxcd.io/v2
-kind: HelmRelease
-metadata:
-  labels:
-    app.kubernetes.io/name: nginx-default-backend
-    kustomize.toolkit.fluxcd.io/name: nginx-default-backend
-    kustomize.toolkit.fluxcd.io/namespace: flux-system
-  name: nginx-default-backend
-  namespace: networking
-spec:
-  chart:
-    spec:
-      chart: app-template
-      sourceRef:
-        kind: HelmRepository
-        name: bjw-s
-        namespace: flux-system
-      version: 3.1.0
-  install:
-    remediation:
-      retries: 3
-  interval: 2h
-  maxHistory: 2
-  uninstall:
-    keepHistory: false
-  upgrade:
-    cleanupOnFail: true
-    remediation:
-      retries: 3
-      strategy: uninstall
-  values:
-    controllers:
-      nginx-default-backend:
-        containers:
-          app:
-            env:
-              DISABLE_L10N: 'true'
-              TEMPLATE_NAME: l7-light
-            image:
-              repository: ghcr.io/tarampampam/error-pages
-              tag: 2.27.0
-            probes:
-              liveness:
-                custom: true
-                enabled: true
-                spec:
-                  failureThreshold: 3
-                  httpGet:
-                    path: /healthz
-                    port: 8080
-                  initialDelaySeconds: 0
-                  periodSeconds: 10
-                  timeoutSeconds: 1
-              readiness:
-                custom: true
-                enabled: true
-                spec:
-                  failureThreshold: 3
-                  httpGet:
-                    path: /healthz
-                    port: 8080
-                  initialDelaySeconds: 0
-                  periodSeconds: 10
-                  timeoutSeconds: 1
-            resources:
-              limits:
-                memory: 30Mi
-              requests:
-                cpu: 5m
-                memory: 10Mi
-        pod:
-          securityContext:
-            runAsGroup: 568
-            runAsUser: 568
-        replicas: 1
-        strategy: RollingUpdate
-    service:
-      app:
-        controller: nginx-default-backend
-        ports:
-          http:
-            port: 8080
-
--- kubernetes/storage/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/nginx-default-backend

+++ kubernetes/storage/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/nginx-default-backend

@@ -1,32 +0,0 @@

----
-apiVersion: kustomize.toolkit.fluxcd.io/v1
-kind: Kustomization
-metadata:
-  labels:
-    kustomize.toolkit.fluxcd.io/name: cluster-apps
-    kustomize.toolkit.fluxcd.io/namespace: flux-system
-  name: nginx-default-backend
-  namespace: flux-system
-spec:
-  commonMetadata:
-    labels:
-      app.kubernetes.io/name: nginx-default-backend
-  decryption:
-    provider: sops
-    secretRef:
-      name: sops-age
-  interval: 2h
-  path: ./kubernetes/storage/apps/networking/nginx/default-backend
-  postBuild:
-    substituteFrom:
-    - kind: Secret
-      name: cluster-secrets
-  prune: true
-  retryInterval: 1m
-  sourceRef:
-    kind: GitRepository
-    name: home-kubernetes
-  targetNamespace: networking
-  timeout: 5m
-  wait: false
-
--- kubernetes/storage/apps/networking/nginx/internal Kustomization: flux-system/nginx-internal HelmRelease: networking/nginx-internal

+++ kubernetes/storage/apps/networking/nginx/internal Kustomization: flux-system/nginx-internal HelmRelease: networking/nginx-internal

@@ -52,13 +52,12 @@

         log-format-upstream: |
           {"time": "$time_iso8601", "remote_addr": "$proxy_protocol_addr", "x_forwarded_for": "$proxy_add_x_forwarded_for", "request_id": "$req_id", "remote_user": "$remote_user", "bytes_sent": $bytes_sent, "request_time": $request_time, "status": $status, "vhost": "$host", "request_proto": "$server_protocol", "path": "$uri", "request_query": "$args", "request_length": $request_length, "duration": $request_time, "method": "$request_method", "http_referrer": "$http_referer", "http_user_agent": "$http_user_agent"}
         proxy-body-size: 0
         proxy-buffer-size: 16k
         ssl-protocols: TLSv1.3 TLSv1.2
       extraArgs:
-        default-backend-service: networking/nginx-default-backend
         default-ssl-certificate: networking/18b-haus-production-tls
       ingressClassResource:
         controllerValue: k8s.io/internal
         default: true
         name: internal
       metrics:
@@ -86,10 +85,28 @@

