From d07ef48518113cffe3515ce3931e16baf8ee96b5 Mon Sep 17 00:00:00 2001 From: Muhammad Hamza Zaib Date: Thu, 25 Mar 2021 16:42:58 +0100 Subject: [PATCH 1/5] Add labels to RBAC resources --- charts/ingress-nginx/templates/clusterrole.yaml | 3 +++ charts/ingress-nginx/templates/clusterrolebinding.yaml | 3 +++ charts/ingress-nginx/templates/controller-role.yaml | 3 +++ charts/ingress-nginx/templates/controller-rolebinding.yaml | 3 +++ charts/ingress-nginx/templates/controller-serviceaccount.yaml | 3 +++ charts/ingress-nginx/templates/default-backend-role.yaml | 3 +++ .../ingress-nginx/templates/default-backend-rolebinding.yaml | 3 +++ .../templates/default-backend-serviceaccount.yaml | 3 +++ charts/ingress-nginx/values.yaml | 2 ++ 9 files changed, 26 insertions(+) diff --git a/charts/ingress-nginx/templates/clusterrole.yaml b/charts/ingress-nginx/templates/clusterrole.yaml index efc7d2682a..19122f3730 100644 --- a/charts/ingress-nginx/templates/clusterrole.yaml +++ b/charts/ingress-nginx/templates/clusterrole.yaml @@ -10,6 +10,9 @@ kind: ClusterRole metadata: labels: {{- include "ingress-nginx.labels" . | nindent 4 }} + {{- with .Values.rbac.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} name: {{ include "ingress-nginx.fullname" . }} rules: - apiGroups: diff --git a/charts/ingress-nginx/templates/clusterrolebinding.yaml b/charts/ingress-nginx/templates/clusterrolebinding.yaml index 81be52b87d..dd3be5e51e 100644 --- a/charts/ingress-nginx/templates/clusterrolebinding.yaml +++ b/charts/ingress-nginx/templates/clusterrolebinding.yaml @@ -4,6 +4,9 @@ kind: ClusterRoleBinding metadata: labels: {{- include "ingress-nginx.labels" . | nindent 4 }} + {{- with .Values.rbac.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} name: {{ include "ingress-nginx.fullname" . }} roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/charts/ingress-nginx/templates/controller-role.yaml b/charts/ingress-nginx/templates/controller-role.yaml index 97c627dacb..040d1b68c4 100644 --- a/charts/ingress-nginx/templates/controller-role.yaml +++ b/charts/ingress-nginx/templates/controller-role.yaml @@ -5,6 +5,9 @@ metadata: labels: {{- include "ingress-nginx.labels" . | nindent 4 }} app.kubernetes.io/component: controller + {{- with .Values.rbac.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} name: {{ include "ingress-nginx.fullname" . }} namespace: {{ .Release.Namespace }} rules: diff --git a/charts/ingress-nginx/templates/controller-rolebinding.yaml b/charts/ingress-nginx/templates/controller-rolebinding.yaml index 5ec3bc7749..368923e915 100644 --- a/charts/ingress-nginx/templates/controller-rolebinding.yaml +++ b/charts/ingress-nginx/templates/controller-rolebinding.yaml @@ -5,6 +5,9 @@ metadata: labels: {{- include "ingress-nginx.labels" . | nindent 4 }} app.kubernetes.io/component: controller + {{- with .Values.rbac.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} name: {{ include "ingress-nginx.fullname" . }} namespace: {{ .Release.Namespace }} roleRef: diff --git a/charts/ingress-nginx/templates/controller-serviceaccount.yaml b/charts/ingress-nginx/templates/controller-serviceaccount.yaml index 50a718d32d..a4dc88a229 100644 --- a/charts/ingress-nginx/templates/controller-serviceaccount.yaml +++ b/charts/ingress-nginx/templates/controller-serviceaccount.yaml @@ -5,6 +5,9 @@ metadata: labels: {{- include "ingress-nginx.labels" . | nindent 4 }} app.kubernetes.io/component: controller + {{- with .Values.rbac.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} name: {{ template "ingress-nginx.serviceAccountName" . }} namespace: {{ .Release.Namespace }} automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} diff --git a/charts/ingress-nginx/templates/default-backend-role.yaml b/charts/ingress-nginx/templates/default-backend-role.yaml index 5d29a2d526..009e736c75 100644 --- a/charts/ingress-nginx/templates/default-backend-role.yaml +++ b/charts/ingress-nginx/templates/default-backend-role.yaml @@ -5,6 +5,9 @@ metadata: labels: {{- include "ingress-nginx.labels" . | nindent 4 }} app.kubernetes.io/component: default-backend + {{- with .Values.rbac.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} name: {{ include "ingress-nginx.fullname" . }}-backend namespace: {{ .Release.Namespace }} rules: diff --git a/charts/ingress-nginx/templates/default-backend-rolebinding.yaml b/charts/ingress-nginx/templates/default-backend-rolebinding.yaml index 4a9cb92845..1a1e1b9cd7 100644 --- a/charts/ingress-nginx/templates/default-backend-rolebinding.yaml +++ b/charts/ingress-nginx/templates/default-backend-rolebinding.yaml @@ -5,6 +5,9 @@ metadata: labels: {{- include "ingress-nginx.labels" . | nindent 4 }} app.kubernetes.io/component: default-backend + {{- with .Values.rbac.