duynguyen/k8s-cluster
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: duynguyen:9419f7d4a3e8b485cde27d0677385a2d3bc852b2
Branches Tags
duynguyen:main
...
compare: duynguyen:main
Branches Tags
duynguyen:main

10 Commits
9419f7d4a3 ... main

Author SHA1 Message Date
duynguyen
b7f2bc68a9 fix: update serviceMonitor and podMonitor selector configurations 
Changed serviceMonitorSelectorNilUsesHelmValues and podMonitorSelectorNilUsesHelmValues from true to false in values.yaml to ensure explicit selection of ServiceMonitors and PodMonitors for Prometheus target discovery.
 2026-05-03 15:44:40 +07:00
duynguyen
dac76b9713 feat: enable metrics service for ArgoCD components 
Updated values.yaml to enable metrics service for the controller, server, repoServer, and applicationSet components, allowing for improved monitoring and observability through Prometheus ServiceMonitor.
 2026-05-03 14:03:16 +07:00
duynguyen
36112376cd feat: add sonarqube-token ExternalSecret and Jenkins credential 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-02 14:51:58 +07:00
duynguyen
1e6b9190f9 fix: update SonarQube monitoring passcode configuration 2026-04-27 22:10:29 +07:00
duynguyen
a1c47af353 feat: add ExternalSecret for SonarQube monitoring passcode 2026-04-27 22:08:48 +07:00
duynguyen
e42544c877 add sonarqube 2026-04-27 21:52:01 +07:00
duynguyen
142dd15922 feat: register homelab shared library in Jenkins JCasC 
Adds global pipeline library 'homelab' pointing to
gitea.fireflylab.cc/duynguyen/homelab-jenkins-shared-libs.git
on main branch. Uses gitea-credentials for auth.
 2026-04-26 13:57:56 +07:00
duynguyen
f230fd831e fix: move ExternalSecrets into Helm extraObjects 
ArgoCD treats manifest/jenkins as Helm app → ignores subdirectory
YAML files. Moving ExternalSecrets into values.extraObjects ensures
Helm renders + applies them. sync-wave -1 guarantees secrets exist
before Jenkins pod mounts them.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-22 16:25:17 +07:00
duynguyen
738688ab2c fix: add sync-wave -1 to Jenkins ExternalSecrets 
Secrets must exist before Jenkins pod mounts them.
Sync wave -1 ensures ESO creates secrets before Jenkins Helm resources.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-22 16:18:18 +07:00
duynguyen
afadbbbf7d feat: add harbor/gitea credentials via Vault ESO + JCasC 
- ExternalSecret manifests sync kv/jenkins/{harbor,gitea}-credentials
  from Vault → K8s secrets in jenkins namespace
- Jenkins values: additionalExistingSecrets mounts both secrets
- JCasC configScript creates harbor-credentials + gitea-credentials
  pipeline credentials from mounted secret env vars

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-22 16:01:22 +07:00
260 changed files with 12627 additions and 20 deletions
Expand all files Collapse all files

16
manifest/argocd-9.1.0/values.yaml
View File

@@ -1012,7 +1012,7 @@ controller:
## Application controller metrics configuration
metrics:
# -- Deploy metrics service
enabled: false
enabled: true
# -- Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used.
scrapeTimeout: ""
applicationLabels:
@@ -1035,7 +1035,7 @@ controller:
portName: http-metrics
serviceMonitor:
# -- Enable a prometheus ServiceMonitor
enabled: false
enabled: true
# -- Prometheus ServiceMonitor interval
interval: 30s
# -- When true, honorLabels preserves the metrics labels when they collide with the targets labels.
@@ -2366,7 +2366,7 @@ server:
## Server metrics service configuration
metrics:
# -- Deploy metrics service
enabled: false
enabled: true
service:
# -- Metrics service type
type: ClusterIP
@@ -2382,7 +2382,7 @@ server:
portName: http-metrics
serviceMonitor:
# -- Enable a prometheus ServiceMonitor
enabled: false
enabled: true
# -- Prometheus ServiceMonitor interval
interval: 30s
# -- Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used.
@@ -3079,7 +3079,7 @@ repoServer:
## Repo server metrics service configuration
metrics:
# -- Deploy metrics service
enabled: false
enabled: true
service:
# -- Metrics service type
type: ClusterIP
@@ -3095,7 +3095,7 @@ repoServer:
portName: http-metrics
serviceMonitor:
# -- Enable a prometheus ServiceMonitor
enabled: false
enabled: true
# -- Prometheus ServiceMonitor interval
interval: 30s
# -- Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used.
@@ -3248,7 +3248,7 @@ applicationSet:
## Metrics service configuration
metrics:
# -- Deploy metrics service
enabled: false
enabled: true
service:
# -- Metrics service type
type: ClusterIP
@@ -3264,7 +3264,7 @@ applicationSet:
portName: http-metrics
serviceMonitor:
# -- Enable a prometheus ServiceMonitor
enabled: false
enabled: true
# -- Prometheus ServiceMonitor interval
interval: 30s
# -- Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used.

126
manifest/jenkins/values.yaml
View File

@@ -34,6 +34,74 @@ extraLabels: {}
# -- Configures extra manifests
extraObjects:
- apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: harbor-credentials
namespace: jenkins
annotations:
argocd.argoproj.io/sync-wave: "-1"
spec:
refreshInterval: 1h
secretStoreRef:
name: vault-backend
kind: ClusterSecretStore
target:
name: harbor-credentials
creationPolicy: Owner
data:
- secretKey: username
remoteRef:
key: jenkins/harbor-credentials
property: username
- secretKey: password
remoteRef:
key: jenkins/harbor-credentials
property: password
- apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: gitea-credentials
namespace: jenkins
annotations:
argocd.argoproj.io/sync-wave: "-1"
spec:
refreshInterval: 1h
secretStoreRef:
name: vault-backend
kind: ClusterSecretStore
target:
name: gitea-credentials
creationPolicy: Owner
data:
- secretKey: username
remoteRef:
key: jenkins/gitea-credentials
property: username
- secretKey: password
remoteRef:
key: jenkins/gitea-credentials
property: password
- apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: sonarqube-token
namespace: jenkins
annotations:
argocd.argoproj.io/sync-wave: "-1"
spec:
refreshInterval: 1h
secretStoreRef:
name: vault-backend
kind: ClusterSecretStore
target:
name: sonarqube-token
creationPolicy: Owner
data:
- secretKey: token
remoteRef:
key: jenkins/sonarqube-token
property: token
controller:
# -- Used for label app.kubernetes.io/component
@@ -497,13 +565,18 @@ controller:
existingSecret:
# -- List of additional existing secrets to mount
additionalExistingSecrets: []
additionalExistingSecrets:
- name: harbor-credentials
keyName: username
- name: harbor-credentials
keyName: password
- name: gitea-credentials
keyName: username
- name: gitea-credentials
keyName: password
- name: sonarqube-token
keyName: token
# ref: https://github.com/jenkinsci/configuration-as-code-plugin/blob/master/docs/features/secrets.adoc#kubernetes-secrets
# additionalExistingSecrets:
# - name: secret-name-1
# keyName: username
# - name: secret-name-1
# keyName: password
# -- List of additional secrets to create and mount
additionalSecrets: []
@@ -545,10 +618,43 @@ controller:
configUrls: []
# - https://acme.org/jenkins.yaml
# -- List of Jenkins Config as Code scripts
configScripts: {}
# welcome-message: |
# jenkins:
# systemMessage: Welcome to our CI\CD server. This Jenkins is configured and managed 'as code'.
configScripts:
global-libraries: |
unclassified:
globalLibraries:
libraries:
- name: "homelab"
defaultVersion: "main"
implicit: false
allowVersionOverride: true
retriever:
modernSCM:
scm:
git:
remote: "https://gitea.fireflylab.cc/duynguyen/homelab-jenkins-shared-libs.git"
credentialsId: "gitea-credentials"
pipeline-credentials: |
credentials:
system:
domainCredentials:
- credentials:
- usernamePassword:
description: "Harbor registry"
id: "harbor-credentials"
username: "${harbor-credentials-username}"
password: "${harbor-credentials-password}"
scope: GLOBAL
- usernamePassword:
description: "Gitea"
id: "gitea-credentials"
username: "${gitea-credentials-username}"
password: "${gitea-credentials-password}"
scope: GLOBAL
- string:
description: "SonarQube token"
id: "sonarqube-token"
secret: "${sonarqube-token-token}"
scope: GLOBAL
# Allows adding to the top-level security JCasC section. For legacy purposes, by default, the chart includes apiToken configurations
# -- Jenkins Config as Code security-section

4
manifest/kube-prometheus-stack/values.yaml
View File

@@ -4308,7 +4308,7 @@ prometheus:
## prometheus resource to be created with selectors based on values in the helm deployment,
## which will also match the servicemonitors created
##
serviceMonitorSelectorNilUsesHelmValues: true
serviceMonitorSelectorNilUsesHelmValues: false
## ServiceMonitors to be selected for target discovery.
## If {}, select all ServiceMonitors
@@ -4331,7 +4331,7 @@ prometheus:
## prometheus resource to be created with selectors based on values in the helm deployment,
## which will also match the podmonitors created
##
podMonitorSelectorNilUsesHelmValues: true
podMonitorSelectorNilUsesHelmValues: false
## PodMonitors to be selected for target discovery.
## If {}, select all PodMonitors

562
manifest/sonarqube/CHANGELOG.md Normal file
View File

@@ -0,0 +1,562 @@
# SonarQube Chart Changelog
All changes to this chart will be documented in this file.
## [2026.2.1]
* Upgrade Chart's version to 2026.2.1
* Upgrade SonarQube Server to 2026.2.1
## [2026.2.0]
* Upgrade Chart's version to 2026.2.0
* Upgrade SonarQube Server to 2026.2.0
* Update ingress-nginx subchart to 4.14.3
* Upgrade SonarQube Community build to 26.3.0.120487
* Replace wget with curl in health probes
* Use -fS flag in curl to show errors in liveness probes
## [2026.1.0]
* Upgrade SonarQube Server to 2026.1.0
* Upgrade Chart's version to 2026.1.0
* Upgrade SonarQube Community build to 26.1.0.118079
* Remove PostgreSQL embedded chart dependency and related settings
* Support Kubernetes v1.35
* Support Openshift v4.20
* Update ingress-nginx subchart to 4.14.1
* Deprecate the ingress-nginx dependency
## [2025.6.0]
* Upgrade SonarQube Server to to 2025.6.0
* Update Chart's version to 2025.6.0
* Upgrade SonarQube Community Build to 25.12.0.117093
* Disable Postgresql when the JDBC overwrite is used
* Make SonarQube Server available as an Container App on the Azure Marketplace
## [2025.5.0]
* Upgrade SonarQube Server to to 2025.5.0
* Update Chart's version to 2025.5.0
* Upgrade SonarQube Community Build to 25.9.0.112764
* Update the image and readinessProbe used by postgresql after they migrated to a legacy repository
* Support Kubernetes v1.34.0
* Make SonarQube Server available as an Container App on the Azure Marketplace
* Disable Postgresql when the JDBC overwrite is used
## [2025.4.0]
* Update Chart's version to 2025.4.0
* Upgrade SonarQube Server to to 2025.4.0
* Upgrade SonarQube Community Build to 25.7.0.110598
* Upgrade nginx subchart to 4.12.3
* Support Kubernetes v1.32
* Add the possibility of to save the data with hostpath
## [2025.3.1]
* Update Chart's version to 2025.3.1
* Upgrade SonarQube Server to 2025.3.1
## [2025.3.0]
* Update Chart's version to 2025.3.0
* Upgrade SonarQube Community Build to 25.5.0.107428
* Normalizes the extension for all templates
* Remove example about non-system sonar.properties
* Fix change-admin-password hook when using special characters
* Upgrade SonarQube Server to 2025.3.0
## [2025.2.0]
* Update Chart's version to 2025.2.0
* Update ingress-nginx subchart to 4.12.1
* Upgrade SonarQube Server to 2025.2.0
## [2025.1.0]
* Update Chart's version to 2025.1.0
* Upgrade SonarQube Server to 2025.1.0
* Upgrade SonarQube Community Build to 25.1.0.102122
* Update ingress-nginx subchart to 4.11.3
* Support Kubernetes v1.32
* Remove the default passcode provided with `monitoringPasscode`
* Support Openshift v4.17
* Improves editions and versions setting for sonarqube chart
## [10.8.1]
* Update Chart's version to 10.8.1
* Remove immutable labels selector `app.kubernetes.io/name` and `app.kubernetes.io/version` as it breaks upgrades
* set `image.tag` empty in default value file, `image.tag` is dynamically set according to the `edition` and `community` fields. user-defined have precedence
## [10.8.0]
* Update Chart's version to 10.8.0
* Upgrade SonarQube Server to 10.8.0
* Release SonarQube Community Build 24.12
* Support the installation of the Oracle JDBC Driver
* Support Kubernetes v1.31
* Deprecate the `community` value for the `edition` parameter
* Introduce the `community.enabled` and `community.buildNumber` parameters for SonarQube Community Build
* Deprecate the default value of `image.tag` in favor of an empty string
* Update the Chart's icon with the SonarQube Server logo
* Set `app.kubernetes.io/name` and `app.kubernetes.io/version` as selector labels
* Support Gateway on different namespace in HTTPRoute
* Change `ingress.ingressClassName` default, set it to `nginx` if `nginx.enabled` or `ingress-nginx.enabled`
* Ensure that ConfigMap resources are not created for `initFS` and `initSysctl` if not needed
* Ensure the Pod will stop at `init` stage if init_sysctl.sh failed to modify kernel parameters
* Replace the example images in initContainers, initSysctl and initFs from `busybox:1.36` to `ubuntu:24.04`, which are commented out by default
* Make the `automountServiceAccountToken` configurable with `serviceAccount.automountToken` in PodSpec
* Deprecate `sonarqubeFolder`, `jdbcOverwrite.jdbcPassword` and `terminationGracePeriodSeconds`
* Deprecate `deploymentStrategy.type`, which will be set to `Recreate`
* Deprecate `account`, `curlContainerImage`, `adminJobAnnotations`
* Deprecate the StatefulSet deployment type
## [10.7.0]
* Update Chart's version to 10.7.0
* Upgrade SonarQube to 10.7.0
* Support Kubernetes v1.30
* Upgrade ingress-nginx dependency to 4.10.1
* Deprecate `jdbcOverwrite.enable` in favor of `jdbcOverwrite.enabled`
* Fix regression on env valuesFrom in the new STS template
* Fix a typo in the new common STS template
* Enable the setup of ReadOnlyRootFilesystem in the security contexts
* Support basic chart installation on Openshift
* Include remaining Route settings
* Fix networkPolicy.additionalPolicys typo
* Support install-plugin and prometheusExporter proxy variables in secret
* Support GatewayAPI HttpRoute
* Support additional labels in the PodMonitor
* Support Openshift SCCv2 by default when Openshift.enabled=true
* Deprecate Openshift.createSCC
* Support additional CA Certificate as ConfigMap instead of Secret only
* Changed default value for caCerts.image
* Fix openshift change-admin-password-hook Job SecurityContext failure
* Support SONAR_OPENSHIFT telemetry env_var
* Update helm chart repo path in sources
* Changed SONAR_OPENSHIFT to IS_HELM_OPENSHIFT_ENABLED
* Remove socketTimeout from jdbcOverwrite.jdbcUrl's default value
* Refactor Route to be subparameter of OpenShift
* Make OpenShift.createSCC false by default
* Deprecate peristence.volumes and persistence.mounts in favor or extraVolumes and extraVolumeMounts
* Ensure kubernetes.io/version label is smaller than 63 chars
## [10.6.0]
* Update SonarQube to 10.6.0
* Update Chart's version to 10.6.0
* Fix the env-var templating when sourcing from secrets
* Fix the postgresql chart's repository link
* Add support for overriding liveness/readiness probe logic
* Use a common template for Deployment and StatefulSet
## [10.5.0]
* Upgrade SonarQube to 10.5.0
* Update Chart's version to 10.5.0
* Update nginx-ingress-controller dependency to version 4.9.1
* Set `automountServiceAccountToken` to false in pod's specifications
* Update default `resources` values matching better default Xmx and Xms of the SonarQube processes.
* Make `ephemeral-storage` resource's limits and requests configurable for the SonarQube container
* Set memory and cpu limits for the test container
* Deprecate nginx.enabled in favor of ingress-nginx.enabled, to match with subchart config block
* Deprecate `prometheusMonitoring.podMonitor.namespace`
* Instantiate `monitoring-web` and `monitoring-ce` endpoints when the `prometheusExporter` is enabled
* Take `sonarWebContext` into account for the `PodMonitor` path
* Fix duplicated env_var in Pods causing deployment issue (`SONAR_WEB_CONTEXT`,`SONAR_WEB_JAVAOPTS`,`SONAR_CE_JAVAOPTS`)
## [10.4.0]
* Upgrade SonarQube to 10.4.0
* Update Chart's version to 10.4.0
* Improve the description of deprecated `jvmOpts` and `jvmCeOpts` values
* Run the initSysctl init-container as root to prevent 'permission denied' issues
* Add revisionHistoryLimit configuration for SonarQube application Deployment ReplicaSets & StatefulSets
* Update the security contexts to use root as group ID
* Fix empty ingress annotations in values
* Add support for dual stack and IPv6 single stack clusters in readiness/liveness probes
## [10.3.0]
* Upgrade SonarQube to 10.3.0
* Update Chart's version to 10.3.0
* Update default images to the latest versions
* Remove the nginx-proxy-body annotation when nginx is disabled
* Enable post-upgrade in the change-admin-password hook
* Update default ContainerSecurityContext, InitContainerSecurityContext and postgresql.securityContext to match restricted podSecurityStandard
* Update initFs defaut securityContext to match baseline podSecurityStandard
* Update Elasticsearch.configureNode to false by default after 3 year deprecation
* Fix wrong condition on initSysctl feature
* Update default image of initContainers to sonarqube image, allowing for faster loading time and less external images needed
* Support Kubernetes v1.28
* Avoid duplicate SONAR_WEB_SYSTEMPASSCODE secrets
* Deprecate embedded PostgreSQL
* Update nginx-ingress-controller dependency to version 4.8.3, please carefully read the changelog of this new major version.
## [10.2.0]
* Update SonarQube to 10.2.0
* Update Chart's version to 10.2.0
* Update curl image to 8.2.0
* `readinessProbe.sonarWebContext`, `startupProbe.sonarWebContext`, `livenessProbe.sonarWebContext`, and `account.sonarWebContext` are deprecated, please use `sonarWebContext` at the value top level.
* Updates ingress-nginx dependency to 4.7.1
* Fixes broken table on README
## [10.1.0]
* Update SonarQube to 10.1.0
* Support Kubernetes v1.27 while dropping v1.23
* Changed default test process to wget, using sonarqube image as default
* Update Chart's version to 10.1.0
* Fix liveness probe to detect when a failure occurs.
## [10.0.0]
* Update SonarQube to 10.0.0
* Helm chart versioning will now follow the SonarQube product versioning
## [9.5.1]
* Make `jvmOpts` and `jvmCeOpts` not override env vars and sonar properties
## [9.5.0]
* Add helm-chart-sonarqube as chart source
## [9.4.2]
* Fixed unsupported wget parameter `--proxy off` with `--no-proxy`
## [9.4.1]
* Fix install_plugins.sh not deleting previously installed plugins
## [9.4.0]
* Added support for `extraVolumes` and `extraVolumeMounts` in sonar pod.
## [9.3.1]
* Clarify doc for custom cacert secret
## [9.3.0]
* Refactor Deployment manifest to match the Statefulset manifest
## [9.2.0]
* Add a configurable Prometheus PodMonitor resource
* Refactor Prometheus exporter's documentation and bump to version 0.17.2
## [9.1.0]
* Allow setting priorityClassName for StatefulSets
## [9.0.1]
* Adds timeoutSeconds parameter to probes
## [9.0.0]
* Update SonarQube logo
* Bootstrap chart version 9.x.x dedicated to the future SonarQube 10.0
## [8.0.0]
* Update SonarQube to 9.9.0
* Bootstrap chart version 8.x.x dedicated to SonarQube 9.9 LTS
## [7.0.2]
* Update the list of supported kubernetes versions
## [7.0.1]
* Set a new default (maximum) allowed size of the client request body on the ingress
## [7.0.0]
* Update SonarQube to 9.8.0
## [6.2.1]
* Update the postgresql chart's repository
## [6.2.0]
* Refactor Ingress to be compatible with static compatibitly test and 1.19 minimum requirement
## [6.1.2]
* Updated SonarQube to 9.7.1
## [6.1.1]
* Refactor templating of ConfigMap for sonar.properties
* Fix the bug where sonarSecretKey was not applied without sonar.properties set
## [6.1.0]
* Fix the installation of plugins using the standard folder `extensions/plugins` instead of `extensions/downloads` and `lib/common`
* Remove `plugins.lib` and other small edits in the documentation
## [6.0.0]
* Updated SonarQube to 9.7.0
## [5.4.1]
* Fix the right-dash curly brace issue with the additional network policy parameter
## [5.4.0]
* Allow `tests.image` to be configured and update README accordingly.
* Allow `tests.initContainers.image` to be configured and update README accordingly.
## [5.3.0]
* Use the networkPolicy.prometheusNamespace value for the network policy namespace selector
* Uncomment default value in values.yaml for backwards compatibility
## [5.2.0]
* Add support for monitoringPasscode passed as a secret and removal of livenessprobe httpheader defined in clear text
## [5.1.0]
* Bump apiVersion to v2
* Set the number of allowed replicas to 0 and 1
* Add documentation for ingress tls
* Add documentation for sonarProperties and sonarSecretProperties
* Add the possibility of using a secret for customizing the admin password
## [5.0.6]
* Updated SonarQube to 9.6.1
## [5.0.0]
* Updated SonarQube to 9.6.0
## [4.0.3]
* Add support for Openshift Route labels and annotations
## [4.0.2]
* Fix issue with Openshift route name to use use fullname instead of name
## [4.0.1]
* Add documentation for ingress annotations
## [4.0.0]
* updated SonarQube to 9.5.0
## [3.0.4]
* Fix issue with additional network policy
## [3.0.3]
* Add automount service account token flag
## [3.0.2]
* Add documentation to setup web context via environment variable
## [3.0.1]
* Fix for issue (#215)[https://github.com/SonarSource/helm-chart-sonarqube/issues/215], adding tolerations and affinity to change password hooks
## [3.0.0]
* updated SonarQube to 9.4.0
## [2.0.7]
* Specify location of .netrc file when downloading plugins that require auth
## [2.0.6]
* Specify service account name in change admin password hook
## [2.0.5]
* secure admin password in k8s secret
## [2.0.4]
* no longer automount service account token
## [2.0.3]
* changed description of dependency postgresql chart
## [2.0.2]
* changed links to get a better overview of sources
## [2.0.1]
* Updated all instances of the caCerts enabled check
## [2.0.0]
* updated SonarQube to 9.3.0
## [1.6.5]
* add securitycontext to wait-for-db and change-password hook
## [1.6.4]
* properties are now correctly set
## [1.6.3]
* `livenessProbe.failureThreshold` was never rendered
## [1.6.2]
* added missing logic for `caCerts.enabled`
## [1.6.1]
* fix missing `SONAR_WEB_SYSTEMPASSCODE` environment variable causing failed liveness checks
## [1.5.1]
* added possibility to define host of a route
## [1.5.0]
* detached sonarqube edition from version
## [1.4.0]
* added possibility to define the ingress pathType
* added network policies
* added possibility to define ressources for the change admin password hook
* default permissions for prometheus injector now align with pod fs permissions
* updated dependencies
* admin hook now honors web context
## [1.3.0]
* added support for multiple image pull secrets
* added `image.pullSecrets`
* deprecated support for singular image pull secret
* deprecated `image.pullSecret`
* fixed missing image pull secret in admin hook job
## [1.2.5]
* updated SonarQube to 9.2.4
## [1.2.4]
* updated SonarQube to 9.2.3
## [1.2.3]
* updated SonarQube to 9.2.2
## [1.2.2]
* fix hardcoded reference to port 9000
## [1.2.1]
* updated SonarQube to 9.2.1
## [1.2.0]
* updated SonarQube to 9.2.0
## [1.1.11]
* fixed missing POD level security context for statefulset deployment
## [1.1.10]
* added link to community support forum
* Use liveness endpoint instead of helth endpoint for liveness probe
## [1.1.9]
* fixed wrong scc user reference if name was explicitly set
## [1.1.8]
* fixed serviceaccount logic
## [1.1.7]
* fixed wrong artifact hub images annotation
## [1.1.6]
* updated sonarqube to 9.1.0
## [1.1.5]
* added resources to ui-test pod template
## [1.1.4]
* fixed artifacthub annotations
## [1.1.3]
* fixed `invalid: metadata.labels: Invalid value` error on the `chart` label of the pvc
## [1.1.2]
* fixed condition check to add new certificates
## [1.1.1]
* updated default application version to 9.0.1
* release to helm repository
## [1.1.0]
* update jdbc overwrite values
* replace `jdbcUrlOverride` with `jdbcOverwrite.jdbcUrl`
* remove useless `jdbcDatabaseType` (was always postgres)
* deprecate `postgresql.postgresqlServer`, `postgresql.existingSecret` and `postgresql.existingSecretPasswordKey` in favor of new `jdbcOverwrite` values
* update dependency Charts
* `bitnami/postgresql` from 8.6.4 to 10.4.8
* `ingress-nginx/ingress-nginx` from 3.29.0 to 3.31.0
## [1.0.19]
* Add optional ingress parameter `ingressClassName`
## [1.0.18]
* added route support for OpenShift deployments
## [1.0.17]
* Add an additional configuration parameter `extraContainers` to allow an array of containers to run alongside the sonarqube container
## [1.0.16]
* fixed usage of `sonarSecretProperties`
## [1.0.15]
* bump jmx_exporter to 0.16.0
## [1.0.14]
* added hostAliases to deploymentType statefulset
## [1.0.13]
* made prometheus exporter port configurable and support prometheus PodMonitor
## [1.0.12]
* make sure SQ is restarted when the JMX Prometheus exporter agents configuration changes
## [1.0.11]
* JMX Prometheus exporter agent is now also enabled on the CE process
* `prometheusExporter.ceConfig` allows specific config of the JMX Prometheus exporter agent for the CE process
## [1.0.10]
* added prometheusExporter.noCheckCertificate option
## [1.0.9]
* add missing imagePullSecrets in sts install type
## [1.0.8]
* fix typo in initfs
* fix plugin installation init container permissions
* fix duplicated mount point for conf when sonar.properties are defined
## [1.0.7]
* fix invalid yaml render in `secret.yaml` when using external postgresql
## [1.0.6]
* added `prometheusExporter.downloadURL` (custom download URL for the agent jar)
## [1.0.5]
* replace `rjkernick/alpine-wget` with `curlimages/curl`
* update `install-plugins` script
* fix possible issue with prometheus init container and `env` set in the `values.yaml`
## [1.0.4]
* fix for missing `serviceAccountName` in STS deployment kind
## [1.0.3]
* fixed prometheus config volume mount if disabled
* switched from wget to curl image per default for downloading agent
* added support for proxy envs
## [1.0.2]
* added option to configure CE java opts separately
## [1.0.1]
* fixed missing conditional that was introduced in 0.9.2.2 to sonarqube-sts.yaml
* updated default application version to 8.9
## [1.0.0]
* changed default deployment from replica set to statefull set
* added default support for prometheus jmx exporter
* added init filesystem container
* added nginx-ingress as optional dependency
* updated application version to 8.8-community
* improved readiness/startup and liveness probes
* improved documentation
## [0.9.6.2]
* Change order of env variables to better support 7.9-lts
## [0.9.6.1]
* Add support for setting custom annotations in admin hook job.
## [0.9.6.0]
* Add the possibility of definining the secret key name of the postgres password.
## [0.9.5.0]
* Add Ingress default backend for GCE class
## [0.9.2.3]
* Added namespace to port-foward command in notes.
## [0.9.2.2]
* Added a condition to deployment.yaml so that `wait-for-db` initContainer is only created if `postgresql.enabled=true`
## [0.9.2.1]
* Updated the configuration table to include the additional keys added in release 9.2.0.
## [0.9.2.0]
* Added functionality for deployments to OpenShift clusters.
* .Values.OpenShift flag to signify if deploying to OpenShift.
* Ability to have chart generate an SCC allowing the init-sysctl container to run as privileged.
* Setting of a seperate securityContext section for the main SonarQube container to avoid running as root.
* Exposing additional `postreSQL` keys in values.yaml to support configuring postgres to run under standard "restricted" or "anyuid"/"nonroot" SCCs on OpenShift.
* Added initContainer `wait-for-db` to await postgreSQL successful startup before starting SonarQube, to avoid race conditions.
## [0.9.1.1]
* Update SonarQube to 8.5.1.
* **Fix:** Purge plugins directory before download.
## [0.9.0.0]
* Update SonarQube to 8.5.
* **Breaking change:** Rework init containers.
* Move global defaults from `plugins` section to `initContainers`.
* Update container images.
* **Deprecation:** `elasticsearch.configureNode` in favor of `initSysctl.enabled`.
* Rework sysctl with support for custom values.
* Rework plugins installation via `opt/sonarqube/extensions/downloads` folder that is handled by SonarQube itself.
* **Breaking change:** remove `plugins.deleteDefaultPlugins` as SonarQube stores bundled plugins out of `opt/sonarqube/extensions`.
* Rename deprecated `SONARQUBE_` environment variables to `SONAR_` ones.
* **Breaking change:** Rename `enabledTests` to `tests.enabled`.
* Add `terminationGracePeriodSeconds`.

