HTTP/3 Helm Chart - new variables, tests

Author: marcel2012

charts/ingress-nginx/README.md

@@ -316,7 +316,8 @@ metadata:
 | controller.configAnnotations | object | `{}` | Annotations to be added to the controller config configuration configmap. |
 | controller.configMapNamespace | string | `""` | Allows customization of the configmap / nginx-configmap namespace; defaults to $(POD_NAMESPACE) |
 | controller.containerName | string | `"controller"` | Configures the controller container name |
-| controller.containerPort | object | `{"http":80,"https":443}` | Configures the ports that the nginx-controller listens on |
+| controller.containerPort | object | `{"http":80,"https":443}` | Configures the TCP ports that the nginx-controller listens on |
+| controller.containerUdpPort | object | `{"quic":443}` | Configures the UDP ports that the nginx-controller listens on |
 | controller.containerSecurityContext | object | `{}` | Security context for controller containers |
 | controller.customTemplate.configMapKey | string | `""` |  |
 | controller.customTemplate.configMapName | string | `""` |  |
@@ -342,6 +343,7 @@ metadata:
 | controller.hostPort.enabled | bool | `false` | Enable 'hostPort' or not |
 | controller.hostPort.ports.http | int | `80` | 'hostPort' http port |
 | controller.hostPort.ports.https | int | `443` | 'hostPort' https port |
+| controller.hostPort.ports.quic | int | `443` | 'hostPort' quic port |
 | controller.hostname | object | `{}` | Optionally customize the pod hostname. |
 | controller.image.allowPrivilegeEscalation | bool | `false` |  |
 | controller.image.chroot | bool | `false` |  |
@@ -451,6 +453,7 @@ metadata:
 | controller.service.clusterIPs | list | `[]` | Pre-defined cluster internal IP addresses of the external controller service. Take care of collisions with existing services. This value is immutable. Set once, it can not be changed without deleting and re-creating the service. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address |
 | controller.service.enableHttp | bool | `true` | Enable the HTTP listener on both controller services or not. |
 | controller.service.enableHttps | bool | `true` | Enable the HTTPS listener on both controller services or not. |
+| controller.service.enableQuic | bool | `false` | Enable the QUIC listener on both controller services or not. |
 | controller.service.enabled | bool | `true` | Enable controller services or not. This does not influence the creation of either the admission webhook or the metrics service. |
 | controller.service.external.enabled | bool | `true` | Enable the external controller service or not. Useful for internal-only deployments. |
 | controller.service.external.labels | object | `{}` | Labels to be added to the external controller service. |
@@ -471,6 +474,7 @@ metadata:
 | controller.service.internal.loadBalancerSourceRanges | list | `[]` | Restrict access to the internal controller service. Values must be CIDRs. Allows any source address by default. |
 | controller.service.internal.nodePorts.http | string | `""` | Node port allocated for the internal HTTP listener. If left empty, the service controller allocates one from the configured node port range. |
 | controller.service.internal.nodePorts.https | string | `""` | Node port allocated for the internal HTTPS listener. If left empty, the service controller allocates one from the configured node port range. |
+| controller.service.internal.nodePorts.quic | string | `""` | Node port allocated for the internal QUIC listener. If left empty, the service controller allocates one from the configured node port range. |
 | controller.service.internal.nodePorts.tcp | object | `{}` | Node port mapping for internal TCP listeners. If left empty, the service controller allocates them from the configured node port range. Example: tcp:   8080: 30080 |
 | controller.service.internal.nodePorts.udp | object | `{}` | Node port mapping for internal UDP listeners. If left empty, the service controller allocates them from the configured node port range. Example: udp:   53: 30053 |
 | controller.service.internal.ports | object | `{}` |  |
@@ -486,6 +490,7 @@ metadata:
 | controller.service.loadBalancerSourceRanges | list | `[]` | Restrict access to the external controller service. Values must be CIDRs. Allows any source address by default. |
 | controller.service.nodePorts.http | string | `""` | Node port allocated for the external HTTP listener. If left empty, the service controller allocates one from the configured node port range. |
 | controller.service.nodePorts.https | string | `""` | Node port allocated for the external HTTPS listener. If left empty, the service controller allocates one from the configured node port range. |
+| controller.service.nodePorts.quic | string | `""` | Node port allocated for the external QUIC listener. If left empty, the service controller allocates one from the configured node port range. |
 | controller.service.nodePorts.tcp | object | `{}` | Node port mapping for external TCP listeners. If left empty, the service controller allocates them from the configured node port range. Example: tcp:   8080: 30080 |
 | controller.service.nodePorts.udp | object | `{}` | Node port mapping for external UDP listeners. If left empty, the service controller allocates them from the configured node port range. Example: udp:   53: 30053 |
 | controller.service.ports.http | int | `80` | Port the external HTTP listener is published with. |