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} name: {{ include "ingress-nginx.fullname" . }}-backend namespace: {{ .Release.Namespace }} roleRef: diff --git a/charts/ingress-nginx/templates/default-backend-serviceaccount.yaml b/charts/ingress-nginx/templates/default-backend-serviceaccount.yaml index 0c00e93690..9ed0b1bb07 100644 --- a/charts/ingress-nginx/templates/default-backend-serviceaccount.yaml +++ b/charts/ingress-nginx/templates/default-backend-serviceaccount.yaml @@ -5,6 +5,9 @@ metadata: labels: {{- include "ingress-nginx.labels" . | nindent 4 }} app.kubernetes.io/component: default-backend + {{- with .Values.rbac.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} name: {{ template "ingress-nginx.defaultBackend.serviceAccountName" . }} namespace: {{ .Release.Namespace }} automountServiceAccountToken: {{ .Values.defaultBackend.serviceAccount.automountServiceAccountToken }} diff --git a/charts/ingress-nginx/values.yaml b/charts/ingress-nginx/values.yaml index d572f3e62b..97950a789d 100644 --- a/charts/ingress-nginx/values.yaml +++ b/charts/ingress-nginx/values.yaml @@ -845,6 +845,8 @@ defaultBackend: rbac: create: true scope: false + ## Labels to be added to the RBAC resources + labels: {} # If true, create & use Pod Security Policy resources # https://kubernetes.io/docs/concepts/policy/pod-security-policy/ From 3e361dd5a35678b1d6d49714fd6ac639101b85a5 Mon Sep 17 00:00:00 2001 From: Muhammad Hamza Zaib Date: Fri, 26 Mar 2021 06:43:57 +0100 Subject: [PATCH 2/5] Add labels to all resources --- .../admission-webhooks/job-patch/clusterrole.yaml | 3 +++ .../job-patch/clusterrolebinding.yaml | 3 +++ .../admission-webhooks/job-patch/job-createSecret.yaml | 6 ++++++ .../admission-webhooks/job-patch/job-patchWebhook.yaml | 6 ++++++ .../templates/admission-webhooks/job-patch/psp.yaml | 3 +++ .../templates/admission-webhooks/job-patch/role.yaml | 3 +++ .../admission-webhooks/job-patch/rolebinding.yaml | 3 +++ .../admission-webhooks/job-patch/serviceaccount.yaml | 3 +++ .../admission-webhooks/validating-webhook.yaml | 3 +++ charts/ingress-nginx/templates/clusterrole.yaml | 2 +- charts/ingress-nginx/templates/clusterrolebinding.yaml | 2 +- .../templates/controller-configmap-addheaders.yaml | 3 +++ .../templates/controller-configmap-proxyheaders.yaml | 3 +++ .../templates/controller-configmap-tcp.yaml | 3 +++ .../templates/controller-configmap-udp.yaml | 3 +++ .../ingress-nginx/templates/controller-configmap.yaml | 3 +++ charts/ingress-nginx/templates/controller-hpa.yaml | 3 +++ charts/ingress-nginx/templates/controller-keda.yaml | 3 +++ .../templates/controller-poddisruptionbudget.yaml | 3 +++ charts/ingress-nginx/templates/controller-psp.yaml | 3 +++ charts/ingress-nginx/templates/controller-role.yaml | 2 +- .../templates/controller-rolebinding.yaml | 2 +- .../templates/controller-service-webhook.yaml | 3 +++ .../templates/controller-serviceaccount.yaml | 2 +- .../templates/default-backend-deployment.yaml | 3 +++ .../ingress-nginx/templates/default-backend-hpa.yaml | 3 +++ .../templates/default-backend-poddisruptionbudget.yaml | 3 +++ .../ingress-nginx/templates/default-backend-psp.yaml | 3 +++ .../ingress-nginx/templates/default-backend-role.yaml | 2 +- .../templates/default-backend-rolebinding.yaml | 2 +- .../templates/default-backend-service.yaml | 3 +++ .../templates/default-backend-serviceaccount.yaml | 2 +- charts/ingress-nginx/values.yaml | 10 +++++++--- 33 files changed, 93 insertions(+), 11 deletions(-) diff --git a/charts/ingress-nginx/templates/admission-webhooks/job-patch/clusterrole.yaml b/charts/ingress-nginx/templates/admission-webhooks/job-patch/clusterrole.yaml index fd762f9354..5659a1f109 100644 --- a/charts/ingress-nginx/templates/admission-webhooks/job-patch/clusterrole.yaml +++ b/charts/ingress-nginx/templates/admission-webhooks/job-patch/clusterrole.yaml @@ -9,6 +9,9 @@ metadata: labels: {{- include "ingress-nginx.labels" . | nindent 4 }} app.kubernetes.io/component: admission-webhook + {{- with .Values.controller.admissionWebhooks.patch.