6
manifest/sonarqube/Chart.lock Normal file
View File

@@ -0,0 +1,6 @@
dependencies:
- name: ingress-nginx
repository: https://kubernetes.github.io/ingress-nginx
version: 4.14.3
digest: sha256:509c4ae921d4445b650db5137b9936f49c7221474e98ad2616974e37355bfd3b
generated: "2026-02-03T15:21:35.707785+01:00"

63
manifest/sonarqube/Chart.yaml Normal file
View File

@@ -0,0 +1,63 @@
annotations:
artifacthub.io/changes: |
- kind: changed
description: "Upgrade Chart's version to 2026.2.1"
- kind: changed
description: "Upgrade SonarQube Server to 2026.2.1"
artifacthub.io/containsSecurityUpdates: "false"
artifacthub.io/images: |
- name: sonarqube-community
image: sonarqube:26.3.0.120487-community
- name: sonarqube-developer
image: sonarqube:2026.2.1-developer
- name: sonarqube-enterprise
image: sonarqube:2026.2.1-enterprise
artifacthub.io/links: |
- name: support
url: https://community.sonarsource.com/
- name: Chart Source
url: https://github.com/SonarSource/helm-chart-sonarqube/tree/master/charts/sonarqube
charts.openshift.io/name: sonarqube
apiVersion: v2
appVersion: 2026.2.1
dependencies:
- condition: nginx.enabled,ingress-nginx.enabled
name: ingress-nginx
repository: https://kubernetes.github.io/ingress-nginx
version: 4.14.3
description: SonarQube is a self-managed, automatic code review tool that systematically
helps you deliver clean code. As a core element of our Sonar solution, SonarQube
integrates into your existing workflow and detects issues in your code to help you
perform continuous code inspections of your projects. The tool analyses 30+ different
programming languages and integrates into your CI pipeline and DevOps platform to
ensure that your code meets high-quality standards.
home: https://www.sonarqube.org/
icon: https://raw.githubusercontent.com/SonarSource/sonarqube-static-resources/master/helm/SonarQubeServerLogo.png
keywords:
- coverage
- security
- code
- quality
kubeVersion: '>= 1.24.0-0'
maintainers:
- email: carmine.vassallo@sonarsource.com
name: carminevassallo
- email: emma.mansalier@sonarsource.com
name: emma44-m
- email: hatem.amairi@sonarsource.com
name: hatem-amairi-sonarsource
- email: jimil.desai@sonarsource.com
name: jimil09
- email: julien.lancelot@sonarsource.com
name: julienlancelot
- email: lukasz.jarocki@sonarsource.com
name: lukasz-jarocki-sonarsource
- email: matteo.mara@sonarsource.com
name: matteo-mara-sonarsource
name: sonarqube
sources:
- https://github.com/SonarSource/helm-chart-sonarqube/tree/master/charts/sonarqube
- https://github.com/SonarSource/docker-sonarqube
- https://github.com/SonarSource/sonarqube
type: application
version: 2026.2.1

