Refactor Helm Chart location and generate mainfests automatically

Moves the Helm Chart to charts/nginx-ingress.

Uses Helm Charts in examples/helm-chart to template single file
manifests in deploy/.

Adds `kustomize` to create a single CRDs file and single files
CRDs for NAP WAF and NAP DoS.

Author: lucacome

.github/workflows/build-plus.yml

@@ -171,7 +171,7 @@ jobs:
             This is the official implementation of NGINX Ingress Controller (based on NGINX Plus) from NGINX.
           usage-instructions: |
             This container requires Kubernetes and can be deployed to EKS.
-            Review the installation instructions https://docs.nginx.com/nginx-ingress-controller/installation/ and utilize the deployment resources available https://github.com/nginxinc/kubernetes-ingress/tree/master/deployments
+            Review the installation instructions https://docs.nginx.com/nginx-ingress-controller/installation/ and utilize the deployment resources available https://github.com/nginxinc/kubernetes-ingress/tree/main/deploy
             Use this image instead of building your own.
         if: ${{ github.ref_type == 'tag' && contains(inputs.target, 'aws') }}
 

.github/workflows/ci.yml

@@ -53,7 +53,7 @@ jobs:
         run: go mod tidy && git diff --exit-code -- go.mod go.sum
 
       - name: Check if CRDs changed
-        run: make update-crds && git diff --name-only --exit-code deployments/common/crds*
+        run: make update-crds && git diff --name-only --exit-code config/crd/bases
 
       - name: Check if Codegen changed
         run: |

CONTRIBUTING.md

@@ -42,7 +42,7 @@ Read the [documentation](https://github.com/nginxinc/kubernetes-ingress/tree/mai
   - The internal code is found at `internal/`
   - Build files for Docker are found at `build/`
   - CI files are found at `.github/workflows/`
-  - Deployment yaml files, and Helm files are found at `deployments/`
+  - Deployment yaml files, and Helm files are found at `charts/`
   - We use [Go modules](https://github.com/golang/go/wiki/Modules) for managing dependencies.
 
 ## Contributing

Makefile

@@ -63,7 +63,14 @@ update-codegen: ## Generate code
 
 .PHONY: update-crds
 update-crds: ## Update CRDs
-	go run sigs.k8s.io/controller-tools/cmd/controller-gen crd:crdVersions=v1 schemapatch:manifests=./deployments/common/crds/ paths=./pkg/apis/... output:dir=./deployments/common/crds
+	go run sigs.k8s.io/controller-tools/cmd/controller-gen crd paths=./pkg/apis/... output:crd:artifacts:config=config/crd/bases
+	kustomize build config/crd >deploy/crds.yaml
+	kustomize build config/crd/app-protect-dos --load-restrictor='LoadRestrictionsNone' >deploy/crds-nap-dos.yaml
+	kustomize build config/crd/app-protect-waf --load-restrictor='LoadRestrictionsNone' >deploy/crds-nap-waf.yaml
+
+.PHONY: generate-manifests
+generate-manifests: ## Generate manifests
+	./hack/generate-manifests.sh
 
