From 6b2632fdc48636f55f3d20c8eb0ce2888ae89d41 Mon Sep 17 00:00:00 2001 From: Eoin O'Shaughnessy Date: Wed, 15 Nov 2023 10:37:29 +0000 Subject: [PATCH 1/5] add initContainerResources Helm configuration --- charts/nginx-ingress/README.md | 1 + .../templates/controller-daemonset.yaml | 4 ++++ .../templates/controller-deployment.yaml | 4 ++++ charts/nginx-ingress/values.schema.json | 8 +++++++- charts/nginx-ingress/values.yaml | 12 ++++++++++-- .../installing-nic/installation-with-helm.md | 1 + 6 files changed, 27 insertions(+), 3 deletions(-) diff --git a/charts/nginx-ingress/README.md b/charts/nginx-ingress/README.md index 19c7961d22..0b42a54b7a 100644 --- a/charts/nginx-ingress/README.md +++ b/charts/nginx-ingress/README.md @@ -371,6 +371,7 @@ The following tables lists the configurable parameters of the NGINX Ingress Cont |`controller.initContainers` | InitContainers for the Ingress Controller pods. | [] | |`controller.extraContainers` | Extra (eg. sidecar) containers for the Ingress Controller pods. | [] | |`controller.resources` | The resources of the Ingress Controller pods. | requests: cpu=100m,memory=128Mi | +|`controller.initContainerResources` | The resources of the init container which is used when `controller.readOnlyRootFilesystem` is set to `true` | requests: cpu=100m,memory=128Mi | |`controller.replicaCount` | The number of replicas of the Ingress Controller deployment. | 1 | |`controller.ingressClass.name` | A class of the Ingress Controller. An IngressClass resource with the name equal to the class must be deployed. Otherwise, the Ingress Controller will fail to start. The Ingress Controller only processes resources that belong to its class - i.e. have the "ingressClassName" field resource equal to the class. The Ingress Controller processes all the VirtualServer/VirtualServerRoute/TransportServer resources that do not have the "ingressClassName" field for all versions of Kubernetes. | nginx | |`controller.ingressClass.create` | Creates a new IngressClass object with the name `controller.ingressClass.name`. Set to `false` to use an existing ingressClass created using `kubectl` with the same name. If you use `helm upgrade`, do not change the values from the previous release as helm will delete IngressClass objects managed by helm. If you are upgrading from a release earlier than 3.3.2, do not set the value to false. | true | diff --git a/charts/nginx-ingress/templates/controller-daemonset.yaml b/charts/nginx-ingress/templates/controller-daemonset.yaml index 22e10985aa..2d5acfe509 100644 --- a/charts/nginx-ingress/templates/controller-daemonset.yaml +++ b/charts/nginx-ingress/templates/controller-daemonset.yaml @@ -259,6 +259,10 @@ spec: image: {{ include "nginx-ingress.image" . }} imagePullPolicy: "{{ .Values.controller.image.pullPolicy }}" command: ['cp', '-vdR', '/etc/nginx/.', '/mnt/etc'] +{{- if .Values.controller.initContainerResources }} + resources: +{{ toYaml .Values.controller.initContainerResources | indent 10 }} +{{- end }} securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true diff --git a/charts/nginx-ingress/templates/controller-deployment.yaml b/charts/nginx-ingress/templates/controller-deployment.yaml index 2b4d7dd569..96532d8f54 100644 --- a/charts/nginx-ingress/templates/controller-deployment.yaml +++ b/charts/nginx-ingress/templates/controller-deployment.yaml @@ -266,6 +266,10 @@ spec: image: {{ include "nginx-ingress.image" . }} imagePullPolicy: "{{ .Values.controller.image.pullPolicy }}" command: ['cp', '-vdR', '/etc/nginx/.', '/mnt/etc'] +{{- if .Values.controller.initContainerResources }} + resources: +{{ toYaml .Values.controller.initContainerResources | indent 10 }} +{{- end }} securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true diff --git a/charts/nginx-ingress/values.schema.json b/charts/nginx-ingress/values.schema.json index 07f93660d2..e389ee1ad7 100644 --- a/charts/nginx-ingress/values.schema.json +++ b/charts/nginx-ingress/values.schema.json @@ -1341,6 +1341,12 @@ "memory": "128Mi" } }, + "initContainerResources": { + "type": "object", + "default": {}, + "title": "The resources