744
manifest/sonarqube/README.md Normal file
View File

@@ -0,0 +1,744 @@
# SonarQube
Code better in more than 30 languages. Improve Code Quality and Code Security throughout your workflow. [SonarQube Server](https://www.sonarsource.com/products/sonarqube/) can detect Bugs, Vulnerabilities, Security Hotspots and Code Smells and give you the guidance to fix them.
## Introduction
This chart bootstraps an instance of the latest SonarQube Server version with an embedded H2 database.
The latest version of the chart installs the latest SonarQube version.
To install SonarQube Server Long-Term Active (LTA), please read the section [below](#upgrading-to-sonarqube-server-lta). Deciding between LTA and Latest? [This may help](https://www.sonarsource.com/products/sonarqube/downloads/lts/).
Please note that this chart only supports SonarQube Server Developer and Enterprise editions and SonarQube Community Build. For SonarQube Server Data Center Edition refer to this [chart](https://artifacthub.io/packages/helm/sonarqube/sonarqube-dce).
## Default Versions
SonarQube Server Version: `2026.2.1`
SonarQube Community Build: `26.3.0.120487`. If you want the use a more recent SonarQube Community Build, please set the `community.buildNumber` with the desired version.
## Kubernetes and Openshift Compatibility
Supported Kubernetes Versions: From `1.32` to `1.35`
Supported Openshift Versions: From `4.17` to `4.20`
## Installing SonarQube Server
> **_NOTE:_** Please refer to [the official page](https://docs.sonarsource.com/sonarqube-server/server-installation/on-kubernetes-or-openshift/installing-helm-chart) for further information on how to install and tune the helm chart specifications.
Here is an example of how to install the SonarQube Server Developer edition:
```bash
helm repo add sonarqube https://SonarSource.github.io/helm-chart-sonarqube
helm repo update
kubectl create namespace sonarqube
export MONITORING_PASSCODE="yourPasscode"
helm upgrade --install -n sonarqube sonarqube sonarqube/sonarqube --set edition=developer,monitoringPasscode=$MONITORING_PASSCODE
```
The above command deploys SonarQube on the Kubernetes cluster in the default configuration in the `sonarqube` namespace.
If you are interested in deploying SonarQube on Openshift, please check the [dedicated section](#openshift-installation).
The [configuration](#configuration) section lists the parameters that can be configured during installation.
The default login is admin/admin.
## Installing SonarQube Community Build
The SonarQube Community Edition has been replaced by the SonarQube Community Build.
If you want to install the SonarQube Community Build chart, please set `community.enabled` to `true`.
This chart by default installs the SonarQube Community Build's latest version available at the time of the Helm chart release.
If you want the use a more recent SonarQube Community Build, please set the `community.buildNumber` with the desired version.
## Upgrading to SonarQube Server LTA
When upgrading your SonarQube Server to a new Long-Term Active (LTA) release, you should carefully read the official upgrade documentation to determine the correct update path based on your current server version.
* For SonarQube Server 2025.6 LTA, refer to the [LTA-to-LTA Upgrade Notes (2025.6)](https://docs.sonarsource.com/sonarqube-server/server-2026.1-lta/server-update-and-maintenance/lta-to-lta-release-notes).
* For SonarQube Server 2025.4 LTA, refer to the [LTA-to-LTA Upgrade Notes (2025.4)](https://docs.sonarsource.com/sonarqube-server/2025.4/server-update-and-maintenance/lta-to-lta-release-notes).
* For SonarQube Server 2025.1 LTA, refer to the [LTA-to-LTA Upgrade Notes (2025.1)](https://docs.sonarsource.com/sonarqube-server/2025.1/server-update-and-maintenance/release-notes-and-notices/lta-to-lta-release-upgrade-notes).
When upgrading to the 2025.6 LTA version, you will notice that the deprecated PostgreSQL dependency has been removed. Please check the instructions available in [this section](#upgrade-from-versions-prior-to-202610).
## Installing previous chart versions
### Installing the SonarQube 9.9 LTA chart
The version of the chart for the SonarQube 9.9 LTA is being distributed as the `8.x.x` version of this chart.
In order to use it, please set the version constraint `~8`, which is equivalent to `>=8.0.0 && <= 9.0.0`. That version parameter **must** be used in every helm related command including `install`, `upgrade`, `template`, and `diff` (don't treat this as an exhaustive list).
Example:
```Bash
helm upgrade --install -n sonarqube --version '~8' sonarqube sonarqube/sonarqube
```
To upgrade from the old and unmaintained [sonarqube-lts chart](https://artifacthub.io/packages/helm/sonarqube/sonarqube-lts), please follow the steps described [in this section](#upgrade-from-the-old-sonarqube-lts-to-this-chart).
## How to use it
Take some time to read the Deploy on [SonarQube on Kubernetes](https://docs.sonarsource.com/sonarqube-server/latest/setup-and-upgrade/deploy-on-kubernetes/server/introduction/) page.
SonarQube deployment on Kubernetes has been tested with the recommendations and constraints documented there, and deployment has some limitations.
## Uninstalling the chart
To uninstall/delete the deployment:
```bash
$ helm list
NAME REVISION UPDATED STATUS CHART NAMESPACE
kindly-newt 1 Mon Oct 2 15:05:44 2017 DEPLOYED sonarqube-0.1.0 sonarqube
$ helm delete kindly-newt
```
## Prerequisites and suggested settings for production
Please read the official documentation prerequisites [here](https://docs.sonarsource.com/sonarqube-server/latest/setup-and-upgrade/installation-requirements/overview/).
### Kubernetes - Pod Security Standards
Here is the list of containers that are compatible with the [Pod Security levels](https://kubernetes.io/docs/concepts/security/pod-security-admission/#pod-security-levels):
* privileged:
* `init-sysctl`
* baseline:
* `init-fs`
* restricted:
* SQ application containers
* SQ init containers.
This is achieved by setting this SecurityContext as default on **most** containers:
```yaml
allowPrivilegeEscalation: false
runAsNonRoot: true
runAsUser: 1000
runAsGroup: 0
seccompProfile:
type: RuntimeDefault
capabilities:
drop: ["ALL"]
readOnlyRootFilesystem: true
```
Based on that, one can run the SQ helm chart in a full restricted namespace, by deactivating the `initSysctl.enabled` and `initFs.enabled` parameters, which require root access.
Please take a look at [production-use-case](#production-use-case) for more information or directly at the values.yaml file.
### Elasticsearch prerequisites
SonarQube runs Elasticsearch under the hood.
Elasticsearch is rolling out (strict) prerequisites that cannot be disabled when running in production context (see [this](https://www.elastic.co/blog/bootstrap_checks_annoying_instead_of_devastating) blog post regarding bootstrap checks, and the [official guide](https://www.elastic.co/guide/en/elasticsearch/reference/5.0/bootstrap-checks.html)).
Because of such constraints, even when running in Docker containers, SonarQube requires some settings at the host/kernel level.
Please carefully read the following and make sure these configurations are set up at the host level:
* [vm.max_map_count](https://www.elastic.co/guide/en/elasticsearch/reference/current/vm-max-map-count.html#vm-max-map-count)
* [seccomp filter should be available](https://github.com/SonarSource/docker-sonarqube/issues/614)
In general, please carefully read the Elasticsearch's [documentation](https://www.elastic.co/guide/en/elasticsearch/reference/current/system-config.html).
### Production use case
The SonarQube helm chart is packed with multiple features enabling users to install and test SonarQube on Kubernetes easily.
Nonetheless, if you intend to run a production-grade SonarQube please follow these recommendations.
* Set `ingress-nginx.enabled` to **false**. This parameter would run the nginx chart. This is useful for testing purposes only. Ingress controllers are critical Kubernetes components, we advise users to install their own.
* Set `initSysctl.enabled` to **false**. This parameter would run **root** `sysctl` commands, while those sysctl-related values should be set by the Kubernetes administrator at the node level (see [here](#elasticsearch-prerequisites))
* Set `initFs.enabled` to **false**. This parameter would run **root** `chown` commands. The parameter exists to fix non-posix, CSI, or deprecated drivers.
#### CPU and memory settings
Monitoring CPU and memory is an important part of software reliability. The SonarQube helm chart comes with default values for CPU and memory requests and limits. Those memory values are matching the default SonarQube JVM Xmx and Xms values.
Xmx defines the maximum size of the JVM heap, this is **not** the maximum memory the JVM can allocate.
For this reason, it is recommended to set Xmx to the ~80% of the total amount of memory available on the machine (in Kubernetes, this corresponds to requests and limits).
Please find here the default SonarQube Xmx parameters to setup the memory requests and limits accordingly.
| SonarQube Offering | Sum of Xmx |
| ------------------ | ---------- |
| community build | 1536M |
| developer edition | 1536M |
| enterprise edition | 5G |
The default request and limit for this chart are set to 2048M and 6144M, to comply with the 3 editions and the 80% rule mentioned above.
Please feel free to adjust those values to your needs. However, given that memory is a “non-compressible” resource, we advise you to set the memory requests and limits to the **same**, making memory a guaranteed resource. This is needed especially for production use cases.
To get some guidance when setting the Xmx and Xms values, please refer to this [documentation](https://docs.sonarsource.com/sonarqube-server/latest/setup-and-upgrade/environment-variables/) and set the environment variables or sonar.properties accordingly.
## Upgrade
1. Read through the [SonarQube Upgrade Guide](https://docs.sonarsource.com/sonarqube-server/latest/server-upgrade-and-maintenance/upgrade/roadmap/) to familiarize yourself with the general upgrade process (most importantly, back up your database)
2. Change the SonarQube version on `values.yaml`
3. Redeploy SonarQube with the same helm chart (see [Install instructions](#installing-the-chart))
4. Browse to <http://yourSonarQubeServerURL/setup> and follow the setup instructions
5. Reanalyze your projects to get fresh data
### Upgrade from versions prior to 2026.1.0
> **Note**: If you are not using the PostgreSQL dependency (`postgresql.enabled=false`), you can skip this section.
> **⚠️ Important**: Users upgrading to this chart from versions before 2026.1.0 and relying on the deprecated PostgreSQL dependency **must** follow the below instructions to avoid data loss.
Starting from `2026.1.0`, this chart relies on the embedded H2 database for testing purposes. Therefore, we removed the deprecated PostgreSQL dependency.
In order to upgrade to the newest chart from one version prior to this, you need to
1. backup your database
2. import it to a new database
3. set the JDBC URL in the SonarQube chart
We identify the following migrations strategies and provide two example migration scripts to help you with this process. **These scripts are provided for reference and should be reviewed and adapted to your specific environment before use.** Both scripts are available in the `postgresql-migration-scripts/` directory of this chart's GitHub repository.
#### Option 1: Backup and Restore to an external database (Recommended)
You can perform a backup of the existing database and restore it on an external and fully managed database.
Please check `./postgresql-backup.sh` as a reference to create your own script that makes a backup file for external PostgreSQL migration:
```bash
./postgresql-backup.sh [OPTIONS] <postgres_service>
# Options:
# -n namespace Kubernetes namespace (default: sonarqube)
# -u username PostgreSQL username (default: sonarUser)
# -p password PostgreSQL password (default: sonarPass)
# -d database Database name (default: sonarDB)
# -h, --help Show help
# Examples:
./postgresql-backup.sh sonarqube-postgresql
./postgresql-backup.sh -n sonarqube -u myuser -p mypass -d mydb sonarqube-postgresql
```
Creates `sonarqube_backup.sql` for restoration to any external PostgreSQL service (AWS RDS, Azure Database, Google Cloud SQL, etc.).
**Example restoration to AWS RDS:**
```bash
PGPASSWORD=mypassword psql -h my-rds-endpoint.amazonaws.com -U myuser -d mydb < sonarqube_backup.sql
```
#### Option 2: In-Cluster Migration to an external Postgresql chart
If you wish to continue using a PostgreSQL chart to store SonarQube data, you can backup the database and restore it in a new (external) PostgreSQL chart having the same version (10.15.0).
Please check `postgresql-migration-k8s.sh` as a reference to build your own script that performs an in-cluster migration to a new PostgreSQL chart:
```bash
./postgresql-migration-k8s.sh [OPTIONS] <source_service>
# Options:
# -s source_ns Source namespace (default: sonarqube-new-dev)
# -t target_ns Target namespace (default: sonarqube-new-dev)
# -u username PostgreSQL username (default: sonarUser)
# -p password PostgreSQL password (default: sonarPass)
# -d database Database name (default: sonarDB)
# -r release New PostgreSQL release name (default: postgresql-external)
# -f values_file Optional custom values.yaml file for PostgreSQL chart
# Examples:
./postgresql-migration-k8s.sh sonarqube-postgresql
./postgresql-migration-k8s.sh -s my-source-ns -t my-target-ns sonarqube-postgresql
```
This script:
* Installs a new PostgreSQL chart in the target namespace
* Migrates data directly between PostgreSQL instances within Kubernetes
* Provides the JDBC configuration for your SonarQube values.yaml
After migration, update your SonarQube configuration:
```yaml
jdbcOverwrite:
enabled: true
jdbcUrl: "jdbc:postgresql://<your-endpoint>:5432/<database>"
jdbcUsername: "<username>"
jdbcPassword: "<password>"
```
### Upgrade from the old sonarqube-lts to this chart
Please refer to the Helm upgrade section accessible [here](https://docs.sonarsource.com/sonarqube-server/latest/server-upgrade-and-maintenance/upgrade/upgrade/#upgrade-from-89x-lta-to-99x-lta).
## Ingress usage (Deprecated)
> **Note**: The `ingress-nginx` controller was retired in November 2025, with best-effort support ending in **March 2026**. Consequently, this chart dependency is now **deprecated**.
We recommend migrating to the [Gateway API](https://gateway-api.sigs.k8s.io/guides/), the modern successor to Ingress. If you must continue using Ingress, please refer to the [Kubernetes documentation](https://kubernetes.io/docs/concepts/services-networking/ingress-controllers/) for a list of alternative controllers. A replacement for this dependency will be included in an upcoming release.
### Path
Some cloud may need the path to be `/*` instead of `/.` Try this first if you are having issues getting traffic through the ingress.
### Default Backend
if you use GCP as a cloud provider you need to set a default backend to avoid useless default backend created by the gce controller. To add this default backend you must set "ingress.class" annotation with "gce" or "gce-internal" value.
Example:
```yaml
---
ingress:
enabled: true
hosts:
- name: sonarqube.example.com
path: "/*"
annotations:
kubernetes.io/ingress.class: "gce-internal"
kubernetes.io/ingress.allow-http: "false"
```
## Monitoring
This Helm chart offers the possibility to monitor SonarQube with Prometheus. You can find [Information on SonarQube monitoring on Kubernetes](https://docs.sonarsource.com/sonarqube-server/latest/setup-and-upgrade/deploy-on-kubernetes/set-up-monitoring/introduction/) in the SonarQube documentation.
### Export JMX metrics
The prometheus exporter (`prometheusExporter.enabled=true`) converts the JMX metrics into a format that Prometheus can understand. After the metrics are exported, you can connect your Prometheus instance and scrape them.
Per default the JMX metrics for the Web Bean and the CE Bean are exposed on port 8000 and 8001. These values can be configured with `prometheusExporter.webBeanPort` and `prometheusExporter.ceBeanPort`.
### PodMonitor
If a Prometheus Operator is deployed in your cluster, you can enable a PodMonitor resource with `prometheusMonitoring.podMonitor.enabled`. It scrapes the Prometheus endpoint `/api/monitoring/metrics` exposed by the SonarQube application.
If running on OpenShift, make sure your account has permissions to create PodMonitor resources under the monitoring.coreos.com/v1 apiVersion.
## OpenShift installation
The chart can be installed on OpenShift by setting `OpenShift.enabled=true`. Among the others, please note that this value will disable the initContainer that performs the settings required by Elasticsearch (see [here](#elasticsearch-prerequisites)). Furthermore, we strongly recommend following the [Production Use Case guidelines](#production-use-case).
Please note that `Openshift.createSCC` is deprecated and should be set to `false`. The default securityContext, together with the production configurations described [above](#production-use-case), is compatible with restricted SCCv2.
The below command will deploy SonarQube (developer edition) on the Openshift Kubernetes cluster.
```bash
helm repo add sonarqube https://SonarSource.github.io/helm-chart-sonarqube
helm repo update
kubectl create namespace sonarqube # If you dont have permissions to create the namespace, skip this step and replace all -n with an existing namespace name.
export MONITORING_PASSCODE="yourPasscode"
helm upgrade --install -n sonarqube sonarqube sonarqube/sonarqube \
--set OpenShift.enabled=true \
--set edition=developer \
--set monitoringPasscode=$MONITORING_PASSCODE
```
If you want to make your application publicly visible with Routes, you can set `OpenShift.route.enabled` to true. Please check the [configuration details](#openshift-1) to customize the Route base on your needs.
## License
SonarQube Community Build is released under the [GNU Lesser General Public License, Version 3.0,](http://www.gnu.org/licenses/lgpl.txt) and packaged with [SSALv1](https://www.sonarsource.com/license/ssal/) analyzers. SonarQube Server Developer and Enterprise are licensed under [SonarQube Server Terms and Conditions](https://www.sonarsource.com/legal/sonarqube/terms-and-conditions/).
## Configuration
The following table lists the configurable parameters of the SonarQube chart and their default values.
### Global
| Parameter | Description | Default |
| ----------------------- | --------------------------------------------------------------------------------------------------------------------- | ------------------ |
| `deploymentType` | (DEPRECATED) Deployment Type (supported values are `StatefulSet` or `Deployment`) | `StatefulSet` |
| `replicaCount` | Number of replicas deployed (supported values are 0 and 1) | `1` |
| `deploymentStrategy` | Deployment strategy. Setting the strategy type is deprecated and it will be hardcoded to `Recreate` | `{type: Recreate}` |
| `priorityClassName` | Schedule pods on priority (e.g. `high-priority`) | `None` |
| `schedulerName` | Kubernetes scheduler name | `None` |
| `affinity` | Node / Pod affinities | `{}` |
| `tolerations` | List of node taints to tolerate | `[]` |
| `nodeSelector` | Node labels for pod assignment | `{}` |
| `hostAliases` | Aliases for IPs in /etc/hosts | `[]` |
| `podLabels` | Map of labels to add to the pods | `{}` |
| `env` | Environment variables to attach to the pods | `{}` |
| `annotations` | SonarQube Pod annotations | `{}` |
| `edition` | SonarQube Edition to use (`developer` or `enterprise`). | `None` |
| `community.enabled` | Install SonarQube Community Build. When set to `true`, `edition` must not be set. | `false` |
| `community.buildNumber` | The SonarQube Community Build number to install | `26.3.0.120487` |
| `sonarWebContext` | SonarQube web context, also serve as default value for `ingress.path`, `account.sonarWebContext` and probes path. | `` |
| `httpProxySecret` | Should contain `http_proxy`, `https_proxy` and `no_proxy` keys, will supersede every other proxy variables | `` |
| `httpProxy` | HTTP proxy for downloading JMX agent and install plugins, will supersede initContainer specific http proxy variables | `` |
| `httpsProxy` | HTTPS proxy for downloading JMX agent and install plugins, will supersede initContainer specific https proxy variable | `` |
| `noProxy` | No proxy for downloading JMX agent and install plugins, will supersede initContainer specific no proxy variables | `` |
| `ingress-nginx.enabled` | (DEPRECATED) Install Nginx Ingress Helm | `false` |
### NetworkPolicies
| Parameter | Description | Default |
| ----------------------------------------- | ------------------------------------------------------------------------- | ------- |
| `networkPolicy.enabled` | Create NetworkPolicies | `false` |
| `networkPolicy.prometheusNamespace` | Allow incoming traffic to monitoring ports from this namespace | `nil` |
| `networkPolicy.additionalNetworkPolicys` | (DEPRECATED) Please use `networkPolicy.additionalNetworkPolicies` instead | `nil` |
| `networkPolicy.additionalNetworkPolicies` | User defined NetworkPolicies (useful for external database) | `nil` |
### OpenShift
| Parameter | Description | Default |
| -------------------------------- | --------------------------------------------------------------------------------------------------- | -------------------------- |
| `OpenShift.enabled` | Define if this deployment is for OpenShift | `false` |
| `OpenShift.createSCC` | (DEPRECATED) If this deployment is for OpenShift, define if SCC should be created for sonarqube pod | `false` |
| `OpenShift.route.enabled` | Flag to enable OpenShift Route | `false` |
| `OpenShift.route.host` | Host that points to the service | `"sonarqube.your-org.com"` |
| `OpenShift.route.path` | Path that the router watches for, to route traffic for to the service | `"/"` |
| `OpenShift.route.tls` | TLS settings including termination type, certificates, insecure traffic, etc. | see `values.yaml` |
| `OpenShift.route.wildcardPolicy` | The wildcard policy that is allowed where this route is exposed | `None` |
| `OpenShift.route.annotations` | Optional field to add extra annotations to the route | `None` |
| `OpenShift.route.labels` | Route additional labels | `{}` |
### Image
| Parameter | Description | Default |
| ------------------- | ---------------------------------------------------------- | -------------- |
| `image.repository` | image repository | `sonarqube` |
| `image.tag` | `sonarqube` image tag. | `None` |
| `image.pullPolicy` | Image pull policy | `IfNotPresent` |
| `image.pullSecret` | (DEPRECATED) imagePullSecret to use for private repository | `None` |
| `image.pullSecrets` | imagePullSecrets to use for private repository | `None` |
### Security
| Parameter | Description | Default |
| -------------------------- | ---------------------------------------------- | ---------------------------------------------------------------------- |
| `securityContext` | SecurityContext for the pod | [Restricted podSecurityStandard](#kubernetes---pod-security-standards) |
| `containerSecurityContext` | SecurityContext for container in sonarqube pod | [Restricted podSecurityStandard](#kubernetes---pod-security-standards) |
### Elasticsearch
| Parameter | Description | Default |
| ------------------------------- | ----------------------------------------------- | ------- |
| `elasticsearch.configureNode` | [DEPRECATED] Use initSysctl.enabled instead. | `false` |
| `elasticsearch.bootstrapChecks` | Enables/disables Elasticsearch bootstrap checks | `true` |
### Service
| Parameter | Description | Default |
| ---------------------------------- | -------------------------------------------------- | ----------- |
| `service.type` | Kubernetes service type | `ClusterIP` |
| `service.externalPort` | Kubernetes service port | `9000` |
| `service.internalPort` | Kubernetes container port | `9000` |
| `service.labels` | Kubernetes service labels | `None` |
| `service.annotations` | Kubernetes service annotations | `None` |
| `service.loadBalancerSourceRanges` | Kubernetes service LB Allowed inbound IP addresses | `None` |
| `service.loadBalancerIP` | Kubernetes service LB Optional fixed external IP | `None` |
### Ingress (DEPRECATED)
| Parameter | Description | Default |
| ------------------------------ | ------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------ |
| `nginx.enabled` | (DEPRECATED) please use `ingress-nginx.enabled` | `false` |
| `ingress.labels` | Ingress additional labels | `{}` |
| `ingress.hosts[0].name` | Hostname to your SonarQube installation | `sonarqube.your-org.com` |
| `ingress.hosts[0].path` | Path within the URL structure | `/` |
| `ingress.hosts[0].serviceName` | Optional field to override the default serviceName of a path | `None` |
| `ingress.hosts[0].servicePort` | Optional field to override the default servicePort of a path | `None` |
| `ingress.tls` | Ingress secrets for TLS certificates | `[]` |
| `ingress.ingressClassName` | Optional field to configure ingress class name | `None` OR `nginx` if `nginx.enabled` or `ingress-nginx.enabled` |
| `ingress.annotations` | Field to add extra annotations to the ingress | {`nginx.ingress.kubernetes.io/proxy-body-size: "64m"`} if `ingress-nginx.enabled=true or nginx.enabled=true` |
### HttpRoute
| Parameter | Description | Default |
| ---------------------------- | ------------------------------------------------------------------------------------------------------------- | ------- |
| `httproute.enabled` | Flag to enable GatewayAPI HttpRoute | `False` |
| `httproute.gateway` | Name of the gateway | `None` |
| `httproute.gatewayNamespace` | (Optional) Name of the gateway namespace when located in a different namespace | `None` |
| `httproute.hostnames` | List of hostnames to match the HttpRoute against | `None` |
| `httproute.labels` | (Optional) List of extra labels to add to the HttpRoute | `None` |
| `httproute.rules` | (Optional) Extra Rules block of the HttpRoute. A default one is created with SonarWebContext and service port | `None` |
### Probes
| Parameter | Description | Default |
| ------------------------------------ | ---------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------- |
| `readinessProbe` | ReadinessProbe for SonarQube | `exec; curl api/system/status` see `values.yaml` for details |
| `readinessProbe.initialDelaySeconds` | ReadinessProbe initial delay for SonarQube checking | `60` |
| `readinessProbe.periodSeconds` | ReadinessProbe period between checking SonarQube | `30` |
| `readinessProbe.failureThreshold` | ReadinessProbe threshold for marking as failed | `6` |
| `readinessProbe.timeoutSeconds` | ReadinessProbe timeout delay | `1` |
| `readinessProbe.sonarWebContext` | (DEPRECATED) SonarQube web context for readinessProbe, please use sonarWebContext at the value top level instead | `/` |
| `livenessProbe` | LivenessProbe for SonarQube | `exec: curl api/system/liveness` see `values.yaml` for details |
| `livenessProbe.initialDelaySeconds` | LivenessProbe initial delay for SonarQube checking | `60` |
| `livenessProbe.periodSeconds` | LivenessProbe period between checking SonarQube | `30` |
| `livenessProbe.failureThreshold` | LivenessProbe threshold for marking as failed | `6` |
| `livenessProbe.timeoutSeconds` | LivenessProbe timeout delay | `1` |
| `livenessProbe.sonarWebContext` | (DEPRECATED) SonarQube web context for LivenessProbe, please use sonarWebContext at the value top level instead | `/` |
| `startupProbe` | StartupProbe for SonarQube | `httpGet: api/system/status` |
| `startupProbe.initialDelaySeconds` | StartupProbe initial delay for SonarQube checking | `30` |
| `startupProbe.periodSeconds` | StartupProbe period between checking SonarQube | `10` |
| `startupProbe.failureThreshold` | StartupProbe threshold for marking as failed | `24` |
| `startupProbe.timeoutSeconds` | StartupProbe timeout delay | `1` |
| `startupProbe.sonarWebContext` | (DEPRECATED) SonarQube web context for StartupProbe, please use sonarWebContext at the value top level instead | `/` |
### InitContainers
| Parameter | Description | Default |
| ----------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------- |
| `initContainers.image` | Change init container image | `"image.repository":"image.tag"` |
| `initContainers.securityContext` | SecurityContext for init containers | [Restricted podSecurityStandard](#kubernetes---pod-security-standards) |
| `initContainers.resources` | Resources for init containers | `{}` |
| `extraInitContainers` | Extra init containers to e.g. download required artifacts | `{}` |
| `caCerts.enabled` | Flag for enabling additional CA certificates | `false` |
| `caCerts.image` | Change init CA certificates container image | `"image.repository":"image.tag"` |
| `caCerts.secret` | Name of the secret containing additional CA certificates. If defined, only secrets are going to be used. | `None` |
| `caCerts.configMap.name` | Name of the ConfigMap containing additional CA certificate. Ensure that `caCerts.secret` is not set if you want to use a `ConfigMap`. | `None` |
| `caCerts.configMap.key` | Name of the key containing the additional CA certificate | `None` |
| `caCerts.configMap.path` | Filename that should be used for the given CA certificate | `None` |
| `initSysctl.enabled` | Modify k8s worker to conform to system requirements | `true` |
| `initSysctl.vmMaxMapCount` | Set init sysctl container vm.max_map_count | `524288` |
| `initSysctl.fsFileMax` | Set init sysctl container fs.file-max | `131072` |
| `initSysctl.nofile` | Set init sysctl container open file descriptors limit | `131072` |
| `initSysctl.nproc` | Set init sysctl container open threads limit | `8192` |
| `initSysctl.image` | Change init sysctl container image | `"image.repository":"image.tag"` |
| `initSysctl.securityContext` | InitSysctl container security context | `{privileged: true}` |
| `initSysctl.resources` | InitSysctl container resource requests & limits | `{}` |
| `initFs.enabled` | Enable file permission change with init container | `true` |
| `initFs.image` | InitFS container image | `"image.repository":"image.tag"` |
| `initFs.securityContext.privileged` | InitFS container needs to run privileged | `true` |
### Monitoring (Prometheus Exporter)
| Parameter | Description | Default |
| --------------------------------------- | ----------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------- |
| `prometheusExporter.enabled` | Use the Prometheus JMX exporter | `false` |
| `prometheusExporter.version` | jmx_prometheus_javaagent version to download from Maven Central | `0.17.2` |
| `prometheusExporter.noCheckCertificate` | Flag to not check server's certificate when downloading jmx_prometheus_javaagent | `false` |
| `prometheusExporter.webBeanPort` | Port where the jmx_prometheus_javaagent exposes the metrics for the webBean | `8000` |
| `prometheusExporter.ceBeanPort` | Port where the jmx_prometheus_javaagent exposes the metrics for the ceBean | `8001` |
| `prometheusExporter.downloadURL` | Alternative full download URL for the jmx_prometheus_javaagent.jar (overrides `prometheusExporter.version`) | `""` |
| `prometheusExporter.config` | Prometheus JMX exporter config yaml for the web process, and the CE process if `prometheusExporter.ceConfig` is not set | see `values.yaml` |
| `prometheusExporter.ceConfig` | Prometheus JMX exporter config yaml for the CE process (by default, `prometheusExporter.config` is used) | `None` |
| `prometheusExporter.httpProxy` | HTTP proxy for downloading JMX agent | `""` |
| `prometheusExporter.httpsProxy` | HTTPS proxy for downloading JMX agent | `""` |
| `prometheusExporter.noProxy` | No proxy for downloading JMX agent | `""` |
| `prometheusExporter.securityContext` | Security context for downloading the jmx agent | [Restricted podSecurityStandard](#kubernetes---pod-security-standards) |
### Monitoring (Prometheus PodMonitor)
| Parameter | Description | Default |
| ----------------------------------------------- | ----------------------------------------------------------------------------------------------------------- | -------------------------- |
| `prometheusMonitoring.podMonitor.enabled` | Enable Prometheus PodMonitor | `false` |
| `prometheusMonitoring.podMonitor.namespace` | (DEPRECATED) This value should not be set, as the PodMonitor's namespace has to match the Release Namespace | `{{ .Release.Namespace }}` |
| `prometheusMonitoring.podMonitor.interval` | Specify the interval how often metrics should be scraped | `30s` |
| `prometheusMonitoring.podMonitor.scrapeTimeout` | Specify the timeout after a scrape is ended | `None` |
| `prometheusMonitoring.podMonitor.jobLabel` | Name of the label on target services that prometheus uses as job name | `None` |
| `prometheusMonitoring.podMonitor.labels` | Additional labels to add to the PodMonitor | `{}` |
### Plugins
| Parameter | Description | Default |
| ---------------------------- | ------------------------------------------------------------------------------- | ---------------------------------------------------------------------- |
| `plugins.install` | Link(s) to the plugin JARs to download and install | `[]` |
| `plugins.resources` | Plugin Pod resource requests & limits | `{}` |
| `plugins.httpProxy` | For use behind a corporate proxy when downloading plugins | `""` |
| `plugins.httpsProxy` | For use behind a corporate proxy when downloading plugins | `""` |
| `plugins.noProxy` | For use behind a corporate proxy when downloading plugins | `""` |
| `plugins.image` | Image for plugins container | `"image.repository":"image.tag"` |
| `plugins.resources` | Resources for plugins container | `{}` |
| `plugins.netrcCreds` | Name of the secret containing .netrc file to use creds when downloading plugins | `""` |
| `plugins.noCheckCertificate` | Flag to not check server's certificate when downloading plugins | `false` |
| `plugins.securityContext` | Security context for the container to download plugins | [Restricted podSecurityStandard](#kubernetes---pod-security-standards) |
### SonarQube Specific
| Parameter | Description | Default |
| ------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------- | ---------------- |
| `jvmOpts` | (DEPRECATED) Values to add to `SONAR_WEB_JAVAOPTS`. Please set directly `SONAR_WEB_JAVAOPTS` or `sonar.web.javaOpts` | `""` |
| `jvmCeOpts` | (DEPRECATED) Values to add to `SONAR_CE_JAVAOPTS`. Please set directly `SONAR_CE_JAVAOPTS` or `sonar.ce.javaOpts` | `""` |
| `sonarqubeFolder` | (DEPRECATED) Directory name of SonarQube, Due to 1-1 mapping between helm version and docker version, there is no need for configuration | `/opt/sonarqube` |
| `sonarProperties` | Custom `sonar.properties` key-value pairs (e.g., "sonarProperties.sonar.log.level=DEBUG") | `None` |
| `sonarSecretProperties` | Additional `sonar.properties` key-value pairs to load from a secret | `None` |
| `sonarSecretKey` | Name of existing secret used for settings encryption | `None` |
| `monitoringPasscode` | Value for sonar.web.systemPasscode needed for LivenessProbes | `None` |
| `monitoringPasscodeSecretName` | Name of the secret where to load `monitoringPasscode` | `None` |
| `monitoringPasscodeSecretKey` | Key of an existing secret containing `monitoringPasscode` | `None` |
| `extraContainers` | Array of extra containers to run alongside the `sonarqube` container (aka. Sidecars) | `[]` |
| `extraVolumes` | Array of extra volumes to add to the SonarQube deployment | `[]` |
| `extraVolumeMounts` | Array of extra volume mounts to add to the SonarQube deployment | `[]` |
### Resources
| Parameter | Description | Default |
| -------------------------------------- | ------------------------- | ------- |
| `resources.requests.memory` | SonarQube memory request | `2048M` |
| `resources.requests.cpu` | SonarQube CPU request | `400m` |
| `resources.requests.ephemeral-storage` | SonarQube storage request | `1536M` |
| `resources.limits.memory` | SonarQube memory limit | `6144M` |
| `resources.limits.cpu` | SonarQube CPU limit | `800m` |
| `resources.limits.ephemeral-storage` | SonarQube storage limit | `500Gi` |
### Persistence
| Parameter | Description | Default |
| --------------------------- | -------------------------------------------------- | --------------- |
| `persistence.enabled` | Flag for enabling persistent storage | `false` |
| `persistence.annotations` | Kubernetes pvc annotations | `{}` |
| `persistence.existingClaim` | Do not create a new PVC but use this one | `None` |
| `persistence.storageClass` | Storage class to be used | `""` |
| `persistence.accessMode` | Volumes access mode to be set | `ReadWriteOnce` |
| `persistence.size` | Size of the volume | `5Gi` |
| `persistence.volumes` | (DEPRECATED) Please use extraVolumes instead | `[]` |
| `persistence.mounts` | (DEPRECATED) Please use extraVolumeMounts instead | `[]` |
| `persistence.uid` | UID used for init-fs container | `1000` |
| `persistence.guid` | GUID used for init-fs container | `0` |
| `emptyDir` | Configuration of resources for `emptyDir` | `{}` |
| `persistence.hostPath.path` | Path where the data will be stored with `hostPath` | `""` |
| `persistence.hostPath.type` | `hostPath` volume types | `""` |
When using hostPath persistence, ensure that you are aware of the implications
of using hostPath volumes in Kubernetes, as they can lead to data loss if the
node is deleted or if the pod is rescheduled to a different node, as well as
potential security risks if not properly managed. It is generally recommended
to use a more robust storage solution for production deployments. Please refer
to the [Kubernetes documentation](https://kubernetes.io/docs/concepts/storage/volumes/#hostpath)
for more information on hostPath volumes.
In order to use hostPath persistence, you need to enable `persistence.enabled`
and set `persistence.hostPath.path` and `persistence.hostPath.type`.
### JDBC Overwrite
| Parameter | Description | Default |
| ------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------ |
| `jdbcOverwrite.enable` | (DEPRECATED) Enable JDBC overwrites for external Databases, please use jdbcOverwrite.enabled instead | `false` |
| `jdbcOverwrite.enabled` | Enable JDBC overwrites for external Databases | `false` |
| `jdbcOverwrite.jdbcUrl` | The JDBC url to connect the external DB | `jdbc:postgresql://myPostgres/myDatabase` |
| `jdbcOverwrite.jdbcUsername` | The DB user that should be used for the JDBC connection | `sonarUser` |
| `jdbcOverwrite.jdbcPassword` | (DEPRECATED) The DB password that should be used for the JDBC connection, please use `jdbcOverwrite.jdbcSecretName` and `jdbcOverwrite.jdbcSecretPasswordKey` | `sonarPass` |
| `jdbcOverwrite.jdbcSecretName` | Alternatively, use a pre-existing k8s secret containing the DB password | `None` |
| `jdbcOverwrite.jdbcSecretPasswordKey` | If the pre-existing k8s secret is used this allows the user to overwrite the 'key' of the password property in the secret | `None` |
| `jdbcOverwrite.oracleJdbcDriver.url` | The URL of the Oracle JDBC driver to be downloaded | `None` |
| `jdbcOverwrite.oracleJdbcDriver.netrcCreds` | Name of the secret containing .netrc file to use creds when downloading the Oracle JDBC driver | `None` |
### Tests
| Parameter | Description | Default |
| ------------------------------- | ------------------------------------------------------------- | -------------------------------- |
| `tests.enabled` | Flag that allows tests to be excluded from the generated yaml | `true` |
| `tests.image` | Set the test container image | `"image.repository":"image.tag"` |
| `tests.resources.limits.cpu` | CPU limit for test container | `500m` |
| `tests.resources.limits.memory` | Memory limit for test container | `200M` |
### ServiceAccount
| Parameter | Description | Default |
| ------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------- |
| `serviceAccount.create` | If set to true, create a service account | `false` |
| `serviceAccount.name` | Name of the service account to create/use | `sonarqube-sonarqube` |
| `serviceAccount.automountToken` | Manage `automountServiceAccountToken` field for mounting service account credentials. Please note that this will set the default value used by SQ Pods, regardless of the service account being used. | `false` |
| `serviceAccount.annotations` | Additional service account annotations | `{}` |
### ExtraConfig
| Parameter | Description | Default |
| ------------------------ | ----------------------------------------------------------- | ------- |
| `extraConfig.secrets` | A list of `Secret`s (which must contain key/value pairs) | `[]` |
| `extraConfig.configmaps` | A list of `ConfigMap`s (which must contain key/value pairs) | `[]` |
### SetAdminPassword
| Parameter | Description | Default |
| -------------------------------------------- | ------------------------------------------------------------------------------------------------------ | ---------------------------------------------------------------------- |
| `setAdminPassword.newPassword` | Custom admin password | `AdminAdmin_12$` |
| `setAdminPassword.currentPassword` | Current admin password | `admin` |
| `setAdminPassword.passwordSecretName` | Secret containing `password` (custom password) and `currentPassword` (current password) keys for admin | `None` |
| `setAdminPassword.resources.requests.memory` | Memory request for Admin hook | `128Mi` |
| `setAdminPassword.resources.requests.cpu` | CPU request for Admin hook | `100m` |
| `setAdminPassword.resources.limits.memory` | Memory limit for Admin hook | `128Mi` |
| `setAdminPassword.resources.limits.cpu` | CPU limit for Admin hook | `100m` |
| `setAdminPassword.securityContext` | SecurityContext for change-password-hook | [Restricted podSecurityStandard](#kubernetes---pod-security-standards) |
| `setAdminPassword.image` | Curl container image | `"image.repository":"image.tag"` |
| `setAdminPassword.annotations` | Custom annotations for admin hook Job | `{}` |
### Advanced Options
| Parameter | Description | Default |
| ----------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ---------------------------------------------------------------------- |
| `account.adminPassword` | (DEPRECATED) Custom admin password. Please use `setAdminPassword.newPassword` instead. | `AdminAdmin_12$` |
| `account.currentAdminPassword` | (DEPRECATED) Current admin password. Please use `setAdminPassword.currentPassword` instead. | `admin` |
| `account.adminPasswordSecretName` | (DEPRECATED) Secret containing `password` (custom password) and `currentPassword` (current password) keys for admin. Please use `setAdminPassword.passwordSecretName` instead. | `None` |
| `account.resources.requests.memory` | (DEPRECATED) Memory request for Admin hook. Please use `setAdminPassword.resources.requests.memory` instead. | `128Mi` |
| `account.resources.requests.cpu` | (DEPRECATED) CPU request for Admin hook. Please use `setAdminPassword.resources.requests.cpu` instead. | `100m` |
| `account.resources.limits.memory` | (DEPRECATED) Memory limit for Admin hook. Please use `setAdminPassword.resources.limits.memory` instead. | `128Mi` |
| `account.resources.limits.cpu` | (DEPRECATED) CPU limit for Admin hook. Please use `setAdminPassword.resources.limits.cpu` instead. | `100m` |
| `account.sonarWebContext` | (DEPRECATED) SonarQube web context for Admin hook. Please use `sonarWebContext` at the value top level instead | `nil` |
| `account.securityContext` | (DEPRECATED) SecurityContext for change-password-hook. Please use `setAdminPassword.securityContext` instead. | [Restricted podSecurityStandard](#kubernetes---pod-security-standards) |
| `curlContainerImage` | (DEPRECATED) Curl container image. Please use `setAdminPassword.image` instead. | `"image.repository":"image.tag"` |
| `adminJobAnnotations` | (DEPRECATED) Custom annotations for admin hook Job. Please use `setAdminPassword.annotations` instead. | `{}` |
| `terminationGracePeriodSeconds` | Configuration of `terminationGracePeriodSeconds` | `60` |
For overriding variables see: [Customizing the chart](https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing)
### Use custom `cacerts`
In environments with air-gapped setup, especially with internal tooling (repos) and self-signed certificates it is required to provide an adequate `cacerts` which overrides the default one:
1. Create a yaml file `cacerts.yaml` with a secret that contains one or more keys to represent the certificates that you want including
```yaml
apiVersion: v1
kind: Secret
metadata:
name: my-cacerts
stringData:
cert-1.crt: |
xxxxxxxxxxxxxxxxxxxxxxx
```
2. Upload your `cacerts.yaml` to a secret in the cluster you are installing SonarQube to.
```shell
kubectl apply -f cacerts.yaml
```
3. Set the following values of the chart:
```yaml
caCerts:
enabled: true
secret: my-cacerts
```
### Elasticsearch Settings
Since SonarQube comes bundled with an Elasticsearch instance, some [bootstrap checks](https://www.elastic.co/guide/en/elasticsearch/reference/master/bootstrap-checks.html) of the host settings are done at start.
This chart offers the option to use an initContainer in privileged mode to automatically set certain kernel settings on the kube worker. While this can ensure proper functionality of Elasticsearch, modifying the underlying kernel settings on the Kubernetes node can impact other users. It may be best to work with your cluster administrator to either provide specific nodes with the proper kernel settings, or ensure they are set cluster wide.
To enable auto-configuration of the kube worker node, set `elasticsearch.configureNode` to `true`. This is the default behavior, so you do not need to explicitly set this.
This will run `sysctl -w vm.max_map_count=262144` on the worker where the sonarqube pod(s) get scheduled. This needs to be set to `262144` but normally defaults to `65530`. Other kernel settings are recommended by the [docker image](https://hub.docker.com/_/sonarqube/#requirements), but the defaults work fine in most cases.
To disable worker node configuration, set `elasticsearch.configureNode` to `false`. Note that if node configuration is not enabled, then you will likely need to also disable the Elasticsearch bootstrap checks. These can be explicitly disabled by setting `elasticsearch.bootstrapChecks` to `false`.
### Extra Config
For environments where another tool, such as terraform or ansible, is used to provision infrastructure or passwords then setting databases addresses and credentials via helm becomes less than ideal. Ditto for environments where this config may be visible.
In such environments, configuration may be read, via environment variables, from Secrets and ConfigMaps.
1. Create a `ConfigMap` (or `Secret`) containing key/value pairs, as expected by SonarQube.
```yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: external-sonarqube-opts
data:
SONARQUBE_JDBC_USERNAME: foo
SONARQUBE_JDBC_URL: jdbc:postgresql://db.example.com:5432/sonar
```
2. Set the following in your `values.yaml` (using the key `extraConfig.secrets` to reference `Secret`s)
```yaml
extraConfig:
configmaps:
- external-sonarqube-opts
```