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} rules: - apiGroups: - admissionregistration.k8s.io diff --git a/charts/ingress-nginx/templates/admission-webhooks/job-patch/clusterrolebinding.yaml b/charts/ingress-nginx/templates/admission-webhooks/job-patch/clusterrolebinding.yaml index 4990fb1c34..abf17fb9fa 100644 --- a/charts/ingress-nginx/templates/admission-webhooks/job-patch/clusterrolebinding.yaml +++ b/charts/ingress-nginx/templates/admission-webhooks/job-patch/clusterrolebinding.yaml @@ -9,6 +9,9 @@ metadata: labels: {{- include "ingress-nginx.labels" . | nindent 4 }} app.kubernetes.io/component: admission-webhook + {{- with .Values.controller.admissionWebhooks.patch.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole diff --git a/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml b/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml index 1f58bdce7b..a4721aa8db 100644 --- a/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml +++ b/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml @@ -10,6 +10,9 @@ metadata: labels: {{- include "ingress-nginx.labels" . | nindent 4 }} app.kubernetes.io/component: admission-webhook + {{- with .Values.controller.admissionWebhooks.patch.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: {{- if .Capabilities.APIVersions.Has "batch/v1alpha1" }} # Alpha feature since k8s 1.12 @@ -24,6 +27,9 @@ spec: labels: {{- include "ingress-nginx.labels" . | nindent 8 }} app.kubernetes.io/component: admission-webhook + {{- with .Values.controller.admissionWebhooks.patch.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: {{- if .Values.controller.admissionWebhooks.patch.priorityClassName }} priorityClassName: {{ .Values.controller.admissionWebhooks.patch.priorityClassName }} diff --git a/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml b/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml index 6d01ad2304..6eee7b086b 100644 --- a/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml +++ b/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml @@ -10,6 +10,9 @@ metadata: labels: {{- include "ingress-nginx.labels" . | nindent 4 }} app.kubernetes.io/component: admission-webhook + {{- with .Values.controller.admissionWebhooks.patch.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: {{- if .Capabilities.APIVersions.Has "batch/v1alpha1" }} # Alpha feature since k8s 1.12 @@ -24,6 +27,9 @@ spec: labels: {{- include "ingress-nginx.labels" . | nindent 8 }} app.kubernetes.io/component: admission-webhook + {{- with .Values.controller.admissionWebhooks.patch.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: {{- if .Values.controller.admissionWebhooks.patch.priorityClassName }} priorityClassName: {{ .Values.controller.admissionWebhooks.patch.priorityClassName }} diff --git a/charts/ingress-nginx/templates/admission-webhooks/job-patch/psp.yaml b/charts/ingress-nginx/templates/admission-webhooks/job-patch/psp.yaml index d2c7de6858..70edde334e 100644 --- a/charts/ingress-nginx/templates/admission-webhooks/job-patch/psp.yaml +++ b/charts/ingress-nginx/templates/admission-webhooks/job-patch/psp.yaml @@ -9,6 +9,9 @@ metadata: labels: {{- include "ingress-nginx.labels" . | nindent 4 }} app.kubernetes.io/component: admission-webhook + {{- with .Values.controller.admissionWebhooks.patch.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: allowPrivilegeEscalation: false fsGroup: diff --git a/charts/ingress-nginx/templates/admission-webhooks/job-patch/role.yaml b/charts/ingress-nginx/templates/admission-webhooks/job-patch/role.yaml index 9b083ee6e3..795bac6b93 100644 --- a/charts/ingress-nginx/templates/admission-webhooks/job-patch/role.yaml +++ b/charts/ingress-nginx/templates/admission-webhooks/job-patch/role.yaml @@ -10,6 +10,9 @@ metadata: labels: {{- include "ingress-nginx.labels" . | nindent 4 }} app.kubernetes.io/component: admission-webhook + {{- with .Values.controller.admissionWebhooks.patch.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} rules: - apiGroups: - "" diff --git a/charts/ingress-nginx/templates/admission-webhooks/job-patch/rolebinding.yaml b/charts/ingress-nginx/templates/admission-webhooks/job-patch/rolebinding.yaml index edda07f5d9..698c5c8640 100644 --- a/charts/ingress-nginx/templates/admission-webhooks/job-patch/rolebinding.yaml +++ b/charts/ingress-nginx/templates/admission-webhooks/job-patch/rolebinding.yaml @@ -10,6 +10,9 @@ metadata: labels: {{- include "ingress-nginx.labels" . | nindent 4 }} app.kubernetes.io/component: admission-webhook + {{- with .Values.controller.admissionWebhooks.patch.