Schema", + "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.27.4/_definitions.json#/definitions/io.k8s.api.core.v1.ResourceRequirements" + }, "tolerations": [], "affinity": {}, "topologySpreadConstraints": {}, @@ -1829,4 +1835,4 @@ } } ] -} +} \ No newline at end of file diff --git a/charts/nginx-ingress/values.yaml b/charts/nginx-ingress/values.yaml index 97789b4cf0..d9e8d758fe 100644 --- a/charts/nginx-ingress/values.yaml +++ b/charts/nginx-ingress/values.yaml @@ -168,6 +168,15 @@ controller: # cpu: 1 # memory: 1Gi + ## The resources for the Ingress Controller init container which is used when readOnlyRootFilesystem is set to true. + initContainerResources: + requests: + cpu: 100m + memory: 128Mi + # limits: + # cpu: 1 + # memory: 1Gi + ## The tolerations of the Ingress Controller pods. tolerations: [] @@ -287,7 +296,6 @@ controller: # port: 5353 # protocol: TCP - ## Enable custom NGINX configuration snippets in Ingress, VirtualServer, VirtualServerRoute and TransportServer resources. enableSnippets: false @@ -490,7 +498,7 @@ prometheus: ## A list of endpoints allowed as part of this ServiceMonitor. ## Matches on the name of a Service port. endpoints: - - port: prometheus + - port: prometheus serviceInsight: ## Expose NGINX Plus Service Insight endpoint. diff --git a/docs/content/installation/installing-nic/installation-with-helm.md b/docs/content/installation/installing-nic/installation-with-helm.md index 85f213747a..e47aa1ce95 100644 --- a/docs/content/installation/installing-nic/installation-with-helm.md +++ b/docs/content/installation/installing-nic/installation-with-helm.md @@ -335,6 +335,7 @@ The following tables lists the configurable parameters of the NGINX Ingress Cont | **controller.initContainers** | InitContainers for the Ingress Controller pods. | [] | | **controller.extraContainers** | Extra (eg. sidecar) containers for the Ingress Controller pods. | [] | | **controller.resources** | The resources of the Ingress Controller pods. | requests: cpu=100m,memory=128Mi | +| **controller.initContainerResources** | The resources of the init container which is used when `controller.readOnlyRootFilesystem` is set to `true` | requests: cpu=100m,memory=128Mi | | **controller.replicaCount** | The number of replicas of the Ingress Controller deployment. | 1 | | **controller.ingressClass.name** | A class of the Ingress Controller. An IngressClass resource with the name equal to the class must be deployed. Otherwise, the Ingress Controller will fail to start. The Ingress Controller only processes resources that belong to its class - i.e. have the "ingressClassName" field resource equal to the class. The Ingress Controller processes all the VirtualServer/VirtualServerRoute/TransportServer resources that do not have the "ingressClassName" field for all versions of Kubernetes. | nginx | | **controller.ingressClass.create** | Creates a new IngressClass object with the name `controller.ingressClass.name`. Set to `false` to use an existing ingressClass created using `kubectl` with the same name. If you use `helm upgrade`, do not change the values from the previous release as helm will delete IngressClass objects managed by helm. If you are upgrading from a release earlier than 3.3.2, do not set the value to false. | true | From 696efb88b566879cb342eaddd4322baefd26b5a4 Mon Sep 17 00:00:00 2001 From: Eoin O'Shaughnessy Date: Wed, 15 Nov 2023 10:42:02 +0000 Subject: [PATCH 2/5] fix incorrect schema and add examples --- charts/nginx-ingress/values.schema.json | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/charts/nginx-ingress/values.schema.json b/charts/nginx-ingress/values.schema.json index e389ee1ad7..bc4b46f81f 100644 --- a/charts/nginx-ingress/values.schema.json +++ b/charts/nginx-ingress/values.schema.json @@ -483,6 +483,12 @@ "title": "The resources Schema", "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.27.4/_definitions.json#/definitions/io.k8s.api.core.v1.ResourceRequirements" }, + "initContainerResources": { + "type": "object", + "default": {}, + "title": "The resources