Skip to content

Commit

Permalink
Support all nginx configmap settings (#26)
Browse files Browse the repository at this point in the history
* Support all nginx configmap settings

* Sync Chart appVersion and tag, and add a note for future

* Add initial 1.4.0 changelog entry

* Use 2 as hpa min-replicas as before

* Update 1.4.0 changelog entry date to today
  • Loading branch information
Stevo Slavić authored Feb 10, 2020
1 parent 1a6b264 commit 1087df4
Show file tree
Hide file tree
Showing 8 changed files with 66 additions and 121 deletions.
7 changes: 7 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,12 @@ All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
and this project's packages adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).

## [v1.4.0] 2020-02-10

### Changed

- Support overriding all nginx configmap settings. ([#26](https://github.com/giantswarm/nginx-ingress-controller-app/pull/26))

## [v1.3.0] 2020-01-30

### Changed
Expand Down Expand Up @@ -42,6 +48,7 @@ and this project's packages adheres to [Semantic Versioning](http://semver.org/s

Previous versions changelog can be found [here](https://github.com/giantswarm/kubernetes-nginx-ingress-controller/blob/master/CHANGELOG.md)

[v1.4.0]: https://github.com/giantswarm/nginx-ingress-controller-app/releases/tag/v1.4.0
[v1.3.0]: https://github.com/giantswarm/nginx-ingress-controller-app/releases/tag/v1.3.0
[v1.2.1]: https://github.com/giantswarm/nginx-ingress-controller-app/releases/tag/v1.2.1
[v1.2.0]: https://github.com/giantswarm/nginx-ingress-controller-app/releases/tag/v1.2.0
Expand Down
2 changes: 1 addition & 1 deletion helm/nginx-ingress-controller-app/Chart.yaml
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
apiVersion: v1
appVersion: v0.27.1
appVersion: v0.28.0
description: A Helm chart for the nginx ingress-controller
home: https://github.com/giantswarm/nginx-ingress-controller-app
name: nginx-ingress-controller-app
Expand Down
31 changes: 24 additions & 7 deletions helm/nginx-ingress-controller-app/Configuration.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,17 +2,34 @@

This chart installs nginx-ingress-controller and its dependencies as managed applications. An Ingress Controller is a daemon, deployed as a Kubernetes Pod, that watches the apiserver's /ingresses endpoint for updates to the Ingress resource. Its job is to satisfy requests for Ingresses.


## Configuration

The following table lists the configurable parameters of the nginx-ingress-controller chart, its dependencies and default values.

Parameter | Description | Default
--- | --- | ---
`baseDomain` | Cluster base domain. Dynamically calculated during cluster creation. Manual change doesn't affect this value | 'aws'
`provider` | Provider identifier (`aws`/`azure`/`kvm`) | 'kvm'
`configmap.ingress-class` | Ingress class, which controller processes | `nginx`
`configmap.ssl-protocols` | SSL supported protocols | ''
`controller.service.enabled` | If true, create service | `true`
`baseDomain` | Cluster base domain. Dynamically calculated during cluster creation. Manual change doesn't affect this value | 'uun5a.k8s.ginger.eu-central-1.aws.gigantic.io'
`clusterID` | Cluster ID. Dynamically calculated during cluster creation. Manual change doesn't affect this value | 'uun5a'
`configmap` | Sets the nginx configmap configuration overrides. | See official docs for nginx [configmap configuration options](https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/configmap.md#configuration-options) and their defaults. Built-in overrides are covered below.
`configmap.error-log-level` | Configures the logging level of errors. | "error"
`configmap.hsts` | Enables or disables the HTTP Strict Transport Security (HSTS) header in servers running SSL. | "false"
`configmap.server-name-hash-bucket-size` | Sets the size of the bucket for the server names hash tables. | "1024"
`configmap.server-tokens` | Controlls whether to send NGINX Server header in responses and display NGINX version in error pages. | "false"
`configmap.worker-processes` | Sets the number of worker processes. | "4"
`configmap.use-forwarded-headers` | If true, NGINX passes the incoming `X-Forwarded-*` headers to upstreams. | "true"
`controller.annotationsPrefix` | Prefix of the Ingress annotations specific to the NGINX controller. | `nginx.ingress.kubernetes.io`
`controller.autoscaling.enabled` | Enables or disables Horizontal Pod Autoscaler (HPA) for NGINX Ingress Controller Deployment. | `false`
`controller.autoscaling.minReplicas` | Configures HPA min replicas. | `1`
`controller.autoscaling.maxReplicas` | Configures HPA max replicas. | `20`
`controller.autoscaling.targetCPUUtilizationPercentage` | Configures HPA target CPU utilization percentage. | `50`
`controller.autoscaling.targetMemoryUtilizationPercentage` | Configures HPA target memory utilization percentage. | `50`
`controller.defaultSSLCertificate` | The Secret referred to by this flag contains the default certificate to be used when accessing the catch-all server. If this flag is not provided NGINX will use a self-signed certificate. Example value: "default/foo-tls" | ""
`controller.ingressController.legacy` | Legacy or node pools cluster. On aws provider node pool clusters LoadBalancer service gets created. Dynamically calculated during cluster creation. | `false`
`controller.ingressController.replicas` | Number of NGINX Ingress Controller Deployment replicas. Dynamically calculated during cluster creation. | `3`
`controller.ingressClass` | Ingress class, which controller processes | `nginx`
`controller.metrics.enabled` | If true, create metrics Service for prometheus-operator support. | `false`
`controller.metrics.port` | Configures container metrics port to be exposed. | `10254`
`controller.metrics.service.servicePort` | Configures metrics Service port. | `9913`
`controller.service.enabled` | If true, create NodePort service. Applies only to legacy clusters. | `true`
`controller.service.type` | Applies only to `provider=aws` (`external`/`internal`) | `external`