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role diff --git a/charts/ingress-nginx/templates/admission-webhooks/job-patch/serviceaccount.yaml b/charts/ingress-nginx/templates/admission-webhooks/job-patch/serviceaccount.yaml index 1ff0f7f0e5..eae4751186 100644 --- a/charts/ingress-nginx/templates/admission-webhooks/job-patch/serviceaccount.yaml +++ b/charts/ingress-nginx/templates/admission-webhooks/job-patch/serviceaccount.yaml @@ -10,4 +10,7 @@ metadata: labels: {{- include "ingress-nginx.labels" . | nindent 4 }} app.kubernetes.io/component: admission-webhook + {{- with .Values.controller.admissionWebhooks.patch.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} {{- end }} diff --git a/charts/ingress-nginx/templates/admission-webhooks/validating-webhook.yaml b/charts/ingress-nginx/templates/admission-webhooks/validating-webhook.yaml index 712f74fdd3..8caffcb03e 100644 --- a/charts/ingress-nginx/templates/admission-webhooks/validating-webhook.yaml +++ b/charts/ingress-nginx/templates/admission-webhooks/validating-webhook.yaml @@ -10,6 +10,9 @@ metadata: labels: {{- include "ingress-nginx.labels" . | nindent 4 }} app.kubernetes.io/component: admission-webhook + {{- with .Values.controller.admissionWebhooks.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} name: {{ include "ingress-nginx.fullname" . }}-admission webhooks: - name: validate.nginx.ingress.kubernetes.io diff --git a/charts/ingress-nginx/templates/clusterrole.yaml b/charts/ingress-nginx/templates/clusterrole.yaml index 19122f3730..c093f048a0 100644 --- a/charts/ingress-nginx/templates/clusterrole.yaml +++ b/charts/ingress-nginx/templates/clusterrole.yaml @@ -10,7 +10,7 @@ kind: ClusterRole metadata: labels: {{- include "ingress-nginx.labels" . | nindent 4 }} - {{- with .Values.rbac.labels }} + {{- with .Values.controller.labels }} {{- toYaml . | nindent 4 }} {{- end }} name: {{ include "ingress-nginx.fullname" . }} diff --git a/charts/ingress-nginx/templates/clusterrolebinding.yaml b/charts/ingress-nginx/templates/clusterrolebinding.yaml index dd3be5e51e..acbbd8b10d 100644 --- a/charts/ingress-nginx/templates/clusterrolebinding.yaml +++ b/charts/ingress-nginx/templates/clusterrolebinding.yaml @@ -4,7 +4,7 @@ kind: ClusterRoleBinding metadata: labels: {{- include "ingress-nginx.labels" . | nindent 4 }} - {{- with .Values.rbac.labels }} + {{- with .Values.controller.labels }} {{- toYaml . | nindent 4 }} {{- end }} name: {{ include "ingress-nginx.fullname" . }} diff --git a/charts/ingress-nginx/templates/controller-configmap-addheaders.yaml b/charts/ingress-nginx/templates/controller-configmap-addheaders.yaml index e0b7a0f21a..dfd49a1267 100644 --- a/charts/ingress-nginx/templates/controller-configmap-addheaders.yaml +++ b/charts/ingress-nginx/templates/controller-configmap-addheaders.yaml @@ -5,6 +5,9 @@ metadata: labels: {{- include "ingress-nginx.labels" . | nindent 4 }} app.kubernetes.io/component: controller + {{- with .Values.controller.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} name: {{ include "ingress-nginx.fullname" . }}-custom-add-headers namespace: {{ .Release.Namespace }} data: {{ toYaml .Values.controller.addHeaders | nindent 2 }} diff --git a/charts/ingress-nginx/templates/controller-configmap-proxyheaders.yaml b/charts/ingress-nginx/templates/controller-configmap-proxyheaders.yaml index 91f22f03d9..f8d15faf96 100644 --- a/charts/ingress-nginx/templates/controller-configmap-proxyheaders.yaml +++ b/charts/ingress-nginx/templates/controller-configmap-proxyheaders.yaml @@ -5,6 +5,9 @@ metadata: labels: {{- include "ingress-nginx.labels" . | nindent 4 }} app.kubernetes.io/component: controller + {{- with .Values.controller.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} name: {{ include "ingress-nginx.fullname" . }}-custom-proxy-headers namespace: {{ .Release.Namespace }} data: diff --git a/charts/ingress-nginx/templates/controller-configmap-tcp.yaml b/charts/ingress-nginx/templates/controller-configmap-tcp.yaml index aaf336fb30..0f6088ea90 100644 --- a/charts/ingress-nginx/templates/controller-configmap-tcp.yaml +++ b/charts/ingress-nginx/templates/controller-configmap-tcp.yaml @@ -5,6 +5,9 @@ metadata: labels: {{- include "ingress-nginx.labels" . | nindent 4 }} app.kubernetes.io/component: controller + {{- with .Values.controller.