             app.kubernetes.io/component: controller
             app.kubernetes.io/name: nginx-internal
         maxSkew: 1
         topologyKey: kubernetes.io/hostname
         whenUnsatisfiable: DoNotSchedule
     defaultBackend:
-      enabled: false
+      enabled: true
+      extraEnvs:
+      - name: DISABLE_L10N
+        value: 'true'
+      - name: SHOW_DETAILS
+        value: 'true'
+      - name: TEMPLATE_NAME
+        value: l7-light
+      image:
+        repository: ghcr.io/tarampampam/error-pages
+        tag: 2.27.0
+      name: default-backend
+      replicaCount: 1
+      resources:
+        limits:
+          memory: 30Mi
+        requests:
+          cpu: 5m
+          memory: 10Mi
     fullnameOverride: nginx-internal
     revisionHistoryLimit: 3

@github-actions GitHub Actions
Copy link

helmrelease changes in kubernetes/main

--- HelmRelease: networking/nginx-external Deployment: networking/nginx-external-controller

+++ HelmRelease: networking/nginx-external Deployment: networking/nginx-external-controller

@@ -37,21 +37,21 @@

           preStop:
             exec:
               command:
               - /wait-shutdown
         args:
         - /nginx-ingress-controller
+        - --default-backend-service=$(POD_NAMESPACE)/nginx-external-default-backend
         - --publish-service=$(POD_NAMESPACE)/nginx-external-controller
         - --election-id=nginx-external-leader
         - --controller-class=k8s.io/external
         - --ingress-class=nginx
         - --configmap=$(POD_NAMESPACE)/nginx-external-controller
         - --validating-webhook=:8443
         - --validating-webhook-certificate=/usr/local/certificates/cert
         - --validating-webhook-key=/usr/local/certificates/key
-        - --default-backend-service=networking/nginx-default-backend
         - --default-ssl-certificate=networking/18b-haus-production-tls
         securityContext:
           runAsNonRoot: true
           runAsUser: 101
           allowPrivilegeEscalation: false
           seccompProfile:
--- HelmRelease: networking/nginx-external ServiceAccount: networking/nginx-external-backend

+++ HelmRelease: networking/nginx-external ServiceAccount: networking/nginx-external-backend

@@ -0,0 +1,14 @@

+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    app.kubernetes.io/name: ingress-nginx
+    app.kubernetes.io/instance: nginx-external
+    app.kubernetes.io/part-of: ingress-nginx
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/component: default-backend
+  name: nginx-external-backend
+  namespace: networking
+automountServiceAccountToken: true
+
--- HelmRelease: networking/nginx-external Service: networking/nginx-external-default-backend

+++ HelmRelease: networking/nginx-external Service: networking/nginx-external-default-backend

@@ -0,0 +1,25 @@

+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app.kubernetes.io/name: ingress-nginx
+    app.kubernetes.io/instance: nginx-external
+    app.kubernetes.io/part-of: ingress-nginx
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/component: default-backend
+  name: nginx-external-default-backend
+  namespace: networking
+spec:
+  type: ClusterIP
+  ports:
+  - name: http
+    port: 80
+    protocol: TCP
+    targetPort: http
+    appProtocol: http
+  selector:
+    app.kubernetes.io/name: ingress-nginx
+    app.kubernetes.io/instance: nginx-external
+    app.kubernetes.io/component: default-backend
+
--- HelmRelease: networking/nginx-external Deployment: networking/nginx-external-default-backend

+++ HelmRelease: networking/nginx-external Deployment: networking/nginx-external-default-backend