`provider` | Provider identifier (`aws`/`azure`/`kvm`) | `kvm`
65 changes: 1 addition & 64 deletions helm/nginx-ingress-controller-app/templates/configmap.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -7,67 +7,4 @@ metadata:
giantswarm.io/service-type: "managed"
k8s-addon: ingress-nginx.addons.k8s.io
data:

disable-access-log: "{{ index .Values.configmap "disable-access-log" }}"
{{- if index .Values.configmap "enable-underscores-in-headers" }}
enable-underscores-in-headers: "{{ index .Values.configmap "enable-underscores-in-headers" }}"
{{- end }}
enable-vts-status: "{{ index .Values.configmap "enable-vts-status" }}"
error-log-level: "{{ index .Values.configmap "error-log-level" }}"

{{- if index .Values.configmap "http2-max-field-size" }}
http2-max-field-size: "{{ index .Values.configmap "http2-max-field-size" }}"
{{- end }}

# Disables setting a 'Strict-Transport-Security' header, which can be harmful.
# See https://github.com/kubernetes/ingress-nginx/issues/549#issuecomment-291894246
hsts: "{{ .Values.configmap.hsts }}"

{{- if index .Values.configmap "http-snippet" }}
http-snippet: |
{{- range ((index .Values.configmap "http-snippet") | trimAll "\n " | split "\n") }}
{{ . }}
{{- end }}
{{- end }}

{{- if index .Values.configmap "large-client-header-buffers" }}
large-client-header-buffers: "{{ index .Values.configmap "large-client-header-buffers" }}"
{{- end }}

{{- if index .Values.configmap "log-format-upstream" }}
log-format-upstream: "{{ index .Values.configmap "log-format-upstream" }}"
{{- end }}

{{- if index .Values.configmap "proxy-buffers-size" }}
proxy-buffers-size: "{{ index .Values.configmap "proxy-buffers-size" }}"
{{- end }}

{{- if index .Values.configmap "proxy-buffers" }}
proxy-buffers: "{{ index .Values.configmap "proxy-buffers" }}"
{{- end }}

{{- if index .Values.configmap "use-forwarded-headers" }}
use-forwarded-headers: "{{ index .Values.configmap "use-forwarded-headers" }}"
{{- end }}

# Increase hash table size to allow more server names for stability reasons
server-name-hash-bucket-size: "{{ index .Values.configmap "server-name-hash-bucket-size" }}"
server-name-hash-max-size: "{{ index .Values.configmap "server-name-hash-max-size" }}"
server-tokens: "{{ index .Values.configmap "server-tokens" }}"
worker-processes: "{{ index .Values.configmap "worker-processes" }}"

{{- if index .Values.configmap "use-proxy-protocol" }}
# Allow user to override value.
use-proxy-protocol: "{{ index .Values.configmap "use-proxy-protocol" }}"
{{- else }}
# Global is used as this key is used by the migration logic.
use-proxy-protocol: "{{ .Values.global.controller.useProxyProtocol }}"
{{- end }}

{{- if index .Values.configmap "vts-default-filter-key" }}
vts-default-filter-key: "{{ index .Values.configmap "vts-default-filter-key" }}"
{{- end }}

