{{- if eq .Values.controller.kind "deployment" }} apiVersion: apps/v1 kind: Deployment metadata: name: {{ default (include "nginx-ingress.name" .) .Values.controller.name }} namespace: {{ .Release.Namespace }} labels: {{- include "nginx-ingress.labels" . | nindent 4 }} spec: replicas: {{ .Values.controller.replicaCount }} selector: matchLabels: app: {{ include "nginx-ingress.appName" . }} template: metadata: labels: app: {{ include "nginx-ingress.appName" . }} {{- if .Values.controller.pod.extraLabels }} {{ toYaml .Values.controller.pod.extraLabels | indent 8 }} {{- end }} {{- if or (.Values.prometheus.create) (.Values.controller.pod.annotations) }} annotations: {{- if .Values.prometheus.create }} prometheus.io/scrape: "true" prometheus.io/port: "{{ .Values.prometheus.port }}" prometheus.io/scheme: "{{ .Values.prometheus.scheme }}" {{- end }} {{- if .Values.controller.pod.annotations }} {{ toYaml .Values.controller.pod.annotations | indent 8 }} {{- end }} {{- end }} spec: {{- if .Values.controller.nodeSelector }} nodeSelector: {{ toYaml .Values.controller.nodeSelector | indent 8 }} {{- end }} {{- if .Values.controller.tolerations }} tolerations: {{ toYaml .Values.controller.tolerations | indent 6 }} {{- end }} {{- if .Values.controller.affinity }} affinity: {{ toYaml .Values.controller.affinity | indent 8 }} {{- end }} {{- if .Values.controller.volumes }} volumes: {{ toYaml .Values.controller.volumes | indent 6 }} {{- end }} {{- if .Values.controller.priorityClassName }} priorityClassName: {{ .Values.controller.priorityClassName }} {{- end }} serviceAccountName: {{ include "nginx-ingress.serviceAccountName" . }} hostNetwork: {{ .Values.controller.hostNetwork }} containers: - image: "{{ .Values.controller.image.repository }}:{{ .Values.controller.image.tag }}" name: {{ include "nginx-ingress.name" . }} imagePullPolicy: "{{ .Values.controller.image.pullPolicy }}" ports: - name: http containerPort: 80 - name: https containerPort: 443 {{ if .Values.controller.customPorts }} {{ toYaml .Values.controller.customPorts | indent 8 }} {{ end }} {{- if .Values.prometheus.create }} - name: prometheus containerPort: {{ .Values.prometheus.port }} {{- end }} {{- if .Values.controller.readyStatus.enable }} - name: readiness-port containerPort: {{ .Values.controller.readyStatus.port}} readinessProbe: httpGet: path: /nginx-ready port: readiness-port periodSeconds: 1 {{- end }} resources: {{ toYaml .Values.controller.resources | indent 10 }} securityContext: allowPrivilegeEscalation: true runAsUser: 101 #nginx capabilities: drop: - ALL add: - NET_BIND_SERVICE {{- if .Values.controller.volumeMounts }} volumeMounts: {{ toYaml .Values.controller.volumeMounts | indent 8 }} {{- end }} env: - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name args: - -nginx-plus={{ .Values.controller.nginxplus }} - -nginx-reload-timeout={{ .Values.controller.nginxReloadTimeout }} - -enable-app-protect={{ .Values.controller.appprotect.enable }} - -nginx-configmaps=$(POD_NAMESPACE)/{{ include "nginx-ingress.configName" . }} {{- if .Values.controller.defaultTLS.secret }} - -default-server-tls-secret={{ .Values.controller.defaultTLS.secret }} {{ else }} - -default-server-tls-secret=$(POD_NAMESPACE)/{{ include "nginx-ingress.defaultTLSName" . }} {{- end }} - -ingress-class={{ .Values.controller.ingressClass }} {{- if .Values.controller.watchNamespace }} - -watch-namespace={{ .Values.controller.watchNamespace }} {{- end }} - -health-status={{ .Values.controller.healthStatus }} - -health-status-uri={{ .Values.controller.healthStatusURI }} - -nginx-debug={{ .Values.controller.nginxDebug }} - -v={{ .Values.controller.logLevel }} - -nginx-status={{ .Values.controller.nginxStatus.enable }} {{- if .Values.controller.nginxStatus.enable }} - -nginx-status-port={{ .Values.controller.nginxStatus.port }} - -nginx-status-allow-cidrs={{ .Values.controller.nginxStatus.allowCidrs }} {{- end }} {{- if .Values.controller.reportIngressStatus.enable }} - -report-ingress-status {{- if .Values.controller.reportIngressStatus.ingressLink }} - -ingresslink={{ .Values.controller.reportIngressStatus.ingressLink }} {{- else if .Values.controller.reportIngressStatus.externalService }} - -external-service={{ .Values.controller.reportIngressStatus.externalService }} {{- else if and (.Values.controller.service.create) (eq .Values.controller.service.type "LoadBalancer") }} - -external-service={{ include "nginx-ingress.serviceName" . }} {{- end }} - -enable-leader-election={{ .Values.controller.reportIngressStatus.enableLeaderElection }} - -leader-election-lock-name={{ include "nginx-ingress.leaderElectionName" . }} {{- end }} {{- if .Values.controller.wildcardTLS.secret }} - -wildcard-tls-secret={{ .Values.controller.wildcardTLS.secret }} {{- else if and .Values.controller.wildcardTLS.cert .Values.controller.wildcardTLS.key }} - -wildcard-tls-secret=$(POD_NAMESPACE)/{{ include "nginx-ingress.wildcardTLSName" . }} {{- end }} - -enable-prometheus-metrics={{ .Values.prometheus.create }} - -prometheus-metrics-listen-port={{ .Values.prometheus.port }} - -prometheus-tls-secret={{ .Values.prometheus.secret }} - -enable-custom-resources={{ .Values.controller.enableCustomResources }} {{- if .Values.controller.enableCustomResources }} - -enable-tls-passthrough={{ .Values.controller.enableTLSPassthrough }} - -enable-snippets={{ .Values.controller.enableSnippets }} - -enable-preview-policies={{ .Values.controller.enablePreviewPolicies }} {{- if .Values.controller.globalConfiguration.create }} - -global-configuration=$(POD_NAMESPACE)/{{ include "nginx-ingress.name" . }} {{- end }} {{- end }} - -ready-status={{ .Values.controller.readyStatus.enable }} - -ready-status-port={{ .Values.controller.readyStatus.port }} - -enable-latency-metrics={{ .Values.controller.enableLatencyMetrics }} {{- end }}