charts/ingress-nginx/templates/controller-daemonset.yaml

@@ -121,6 +121,14 @@ spec:
               hostPort: {{ index $.Values.controller.hostPort.ports $key | default $value }}
               {{- end }}
           {{- end }}
+          {{- range $key, $value := .Values.controller.containerUdpPort }}
+            - name: {{ $key }}
+              containerPort: {{ $value }}
+              protocol: UDP
+              {{- if $.Values.controller.hostPort.enabled }}
+              hostPort: {{ index $.Values.controller.hostPort.ports $key | default $value }}
+              {{- end }}
+          {{- end }}
           {{- if .Values.controller.metrics.enabled }}
             - name: {{ .Values.controller.metrics.portName }}
               containerPort: {{ .Values.controller.metrics.port }}

charts/ingress-nginx/templates/controller-deployment.yaml

@@ -127,6 +127,14 @@ spec:
               hostPort: {{ index $.Values.controller.hostPort.ports $key | default $value }}
               {{- end }}
           {{- end }}
+          {{- range $key, $value := .Values.controller.containerUdpPort }}
+            - name: {{ $key }}
+              containerPort: {{ $value }}
+              protocol: UDP
+              {{- if $.Values.controller.hostPort.enabled }}
+              hostPort: {{ index $.Values.controller.hostPort.ports $key | default $value }}
+              {{- end }}
+          {{- end }}
           {{- if .Values.controller.metrics.enabled }}
             - name: {{ .Values.controller.metrics.portName }}
               containerPort: {{ .Values.controller.metrics.port }}

charts/ingress-nginx/templates/controller-networkpolicy.yaml

@@ -24,6 +24,10 @@ spec:
         - protocol: TCP
           port: {{ $value }}
       {{- end }}
+      {{- range $key, $value := .Values.controller.containerUdpPort }}
+        - protocol: UDP
+          port: {{ $value }}
+      {{- end }}
       {{- if .Values.controller.metrics.enabled }}
         - protocol: TCP
           port: {{ .Values.controller.metrics.port }}

charts/ingress-nginx/templates/controller-service-internal.yaml

@@ -88,6 +88,18 @@ spec:
       nodePort: {{ .Values.controller.service.internal.nodePorts.https }}
     {{- end }}
   {{- end }}
+  {{- if .Values.controller.service.enableQuic }}
+    - name: quic
+      port: {{ .Values.controller.service.internal.ports.quic | default .Values.controller.service.ports.quic }}
+      protocol: UDP
+      targetPort: {{ .Values.controller.service.internal.targetPorts.quic | default .Values.controller.service.targetPorts.quic }}
+    {{- if and (semverCompare ">=1.20.0-0" .Capabilities.KubeVersion.Version) (.Values.controller.service.internal.appProtocol) }}
+      appProtocol: https
+    {{- end }}
+    {{- if (and $setNodePorts (not (empty .Values.controller.service.internal.nodePorts.quic))) }}
+      nodePort: {{ .Values.controller.service.internal.nodePorts.quic }}
+    {{- end }}
+  {{- end }}
   {{- range $key, $value := .Values.tcp }}
     - name: {{ if $.Values.portNamePrefix }}{{ $.Values.portNamePrefix }}-{{ end }}{{ $key }}-tcp
       port: {{ $key }}

charts/ingress-nginx/templates/controller-service.yaml

@@ -88,6 +88,18 @@ spec:
       nodePort: {{ .Values.controller.service.nodePorts.https }}
     {{- end }}
   {{- end }}
+  {{- if .Values.controller.service.enableQuic }}
+    - name: quic
+      port: {{ .Values.controller.service.ports.quic }}
+      protocol: UDP
+      targetPort: {{ .Values.controller.service.targetPorts.quic }}
+    {{- if and (semverCompare ">=1.20.0-0" .Capabilities.KubeVersion.Version) (.Values.controller.service.appProtocol) }}
+      appProtocol: https
+    {{- end }}
+    {{- if (and $setNodePorts (not (empty .Values.controller.service.nodePorts.quic))) }}
+      nodePort: {{ .Values.controller.service.nodePorts.quic }}
+    {{- end }}
+  {{- end }}
   {{- range $key, $value := .Values.tcp }}
     - name: {{ if $.Values.portNamePrefix }}{{ $.Values.portNamePrefix }}-{{ end }}{{ $key }}-tcp
       port: {{ $key }}

