From b3a6f6e3cae3b0832bd13297cdd208dad643afa3 Mon Sep 17 00:00:00 2001 From: dean-coakley Date: Thu, 9 Aug 2018 16:18:49 +0100 Subject: [PATCH 1/8] Helm: Add report-status & leader-election support --- helm-chart/Chart.yaml | 2 +- helm-chart/templates/controller-daemonset.yaml | 6 ++++++ helm-chart/templates/controller-deployment.yaml | 6 ++++++ helm-chart/values-plus.yaml | 6 ++++++ helm-chart/values.yaml | 6 ++++++ 5 files changed, 25 insertions(+), 1 deletion(-) diff --git a/helm-chart/Chart.yaml b/helm-chart/Chart.yaml index ab60e62c58..f7a06641ef 100644 --- a/helm-chart/Chart.yaml +++ b/helm-chart/Chart.yaml @@ -1,5 +1,5 @@ name: nginx-ingress -version: 0.1.1 +version: 0.1.2 appVersion: 1.3.0 description: NGINX Ingress Controller sources: diff --git a/helm-chart/templates/controller-daemonset.yaml b/helm-chart/templates/controller-daemonset.yaml index ed54366a5c..9491c8e1a2 100644 --- a/helm-chart/templates/controller-daemonset.yaml +++ b/helm-chart/templates/controller-daemonset.yaml @@ -83,6 +83,12 @@ spec: {{- if .Values.controller.healthStatus }} - -health-status {{- end }} +{{- if and (.Values.controller.reportIngressStatus.enable) (.Values.controller.reportIngressStatus.externalService) }} + - -external-service +{{- end }} +{{ if .Values.controller.enableLeaderElection }} + - -enable-leader-election +{{- end }} {{- if .Values.prometheus }} {{- if and (.Values.controller.nginxplus) (.Values.prometheus.create) }} - image: "{{ .Values.prometheus.image.repository }}:{{ .Values.prometheus.image.tag }}" diff --git a/helm-chart/templates/controller-deployment.yaml b/helm-chart/templates/controller-deployment.yaml index 1c47ce53d1..ee524eaacf 100644 --- a/helm-chart/templates/controller-deployment.yaml +++ b/helm-chart/templates/controller-deployment.yaml @@ -69,6 +69,12 @@ spec: {{- if .Values.controller.healthStatus }} - -health-status {{- end }} +{{- if and (.Values.controller.reportIngressStatus.enable) (.Values.controller.reportIngressStatus.externalService) }} + - -external-service +{{- end }} +{{ if .Values.controller.enableLeaderElection }} + - -enable-leader-election +{{- end }} {{- if .Values.prometheus }} {{- if and (.Values.controller.nginxplus) (.Values.prometheus.create) }} - image: "{{ .Values.prometheus.image.repository }}:{{ .Values.prometheus.image.tag }}" diff --git a/helm-chart/values-plus.yaml b/helm-chart/values-plus.yaml index de94f4e57f..b3bb39ab96 100644 --- a/helm-chart/values-plus.yaml +++ b/helm-chart/values-plus.yaml @@ -14,6 +14,7 @@ controller: secret: # / config: entries: {} + # external-status-address: "external-status-test" nodeSelector: {} terminationGracePeriodSeconds: 30 tolerations: "" @@ -28,6 +29,11 @@ controller: externalTrafficPolicy: Local annotations: {} serviceAccountName: nginx-ingress + reportIngressStatus: + enable: false + externalAddress: fake-address + externalService: true + enableLeaderElection: true rbac: create: true prometheus: diff --git a/helm-chart/values.yaml b/helm-chart/values.yaml index 145eedb7eb..eb56401daa 100644 --- a/helm-chart/values.yaml +++ b/helm-chart/values.yaml @@ -9,6 +9,7 @@ controller: pullPolicy: IfNotPresent config: entries: {} + # external-status-address: "external-status-test" # It is recommended to use your own TLS certificate and key defaultTLS: cert: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURTVENDQWpHZ0F3SUJBZ0lKQUs5L2NDNWZocDJHTUEwR0NTcUdTSWIzRFFFQkJRVUFNQ0V4SHpBZEJnTlYKQkFNVEZrNUhTVTVZU1c1bmNtVnpjME52Ym5SeWIyeHNaWEl3SGhjTk1UY3dPRE14TVRBeE16UTRXaGNOTVRndwpPRE14TVRBeE16UTRXakFoTVI4d0hRWURWUVFERXhaT1IwbE9XRWx1WjNKbGMzTkRiMjUwY205c2JHVnlNSUlCCklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUF0bXhhMDhadExIaWxleWhOUWN5OUl4ankKWTBYdy9CRmZvM3duMDRsSXRoaGRxbkZ3NTZIVG1RVjIvbnEyRUxMdTNoejNjc3Urc3M5WFEzL3BrbXVwTEE5TApuaVVRZFVNcER4VlE1VFFKRW5CanJ5aXc4RWFlcEp4NUNCYVB5V3ZSZkpPb0pFSW56ZmNaYnE4OEVmQklYOHdtClFCa0xlcnFTVmRYWjBXR3FINVVQVlVZMVBqZXBqSXAyZ0NvbDRMUjM1aHRlSk9OMmZVTEF6cmRGMDBDT092WGsKUzgwRGw5eHdoUkVwVWVySGNuNXZod3BJazNkY3FNS3BxWTY2elF3dStMcFJEM3ZVWjR0eC9VYnlUdStkMkdhVwpWaG1RLy85RmtzUzVBS1d2ZXkrK3pPUTFDZTAxNzhDU0hRYXRDaWFuU2lTT3lwakZtTUZ0N1Mra25pbm9Xd0lECkFRQUJvNEdETUlHQU1CMEdBMVVkRGdRV0JCUlFUODVHRzV6a0QxV3FNSzZvOW8xWWFqUVBXVEJSQmdOVkhTTUUKU2pCSWdCUlFUODVHRzV6a0QxV3FNSzZvOW8xWWFqUVBXYUVscENNd0lURWZNQjBHQTFVRUF4TVdUa2RKVGxoSgpibWR5WlhOelEyOXVkSEp2Ykd4bGNvSUpBSzkvY0M1ZmhwMkdNQXdHQTFVZEV3UUZNQU1CQWY4d0RRWUpLb1pJCmh2Y05BUUVGQlFBRGdnRUJBSTIxcXpDN0lIYTEzblNvRkMxVFdtSUZydjQ2L2hRSFRjSFhxazRXZW16Z3VwVW8Kdmp0R05DVFlaR1VtL3RZY1FobDZvOXVJZlV5N3NlVS9OeWVCWHpOdGFiQUczQUIzanREVUJySy9xeVJ5cDZjRApIL0MzNmd5VFh3OGJxYVdOSzg0VGhYOVg2MFVFNVE2NzFUQUJMbk9paEhKUVVxTHdRc1VkdEkxRHBQb1BOOFlWCm5YQVl1RXJKWTVRckhzdHZoOFNZM2xoV3BSOWJ0eTVySldweUhIM3NDL1lHN2lFam5TUXp2LzdhK3cxTW1RQ0EKTk1wQnFvdzJKZkdveklyV2JvcFBVR2lmZ2szSjBKT24rcnA4RDRVc1lvNEo4Y3RvVk5qUFdmeU9zczB6ZWZ2aQpyUmVEUDdJOXc5THF1eERIRUhzeUpMUXN0MzNlQWlna1FBQU9zMUU9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K @@ -28,5 +29,10 @@ controller: externalTrafficPolicy: Local annotations: {} serviceAccountName: nginx-ingress + reportIngressStatus: + enable: false + externalAddress: fake-address + externalService: true + enableLeaderElection: true rbac: create: true From 65391c1fbb9ee89b9529c591154bc7092369c0cb Mon Sep 17 00:00:00 2001 From: dean-coakley Date: Mon, 13 Aug 2018 11:19:37 +0100 Subject: [PATCH 2/8] Helm: Fix external-service cli argument templates --- helm-chart/templates/controller-daemonset.yaml | 2 +- helm-chart/templates/controller-deployment.yaml | 2 +- helm-chart/values-plus.yaml | 3 +-- helm-chart/values.yaml | 3 +-- 4 files changed, 4 insertions(+), 6 deletions(-) diff --git a/helm-chart/templates/controller-daemonset.yaml b/helm-chart/templates/controller-daemonset.yaml index 9491c8e1a2..214fa2f0b8 100644 --- a/helm-chart/templates/controller-daemonset.yaml +++ b/helm-chart/templates/controller-daemonset.yaml @@ -84,7 +84,7 @@ spec: - -health-status {{- end }} {{- if and (.Values.controller.reportIngressStatus.enable) (.Values.controller.reportIngressStatus.externalService) }} - - -external-service + - -external-service={{ .Values.controller.reportIngressStatus.externalService }} {{- end }} {{ if .Values.controller.enableLeaderElection }} - -enable-leader-election diff --git a/helm-chart/templates/controller-deployment.yaml b/helm-chart/templates/controller-deployment.yaml index ee524eaacf..4b53fd5c36 100644 --- a/helm-chart/templates/controller-deployment.yaml +++ b/helm-chart/templates/controller-deployment.yaml @@ -70,7 +70,7 @@ spec: - -health-status {{- end }} {{- if and (.Values.controller.reportIngressStatus.enable) (.Values.controller.reportIngressStatus.externalService) }} - - -external-service + - -external-service={{ .Values.controller.reportIngressStatus.externalService }} {{- end }} {{ if .Values.controller.enableLeaderElection }} - -enable-leader-election diff --git a/helm-chart/values-plus.yaml b/helm-chart/values-plus.yaml index b3bb39ab96..8fcb8e3552 100644 --- a/helm-chart/values-plus.yaml +++ b/helm-chart/values-plus.yaml @@ -31,8 +31,7 @@ controller: serviceAccountName: nginx-ingress reportIngressStatus: enable: false - externalAddress: fake-address - externalService: true + externalService: "external-svc" enableLeaderElection: true rbac: create: true diff --git a/helm-chart/values.yaml b/helm-chart/values.yaml index eb56401daa..9537837261 100644 --- a/helm-chart/values.yaml +++ b/helm-chart/values.yaml @@ -31,8 +31,7 @@ controller: serviceAccountName: nginx-ingress reportIngressStatus: enable: false - externalAddress: fake-address - externalService: true + externalService: "external-svc" enableLeaderElection: true rbac: create: true From daa9824d2f5dd70be6b928a4df7fd1d8f3a64c70 Mon Sep 17 00:00:00 2001 From: dean-coakley Date: Tue, 14 Aug 2018 11:43:04 +0100 Subject: [PATCH 3/8] Helm: Add report-ingress-status cli arg * Added report-ingress-status to both templates * Fixed leader-election to only be set when report-ingress-status is enabled --- helm-chart/templates/controller-daemonset.yaml | 7 +++++-- helm-chart/templates/controller-deployment.yaml | 7 +++++-- helm-chart/values-plus.yaml | 2 +- helm-chart/values.yaml | 2 +- 4 files changed, 12 insertions(+), 6 deletions(-) diff --git a/helm-chart/templates/controller-daemonset.yaml b/helm-chart/templates/controller-daemonset.yaml index 214fa2f0b8..c561e71b10 100644 --- a/helm-chart/templates/controller-daemonset.yaml +++ b/helm-chart/templates/controller-daemonset.yaml @@ -83,12 +83,15 @@ spec: {{- if .Values.controller.healthStatus }} - -health-status {{- end }} -{{- if and (.Values.controller.reportIngressStatus.enable) (.Values.controller.reportIngressStatus.externalService) }} +{{- if .Values.controller.reportIngressStatus.enable }} + - -report-ingress-status +{{- if .Values.controller.reportIngressStatus.externalService }} - -external-service={{ .Values.controller.reportIngressStatus.externalService }} {{- end }} -{{ if .Values.controller.enableLeaderElection }} +{{ if .Values.controller.reportIngressStatus.enableLeaderElection }} - -enable-leader-election {{- end }} +{{- end }} {{- if .Values.prometheus }} {{- if and (.Values.controller.nginxplus) (.Values.prometheus.create) }} - image: "{{ .Values.prometheus.image.repository }}:{{ .Values.prometheus.image.tag }}" diff --git a/helm-chart/templates/controller-deployment.yaml b/helm-chart/templates/controller-deployment.yaml index 4b53fd5c36..a37300a10b 100644 --- a/helm-chart/templates/controller-deployment.yaml +++ b/helm-chart/templates/controller-deployment.yaml @@ -69,12 +69,15 @@ spec: {{- if .Values.controller.healthStatus }} - -health-status {{- end }} -{{- if and (.Values.controller.reportIngressStatus.enable) (.Values.controller.reportIngressStatus.externalService) }} +{{- if .Values.controller.reportIngressStatus.enable }} + - -report-ingress-status +{{- if .Values.controller.reportIngressStatus.externalService }} - -external-service={{ .Values.controller.reportIngressStatus.externalService }} {{- end }} -{{ if .Values.controller.enableLeaderElection }} +{{- if .Values.controller.reportIngressStatus.enableLeaderElection }} - -enable-leader-election {{- end }} +{{- end }} {{- if .Values.prometheus }} {{- if and (.Values.controller.nginxplus) (.Values.prometheus.create) }} - image: "{{ .Values.prometheus.image.repository }}:{{ .Values.prometheus.image.tag }}" diff --git a/helm-chart/values-plus.yaml b/helm-chart/values-plus.yaml index 8fcb8e3552..0c4513ddba 100644 --- a/helm-chart/values-plus.yaml +++ b/helm-chart/values-plus.yaml @@ -32,7 +32,7 @@ controller: reportIngressStatus: enable: false externalService: "external-svc" - enableLeaderElection: true + enableLeaderElection: true rbac: create: true prometheus: diff --git a/helm-chart/values.yaml b/helm-chart/values.yaml index 9537837261..d5fb199414 100644 --- a/helm-chart/values.yaml +++ b/helm-chart/values.yaml @@ -32,6 +32,6 @@ controller: reportIngressStatus: enable: false externalService: "external-svc" - enableLeaderElection: true + enableLeaderElection: true rbac: create: true From eb6e943e47fa22480284e9419d9ae363461871cf Mon Sep 17 00:00:00 2001 From: dean-coakley Date: Tue, 14 Aug 2018 12:28:16 +0100 Subject: [PATCH 4/8] Helm: Fix defaults for reporting status * Fix external-status-address to use example ip 1.2.3.4 * Fix externalService default to be nginx-ingress as this will be the most common default * Removed quotes from externalService in values files and moved to templates to follow existing code style --- helm-chart/templates/controller-daemonset.yaml | 2 +- helm-chart/templates/controller-deployment.yaml | 2 +- helm-chart/values-plus.yaml | 4 ++-- helm-chart/values.yaml | 4 ++-- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/helm-chart/templates/controller-daemonset.yaml b/helm-chart/templates/controller-daemonset.yaml index c561e71b10..d2f1e6ab69 100644 --- a/helm-chart/templates/controller-daemonset.yaml +++ b/helm-chart/templates/controller-daemonset.yaml @@ -86,7 +86,7 @@ spec: {{- if .Values.controller.reportIngressStatus.enable }} - -report-ingress-status {{- if .Values.controller.reportIngressStatus.externalService }} - - -external-service={{ .Values.controller.reportIngressStatus.externalService }} + - -external-service="{{ .Values.controller.reportIngressStatus.externalService }}" {{- end }} {{ if .Values.controller.reportIngressStatus.enableLeaderElection }} - -enable-leader-election diff --git a/helm-chart/templates/controller-deployment.yaml b/helm-chart/templates/controller-deployment.yaml index a37300a10b..80db16df98 100644 --- a/helm-chart/templates/controller-deployment.yaml +++ b/helm-chart/templates/controller-deployment.yaml @@ -72,7 +72,7 @@ spec: {{- if .Values.controller.reportIngressStatus.enable }} - -report-ingress-status {{- if .Values.controller.reportIngressStatus.externalService }} - - -external-service={{ .Values.controller.reportIngressStatus.externalService }} + - -external-service="{{ .Values.controller.reportIngressStatus.externalService }}" {{- end }} {{- if .Values.controller.reportIngressStatus.enableLeaderElection }} - -enable-leader-election diff --git a/helm-chart/values-plus.yaml b/helm-chart/values-plus.yaml index 0c4513ddba..1cc28b413b 100644 --- a/helm-chart/values-plus.yaml +++ b/helm-chart/values-plus.yaml @@ -14,7 +14,7 @@ controller: secret: # / config: entries: {} - # external-status-address: "external-status-test" + # external-status-address: "1.2.3.4" nodeSelector: {} terminationGracePeriodSeconds: 30 tolerations: "" @@ -31,7 +31,7 @@ controller: serviceAccountName: nginx-ingress reportIngressStatus: enable: false - externalService: "external-svc" + externalService: nginx-ingress enableLeaderElection: true rbac: create: true diff --git a/helm-chart/values.yaml b/helm-chart/values.yaml index d5fb199414..8f3add6279 100644 --- a/helm-chart/values.yaml +++ b/helm-chart/values.yaml @@ -9,7 +9,7 @@ controller: pullPolicy: IfNotPresent config: entries: {} - # external-status-address: "external-status-test" + # external-status-address: "1.2.3.4" # It is recommended to use your own TLS certificate and key defaultTLS: cert: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURTVENDQWpHZ0F3SUJBZ0lKQUs5L2NDNWZocDJHTUEwR0NTcUdTSWIzRFFFQkJRVUFNQ0V4SHpBZEJnTlYKQkFNVEZrNUhTVTVZU1c1bmNtVnpjME52Ym5SeWIyeHNaWEl3SGhjTk1UY3dPRE14TVRBeE16UTRXaGNOTVRndwpPRE14TVRBeE16UTRXakFoTVI4d0hRWURWUVFERXhaT1IwbE9XRWx1WjNKbGMzTkRiMjUwY205c2JHVnlNSUlCCklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUF0bXhhMDhadExIaWxleWhOUWN5OUl4ankKWTBYdy9CRmZvM3duMDRsSXRoaGRxbkZ3NTZIVG1RVjIvbnEyRUxMdTNoejNjc3Urc3M5WFEzL3BrbXVwTEE5TApuaVVRZFVNcER4VlE1VFFKRW5CanJ5aXc4RWFlcEp4NUNCYVB5V3ZSZkpPb0pFSW56ZmNaYnE4OEVmQklYOHdtClFCa0xlcnFTVmRYWjBXR3FINVVQVlVZMVBqZXBqSXAyZ0NvbDRMUjM1aHRlSk9OMmZVTEF6cmRGMDBDT092WGsKUzgwRGw5eHdoUkVwVWVySGNuNXZod3BJazNkY3FNS3BxWTY2elF3dStMcFJEM3ZVWjR0eC9VYnlUdStkMkdhVwpWaG1RLy85RmtzUzVBS1d2ZXkrK3pPUTFDZTAxNzhDU0hRYXRDaWFuU2lTT3lwakZtTUZ0N1Mra25pbm9Xd0lECkFRQUJvNEdETUlHQU1CMEdBMVVkRGdRV0JCUlFUODVHRzV6a0QxV3FNSzZvOW8xWWFqUVBXVEJSQmdOVkhTTUUKU2pCSWdCUlFUODVHRzV6a0QxV3FNSzZvOW8xWWFqUVBXYUVscENNd0lURWZNQjBHQTFVRUF4TVdUa2RKVGxoSgpibWR5WlhOelEyOXVkSEp2Ykd4bGNvSUpBSzkvY0M1ZmhwMkdNQXdHQTFVZEV3UUZNQU1CQWY4d0RRWUpLb1pJCmh2Y05BUUVGQlFBRGdnRUJBSTIxcXpDN0lIYTEzblNvRkMxVFdtSUZydjQ2L2hRSFRjSFhxazRXZW16Z3VwVW8Kdmp0R05DVFlaR1VtL3RZY1FobDZvOXVJZlV5N3NlVS9OeWVCWHpOdGFiQUczQUIzanREVUJySy9xeVJ5cDZjRApIL0MzNmd5VFh3OGJxYVdOSzg0VGhYOVg2MFVFNVE2NzFUQUJMbk9paEhKUVVxTHdRc1VkdEkxRHBQb1BOOFlWCm5YQVl1RXJKWTVRckhzdHZoOFNZM2xoV3BSOWJ0eTVySldweUhIM3NDL1lHN2lFam5TUXp2LzdhK3cxTW1RQ0EKTk1wQnFvdzJKZkdveklyV2JvcFBVR2lmZ2szSjBKT24rcnA4RDRVc1lvNEo4Y3RvVk5qUFdmeU9zczB6ZWZ2aQpyUmVEUDdJOXc5THF1eERIRUhzeUpMUXN0MzNlQWlna1FBQU9zMUU9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K @@ -31,7 +31,7 @@ controller: serviceAccountName: nginx-ingress reportIngressStatus: enable: false - externalService: "external-svc" + externalService: nginx-ingress enableLeaderElection: true rbac: create: true From 1661f49fadfdf1c23050d015ba51d26b3b291bc8 Mon Sep 17 00:00:00 2001 From: dean-coakley Date: Tue, 14 Aug 2018 14:38:51 +0100 Subject: [PATCH 5/8] Helm: Update README with new options * Added documentation for report-ingress-status related values * Added documentation for leader-election --- helm-chart/README.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/helm-chart/README.md b/helm-chart/README.md index 9cfcb1f97f..63642192e0 100644 --- a/helm-chart/README.md +++ b/helm-chart/README.md @@ -53,7 +53,7 @@ The command removes all the Kubernetes components associated with the chart and ## Configuration -The following tables lists the configurable parameters of the NGINX Ingress controller chart and their default values. +The following tables lists the configurable parameters of the NGINX Ingress controller chart and their default values. Parameter | Description | Default --- | --- | --- @@ -81,6 +81,9 @@ Parameter | Description | Default `controller.useIngressClassOnly` | Ignore Ingress resources without the `"kubernetes.io/ingress.class"` annotation. | false `controller.watchNamespace` | Namespace to watch for Ingress resources. By default the Ingress controller watches all namespaces. | "" `controller.healthStatus` | Add a location "/nginx-health" to the default server. The location responds with the 200 status code for any request. Useful for external health-checking of the Ingress controller. | false +`controller.reportIngressStatus.enable` | Update the address field in the status of Ingresses resources. Requires `controller.reportIngressStatus.externalService`, or `controller.config.entries.external-status-address` to be set. **Note:** `controller.reportIngressStatus.externalService` takes preference if both are set. | false +`controller.reportIngressStatus.externalService` | Specifies the name of the service with the type LoadBalancer through which the Ingress controller pods are exposed externally. The external address of the service is used when reporting the status of Ingress resources. `controller.reportIngressStatus.enable` must be set to `true`. | nginx-ingress +`controller.reportIngressStatus.enableLeaderElection`. | Enable Leader election to avoid multiple replicas of the controller reporting the status of Ingress resources. `controller.reportIngressStatus.enable` must be set to `true`. | true `rbac.create` | Configures RBAC. | true `prometheues.create` | Deploys a Prometheus exporter container within the Ingress controller pod. Requires NGINX Plus. `controller.nginxplus` must be set to `true`. | false `prometheus.port` | Configures the port to scrape the metrics. | 9113 From f7fea6b98f8e4f3a320da940527ddce01277e538 Mon Sep 17 00:00:00 2001 From: dean-coakley Date: Tue, 14 Aug 2018 16:54:35 +0100 Subject: [PATCH 6/8] Helm: Fix report-status/leader-election docs --- helm-chart/README.md | 6 +++--- helm-chart/templates/controller-daemonset.yaml | 2 +- helm-chart/templates/controller-deployment.yaml | 2 +- helm-chart/values-plus.yaml | 1 - helm-chart/values.yaml | 1 - 5 files changed, 5 insertions(+), 7 deletions(-) diff --git a/helm-chart/README.md b/helm-chart/README.md index 63642192e0..35a0d3e33f 100644 --- a/helm-chart/README.md +++ b/helm-chart/README.md @@ -81,9 +81,9 @@ Parameter | Description | Default `controller.useIngressClassOnly` | Ignore Ingress resources without the `"kubernetes.io/ingress.class"` annotation. | false `controller.watchNamespace` | Namespace to watch for Ingress resources. By default the Ingress controller watches all namespaces. | "" `controller.healthStatus` | Add a location "/nginx-health" to the default server. The location responds with the 200 status code for any request. Useful for external health-checking of the Ingress controller. | false -`controller.reportIngressStatus.enable` | Update the address field in the status of Ingresses resources. Requires `controller.reportIngressStatus.externalService`, or `controller.config.entries.external-status-address` to be set. **Note:** `controller.reportIngressStatus.externalService` takes preference if both are set. | false -`controller.reportIngressStatus.externalService` | Specifies the name of the service with the type LoadBalancer through which the Ingress controller pods are exposed externally. The external address of the service is used when reporting the status of Ingress resources. `controller.reportIngressStatus.enable` must be set to `true`. | nginx-ingress -`controller.reportIngressStatus.enableLeaderElection`. | Enable Leader election to avoid multiple replicas of the controller reporting the status of Ingress resources. `controller.reportIngressStatus.enable` must be set to `true`. | true +`controller.reportIngressStatus.enable` | Update the address field in the status of Ingresses resources with an external address of the Ingress controller. You must also specify the source of the external address either through an external service via `controller.reportIngressStatus.externalService` or the `external-status-address` entry in the ConfigMap via `controller.config.entries`. **Note:** `controller.config.entries.external-status-address` takes precedence if both are set. | false +`controller.reportIngressStatus.externalService` | Specifies the name of the service with the type LoadBalancer through which the Ingress controller is exposed externally. The external address of the service is used when reporting the status of Ingress resources. `controller.reportIngressStatus.enable` must be set to `true`. | nginx-ingress +`controller.reportIngressStatus.enableLeaderElection` | Enable Leader election to avoid multiple replicas of the controller reporting the status of Ingress resources. `controller.reportIngressStatus.enable` must be set to `true`. | true `rbac.create` | Configures RBAC. | true `prometheues.create` | Deploys a Prometheus exporter container within the Ingress controller pod. Requires NGINX Plus. `controller.nginxplus` must be set to `true`. | false `prometheus.port` | Configures the port to scrape the metrics. | 9113 diff --git a/helm-chart/templates/controller-daemonset.yaml b/helm-chart/templates/controller-daemonset.yaml index d2f1e6ab69..c561e71b10 100644 --- a/helm-chart/templates/controller-daemonset.yaml +++ b/helm-chart/templates/controller-daemonset.yaml @@ -86,7 +86,7 @@ spec: {{- if .Values.controller.reportIngressStatus.enable }} - -report-ingress-status {{- if .Values.controller.reportIngressStatus.externalService }} - - -external-service="{{ .Values.controller.reportIngressStatus.externalService }}" + - -external-service={{ .Values.controller.reportIngressStatus.externalService }} {{- end }} {{ if .Values.controller.reportIngressStatus.enableLeaderElection }} - -enable-leader-election diff --git a/helm-chart/templates/controller-deployment.yaml