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} {{- if .Values.controller.tcp.annotations }} annotations: {{ toYaml .Values.controller.tcp.annotations | nindent 4 }} {{- end }} diff --git a/charts/ingress-nginx/templates/controller-configmap-udp.yaml b/charts/ingress-nginx/templates/controller-configmap-udp.yaml index 7f46791ecb..3772ec5143 100644 --- a/charts/ingress-nginx/templates/controller-configmap-udp.yaml +++ b/charts/ingress-nginx/templates/controller-configmap-udp.yaml @@ -5,6 +5,9 @@ metadata: labels: {{- include "ingress-nginx.labels" . | nindent 4 }} app.kubernetes.io/component: controller + {{- with .Values.controller.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} {{- if .Values.controller.udp.annotations }} annotations: {{ toYaml .Values.controller.udp.annotations | nindent 4 }} {{- end }} diff --git a/charts/ingress-nginx/templates/controller-configmap.yaml b/charts/ingress-nginx/templates/controller-configmap.yaml index 5d618420fc..f28b26e1e5 100644 --- a/charts/ingress-nginx/templates/controller-configmap.yaml +++ b/charts/ingress-nginx/templates/controller-configmap.yaml @@ -4,6 +4,9 @@ metadata: labels: {{- include "ingress-nginx.labels" . | nindent 4 }} app.kubernetes.io/component: controller + {{- with .Values.controller.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} {{- if .Values.controller.configAnnotations }} annotations: {{ toYaml .Values.controller.configAnnotations | nindent 4 }} {{- end }} diff --git a/charts/ingress-nginx/templates/controller-hpa.yaml b/charts/ingress-nginx/templates/controller-hpa.yaml index 876315f333..e0979f14bc 100644 --- a/charts/ingress-nginx/templates/controller-hpa.yaml +++ b/charts/ingress-nginx/templates/controller-hpa.yaml @@ -11,6 +11,9 @@ metadata: labels: {{- include "ingress-nginx.labels" . | nindent 4 }} app.kubernetes.io/component: controller + {{- with .Values.controller.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} name: {{ include "ingress-nginx.controller.fullname" . }} namespace: {{ .Release.Namespace }} spec: diff --git a/charts/ingress-nginx/templates/controller-keda.yaml b/charts/ingress-nginx/templates/controller-keda.yaml index c7eebf5c86..875157ea4e 100644 --- a/charts/ingress-nginx/templates/controller-keda.yaml +++ b/charts/ingress-nginx/templates/controller-keda.yaml @@ -7,6 +7,9 @@ metadata: labels: {{- include "ingress-nginx.labels" . | nindent 4 }} app.kubernetes.io/component: controller + {{- with .Values.controller.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} name: {{ include "ingress-nginx.controller.fullname" . }} {{- if .Values.controller.keda.scaledObject.annotations }} annotations: {{ toYaml .Values.controller.keda.scaledObject.annotations | nindent 4 }} diff --git a/charts/ingress-nginx/templates/controller-poddisruptionbudget.yaml b/charts/ingress-nginx/templates/controller-poddisruptionbudget.yaml index 9556f58631..8dfbe9891d 100644 --- a/charts/ingress-nginx/templates/controller-poddisruptionbudget.yaml +++ b/charts/ingress-nginx/templates/controller-poddisruptionbudget.yaml @@ -5,6 +5,9 @@ metadata: labels: {{- include "ingress-nginx.labels" . | nindent 4 }} app.kubernetes.io/component: controller + {{- with .Values.controller.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} name: {{ include "ingress-nginx.controller.fullname" . }} namespace: {{ .Release.Namespace }} spec: diff --git a/charts/ingress-nginx/templates/controller-psp.yaml b/charts/ingress-nginx/templates/controller-psp.yaml index bdb8563105..a859594d17 100644 --- a/charts/ingress-nginx/templates/controller-psp.yaml +++ b/charts/ingress-nginx/templates/controller-psp.yaml @@ -6,6 +6,9 @@ metadata: labels: {{- include "ingress-nginx.labels" . | nindent 4 }} app.kubernetes.io/component: controller + {{- with .Values.controller.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: allowedCapabilities: - NET_BIND_SERVICE diff --git a/charts/ingress-nginx/templates/controller-role.yaml b/charts/ingress-nginx/templates/controller-role.yaml index 040d1b68c4..47bbc32d00 100644 --- a/charts/ingress-nginx/templates/controller-role.yaml +++ b/charts/ingress-nginx/templates/controller-role.yaml @@ -5,7 +5,7 @@ metadata: labels: {{- include "ingress-nginx.labels" . | nindent 4 }} app.kubernetes.io/component: controller - {{- with .Values.rbac.labels }} + {{- with .Values.controller.labels }} {{- toYaml . | nindent 4 }} {{- end }} name: {{ include "ingress-nginx.fullname" . }} diff --git a/charts/ingress-nginx/templates/controller-rolebinding.yaml b/charts/ingress-nginx/templates/controller-rolebinding.yaml index 