charts/ingress-nginx/tests/controller-daemonset_test.yaml

@@ -208,3 +208,26 @@ tests:
       - equal:
           path: spec.template.spec.runtimeClassName
           value: myClass
+
+  - it: should create a DaemonSet with a default UDP container port
+    set:
+      controller.kind: DaemonSet
+    asserts:
+      - contains:
+          path: spec.template.spec.containers[0].ports
+          content:
+            name: quic
+            containerPort: 443
+            protocol: UDP
+
+  - it: should create a DaemonSet with a custom UDP container port if `controller.containerUdpPort.quic` is set
+    set:
+      controller.kind: DaemonSet
+      controller.containerUdpPort.quic: 1234
+    asserts:
+      - contains:
+          path: spec.template.spec.containers[0].ports
+          content:
+            name: quic
+            containerPort: 1234
+            protocol: UDP

charts/ingress-nginx/tests/controller-deployment_test.yaml

@@ -231,3 +231,23 @@ tests:
       - equal:
           path: spec.template.spec.runtimeClassName
           value: myClass
+
+  - it: should create a Deployment with a default UDP container port
+    asserts:
+      - contains:
+          path: spec.template.spec.containers[0].ports
+          content:
+            name: quic
+            containerPort: 443
+            protocol: UDP
+
+  - it: should create a Deployment with a custom UDP container port if `controller.containerUdpPort.quic` is set
+    set:
+      controller.containerUdpPort.quic: 1234
+    asserts:
+      - contains:
+          path: spec.template.spec.containers[0].ports
+          content:
+            name: quic
+            containerPort: 1234
+            protocol: UDP

charts/ingress-nginx/tests/controller-networkpolicy_test.yaml

@@ -21,3 +21,24 @@ tests:
       - equal:
           path: metadata.name
           value: RELEASE-NAME-ingress-nginx-controller
+
+  - it: should create a NetworkPolicy with a default UDP port
+    set:
+      controller.networkPolicy.enabled: true
+    asserts:
+      - contains:
+          path: spec.ingress[0].ports
+          content:
+            protocol: UDP
+            port: 443
+
+  - it: should create a NetworkPolicy with a custom UDP port if `controller.containerUdpPort.quic` is set
+    set:
+      controller.networkPolicy.enabled: true
+      controller.containerUdpPort.quic: 1234
+    asserts:
+      - contains:
+          path: spec.ingress[0].ports
+          content:
+            protocol: UDP
+            port: 1234

charts/ingress-nginx/tests/controller-service-internal_test.yaml

@@ -73,3 +73,57 @@ tests:
       - equal:
           path: metadata.labels["external-dns.alpha.kubernetes.io/hostname"]
           value: internal.example.com
+
+  - it: should create a Service with a default UDP port if `controller.service.enableQuic` is set
+    set:
+      controller.service.internal.enabled: true
+      controller.service.internal.annotations:
+        test.annotation: "true"
+      controller.service.enableQuic: true
+    asserts:
+      - contains:
+          path: spec.ports
+          content:
+            name: quic
+            port: 443
+            protocol: UDP
+            targetPort: quic
+            appProtocol: https
+
+  - it: should create a Service with a custom internal UDP port if `controller.service.enableQuic` is set
+    set:
+      controller.service.internal.enabled: true
+      controller.service.internal.annotations:
+        test.annotation: "true"
+      controller.service.enableQuic: true
+      controller.service.ports.quic: 1234
+      controller.service.targetPorts.quic: 5678
+      controller.service.internal.ports.quic: 4321
+      controller.service.internal.targetPorts.quic: 8765
+    asserts:
+      - contains:
+          path: spec.ports
+          content:
+            name: quic
+            port: 4321
+            protocol: UDP
+            targetPort: 8765
+            appProtocol: https
+
+  - it: should create a Service with a custom service UDP port if `controller.service.enableQuic` is set
+    set:
+      controller.service.internal.enabled: true
+      controller.service.internal.annotations:
+        test.annotation: "true"
+      controller.service.enableQuic: true
+      controller.service.ports.quic: 1234
+      controller.service.targetPorts.quic: 5678
+    asserts:
+      - contains:
+          path: spec.ports
+          content:
+            name: quic
+            port: 1234
+            protocol: UDP
+            targetPort: 5678
+            appProtocol: https