Updated NGINX Service Mesh references in Helm templates (#3602)

Update NGINX Service Mesh Helm templates refs Signed-off-by: Jared Byers <j.byers@f5.com>
nginxinc · Apr 6, 2023 · 97da5d3 · 97da5d3
1 parent 9ab3c9b
commit 97da5d3
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 46 deletions.
diff --git a/deployments/helm-chart/templates/controller-daemonset.yaml b/deployments/helm-chart/templates/controller-daemonset.yaml
@@ -18,23 +18,20 @@ spec:
       labels:
         {{- include "nginx-ingress.selectorLabels" . | nindent 8 }}
 {{- if .Values.nginxServiceMesh.enable }}
+        nsm.nginx.com/enable-ingress: "true"
+        nsm.nginx.com/enable-egress: "{{ .Values.nginxServiceMesh.enableEgress }}"
         nsm.nginx.com/daemonset: {{ include "nginx-ingress.controller.fullname" . }}
-        spiffe.io/spiffeid: "true"
 {{- end }}
 {{- if .Values.controller.pod.extraLabels }}
 {{ toYaml .Values.controller.pod.extraLabels | indent 8 }}
 {{- end }}
-{{- if or .Values.prometheus.create (or .Values.controller.pod.annotations .Values.nginxServiceMesh.enable) }}
+{{- if or .Values.prometheus.create .Values.controller.pod.annotations }}
       annotations:
 {{- if .Values.prometheus.create }}
         prometheus.io/scrape: "true"
         prometheus.io/port: "{{ .Values.prometheus.port }}"
         prometheus.io/scheme: "{{ .Values.prometheus.scheme }}"
 {{- end }}
-{{- if .Values.nginxServiceMesh.enable }}
-        nsm.nginx.com/enable-ingress: "true"
-        nsm.nginx.com/enable-egress: "{{ .Values.nginxServiceMesh.enableEgress }}"
-{{- end }}
 {{- if .Values.controller.pod.annotations }}
 {{ toYaml .Values.controller.pod.annotations | indent 8 }}
 {{- end }}
@@ -64,7 +61,7 @@ spec:
       affinity:
 {{ toYaml .Values.controller.affinity | indent 8 }}
 {{- end }}
-{{- if or .Values.controller.readOnlyRootFilesystem .Values.nginxServiceMesh.enable .Values.controller.volumes }}
+{{- if or .Values.controller.readOnlyRootFilesystem .Values.controller.volumes }}
       volumes:
 {{- end }}
 {{- if .Values.controller.readOnlyRootFilesystem }}
@@ -77,12 +74,6 @@ spec:
       - name: nginx-log
         emptyDir: {}
 {{- end }}
-{{- if .Values.nginxServiceMesh.enable }}
-      - hostPath:
-          path: /run/spire/sockets
-          type: DirectoryOrCreate
-        name: spire-agent-socket
-{{- end }}
 {{- if .Values.controller.volumes }}
 {{ toYaml .Values.controller.volumes | indent 6 }}
 {{- end }}
@@ -135,7 +126,7 @@ spec:
           capabilities:
             drop:
             - ALL
-{{- if or .Values.controller.readOnlyRootFilesystem .Values.nginxServiceMesh.enable .Values.controller.volumeMounts }}
+{{- if or .Values.controller.readOnlyRootFilesystem .Values.controller.volumeMounts }}
         volumeMounts:
 {{- end }}
 {{- if .Values.controller.readOnlyRootFilesystem }}
@@ -148,10 +139,6 @@ spec:
         - mountPath: /var/log/nginx
           name: nginx-log
 {{- end }}
-{{- if .Values.nginxServiceMesh.enable }}
-        - mountPath: /run/spire/sockets
-          name: spire-agent-socket
-{{- end }}
 {{- if .Values.controller.volumeMounts }}
 {{ toYaml .Values.controller.volumeMounts | indent 8 }}
 {{- end }}
@@ -225,9 +212,9 @@ spec:
 {{- end }}
 {{- end }}
           - -enable-leader-election={{ .Values.controller.reportIngressStatus.enableLeaderElection }}
-  {{- if .Values.controller.reportIngressStatus.enableLeaderElection }}
+{{- if .Values.controller.reportIngressStatus.enableLeaderElection }}
           - -leader-election-lock-name={{ include "nginx-ingress.leaderElectionName" . }}
-  {{- end }}
+{{- end }}
 {{- if .Values.controller.wildcardTLS.secret }}
           - -wildcard-tls-secret={{ .Values.controller.wildcardTLS.secret }}
 {{- else if and .Values.controller.wildcardTLS.cert .Values.controller.wildcardTLS.key }}
@@ -256,10 +243,6 @@ spec:
           - -ready-status={{ .Values.controller.readyStatus.enable }}
           - -ready-status-port={{ .Values.controller.readyStatus.port }}
           - -enable-latency-metrics={{ .Values.controller.enableLatencyMetrics }}
-{{- if .Values.nginxServiceMesh.enable }}
-          - -spire-agent-address=/run/spire/sockets/agent.sock
-          - -enable-internal-routes={{ .Values.nginxServiceMesh.enableEgress }}
-{{- end }}
 {{- if .Values.controller.extraContainers }}
       {{ toYaml .Values.controller.extraContainers | nindent 6 }}
 {{- end }}

diff --git a/deployments/helm-chart/templates/controller-deployment.yaml b/deployments/helm-chart/templates/controller-deployment.yaml
@@ -19,23 +19,20 @@ spec:
       labels:
         {{- include "nginx-ingress.selectorLabels" . | nindent 8 }}
 {{- if .Values.nginxServiceMesh.enable }}
+        nsm.nginx.com/enable-ingress: "true"
+        nsm.nginx.com/enable-egress: "{{ .Values.nginxServiceMesh.enableEgress }}"
         nsm.nginx.com/deployment: {{ include "nginx-ingress.controller.fullname" . }}
-        spiffe.io/spiffeid: "true"
 {{- end }}
 {{- if .Values.controller.pod.extraLabels }}
 {{ toYaml .Values.controller.pod.extraLabels | indent 8 }}
 {{- end }}
-{{- if or .Values.prometheus.create (or .Values.controller.pod.annotations .Values.nginxServiceMesh.enable) }}
+{{- if or .Values.prometheus.create .Values.controller.pod.annotations }}
       annotations:
 {{- if .Values.prometheus.create }}
         prometheus.io/scrape: "true"
         prometheus.io/port: "{{ .Values.prometheus.port }}"
         prometheus.io/scheme: "{{ .Values.prometheus.scheme }}"
 {{- end }}
-{{- if .Values.nginxServiceMesh.enable }}
-        nsm.nginx.com/enable-ingress: "true"
-        nsm.nginx.com/enable-egress: "{{ .Values.nginxServiceMesh.enableEgress }}"
-{{- end }}
 {{- if .Values.controller.pod.annotations }}
 {{ toYaml .Values.controller.pod.annotations | indent 8 }}
 {{- end }}
@@ -57,7 +54,7 @@ spec:
       topologySpreadConstraints:
 {{ toYaml .Values.controller.topologySpreadConstraints | indent 8 }}
 {{- end }}
-{{- if or .Values.controller.readOnlyRootFilesystem .Values.nginxServiceMesh.enable .Values.controller.volumes }}
+{{- if or .Values.controller.readOnlyRootFilesystem .Values.controller.volumes }}
       volumes:
 {{- end }}
 {{- if .Values.controller.readOnlyRootFilesystem }}
@@ -70,12 +67,6 @@ spec:
       - name: nginx-log
         emptyDir: {}
 {{- end }}
-{{- if .Values.nginxServiceMesh.enable }}
-      - hostPath:
-          path: /run/spire/sockets
-          type: DirectoryOrCreate
-        name: spire-agent-socket
-{{- end }}
 {{- if .Values.controller.volumes }}
 {{ toYaml .Values.controller.volumes | indent 6 }}
 {{- end }}
@@ -140,7 +131,7 @@ spec:
           capabilities:
             drop:
             - ALL
-{{- if or .Values.controller.readOnlyRootFilesystem .Values.nginxServiceMesh.enable .Values.controller.volumeMounts }}
+{{- if or .Values.controller.readOnlyRootFilesystem .Values.controller.volumeMounts }}
         volumeMounts:
 {{- end }}
 {{- if .Values.controller.readOnlyRootFilesystem }}
@@ -153,10 +144,6 @@ spec:
         - mountPath: /var/log/nginx
           name: nginx-log
 {{- end }}
-{{- if .Values.nginxServiceMesh.enable }}
-        - mountPath: /run/spire/sockets
-          name: spire-agent-socket
-{{- end }}
 {{- if .Values.controller.volumeMounts}}
 {{ toYaml .Values.controller.volumeMounts | indent 8 }}
 {{- end }}
@@ -259,10 +246,6 @@ spec:
           - -ready-status={{ .Values.controller.readyStatus.enable }}
           - -ready-status-port={{ .Values.controller.readyStatus.port }}
           - -enable-latency-metrics={{ .Values.controller.enableLatencyMetrics }}
-{{- if .Values.nginxServiceMesh.enable }}
-          - -spire-agent-address=/run/spire/sockets/agent.sock
-          - -enable-internal-routes={{ .Values.nginxServiceMesh.enableEgress }}
-{{- end }}
 {{- if .Values.controller.extraContainers }}
       {{ toYaml .Values.controller.extraContainers | nindent 6 }}
 {{- end }}