23
manifest/sonarqube/charts/ingress-nginx/.helmignore Normal file
View File

@@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/
__snapshot__

23
manifest/sonarqube/charts/ingress-nginx/Chart.yaml Normal file
View File

@@ -0,0 +1,23 @@
annotations:
artifacthub.io/changes: |
- Update Ingress-Nginx version controller-v1.14.3
artifacthub.io/prerelease: "false"
apiVersion: v2
appVersion: 1.14.3
description: Ingress controller for Kubernetes using NGINX as a reverse proxy and
load balancer
home: https://github.com/kubernetes/ingress-nginx
icon: https://upload.wikimedia.org/wikipedia/commons/thumb/c/c5/Nginx_logo.svg/500px-Nginx_logo.svg.png
keywords:
- ingress
- nginx
kubeVersion: '>=1.21.0-0'
maintainers:
- name: cpanato
- name: Gacko
- name: strongjz
- name: tao12345666333
name: ingress-nginx
sources:
- https://github.com/kubernetes/ingress-nginx
version: 4.14.3

4
manifest/sonarqube/charts/ingress-nginx/OWNERS Normal file
View File

@@ -0,0 +1,4 @@
# See the OWNERS docs: https://www.kubernetes.dev/docs/guide/owners
labels:
- area/helm