{{- if index .Values.configmap "ssl-protocols" }}
ssl-protocols: "{{ index .Values.configmap "ssl-protocols" }}"
{{- end }}
{{- toYaml .Values.configmap | trim | nindent 2 }}
Original file line number Diff line number Diff line change
Expand Up @@ -51,13 +51,13 @@ spec:
args:
- /nginx-ingress-controller
- --configmap=$(POD_NAMESPACE)/{{ .Values.controller.configmap.name }}
- --annotations-prefix={{ index .Values.configmap "annotations-prefix" }}
{{- if index .Values.configmap "default-ssl-certificate" }}
- --default-ssl-certificate={{ index .Values.configmap "default-ssl-certificate" }}
- --annotations-prefix={{ .Values.controller.annotationsPrefix }}
{{- if .Values.controller.defaultSSLCertificate }}
- --default-ssl-certificate={{ .Values.controller.defaultSSLCertificate }}
{{- end}}
- --enable-ssl-chain-completion=false
- --enable-dynamic-certificates=true
- --ingress-class={{ index .Values.configmap "ingress-class" }}
- --ingress-class={{ .Values.controller.ingressClass }}
{{- if not .Values.ingressController.legacy }}
- --publish-service={{ .Release.Namespace }}/{{ .Values.controller.name }}
{{- end }}
Expand Down
14 changes: 9 additions & 5 deletions helm/nginx-ingress-controller-app/templates/controller-hpa.yaml
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
{{- if (index .Values.configmap "hpa-enabled") eq "true" }}
{{- if .Values.controller.autoscaling.enabled }}
apiVersion: autoscaling/v2beta1
kind: HorizontalPodAutoscaler
metadata:
Expand All @@ -13,15 +13,19 @@ spec:
apiVersion: apps/v1
kind: Deployment
name: {{ .Values.controller.name }}
minReplicas: {{ index .Values.configmap "hpa-min-replicas" }}
maxReplicas: {{ index .Values.configmap "hpa-max-replicas" }}
minReplicas: {{ .Values.controller.autoscaling.minReplicas }}
maxReplicas: {{ .Values.controller.autoscaling.maxReplicas }}
metrics:
{{- with .Values.controller.autoscaling.targetCPUUtilizationPercentage }}
- type: Resource
resource:
name: cpu
targetAverageUtilization: {{ index .Values.configmap "hpa-target-cpu-utilization-percentage" }}
targetAverageUtilization: {{ . }}
{{- end }}
{{- with .Values.controller.autoscaling.targetMemoryUtilizationPercentage }}
- type: Resource
resource:
name: memory
targetAverageUtilization: {{ index .Values.configmap "hpa-target-memory-utilization-percentage" }}
targetAverageUtilization: {{ . }}
{{- end }}
{{- end }}
2 changes: 1 addition & 1 deletion helm/nginx-ingress-controller-app/templates/rbac.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -120,7 +120,7 @@ rules:
# Here: "<ingress-controller-leader>-<nginx>"
# This has to be adapted if you change either parameter
# when launching the nginx-ingress-controller.
- "ingress-controller-leader-{{ index .Values.configmap "ingress-class" }}"
- "ingress-controller-leader-{{ .Values.controller.ingressClass }}"
verbs:
- get
- update
Expand Down
58 changes: 19 additions & 39 deletions helm/nginx-ingress-controller-app/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,6 @@
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.

namespace: kube-system

# baseDomain is a dynamic value, it comes from the cluster values configmap
# applies only to Giant Swarm clusters
baseDomain: uun5a.k8s.ginger.eu-central-1.aws.gigantic.io
Expand All @@ -19,44 +17,18 @@ ingressController:
legacy: false
replicas: 3

# configmap contains settings that can be overridden with a custom values
# configmap.
# for all the nginx configmap config options see https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/configmap.md#configmaps
configmap:
disable-access-log: "false"
enable-vts-status: "true"
error-log-level: "error"
# Disables setting a 'Strict-Transport-Security' header, which can be harmful.
# See https://github.com/kubernetes/ingress-nginx/issues/549#issuecomment-291894246
hsts: "false"
# Increase hash table size to allow more server names for stability reasons
server-name-hash-bucket-size: "1024"
server-name-hash-max-size: "1024"
server-tokens: "false"
worker-processes: "4"
use-forwarded-headers: "true"

# optional settings that can be set.
enable-underscores-in-headers: ""
http-snippet: ""
http2-max-field-size: ""
large-client-header-buffers: ""
log-format-upstream: ""
proxy-buffers-size: ""
proxy-buffers: ""
use-proxy-protocol: ""
vts-default-filter-key: ""
# Enable the specified protocols (cf. http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_protocols for the list of valid protocols)
ssl-protocols: ""

# optional hpa settings
hpa-enabled: false
hpa-min-replicas: 2
hpa-max-replicas: 11
hpa-target-cpu-utilization-percentage: 50
hpa-target-memory-utilization-percentage: 50

# command args options
annotations-prefix: nginx.ingress.kubernetes.io
default-ssl-certificate: ""
ingress-class: nginx

controller:
name: nginx-ingress-controller
k8sAppLabel: nginx-ingress-controller
Expand All @@ -68,6 +40,7 @@ controller:

image:
repository: giantswarm/nginx-ingress-controller
# when updating tag make sure to also keep appVersion in Chart.yaml in sync
tag: 0.28.0

rbac:
Expand Down Expand Up @@ -100,19 +73,26 @@ controller:
cpu: 500m
memory: 600Mi

# optional hpa settings
autoscaling:
enabled: false
minReplicas: 2
maxReplicas: 20
targetCPUUtilizationPercentage: 50
targetMemoryUtilizationPercentage: 50

# command args options
annotationsPrefix: nginx.ingress.kubernetes.io
defaultSSLCertificate: ""
ingressClass: nginx

# www-data -> uid 101
userID: 101
groupID: 101

image:
registry: quay.io

global:
controller:
tempReplicas: 2
useProxyProtocol: false
migration:
enabled: false

test:
image:
registry: quay.io
Expand Down

0 comments on commit 1087df4

Please sign in to comment.