diff --git a/packages/rke2-ingress-nginx/generated-changes/patch/Chart.yaml.patch b/packages/rke2-ingress-nginx/generated-changes/patch/Chart.yaml.patch index 4dcf9c2..83e7b04 100644 --- a/packages/rke2-ingress-nginx/generated-changes/patch/Chart.yaml.patch +++ b/packages/rke2-ingress-nginx/generated-changes/patch/Chart.yaml.patch @@ -1,11 +1,11 @@ --- charts-original/Chart.yaml +++ charts/Chart.yaml -@@ -19,7 +19,7 @@ - - name: rikatz +@@ -18,7 +18,7 @@ + - name: Gacko - name: strongjz - name: tao12345666333 -name: ingress-nginx +name: rke2-ingress-nginx sources: - https://github.com/kubernetes/ingress-nginx - version: 4.10.5 + version: 4.12.0 diff --git a/packages/rke2-ingress-nginx/generated-changes/patch/templates/_helpers.tpl.patch b/packages/rke2-ingress-nginx/generated-changes/patch/templates/_helpers.tpl.patch index 35ad841..81c9b39 100644 --- a/packages/rke2-ingress-nginx/generated-changes/patch/templates/_helpers.tpl.patch +++ b/packages/rke2-ingress-nginx/generated-changes/patch/templates/_helpers.tpl.patch @@ -1,6 +1,6 @@ --- charts-original/templates/_helpers.tpl +++ charts/templates/_helpers.tpl -@@ -69,11 +69,11 @@ +@@ -70,11 +70,11 @@ {{/* Get specific image */}} @@ -15,7 +15,7 @@ {{- end }} {{- end -}} -@@ -259,3 +259,15 @@ +@@ -261,3 +261,15 @@ - name: modules mountPath: /modules_mount {{- end -}} diff --git a/packages/rke2-ingress-nginx/generated-changes/patch/templates/_params.tpl.patch b/packages/rke2-ingress-nginx/generated-changes/patch/templates/_params.tpl.patch index af63aaf..aad9001 100644 --- a/packages/rke2-ingress-nginx/generated-changes/patch/templates/_params.tpl.patch +++ b/packages/rke2-ingress-nginx/generated-changes/patch/templates/_params.tpl.patch @@ -8,4 +8,4 @@ +{{- if or (.Values.controller.watchIngressWithoutClass) (eq .Values.global.systemDefaultIngressClass "ingress-nginx") }} - --watch-ingress-without-class=true {{- end }} - {{- if not .Values.controller.metrics.enabled }} + {{- if .Values.controller.metrics.enabled }} diff --git a/packages/rke2-ingress-nginx/generated-changes/patch/templates/admission-webhooks/job-patch/job-createSecret.yaml.patch b/packages/rke2-ingress-nginx/generated-changes/patch/templates/admission-webhooks/job-patch/job-createSecret.yaml.patch index 067ab2a..097d823 100644 --- a/packages/rke2-ingress-nginx/generated-changes/patch/templates/admission-webhooks/job-patch/job-createSecret.yaml.patch +++ b/packages/rke2-ingress-nginx/generated-changes/patch/templates/admission-webhooks/job-patch/job-createSecret.yaml.patch @@ -1,13 +1,11 @@ --- charts-original/templates/admission-webhooks/job-patch/job-createSecret.yaml +++ charts/templates/admission-webhooks/job-patch/job-createSecret.yaml -@@ -42,9 +42,7 @@ - {{- end }} +@@ -43,7 +43,7 @@ containers: - name: create -- {{- with .Values.controller.admissionWebhooks.patch.image }} + {{- with (merge .Values.controller.admissionWebhooks.patch.image .Values.global.image) }} - image: {{ if .repository }}{{ .repository }}{{ else }}{{ .registry }}/{{ .image }}{{ end }}:{{ .tag }}{{ if .digest }}@{{ .digest }}{{ end }} -- {{- end }} + image: "{{ template "system_default_registry" . }}{{ template "repository_or_registry_and_image" .Values.controller.admissionWebhooks.patch.image }}" + {{- end }} imagePullPolicy: {{ .Values.controller.admissionWebhooks.patch.image.pullPolicy }} args: - - create diff --git a/packages/rke2-ingress-nginx/generated-changes/patch/templates/admission-webhooks/job-patch/job-patchWebhook.yaml.patch b/packages/rke2-ingress-nginx/generated-changes/patch/templates/admission-webhooks/job-patch/job-patchWebhook.yaml.patch index ac3105b..0ef955e 100644 --- a/packages/rke2-ingress-nginx/generated-changes/patch/templates/admission-webhooks/job-patch/job-patchWebhook.yaml.patch +++ b/packages/rke2-ingress-nginx/generated-changes/patch/templates/admission-webhooks/job-patch/job-patchWebhook.yaml.patch @@ -1,13 +1,11 @@ --- charts-original/templates/admission-webhooks/job-patch/job-patchWebhook.yaml +++ charts/templates/admission-webhooks/job-patch/job-patchWebhook.yaml -@@ -42,9 +42,7 @@ - {{- end }} +@@ -43,7 +43,7 @@ containers: - name: patch -- {{- with .Values.controller.admissionWebhooks.patch.image }} + {{- with (merge .Values.controller.admissionWebhooks.patch.image .Values.global.image) }} - image: {{ if .repository }}{{ .repository }}{{ else }}{{ .registry }}/{{ .image }}{{ end }}:{{ .tag }}{{ if .digest }}@{{ .digest }}{{ end }} -- {{- end }} + image: "{{ template "system_default_registry" . }}{{ template "repository_or_registry_and_image" .Values.controller.admissionWebhooks.patch.image }}" + {{- end }} imagePullPolicy: {{ .Values.controller.admissionWebhooks.patch.image.pullPolicy }} args: - - patch diff --git a/packages/rke2-ingress-nginx/generated-changes/patch/templates/controller-daemonset.yaml.patch b/packages/rke2-ingress-nginx/generated-changes/patch/templates/controller-daemonset.yaml.patch index 64d0528..45a8148 100644 --- a/packages/rke2-ingress-nginx/generated-changes/patch/templates/controller-daemonset.yaml.patch +++ b/packages/rke2-ingress-nginx/generated-changes/patch/templates/controller-daemonset.yaml.patch @@ -1,13 +1,11 @@ --- charts-original/templates/controller-daemonset.yaml +++ charts/templates/controller-daemonset.yaml -@@ -75,9 +75,7 @@ - {{- end }} +@@ -76,7 +76,7 @@ containers: - name: {{ .Values.controller.containerName }} -- {{- with .Values.controller.image }} + {{- with (merge .Values.controller.image .Values.global.image) }} - image: {{ if .repository }}{{ .repository }}{{ else }}{{ .registry }}/{{ include "ingress-nginx.image" . }}{{ end }}:{{ .tag }}{{ include "ingress-nginx.imageDigest" . }} -- {{- end }} + image: "{{ template "system_default_registry" . }}{{ template "repository_or_registry_and_image" .Values.controller.image }}" + {{- end }} imagePullPolicy: {{ .Values.controller.image.pullPolicy }} {{- if .Values.controller.lifecycle }} - lifecycle: {{ toYaml .Values.controller.lifecycle | nindent 12 }} diff --git a/packages/rke2-ingress-nginx/generated-changes/patch/templates/controller-deployment.yaml.patch b/packages/rke2-ingress-nginx/generated-changes/patch/templates/controller-deployment.yaml.patch index 9f9c833..2a38e1d 100644 --- a/packages/rke2-ingress-nginx/generated-changes/patch/templates/controller-deployment.yaml.patch +++ b/packages/rke2-ingress-nginx/generated-changes/patch/templates/controller-deployment.yaml.patch @@ -1,13 +1,11 @@ --- charts-original/templates/controller-deployment.yaml +++ charts/templates/controller-deployment.yaml -@@ -78,9 +78,7 @@ - {{- end }} +@@ -82,7 +82,7 @@ containers: - name: {{ .Values.controller.containerName }} -- {{- with .Values.controller.image }} + {{- with (merge .Values.controller.image .Values.global.image) }} - image: {{ if .repository }}{{ .repository }}{{ else }}{{ .registry }}/{{ include "ingress-nginx.image" . }}{{ end }}:{{ .tag }}{{ include "ingress-nginx.imageDigest" . }} -- {{- end }} + image: "{{ template "system_default_registry" . }}{{ template "repository_or_registry_and_image" .Values.controller.image }}" + {{- end }} imagePullPolicy: {{ .Values.controller.image.pullPolicy }} {{- if .Values.controller.lifecycle }} - lifecycle: {{ toYaml .Values.controller.lifecycle | nindent 12 }} diff --git a/packages/rke2-ingress-nginx/generated-changes/patch/templates/controller-ingressclass.yaml.patch b/packages/rke2-ingress-nginx/generated-changes/patch/templates/controller-ingressclass.yaml.patch index 9279c06..98a764a 100644 --- a/packages/rke2-ingress-nginx/generated-changes/patch/templates/controller-ingressclass.yaml.patch +++ b/packages/rke2-ingress-nginx/generated-changes/patch/templates/controller-ingressclass.yaml.patch @@ -4,8 +4,8 @@ {{- toYaml . | nindent 4 }} {{- end }} name: {{ .Values.controller.ingressClassResource.name }} -- {{- if .Values.controller.ingressClassResource.default }} +- {{- if or .Values.controller.ingressClassResource.default .Values.controller.ingressClassResource.annotations }} + {{- if or (.Values.controller.ingressClassResource.default) (eq .Values.global.systemDefaultIngressClass "ingress-nginx") }} annotations: + {{- if .Values.controller.ingressClassResource.default }} ingressclass.kubernetes.io/is-default-class: "true" - {{- end }} diff --git a/packages/rke2-ingress-nginx/generated-changes/patch/templates/default-backend-deployment.yaml.patch b/packages/rke2-ingress-nginx/generated-changes/patch/templates/default-backend-deployment.yaml.patch index 2cc9013..447e42f 100644 --- a/packages/rke2-ingress-nginx/generated-changes/patch/templates/default-backend-deployment.yaml.patch +++ b/packages/rke2-ingress-nginx/generated-changes/patch/templates/default-backend-deployment.yaml.patch @@ -1,13 +1,11 @@ --- charts-original/templates/default-backend-deployment.yaml +++ charts/templates/default-backend-deployment.yaml -@@ -50,9 +50,7 @@ - {{- end }} +@@ -51,7 +51,7 @@ containers: - name: {{ template "ingress-nginx.name" . }}-default-backend -- {{- with .Values.defaultBackend.image }} + {{- with (merge .Values.defaultBackend.image .Values.global.image) }} - image: {{ if .repository }}{{ .repository }}{{ else }}{{ .registry }}/{{ .image }}{{ end }}:{{ .tag }}{{ if .digest }}@{{ .digest }}{{ end }} -- {{- end }} + image: "{{ template "system_default_registry" . }}{{ template "repository_or_registry_and_image" .Values.defaultBackend.image }}" + {{- end }} imagePullPolicy: {{ .Values.defaultBackend.image.pullPolicy }} {{- if .Values.defaultBackend.extraArgs }} - args: diff --git a/packages/rke2-ingress-nginx/generated-changes/patch/values.yaml.patch b/packages/rke2-ingress-nginx/generated-changes/patch/values.yaml.patch index 330dfa1..e668745 100644 --- a/packages/rke2-ingress-nginx/generated-changes/patch/values.yaml.patch +++ b/packages/rke2-ingress-nginx/generated-changes/patch/values.yaml.patch @@ -1,33 +1,32 @@ --- charts-original/values.yaml +++ charts/values.yaml -@@ -21,15 +21,11 @@ - image: +@@ -26,14 +26,11 @@ ## Keep false as default for now! chroot: false -- registry: registry.k8s.io + # registry: registry.k8s.io - image: ingress-nginx/controller + repository: rancher/nginx-ingress-controller ## for backwards compatibility consider setting the full image url via the repository value below ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail ## repository: -- tag: "v1.10.5" -- digest: sha256:c84d11b1f7bd14ebbf49918a7f0dc01b31c0c6e757e0129520ea93453096315c -- digestChroot: sha256:030a43bdd5f0212a7e135cc4da76b15a6706ef65a6824eb4cc401f87a81c2987 +- tag: "v1.12.0" +- digest: sha256:e6b8de175acda6ca913891f0f727bca4527e797d52688cbe9fec9040d6f6b6fa +- digestChroot: sha256:87c88e1c38a6c8d4483c8f70b69e2cca49853bb3ec3124b9b1be648edf139af3 - pullPolicy: IfNotPresent -+ tag: "v1.10.5-hardened6" ++ tag: "v1.12.0-hardened1" runAsNonRoot: true - # www-data -> uid 101 - runAsUser: 101 -@@ -40,7 +36,7 @@ - # -- Use an existing PSP instead of creating one - existingPsp: "" + # -- This value must not be changed using the official image. + # uid=101(www-data) gid=82(www-data) groups=82(www-data) +@@ -46,7 +43,7 @@ + type: RuntimeDefault + readOnlyRootFilesystem: false # -- Configures the controller container name - containerName: controller + containerName: rke2-ingress-nginx-controller # -- Configures the ports that the nginx-controller listens on containerPort: http: 80 -@@ -70,7 +66,7 @@ +@@ -77,7 +74,7 @@ # -- Optionally change this