589
manifest/sonarqube/charts/ingress-nginx/README.md Normal file
View File

@@ -0,0 +1,589 @@
# ingress-nginx
[ingress-nginx](https://github.com/kubernetes/ingress-nginx) Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer
![Version: 4.14.3](https://img.shields.io/badge/Version-4.14.3-informational?style=flat-square) ![AppVersion: 1.14.3](https://img.shields.io/badge/AppVersion-1.14.3-informational?style=flat-square)
To use, add `ingressClassName: nginx` spec field or the `kubernetes.io/ingress.class: nginx` annotation to your Ingress resources.
This chart bootstraps an ingress-nginx deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
## Requirements
Kubernetes: `>=1.21.0-0`
## Get Repo Info
```console
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo update
```
## Install Chart
**Important:** only helm3 is supported
```console
helm install [RELEASE_NAME] ingress-nginx/ingress-nginx
```
The command deploys ingress-nginx on the Kubernetes cluster in the default configuration.
_See [configuration](#configuration) below._
_See [helm install](https://helm.sh/docs/helm/helm_install/) for command documentation._
## Uninstall Chart
```console
helm uninstall [RELEASE_NAME]
```
This removes all the Kubernetes components associated with the chart and deletes the release.
_See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall/) for command documentation._
## Upgrading Chart
```console
helm upgrade [RELEASE_NAME] [CHART] --install
```
_See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documentation._
### Migrating from stable/nginx-ingress
There are two main ways to migrate a release from `stable/nginx-ingress` to `ingress-nginx/ingress-nginx` chart:
1. For Nginx Ingress controllers used for non-critical services, the easiest method is to [uninstall](#uninstall-chart) the old release and [install](#install-chart) the new one
1. For critical services in production that require zero-downtime, you will want to:
1. [Install](#install-chart) a second Ingress controller
1. Redirect your DNS traffic from the old controller to the new controller
1. Log traffic from both controllers during this changeover
1. [Uninstall](#uninstall-chart) the old controller once traffic has fully drained from it
Note that there are some different and upgraded configurations between the two charts, described by Rimas Mocevicius from JFrog in the "Upgrading to ingress-nginx Helm chart" section of [Migrating from Helm chart nginx-ingress to ingress-nginx](https://rimusz.net/migrating-to-ingress-nginx). As the `ingress-nginx/ingress-nginx` chart continues to update, you will want to check current differences by running [helm configuration](#configuration) commands on both charts.
## Configuration
See [Customizing the Chart Before Installing](https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing). To see all configurable options with detailed comments, visit the chart's [values.yaml](./values.yaml), or run these configuration commands:
```console
helm show values ingress-nginx/ingress-nginx
```
### PodDisruptionBudget
Note that the PodDisruptionBudget resource will only be defined if the replicaCount is greater than one,
else it would make it impossible to evacuate a node. See [gh issue #7127](https://github.com/helm/charts/issues/7127) for more info.
### Prometheus Metrics
The Ingress-Nginx Controller can export Prometheus metrics, by setting `controller.metrics.enabled` to `true`.
You can add Prometheus annotations to the metrics service using `controller.metrics.service.annotations`.
Alternatively, if you use the Prometheus Operator, you can enable ServiceMonitor creation using `controller.metrics.serviceMonitor.enabled`. And set `controller.metrics.serviceMonitor.additionalLabels.release="prometheus"`. "release=prometheus" should match the label configured in the prometheus servicemonitor ( see `kubectl get servicemonitor prometheus-kube-prom-prometheus -oyaml -n prometheus`)
### ingress-nginx nginx\_status page/stats server
Previous versions of this chart had a `controller.stats.*` configuration block, which is now obsolete due to the following changes in Ingress-Nginx Controller:
- In [0.16.1](https://github.com/kubernetes/ingress-nginx/blob/main/Changelog.md#0161), the vts (virtual host traffic status) dashboard was removed
- In [0.23.0](https://github.com/kubernetes/ingress-nginx/blob/main/Changelog.md#0230), the status page at port 18080 is now a unix socket webserver only available at localhost.
You can use `curl --unix-socket /tmp/nginx-status-server.sock http://localhost/nginx_status` inside the controller container to access it locally, or use the snippet from [nginx-ingress changelog](https://github.com/kubernetes/ingress-nginx/blob/main/Changelog.md#0230) to re-enable the http server
### ExternalDNS Service Configuration
Add an [ExternalDNS](https://github.com/kubernetes-sigs/external-dns) annotation to the LoadBalancer service:
```yaml
controller:
service:
annotations:
external-dns.alpha.kubernetes.io/hostname: kubernetes-example.com.
```
### AWS L7 ELB with SSL Termination
Annotate the controller as shown in the [nginx-ingress l7 patch](https://github.com/kubernetes/ingress-nginx/blob/ab3a789caae65eec4ad6e3b46b19750b481b6bce/deploy/aws/l7/service-l7.yaml):
```yaml
controller:
service:
targetPorts:
http: http
https: http
annotations:
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:XX-XXXX-X:XXXXXXXXX:certificate/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXX
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "http"
service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https"
service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: '3600'
```
### Additional Internal Load Balancer
This setup is useful when you need both external and internal load balancers but don't want to have multiple ingress controllers and multiple ingress objects per application.
By default, the ingress object will point to the external load balancer address, but if correctly configured, you can make use of the internal one if the URL you are looking up resolves to the internal load balancer's URL.
You'll need to set both the following values:
`controller.service.internal.enabled`
`controller.service.internal.annotations`
If one of them is missing the internal load balancer will not be deployed. Example you may have `controller.service.internal.enabled=true` but no annotations set, in this case no action will be taken.
`controller.service.internal.annotations` varies with the cloud service you're using.
Example for AWS:
```yaml
controller:
service:
internal:
enabled: true
annotations:
# Create internal NLB
service.beta.kubernetes.io/aws-load-balancer-scheme: "internal"
# Create internal ELB(Deprecated)
# service.beta.kubernetes.io/aws-load-balancer-internal: "true"
# Any other annotation can be declared here.
```
Example for GCE:
```yaml
controller:
service:
internal:
enabled: true
annotations:
# Create internal LB. More information: https://cloud.google.com/kubernetes-engine/docs/how-to/internal-load-balancing
# For GKE versions 1.17 and later
networking.gke.io/load-balancer-type: "Internal"
# For earlier versions
# cloud.google.com/load-balancer-type: "Internal"
# Any other annotation can be declared here.
```
Example for Azure:
```yaml
controller:
service:
annotations:
# Create internal LB
service.beta.kubernetes.io/azure-load-balancer-internal: "true"
# Any other annotation can be declared here.
```
Example for Oracle Cloud Infrastructure:
```yaml
controller:
service:
annotations:
# Create internal LB
service.beta.kubernetes.io/oci-load-balancer-internal: "true"
# Any other annotation can be declared here.
```
The load balancer annotations of more cloud service providers can be found: [Internal load balancer](https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer).
An use case for this scenario is having a split-view DNS setup where the public zone CNAME records point to the external balancer URL while the private zone CNAME records point to the internal balancer URL. This way, you only need one ingress kubernetes object.
Optionally you can set `controller.service.loadBalancerIP` if you need a static IP for the resulting `LoadBalancer`.
### Ingress Admission Webhooks
With nginx-ingress-controller version 0.25+, the Ingress-Nginx Controller pod exposes an endpoint that will integrate with the `validatingwebhookconfiguration` Kubernetes feature to prevent bad ingress from being added to the cluster.
**This feature is enabled by default since 0.31.0.**
With nginx-ingress-controller in 0.25.* work only with kubernetes 1.14+, 0.26 fix [this issue](https://github.com/kubernetes/ingress-nginx/pull/4521)
#### How the Chart Configures the Hooks
A validating and configuration requires the endpoint to which the request is sent to use TLS. It is possible to set up custom certificates to do this, but in most cases, a self-signed certificate is enough. The setup of this component requires some more complex orchestration when using helm. The steps are created to be idempotent and to allow turning the feature on and off without running into helm quirks.
1. A pre-install hook provisions a certificate into the same namespace using a format compatible with provisioning using end user certificates. If the certificate already exists, the hook exits.
2. The Ingress-Nginx Controller pod is configured to use a TLS proxy container, which will load that certificate.
3. Validating and Mutating webhook configurations are created in the cluster.
4. A post-install hook reads the CA from the secret created by step 1 and patches the Validating and Mutating webhook configurations. This process will allow a custom CA provisioned by some other process to also be patched into the webhook configurations. The chosen failure policy is also patched into the webhook configurations
#### Alternatives
It should be possible to use [cert-manager/cert-manager](https://github.com/cert-manager/cert-manager) if a more complete solution is required.
You can enable automatic self-signed TLS certificate provisioning via cert-manager by setting the `controller.admissionWebhooks.certManager.enabled` value to true.
Please ensure that cert-manager is correctly installed and configured.
### Helm Error When Upgrading: spec.clusterIP: Invalid value: ""
If you are upgrading this chart from a version between 0.31.0 and 1.2.2 then you may get an error like this:
```console
Error: UPGRADE FAILED: Service "?????-controller" is invalid: spec.clusterIP: Invalid value: "": field is immutable
```
Detail of how and why are in [this issue](https://github.com/helm/charts/pull/13646) but to resolve this you can set `xxxx.service.omitClusterIP` to `true` where `xxxx` is the service referenced in the error.
As of version `1.26.0` of this chart, by simply not providing any clusterIP value, `invalid: spec.clusterIP: Invalid value: "": field is immutable` will no longer occur since `clusterIP: ""` will not be rendered.
### Pod Security Admission
You can use Pod Security Admission by applying labels to the `ingress-nginx` namespace as instructed by the [documentation](https://kubernetes.io/docs/tasks/configure-pod-container/enforce-standards-namespace-labels).
Example:
```yaml
apiVersion: v1
kind: Namespace
metadata:
name: ingress-nginx
labels:
kubernetes.io/metadata.name: ingress-nginx
name: ingress-nginx
pod-security.kubernetes.io/enforce: restricted
pod-security.kubernetes.io/enforce-version: v1.31
```
## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| commonLabels | object | `{}` | |
| controller.addHeaders | object | `{}` | Will add custom headers before sending response traffic to the client according to: https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#add-headers |
| controller.admissionWebhooks.annotations | object | `{}` | |
| controller.admissionWebhooks.certManager.admissionCert.duration | string | `""` | |
| controller.admissionWebhooks.certManager.admissionCert.revisionHistoryLimit | int | `0` | Revision history limit of the webhook certificate. Ref.: https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.CertificateSpec |
| controller.admissionWebhooks.certManager.enabled | bool | `false` | |
| controller.admissionWebhooks.certManager.rootCert.duration | string | `""` | |
| controller.admissionWebhooks.certManager.rootCert.revisionHistoryLimit | int | `0` | Revision history limit of the root certificate. Ref.: https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.CertificateSpec |
| controller.admissionWebhooks.certificate | string | `"/usr/local/certificates/cert"` | |
| controller.admissionWebhooks.createSecretJob.activeDeadlineSeconds | int | `0` | Deadline in seconds for the job to complete. Must be greater than 0 to enforce. If unset or 0, no deadline is enforced. |
| controller.admissionWebhooks.createSecretJob.name | string | `"create"` | |
| controller.admissionWebhooks.createSecretJob.resources | object | `{}` | |
| controller.admissionWebhooks.createSecretJob.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsGroup":65532,"runAsNonRoot":true,"runAsUser":65532,"seccompProfile":{"type":"RuntimeDefault"}}` | Security context for secret creation containers |
| controller.admissionWebhooks.createSecretJob.volumeMounts | list | `[]` | Volume mounts for secret creation containers |
| controller.admissionWebhooks.createSecretJob.volumes | list | `[]` | Volumes for secret creation pod |
| controller.admissionWebhooks.enabled | bool | `true` | |
| controller.admissionWebhooks.extraEnvs | list | `[]` | Additional environment variables to set |
| controller.admissionWebhooks.failurePolicy | string | `"Fail"` | Admission Webhook failure policy to use |
| controller.admissionWebhooks.key | string | `"/usr/local/certificates/key"` | |
| controller.admissionWebhooks.labels | object | `{}` | Labels to be added to admission webhooks |
| controller.admissionWebhooks.name | string | `"admission"` | |
| controller.admissionWebhooks.namespaceSelector | object | `{}` | |
| controller.admissionWebhooks.objectSelector | object | `{}` | |
| controller.admissionWebhooks.patch.enabled | bool | `true` | |
| controller.admissionWebhooks.patch.image.digest | string | `"sha256:7c74a715af2c94cb734785b4d3ea1357b4f02b88e1e123c622a9cb68b62f669c"` | |
| controller.admissionWebhooks.patch.image.image | string | `"ingress-nginx/kube-webhook-certgen"` | |
| controller.admissionWebhooks.patch.image.pullPolicy | string | `"IfNotPresent"` | |
| controller.admissionWebhooks.patch.image.tag | string | `"v1.6.7"` | |
| controller.admissionWebhooks.patch.labels | object | `{}` | Labels to be added to patch job resources |
| controller.admissionWebhooks.patch.networkPolicy.enabled | bool | `false` | Enable 'networkPolicy' or not |
| controller.admissionWebhooks.patch.nodeSelector."kubernetes.io/os" | string | `"linux"` | |
| controller.admissionWebhooks.patch.podAnnotations | object | `{}` | |
| controller.admissionWebhooks.patch.priorityClassName | string | `""` | Provide a priority class name to the webhook patching job # |
| controller.admissionWebhooks.patch.rbac | object | `{"create":true}` | Admission webhook patch job RBAC |
| controller.admissionWebhooks.patch.rbac.create | bool | `true` | Create RBAC or not |
| controller.admissionWebhooks.patch.runtimeClassName | string | `""` | Instruct the kubelet to use the named RuntimeClass to run the pod |
| controller.admissionWebhooks.patch.securityContext | object | `{}` | Security context for secret creation & webhook patch pods |
| controller.admissionWebhooks.patch.serviceAccount | object | `{"automountServiceAccountToken":true,"create":true,"name":""}` | Admission webhook patch job service account |
| controller.admissionWebhooks.patch.serviceAccount.automountServiceAccountToken | bool | `true` | Auto-mount service account token or not |
| controller.admissionWebhooks.patch.serviceAccount.create | bool | `true` | Create a service account or not |
| controller.admissionWebhooks.patch.serviceAccount.name | string | `""` | Custom service account name |
| controller.admissionWebhooks.patch.tolerations | list | `[]` | |
| controller.admissionWebhooks.patchWebhookJob.activeDeadlineSeconds | int | `0` | Deadline in seconds for the job to complete. Must be greater than 0 to enforce. If unset or 0, no deadline is enforced. |
| controller.admissionWebhooks.patchWebhookJob.name | string | `"patch"` | |
| controller.admissionWebhooks.patchWebhookJob.resources | object | `{}` | |
| controller.admissionWebhooks.patchWebhookJob.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsGroup":65532,"runAsNonRoot":true,"runAsUser":65532,"seccompProfile":{"type":"RuntimeDefault"}}` | Security context for webhook patch containers |
| controller.admissionWebhooks.patchWebhookJob.volumeMounts | list | `[]` | Volume mounts for webhook patch containers |
| controller.admissionWebhooks.patchWebhookJob.volumes | list | `[]` | Volumes for webhook patch pod |
| controller.admissionWebhooks.port | int | `8443` | |
| controller.admissionWebhooks.service.annotations | object | `{}` | |
| controller.admissionWebhooks.service.externalIPs | list | `[]` | |
| controller.admissionWebhooks.service.loadBalancerSourceRanges | list | `[]` | |
| controller.admissionWebhooks.service.servicePort | int | `443` | |
| controller.admissionWebhooks.service.type | string | `"ClusterIP"` | |
| controller.affinity | object | `{}` | Affinity and anti-affinity rules for server scheduling to nodes # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity # |
| controller.allowSnippetAnnotations | bool | `false` | This configuration defines if Ingress Controller should allow users to set their own *-snippet annotations, otherwise this is forbidden / dropped when users add those annotations. Global snippets in ConfigMap are still respected |
| controller.annotations | object | `{}` | Annotations to be added to the controller Deployment or DaemonSet # |
| controller.autoscaling.annotations | object | `{}` | |
| controller.autoscaling.behavior | object | `{}` | |
| controller.autoscaling.enabled | bool | `false` | |
| controller.autoscaling.maxReplicas | int | `11` | |
| controller.autoscaling.minReplicas | int | `1` | |
| controller.autoscaling.targetCPUUtilizationPercentage | int | `50` | |
| controller.autoscaling.targetMemoryUtilizationPercentage | int | `50` | |
| controller.autoscalingTemplate | list | `[]` | |
| controller.config | object | `{}` | Global configuration passed to the ConfigMap consumed by the controller. Values may contain Helm templates. Ref.: https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/ |
| controller.configAnnotations | object | `{}` | Annotations to be added to the controller config configuration configmap. |
| controller.configMapNamespace | string | `""` | Allows customization of the configmap / nginx-configmap namespace; defaults to $(POD_NAMESPACE) |
| controller.containerName | string | `"controller"` | Configures the controller container name |
| controller.containerPort | object | `{"http":80,"https":443}` | Configures the ports that the nginx-controller listens on |
| controller.containerSecurityContext | object | `{}` | Security context for controller containers |
| controller.customTemplate.configMapKey | string | `""` | |
| controller.customTemplate.configMapName | string | `""` | |
| controller.disableLeaderElection | bool | `false` | This configuration disable Nginx Controller Leader Election |
| controller.dnsConfig | object | `{}` | Optionally customize the pod dnsConfig. |
| controller.dnsPolicy | string | `"ClusterFirst"` | Optionally change this to ClusterFirstWithHostNet in case you have 'hostNetwork: true'. By default, while using host network, name resolution uses the host's DNS. If you wish nginx-controller to keep resolving names inside the k8s network, use ClusterFirstWithHostNet. |
| controller.electionID | string | `""` | Election ID to use for status update, by default it uses the controller name combined with a suffix of 'leader' |
| controller.electionTTL | string | `""` | Duration a leader election is valid before it's getting re-elected, e.g. `15s`, `10m` or `1h`. (Default: 30s) |
| controller.enableAnnotationValidations | bool | `true` | |
| controller.enableMimalloc | bool | `true` | Enable mimalloc as a drop-in replacement for malloc. # ref: https://github.com/microsoft/mimalloc # |
| controller.enableTopologyAwareRouting | bool | `false` | This configuration enables Topology Aware Routing feature, used together with service annotation service.kubernetes.io/topology-mode="auto" Defaults to false |
| controller.extraArgs | object | `{}` | Additional command line arguments to pass to Ingress-Nginx Controller E.g. to specify the default SSL certificate you can use |
| controller.extraContainers | list | `[]` | Additional containers to be added to the controller pod. See https://github.com/lemonldap-ng-controller/lemonldap-ng-controller as example. |
| controller.extraEnvs | list | `[]` | Additional environment variables to set |
| controller.extraInitContainers | list | `[]` | Containers, which are run before the app containers are started. Values may contain Helm templates. |
| controller.extraModules | list | `[]` | Modules, which are mounted into the core nginx image. |
| controller.extraVolumeMounts | list | `[]` | Additional volumeMounts to the controller main container. |
| controller.extraVolumes | list | `[]` | Additional volumes to the controller pod. |
| controller.healthCheckHost | string | `""` | Address to bind the health check endpoint. It is better to set this option to the internal node address if the Ingress-Nginx Controller is running in the `hostNetwork: true` mode. |
| controller.healthCheckPath | string | `"/healthz"` | Path of the health check endpoint. All requests received on the port defined by the healthz-port parameter are forwarded internally to this path. |
| controller.hostAliases | list | `[]` | Optionally customize the pod hostAliases. |
| controller.hostNetwork | bool | `false` | Required for use with CNI based kubernetes installations (such as ones set up by kubeadm), since CNI and hostport don't mix yet. Can be deprecated once https://github.com/kubernetes/kubernetes/issues/23920 is merged |
| controller.hostPort.enabled | bool | `false` | Enable 'hostPort' or not |
| controller.hostPort.ports.http | int | `80` | 'hostPort' http port |
| controller.hostPort.ports.https | int | `443` | 'hostPort' https port |
| controller.hostname | object | `{}` | Optionally customize the pod hostname. |
| controller.image.allowPrivilegeEscalation | bool | `false` | |
| controller.image.chroot | bool | `false` | |
| controller.image.digest | string | `"sha256:82917be97c0939f6ada1717bb39aa7e66c229d6cfb10dcfc8f1bd42f9efe0f81"` | |
| controller.image.digestChroot | string | `"sha256:ffdab64d0e0556f810d82d618a0fa97c4fc8dc2bc5717c51bfe83b5d4252c73e"` | |
| controller.image.image | string | `"ingress-nginx/controller"` | |
| controller.image.pullPolicy | string | `"IfNotPresent"` | |
| controller.image.readOnlyRootFilesystem | bool | `false` | |
| controller.image.runAsGroup | int | `82` | This value must not be changed using the official image. uid=101(www-data) gid=82(www-data) groups=82(www-data) |
| controller.image.runAsNonRoot | bool | `true` | |
| controller.image.runAsUser | int | `101` | This value must not be changed using the official image. uid=101(www-data) gid=82(www-data) groups=82(www-data) |
| controller.image.seccompProfile.type | string | `"RuntimeDefault"` | |
| controller.image.tag | string | `"v1.14.3"` | |
| controller.ingressClass | string | `"nginx"` | For backwards compatibility with ingress.class annotation, use ingressClass. Algorithm is as follows, first ingressClassName is considered, if not present, controller looks for ingress.class annotation |
| controller.ingressClassByName | bool | `false` | Process IngressClass per name (additionally as per spec.controller). |
| controller.ingressClassResource | object | `{"aliases":[],"annotations":{},"controllerValue":"k8s.io/ingress-nginx","default":false,"enabled":true,"name":"nginx","parameters":{}}` | This section refers to the creation of the IngressClass resource. IngressClasses are immutable and cannot be changed after creation. We do not support namespaced IngressClasses, yet, so a ClusterRole and a ClusterRoleBinding is required. |
| controller.ingressClassResource.aliases | list | `[]` | Aliases of this IngressClass. Creates copies with identical settings but the respective alias as name. Useful for development environments with only one Ingress Controller but production-like Ingress resources. `default` gets enabled on the original IngressClass only. |
| controller.ingressClassResource.annotations | object | `{}` | Annotations to be added to the IngressClass resource. |
| controller.ingressClassResource.controllerValue | string | `"k8s.io/ingress-nginx"` | Controller of the IngressClass. An Ingress Controller looks for IngressClasses it should reconcile by this value. This value is also being set as the `--controller-class` argument of this Ingress Controller. Ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class |
| controller.ingressClassResource.default | bool | `false` | If true, Ingresses without `ingressClassName` get assigned to this IngressClass on creation. Ingress creation gets rejected if there are multiple default IngressClasses. Ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#default-ingress-class |
| controller.ingressClassResource.enabled | bool | `true` | Create the IngressClass or not |
| controller.ingressClassResource.name | string | `"nginx"` | Name of the IngressClass |
| controller.ingressClassResource.parameters | object | `{}` | A link to a custom resource containing additional configuration for the controller. This is optional if the controller consuming this IngressClass does not require additional parameters. Ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class |
| controller.keda.apiVersion | string | `"keda.sh/v1alpha1"` | |
| controller.keda.behavior | object | `{}` | |
| controller.keda.cooldownPeriod | int | `300` | |
| controller.keda.enabled | bool | `false` | |
| controller.keda.maxReplicas | int | `11` | |
| controller.keda.minReplicas | int | `1` | |
| controller.keda.pollingInterval | int | `30` | |
| controller.keda.restoreToOriginalReplicaCount | bool | `false` | |
| controller.keda.scaledObject.annotations | object | `{}` | |
| controller.keda.triggers | list | `[]` | |
| controller.kind | string | `"Deployment"` | Use a `DaemonSet` or `Deployment` |
| controller.labels | object | `{}` | Labels to be added to the controller Deployment or DaemonSet and other resources that do not have option to specify labels # |