368923e915..e846a1183a 100644 --- a/charts/ingress-nginx/templates/controller-rolebinding.yaml +++ b/charts/ingress-nginx/templates/controller-rolebinding.yaml @@ -5,7 +5,7 @@ metadata: labels: {{- include "ingress-nginx.labels" . | nindent 4 }} app.kubernetes.io/component: controller - {{- with .Values.rbac.labels }} + {{- with .Values.controller.labels }} {{- toYaml . | nindent 4 }} {{- end }} name: {{ include "ingress-nginx.fullname" . }} diff --git a/charts/ingress-nginx/templates/controller-service-webhook.yaml b/charts/ingress-nginx/templates/controller-service-webhook.yaml index ae3b1fc922..2aae24fcf0 100644 --- a/charts/ingress-nginx/templates/controller-service-webhook.yaml +++ b/charts/ingress-nginx/templates/controller-service-webhook.yaml @@ -8,6 +8,9 @@ metadata: labels: {{- include "ingress-nginx.labels" . | nindent 4 }} app.kubernetes.io/component: controller + {{- with .Values.controller.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} name: {{ include "ingress-nginx.controller.fullname" . }}-admission namespace: {{ .Release.Namespace }} spec: diff --git a/charts/ingress-nginx/templates/controller-serviceaccount.yaml b/charts/ingress-nginx/templates/controller-serviceaccount.yaml index a4dc88a229..a4d7db5d24 100644 --- a/charts/ingress-nginx/templates/controller-serviceaccount.yaml +++ b/charts/ingress-nginx/templates/controller-serviceaccount.yaml @@ -5,7 +5,7 @@ metadata: labels: {{- include "ingress-nginx.labels" . | nindent 4 }} app.kubernetes.io/component: controller - {{- with .Values.rbac.labels }} + {{- with .Values.controller.labels }} {{- toYaml . | nindent 4 }} {{- end }} name: {{ template "ingress-nginx.serviceAccountName" . }} diff --git a/charts/ingress-nginx/templates/default-backend-deployment.yaml b/charts/ingress-nginx/templates/default-backend-deployment.yaml index 99345269ba..f409191217 100644 --- a/charts/ingress-nginx/templates/default-backend-deployment.yaml +++ b/charts/ingress-nginx/templates/default-backend-deployment.yaml @@ -5,6 +5,9 @@ metadata: labels: {{- include "ingress-nginx.labels" . | nindent 4 }} app.kubernetes.io/component: default-backend + {{- with .Values.defaultBackend.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} name: {{ include "ingress-nginx.defaultBackend.fullname" . }} namespace: {{ .Release.Namespace }} spec: diff --git a/charts/ingress-nginx/templates/default-backend-hpa.yaml b/charts/ingress-nginx/templates/default-backend-hpa.yaml index e31fda3f9a..594d26525b 100644 --- a/charts/ingress-nginx/templates/default-backend-hpa.yaml +++ b/charts/ingress-nginx/templates/default-backend-hpa.yaml @@ -5,6 +5,9 @@ metadata: labels: {{- include "ingress-nginx.labels" . | nindent 4 }} app.kubernetes.io/component: default-backend + {{- with .Values.defaultBackend.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} name: {{ template "ingress-nginx.defaultBackend.fullname" . }} namespace: {{ .Release.Namespace }} spec: diff --git a/charts/ingress-nginx/templates/default-backend-poddisruptionbudget.yaml b/charts/ingress-nginx/templates/default-backend-poddisruptionbudget.yaml index 9e586aa210..3a6e8ebde4 100644 --- a/charts/ingress-nginx/templates/default-backend-poddisruptionbudget.yaml +++ b/charts/ingress-nginx/templates/default-backend-poddisruptionbudget.yaml @@ -5,6 +5,9 @@ metadata: labels: {{- include "ingress-nginx.labels" . | nindent 4 }} app.kubernetes.io/component: default-backend + {{- with .Values.defaultBackend.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} name: {{ include "ingress-nginx.defaultBackend.fullname" . }} namespace: {{ .Release.Namespace }} spec: diff --git a/charts/ingress-nginx/templates/default-backend-psp.yaml b/charts/ingress-nginx/templates/default-backend-psp.yaml index 716dbf16fe..42061c5d33 100644 --- a/charts/ingress-nginx/templates/default-backend-psp.yaml +++ b/charts/ingress-nginx/templates/default-backend-psp.yaml @@ -6,6 +6,9 @@ metadata: labels: {{- include "ingress-nginx.labels" . | nindent 4 }} app.kubernetes.io/component: default-backend + {{- with .Values.defaultBackend.