feat: make ingress.annotations override all defaults (4484dc83) · Commits · public-projects / Auto Deploy Image

assets/auto-deploy-app/README.md

+1 −1

Original line number	Diff line number	Diff line
		@@ -70,7 +70,7 @@
		\| ingress.modSecurity.enabled \| Enable custom configuration for modsecurity, defaulting to [the Core Rule Set](https://coreruleset.org) \| `false` \|
		\| ingress.modSecurity.secRuleEngine \| Configuration for [ModSecurity's rule engine](https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual-(v2.x)#SecRuleEngine) \| `DetectionOnly` \|
		\| ingress.modSecurity.secRules \| Configuration for custom [ModSecurity's rules](https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual-(v2.x)#secrule) \| `nil` \|
		\| ingress.annotations \| Ingress annotations \| `{kubernetes.io/ingress.class: "nginx"}` \|
		\| ingress.annotations \| Ingress annotations \| See [`_ingress-annotations.yaml`](./templates/_ingress-annotations.yaml) \|
		\| livenessProbe.path \| Path to access on the HTTP server on periodic probe of container liveness. \| `/` \|
		\| livenessProbe.scheme \| Scheme to access the HTTP server (HTTP or HTTPS). \| `HTTP` \|
		\| livenessProbe.initialDelaySeconds \| # of seconds after the container has started before liveness probes are initiated. \| `15` \|

+8 −1

Original line number	Diff line number	Diff line
		@@ -69,3 +69,10 @@ app.kubernetes.io/instance: {{ .Release.Name }}
		{{ toYaml $.Values.extraLabels }}
		{{- end }}
		{{- end -}}

		{{- define "ingress.annotations" -}}
		{{- $defaults := include (print $.Template.BasePath "/_ingress-annotations.yaml") . \| fromYaml -}}
		{{- $custom := .Values.ingress.annotations \| default dict -}}
		{{- $merged := deepCopy $custom \| mergeOverwrite $defaults -}}
		{{- $merged \| toYaml -}}
		{{- end -}}

0 → 100644

+27 −0

Original line number	Diff line number	Diff line
		kubernetes.io/ingress.class: {{ .Values.ingress.className \| quote }}
		{{- if .Values.ingress.tls.enabled }}
		kubernetes.io/tls-acme: {{ .Values.ingress.tls.acme \| quote }}
		{{- end }}
		{{- if eq .Values.application.track "canary" }}
		nginx.ingress.kubernetes.io/canary: "true"
		nginx.ingress.kubernetes.io/canary-by-header: "canary"
		{{- if .Values.ingress.canary.weight }}
		nginx.ingress.kubernetes.io/canary-weight: {{ .Values.ingress.canary.weight \| quote }}
		{{- end }}
		{{- end }}
		{{- with .Values.ingress.modSecurity }}
		{{- if .enabled }}
		nginx.ingress.kubernetes.io/modsecurity-transaction-id: "$server_name-$request_id"
		nginx.ingress.kubernetes.io/modsecurity-snippet: \|
		SecRuleEngine {{ .secRuleEngine \| default "DetectionOnly" \| title }}
		{{- range $rule := .secRules }}
		{{ (include "secrule" $rule) \| indent 2 }}
		{{- end }}
		{{- end }}
		{{- end }}
		{{- if .Values.prometheus.metrics }}
		nginx.ingress.kubernetes.io/server-snippet: \|-
		location /metrics {
		deny all;
		}
		{{- end }}

+2 −34

Original line number	Diff line number	Diff line
		@@ -12,39 +12,7 @@ metadata:
		labels:
		{{ include "sharedlabels" . \| indent 4 }}
		annotations:
		{{- if not (.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress") }}
		kubernetes.io/ingress.class: {{ .Values.ingress.className \| quote }}
		{{- end }}
		{{- if .Values.ingress.annotations }}
		{{ toYaml .Values.ingress.annotations \| indent 4 }}
		{{- end }}
		{{- if .Values.ingress.tls.enabled }}
		kubernetes.io/tls-acme: {{ .Values.ingress.tls.acme \| quote }}
		{{- end }}
		{{- if eq .Values.application.track "canary" }}
		nginx.ingress.kubernetes.io/canary: "true"
		nginx.ingress.kubernetes.io/canary-by-header: "canary"
		{{- if .Values.ingress.canary.weight }}
		nginx.ingress.kubernetes.io/canary-weight: {{ .Values.ingress.canary.weight \| quote }}
		{{- end }}
		{{- end }}
		{{- with .Values.ingress.modSecurity }}
		{{- if .enabled }}
		nginx.ingress.kubernetes.io/modsecurity-transaction-id: "$server_name-$request_id"
		nginx.ingress.kubernetes.io/modsecurity-snippet: \|
		SecRuleEngine {{ .secRuleEngine \| default "DetectionOnly" \| title }}
		{{- range $rule := .secRules }}
		{{ (include "secrule" $rule) \| indent 6 }}
		{{- end }}
		{{- end }}
		{{- end }}
		{{- if .Values.prometheus.metrics }}
		nginx.ingress.kubernetes.io/server-snippet: \|-
		location /metrics {
		deny all;
		}

		{{- end }}
		{{ include "ingress.annotations" . \| indent 4 }}
		spec:
		{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" }}
		ingressClassName: {{ .Values.ingress.className \| quote }}

Original line number	Diff line number	Diff line
		@@ -70,7 +70,7 @@
		\| ingress.modSecurity.enabled \| Enable custom configuration for modsecurity, defaulting to [the Core Rule Set](https://coreruleset.org) \| `false` \|
		\| ingress.modSecurity.secRuleEngine \| Configuration for [ModSecurity's rule engine](https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual-(v2.x)#SecRuleEngine) \| `DetectionOnly` \|
		\| ingress.modSecurity.secRules \| Configuration for custom [ModSecurity's rules](https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual-(v2.x)#secrule) \| `nil` \|
		\| ingress.annotations \| Ingress annotations \| `{kubernetes.io/ingress.class: "nginx"}` \|
		\| ingress.annotations \| Ingress annotations \| See [`_ingress-annotations.yaml`](./templates/_ingress-annotations.yaml) \|
		\| livenessProbe.path \| Path to access on the HTTP server on periodic probe of container liveness. \| `/` \|
		\| livenessProbe.scheme \| Scheme to access the HTTP server (HTTP or HTTPS). \| `HTTP` \|
		\| livenessProbe.initialDelaySeconds \| # of seconds after the container has started before liveness probes are initiated. \| `15` \|