| controller.lifecycle | object | `{"preStop":{"exec":{"command":["/wait-shutdown"]}}}` | Improve connection draining when ingress controller pod is deleted using a lifecycle hook: With this new hook, we increased the default terminationGracePeriodSeconds from 30 seconds to 300, allowing the draining of connections up to five minutes. If the active connections end before that, the pod will terminate gracefully at that time. To effectively take advantage of this feature, the Configmap feature worker-shutdown-timeout new value is 240s instead of 10s. # |
| controller.livenessProbe.failureThreshold | int | `5` | |
| controller.livenessProbe.httpGet.path | string | `"/healthz"` | |
| controller.livenessProbe.httpGet.port | int | `10254` | |
| controller.livenessProbe.httpGet.scheme | string | `"HTTP"` | |
| controller.livenessProbe.initialDelaySeconds | int | `10` | |
| controller.livenessProbe.periodSeconds | int | `10` | |
| controller.livenessProbe.successThreshold | int | `1` | |
| controller.livenessProbe.timeoutSeconds | int | `1` | |
| controller.maxmindLicenseKey | string | `""` | Maxmind license key to download GeoLite2 Databases. # https://blog.maxmind.com/2019/12/significant-changes-to-accessing-and-using-geolite2-databases/ |
| controller.metrics.enabled | bool | `false` | |
| controller.metrics.port | int | `10254` | |
| controller.metrics.portName | string | `"metrics"` | |
| controller.metrics.prometheusRule.additionalLabels | object | `{}` | |
| controller.metrics.prometheusRule.annotations | object | `{}` | Annotations to be added to the PrometheusRule. |
| controller.metrics.prometheusRule.enabled | bool | `false` | |
| controller.metrics.prometheusRule.rules | list | `[]` | |
| controller.metrics.service.annotations | object | `{}` | |
| controller.metrics.service.enabled | bool | `true` | Enable the metrics service or not. |
| controller.metrics.service.externalIPs | list | `[]` | List of IP addresses at which the stats-exporter service is available # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips # |
| controller.metrics.service.labels | object | `{}` | Labels to be added to the metrics service resource |
| controller.metrics.service.loadBalancerSourceRanges | list | `[]` | |
| controller.metrics.service.servicePort | int | `10254` | |
| controller.metrics.service.type | string | `"ClusterIP"` | |
| controller.metrics.serviceMonitor.additionalLabels | object | `{}` | |
| controller.metrics.serviceMonitor.annotations | object | `{}` | Annotations to be added to the ServiceMonitor. |
| controller.metrics.serviceMonitor.enabled | bool | `false` | |
| controller.metrics.serviceMonitor.labelLimit | int | `0` | Per-scrape limit on number of labels that will be accepted for a sample. |
| controller.metrics.serviceMonitor.labelNameLengthLimit | int | `0` | Per-scrape limit on length of labels name that will be accepted for a sample. |
| controller.metrics.serviceMonitor.labelValueLengthLimit | int | `0` | Per-scrape limit on length of labels value that will be accepted for a sample. |
| controller.metrics.serviceMonitor.metricRelabelings | list | `[]` | |
| controller.metrics.serviceMonitor.namespace | string | `""` | |
| controller.metrics.serviceMonitor.namespaceSelector | object | `{}` | |
| controller.metrics.serviceMonitor.relabelings | list | `[]` | |
| controller.metrics.serviceMonitor.sampleLimit | int | `0` | Defines a per-scrape limit on the number of scraped samples that will be accepted. |
| controller.metrics.serviceMonitor.scrapeInterval | string | `"30s"` | |
| controller.metrics.serviceMonitor.scrapeTimeout | string | `""` | Timeout after which the scrape is ended. Not being set if empty and therefore defaults to the global Prometheus scrape timeout. |
| controller.metrics.serviceMonitor.targetLabels | list | `[]` | |
| controller.metrics.serviceMonitor.targetLimit | int | `0` | Defines a limit on the number of scraped targets that will be accepted. |
| controller.minAvailable | int | `1` | Minimum available pods set in PodDisruptionBudget. Define either 'minAvailable' or 'maxUnavailable', never both. |
| controller.minReadySeconds | int | `0` | `minReadySeconds` to avoid killing pods before we are ready # |
| controller.name | string | `"controller"` | |
| controller.networkPolicy.enabled | bool | `false` | Enable 'networkPolicy' or not |
| controller.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node labels for controller pod assignment # Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ # |
| controller.podAnnotations | object | `{}` | Annotations to be added to controller pods # |
| controller.podLabels | object | `{}` | Labels to add to the pod container metadata |
| controller.podSecurityContext | object | `{}` | Security context for controller pods |
| controller.priorityClassName | string | `""` | |
| controller.progressDeadlineSeconds | int | `0` | Specifies the number of seconds you want to wait for the controller deployment to progress before the system reports back that it has failed. Ref.: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#progress-deadline-seconds |
| controller.proxySetHeaders | object | `{}` | Will add custom headers before sending traffic to backends according to https://github.com/kubernetes/ingress-nginx/tree/main/docs/examples/customization/custom-headers |
| controller.publishService | object | `{"enabled":true,"pathOverride":""}` | Allows customization of the source of the IP address or FQDN to report in the ingress status field. By default, it reads the information provided by the service. If disable, the status field reports the IP address of the node or nodes where an ingress controller pod is running. |
| controller.publishService.enabled | bool | `true` | Enable 'publishService' or not |
| controller.publishService.pathOverride | string | `""` | Allows overriding of the publish service to bind to Must be <namespace>/<service_name> |
| controller.readinessProbe.failureThreshold | int | `3` | |
| controller.readinessProbe.httpGet.path | string | `"/healthz"` | |
| controller.readinessProbe.httpGet.port | int | `10254` | |
| controller.readinessProbe.httpGet.scheme | string | `"HTTP"` | |
| controller.readinessProbe.initialDelaySeconds | int | `10` | |
| controller.readinessProbe.periodSeconds | int | `10` | |
| controller.readinessProbe.successThreshold | int | `1` | |
| controller.readinessProbe.timeoutSeconds | int | `1` | |
| controller.replicaCount | int | `1` | |
| controller.reportNodeInternalIp | bool | `false` | Bare-metal considerations via the host network https://kubernetes.github.io/ingress-nginx/deploy/baremetal/#via-the-host-network Ingress status was blank because there is no Service exposing the Ingress-Nginx Controller in a configuration using the host network, the default --publish-service flag used in standard cloud setups does not apply |
| controller.resizePolicy | list | `[]` | Resize policy for controller containers. Ref: https://kubernetes.io/docs/tasks/configure-pod-container/resize-container-resources |
| controller.resources.requests.cpu | string | `"100m"` | |
| controller.resources.requests.memory | string | `"90Mi"` | |
| controller.runtimeClassName | string | `""` | Instruct the kubelet to use the named RuntimeClass to run the pod |
| controller.scope.enabled | bool | `false` | Enable 'scope' or not |
| controller.scope.namespace | string | `""` | Namespace to limit the controller to; defaults to $(POD_NAMESPACE) |
| controller.scope.namespaceSelector | string | `""` | When scope.enabled == false, instead of watching all namespaces, we watching namespaces whose labels only match with namespaceSelector. Format like foo=bar. Defaults to empty, means watching all namespaces. |
| controller.service.annotations | object | `{}` | Annotations to be added to the external controller service. See `controller.service.internal.annotations` for annotations to be added to the internal controller service. |
| controller.service.appProtocol | bool | `true` | Declare the app protocol of the external HTTP and HTTPS listeners or not. Supersedes provider-specific annotations for declaring the backend protocol. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#application-protocol |
| controller.service.clusterIP | string | `""` | Pre-defined cluster internal IP address of the external controller service. Take care of collisions with existing services. This value is immutable. Set once, it can not be changed without deleting and re-creating the service. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address |
| controller.service.clusterIPs | list | `[]` | Pre-defined cluster internal IP addresses of the external controller service. Take care of collisions with existing services. This value is immutable. Set once, it can not be changed without deleting and re-creating the service. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address |
| controller.service.enableHttp | bool | `true` | Enable the HTTP listener on both controller services or not. |
| controller.service.enableHttps | bool | `true` | Enable the HTTPS listener on both controller services or not. |
| controller.service.enabled | bool | `true` | Enable controller services or not. This does not influence the creation of either the admission webhook or the metrics service. |
| controller.service.external.enabled | bool | `true` | Enable the external controller service or not. Useful for internal-only deployments. |
| controller.service.external.labels | object | `{}` | Labels to be added to the external controller service. |
| controller.service.externalIPs | list | `[]` | List of node IP addresses at which the external controller service is available. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips |
| controller.service.externalTrafficPolicy | string | `""` | External traffic policy of the external controller service. Set to "Local" to preserve source IP on providers supporting it. Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip |
| controller.service.internal.annotations | object | `{}` | Annotations to be added to the internal controller service. Mandatory for the internal controller service to be created. Varies with the cloud service. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer |
| controller.service.internal.appProtocol | bool | `true` | Declare the app protocol of the internal HTTP and HTTPS listeners or not. Supersedes provider-specific annotations for declaring the backend protocol. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#application-protocol |
| controller.service.internal.clusterIP | string | `""` | Pre-defined cluster internal IP address of the internal controller service. Take care of collisions with existing services. This value is immutable. Set once, it can not be changed without deleting and re-creating the service. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address |
| controller.service.internal.clusterIPs | list | `[]` | Pre-defined cluster internal IP addresses of the internal controller service. Take care of collisions with existing services. This value is immutable. Set once, it can not be changed without deleting and re-creating the service. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address |
| controller.service.internal.enabled | bool | `false` | Enable the internal controller service or not. Remember to configure `controller.service.internal.annotations` when enabling this. |
| controller.service.internal.externalIPs | list | `[]` | List of node IP addresses at which the internal controller service is available. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips |
| controller.service.internal.externalTrafficPolicy | string | `""` | External traffic policy of the internal controller service. Set to "Local" to preserve source IP on providers supporting it. Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip |
| controller.service.internal.ipFamilies | list | `["IPv4"]` | List of IP families (e.g. IPv4, IPv6) assigned to the internal controller service. This field is usually assigned automatically based on cluster configuration and the `ipFamilyPolicy` field. Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services |
| controller.service.internal.ipFamilyPolicy | string | `"SingleStack"` | Represents the dual-stack capabilities of the internal controller service. Possible values are SingleStack, PreferDualStack or RequireDualStack. Fields `ipFamilies` and `clusterIP` depend on the value of this field. Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services |
| controller.service.internal.labels | object | `{}` | Labels to be added to the internal controller service. |
| controller.service.internal.loadBalancerClass | string | `""` | Load balancer class of the internal controller service. Used by cloud providers to select a load balancer implementation other than the cloud provider default. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-class |
| controller.service.internal.loadBalancerIP | string | `""` | Deprecated: Pre-defined IP address of the internal controller service. Used by cloud providers to connect the resulting load balancer service to a pre-existing static IP. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer |
| controller.service.internal.loadBalancerSourceRanges | list | `[]` | Restrict access to the internal controller service. Values must be CIDRs. Allows any source address by default. |
| controller.service.internal.nodePorts.http | string | `""` | Node port allocated for the internal HTTP listener. If left empty, the service controller allocates one from the configured node port range. |
| controller.service.internal.nodePorts.https | string | `""` | Node port allocated for the internal HTTPS listener. If left empty, the service controller allocates one from the configured node port range. |
| controller.service.internal.nodePorts.tcp | object | `{}` | Node port mapping for internal TCP listeners. If left empty, the service controller allocates them from the configured node port range. Example: tcp: 8080: 30080 |
| controller.service.internal.nodePorts.udp | object | `{}` | Node port mapping for internal UDP listeners. If left empty, the service controller allocates them from the configured node port range. Example: udp: 53: 30053 |
| controller.service.internal.ports | object | `{}` | |
| controller.service.internal.sessionAffinity | string | `""` | Session affinity of the internal controller service. Must be either "None" or "ClientIP" if set. Defaults to "None". Ref: https://kubernetes.io/docs/reference/networking/virtual-ips/#session-affinity |
| controller.service.internal.targetPorts | object | `{}` | |
| controller.service.internal.trafficDistribution | string | `""` | Traffic distribution policy of the internal controller service. Set to "PreferClose" to route traffic to endpoints that are topologically closer to the client. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#traffic-distribution |
| controller.service.internal.type | string | `""` | Type of the internal controller service. Defaults to the value of `controller.service.type`. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types |
| controller.service.ipFamilies | list | `["IPv4"]` | List of IP families (e.g. IPv4, IPv6) assigned to the external controller service. This field is usually assigned automatically based on cluster configuration and the `ipFamilyPolicy` field. Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services |
| controller.service.ipFamilyPolicy | string | `"SingleStack"` | Represents the dual-stack capabilities of the external controller service. Possible values are SingleStack, PreferDualStack or RequireDualStack. Fields `ipFamilies` and `clusterIP` depend on the value of this field. Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services |
| controller.service.labels | object | `{}` | Labels to be added to both controller services. |
| controller.service.loadBalancerClass | string | `""` | Load balancer class of the external controller service. Used by cloud providers to select a load balancer implementation other than the cloud provider default. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-class |
| controller.service.loadBalancerIP | string | `""` | Deprecated: Pre-defined IP address of the external controller service. Used by cloud providers to connect the resulting load balancer service to a pre-existing static IP. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer |
| controller.service.loadBalancerSourceRanges | list | `[]` | Restrict access to the external controller service. Values must be CIDRs. Allows any source address by default. |
| controller.service.nodePorts.http | string | `""` | Node port allocated for the external HTTP listener. If left empty, the service controller allocates one from the configured node port range. |
| controller.service.nodePorts.https | string | `""` | Node port allocated for the external HTTPS listener. If left empty, the service controller allocates one from the configured node port range. |
| controller.service.nodePorts.tcp | object | `{}` | Node port mapping for external TCP listeners. If left empty, the service controller allocates them from the configured node port range. Example: tcp: 8080: 30080 |
| controller.service.nodePorts.udp | object | `{}` | Node port mapping for external UDP listeners. If left empty, the service controller allocates them from the configured node port range. Example: udp: 53: 30053 |
| controller.service.ports.http | int | `80` | Port the external HTTP listener is published with. |
| controller.service.ports.https | int | `443` | Port the external HTTPS listener is published with. |
| controller.service.sessionAffinity | string | `""` | Session affinity of the external controller service. Must be either "None" or "ClientIP" if set. Defaults to "None". Ref: https://kubernetes.io/docs/reference/networking/virtual-ips/#session-affinity |
| controller.service.targetPorts.http | string | `"http"` | Port of the ingress controller the external HTTP listener is mapped to. |
| controller.service.targetPorts.https | string | `"https"` | Port of the ingress controller the external HTTPS listener is mapped to. |
| controller.service.trafficDistribution | string | `""` | Traffic distribution policy of the external controller service. Set to "PreferClose" to route traffic to endpoints that are topologically closer to the client. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#traffic-distribution |
| controller.service.type | string | `"LoadBalancer"` | Type of the external controller service. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types |
| controller.shareProcessNamespace | bool | `false` | |
| controller.sysctls | object | `{}` | sysctls for controller pods # Ref: https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ |
| controller.tcp.annotations | object | `{}` | Annotations to be added to the tcp config configmap |
| controller.tcp.configMapNamespace | string | `""` | Allows customization of the tcp-services-configmap; defaults to $(POD_NAMESPACE) |
| controller.terminationGracePeriodSeconds | int | `300` | `terminationGracePeriodSeconds` to avoid killing pods before we are ready # wait up to five minutes for the drain of connections # |
| controller.tolerations | list | `[]` | Node tolerations for server scheduling to nodes with taints # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ # |
| controller.topologySpreadConstraints | list | `[]` | Topology spread constraints rely on node labels to identify the topology domain(s) that each Node is in. # Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ # |
| controller.udp.annotations | object | `{}` | Annotations to be added to the udp config configmap |
| controller.udp.configMapNamespace | string | `""` | Allows customization of the udp-services-configmap; defaults to $(POD_NAMESPACE) |
| controller.unhealthyPodEvictionPolicy | string | `""` | Eviction policy for unhealthy pods guarded by PodDisruptionBudget. Ref: https://kubernetes.io/blog/2023/01/06/unhealthy-pod-eviction-policy-for-pdbs/ |
| controller.updateStrategy | object | `{}` | The update strategy to apply to the Deployment or DaemonSet # |
| controller.watchIngressWithoutClass | bool | `false` | Process Ingress objects without ingressClass annotation/ingressClassName field Overrides value for --watch-ingress-without-class flag of the controller binary Defaults to false |
| defaultBackend.affinity | object | `{}` | Affinity and anti-affinity rules for server scheduling to nodes # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity |
| defaultBackend.autoscaling.annotations | object | `{}` | |
| defaultBackend.autoscaling.enabled | bool | `false` | |
| defaultBackend.autoscaling.maxReplicas | int | `2` | |
| defaultBackend.autoscaling.minReplicas | int | `1` | |
| defaultBackend.autoscaling.targetCPUUtilizationPercentage | int | `50` | |
| defaultBackend.autoscaling.targetMemoryUtilizationPercentage | int | `50` | |
| defaultBackend.containerSecurityContext | object | `{}` | Security context for default backend containers |
| defaultBackend.enabled | bool | `false` | |
| defaultBackend.extraArgs | object | `{}` | |
| defaultBackend.extraConfigMaps | list | `[]` | |
| defaultBackend.extraEnvs | list | `[]` | Additional environment variables to set for defaultBackend pods |
| defaultBackend.extraVolumeMounts | list | `[]` | |
| defaultBackend.extraVolumes | list | `[]` | |
| defaultBackend.image.allowPrivilegeEscalation | bool | `false` | |
| defaultBackend.image.image | string | `"defaultbackend-amd64"` | |
| defaultBackend.image.pullPolicy | string | `"IfNotPresent"` | |
| defaultBackend.image.readOnlyRootFilesystem | bool | `true` | |
| defaultBackend.image.runAsGroup | int | `65534` | |
| defaultBackend.image.runAsNonRoot | bool | `true` | |
| defaultBackend.image.runAsUser | int | `65534` | |
| defaultBackend.image.seccompProfile.type | string | `"RuntimeDefault"` | |
| defaultBackend.image.tag | string | `"1.5"` | |
| defaultBackend.labels | object | `{}` | Labels to be added to the default backend resources |
| defaultBackend.livenessProbe.failureThreshold | int | `3` | |
| defaultBackend.livenessProbe.initialDelaySeconds | int | `30` | |
| defaultBackend.livenessProbe.periodSeconds | int | `10` | |
| defaultBackend.livenessProbe.successThreshold | int | `1` | |
| defaultBackend.livenessProbe.timeoutSeconds | int | `5` | |
| defaultBackend.minAvailable | int | `1` | Minimum available pods set in PodDisruptionBudget. Define either 'minAvailable' or 'maxUnavailable', never both. |
| defaultBackend.minReadySeconds | int | `0` | `minReadySeconds` to avoid killing pods before we are ready # |
| defaultBackend.name | string | `"defaultbackend"` | |
| defaultBackend.networkPolicy.enabled | bool | `false` | Enable 'networkPolicy' or not |
| defaultBackend.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node labels for default backend pod assignment # Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ # |
| defaultBackend.podAnnotations | object | `{}` | Annotations to be added to default backend pods # |
| defaultBackend.podLabels | object | `{}` | Labels to add to the pod container metadata |
| defaultBackend.podSecurityContext | object | `{}` | Security context for default backend pods |
| defaultBackend.port | int | `8080` | |
| defaultBackend.priorityClassName | string | `""` | |
| defaultBackend.readinessProbe.failureThreshold | int | `6` | |
| defaultBackend.readinessProbe.initialDelaySeconds | int | `0` | |
| defaultBackend.readinessProbe.periodSeconds | int | `5` | |
| defaultBackend.readinessProbe.successThreshold | int | `1` | |
| defaultBackend.readinessProbe.timeoutSeconds | int | `5` | |
| defaultBackend.replicaCount | int | `1` | |
| defaultBackend.resources | object | `{}` | |
| defaultBackend.runtimeClassName | string | `""` | Instruct the kubelet to use the named RuntimeClass to run the pod |
| defaultBackend.service.annotations | object | `{}` | |
| defaultBackend.service.clusterIPs | list | `[]` | Pre-defined cluster internal IP addresses of the default backend service. Take care of collisions with existing services. This value is immutable. Set once, it can not be changed without deleting and re-creating the service. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address |
| defaultBackend.service.externalIPs | list | `[]` | List of IP addresses at which the default backend service is available # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips # |
| defaultBackend.service.loadBalancerSourceRanges | list | `[]` | |
| defaultBackend.service.servicePort | int | `80` | |
| defaultBackend.service.type | string | `"ClusterIP"` | |
| defaultBackend.serviceAccount.automountServiceAccountToken | bool | `true` | |
| defaultBackend.serviceAccount.create | bool | `true` | |
| defaultBackend.serviceAccount.name | string | `""` | |
| defaultBackend.tolerations | list | `[]` | Node tolerations for server scheduling to nodes with taints # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ # |
| defaultBackend.topologySpreadConstraints | list | `[]` | Topology spread constraints rely on node labels to identify the topology domain(s) that each Node is in. Ref.: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ |
| defaultBackend.unhealthyPodEvictionPolicy | string | `""` | Eviction policy for unhealthy pods guarded by PodDisruptionBudget. Ref: https://kubernetes.io/blog/2023/01/06/unhealthy-pod-eviction-policy-for-pdbs/ |
| defaultBackend.updateStrategy | object | `{}` | The update strategy to apply to the Deployment or DaemonSet # |
| dhParam | string | `""` | A base64-encoded Diffie-Hellman parameter. This can be generated with: `openssl dhparam 4096 2> /dev/null | base64` # Ref: https://github.com/kubernetes/ingress-nginx/tree/main/docs/examples/customization/ssl-dh-param |
| global.image.registry | string | `"registry.k8s.io"` | Registry host to pull images from. |
| imagePullSecrets | list | `[]` | Optional array of imagePullSecrets containing private registry credentials # Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ |
| namespaceOverride | string | `""` | Override the deployment namespace; defaults to .Release.Namespace |
| portNamePrefix | string | `""` | Prefix for TCP and UDP ports names in ingress controller service # Some cloud providers, like Yandex Cloud may have a requirements for a port name regex to support cloud load balancer integration |
| rbac.create | bool | `true` | |
| rbac.scope | bool | `false` | |
| revisionHistoryLimit | int | `10` | Rollback limit # |
| serviceAccount.annotations | object | `{}` | Annotations for the controller service account |
| serviceAccount.automountServiceAccountToken | bool | `true` | |
| serviceAccount.create | bool | `true` | |
| serviceAccount.name | string | `""` | |
| tcp | object | `{}` | TCP service key-value pairs # Ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/exposing-tcp-udp-services.md # |
| udp | object | `{}` | UDP service key-value pairs # Ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/exposing-tcp-udp-services.md # |