b/helm-chart/templates/controller-deployment.yaml index 80db16df98..a37300a10b 100644 --- a/helm-chart/templates/controller-deployment.yaml +++ b/helm-chart/templates/controller-deployment.yaml @@ -72,7 +72,7 @@ spec: {{- if .Values.controller.reportIngressStatus.enable }} - -report-ingress-status {{- if .Values.controller.reportIngressStatus.externalService }} - - -external-service="{{ .Values.controller.reportIngressStatus.externalService }}" + - -external-service={{ .Values.controller.reportIngressStatus.externalService }} {{- end }} {{- if .Values.controller.reportIngressStatus.enableLeaderElection }} - -enable-leader-election diff --git a/helm-chart/values-plus.yaml b/helm-chart/values-plus.yaml index 1cc28b413b..4ec54b614f 100644 --- a/helm-chart/values-plus.yaml +++ b/helm-chart/values-plus.yaml @@ -14,7 +14,6 @@ controller: secret: # / config: entries: {} - # external-status-address: "1.2.3.4" nodeSelector: {} terminationGracePeriodSeconds: 30 tolerations: "" diff --git a/helm-chart/values.yaml b/helm-chart/values.yaml index 8f3add6279..8fc9a3331c 100644 --- a/helm-chart/values.yaml +++ b/helm-chart/values.yaml @@ -9,7 +9,6 @@ controller: pullPolicy: IfNotPresent config: entries: {} - # external-status-address: "1.2.3.4" # It is recommended to use your own TLS certificate and key defaultTLS: cert: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURTVENDQWpHZ0F3SUJBZ0lKQUs5L2NDNWZocDJHTUEwR0NTcUdTSWIzRFFFQkJRVUFNQ0V4SHpBZEJnTlYKQkFNVEZrNUhTVTVZU1c1bmNtVnpjME52Ym5SeWIyeHNaWEl3SGhjTk1UY3dPRE14TVRBeE16UTRXaGNOTVRndwpPRE14TVRBeE16UTRXakFoTVI4d0hRWURWUVFERXhaT1IwbE9XRWx1WjNKbGMzTkRiMjUwY205c2JHVnlNSUlCCklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUF0bXhhMDhadExIaWxleWhOUWN5OUl4ankKWTBYdy9CRmZvM3duMDRsSXRoaGRxbkZ3NTZIVG1RVjIvbnEyRUxMdTNoejNjc3Urc3M5WFEzL3BrbXVwTEE5TApuaVVRZFVNcER4VlE1VFFKRW5CanJ5aXc4RWFlcEp4NUNCYVB5V3ZSZkpPb0pFSW56ZmNaYnE4OEVmQklYOHdtClFCa0xlcnFTVmRYWjBXR3FINVVQVlVZMVBqZXBqSXAyZ0NvbDRMUjM1aHRlSk9OMmZVTEF6cmRGMDBDT092WGsKUzgwRGw5eHdoUkVwVWVySGNuNXZod3BJazNkY3FNS3BxWTY2elF3dStMcFJEM3ZVWjR0eC9VYnlUdStkMkdhVwpWaG1RLy85RmtzUzVBS1d2ZXkrK3pPUTFDZTAxNzhDU0hRYXRDaWFuU2lTT3lwakZtTUZ0N1Mra25pbm9Xd0lECkFRQUJvNEdETUlHQU1CMEdBMVVkRGdRV0JCUlFUODVHRzV6a0QxV3FNSzZvOW8xWWFqUVBXVEJSQmdOVkhTTUUKU2pCSWdCUlFUODVHRzV6a0QxV3FNSzZvOW8xWWFqUVBXYUVscENNd0lURWZNQjBHQTFVRUF4TVdUa2RKVGxoSgpibWR5WlhOelEyOXVkSEp2Ykd4bGNvSUpBSzkvY0M1ZmhwMkdNQXdHQTFVZEV3UUZNQU1CQWY4d0RRWUpLb1pJCmh2Y05BUUVGQlFBRGdnRUJBSTIxcXpDN0lIYTEzblNvRkMxVFdtSUZydjQ2L2hRSFRjSFhxazRXZW16Z3VwVW8Kdmp0R05DVFlaR1VtL3RZY1FobDZvOXVJZlV5N3NlVS9OeWVCWHpOdGFiQUczQUIzanREVUJySy9xeVJ5cDZjRApIL0MzNmd5VFh3OGJxYVdOSzg0VGhYOVg2MFVFNVE2NzFUQUJMbk9paEhKUVVxTHdRc1VkdEkxRHBQb1BOOFlWCm5YQVl1RXJKWTVRckhzdHZoOFNZM2xoV3BSOWJ0eTVySldweUhIM3NDL1lHN2lFam5TUXp2LzdhK3cxTW1RQ0EKTk1wQnFvdzJKZkdveklyV2JvcFBVR2lmZ2szSjBKT24rcnA4RDRVc1lvNEo4Y3RvVk5qUFdmeU9zczB6ZWZ2aQpyUmVEUDdJOXc5THF1eERIRUhzeUpMUXN0MzNlQWlna1FBQU9zMUU9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K From c1e723ad044412d4b7a93a602f30ec93592e4f6f Mon Sep 17 00:00:00 2001 From: isaac Date: Wed, 15 Aug 2018 14:14:57 +0100 Subject: [PATCH 7/8] Selectively enable permissions for status update The IC only requires ingress/status update permissions if report-ingress-status is enabled. --- helm-chart/templates/rbac.