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: allowPrivilegeEscalation: false fsGroup: diff --git a/charts/ingress-nginx/templates/default-backend-role.yaml b/charts/ingress-nginx/templates/default-backend-role.yaml index 009e736c75..a2b457c361 100644 --- a/charts/ingress-nginx/templates/default-backend-role.yaml +++ b/charts/ingress-nginx/templates/default-backend-role.yaml @@ -5,7 +5,7 @@ metadata: labels: {{- include "ingress-nginx.labels" . | nindent 4 }} app.kubernetes.io/component: default-backend - {{- with .Values.rbac.labels }} + {{- with .Values.defaultBackend.labels }} {{- toYaml . | nindent 4 }} {{- end }} name: {{ include "ingress-nginx.fullname" . }}-backend diff --git a/charts/ingress-nginx/templates/default-backend-rolebinding.yaml b/charts/ingress-nginx/templates/default-backend-rolebinding.yaml index 1a1e1b9cd7..dbaa516b95 100644 --- a/charts/ingress-nginx/templates/default-backend-rolebinding.yaml +++ b/charts/ingress-nginx/templates/default-backend-rolebinding.yaml @@ -5,7 +5,7 @@ metadata: labels: {{- include "ingress-nginx.labels" . | nindent 4 }} app.kubernetes.io/component: default-backend - {{- with .Values.rbac.labels }} + {{- with .Values.defaultBackend.labels }} {{- toYaml . | nindent 4 }} {{- end }} name: {{ include "ingress-nginx.fullname" . }}-backend diff --git a/charts/ingress-nginx/templates/default-backend-service.yaml b/charts/ingress-nginx/templates/default-backend-service.yaml index f59eb1e7cc..5f1d09a954 100644 --- a/charts/ingress-nginx/templates/default-backend-service.yaml +++ b/charts/ingress-nginx/templates/default-backend-service.yaml @@ -8,6 +8,9 @@ metadata: labels: {{- include "ingress-nginx.labels" . | nindent 4 }} app.kubernetes.io/component: default-backend + {{- with .Values.defaultBackend.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} name: {{ include "ingress-nginx.defaultBackend.fullname" . }} namespace: {{ .Release.Namespace }} spec: diff --git a/charts/ingress-nginx/templates/default-backend-serviceaccount.yaml b/charts/ingress-nginx/templates/default-backend-serviceaccount.yaml index 9ed0b1bb07..b45a95ad25 100644 --- a/charts/ingress-nginx/templates/default-backend-serviceaccount.yaml +++ b/charts/ingress-nginx/templates/default-backend-serviceaccount.yaml @@ -5,7 +5,7 @@ metadata: labels: {{- include "ingress-nginx.labels" . | nindent 4 }} app.kubernetes.io/component: default-backend - {{- with .Values.rbac.labels }} + {{- with .Values.defaultBackend.labels }} {{- toYaml . | nindent 4 }} {{- end }} name: {{ template "ingress-nginx.defaultBackend.serviceAccountName" . }} diff --git a/charts/ingress-nginx/values.yaml b/charts/ingress-nginx/values.yaml index 97950a789d..d11fc5a2d5 100644 --- a/charts/ingress-nginx/values.yaml +++ b/charts/ingress-nginx/values.yaml @@ -187,7 +187,7 @@ controller: annotations: {} # keel.sh/pollSchedule: "@every 60m" - ## Labels to be added to the controller Deployment or DaemonSet + ## Labels to be added to the controller Deployment or DaemonSet and other resources that do not have option to specify labels ## labels: {} # keel.sh/policy: patch @@ -563,6 +563,8 @@ controller: key: "/usr/local/certificates/key" namespaceSelector: {} objectSelector: {} + ## Labels to be added to admission webhooks + labels: {} # Use an existing PSP instead of creating one existingPsp: "" @@ -606,6 +608,8 @@ controller: nodeSelector: kubernetes.io/os: linux tolerations: [] + ## Labels to be added to patch job resources + labels: {} runAsUser: 2000 metrics: @@ -840,13 +844,13 @@ defaultBackend: type: ClusterIP priorityClassName: "" + ## Labels to be added to the default backend resources + labels: {} ## Enable RBAC as per https://github.com/kubernetes/ingress-nginx/blob/main/docs/deploy/rbac.md and https://github.com/kubernetes/ingress-nginx/issues/266 rbac: create: true scope: false - ## Labels to be added to the RBAC resources - labels: {} # If true, create & use Pod Security Policy resources # https://kubernetes.io/docs/concepts/policy/pod-security-policy/ From cc536bdd8579f1ca9e7c78894e19093882532b1c Mon Sep 17 00:00:00 2001 From: Muhammad Hamza Zaib Date: Fri, 26 Mar 2021 06:53:08 +0100 Subject: [PATCH 3/5] Fix labels indentaton in patch jobs --- .../admission-webhooks/job-patch/job-createSecret.yaml | 2 +- .../admission-webhooks/job-patch/job-patchWebhook.