247
manifest/sonarqube/charts/ingress-nginx/README.md.gotmpl Normal file
View File

@@ -0,0 +1,247 @@
{{ template "chart.header" . }}
[ingress-nginx](https://github.com/kubernetes/ingress-nginx) Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer
{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }}
To use, add `ingressClassName: nginx` spec field or the `kubernetes.io/ingress.class: nginx` annotation to your Ingress resources.
This chart bootstraps an ingress-nginx deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
{{ template "chart.requirementsSection" . }}
## Get Repo Info
```console
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo update
```
## Install Chart
**Important:** only helm3 is supported
```console
helm install [RELEASE_NAME] ingress-nginx/ingress-nginx
```
The command deploys ingress-nginx on the Kubernetes cluster in the default configuration.
_See [configuration](#configuration) below._
_See [helm install](https://helm.sh/docs/helm/helm_install/) for command documentation._
## Uninstall Chart
```console
helm uninstall [RELEASE_NAME]
```
This removes all the Kubernetes components associated with the chart and deletes the release.
_See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall/) for command documentation._
## Upgrading Chart
```console
helm upgrade [RELEASE_NAME] [CHART] --install
```
_See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documentation._
### Migrating from stable/nginx-ingress
There are two main ways to migrate a release from `stable/nginx-ingress` to `ingress-nginx/ingress-nginx` chart:
1. For Nginx Ingress controllers used for non-critical services, the easiest method is to [uninstall](#uninstall-chart) the old release and [install](#install-chart) the new one
1. For critical services in production that require zero-downtime, you will want to:
1. [Install](#install-chart) a second Ingress controller
1. Redirect your DNS traffic from the old controller to the new controller
1. Log traffic from both controllers during this changeover
1. [Uninstall](#uninstall-chart) the old controller once traffic has fully drained from it
Note that there are some different and upgraded configurations between the two charts, described by Rimas Mocevicius from JFrog in the "Upgrading to ingress-nginx Helm chart" section of [Migrating from Helm chart nginx-ingress to ingress-nginx](https://rimusz.net/migrating-to-ingress-nginx). As the `ingress-nginx/ingress-nginx` chart continues to update, you will want to check current differences by running [helm configuration](#configuration) commands on both charts.
## Configuration
See [Customizing the Chart Before Installing](https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing). To see all configurable options with detailed comments, visit the chart's [values.yaml](./values.yaml), or run these configuration commands:
```console
helm show values ingress-nginx/ingress-nginx
```
### PodDisruptionBudget
Note that the PodDisruptionBudget resource will only be defined if the replicaCount is greater than one,
else it would make it impossible to evacuate a node. See [gh issue #7127](https://github.com/helm/charts/issues/7127) for more info.
### Prometheus Metrics
The Ingress-Nginx Controller can export Prometheus metrics, by setting `controller.metrics.enabled` to `true`.
You can add Prometheus annotations to the metrics service using `controller.metrics.service.annotations`.
Alternatively, if you use the Prometheus Operator, you can enable ServiceMonitor creation using `controller.metrics.serviceMonitor.enabled`. And set `controller.metrics.serviceMonitor.additionalLabels.release="prometheus"`. "release=prometheus" should match the label configured in the prometheus servicemonitor ( see `kubectl get servicemonitor prometheus-kube-prom-prometheus -oyaml -n prometheus`)
### ingress-nginx nginx\_status page/stats server
Previous versions of this chart had a `controller.stats.*` configuration block, which is now obsolete due to the following changes in Ingress-Nginx Controller:
- In [0.16.1](https://github.com/kubernetes/ingress-nginx/blob/main/Changelog.md#0161), the vts (virtual host traffic status) dashboard was removed
- In [0.23.0](https://github.com/kubernetes/ingress-nginx/blob/main/Changelog.md#0230), the status page at port 18080 is now a unix socket webserver only available at localhost.
You can use `curl --unix-socket /tmp/nginx-status-server.sock http://localhost/nginx_status` inside the controller container to access it locally, or use the snippet from [nginx-ingress changelog](https://github.com/kubernetes/ingress-nginx/blob/main/Changelog.md#0230) to re-enable the http server
### ExternalDNS Service Configuration
Add an [ExternalDNS](https://github.com/kubernetes-sigs/external-dns) annotation to the LoadBalancer service:
```yaml
controller:
service:
annotations:
external-dns.alpha.kubernetes.io/hostname: kubernetes-example.com.
```
### AWS L7 ELB with SSL Termination
Annotate the controller as shown in the [nginx-ingress l7 patch](https://github.com/kubernetes/ingress-nginx/blob/ab3a789caae65eec4ad6e3b46b19750b481b6bce/deploy/aws/l7/service-l7.yaml):
```yaml
controller:
service:
targetPorts:
http: http
https: http
annotations:
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:XX-XXXX-X:XXXXXXXXX:certificate/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXX
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "http"
service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https"
service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: '3600'
```
### Additional Internal Load Balancer
This setup is useful when you need both external and internal load balancers but don't want to have multiple ingress controllers and multiple ingress objects per application.
By default, the ingress object will point to the external load balancer address, but if correctly configured, you can make use of the internal one if the URL you are looking up resolves to the internal load balancer's URL.
You'll need to set both the following values:
`controller.service.internal.enabled`
`controller.service.internal.annotations`
If one of them is missing the internal load balancer will not be deployed. Example you may have `controller.service.internal.enabled=true` but no annotations set, in this case no action will be taken.
`controller.service.internal.annotations` varies with the cloud service you're using.
Example for AWS:
```yaml
controller:
service:
internal:
enabled: true
annotations:
# Create internal NLB
service.beta.kubernetes.io/aws-load-balancer-scheme: "internal"
# Create internal ELB(Deprecated)
# service.beta.kubernetes.io/aws-load-balancer-internal: "true"
# Any other annotation can be declared here.
```
Example for GCE:
```yaml
controller:
service:
internal:
enabled: true
annotations:
# Create internal LB. More information: https://cloud.google.com/kubernetes-engine/docs/how-to/internal-load-balancing
# For GKE versions 1.17 and later
networking.gke.io/load-balancer-type: "Internal"
# For earlier versions
# cloud.google.com/load-balancer-type: "Internal"
# Any other annotation can be declared here.
```
Example for Azure:
```yaml
controller:
service:
annotations:
# Create internal LB
service.beta.kubernetes.io/azure-load-balancer-internal: "true"
# Any other annotation can be declared here.
```
Example for Oracle Cloud Infrastructure:
```yaml
controller:
service:
annotations:
# Create internal LB
service.beta.kubernetes.io/oci-load-balancer-internal: "true"
# Any other annotation can be declared here.
```
The load balancer annotations of more cloud service providers can be found: [Internal load balancer](https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer).
An use case for this scenario is having a split-view DNS setup where the public zone CNAME records point to the external balancer URL while the private zone CNAME records point to the internal balancer URL. This way, you only need one ingress kubernetes object.
Optionally you can set `controller.service.loadBalancerIP` if you need a static IP for the resulting `LoadBalancer`.
### Ingress Admission Webhooks
With nginx-ingress-controller version 0.25+, the Ingress-Nginx Controller pod exposes an endpoint that will integrate with the `validatingwebhookconfiguration` Kubernetes feature to prevent bad ingress from being added to the cluster.
**This feature is enabled by default since 0.31.0.**
With nginx-ingress-controller in 0.25.* work only with kubernetes 1.14+, 0.26 fix [this issue](https://github.com/kubernetes/ingress-nginx/pull/4521)
#### How the Chart Configures the Hooks
A validating and configuration requires the endpoint to which the request is sent to use TLS. It is possible to set up custom certificates to do this, but in most cases, a self-signed certificate is enough. The setup of this component requires some more complex orchestration when using helm. The steps are created to be idempotent and to allow turning the feature on and off without running into helm quirks.
1. A pre-install hook provisions a certificate into the same namespace using a format compatible with provisioning using end user certificates. If the certificate already exists, the hook exits.
2. The Ingress-Nginx Controller pod is configured to use a TLS proxy container, which will load that certificate.
3. Validating and Mutating webhook configurations are created in the cluster.
4. A post-install hook reads the CA from the secret created by step 1 and patches the Validating and Mutating webhook configurations. This process will allow a custom CA provisioned by some other process to also be patched into the webhook configurations. The chosen failure policy is also patched into the webhook configurations
#### Alternatives
It should be possible to use [cert-manager/cert-manager](https://github.com/cert-manager/cert-manager) if a more complete solution is required.
You can enable automatic self-signed TLS certificate provisioning via cert-manager by setting the `controller.admissionWebhooks.certManager.enabled` value to true.
Please ensure that cert-manager is correctly installed and configured.
### Helm Error When Upgrading: spec.clusterIP: Invalid value: ""
If you are upgrading this chart from a version between 0.31.0 and 1.2.2 then you may get an error like this:
```console
Error: UPGRADE FAILED: Service "?????-controller" is invalid: spec.clusterIP: Invalid value: "": field is immutable
```
Detail of how and why are in [this issue](https://github.com/helm/charts/pull/13646) but to resolve this you can set `xxxx.service.omitClusterIP` to `true` where `xxxx` is the service referenced in the error.
As of version `1.26.0` of this chart, by simply not providing any clusterIP value, `invalid: spec.clusterIP: Invalid value: "": field is immutable` will no longer occur since `clusterIP: ""` will not be rendered.
### Pod Security Admission
You can use Pod Security Admission by applying labels to the `ingress-nginx` namespace as instructed by the [documentation](https://kubernetes.io/docs/tasks/configure-pod-container/enforce-standards-namespace-labels).
Example:
```yaml
apiVersion: v1
kind: Namespace
metadata:
name: ingress-nginx
labels:
kubernetes.io/metadata.name: ingress-nginx
name: ingress-nginx
pod-security.kubernetes.io/enforce: restricted
pod-security.kubernetes.io/enforce-version: v1.31
```
{{ template "chart.valuesSection" . }}

9
manifest/sonarqube/charts/ingress-nginx/changelog/helm-chart-2.10.0.md Normal file
View File

@@ -0,0 +1,9 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 2.10.0
* [#5843](https://github.com/kubernetes/ingress-nginx/pull/5843) Update jettech/kube-webhook-certgen image
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-2.9.1...ingress-nginx-2.10.0

10
manifest/sonarqube/charts/ingress-nginx/changelog/helm-chart-2.11.0.md Normal file
View File

@@ -0,0 +1,10 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 2.11.0
* [#5879](https://github.com/kubernetes/ingress-nginx/pull/5879) Update helm chart for v0.34.0
* [#5671](https://github.com/kubernetes/ingress-nginx/pull/5671) Make liveness probe more fault tolerant than readiness probe
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-2.10.0...ingress-nginx-2.11.0

9
manifest/sonarqube/charts/ingress-nginx/changelog/helm-chart-2.11.1.md Normal file
View File

@@ -0,0 +1,9 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 2.11.1
* [#5900](https://github.com/kubernetes/ingress-nginx/pull/5900) Release helm chart for v0.34.1
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-2.11.0...ingress-nginx-2.11.1

9
manifest/sonarqube/charts/ingress-nginx/changelog/helm-chart-2.11.2.md Normal file
View File

@@ -0,0 +1,9 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 2.11.2
* [#5951](https://github.com/kubernetes/ingress-nginx/pull/5951) Bump chart patch version
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-2.11.1...ingress-nginx-2.11.2

9
manifest/sonarqube/charts/ingress-nginx/changelog/helm-chart-2.11.3.md Normal file
View File

@@ -0,0 +1,9 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 2.11.3
* [#6038](https://github.com/kubernetes/ingress-nginx/pull/6038) Bump chart version PATCH
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-2.11.2...ingress-nginx-2.11.3

10
manifest/sonarqube/charts/ingress-nginx/changelog/helm-chart-2.12.0.md Normal file
View File

@@ -0,0 +1,10 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 2.12.0
* [#6039](https://github.com/kubernetes/ingress-nginx/pull/6039) Add configurable serviceMonitor metricRelabelling and targetLabels
* [#6044](https://github.com/kubernetes/ingress-nginx/pull/6044) Fix YAML linting
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-2.11.3...ingress-nginx-2.12.0

9
manifest/sonarqube/charts/ingress-nginx/changelog/helm-chart-2.12.1.md Normal file
View File

@@ -0,0 +1,9 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 2.12.1
* [#6075](https://github.com/kubernetes/ingress-nginx/pull/6075) Sync helm chart affinity examples
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-2.12.0...ingress-nginx-2.12.1

10
manifest/sonarqube/charts/ingress-nginx/changelog/helm-chart-2.13.0.md Normal file
View File

@@ -0,0 +1,10 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 2.13.0
* [#6093](https://github.com/kubernetes/ingress-nginx/pull/6093) Release v0.35.0
* [#6080](https://github.com/kubernetes/ingress-nginx/pull/6080) Switch images to k8s.gcr.io after Vanity Domain Flip
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-2.12.1...ingress-nginx-2.13.0

9
manifest/sonarqube/charts/ingress-nginx/changelog/helm-chart-2.14.0.md Normal file
View File

@@ -0,0 +1,9 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 2.14.0
* [#6104](https://github.com/kubernetes/ingress-nginx/pull/6104) Misc fixes for nginx-ingress chart for better keel and prometheus-operator integration
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-2.13.0...ingress-nginx-2.14.0

9
manifest/sonarqube/charts/ingress-nginx/changelog/helm-chart-2.15.0.md Normal file
View File

@@ -0,0 +1,9 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 2.15.0
* [#6087](https://github.com/kubernetes/ingress-nginx/pull/6087) Adding parameter for externalTrafficPolicy in internal controller service spec
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-2.14.0...ingress-nginx-2.15.0

9
manifest/sonarqube/charts/ingress-nginx/changelog/helm-chart-2.16.0.md Normal file
View File

@@ -0,0 +1,9 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 2.16.0
* [#6154](https://github.com/kubernetes/ingress-nginx/pull/6154) add `topologySpreadConstraint` to controller
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-2.15.0...ingress-nginx-2.16.0

9
manifest/sonarqube/charts/ingress-nginx/changelog/helm-chart-2.9.0.md Normal file
View File

@@ -0,0 +1,9 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 2.9.0
* [#5795](https://github.com/kubernetes/ingress-nginx/pull/5795) Use fully qualified images to avoid cri-o issues
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-TODO...ingress-nginx-2.9.0

9
manifest/sonarqube/charts/ingress-nginx/changelog/helm-chart-2.9.1.md Normal file
View File

@@ -0,0 +1,9 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 2.9.1
* [#5823](https://github.com/kubernetes/ingress-nginx/pull/5823) Add quoting to sysctls because numeric values need to be presented as strings (#5823)
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-2.9.0...ingress-nginx-2.9.1

9
manifest/sonarqube/charts/ingress-nginx/changelog/helm-chart-3.0.0.md Normal file
View File

@@ -0,0 +1,9 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 3.0.0
* [#6167](https://github.com/kubernetes/ingress-nginx/pull/6167) Update chart requirements
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-2.16.0...ingress-nginx-3.0.0

9
manifest/sonarqube/charts/ingress-nginx/changelog/helm-chart-3.10.0.md Normal file
View File

@@ -0,0 +1,9 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 3.10.0
* Fix routing regression introduced in 0.41.0 with PathType Exact
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-3.9.0...ingress-nginx-3.10.0

9
manifest/sonarqube/charts/ingress-nginx/changelog/helm-chart-3.10.1.md Normal file
View File

@@ -0,0 +1,9 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 3.10.1
* Fix regression introduced in 0.41.0 with external authentication
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-3.10.0...ingress-nginx-3.10.1

9
manifest/sonarqube/charts/ingress-nginx/changelog/helm-chart-3.11.0.md Normal file
View File

@@ -0,0 +1,9 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 3.11.0
* Support Keda Autoscaling
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-3.10.1...ingress-nginx-3.11.0

9
manifest/sonarqube/charts/ingress-nginx/changelog/helm-chart-3.11.1.md Normal file
View File

@@ -0,0 +1,9 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 3.11.1
* [#6505](https://github.com/kubernetes/ingress-nginx/pull/6505) Reorder HPA resource list to work with GitOps tooling
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-3.11.0...ingress-nginx-3.11.1

9
manifest/sonarqube/charts/ingress-nginx/changelog/helm-chart-3.12.0.md Normal file
View File

@@ -0,0 +1,9 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 3.12.0
* [#6514](https://github.com/kubernetes/ingress-nginx/pull/6514) Remove helm2 support and update docs
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-3.11.1...ingress-nginx-3.12.0

9
manifest/sonarqube/charts/ingress-nginx/changelog/helm-chart-3.13.0.md Normal file
View File

@@ -0,0 +1,9 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 3.13.0
* [#6544](https://github.com/kubernetes/ingress-nginx/pull/6544) Fix default backend HPA name variable
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-3.12.0...ingress-nginx-3.13.0

9
manifest/sonarqube/charts/ingress-nginx/changelog/helm-chart-3.14.0.md Normal file
View File

@@ -0,0 +1,9 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 3.14.0
* [#6469](https://github.com/kubernetes/ingress-nginx/pull/6469) Allow custom service names for controller and backend
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-3.13.0...ingress-nginx-3.14.0

9
manifest/sonarqube/charts/ingress-nginx/changelog/helm-chart-3.15.0.md Normal file
View File

@@ -0,0 +1,9 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 3.15.0
* [#6586](https://github.com/kubernetes/ingress-nginx/pull/6586) Fix 'maxmindLicenseKey' location in values.yaml
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-3.14.0...ingress-nginx-3.15.0

9
manifest/sonarqube/charts/ingress-nginx/changelog/helm-chart-3.15.1.md Normal file
View File

@@ -0,0 +1,9 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 3.15.1
* Fix chart-releaser action
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-3.15.0...ingress-nginx-3.15.1

9
manifest/sonarqube/charts/ingress-nginx/changelog/helm-chart-3.16.0.md Normal file
View File

@@ -0,0 +1,9 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 3.16.0
* [#6646](https://github.com/kubernetes/ingress-nginx/pull/6646) Added LoadBalancerIP value for internal service
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-3.15.1...helm-chart-3.16.0

9
manifest/sonarqube/charts/ingress-nginx/changelog/helm-chart-3.16.1.md Normal file
View File

@@ -0,0 +1,9 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 3.16.1
* Fix chart-releaser action
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-3.16.0...helm-chart-3.16.1

9
manifest/sonarqube/charts/ingress-nginx/changelog/helm-chart-3.17.0.md Normal file
View File

@@ -0,0 +1,9 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 3.17.0
* Update ingress-nginx v0.42.0
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-3.16.1...helm-chart-3.17.0

10
manifest/sonarqube/charts/ingress-nginx/changelog/helm-chart-3.18.0.md Normal file
View File

@@ -0,0 +1,10 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 3.18.0
* [#6688](https://github.com/kubernetes/ingress-nginx/pull/6688) Allow volume-type emptyDir in controller podsecuritypolicy
* [#6691](https://github.com/kubernetes/ingress-nginx/pull/6691) Improve parsing of helm parameters
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-3.17.0...helm-chart-3.18.0

9
manifest/sonarqube/charts/ingress-nginx/changelog/helm-chart-3.19.0.md Normal file
View File

@@ -0,0 +1,9 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 3.19.0
* Update ingress-nginx v0.43.0
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-3.18.0...helm-chart-3.19.0

9
manifest/sonarqube/charts/ingress-nginx/changelog/helm-chart-3.20.0.md Normal file
View File

@@ -0,0 +1,9 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 3.20.0
* [#6730](https://github.com/kubernetes/ingress-nginx/pull/6730) Do not create HPA for defaultBackend if not enabled.
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-3.19.0...helm-chart-3.20.0

10
manifest/sonarqube/charts/ingress-nginx/changelog/helm-chart-3.20.1.md Normal file
View File

@@ -0,0 +1,10 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 3.20.1
* Do not create KEDA in case of DaemonSets.
* Fix KEDA v2 definition
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-3.20.0...helm-chart-3.20.1

12
manifest/sonarqube/charts/ingress-nginx/changelog/helm-chart-3.21.0.md Normal file
View File