to ClusterFirstWithHostNet in case you have 'hostNetwork: true'. # By default, while using host network, name resolution uses the host's DNS. If you wish nginx-controller # to keep resolving names inside the k8s network, use ClusterFirstWithHostNet. @@ -36,7 +35,7 @@ # -- Bare-metal considerations via the host network https://kubernetes.github.io/ingress-nginx/deploy/baremetal/#via-the-host-network # Ingress status was blank because there is no Service exposing the Ingress-Nginx Controller in a configuration using the host network, the default --publish-service flag used in standard cloud setups does not apply reportNodeInternalIp: false -@@ -96,7 +92,7 @@ +@@ -107,7 +104,7 @@ ## Disabled by default hostPort: # -- Enable 'hostPort' or not @@ -45,7 +44,7 @@ ports: # -- 'hostPort' http port http: 80 -@@ -154,7 +150,7 @@ +@@ -174,7 +171,7 @@ # node or nodes where an ingress controller pod is running. publishService: # -- Enable 'publishService' or not @@ -54,7 +53,7 @@ # -- Allows overriding of the publish service to bind to # Must be / pathOverride: "" -@@ -201,7 +197,7 @@ +@@ -221,7 +218,7 @@ # name: secret-resource # -- Use a `DaemonSet` or `Deployment` @@ -63,7 +62,7 @@ # -- Annotations to be added to the controller Deployment or DaemonSet ## annotations: {} -@@ -453,7 +449,7 @@ +@@ -482,7 +479,7 @@ configMapKey: "" service: # -- Enable controller services or not. This does not influence the creation of either the admission webhook or the metrics service. @@ -72,7 +71,7 @@ external: # -- Enable the external controller service or not. Useful for internal-only deployments. enabled: true -@@ -748,6 +744,7 @@ +@@ -752,6 +749,7 @@ loadBalancerSourceRanges: [] servicePort: 443 type: ClusterIP @@ -80,26 +79,24 @@ createSecretJob: name: create # -- Security context for secret creation containers -@@ -785,13 +782,11 @@ - patch: +@@ -792,12 +790,11 @@ enabled: true image: -- registry: registry.k8s.io + # registry: registry.k8s.io - image: ingress-nginx/kube-webhook-certgen + repository: rancher/mirrored-ingress-nginx-kube-webhook-certgen ## for backwards compatibility consider setting the full image url via the repository value below ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail ## repository: - tag: v1.4.4 -- digest: sha256:a9f03b34a3cbfbb26d103a14046ab2c5130a80c3d69d526ff8063d2b37b9fd3f + tag: v1.5.0 +- digest: sha256:aaafd456bda110628b2d4ca6296f38731a3aaf0bf7581efae824a41c770a8fc4 pullPolicy: IfNotPresent # -- Provide a priority class name to the webhook patching job ## -@@ -928,12 +923,11 @@ - enabled: false +@@ -951,11 +948,11 @@ name: defaultbackend image: -- registry: registry.k8s.io + # registry: registry.k8s.io - image: defaultbackend-amd64 + repository: rancher/nginx-ingress-controller-defaultbackend ## for backwards compatibility consider setting the full image url via the repository value below @@ -110,7 +107,7 @@ pullPolicy: IfNotPresent runAsNonRoot: true # nobody user -> uid 65534 -@@ -1103,3 +1097,7 @@ +@@ -1191,3 +1188,7 @@ # This can be generated with: `openssl dhparam 4096 2> /dev/null | base64` ## Ref: https://github.com/kubernetes/ingress-nginx/tree/main/docs/examples/customization/ssl-dh-param dhParam: "" diff --git a/packages/rke2-ingress-nginx/package.yaml b/packages/rke2-ingress-nginx/package.yaml index e4a5653..49debba 100644 --- a/packages/rke2-ingress-nginx/package.yaml +++ b/packages/rke2-ingress-nginx/package.yaml @@ -1,4 +1,4 @@ -url: https://github.com/kubernetes/ingress-nginx/releases/download/helm-chart-4.10.5/ingress-nginx-4.10.5.tgz -packageVersion: 03 +url: https://github.com/kubernetes/ingress-nginx/releases/download/helm-chart-4.12.0/ingress-nginx-4.12.0.tgz +packageVersion: 00 # This repository does not use releaseCandidateVersions, so you can leave this as 00. releaseCandidateVersion: 00