@@ -0,0 +1,86 @@

+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app.kubernetes.io/name: ingress-nginx
+    app.kubernetes.io/instance: nginx-external
+    app.kubernetes.io/part-of: ingress-nginx
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/component: default-backend
+  name: nginx-external-default-backend
+  namespace: networking
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: ingress-nginx
+      app.kubernetes.io/instance: nginx-external
+      app.kubernetes.io/component: default-backend
+  replicas: 1
+  revisionHistoryLimit: 3
+  minReadySeconds: 0
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: ingress-nginx
+        app.kubernetes.io/instance: nginx-external
+        app.kubernetes.io/part-of: ingress-nginx
+        app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/component: default-backend
+    spec:
+      containers:
+      - name: ingress-nginx-default-backend
+        image: ghcr.io/tarampampam/error-pages:2.27.0
+        imagePullPolicy: IfNotPresent
+        securityContext:
+          runAsNonRoot: true
+          runAsUser: 65534
+          allowPrivilegeEscalation: false
+          seccompProfile:
+            type: RuntimeDefault
+          capabilities:
+            drop:
+            - ALL
+          readOnlyRootFilesystem: true
+        env:
+        - name: DISABLE_L10N
+          value: 'true'
+        - name: SHOW_DETAILS
+          value: 'false'
+        - name: TEMPLATE_NAME
+          value: l7-light
+        livenessProbe:
+          httpGet:
+            path: /healthz
+            port: 8080
+            scheme: HTTP
+          initialDelaySeconds: 30
+          periodSeconds: 10
+          timeoutSeconds: 5
+          successThreshold: 1
+          failureThreshold: 3
+        readinessProbe:
+          httpGet:
+            path: /healthz
+            port: 8080
+            scheme: HTTP
+          initialDelaySeconds: 0
+          periodSeconds: 5
+          timeoutSeconds: 5
+          successThreshold: 1
+          failureThreshold: 6
+        ports:
+        - name: http
+          containerPort: 8080
+          protocol: TCP
+        resources:
+          limits:
+            memory: 30Mi
+          requests:
+            cpu: 5m
+            memory: 10Mi
+      nodeSelector:
+        kubernetes.io/os: linux
+      serviceAccountName: nginx-external-backend
+      terminationGracePeriodSeconds: 60
+
--- HelmRelease: networking/nginx-internal Deployment: networking/nginx-internal-controller

+++ HelmRelease: networking/nginx-internal Deployment: networking/nginx-internal-controller

@@ -37,21 +37,21 @@

           preStop:
             exec:
               command:
               - /wait-shutdown
         args:
         - /nginx-ingress-controller
+        - --default-backend-service=$(POD_NAMESPACE)/nginx-internal-default-backend
         - --publish-service=$(POD_NAMESPACE)/nginx-internal-controller
         - --election-id=nginx-internal-leader
         - --controller-class=k8s.io/internal
         - --ingress-class=nginx
         - --configmap=$(POD_NAMESPACE)/nginx-internal-controller
         - --validating-webhook=:8443
         - --validating-webhook-certificate=/usr/local/certificates/cert
         - --validating-webhook-key=/usr/local/certificates/key
-        - --default-backend-service=networking/nginx-default-backend
         - --default-ssl-certificate=networking/18b-haus-production-tls
         securityContext:
           runAsNonRoot: true
           runAsUser: 101
           allowPrivilegeEscalation: false
           seccompProfile:
--- HelmRelease: networking/nginx-internal ServiceAccount: networking/nginx-internal-backend

+++ HelmRelease: networking/nginx-internal ServiceAccount: networking/nginx-internal-backend

@@ -0,0 +1,14 @@

+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    app.kubernetes.io/name: ingress-nginx
+    app.kubernetes.io/instance: nginx-internal
+    app.kubernetes.io/part-of: ingress-nginx
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/component: default-backend
+  name: nginx-internal-backend
+  namespace: networking
+automountServiceAccountToken: true
+
--- HelmRelease: networking/nginx-internal Service: networking/nginx-internal-default-backend

+++ HelmRelease: networking/nginx-internal Service: networking/nginx-internal-default-backend

@@ -0,0 +1,25 @@

+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app.kubernetes.io/name: ingress-nginx
+    app.kubernetes.io/instance: nginx-internal
+    app.kubernetes.io/part-of: ingress-nginx
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/component: default-backend
+  name: nginx-internal-default-backend
+  namespace: networking
+spec:
+  type: ClusterIP
+  ports:
+  - name: http
+    port: 80
+    protocol: TCP
+    targetPort: http
+    appProtocol: http
+  selector:
+    app.kubernetes.io/name: ingress-nginx
+    app.kubernetes.io/instance: nginx-internal
+    app.kubernetes.io/component: default-backend
+
--- HelmRelease: networking/nginx-internal Deployment: networking/nginx-internal-default-backend

+++ HelmRelease: networking/nginx-internal Deployment: networking/nginx-internal-default-backend

@@ -0,0 +1,86 @@

+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app.kubernetes.io/name: ingress-nginx
+    app.kubernetes.io/instance: nginx-internal
+    app.kubernetes.io/part-of: ingress-nginx
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/component: default-backend
+  name: nginx-internal-default-backend
+  namespace: networking
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: ingress-nginx
+      app.kubernetes.io/instance: nginx-internal
+      app.kubernetes.io/component: default-backend
+  replicas: 1
+  revisionHistoryLimit: 3
+  minReadySeconds: 0
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: ingress-nginx
+        app.kubernetes.io/instance: nginx-internal
+        app.kubernetes.io/part-of: ingress-nginx
+        app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/component: default-backend
+    spec:
+      containers:
+      - name: ingress-nginx-default-backend
+        image: ghcr.io/tarampampam/error-pages:2.27.0
+        imagePullPolicy: IfNotPresent
+        securityContext:
+          runAsNonRoot: true
+          runAsUser: 65534
+          allowPrivilegeEscalation: false
+          seccompProfile:
+            type: RuntimeDefault
+          capabilities:
+            drop:
+            - ALL
+          readOnlyRootFilesystem: true
+        env:
+        - name: DISABLE_L10N
+          value: 'true'
+        - name: SHOW_DETAILS
+          value: 'true'
+        - name: TEMPLATE_NAME
+          value: l7-light
+        livenessProbe:
+          httpGet:
+            path: /healthz
+            port: 8080
+            scheme: HTTP
+          initialDelaySeconds: 30
+          periodSeconds: 10
+          timeoutSeconds: 5
+          successThreshold: 1
+          failureThreshold: 3
+        readinessProbe:
+          httpGet:
+            path: /healthz
+            port: 8080
+            scheme: HTTP
+          initialDelaySeconds: 0
+          periodSeconds: 5
+          timeoutSeconds: 5
+          successThreshold: 1
+          failureThreshold: 6
+        ports:
+        - name: http
+          containerPort: 8080
+          protocol: TCP
+        resources:
+          limits:
+            memory: 30Mi
+          requests:
+            cpu: 5m
+            memory: 10Mi
+      nodeSelector:
+        kubernetes.io/os: linux
+      serviceAccountName: nginx-internal-backend
+      terminationGracePeriodSeconds: 60
+
--- HelmRelease: networking/nginx-default-backend Service: networking/nginx-default-backend

+++ HelmRelease: networking/nginx-default-backend Service: networking/nginx-default-backend

@@ -1,22 +0,0 @@

----
-apiVersion: v1
-kind: Service
-metadata:
-  name: nginx-default-backend
-  labels:
-    app.kubernetes.io/instance: nginx-default-backend
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/name: nginx-default-backend
-    app.kubernetes.io/service: nginx-default-backend
-spec:
-  type: ClusterIP
-  ports:
-  - port: 8080
-    targetPort: 8080
-    protocol: TCP
-    name: http
-  selector:
-    app.kubernetes.io/component: nginx-default-backend
-    app.kubernetes.io/instance: nginx-default-backend
-    app.kubernetes.io/name: nginx-default-backend
-
--- HelmRelease: networking/nginx-default-backend Deployment: networking/nginx-default-backend

+++ HelmRelease: networking/nginx-default-backend Deployment: networking/nginx-default-backend

@@ -1,68 +0,0 @@

----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: nginx-default-backend
-  labels:
-    app.kubernetes.io/component: nginx-default-backend
-    app.kubernetes.io/instance: nginx-default-backend
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/name: nginx-default-backend
-spec:
-  revisionHistoryLimit: 3
-  replicas: 1
-  strategy:
-    type: RollingUpdate
-  selector:
-    matchLabels:
-      app.kubernetes.io/component: nginx-default-backend
-      app.kubernetes.io/name: nginx-default-backend
-      app.kubernetes.io/instance: nginx-default-backend
-  template:
-    metadata:
-      labels:
-        app.kubernetes.io/component: nginx-default-backend
-        app.kubernetes.io/instance: nginx-default-backend
-        app.kubernetes.io/name: nginx-default-backend
-    spec:
-      enableServiceLinks: false
-      serviceAccountName: default
-      automountServiceAccountToken: true
-      securityContext:
-        runAsGroup: 568
-        runAsUser: 568
-      hostIPC: false
-      hostNetwork: false
-      hostPID: false
-      dnsPolicy: ClusterFirst
-      containers:
-      - env:
-        - name: DISABLE_L10N
-          value: 'true'
-        - name: TEMPLATE_NAME
-          value: l7-light
-        image: ghcr.io/tarampampam/error-pages:2.27.0
-        livenessProbe:
-          failureThreshold: 3
-          httpGet:
-            path: /healthz
-            port: 8080
-          initialDelaySeconds: 0
-          periodSeconds: 10
-          timeoutSeconds: 1
-        name: app
-        readinessProbe:
-          failureThreshold: 3
-          httpGet:
-            path: /healthz
-            port: 8080
-          initialDelaySeconds: 0
-          periodSeconds: 10
-          timeoutSeconds: 1
-        resources:
-          limits:
-            memory: 30Mi
-          requests:
-            cpu: 5m
-            memory: 10Mi
-

@github-actions GitHub Actions
Copy link

kustomization changes in kubernetes/main

--- kubernetes/main/apps/networking/nginx/default-backend Kustomization: flux-system/nginx-default-backend HelmRelease: networking/nginx-default-backend

+++ kubernetes/main/apps/networking/nginx/default-backend Kustomization: flux-system/nginx-default-backend HelmRelease: networking/nginx-default-backend

@@ -1,84 +0,0 @@

----
-apiVersion: helm.toolkit.fluxcd.io/v2
-kind: HelmRelease
-metadata:
-  labels:
-    app.kubernetes.io/name: nginx-default-backend
-    kustomize.toolkit.fluxcd.io/name: nginx-default-backend
-    kustomize.toolkit.fluxcd.io/namespace: flux-system
-  name: nginx-default-backend
-  namespace: networking
-spec:
-  chart:
-    spec:
-      chart: app-template
-      sourceRef:
-        kind: HelmRepository
-        name: bjw-s
-        namespace: flux-system
-      version: 3.1.0
-  install:
-    remediation:
-      retries: 3
-  interval: 2h
-  maxHistory: 2
-  uninstall:
-    keepHistory: false
-  upgrade:
-    cleanupOnFail: true
-    remediation:
-      retries: 3
-      strategy: uninstall
-  values:
-    controllers:
-      nginx-default-backend:
-        containers:
-          app:
-            env:
-              DISABLE_L10N: 'true'
-              TEMPLATE_NAME: l7-light
-            image:
-              repository: ghcr.io/tarampampam/error-pages
-              tag: 2.27.0
-            probes:
-              liveness:
-                custom: true
-                enabled: true
-                spec:
-                  failureThreshold: 3
-                  httpGet:
-                    path: /healthz
-                    port: 8080
-                  initialDelaySeconds: 0
-                  periodSeconds: 10
-                  timeoutSeconds: 1
-              readiness:
-                custom: true
-                enabled: true
-                spec:
-                  failureThreshold: 3
-                  httpGet:
-                    path: /healthz
-                    port: 8080
-                  initialDelaySeconds: 0
-                  periodSeconds: 10
-                  timeoutSeconds: 1
-            resources:
-              limits:
-                memory: 30Mi
-              requests:
-                cpu: 5m
-                memory: 10Mi
-        pod:
-          securityContext:
-            runAsGroup: 568
-            runAsUser: 568
-        replicas: 1
-        strategy: RollingUpdate
-    service:
-      app:
-        controller: nginx-default-backend
-        ports:
-          http:
-            port: 8080
-
--- kubernetes/main/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/nginx-default-backend

+++ kubernetes/main/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/nginx-default-backend

@@ -1,32 +0,0 @@

----
-apiVersion: kustomize.toolkit.fluxcd.io/v1
-kind: Kustomization
-metadata:
-  labels:
-    kustomize.toolkit.fluxcd.io/name: cluster-apps
-    kustomize.toolkit.fluxcd.io/namespace: flux-system
-  name: nginx-default-backend
-  namespace: flux-system
-spec:
-  commonMetadata:
-    labels:
-      app.kubernetes.io/name: nginx-default-backend
-  decryption:
-    provider: sops
-    secretRef:
-      name: sops-age
-  interval: 2h
-  path: ./kubernetes/main/apps/networking/nginx/default-backend
-  postBuild:
-    substituteFrom:
-    - kind: Secret
-      name: cluster-secrets
-  prune: true
-  retryInterval: 1m
-  sourceRef:
-    kind: GitRepository
-    name: home-kubernetes
-  targetNamespace: networking
-  timeout: 5m
-  wait: false
-
--- kubernetes/main/apps/networking/nginx/external Kustomization: flux-system/nginx-external HelmRelease: networking/nginx-external

+++ kubernetes/main/apps/networking/nginx/external Kustomization: flux-system/nginx-external HelmRelease: networking/nginx-external

@@ -55,13 +55,12 @@

         log-format-upstream: |
           {"time": "$time_iso8601", "remote_addr": "$proxy_protocol_addr", "x_forwarded_for": "$proxy_add_x_forwarded_for", "request_id": "$req_id", "remote_user": "$remote_user", "bytes_sent": $bytes_sent, "request_time": $request_time, "status": $status, "vhost": "$host", "request_proto": "$server_protocol", "path": "$uri", "request_query": "$args", "request_length": $request_length, "duration": $request_time, "method": "$request_method", "http_referrer": "$http_referer", "http_user_agent": "$http_user_agent"}
         proxy-body-size: 0
         proxy-buffer-size: 16k
         ssl-protocols: TLSv1.3 TLSv1.2
       extraArgs:
-        default-backend-service: networking/nginx-default-backend
         default-ssl-certificate: networking/18b-haus-production-tls
       ingressClassResource:
         controllerValue: k8s.io/external
         default: false
         name: external
       metrics:
@@ -89,10 +88,28 @@

             app.kubernetes.io/component: controller
             app.kubernetes.io/name: nginx-external
         maxSkew: 1
         topologyKey: kubernetes.io/hostname
         whenUnsatisfiable: DoNotSchedule
     defaultBackend:
-      enabled: false
+      enabled: true
+      extraEnvs:
+      - name: DISABLE_L10N
+        value: 'true'
+      - name: SHOW_DETAILS
+        value: 'false'
+      - name: TEMPLATE_NAME
+        value: l7-light
+      image:
+        repository: ghcr.io/tarampampam/error-pages
+        tag: 2.27.0
+      name: default-backend
+      replicaCount: 1
+      resources:
+        limits:
+          memory: 30Mi
+        requests:
+          cpu: 5m
+          memory: 10Mi
     fullnameOverride: nginx-external
     revisionHistoryLimit: 3
 
--- kubernetes/main/apps/networking/nginx/internal Kustomization: flux-system/nginx-internal HelmRelease: networking/nginx-internal

+++ kubernetes/main/apps/networking/nginx/internal Kustomization: flux-system/nginx-internal HelmRelease: networking/nginx-internal

@@ -52,13 +52,12 @@

         log-format-upstream: |
           {"time": "$time_iso8601", "remote_addr": "$proxy_protocol_addr", "x_forwarded_for": "$proxy_add_x_forwarded_for", "request_id": "$req_id", "remote_user": "$remote_user", "bytes_sent": $bytes_sent, "request_time": $request_time, "status": $status, "vhost": "$host", "request_proto": "$server_protocol", "path": "$uri", "request_query": "$args", "request_length": $request_length, "duration": $request_time, "method": "$request_method", "http_referrer": "$http_referer", "http_user_agent": "$http_user_agent"}
         proxy-body-size: 0
         proxy-buffer-size: 16k
         ssl-protocols: TLSv1.3 TLSv1.2
       extraArgs:
-        default-backend-service: networking/nginx-default-backend
         default-ssl-certificate: networking/18b-haus-production-tls
       ingressClassResource:
         controllerValue: k8s.io/internal
         default: true
         name: internal
       metrics:
@@ -86,10 +85,28 @@

             app.kubernetes.io/component: controller
             app.kubernetes.io/name: nginx-internal
         maxSkew: 1
         topologyKey: kubernetes.io/hostname
         whenUnsatisfiable: DoNotSchedule
     defaultBackend:
-      enabled: false
+      enabled: true
+      extraEnvs:
+      - name: DISABLE_L10N
+        value: 'true'
+      - name: SHOW_DETAILS
+        value: 'true'
+      - name: TEMPLATE_NAME
+        value: l7-light
+      image:
+        repository: ghcr.io/tarampampam/error-pages
+        tag: 2.27.0
+      name: default-backend
+      replicaCount: 1
+      resources:
+        limits:
+          memory: 30Mi
+        requests:
+          cpu: 5m
+          memory: 10Mi
     fullnameOverride: nginx-internal
     revisionHistoryLimit: 3

@martinohmann martinohmann merged commit 53ca176 into main May 19, 2024
10 checks passed
@martinohmann martinohmann deleted the ingress-nginx/built-in-default-backend branch May 19, 2024 09:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
area/kubernetes Changes made in the kubernetes directory cluster/main cluster/storage
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@martinohmann