RELEASE/MINOR: kubernetes-ingress: Tag release 1.35.1

dkorunic · dkorunic · commit 89cc99fd4d8f · 2023-11-22T08:48:42.000+01:00
Changes in kubernetes-ingress:
- CRD job updates and bug fixes

Signed-off-by: Dinko Korunic &lt;dkorunic@haproxy.com&gt;
diff --git a/kubernetes-ingress/Chart.yaml b/kubernetes-ingress/Chart.yaml
@@ -16,7 +16,7 @@ apiVersion: v2
 name: kubernetes-ingress
 description: A Helm chart for HAProxy Kubernetes Ingress Controller
 type: application
-version: 1.35.0
+version: 1.35.1
 appVersion: 1.10.10
 kubeVersion: ">=1.22.0-0"
 keywords:
@@ -32,6 +32,4 @@ maintainers:
 engine: gotpl
 annotations:
   artifacthub.io/changes: |
-    - Use Ingress Controller 1.10.10 version for base image
-    - Add CRD install/upgrade job for automated CRD management
-    - Remove default CRDs provided by Chart
+    - CRD job updates and bug fixes
diff --git a/kubernetes-ingress/templates/controller-crdjob.yaml b/kubernetes-ingress/templates/controller-crdjob.yaml
@@ -20,16 +20,20 @@ metadata:
   name: {{ include "kubernetes-ingress.crdjob.fullname" . }}
   namespace: {{ include "kubernetes-ingress.namespace" . }}
   labels:
-    app.kubernetes.io/name: {{ include "kubernetes-ingress.name" . }}
+    app.kubernetes.io/name: {{ include "kubernetes-ingress.crdjob.fullname" . }}
     helm.sh/chart: {{ include "kubernetes-ingress.chart" . }}
     app.kubernetes.io/managed-by: {{ .Release.Service }}
     app.kubernetes.io/instance: {{ .Release.Name }}
     app.kubernetes.io/version: {{ .Chart.AppVersion }}
 spec:
+{{- if .Capabilities.APIVersions.Has "batch/v1alpha1" }}
+  ttlSecondsAfterFinished: 0
+{{- end }}
+  backoffLimit: 0
   template:
     metadata:
       labels:
-        app.kubernetes.io/name: {{ include "kubernetes-ingress.name" . }}
+        app.kubernetes.io/name: {{ include "kubernetes-ingress.crdjob.fullname" . }}
         app.kubernetes.io/instance: {{ .Release.Name }}
         {{- if .Values.controller.podLabels }}
 {{ toYaml .Values.controller.podLabels | indent 8 }}
@@ -39,13 +43,63 @@ spec:
 {{ toYaml .Values.controller.podAnnotations | indent 8 }}
       {{- end }}
     spec:
+      restartPolicy: Never
       serviceAccountName: {{ include "kubernetes-ingress.serviceAccountName" . }}
+{{- if .Values.controller.imageCredentials.registry }}
+      imagePullSecrets:
+      - name: {{ include "kubernetes-ingress.fullname" . }}
+{{- else if .Values.controller.existingImagePullSecret }}
+      imagePullSecrets:
+      - name: {{ .Values.controller.existingImagePullSecret }}
+{{- end }}
+{{- if .Values.controller.priorityClassName }}
+      priorityClassName: {{ .Values.controller.priorityClassName }}
+{{- end }}
+{{- if .Values.controller.runtimeClassName }}
+      runtimeClassName: {{ .Values.controller.runtimeClassName }}
+{{- end }}
+{{- if .Values.controller.unprivileged }}
+      securityContext:
+        runAsNonRoot: true
+        runAsUser:  1000
+        runAsGroup: 1000
+{{- end }}
       containers:
-        - name: {{ include "kubernetes-ingress.name" . }}-{{ .Values.controller.name }}
+        - name: crd
           image: "{{ .Values.controller.image.repository }}:{{ tpl .Values.controller.image.tag . }}"
           imagePullPolicy: {{ .Values.controller.image.pullPolicy }}
           command:
             - /haproxy-ingress-controller
             - --job-check-crd
-      restartPolicy: Never
-  backoffLimit: 0
+          {{- if .Values.controller.unprivileged }}
+          securityContext:
+            runAsNonRoot: true
+            runAsUser:  1000
+            runAsGroup: 1000
+            allowPrivilegeEscalation: {{ .Values.controller.allowPrivilegeEscalation }}
+            capabilities:
+              drop:
+                - ALL
+              add:
+                - NET_BIND_SERVICE
+            {{- if .Values.controller.enableRuntimeDefaultSeccompProfile }}
+            seccompProfile:
+              type: RuntimeDefault
+            {{- end }}
+          {{- end }}
+      {{- with.Values.controller.initContainers }}
+      initContainers:
+          {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.controller.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.controller.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.controller.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