Schema", + "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.27.4/_definitions.json#/definitions/io.k8s.api.core.v1.ResourceRequirements" + }, "tolerations": { "type": "array", "default": [], @@ -1342,10 +1348,10 @@ } }, "initContainerResources": { - "type": "object", - "default": {}, - "title": "The resources Schema", - "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.27.4/_definitions.json#/definitions/io.k8s.api.core.v1.ResourceRequirements" + "requests": { + "cpu": "100m", + "memory": "128Mi" + } }, "tolerations": [], "affinity": {}, @@ -1712,6 +1718,12 @@ "memory": "128Mi" } }, + "initContainerResources": { + "requests": { + "cpu": "100m", + "memory": "128Mi" + } + }, "tolerations": [], "affinity": {}, "topologySpreadConstraints": {}, From 6b30115b7ec3bde7ef168a156c02c0d5559bb285 Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Wed, 15 Nov 2023 10:45:45 +0000 Subject: [PATCH 3/5] [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci --- charts/nginx-ingress/values.schema.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/nginx-ingress/values.schema.json b/charts/nginx-ingress/values.schema.json index bc4b46f81f..9223ac148d 100644 --- a/charts/nginx-ingress/values.schema.json +++ b/charts/nginx-ingress/values.schema.json @@ -1847,4 +1847,4 @@ } } ] -} \ No newline at end of file +} From 5a72a65ffd9ec84a661d5333789ad50b96c7d77e Mon Sep 17 00:00:00 2001 From: Eoin O'Shaughnessy Date: Wed, 15 Nov 2023 10:47:58 +0000 Subject: [PATCH 4/5] re-add autoremoved newline in schema file --- charts/nginx-ingress/values.schema.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/nginx-ingress/values.schema.json b/charts/nginx-ingress/values.schema.json index bc4b46f81f..9223ac148d 100644 --- a/charts/nginx-ingress/values.schema.json +++ b/charts/nginx-ingress/values.schema.json @@ -1847,4 +1847,4 @@ } } ] -} \ No newline at end of file +} From 8a425a202b82aa4452e8448e177e73b40b23fc41 Mon Sep 17 00:00:00 2001 From: oseoin Date: Fri, 17 Nov 2023 09:02:38 +0000 Subject: [PATCH 5/5] remove changes to auto-generated doc file Signed-off-by: oseoin --- .../installation/installing-nic/installation-with-helm.md | 1 - 1 file changed, 1 deletion(-) diff --git a/docs/content/installation/installing-nic/installation-with-helm.md b/docs/content/installation/installing-nic/installation-with-helm.md index 0bf5f6c378..0657ee0306 100644 --- a/docs/content/installation/installing-nic/installation-with-helm.md +++ b/docs/content/installation/installing-nic/installation-with-helm.md @@ -335,7 +335,6 @@ The following tables lists the configurable parameters of the NGINX Ingress Cont | **controller.initContainers** | InitContainers for the Ingress Controller pods. | [] | | **controller.extraContainers** | Extra (eg. sidecar) containers for the Ingress Controller pods. | [] | | **controller.resources** | The resources of the Ingress Controller pods. | requests: cpu=100m,memory=128Mi | -| **controller.initContainerResources** | The resources of the init container which is used when `controller.readOnlyRootFilesystem` is set to `true` | requests: cpu=100m,memory=128Mi | | **controller.replicaCount** | The number of replicas of the Ingress Controller deployment. | 1 | | **controller.ingressClass.name** | A class of the Ingress Controller. An IngressClass resource with the name equal to the class must be deployed. Otherwise, the Ingress Controller will fail to start. The Ingress Controller only processes resources that belong to its class - i.e. have the "ingressClassName" field resource equal to the class. The Ingress Controller processes all the VirtualServer/VirtualServerRoute/TransportServer resources that do not have the "ingressClassName" field for all versions of Kubernetes. | nginx | | **controller.ingressClass.create** | Creates a new IngressClass object with the name `controller.ingressClass.name`. Set to `false` to use an existing ingressClass created using `kubectl` with the same name. If you use `helm upgrade`, do not change the values from the previous release as helm will delete IngressClass objects managed by helm. If you are upgrading from a release earlier than 3.3.2, do not set the value to false. | true |