deployments/helm-chart/templates/controller-deployment.yaml

{{- if eq .Values.controller.kind "deployment" }}
apiVersion: apps/v1
kind: Deployment
metadata:
  name: {{ default (include "nginx-ingress.name" .) .Values.controller.name }}
  namespace: {{ .Release.Namespace }}
  labels:
    {{- include "nginx-ingress.labels" . | nindent 4 }}
spec:
  replicas: {{ .Values.controller.replicaCount }}
  selector:
    matchLabels:
      app: {{ include "nginx-ingress.appName" . }}
  template:
    metadata:
      labels:
        app: {{ include "nginx-ingress.appName" . }}
{{- if or (.Values.prometheus.create) (.Values.controller.pod.annotations) }}
      annotations:
{{- if .Values.prometheus.create }}
        prometheus.io/scrape: "true"
        prometheus.io/port: "{{ .Values.prometheus.port }}"
{{- end }}
{{- if .Values.controller.pod.annotations }}
{{ toYaml .Values.controller.pod.annotations | indent 8 }}
{{- end }}
{{- end }}
    spec:
{{- if .Values.controller.nodeSelector }}
      nodeSelector:
{{ toYaml .Values.controller.nodeSelector | indent 8 }}
{{- end }}
{{- if .Values.controller.tolerations }}
      tolerations:
{{ toYaml .Values.controller.tolerations | indent 6 }}
{{- end }}
{{- if .Values.controller.affinity }}
      affinity:
{{ toYaml .Values.controller.affinity | indent 8 }}
{{- end }}
{{- if .Values.controller.volumes }}
      volumes:
{{ toYaml .Values.controller.volumes | indent 6 }}
{{- end }}
{{- if .Values.controller.priorityClassName }}
      priorityClassName: {{ .Values.controller.priorityClassName }}
{{- end }}
      serviceAccountName: {{ include "nginx-ingress.serviceAccountName" . }}
      hostNetwork: {{ .Values.controller.hostNetwork }}
      containers:
      - image: "{{ .Values.controller.image.repository }}:{{ .Values.controller.image.tag }}"
        name: {{ include "nginx-ingress.name" . }}
        imagePullPolicy: "{{ .Values.controller.image.pullPolicy }}"
        ports:
        - name: http
          containerPort: 80
        - name: https
          containerPort: 443
{{ if .Values.controller.customPorts }}
{{ toYaml .Values.controller.customPorts | indent 8 }}
{{ end }}
{{- if .Values.prometheus.create }}
        - name: prometheus
          containerPort: {{ .Values.prometheus.port }}
{{- end }}
        resources:
{{ toYaml .Values.controller.resources | indent 10 }}
        securityContext:
          allowPrivilegeEscalation: true
          runAsUser: 101 #nginx
          capabilities:
            drop:
            - ALL
            add:
            - NET_BIND_SERVICE
{{- if .Values.controller.volumeMounts }}
        volumeMounts:
{{ toYaml .Values.controller.volumeMounts | indent 8 }}
{{- end }}
        env:
        - name: POD_NAMESPACE
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
        - name: POD_NAME
          valueFrom:
            fieldRef:
              fieldPath: metadata.name
        args:
          - -nginx-plus={{ .Values.controller.nginxplus }}
          - -nginx-configmaps=$(POD_NAMESPACE)/{{ include "nginx-ingress.configName" . }}
{{- if .Values.controller.defaultTLS.secret }}
          - -default-server-tls-secret={{ .Values.controller.defaultTLS.secret }}
{{ else }}
          - -default-server-tls-secret=$(POD_NAMESPACE)/{{ include "nginx-ingress.defaultTLSName" . }}
{{- end }}
          - -ingress-class={{ .Values.controller.ingressClass }}
          - -use-ingress-class-only={{ .Values.controller.useIngressClassOnly }}
{{- if .Values.controller.watchNamespace }}
          - -watch-namespace={{ .Values.controller.watchNamespace }}
{{- end }}
          - -health-status={{ .Values.controller.healthStatus }}
          - -health-status-uri={{ .Values.controller.healthStatusURI }}
          - -nginx-debug={{ .Values.controller.nginxDebug }}
          - -v={{ .Values.controller.logLevel }}
          - -nginx-status={{ .Values.controller.nginxStatus.enable }}
{{- if .Values.controller.nginxStatus.enable }}
          - -nginx-status-port={{ .Values.controller.nginxStatus.port }}
          - -nginx-status-allow-cidrs={{ .Values.controller.nginxStatus.allowCidrs }}
{{- end }}
{{- if .Values.controller.reportIngressStatus.enable }}
          - -report-ingress-status
{{- if .Values.controller.reportIngressStatus.externalService }}
          - -external-service={{ .Values.controller.reportIngressStatus.externalService }}
{{- else if and (.Values.controller.service.create) (eq .Values.controller.service.type "LoadBalancer") }}
          - -external-service={{ include "nginx-ingress.serviceName" . }}
{{- end }}
          - -enable-leader-election={{ .Values.controller.reportIngressStatus.enableLeaderElection }}
          - -leader-election-lock-name={{ include "nginx-ingress.leaderElectionName" . }}
{{- end }}
{{- if .Values.controller.wildcardTLS.secret }}
          - -wildcard-tls-secret={{ .Values.controller.wildcardTLS.secret }}
{{- else if and .Values.controller.wildcardTLS.cert .Values.controller.wildcardTLS.key }}
          - -wildcard-tls-secret=$(POD_NAMESPACE)/{{ include "nginx-ingress.wildcardTLSName" . }}
{{- end }}
          - -enable-prometheus-metrics={{ .Values.prometheus.create }}
          - -prometheus-metrics-listen-port={{ .Values.prometheus.port }}
          - -enable-custom-resources={{ .Values.controller.enableCustomResources }}
{{- end }}