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml b/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml index a4721aa8db..185271951f 100644 --- a/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml +++ b/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml @@ -28,7 +28,7 @@ spec: {{- include "ingress-nginx.labels" . | nindent 8 }} app.kubernetes.io/component: admission-webhook {{- with .Values.controller.admissionWebhooks.patch.labels }} - {{- toYaml . | nindent 4 }} + {{- toYaml . | nindent 8 }} {{- end }} spec: {{- if .Values.controller.admissionWebhooks.patch.priorityClassName }} diff --git a/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml b/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml index 6eee7b086b..053c172733 100644 --- a/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml +++ b/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml @@ -28,7 +28,7 @@ spec: {{- include "ingress-nginx.labels" . | nindent 8 }} app.kubernetes.io/component: admission-webhook {{- with .Values.controller.admissionWebhooks.patch.labels }} - {{- toYaml . | nindent 4 }} + {{- toYaml . | nindent 8 }} {{- end }} spec: {{- if .Values.controller.admissionWebhooks.patch.priorityClassName }} From 37bb4e2c1ef4ac8405ffcc872f21276b38321b02 Mon Sep 17 00:00:00 2001 From: Muhammad Hamza Zaib Date: Thu, 18 Nov 2021 18:07:19 +0100 Subject: [PATCH 4/5] Add controller and default backend labels to pods Signed-off-by: Muhammad Hamza Zaib --- charts/ingress-nginx/templates/controller-daemonset.yaml | 3 +++ charts/ingress-nginx/templates/controller-deployment.yaml | 3 +++ charts/ingress-nginx/templates/default-backend-deployment.yaml | 3 +++ 3 files changed, 9 insertions(+) diff --git a/charts/ingress-nginx/templates/controller-daemonset.yaml b/charts/ingress-nginx/templates/controller-daemonset.yaml index 5f71d44149..365a3cea79 100644 --- a/charts/ingress-nginx/templates/controller-daemonset.yaml +++ b/charts/ingress-nginx/templates/controller-daemonset.yaml @@ -35,6 +35,9 @@ spec: labels: {{- include "ingress-nginx.selectorLabels" . | nindent 8 }} app.kubernetes.io/component: controller + {{- with .Values.controller.labels }} + {{- toYaml . | nindent 8 }} + {{- end }} {{- if .Values.controller.podLabels }} {{- toYaml .Values.controller.podLabels | nindent 8 }} {{- end }} diff --git a/charts/ingress-nginx/templates/controller-deployment.yaml b/charts/ingress-nginx/templates/controller-deployment.yaml index 93fada79ef..2c0641bb58 100644 --- a/charts/ingress-nginx/templates/controller-deployment.yaml +++ b/charts/ingress-nginx/templates/controller-deployment.yaml @@ -39,6 +39,9 @@ spec: labels: {{- include "ingress-nginx.selectorLabels" . | nindent 8 }} app.kubernetes.io/component: controller + {{- with .Values.controller.labels }} + {{- toYaml . | nindent 8 }} + {{- end }} {{- if .Values.controller.podLabels }} {{- toYaml .Values.controller.podLabels | nindent 8 }} {{- end }} diff --git a/charts/ingress-nginx/templates/default-backend-deployment.yaml b/charts/ingress-nginx/templates/default-backend-deployment.yaml index f409191217..fd3e96e9ef 100644 --- a/charts/ingress-nginx/templates/default-backend-deployment.yaml +++ b/charts/ingress-nginx/templates/default-backend-deployment.yaml @@ -27,6 +27,9 @@ spec: labels: {{- include "ingress-nginx.selectorLabels" . | nindent 8 }} app.kubernetes.io/component: default-backend + {{- with .Values.defaultBackend.labels }} + {{- toYaml . | nindent 8 }} + {{- end }} {{- if .Values.defaultBackend.podLabels }} {{- toYaml .Values.defaultBackend.podLabels | nindent 8 }} {{- end }} From c362d00f1757fbe4f7dd5ffc9c85ac8d7dfa7902 Mon Sep 17 00:00:00 2001 From: Muhammad Hamza Zaib Date: Thu, 18 Nov 2021 18:11:26 +0100 Subject: [PATCH 5/5] Bump chart version and update changelog Signed-off-by: Muhammad Hamza Zaib --- charts/ingress-nginx/CHANGELOG.md | 4 ++++ charts/ingress-nginx/Chart.yaml | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/charts/ingress-nginx/CHANGELOG.md b/charts/ingress-nginx/CHANGELOG.md index aea4d54530..ba368c30fd 100644 --- a/charts/ingress-nginx/CHANGELOG.md +++ b/charts/ingress-nginx/CHANGELOG.md @@ -2,6 +2,10 @@ This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). +### 4.0.9 + +- [6992] https://github.com/kubernetes/ingress-nginx/pull/6992 Add ability to specify labels for all resources + ### 4.0.7 - [7923] https://github.com/kubernetes/ingress-nginx/pull/7923 Release v1.0.5 of ingress-nginx diff --git a/charts/ingress-nginx/Chart.yaml b/charts/ingress-nginx/Chart.yaml index 2c3d8e5ae5..20470c7182 100644 --- a/charts/ingress-nginx/Chart.yaml +++ b/charts/ingress-nginx/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: ingress-nginx # When the version is modified, make sure the artifacthub.io/changes list is updated # Also update CHANGELOG.md -version: 4.0.8 +version: 4.0.9 appVersion: 1.0.5 home: https://github.com/kubernetes/ingress-nginx description: Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer