update
diff --git a/charts/nginx/templates/NOTES.txt b/charts/nginx/templates/NOTES.txt
new file mode 100644
index 0000000..a44c28f
--- /dev/null
+++ b/charts/nginx/templates/NOTES.txt
@@ -0,0 +1,79 @@
+CHART NAME: {{ .Chart.Name }}
+CHART VERSION: {{ .Chart.Version }}
+APP VERSION: {{ .Chart.AppVersion }}
+
+⚠ WARNING: Since August 28th, 2025, only a limited subset of images/charts are available for free.
+ Subscribe to Bitnami Secure Images to receive continued support and security updates.
+ More info at https://bitnami.com and https://github.com/bitnami/containers/issues/83267
+
+** Please be patient while the chart is being deployed **
+
+{{- if .Values.diagnosticMode.enabled }}
+The chart has been deployed in diagnostic mode. All probes have been disabled and the command has been overwritten with:
+
+ command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 4 }}
+ args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 4 }}
+
+Get the list of pods by executing:
+
+ kubectl get pods --namespace {{ template "common.names.namespace" . }} -l app.kubernetes.io/instance={{ .Release.Name }}
+
+Access the pod you want to debug by executing
+
+ kubectl exec --namespace {{ template "common.names.namespace" . }} -ti <NAME OF THE POD> -- bash
+
+In order to replicate the container startup scripts execute this command:
+
+ /opt/bitnami/scripts/nginx/entrypoint.sh /opt/bitnami/scripts/nginx/run.sh
+
+{{- else }}
+NGINX can be accessed through the following DNS name from within your cluster:
+
+ {{ include "common.names.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} (port {{ .Values.service.ports.http }})
+
+To access NGINX from outside the cluster, follow the steps below:
+
+{{- if .Values.ingress.enabled }}
+
+1. Get the NGINX URL and associate its hostname to your cluster external IP:
+
+ export CLUSTER_IP=$(minikube ip) # On Minikube. Use: `kubectl cluster-info` on others K8s clusters
+ echo "NGINX URL: http{{ if .Values.ingress.tls }}s{{ end }}://{{ tpl .Values.ingress.hostname . }}"
+ echo "$CLUSTER_IP {{ tpl .Values.ingress.hostname . }}" | sudo tee -a /etc/hosts
+
+{{- else }}
+
+1. Get the NGINX URL by running these commands:
+
+{{- if contains "LoadBalancer" .Values.service.type }}
+
+ NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+ Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ include "common.names.fullname" . }}'
+
+ export SERVICE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].port}" services {{ include "common.names.fullname" . }})
+ export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "common.names.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
+ echo "http://${SERVICE_IP}:${SERVICE_PORT}"
+
+{{- else if contains "ClusterIP" .Values.service.type }}
+
+ export SERVICE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].port}" services {{ include "common.names.fullname" . }})
+ kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ include "common.names.fullname" . }} ${SERVICE_PORT}:${SERVICE_PORT} &
+ echo "http://127.0.0.1:${SERVICE_PORT}"
+
+{{- else if contains "NodePort" .Values.service.type }}
+
+ export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.names.fullname" . }})
+ export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+ echo "http://${NODE_IP}:${NODE_PORT}"
+
+{{- end }}
+{{- end }}
+
+{{- include "common.warnings.rollingTag" .Values.image }}
+{{- include "common.warnings.rollingTag" .Values.cloneStaticSiteFromGit.image }}
+{{- include "common.warnings.rollingTag" .Values.metrics.image }}
+{{- include "nginx.validateValues" . }}
+{{- end }}
+{{- include "common.warnings.resources" (dict "sections" (list "cloneStaticSiteFromGit.gitSync" "metrics" "") "context" $) }}
+{{- include "common.warnings.modifiedImages" (dict "images" (list .Values.image .Values.cloneStaticSiteFromGit.image .Values.metrics.image) "context" $) }}
+{{- include "common.errors.insecureImages" (dict "images" (list .Values.image .Values.cloneStaticSiteFromGit.image .Values.metrics.image) "context" $) }}
diff --git a/charts/nginx/templates/_helpers.tpl b/charts/nginx/templates/_helpers.tpl
new file mode 100644
index 0000000..4900d9c
--- /dev/null
+++ b/charts/nginx/templates/_helpers.tpl
@@ -0,0 +1,123 @@
+{{/*
+Copyright Broadcom, Inc. All Rights Reserved.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Return the proper NGINX image name
+*/}}
+{{- define "nginx.image" -}}
+{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }}
+{{- end -}}
+
+{{/*
+Return the proper GIT image name
+*/}}
+{{- define "nginx.cloneStaticSiteFromGit.image" -}}
+{{ include "common.images.image" (dict "imageRoot" .Values.cloneStaticSiteFromGit.image "global" .Values.global) }}
+{{- end -}}
+
+{{/*
+Return the proper Prometheus metrics image name
+*/}}
+{{- define "nginx.metrics.image" -}}
+{{ include "common.images.image" (dict "imageRoot" .Values.metrics.image "global" .Values.global) }}
+{{- end -}}
+
+{{/*
+Return the proper Docker Image Registry Secret Names
+*/}}
+{{- define "nginx.imagePullSecrets" -}}
+{{ include "common.images.renderPullSecrets" (dict "images" (list .Values.image .Values.cloneStaticSiteFromGit.image .Values.metrics.image) "context" $) }}
+{{- end -}}
+
+{{/*
+Return true if a static site should be mounted in the NGINX container
+*/}}
+{{- define "nginx.useStaticSite" -}}
+{{- if or .Values.cloneStaticSiteFromGit.enabled .Values.staticSiteConfigmap .Values.staticSitePVC }}
+ {- true -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the volume to use to mount the static site in the NGINX container
+*/}}
+{{- define "nginx.staticSiteVolume" -}}
+{{- if .Values.cloneStaticSiteFromGit.enabled }}
+emptyDir: {}
+{{- else if .Values.staticSiteConfigmap }}
+configMap:
+ name: {{ printf "%s" (tpl .Values.staticSiteConfigmap $) -}}
+{{- else if .Values.staticSitePVC }}
+persistentVolumeClaim:
+ claimName: {{ printf "%s" (tpl .Values.staticSitePVC $) -}}
+{{- end }}
+{{- end -}}
+
+{{/*
+Return the custom NGINX server block configmap.
+*/}}
+{{- define "nginx.serverBlockConfigmapName" -}}
+{{- if .Values.existingServerBlockConfigmap -}}
+ {{- printf "%s" (tpl .Values.existingServerBlockConfigmap $) -}}
+{{- else -}}
+ {{- printf "%s-server-block" (include "common.names.fullname" .) -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the custom NGINX stream server block configmap.
+*/}}
+{{- define "nginx.streamServerBlockConfigmapName" -}}
+{{- if .Values.existingStreamServerBlockConfigmap -}}
+ {{- printf "%s" (tpl .Values.existingStreamServerBlockConfigmap $) -}}
+{{- else -}}
+ {{- printf "%s-stream-server-block" (include "common.names.fullname" .) -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Compile all warnings into a single message, and call fail.
+*/}}
+{{- define "nginx.validateValues" -}}
+{{- $messages := list -}}
+{{- $messages := append $messages (include "nginx.validateValues.cloneStaticSiteFromGit" .) -}}
+{{- $messages := append $messages (include "nginx.validateValues.extraVolumes" .) -}}
+{{- $messages := without $messages "" -}}
+{{- $message := join "\n" $messages -}}
+
+{{- if $message -}}
+{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Validate values of NGINX - Clone StaticSite from Git configuration */}}
+{{- define "nginx.validateValues.cloneStaticSiteFromGit" -}}
+{{- if and .Values.cloneStaticSiteFromGit.enabled (or (not .Values.cloneStaticSiteFromGit.repository) (not .Values.cloneStaticSiteFromGit.branch)) -}}
+nginx: cloneStaticSiteFromGit
+ When enabling cloing a static site from a Git repository, both the Git repository and the Git branch must be provided.
+ Please provide them by setting the `cloneStaticSiteFromGit.repository` and `cloneStaticSiteFromGit.branch` parameters.
+{{- end -}}
+{{- end -}}
+
+{{/* Validate values of NGINX - Incorrect extra volume settings */}}
+{{- define "nginx.validateValues.extraVolumes" -}}
+{{- if and (.Values.extraVolumes) (not (or .Values.extraVolumeMounts .Values.cloneStaticSiteFromGit.extraVolumeMounts)) -}}
+nginx: missing-extra-volume-mounts
+ You specified extra volumes but not mount points for them. Please set
+ the extraVolumeMounts value
+{{- end -}}
+{{- end -}}
+
+{{/*
+ Create the name of the service account to use
+ */}}
+{{- define "nginx.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create -}}
+ {{ default (include "common.names.fullname" .) .Values.serviceAccount.name }}
+{{- else -}}
+ {{ default "default" .Values.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
diff --git a/charts/nginx/templates/deployment.yaml b/charts/nginx/templates/deployment.yaml
new file mode 100644
index 0000000..438b5f1
--- /dev/null
+++ b/charts/nginx/templates/deployment.yaml
@@ -0,0 +1,422 @@
+{{- /*
+Copyright Broadcom, Inc. All Rights Reserved.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }}
+kind: Deployment
+metadata:
+ name: {{ include "common.names.fullname" . }}
+ namespace: {{ include "common.names.namespace" . | quote }}
+ labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+ {{- if .Values.commonAnnotations }}
+ annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+spec:
+ {{- if not .Values.autoscaling.enabled }}
+ replicas: {{ .Values.replicaCount }}
+ {{- end }}
+ revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
+ {{- if .Values.updateStrategy }}
+ strategy: {{- toYaml .Values.updateStrategy | nindent 4 }}
+ {{- end }}
+ {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }}
+ selector:
+ matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
+ template:
+ metadata:
+ labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }}
+ annotations:
+ {{- if .Values.podAnnotations }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.podAnnotations "context" $) | nindent 8 }}
+ {{- end }}
+ {{- if and .Values.metrics.enabled .Values.metrics.podAnnotations }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.podAnnotations "context" $) | nindent 8 }}
+ {{- end }}
+ {{- if and .Values.serverBlock (not .Values.existingServerBlockConfigmap) }}
+ checksum/server-block-configuration: {{ include (print $.Template.BasePath "/server-block-configmap.yaml") . | sha256sum }}
+ {{- end }}
+ {{- if and .Values.streamServerBlock (not .Values.existingServerBlockConfigmap) }}
+ checksum/stream-server-block-configuration: {{ include (print $.Template.BasePath "/stream-server-block-configmap.yaml") . | sha256sum }}
+ {{- end }}
+ spec:
+ {{- include "nginx.imagePullSecrets" . | nindent 6 }}
+ shareProcessNamespace: {{ .Values.sidecarSingleProcessNamespace }}
+ serviceAccountName: {{ template "nginx.serviceAccountName" . }}
+ automountServiceAccountToken: {{ .Values.automountServiceAccountToken }}
+ {{- if .Values.hostAliases }}
+ hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }}
+ {{- end }}
+ {{- if .Values.affinity }}
+ affinity: {{- include "common.tplvalues.render" (dict "value" .Values.affinity "context" $) | nindent 8 }}
+ {{- else }}
+ affinity:
+ podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "customLabels" $podLabels "context" $) | nindent 10 }}
+ podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "customLabels" $podLabels "context" $) | nindent 10 }}
+ nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }}
+ {{- end }}
+ hostNetwork: {{ .Values.hostNetwork }}
+ {{- if .Values.dnsPolicy }}
+ dnsPolicy: {{ .Values.dnsPolicy }}
+ {{- end }}
+ {{- if .Values.dnsConfig }}
+ dnsConfig: {{- include "common.tplvalues.render" (dict "value" .Values.dnsConfig "context" $) | nindent 8 }}
+ {{- end }}
+ hostIPC: {{ .Values.hostIPC }}
+ {{- if .Values.priorityClassName }}
+ priorityClassName: {{ .Values.priorityClassName | quote }}
+ {{- end }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }}
+ {{- end }}
+ {{- if .Values.tolerations }}
+ tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" $) | nindent 8 }}
+ {{- end }}
+ {{- if .Values.schedulerName }}
+ schedulerName: {{ .Values.schedulerName | quote }}
+ {{- end }}
+ {{- if .Values.topologySpreadConstraints }}
+ topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.topologySpreadConstraints "context" .) | nindent 8 }}
+ {{- end }}
+ {{- if .Values.podSecurityContext.enabled }}
+ securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.podSecurityContext "context" $) | nindent 8 }}
+ {{- end }}
+ {{- if .Values.terminationGracePeriodSeconds }}
+ terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
+ {{- end }}
+ {{- if or .Values.initContainers (and .Values.enableDefaultInitContainers (or .Values.containerSecurityContext.readOnlyRootFilesystem .Values.cloneStaticSiteFromGit.enabled)) }}
+ initContainers:
+ {{- if .Values.enableDefaultInitContainers }}
+ {{- if .Values.containerSecurityContext.readOnlyRootFilesystem }}
+ - name: preserve-logs-symlinks
+ image: {{ include "nginx.image" . }}
+ imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
+ {{- if .Values.containerSecurityContext.enabled }}
+ securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) | nindent 12 }}
+ {{- end }}
+ {{- if .Values.resources }}
+ resources: {{- toYaml .Values.resources | nindent 12 }}
+ {{- else if ne .Values.resourcesPreset "none" }}
+ resources: {{- include "common.resources.preset" (dict "type" .Values.resourcesPreset) | nindent 12 }}
+ {{- end }}
+ command:
+ - /bin/bash
+ args:
+ - -ec
+ - |
+ #!/bin/bash
+ . /opt/bitnami/scripts/libfs.sh
+ # We copy the logs folder because it has symlinks to stdout and stderr
+ if ! is_dir_empty /opt/bitnami/nginx/logs; then
+ cp -r /opt/bitnami/nginx/logs /emptydir/app-logs-dir
+ fi
+ volumeMounts:
+ - name: empty-dir
+ mountPath: /emptydir
+ {{- end }}
+ {{- if .Values.cloneStaticSiteFromGit.enabled }}
+ - name: git-clone-repository
+ image: {{ include "nginx.cloneStaticSiteFromGit.image" . }}
+ imagePullPolicy: {{ .Values.cloneStaticSiteFromGit.image.pullPolicy | quote }}
+ {{- if .Values.containerSecurityContext.enabled }}
+ securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) | nindent 12 }}
+ {{- end }}
+ {{- if .Values.cloneStaticSiteFromGit.gitClone.command }}
+ command: {{- include "common.tplvalues.render" (dict "value" .Values.cloneStaticSiteFromGit.gitClone.command "context" $) | nindent 12 }}
+ {{- else }}
+ command:
+ - /bin/bash
+ - -ec
+ - |
+ [[ -f "/opt/bitnami/scripts/git/entrypoint.sh" ]] && source "/opt/bitnami/scripts/git/entrypoint.sh"
+ git clone {{ .Values.cloneStaticSiteFromGit.repository }} --branch {{ .Values.cloneStaticSiteFromGit.branch }} /tmp/app
+ [[ "$?" -eq 0 ]] && shopt -s dotglob && rm -rf /app/* && mv /tmp/app/* /app/
+ {{- end }}
+ {{- if .Values.cloneStaticSiteFromGit.gitClone.args }}
+ args: {{- include "common.tplvalues.render" (dict "value" .Values.cloneStaticSiteFromGit.gitClone.args "context" $) | nindent 12 }}
+ {{- end }}
+ {{- if .Values.cloneStaticSiteFromGit.gitSync.resources }}
+ resources: {{- toYaml .Values.cloneStaticSiteFromGit.gitSync.resources | nindent 12 }}
+ {{- else if ne .Values.cloneStaticSiteFromGit.gitSync.resourcesPreset "none" }}
+ resources: {{- include "common.resources.preset" (dict "type" .Values.cloneStaticSiteFromGit.gitSync.resourcesPreset) | nindent 12 }}
+ {{- end }}
+ volumeMounts:
+ - name: empty-dir
+ mountPath: /tmp
+ subPath: tmp-dir
+ - name: empty-dir
+ mountPath: /etc/ssh
+ subPath: etc-ssh-dir
+ - name: empty-dir
+ mountPath: /.ssh
+ subPath: ssh-dir
+ - name: staticsite
+ mountPath: /app
+ {{- if .Values.cloneStaticSiteFromGit.extraVolumeMounts }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.cloneStaticSiteFromGit.extraVolumeMounts "context" $) | nindent 12 }}
+ {{- end }}
+ {{- if .Values.cloneStaticSiteFromGit.extraEnvVars }}
+ env: {{- include "common.tplvalues.render" (dict "value" .Values.cloneStaticSiteFromGit.extraEnvVars "context" $) | nindent 12 }}
+ {{- end }}
+ {{- if .Values.cloneStaticSiteFromGit.extraEnvVarsSecret }}
+ envFrom:
+ - secretRef:
+ name: {{ include "common.tplvalues.render" (dict "value" .Values.cloneStaticSiteFromGit.extraEnvVarsSecret "context" $) }}
+ {{- end }}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.initContainers }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }}
+ {{- end }}
+ {{- end }}
+ containers:
+ {{- if .Values.cloneStaticSiteFromGit.enabled }}
+ - name: git-repo-syncer
+ image: {{ include "nginx.cloneStaticSiteFromGit.image" . }}
+ imagePullPolicy: {{ .Values.cloneStaticSiteFromGit.image.pullPolicy | quote }}
+ {{- if .Values.containerSecurityContext.enabled }}
+ securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) | nindent 12 }}
+ {{- end }}
+ {{- if .Values.cloneStaticSiteFromGit.gitSync.command }}
+ command: {{- include "common.tplvalues.render" (dict "value" .Values.cloneStaticSiteFromGit.gitSync.command "context" $) | nindent 12 }}
+ {{- else }}
+ command:
+ - /bin/bash
+ - -ec
+ - |
+ [[ -f "/opt/bitnami/scripts/git/entrypoint.sh" ]] && source "/opt/bitnami/scripts/git/entrypoint.sh"
+ while true; do
+ cd /app && git -c safe.directory=/app pull origin {{ .Values.cloneStaticSiteFromGit.branch }}
+ sleep {{ .Values.cloneStaticSiteFromGit.interval }}
+ done
+ {{- end }}
+ {{- if .Values.cloneStaticSiteFromGit.gitSync.args }}
+ args: {{- include "common.tplvalues.render" (dict "value" .Values.cloneStaticSiteFromGit.gitSync.args "context" $) | nindent 12 }}
+ {{- end }}
+ {{- if .Values.cloneStaticSiteFromGit.gitSync.resources }}
+ resources: {{- toYaml .Values.cloneStaticSiteFromGit.gitSync.resources | nindent 12 }}
+ {{- else if ne .Values.cloneStaticSiteFromGit.gitSync.resourcesPreset "none" }}
+ resources: {{- include "common.resources.preset" (dict "type" .Values.cloneStaticSiteFromGit.gitSync.resourcesPreset) | nindent 12 }}
+ {{- end }}
+ volumeMounts:
+ - name: empty-dir
+ mountPath: /tmp
+ subPath: tmp-dir
+ - name: empty-dir
+ mountPath: /etc/ssh
+ subPath: etc-ssh-dir
+ - name: empty-dir
+ mountPath: /.ssh
+ subPath: ssh-dir
+ - name: staticsite
+ mountPath: /app
+ {{- if .Values.cloneStaticSiteFromGit.extraVolumeMounts }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.cloneStaticSiteFromGit.extraVolumeMounts "context" $) | nindent 12 }}
+ {{- end }}
+ {{- if .Values.cloneStaticSiteFromGit.extraEnvVars }}
+ env: {{- include "common.tplvalues.render" (dict "value" .Values.cloneStaticSiteFromGit.extraEnvVars "context" $) | nindent 12 }}
+ {{- end }}
+ {{- if .Values.cloneStaticSiteFromGit.extraEnvVarsSecret }}
+ envFrom:
+ - secretRef:
+ name: {{ include "common.tplvalues.render" (dict "value" .Values.cloneStaticSiteFromGit.extraEnvVarsSecret "context" $) }}
+ {{- end }}
+ {{- end }}
+ - name: nginx
+ image: {{ include "nginx.image" . }}
+ imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
+ {{- if .Values.containerSecurityContext.enabled }}
+ securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) | nindent 12 }}
+ {{- end }}
+ {{- if .Values.diagnosticMode.enabled }}
+ command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
+ {{- else if .Values.command }}
+ command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }}
+ {{- end }}
+ {{- if .Values.diagnosticMode.enabled }}
+ args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }}
+ {{- else if .Values.args }}
+ args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }}
+ {{- end }}
+ {{- if .Values.lifecycleHooks }}
+ lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }}
+ {{- end }}
+ env:
+ - name: BITNAMI_DEBUG
+ value: {{ ternary "true" "false" .Values.image.debug | quote }}
+ {{- if .Values.containerPorts.http }}
+ - name: NGINX_HTTP_PORT_NUMBER
+ value: {{ .Values.containerPorts.http | quote }}
+ {{- end }}
+ {{- if .Values.containerPorts.https }}
+ - name: NGINX_HTTPS_PORT_NUMBER
+ value: {{ .Values.containerPorts.https | quote }}
+ {{- end }}
+ {{- if or .Values.streamServerBlock .Values.existingStreamServerBlockConfigmap }}
+ - name: NGINX_ENABLE_STREAM
+ value: "true"
+ {{- end }}
+ {{- if .Values.extraEnvVars }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }}
+ {{- end }}
+ envFrom:
+ {{- if .Values.extraEnvVarsCM }}
+ - configMapRef:
+ name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsCM "context" $) }}
+ {{- end }}
+ {{- if .Values.extraEnvVarsSecret }}
+ - secretRef:
+ name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }}
+ {{- end }}
+ ports:
+ {{- if .Values.containerPorts.http }}
+ - name: http
+ containerPort: {{ .Values.containerPorts.http }}
+ {{- end }}
+ {{- if .Values.containerPorts.https }}
+ - name: https
+ containerPort: {{ .Values.containerPorts.https }}
+ {{- end }}
+ {{- if .Values.extraContainerPorts }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.extraContainerPorts "context" $) | nindent 12 }}
+ {{- end }}
+ {{- if not .Values.diagnosticMode.enabled }}
+ {{- if .Values.customLivenessProbe }}
+ livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }}
+ {{- else if .Values.livenessProbe.enabled }}
+ livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.livenessProbe "enabled") "context" $) | nindent 12 }}
+ tcpSocket:
+ port: {{ ternary "https" "http" (and (empty .Values.containerPorts.http) (not (empty .Values.containerPorts.https))) }}
+ {{- end }}
+ {{- if .Values.customReadinessProbe }}
+ readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }}
+ {{- else if .Values.readinessProbe.enabled }}
+ readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.readinessProbe "enabled" "path") "context" $) | nindent 12 }}
+ httpGet:
+ path: {{ .Values.readinessProbe.path }}
+ port: {{ ternary "https" "http" (and (empty .Values.containerPorts.http) (not (empty .Values.containerPorts.https))) }}
+ {{- end }}
+ {{- if .Values.customStartupProbe }}
+ startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }}
+ {{- else if .Values.startupProbe.enabled }}
+ startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.startupProbe "enabled") "context" $) | nindent 12 }}
+ tcpSocket:
+ port: {{ ternary "https" "http" (and (empty .Values.containerPorts.http) (not (empty .Values.containerPorts.https))) }}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.resources }}
+ resources: {{- toYaml .Values.resources | nindent 12 }}
+ {{- else if ne .Values.resourcesPreset "none" }}
+ resources: {{- include "common.resources.preset" (dict "type" .Values.resourcesPreset) | nindent 12 }}
+ {{- end }}
+ volumeMounts:
+ - name: empty-dir
+ mountPath: /tmp
+ subPath: tmp-dir
+ - name: empty-dir
+ mountPath: /opt/bitnami/nginx/conf
+ subPath: app-conf-dir
+ - name: empty-dir
+ mountPath: /opt/bitnami/nginx/logs
+ subPath: app-logs-dir
+ - name: empty-dir
+ mountPath: /opt/bitnami/nginx/tmp
+ subPath: app-tmp-dir
+ {{- if or .Values.serverBlock .Values.existingServerBlockConfigmap }}
+ - name: nginx-server-block
+ mountPath: /opt/bitnami/nginx/conf/server_blocks
+ {{- end }}
+ {{- if or .Values.streamServerBlock .Values.existingStreamServerBlockConfigmap }}
+ - name: nginx-stream-server-block
+ mountPath: /opt/bitnami/nginx/conf/stream_server_blocks
+ {{- end }}
+ {{- if (include "nginx.useStaticSite" .) }}
+ - name: staticsite
+ mountPath: /app
+ {{- end }}
+ {{- if .Values.tls.enabled }}
+ - name: certificate
+ mountPath: /certs
+ {{- else }}
+ - name: empty-dir
+ mountPath: /certs
+ subPath: app-tls-dir
+ {{- end }}
+ {{- if .Values.extraVolumeMounts }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }}
+ {{- end }}
+ {{- if .Values.metrics.enabled }}
+ - name: metrics
+ image: {{ include "nginx.metrics.image" . }}
+ imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }}
+ {{- if .Values.metrics.securityContext.enabled }}
+ securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.metrics.securityContext "context" $) | nindent 12 }}
+ {{- end }}
+ command:
+ - exporter
+ args:
+ - --nginx.scrape-uri
+ - {{ printf "http://127.0.0.1:%d/status" (int (default .Values.containerPorts.http .Values.metrics.port)) | quote }}
+ - --web.listen-address
+ - {{ printf ":%d" (int .Values.metrics.containerPorts.metrics) | quote }}
+ {{- if .Values.metrics.extraArgs }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.extraArgs "context" $ ) | nindent 12 }}
+ {{- end }}
+ ports:
+ - name: metrics
+ containerPort: {{ .Values.metrics.containerPorts.metrics }}
+ livenessProbe:
+ httpGet:
+ path: /metrics
+ port: metrics
+ initialDelaySeconds: 15
+ timeoutSeconds: 5
+ readinessProbe:
+ httpGet:
+ path: /metrics
+ port: metrics
+ initialDelaySeconds: 5
+ timeoutSeconds: 1
+ {{- if .Values.metrics.resources }}
+ resources: {{- toYaml .Values.metrics.resources | nindent 12 }}
+ {{- else if ne .Values.metrics.resourcesPreset "none" }}
+ resources: {{- include "common.resources.preset" (dict "type" .Values.metrics.resourcesPreset) | nindent 12 }}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.sidecars }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.sidecars "context" $) | nindent 8 }}
+ {{- end }}
+ volumes:
+ - name: empty-dir
+ emptyDir: {}
+ {{- if .Values.tls.enabled }}
+ - name: certificate
+ secret:
+ {{- if .Values.tls.existingSecret }}
+ secretName: {{ .Values.tls.existingSecret }}
+ {{- else }}
+ secretName: {{ printf "%s-tls" (include "common.names.fullname" .) }}
+ items:
+ - key: tls.crt
+ path: tls.crt
+ - key: tls.key
+ path: tls.key
+ {{- end }}
+ {{- end }}
+ {{- if or .Values.serverBlock .Values.existingServerBlockConfigmap }}
+ - name: nginx-server-block
+ configMap:
+ name: {{ include "nginx.serverBlockConfigmapName" . }}
+ {{- end }}
+ {{- if or .Values.streamServerBlock .Values.existingStreamServerBlockConfigmap }}
+ - name: nginx-stream-server-block
+ configMap:
+ name: {{ include "nginx.streamServerBlockConfigmapName" . }}
+ {{- end }}
+ {{- if (include "nginx.useStaticSite" .) }}
+ - name: staticsite
+ {{- include "nginx.staticSiteVolume" . | nindent 10 }}
+ {{- end }}
+ {{- if .Values.extraVolumes }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.extraVolumes "context" $) | nindent 8 }}
+ {{- end }}
diff --git a/charts/nginx/templates/extra-list.yaml b/charts/nginx/templates/extra-list.yaml
new file mode 100644
index 0000000..329f5c6
--- /dev/null
+++ b/charts/nginx/templates/extra-list.yaml
@@ -0,0 +1,9 @@
+{{- /*
+Copyright Broadcom, Inc. All Rights Reserved.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- range .Values.extraDeploy }}
+---
+{{ include "common.tplvalues.render" (dict "value" . "context" $) }}
+{{- end }}
diff --git a/charts/nginx/templates/health-ingress.yaml b/charts/nginx/templates/health-ingress.yaml
new file mode 100644
index 0000000..b812151
--- /dev/null
+++ b/charts/nginx/templates/health-ingress.yaml
@@ -0,0 +1,55 @@
+{{- /*
+Copyright Broadcom, Inc. All Rights Reserved.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if .Values.healthIngress.enabled }}
+apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }}
+kind: Ingress
+metadata:
+ name: {{ include "common.names.fullname" . }}-health
+ namespace: {{ include "common.names.namespace" . | quote }}
+ labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+ {{- if or .Values.healthIngress.annotations .Values.commonAnnotations }}
+ {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.healthIngress.annotations .Values.commonAnnotations ) "context" . ) }}
+ annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }}
+ {{- end }}
+spec:
+ {{- if .Values.healthIngress.ingressClassName }}
+ ingressClassName: {{ .Values.healthIngress.ingressClassName | quote }}
+ {{- end }}
+ rules:
+ {{- if .Values.healthIngress.hostname }}
+ - host: {{ .Values.healthIngress.hostname }}
+ http:
+ paths:
+ {{- if .Values.healthIngress.extraPaths }}
+ {{- toYaml .Values.healthIngress.extraPaths | nindent 10 }}
+ {{- end }}
+ - path: {{ .Values.healthIngress.path }}
+ pathType: {{ .Values.healthIngress.pathType }}
+ backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" .) "servicePort" (ternary "http" "https" (not .Values.containerPorts.https)) "context" $) | nindent 14 }}
+ {{- end }}
+ {{- range .Values.healthIngress.extraHosts }}
+ - host: {{ .name | quote }}
+ http:
+ paths:
+ - path: {{ default "/" .path }}
+ pathType: {{ default "ImplementationSpecific" .pathType }}
+ backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" $) "servicePort" (ternary "http" "https" (not $.Values.containerPorts.https)) "context" $) | nindent 14 }}
+ {{- end }}
+ {{- if .Values.healthIngress.extraRules }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.healthIngress.extraRules "context" $) | nindent 4 }}
+ {{- end }}
+ {{- if or (and .Values.healthIngress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.healthIngress.annotations )) .Values.healthIngress.selfSigned (not (empty .Values.healthIngress.secrets)))) .Values.healthIngress.extraTls }}
+ tls:
+ {{- if and .Values.healthIngress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.healthIngress.annotations )) .Values.healthIngress.selfSigned (not (empty .Values.healthIngress.secrets))) }}
+ - hosts:
+ - {{ .Values.healthIngress.hostname | quote }}
+ secretName: {{ printf "%s-health-tls" .Values.healthIngress.hostname }}
+ {{- end }}
+ {{- if .Values.healthIngress.extraTls }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.healthIngress.extraTls "context" $) | nindent 4 }}
+ {{- end }}
+ {{- end }}
+{{- end }}
diff --git a/charts/nginx/templates/hpa.yaml b/charts/nginx/templates/hpa.yaml
new file mode 100644
index 0000000..e88e202
--- /dev/null
+++ b/charts/nginx/templates/hpa.yaml
@@ -0,0 +1,40 @@
+{{- /*
+Copyright Broadcom, Inc. All Rights Reserved.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if .Values.autoscaling.enabled }}
+apiVersion: {{ include "common.capabilities.hpa.apiVersion" ( dict "context" $ ) }}
+kind: HorizontalPodAutoscaler
+metadata:
+ name: {{ template "common.names.fullname" . }}
+ namespace: {{ include "common.names.namespace" . | quote }}
+ labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+ {{- if .Values.commonAnnotations }}
+ annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+spec:
+ scaleTargetRef:
+ apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }}
+ kind: Deployment
+ name: {{ template "common.names.fullname" . }}
+ minReplicas: {{ .Values.autoscaling.minReplicas }}
+ maxReplicas: {{ .Values.autoscaling.maxReplicas }}
+ metrics:
+ {{- if .Values.autoscaling.targetMemory }}
+ - type: Resource
+ resource:
+ name: memory
+ target:
+ type: Utilization
+ averageUtilization: {{ .Values.autoscaling.targetMemory }}
+ {{- end }}
+ {{- if .Values.autoscaling.targetCPU }}
+ - type: Resource
+ resource:
+ name: cpu
+ target:
+ type: Utilization
+ averageUtilization: {{ .Values.autoscaling.targetCPU }}
+ {{- end }}
+{{- end }}
diff --git a/charts/nginx/templates/ingress-tls-secret.yaml b/charts/nginx/templates/ingress-tls-secret.yaml
new file mode 100644
index 0000000..662ca0d
--- /dev/null
+++ b/charts/nginx/templates/ingress-tls-secret.yaml
@@ -0,0 +1,83 @@
+{{- /*
+Copyright Broadcom, Inc. All Rights Reserved.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if .Values.ingress.enabled }}
+{{- if .Values.ingress.secrets }}
+{{- range .Values.ingress.secrets }}
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ .name }}
+ namespace: {{ include "common.names.namespace" $ | quote }}
+ labels: {{- include "common.labels.standard" ( dict "customLabels" $.Values.commonLabels "context" $ ) | nindent 4 }}
+ {{- if $.Values.commonAnnotations }}
+ annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+type: kubernetes.io/tls
+data:
+ tls.crt: {{ .certificate | b64enc }}
+ tls.key: {{ .key | b64enc }}
+---
+{{- end }}
+{{- else if and .Values.ingress.tls .Values.ingress.selfSigned }}
+{{- $secretName := printf "%s-tls" (.Values.ingress.hostname | replace "*." "") }}
+{{- $ca := genCA "nginx-ca" 365 }}
+{{- $cert := genSignedCert .Values.ingress.hostname nil (list .Values.ingress.hostname) 365 $ca }}
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ $secretName }}
+ namespace: {{ include "common.names.namespace" . | quote }}
+ labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+ {{- if .Values.commonAnnotations }}
+ annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+type: kubernetes.io/tls
+data:
+ tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }}
+ tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }}
+ ca.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" $ca.Cert "context" $) }}
+---
+{{- end }}
+{{- end }}
+{{- if .Values.healthIngress.enabled }}
+{{- if .Values.healthIngress.secrets }}
+{{- range .Values.healthIngress.secrets }}
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ .name }}
+ namespace: {{ include "common.names.namespace" $ | quote }}
+ labels: {{- include "common.labels.standard" ( dict "customLabels" $.Values.commonLabels "context" $ ) | nindent 4 }}
+ {{- if $.Values.commonAnnotations }}
+ annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+type: kubernetes.io/tls
+data:
+ tls.crt: {{ .certificate | b64enc }}
+ tls.key: {{ .key | b64enc }}
+---
+{{- end }}
+{{- else if and .Values.healthIngress.tls .Values.healthIngress.selfSigned }}
+{{- $secretName := printf "%s-tls" .Values.healthIngress.hostname }}
+{{- $ca := genCA "nginx-health-ca" 365 }}
+{{- $cert := genSignedCert .Values.healthIngress.hostname nil (list .Values.healthIngress.hostname) 365 $ca }}
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ $secretName }}
+ namespace: {{ include "common.names.namespace" . | quote }}
+ labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+ {{- if .Values.commonAnnotations }}
+ annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+type: kubernetes.io/tls
+data:
+ tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }}
+ tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }}
+ ca.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" $ca.Cert "context" $) }}
+---
+{{- end }}
+{{- end }}
diff --git a/charts/nginx/templates/ingress.yaml b/charts/nginx/templates/ingress.yaml
new file mode 100644
index 0000000..2770c91
--- /dev/null
+++ b/charts/nginx/templates/ingress.yaml
@@ -0,0 +1,67 @@
+{{- /*
+Copyright Broadcom, Inc. All Rights Reserved.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if .Values.ingress.enabled }}
+apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }}
+kind: Ingress
+metadata:
+ name: {{ include "common.names.fullname" . }}
+ namespace: {{ include "common.names.namespace" . | quote }}
+ labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+ {{- if or .Values.ingress.annotations .Values.commonAnnotations }}
+ {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.ingress.annotations .Values.commonAnnotations ) "context" . ) }}
+ annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }}
+ {{- end }}
+spec:
+ {{- if .Values.ingress.ingressClassName }}
+ ingressClassName: {{ .Values.ingress.ingressClassName | quote }}
+ {{- end }}
+ rules:
+ {{- if .Values.ingress.hostname }}
+ - host: {{ (tpl .Values.ingress.hostname .) | quote }}
+ http:
+ paths:
+ {{- if .Values.ingress.extraPaths }}
+ {{- toYaml .Values.ingress.extraPaths | nindent 10 }}
+ {{- end }}
+ - path: {{ .Values.ingress.path }}
+ pathType: {{ .Values.ingress.pathType }}
+ backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" .) "servicePort" "http" "context" $) | nindent 14 }}
+ {{- else if .Values.ingress.path }}
+ - http:
+ paths:
+ {{- if .Values.ingress.extraPaths }}
+ {{- toYaml .Values.ingress.extraPaths | nindent 10 }}
+ {{- end }}
+ - path: {{ .Values.ingress.path }}
+ pathType: {{ .Values.ingress.pathType }}
+ backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" .) "servicePort" "http" "context" $) | nindent 14 }}
+ {{- end }}
+ {{- range .Values.ingress.extraHosts }}
+ - host: {{ .name | quote }}
+ http:
+ paths:
+ - path: {{ default "/" .path }}
+ pathType: {{ default "ImplementationSpecific" .pathType }}
+ backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" $) "servicePort" "http" "context" $) | nindent 14 }}
+ {{- end }}
+ {{- if .Values.ingress.extraRules }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.ingress.extraRules "context" $) | nindent 4 }}
+ {{- end }}
+ {{- if or (and .Values.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.ingress.annotations )) .Values.ingress.selfSigned (not (empty .Values.ingress.secrets)))) .Values.ingress.extraTls }}
+ tls:
+ {{- if and .Values.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.ingress.annotations )) .Values.ingress.selfSigned (not (empty .Values.ingress.secrets))) }}
+ - hosts:
+ - {{ (tpl .Values.ingress.hostname .) | quote }}
+ {{- if and (or (.Values.ingress.tlsWwwPrefix) (eq (index .Values.ingress.annotations "nginx.ingress.kubernetes.io/from-to-www-redirect") "true" )) (not (contains "www." (tpl .Values.ingress.hostname .))) }}
+ - {{ printf "www.%s" (tpl .Values.ingress.hostname $) | quote }}
+ {{- end }}
+ secretName: {{ printf "%s-tls" (.Values.ingress.hostname | replace "*." "") }}
+ {{- end }}
+ {{- if .Values.ingress.extraTls }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.ingress.extraTls "context" $) | nindent 4 }}
+ {{- end }}
+ {{- end }}
+{{- end }}
diff --git a/charts/nginx/templates/networkpolicy.yaml b/charts/nginx/templates/networkpolicy.yaml
new file mode 100644
index 0000000..327e1fa
--- /dev/null
+++ b/charts/nginx/templates/networkpolicy.yaml
@@ -0,0 +1,71 @@
+{{- /*
+Copyright Broadcom, Inc. All Rights Reserved.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if .Values.networkPolicy.enabled }}
+kind: NetworkPolicy
+apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }}
+metadata:
+ name: {{ template "common.names.fullname" . }}
+ namespace: {{ include "common.names.namespace" . | quote }}
+ labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+ {{- if .Values.commonAnnotations }}
+ annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+spec:
+ {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }}
+ podSelector:
+ matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ {{- if .Values.networkPolicy.allowExternalEgress }}
+ - {}
+ {{- else }}
+ - ports:
+ # Allow dns resolution
+ - port: 53
+ protocol: UDP
+ - port: 53
+ protocol: TCP
+ {{- if .Values.networkPolicy.extraEgress }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.networkPolicy.extraEgress "context" $ ) | nindent 4 }}
+ {{- end }}
+ {{- end }}
+ ingress:
+ - ports:
+ - port: {{ .Values.containerPorts.http }}
+ {{- if .Values.containerPorts.https }}
+ - port: {{ .Values.containerPorts.https }}
+ {{- end }}
+ {{- if .Values.metrics.enabled }}
+ - port: {{ .Values.metrics.containerPorts.metrics }}
+ {{- end }}
+ {{- if not .Values.networkPolicy.allowExternal }}
+ from:
+ - podSelector:
+ matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }}
+ - podSelector:
+ matchLabels:
+ {{ template "common.names.fullname" . }}-client: "true"
+ {{- if .Values.networkPolicy.ingressNSMatchLabels }}
+ - namespaceSelector:
+ matchLabels:
+ {{- range $key, $value := .Values.networkPolicy.ingressNSMatchLabels }}
+ {{ $key | quote }}: {{ $value | quote }}
+ {{- end }}
+ {{- if .Values.networkPolicy.ingressNSPodMatchLabels }}
+ podSelector:
+ matchLabels:
+ {{- range $key, $value := .Values.networkPolicy.ingressNSPodMatchLabels }}
+ {{ $key | quote }}: {{ $value | quote }}
+ {{- end }}
+ {{- end }}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.networkPolicy.extraIngress }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.networkPolicy.extraIngress "context" $ ) | nindent 4 }}
+ {{- end }}
+{{- end }}
diff --git a/charts/nginx/templates/pdb.yaml b/charts/nginx/templates/pdb.yaml
new file mode 100644
index 0000000..821b4f9
--- /dev/null
+++ b/charts/nginx/templates/pdb.yaml
@@ -0,0 +1,26 @@
+{{- /*
+Copyright Broadcom, Inc. All Rights Reserved.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if .Values.pdb.create }}
+apiVersion: {{ include "common.capabilities.policy.apiVersion" . }}
+kind: PodDisruptionBudget
+metadata:
+ name: {{ include "common.names.fullname" . }}
+ namespace: {{ include "common.names.namespace" . | quote }}
+ labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+ {{- if .Values.commonAnnotations }}
+ annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+spec:
+ {{- if .Values.pdb.minAvailable }}
+ minAvailable: {{ .Values.pdb.minAvailable }}
+ {{- end }}
+ {{- if or .Values.pdb.maxUnavailable (not .Values.pdb.minAvailable)}}
+ maxUnavailable: {{ .Values.pdb.maxUnavailable | default 1 }}
+ {{- end }}
+ {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }}
+ selector:
+ matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
+{{- end }}
diff --git a/charts/nginx/templates/prometheusrules.yaml b/charts/nginx/templates/prometheusrules.yaml
new file mode 100644
index 0000000..2a618ee
--- /dev/null
+++ b/charts/nginx/templates/prometheusrules.yaml
@@ -0,0 +1,26 @@
+{{- /*
+Copyright Broadcom, Inc. All Rights Reserved.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if and .Values.metrics.enabled .Values.metrics.prometheusRule.enabled }}
+apiVersion: monitoring.coreos.com/v1
+kind: PrometheusRule
+metadata:
+ name: {{ include "common.names.fullname" . }}
+ namespace: {{ default (include "common.names.namespace" .) .Values.metrics.prometheusRule.namespace | quote }}
+ labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+ app.kubernetes.io/component: metrics
+ {{- if .Values.metrics.prometheusRule.additionalLabels }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.prometheusRule.additionalLabels "context" $ ) | nindent 4 }}
+ {{- end }}
+ {{- if .Values.commonAnnotations }}
+ annotations:
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+spec:
+ groups:
+ - name: {{ include "common.names.fullname" . }}
+ rules:
+ {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.prometheusRule.rules "context" $ ) | nindent 8 }}
+{{- end }}
diff --git a/charts/nginx/templates/server-block-configmap.yaml b/charts/nginx/templates/server-block-configmap.yaml
new file mode 100644
index 0000000..940c50e
--- /dev/null
+++ b/charts/nginx/templates/server-block-configmap.yaml
@@ -0,0 +1,19 @@
+{{- /*
+Copyright Broadcom, Inc. All Rights Reserved.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if and .Values.serverBlock (not .Values.existingServerBlockConfigmap) }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ template "common.names.fullname" . }}-server-block
+ namespace: {{ include "common.names.namespace" . | quote }}
+ labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+ {{- if .Values.commonAnnotations }}
+ annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+data:
+ server-block.conf: |-
+ {{- include "common.tplvalues.render" ( dict "value" .Values.serverBlock "context" $ ) | nindent 4 }}
+{{- end }}
diff --git a/charts/nginx/templates/serviceaccount.yaml b/charts/nginx/templates/serviceaccount.yaml
new file mode 100644
index 0000000..20fb492
--- /dev/null
+++ b/charts/nginx/templates/serviceaccount.yaml
@@ -0,0 +1,18 @@
+{{- /*
+Copyright Broadcom, Inc. All Rights Reserved.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if .Values.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ include "nginx.serviceAccountName" . }}
+ namespace: {{ include "common.names.namespace" . | quote }}
+ labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+ {{- if or .Values.serviceAccount.annotations .Values.commonAnnotations }}
+ {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.serviceAccount.annotations .Values.commonAnnotations ) "context" . ) }}
+ annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }}
+ {{- end }}
+automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }}
+{{- end -}}
diff --git a/charts/nginx/templates/servicemonitor.yaml b/charts/nginx/templates/servicemonitor.yaml
new file mode 100644
index 0000000..ddf171d
--- /dev/null
+++ b/charts/nginx/templates/servicemonitor.yaml
@@ -0,0 +1,49 @@
+{{- /*
+Copyright Broadcom, Inc. All Rights Reserved.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+ name: {{ template "common.names.fullname" . }}
+ namespace: {{ default (include "common.names.namespace" .) .Values.metrics.serviceMonitor.namespace | quote }}
+ {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.metrics.serviceMonitor.labels .Values.commonLabels ) "context" . ) }}
+ labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}
+ {{- if .Values.commonAnnotations }}
+ annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+spec:
+ jobLabel: {{ .Values.metrics.serviceMonitor.jobLabel | quote }}
+ selector:
+ matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 6 }}
+ {{- if .Values.metrics.serviceMonitor.selector }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.selector "context" $) | nindent 6 }}
+ {{- end }}
+ endpoints:
+ - port: metrics
+ path: /metrics
+ {{- if .Values.metrics.serviceMonitor.tlsConfig }}
+ scheme: https
+ tlsConfig: {{- toYaml .Values.metrics.serviceMonitor.tlsConfig | nindent 8 }}
+ {{- end }}
+ {{- if .Values.metrics.serviceMonitor.interval }}
+ interval: {{ .Values.metrics.serviceMonitor.interval }}
+ {{- end }}
+ {{- if .Values.metrics.serviceMonitor.scrapeTimeout }}
+ scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }}
+ {{- end }}
+ {{- if .Values.metrics.serviceMonitor.honorLabels }}
+ honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }}
+ {{- end }}
+ {{- if .Values.metrics.serviceMonitor.relabelings }}
+ relabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.relabelings "context" $) | nindent 8 }}
+ {{- end }}
+ {{- if .Values.metrics.serviceMonitor.metricRelabelings }}
+ metricRelabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.metricRelabelings "context" $) | nindent 8 }}
+ {{- end }}
+ namespaceSelector:
+ matchNames:
+ - {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/nginx/templates/stream-server-block-configmap.yaml b/charts/nginx/templates/stream-server-block-configmap.yaml
new file mode 100644
index 0000000..11b39d4
--- /dev/null
+++ b/charts/nginx/templates/stream-server-block-configmap.yaml
@@ -0,0 +1,19 @@
+{{- /*
+Copyright Broadcom, Inc. All Rights Reserved.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if and .Values.streamServerBlock (not .Values.existingStreamServerBlockConfigmap) }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ template "common.names.fullname" . }}-stream-server-block
+ namespace: {{ include "common.names.namespace" . | quote }}
+ labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+ {{- if .Values.commonAnnotations }}
+ annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+data:
+ stream-server-block.conf: |-
+ {{- include "common.tplvalues.render" ( dict "value" .Values.streamServerBlock "context" $ ) | nindent 4 }}
+{{- end }}
diff --git a/charts/nginx/templates/svc.yaml b/charts/nginx/templates/svc.yaml
new file mode 100644
index 0000000..e86926f
--- /dev/null
+++ b/charts/nginx/templates/svc.yaml
@@ -0,0 +1,69 @@
+{{- /*
+Copyright Broadcom, Inc. All Rights Reserved.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ template "common.names.fullname" . }}
+ namespace: {{ include "common.names.namespace" . | quote }}
+ labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+ annotations:
+ {{- if or .Values.service.annotations .Values.commonAnnotations }}
+ {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.service.annotations .Values.commonAnnotations ) "context" . ) }}
+ {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }}
+ {{- end }}
+ {{- if and .Values.metrics.enabled .Values.metrics.service.annotations }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.service.annotations "context" $) | nindent 4 }}
+ {{- end }}
+spec:
+ type: {{ .Values.service.type }}
+ {{- if and .Values.service.clusterIP (eq .Values.service.type "ClusterIP") }}
+ clusterIP: {{ .Values.service.clusterIP }}
+ {{- end }}
+ {{- if .Values.service.sessionAffinity }}
+ sessionAffinity: {{ .Values.service.sessionAffinity }}
+ {{- end }}
+ {{- if .Values.service.sessionAffinityConfig }}
+ sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.service.sessionAffinityConfig "context" $) | nindent 4 }}
+ {{- end }}
+ {{- if or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort") }}
+ externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }}
+ {{- end }}
+ {{- if and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerSourceRanges)) }}
+ loadBalancerSourceRanges: {{- toYaml .Values.service.loadBalancerSourceRanges | nindent 4 }}
+ {{- end }}
+ {{- if and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP)) }}
+ loadBalancerIP: {{ .Values.service.loadBalancerIP }}
+ {{- end }}
+ {{- if and (eq .Values.service.type "LoadBalancer") .Values.service.loadBalancerClass }}
+ loadBalancerClass: {{ .Values.service.loadBalancerClass }}
+ {{- end }}
+ ports:
+ {{- if .Values.containerPorts.http }}
+ - name: http
+ port: {{ .Values.service.ports.http }}
+ targetPort: {{ .Values.service.targetPort.http }}
+ {{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.http)) }}
+ nodePort: {{ .Values.service.nodePorts.http }}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.containerPorts.https }}
+ - name: https
+ port: {{ .Values.service.ports.https }}
+ targetPort: {{ .Values.service.targetPort.https }}
+ {{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.https)) }}
+ nodePort: {{ .Values.service.nodePorts.https }}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.metrics.enabled }}
+ - name: metrics
+ port: {{ .Values.metrics.service.port }}
+ targetPort: metrics
+ {{- end }}
+ {{- if .Values.service.extraPorts }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.service.extraPorts "context" $) | nindent 4 }}
+ {{- end }}
+ {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }}
+ selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }}
diff --git a/charts/nginx/templates/tls-secret.yaml b/charts/nginx/templates/tls-secret.yaml
new file mode 100644
index 0000000..1eca9f2
--- /dev/null
+++ b/charts/nginx/templates/tls-secret.yaml
@@ -0,0 +1,35 @@
+{{- /*
+Copyright Broadcom, Inc. All Rights Reserved.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if and .Values.tls.enabled (not .Values.tls.existingSecret) }}
+{{- $ca := genCA "nginx-ca" 365 }}
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ printf "%s-tls" (include "common.names.fullname" .) }}
+ namespace: {{ include "common.names.namespace" . | quote }}
+ labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+ {{- if .Values.commonAnnotations }}
+ annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+type: kubernetes.io/tls
+data:
+ {{- if .Values.tls.autoGenerated }}
+ {{- $cert := genSignedCert (include "common.names.fullname" .) nil (list (include "common.names.fullname" .) (printf "%s.%s" (include "common.names.fullname" .) (include "common.names.namespace" .)) (printf "%s.%s.svc" (include "common.names.fullname" .) (include "common.names.namespace" .)) (printf "%s.%s.svc.%s" (include "common.names.fullname" .) (include "common.names.namespace" .) (default .Values.clusterDomain .Values.global.clusterDomain))) 365 $ca }}
+ {{ .Values.tls.certFilename }}: {{ include "common.secrets.lookup" (dict "secret" (printf "%s-tls" (include "common.names.fullname" .)) "key" .Values.tls.certFilename "defaultValue" $cert.Cert "context" $) }}
+ {{ .Values.tls.certKeyFilename }}: {{ include "common.secrets.lookup" (dict "secret" (printf "%s-tls" (include "common.names.fullname" .)) "key" .Values.tls.certKeyFilename "defaultValue" $cert.Key "context" $) }}
+ {{ .Values.tls.certCAFilename }}: {{ include "common.secrets.lookup" (dict "secret" (printf "%s-tls" (include "common.names.fullname" .)) "key" .Values.tls.certCAFilename "defaultValue" $ca.Cert "context" $) }}
+ {{- else }}
+ {{- if .Values.tls.cert }}
+ {{ .Values.tls.certFilename }}: {{ .Values.tls.cert | b64enc }}
+ {{- end }}
+ {{- if .Values.tls.key }}
+ {{ .Values.tls.certKeyFilename }}: {{ .Values.tls.key | b64enc }}
+ {{- end }}
+ {{- if .Values.tls.ca }}
+ {{ .Values.tls.certCAFilename }}: {{ .Values.tls.ca | b64enc }}
+ {{- end }}
+ {{- end }}
+{{- end }}