 .PHONY: certificate-and-key
 certificate-and-key: ## Create default cert and key

README.md

@@ -119,7 +119,7 @@ your links to the correct versions:
 | Version | Description |  Image for NGINX | Image for NGINX Plus | Installation Manifests and Helm Chart | Documentation and Examples |
 | ------- | ----------- | --------------- | -------------------- | ---------------------------------------| -------------------------- |
 | Latest stable release | For production use | Use the 3.3.0 images from [DockerHub](https://hub.docker.com/r/nginx/nginx-ingress/), [GitHub Container](https://github.com/nginxinc/kubernetes-ingress/pkgs/container/kubernetes-ingress), [Amazon ECR Public Gallery](https://gallery.ecr.aws/nginx/nginx-ingress) or [Quay.io](https://quay.io/repository/nginx/nginx-ingress) or [build your own image](https://docs.nginx.com/nginx-ingress-controller/installation/building-ingress-controller-image/). | Use the 3.3.0 images from the [F5 Container Registry](https://docs.nginx.com/nginx-ingress-controller/installation/pulling-ingress-controller-image/) or the [AWS Marketplace](https://aws.amazon.com/marketplace/search/?CREATOR=741df81b-dfdc-4d36-b8da-945ea66b522c&FULFILLMENT_OPTION_TYPE=CONTAINER&filters=CREATOR%2CFULFILLMENT_OPTION_TYPE) or [Build your own image](https://docs.nginx.com/nginx-ingress-controller/installation/building-ingress-controller-image/). | [Manifests](https://github.com/nginxinc/kubernetes-ingress/tree/v3.3.0/deployments). [Helm chart](https://github.com/nginxinc/kubernetes-ingress/tree/v3.3.0/deployments/helm-chart). | [Documentation](https://docs.nginx.com/nginx-ingress-controller/). [Examples](https://docs.nginx.com/nginx-ingress-controller/configuration/configuration-examples/). |
-| Edge/Nightly | For testing and experimenting | Use the edge or nightly images from [DockerHub](https://hub.docker.com/r/nginx/nginx-ingress/), [GitHub Container](https://github.com/nginxinc/kubernetes-ingress/pkgs/container/kubernetes-ingress), [Amazon ECR Public Gallery](https://gallery.ecr.aws/nginx/nginx-ingress) or [Quay.io](https://quay.io/repository/nginx/nginx-ingress) or [build your own image](https://github.com/nginxinc/kubernetes-ingress/tree/main/docs/content/installation/building-ingress-controller-image.md). | [Build your own image](https://github.com/nginxinc/kubernetes-ingress/tree/main/docs/content/installation/building-ingress-controller-image.md). | [Manifests](https://github.com/nginxinc/kubernetes-ingress/tree/main/deployments). [Helm chart](https://github.com/nginxinc/kubernetes-ingress/tree/main/charts/nginx-ingress). | [Documentation](https://github.com/nginxinc/kubernetes-ingress/tree/main/docs/content). [Examples](https://github.com/nginxinc/kubernetes-ingress/tree/main/examples). |
+| Edge/Nightly | For testing and experimenting | Use the edge or nightly images from [DockerHub](https://hub.docker.com/r/nginx/nginx-ingress/), [GitHub Container](https://github.com/nginxinc/kubernetes-ingress/pkgs/container/kubernetes-ingress), [Amazon ECR Public Gallery](https://gallery.ecr.aws/nginx/nginx-ingress) or [Quay.io](https://quay.io/repository/nginx/nginx-ingress) or [build your own image](https://github.com/nginxinc/kubernetes-ingress/tree/main/docs/content/installation/building-ingress-controller-image.md). | [Build your own image](https://github.com/nginxinc/kubernetes-ingress/tree/main/docs/content/installation/building-ingress-controller-image.md). | [Manifests](https://github.com/nginxinc/kubernetes-ingress/tree/main/deploy). [Helm chart](https://github.com/nginxinc/kubernetes-ingress/tree/main/charts/nginx-ingress). | [Documentation](https://github.com/nginxinc/kubernetes-ingress/tree/main/docs/content). [Examples](https://github.com/nginxinc/kubernetes-ingress/tree/main/examples). |
 
 ## SBOM (Software Bill of Materials)
 

charts/nginx-ingress/.helmignore

@@ -1,2 +1,4 @@
 # Patterns to ignore when building packages.
 *.png
+
+.cache

charts/nginx-ingress/README.md

@@ -75,14 +75,14 @@ To install the chart with the release name my-release (my-release is the name th
 For NGINX:
 
 ```console
-helm install my-release oci://ghcr.io/nginxinc/charts/nginx-ingress --version 1.0.0
+helm install my-release -n nginx-ingress --create-namespace oci://ghcr.io/nginxinc/charts/nginx-ingress --version 1.0.0
 ```
 
 For NGINX Plus: (assuming you have pushed the Ingress Controller image `nginx-plus-ingress` to your private registry
 `myregistry.example.com`)
 
 ```console
-helm install my-release oci://ghcr.io/nginxinc/charts/nginx-ingress --version 1.0.0 --set controller.image.repository=myregistry.example.com/nginx-plus-ingress --set controller.nginxplus=true
+helm install my-release -n nginx-ingress --create-namespace oci://ghcr.io/nginxinc/charts/nginx-ingress --version 1.0.0 --set controller.image.repository=myregistry.example.com/nginx-plus-ingress --set controller.nginxplus=true
 ```
 
 This will install the latest `edge` version of the Ingress Controller from GitHub Container Registry. If you prefer to
@@ -97,15 +97,15 @@ CRDs](#upgrading-the-crds).
 To upgrade the release `my-release`:
 
 ```console
-helm upgrade my-release oci://ghcr.io/nginxinc/charts/nginx-ingress --version 1.0.0
+helm upgrade my-release -n nginx-ingress oci://ghcr.io/nginxinc/charts/nginx-ingress --version 1.0.0
 ```
 
 ### Uninstalling the Chart
 
 To uninstall/delete the release `my-release`:
 
 ```console
-helm uninstall my-release
+helm uninstall my-release -n nginx-ingress
 ```
 
 The command removes all the Kubernetes components associated with the release and deletes the release.
@@ -120,7 +120,7 @@ version is built from the `main` branch of the NGINX Ingress Controller reposito
 by specifying the `--version` flag with the value `0.0.0-edge`:
 
 ```console
-helm install my-release oci://ghcr.io/nginxinc/charts/nginx-ingress --version 0.0.0-edge
+helm install my-release -n nginx-ingress --create-namespace oci://ghcr.io/nginxinc/charts/nginx-ingress --version 0.0.0-edge
 ```
 
 > **Warning**
@@ -154,13 +154,13 @@ To install the chart with the release name my-release (my-release is the name th
 For NGINX:
 
 ```console
-helm install my-release .
+helm install my-release -n nginx-ingress --create-namespace .
 ```
 
 For NGINX Plus:
 
 ```console
-helm install my-release -f values-plus.yaml .
+helm install my-release -f values-plus.yaml -n nginx-ingress --create-namespace .
 ```
 