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/helm-chart/templates/rbac.yaml b/helm-chart/templates/rbac.yaml index 79ea8acb44..d698b92648 100644 --- a/helm-chart/templates/rbac.yaml +++ b/helm-chart/templates/rbac.yaml @@ -56,12 +56,14 @@ rules: verbs: - list - watch +{{- if .Values.controller.reportIngressStatus.enable }} - apiGroups: - "extensions" resources: - ingresses/status verbs: - update +{{- end }} --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1beta1 From 46500c1da9f853c81bc08802ddda246acc6fc7db Mon Sep 17 00:00:00 2001 From: isaac Date: Thu, 16 Aug 2018 09:35:49 +0100 Subject: [PATCH 8/8] Enable report-ingress-status by default Also add get permissions on ingress resources, needed when the status updater is retrying a status update. --- helm-chart/README.md | 2 +- helm-chart/templates/rbac.yaml | 1 + helm-chart/values-plus.yaml | 2 +- helm-chart/values.yaml | 2 +- 4 files changed, 4 insertions(+), 3 deletions(-) diff --git a/helm-chart/README.md b/helm-chart/README.md index 35a0d3e33f..f55de8db91 100644 --- a/helm-chart/README.md +++ b/helm-chart/README.md @@ -81,7 +81,7 @@ Parameter | Description | Default `controller.useIngressClassOnly` | Ignore Ingress resources without the `"kubernetes.io/ingress.class"` annotation. | false `controller.watchNamespace` | Namespace to watch for Ingress resources. By default the Ingress controller watches all namespaces. | "" `controller.healthStatus` | Add a location "/nginx-health" to the default server. The location responds with the 200 status code for any request. Useful for external health-checking of the Ingress controller. | false -`controller.reportIngressStatus.enable` | Update the address field in the status of Ingresses resources with an external address of the Ingress controller. You must also specify the source of the external address either through an external service via `controller.reportIngressStatus.externalService` or the `external-status-address` entry in the ConfigMap via `controller.config.entries`. **Note:** `controller.config.entries.external-status-address` takes precedence if both are set. | false +`controller.reportIngressStatus.enable` | Update the address field in the status of Ingresses resources with an external address of the Ingress controller. You must also specify the source of the external address either through an external service via `controller.reportIngressStatus.externalService` or the `external-status-address` entry in the ConfigMap via `controller.config.entries`. **Note:** `controller.config.entries.external-status-address` takes precedence if both are set. | true `controller.reportIngressStatus.externalService` | Specifies the name of the service with the type LoadBalancer through which the Ingress controller is exposed externally. The external address of the service is used when reporting the status of Ingress resources. `controller.reportIngressStatus.enable` must be set to `true`. | nginx-ingress `controller.reportIngressStatus.enableLeaderElection` | Enable Leader election to avoid multiple replicas of the controller reporting the status of Ingress resources. `controller.reportIngressStatus.enable` must be set to `true`. | true `rbac.create` | Configures RBAC. | true diff --git a/helm-chart/templates/rbac.yaml b/helm-chart/templates/rbac.yaml index d698b92648..10c0db929b 100644 --- a/helm-chart/templates/rbac.yaml +++ b/helm-chart/templates/rbac.yaml @@ -54,6 +54,7 @@ rules: resources: - ingresses verbs: + - get - list - watch {{- if .Values.controller.reportIngressStatus.enable }} diff --git a/helm-chart/values-plus.yaml b/helm-chart/values-plus.yaml index 4ec54b614f..6e7ba5902a 100644 --- a/helm-chart/values-plus.yaml +++ b/helm-chart/values-plus.yaml @@ -29,7 +29,7 @@ controller: annotations: {} serviceAccountName: nginx-ingress reportIngressStatus: - enable: false + enable: true externalService: nginx-ingress enableLeaderElection: true rbac: diff --git a/helm-chart/values.yaml b/helm-chart/values.yaml index 8fc9a3331c..908fdb5a47 100644 --- a/helm-chart/values.yaml +++ b/helm-chart/values.yaml @@ -29,7 +29,7 @@ controller: annotations: {} serviceAccountName: nginx-ingress reportIngressStatus: - enable: false + enable: true externalService: nginx-ingress enableLeaderElection: true rbac: