Improve ingress template in Helm Chart (#8420)

* Improve ingress template for more customization * Add ingress configuration, remove no longer needed fields * Add _helpers.tpl for better usability * Add changes file * Bump Chart version to 5.0.0
2026-05-24 01:18:42 +00:00 · 2022-10-27 19:09:31 +02:00 · 2022-10-27 19:09:31 +02:00 · 124dbc0065
commit 124dbc0065
parent 1fa5475e6e
5 changed files with 143 additions and 38 deletions
--- a/changes/improve-ingress-resource
+++ b/changes/improve-ingress-resource
@ -0,0 +1,5 @@
+Improve ingress resource by replacing the template with a most recent version, that enables:
+
+- Not having any annotation hardcoded, all annotations are optional.
+- Custom path, as of now it was hardcoded to `/*`, but depending on the ingress controller, it can require an extra annotation to work with regular expressions.
+- Specify ingressClassName, as it was hardcoded to `gce`, and this is a setting that might be different on each cluster.
--- a/charts/fleet/Chart.yaml
+++ b/charts/fleet/Chart.yaml
@ -4,9 +4,9 @@ name: fleet
 keywords:
  - fleet
  - osquery
-version: v4.22.0
+version: v5.0.0
 home: https://github.com/fleetdm/fleet
 sources:
  - https://github.com/fleetdm/fleet.git
-appVersion: v4.22.0
+appVersion: v5.0.0

--- a/charts/fleet/templates/_helpers.tpl
+++ b/charts/fleet/templates/_helpers.tpl
@ -0,0 +1,62 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "fleet.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "fleet.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "fleet.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "fleet.labels" -}}
+helm.sh/chart: {{ include "fleet.chart" . }}
+{{ include "fleet.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "fleet.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "fleet.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "fleet.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "fleet.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
--- a/charts/fleet/templates/ingress.yaml
+++ b/charts/fleet/templates/ingress.yaml
@ -1,36 +1,61 @@
-{{- if .Values.createIngress }}
-apiVersion: networking.k8s.io/v1beta1
-kind: Ingress
-metadata:
-{{- if or .Values.ingressAnnotations .Values.gke.useGKEIngress }}
-  annotations:
-{{- range $key, $value := $.Values.ingressAnnotations }}
-    {{ $key }}: {{ $value | quote }}
-{{- end }}
-  {{- if .Values.gke.ingress.useGKEIngress }}
-    kubernetes.io/ingress.class: gce
-    {{- if .Values.gke.ingress.useManagedCertificate }}
-    kubernetes.io/ingress.allow-http: "false"
-    networking.gke.io/managed-certificates: fleet
-    {{- end }}
+{{- if .Values.ingress.enabled -}}
+{{- $fullName := include "fleet.fullname" . -}}
+{{- $svcPort := .Values.fleet.listenPort -}}
+{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
+  {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }}
+  {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}}
  {{- end }}
 {{- end }}
-  labels:
-    app: fleet
-    chart: fleet
-    heritage: {{ .Release.Service }}
-    release: {{ .Release.Name }}
-  name: fleet
-  namespace: {{ .Release.Namespace }}
-spec:
-  rules:
-  - host: {{ .Values.hostName }}
-    http:
-      paths:
-      - path: /*
-        # Next line required in k8s 1.19 and not supported in <=1.17
-        # pathType: Exact
-        backend:
-          serviceName: fleet
-          servicePort: fleet
+{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1
+{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1beta1
+{{- else -}}
+apiVersion: extensions/v1beta1
+{{- end }}
+kind: Ingress
+metadata:
+  name: {{ $fullName }}
+  labels:
+    {{- include "fleet.labels" . | nindent 4 }}
+  {{- with .Values.ingress.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
+  ingressClassName: {{ .Values.ingress.className }}
+  {{- end }}
+  {{- if .Values.ingress.tls }}
+  tls:
+    {{- range .Values.ingress.tls }}
+    - hosts:
+        {{- range .hosts }}
+        - {{ . | quote }}
+        {{- end }}
+      secretName: {{ .secretName }}
+    {{- end }}
+  {{- end }}
+  rules:
+    {{- range .Values.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+          {{- range .paths }}
+          - path: {{ .path }}
+            {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }}
+            pathType: {{ .pathType }}
+            {{- end }}
+            backend:
+              {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
+              service:
+                name: {{ $fullName }}
+                port:
+                  number: {{ $svcPort }}
+              {{- else }}
+              serviceName: {{ $fullName }}
+              servicePort: {{ $svcPort }}
+              {{- end }}
+          {{- end }}
+    {{- end }}
 {{- end }}
--- a/charts/fleet/values.yaml
+++ b/charts/fleet/values.yaml
@ -3,8 +3,6 @@
 hostName: fleet.localhost
 replicas: 3 # The number of Fleet instances to deploy
 imageTag: v4.22.0 # Version of Fleet to deploy
-createIngress: true # Whether or not to automatically create an Ingress
-ingressAnnotations: {} # Additional annotation to add to the Ingress
 podAnnotations: {} # Additional annotations to add to the Fleet pod
 serviceAccountAnnotations: {} # Additional annotations to add to the Fleet service account
 resources:
@ -37,6 +35,22 @@ affinity:
          topologyKey: kubernetes.io/hostname
        weight: 100

+ingress:
+  enabled: false
+  className: ""
+  annotations: {}
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+  hosts:
+    - host: chart-example.local
+      paths:
+        - path: /
+          pathType: ImplementationSpecific
+  tls: []
+  #  - secretName: chart-example-tls
+  #    hosts:
+  #      - chart-example.local
+  
 ## Section: Fleet
 # All of the settings relating to configuring the Fleet server
 fleet:
@ -168,7 +182,6 @@ gke:
    instanceName: ""
  # The GKE Ingress requires a few changes that other ingress controllers don't
  ingress:
-    useGKEIngress: false
    useManagedCertificate: false
  # Workload Identity allows the K8s service account to assume the IAM permissions of a GCP service account
  workloadIdentityEmail: ""