 The command deploys the Ingress Controller in your Kubernetes cluster in the default configuration. The configuration
@@ -174,15 +174,15 @@ CRDs](#upgrading-the-crds).
 To upgrade the release `my-release`:
 
 ```console
-helm upgrade my-release .
+helm upgrade my-release -n nginx-ingress .
 ```
 
 ### Uninstalling the Chart
 
 To uninstall/delete the release `my-release`:
 
 ```console
-helm uninstall my-release
+helm uninstall my-release -n nginx-ingress
 ```
 
 The command removes all the Kubernetes components associated with the release and deletes the release.
@@ -252,8 +252,8 @@ The following tables lists the configurable parameters of the NGINX Ingress Cont
 |`controller.enableCustomResources` | Enable the custom resources. | true |
 |`controller.enablePreviewPolicies` | Enable preview policies. This parameter is deprecated. To enable OIDC Policies please use `controller.enableOIDC` instead. | false |
 |`controller.enableOIDC` | Enable OIDC policies. | false |
-|`controller.enableTLSPassthrough` | Enable TLS Passthrough on default port 443. Requires `controller.enableCustomResources`. | false |
-|`controller.tlsPassThroughPort` | Set the port for the TLS Passthrough. Requires `controller.enableCustomResources` and `controller.enableTLSPassthrough`.  | 443 |
+|`controller.enableTLSPassthrough` | Enable TLS Passthrough on port 443. Requires `controller.enableCustomResources`. | false |
+|`controller.tlsPassThroughPort` | Set the port for the TLS Passthrough. Requires `controller.enableCustomResources` and `controller.enableTLSPassthrough`. | 443 |
 |`controller.enableCertManager` | Enable x509 automated certificate management for VirtualServer resources using cert-manager (cert-manager.io). Requires `controller.enableCustomResources`. | false |
 |`controller.enableExternalDNS` | Enable integration with ExternalDNS for configuring public DNS entries for VirtualServer resources using [ExternalDNS](https://github.com/kubernetes-sigs/external-dns). Requires `controller.enableCustomResources`. | false |
 |`controller.globalConfiguration.create` | Creates the GlobalConfiguration custom resource. Requires `controller.enableCustomResources`. | false |

charts/nginx-ingress/crds

@@ -1 +1 @@
-../../deployments/common/crds/
+../../config/crd/bases/

charts/nginx-ingress/templates/controller-daemonset.yaml

@@ -230,9 +230,9 @@ spec:
           - -disable-ipv6={{ .Values.controller.disableIPV6 }}
 {{- if .Values.controller.enableCustomResources }}
           - -enable-tls-passthrough={{ .Values.controller.enableTLSPassthrough }}
-{{ if .Values.controller.enableTLSPassthrough }}
+{{- if .Values.controller.enableTLSPassthrough }}
           - -tls-passthrough-port={{ .Values.controller.tlsPassthroughPort }}
-{{ end }}
+{{- end }}
           - -enable-preview-policies={{ .Values.controller.enablePreviewPolicies }}
           - -enable-cert-manager={{ .Values.controller.enableCertManager }}
           - -enable-oidc={{ .Values.controller.enableOIDC }}

charts/nginx-ingress/templates/controller-deployment.yaml

@@ -173,14 +173,14 @@ spec:
           - -enable-app-protect={{ .Values.controller.appprotect.enable }}
 {{- if and .Values.controller.appprotect.enable .Values.controller.appprotect.logLevel }}
           - -app-protect-log-level={{ .Values.controller.appprotect.logLevel }}
-{{ end }}
+{{- end }}
           - -enable-app-protect-dos={{ .Values.controller.appprotectdos.enable }}
 {{- if .Values.controller.appprotectdos.enable }}
           - -app-protect-dos-debug={{ .Values.controller.appprotectdos.debug }}
           - -app-protect-dos-max-daemons={{ .Values.controller.appprotectdos.maxDaemons }}
           - -app-protect-dos-max-workers={{ .Values.controller.appprotectdos.maxWorkers }}
           - -app-protect-dos-memory={{ .Values.controller.appprotectdos.memory }}
-{{ end }}
+{{- end }}
           - -nginx-configmaps=$(POD_NAMESPACE)/{{ include "nginx-ingress.configName" . }}
 {{- if .Values.controller.defaultTLS.secret }}
           - -default-server-tls-secret={{ .Values.controller.defaultTLS.secret }}
@@ -237,9 +237,9 @@ spec:
           - -disable-ipv6={{ .Values.controller.disableIPV6 }}
 {{- if .Values.controller.enableCustomResources }}
           - -enable-tls-passthrough={{ .Values.controller.enableTLSPassthrough }}
-{{ if .Values.controller.enableTLSPassthrough }}
+{{- if .Values.controller.enableTLSPassthrough }}
           - -tls-passthrough-port={{ .Values.controller.tlsPassthroughPort }}
-{{ end }}
+{{- end }}
           - -enable-preview-policies={{ .Values.controller.enablePreviewPolicies }}
           - -enable-cert-manager={{ .Values.controller.enableCertManager }}
           - -enable-oidc={{ .Values.controller.enableOIDC }}