@@ -0,0 +1,12 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 3.21.0
* [#6783](https://github.com/kubernetes/ingress-nginx/pull/6783) Add custom annotations to ScaledObject
* [#6761](https://github.com/kubernetes/ingress-nginx/pull/6761) Adding quotes in the serviceAccount name in Helm values
* [#6767](https://github.com/kubernetes/ingress-nginx/pull/6767) Remove ClusterRole when scope option is enabled
* [#6785](https://github.com/kubernetes/ingress-nginx/pull/6785) Update kube-webhook-certgen image to v1.5.1
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-3.20.1...helm-chart-3.21.0

10
manifest/sonarqube/charts/ingress-nginx/changelog/helm-chart-3.22.0.md Normal file
View File

@@ -0,0 +1,10 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 3.22.0
* [#6802](https://github.com/kubernetes/ingress-nginx/pull/6802) Add value for configuring a custom Diffie-Hellman parameters file
* [#6815](https://github.com/kubernetes/ingress-nginx/pull/6815) Allow use of numeric namespaces in helm chart
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-3.21.0...helm-chart-3.22.0

9
manifest/sonarqube/charts/ingress-nginx/changelog/helm-chart-3.23.0.md Normal file
View File

@@ -0,0 +1,9 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 3.23.0
* Update ingress-nginx v0.44.0
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-3.22.0...helm-chart-3.23.0

9
manifest/sonarqube/charts/ingress-nginx/changelog/helm-chart-3.24.0.md Normal file
View File

@@ -0,0 +1,9 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 3.24.0
* [#6908](https://github.com/kubernetes/ingress-nginx/pull/6908) Add volumes to default-backend deployment
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-3.23.0...helm-chart-3.24.0

9
manifest/sonarqube/charts/ingress-nginx/changelog/helm-chart-3.25.0.md Normal file
View File

@@ -0,0 +1,9 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 3.25.0
* [#6957](https://github.com/kubernetes/ingress-nginx/pull/6957) Add ability to specify automountServiceAccountToken
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-3.24.0...helm-chart-3.25.0

9
manifest/sonarqube/charts/ingress-nginx/changelog/helm-chart-3.26.0.md Normal file
View File

@@ -0,0 +1,9 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 3.26.0
* [#6979](https://github.com/kubernetes/ingress-nginx/pull/6979) Changed servicePort value for metrics
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-3.25.0...helm-chart-3.26.0

9
manifest/sonarqube/charts/ingress-nginx/changelog/helm-chart-3.27.0.md Normal file
View File

@@ -0,0 +1,9 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 3.27.0
* Update ingress-nginx v0.45.0
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-3.26.0...helm-chart-3.27.0

9
manifest/sonarqube/charts/ingress-nginx/changelog/helm-chart-3.28.0.md Normal file
View File

@@ -0,0 +1,9 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 3.28.0
* [#6900](https://github.com/kubernetes/ingress-nginx/pull/6900) Support existing PSPs
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-3.27.0...helm-chart-3.28.0

9
manifest/sonarqube/charts/ingress-nginx/changelog/helm-chart-3.29.0.md Normal file
View File

@@ -0,0 +1,9 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 3.29.0
* [#6945](https://github.com/kubernetes/ingress-nginx/pull/7020) Add option to specify job label for ServiceMonitor
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-3.28.0...helm-chart-3.29.0

12
manifest/sonarqube/charts/ingress-nginx/changelog/helm-chart-3.3.0.md Normal file
View File

@@ -0,0 +1,12 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 3.3.0
* [#6203](https://github.com/kubernetes/ingress-nginx/pull/6203) Refactor parsing of key values
* [#6162](https://github.com/kubernetes/ingress-nginx/pull/6162) Add helm chart options to expose metrics service as NodePort
* [#6180](https://github.com/kubernetes/ingress-nginx/pull/6180) Fix helm chart admissionReviewVersions regression
* [#6169](https://github.com/kubernetes/ingress-nginx/pull/6169) Fix Typo in example prometheus rules
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-3.0.0...ingress-nginx-3.3.0

12
manifest/sonarqube/charts/ingress-nginx/changelog/helm-chart-3.3.1.md Normal file
View File

@@ -0,0 +1,12 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 3.3.1
* [#6259](https://github.com/kubernetes/ingress-nginx/pull/6259) Release helm chart
* [#6258](https://github.com/kubernetes/ingress-nginx/pull/6258) Fix chart markdown link
* [#6253](https://github.com/kubernetes/ingress-nginx/pull/6253) Release v0.40.0
* [#6233](https://github.com/kubernetes/ingress-nginx/pull/6233) Add admission controller e2e test
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-3.3.0...ingress-nginx-3.3.1

9
manifest/sonarqube/charts/ingress-nginx/changelog/helm-chart-3.30.0.md Normal file
View File

@@ -0,0 +1,9 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 3.30.0
* [#7092](https://github.com/kubernetes/ingress-nginx/pull/7092) Removes the possibility of using localhost in ExternalNames as endpoints
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-3.29.0...helm-chart-3.30.0

9
manifest/sonarqube/charts/ingress-nginx/changelog/helm-chart-3.31.0.md Normal file
View File

@@ -0,0 +1,9 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 3.31.0
* [7137] https://github.com/kubernetes/ingress-nginx/pull/7137 Add support for custom probes
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-3.30.0...helm-chart-3.31.0

9
manifest/sonarqube/charts/ingress-nginx/changelog/helm-chart-3.32.0.md Normal file
View File

@@ -0,0 +1,9 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 3.32.0
* [7117] https://github.com/kubernetes/ingress-nginx/pull/7117 Add annotations for HPA
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-3.31.0...helm-chart-3.32.0

9
manifest/sonarqube/charts/ingress-nginx/changelog/helm-chart-3.33.0.md Normal file
View File

@@ -0,0 +1,9 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 3.33.0
* [7164] https://github.com/kubernetes/ingress-nginx/pull/7164 Update nginx to v1.20.1
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-3.32.0...helm-chart-3.33.0

9
manifest/sonarqube/charts/ingress-nginx/changelog/helm-chart-3.34.0.md Normal file
View File

@@ -0,0 +1,9 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 3.34.0
* [7256] https://github.com/kubernetes/ingress-nginx/pull/7256 Add namespace field in the namespace scoped resource templates
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-3.33.0...helm-chart-3.34.0

9
manifest/sonarqube/charts/ingress-nginx/changelog/helm-chart-3.4.0.md Normal file
View File

@@ -0,0 +1,9 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 3.4.0
* [#6268](https://github.com/kubernetes/ingress-nginx/pull/6268) Update to 0.40.2 in helm chart #6288
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-3.3.1...ingress-nginx-3.4.0

9
manifest/sonarqube/charts/ingress-nginx/changelog/helm-chart-3.5.0.md Normal file
View File

@@ -0,0 +1,9 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 3.5.0
* [#6260](https://github.com/kubernetes/ingress-nginx/pull/6260) Allow Helm Chart to customize admission webhook's annotations, timeoutSeconds, namespaceSelector, objectSelector and cert files locations
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-3.4.0...ingress-nginx-3.5.0

9
manifest/sonarqube/charts/ingress-nginx/changelog/helm-chart-3.5.1.md Normal file
View File

@@ -0,0 +1,9 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 3.5.1
* [#6299](https://github.com/kubernetes/ingress-nginx/pull/6299) Fix helm chart release
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-3.5.0...ingress-nginx-3.5.1

9
manifest/sonarqube/charts/ingress-nginx/changelog/helm-chart-3.6.0.md Normal file
View File

@@ -0,0 +1,9 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 3.6.0
* [#6305](https://github.com/kubernetes/ingress-nginx/pull/6305) Add default linux nodeSelector
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-3.5.1...ingress-nginx-3.6.0

9
manifest/sonarqube/charts/ingress-nginx/changelog/helm-chart-3.7.0.md Normal file
View File

@@ -0,0 +1,9 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 3.7.0
* [#6316](https://github.com/kubernetes/ingress-nginx/pull/6316) Numerals in podAnnotations in quotes [#6315](https://github.com/kubernetes/ingress-nginx/issues/6315)
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-3.6.0...ingress-nginx-3.7.0

9
manifest/sonarqube/charts/ingress-nginx/changelog/helm-chart-3.7.1.md Normal file
View File

@@ -0,0 +1,9 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 3.7.1
* [#6326](https://github.com/kubernetes/ingress-nginx/pull/6326) Fix liveness and readiness probe path in daemonset chart
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-3.7.0...ingress-nginx-3.7.1

13
manifest/sonarqube/charts/ingress-nginx/changelog/helm-chart-3.8.0.md Normal file
View File

@@ -0,0 +1,13 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 3.8.0
* [#6395](https://github.com/kubernetes/ingress-nginx/pull/6395) Update jettech/kube-webhook-certgen image
* [#6377](https://github.com/kubernetes/ingress-nginx/pull/6377) Added loadBalancerSourceRanges for internal lbs
* [#6356](https://github.com/kubernetes/ingress-nginx/pull/6356) Add securitycontext settings on defaultbackend
* [#6401](https://github.com/kubernetes/ingress-nginx/pull/6401) Fix controller service annotations
* [#6403](https://github.com/kubernetes/ingress-nginx/pull/6403) Initial helm chart changelog
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-3.7.1...ingress-nginx-3.8.0

9
manifest/sonarqube/charts/ingress-nginx/changelog/helm-chart-3.9.0.md Normal file
View File

@@ -0,0 +1,9 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 3.9.0
* [#6423](https://github.com/kubernetes/ingress-nginx/pull/6423) Add Default backend HPA autoscaling
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-3.8.0...ingress-nginx-3.9.0

9
manifest/sonarqube/charts/ingress-nginx/changelog/helm-chart-4.0.1.md Normal file
View File

@@ -0,0 +1,9 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 4.0.1
* [7535] https://github.com/kubernetes/ingress-nginx/pull/7535 Release v1.0.0 ingress-nginx
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-3.34.0...helm-chart-4.0.1

9
manifest/sonarqube/charts/ingress-nginx/changelog/helm-chart-4.0.10.md Normal file
View File

@@ -0,0 +1,9 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 4.0.10
* [7964] https://github.com/kubernetes/ingress-nginx/pull/7964 Update controller version to v1.1.0
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.0.9...helm-chart-4.0.10

9
manifest/sonarqube/charts/ingress-nginx/changelog/helm-chart-4.0.11.md Normal file
View File

@@ -0,0 +1,9 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 4.0.11
* [7873] https://github.com/kubernetes/ingress-nginx/pull/7873 Makes the [appProtocol](https://kubernetes.io/docs/concepts/services-networking/_print/#application-protocol) field optional.
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.0.10...helm-chart-4.0.11

9
manifest/sonarqube/charts/ingress-nginx/changelog/helm-chart-4.0.12.md Normal file
View File

@@ -0,0 +1,9 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 4.0.12
* [7978] https://github.com/kubernetes/ingress-nginx/pull/7979 Support custom annotations in admissions Jobs
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.0.11...helm-chart-4.0.12

9
manifest/sonarqube/charts/ingress-nginx/changelog/helm-chart-4.0.13.md Normal file
View File

@@ -0,0 +1,9 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 4.0.13
* [8008] https://github.com/kubernetes/ingress-nginx/pull/8008 Add relabelings in controller-servicemonitor.yaml
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.0.12...helm-chart-4.0.13

9
manifest/sonarqube/charts/ingress-nginx/changelog/helm-chart-4.0.14.md Normal file
View File

@@ -0,0 +1,9 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 4.0.14
* [8061] https://github.com/kubernetes/ingress-nginx/pull/8061 Using helm-docs to populate values table in README.md
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.0.13...helm-chart-4.0.14

43
manifest/sonarqube/charts/ingress-nginx/changelog/helm-chart-4.0.15.md Normal file
View File

@@ -0,0 +1,43 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 4.0.15
* [8120] https://github.com/kubernetes/ingress-nginx/pull/8120 Update go in runner and release v1.1.1
* [8119] https://github.com/kubernetes/ingress-nginx/pull/8119 Update to go v1.17.6
* [8118] https://github.com/kubernetes/ingress-nginx/pull/8118 Remove deprecated libraries, update other libs
* [8117] https://github.com/kubernetes/ingress-nginx/pull/8117 Fix codegen errors
* [8115] https://github.com/kubernetes/ingress-nginx/pull/8115 chart/ghaction: set the correct permission to have access to push a release
* [8098] https://github.com/kubernetes/ingress-nginx/pull/8098 generating SHA for CA only certs in backend_ssl.go + comparison of P…
* [8088] https://github.com/kubernetes/ingress-nginx/pull/8088 Fix Edit this page link to use main branch
* [8072] https://github.com/kubernetes/ingress-nginx/pull/8072 Expose GeoIP2 Continent code as variable
* [8061] https://github.com/kubernetes/ingress-nginx/pull/8061 docs(charts): using helm-docs for chart
* [8058] https://github.com/kubernetes/ingress-nginx/pull/8058 Bump github.com/spf13/cobra from 1.2.1 to 1.3.0
* [8054] https://github.com/kubernetes/ingress-nginx/pull/8054 Bump google.golang.org/grpc from 1.41.0 to 1.43.0
* [8051] https://github.com/kubernetes/ingress-nginx/pull/8051 align bug report with feature request regarding kind documentation
* [8046] https://github.com/kubernetes/ingress-nginx/pull/8046 Report expired certificates (#8045)
* [8044] https://github.com/kubernetes/ingress-nginx/pull/8044 remove G109 check till gosec resolves issues
* [8042] https://github.com/kubernetes/ingress-nginx/pull/8042 docs_multiple_instances_one_cluster_ticket_7543
* [8041] https://github.com/kubernetes/ingress-nginx/pull/8041 docs: fix typo'd executable name
* [8035] https://github.com/kubernetes/ingress-nginx/pull/8035 Comment busy owners
* [8029] https://github.com/kubernetes/ingress-nginx/pull/8029 Add stream-snippet as a ConfigMap and Annotation option
* [8023] https://github.com/kubernetes/ingress-nginx/pull/8023 fix nginx compilation flags
* [8021] https://github.com/kubernetes/ingress-nginx/pull/8021 Disable default modsecurity_rules_file if modsecurity-snippet is specified
* [8019] https://github.com/kubernetes/ingress-nginx/pull/8019 Revise main documentation page
* [8018] https://github.com/kubernetes/ingress-nginx/pull/8018 Preserve order of plugin invocation
* [8015] https://github.com/kubernetes/ingress-nginx/pull/8015 Add newline indenting to admission webhook annotations
* [8014] https://github.com/kubernetes/ingress-nginx/pull/8014 Add link to example error page manifest in docs
* [8009] https://github.com/kubernetes/ingress-nginx/pull/8009 Fix spelling in documentation and top-level files
* [8008] https://github.com/kubernetes/ingress-nginx/pull/8008 Add relabelings in controller-servicemonitor.yaml
* [8003] https://github.com/kubernetes/ingress-nginx/pull/8003 Minor improvements (formatting, consistency) in install guide
* [8001] https://github.com/kubernetes/ingress-nginx/pull/8001 fix: go-grpc Dockerfile
* [7999] https://github.com/kubernetes/ingress-nginx/pull/7999 images: use k8s-staging-test-infra/gcb-docker-gcloud
* [7996] https://github.com/kubernetes/ingress-nginx/pull/7996 doc: improvement
* [7983] https://github.com/kubernetes/ingress-nginx/pull/7983 Fix a couple of misspellings in the annotations documentation.
* [7979] https://github.com/kubernetes/ingress-nginx/pull/7979 allow set annotations for admission Jobs
* [7977] https://github.com/kubernetes/ingress-nginx/pull/7977 Add ssl_reject_handshake to default server
* [7975] https://github.com/kubernetes/ingress-nginx/pull/7975 add legacy version update v0.50.0 to main changelog
* [7972] https://github.com/kubernetes/ingress-nginx/pull/7972 updated service upstream definition
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.0.14...helm-chart-4.0.15

40
manifest/sonarqube/charts/ingress-nginx/changelog/helm-chart-4.0.18.md Normal file
View File

@@ -0,0 +1,40 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 4.0.18
* [8291](https://github.com/kubernetes/ingress-nginx/pull/8291) remove git tag env from cloud build
* [8286](https://github.com/kubernetes/ingress-nginx/pull/8286) Fix OpenTelemetry sidecar image build
* [8277](https://github.com/kubernetes/ingress-nginx/pull/8277) Add OpenSSF Best practices badge
* [8273](https://github.com/kubernetes/ingress-nginx/pull/8273) Issue#8241
* [8267](https://github.com/kubernetes/ingress-nginx/pull/8267) Add fsGroup value to admission-webhooks/job-patch charts
* [8262](https://github.com/kubernetes/ingress-nginx/pull/8262) Updated confusing error
* [8256](https://github.com/kubernetes/ingress-nginx/pull/8256) fix: deny locations with invalid auth-url annotation
* [8253](https://github.com/kubernetes/ingress-nginx/pull/8253) Add a certificate info metric
* [8236](https://github.com/kubernetes/ingress-nginx/pull/8236) webhook: remove useless code.
* [8227](https://github.com/kubernetes/ingress-nginx/pull/8227) Update libraries in webhook image
* [8225](https://github.com/kubernetes/ingress-nginx/pull/8225) fix inconsistent-label-cardinality for prometheus metrics: nginx_ingress_controller_requests
* [8221](https://github.com/kubernetes/ingress-nginx/pull/8221) Do not validate ingresses with unknown ingress class in admission webhook endpoint
* [8210](https://github.com/kubernetes/ingress-nginx/pull/8210) Bump github.com/prometheus/client_golang from 1.11.0 to 1.12.1
* [8209](https://github.com/kubernetes/ingress-nginx/pull/8209) Bump google.golang.org/grpc from 1.43.0 to 1.44.0
* [8204](https://github.com/kubernetes/ingress-nginx/pull/8204) Add Artifact Hub lint
* [8203](https://github.com/kubernetes/ingress-nginx/pull/8203) Fix Indentation of example and link to cert-manager tutorial
* [8201](https://github.com/kubernetes/ingress-nginx/pull/8201) feat(metrics): add path and method labels to requests countera
* [8199](https://github.com/kubernetes/ingress-nginx/pull/8199) use functional options to reduce number of methods creating an EchoDeployment
* [8196](https://github.com/kubernetes/ingress-nginx/pull/8196) docs: fix inconsistent controller annotation
* [8191](https://github.com/kubernetes/ingress-nginx/pull/8191) Using Go install for misspell
* [8186](https://github.com/kubernetes/ingress-nginx/pull/8186) prometheus+grafana using servicemonitor
* [8185](https://github.com/kubernetes/ingress-nginx/pull/8185) Append elements on match, instead of removing for cors-annotations
* [8179](https://github.com/kubernetes/ingress-nginx/pull/8179) Bump github.com/opencontainers/runc from 1.0.3 to 1.1.0
* [8173](https://github.com/kubernetes/ingress-nginx/pull/8173) Adding annotations to the controller service account
* [8163](https://github.com/kubernetes/ingress-nginx/pull/8163) Update the $req_id placeholder description
* [8162](https://github.com/kubernetes/ingress-nginx/pull/8162) Versioned static manifests
* [8159](https://github.com/kubernetes/ingress-nginx/pull/8159) Adding some geoip variables and default values
* [8155](https://github.com/kubernetes/ingress-nginx/pull/8155) #7271 feat: avoid-pdb-creation-when-default-backend-disabled-and-replicas-gt-1
* [8151](https://github.com/kubernetes/ingress-nginx/pull/8151) Automatically generate helm docs
* [8143](https://github.com/kubernetes/ingress-nginx/pull/8143) Allow to configure delay before controller exits
* [8136](https://github.com/kubernetes/ingress-nginx/pull/8136) add ingressClass option to helm chart - back compatibility with ingress.class annotations
* [8126](https://github.com/kubernetes/ingress-nginx/pull/8126) Example for JWT
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.0.15...helm-chart-4.0.18

9
manifest/sonarqube/charts/ingress-nginx/changelog/helm-chart-4.0.2.md Normal file
View File

@@ -0,0 +1,9 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 4.0.2
* [7681] https://github.com/kubernetes/ingress-nginx/pull/7681 Release v1.0.1 of ingress-nginx
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.0.1...helm-chart-4.0.2

9
manifest/sonarqube/charts/ingress-nginx/changelog/helm-chart-4.0.3.md Normal file
View File

@@ -0,0 +1,9 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 4.0.3
* [7707] https://github.com/kubernetes/ingress-nginx/pull/7707 Release v1.0.2 of ingress-nginx
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.0.2...helm-chart-4.0.3

9
manifest/sonarqube/charts/ingress-nginx/changelog/helm-chart-4.0.5.md Normal file
View File

@@ -0,0 +1,9 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 4.0.5
* [7740] https://github.com/kubernetes/ingress-nginx/pull/7740 Release v1.0.3 of ingress-nginx
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.0.3...helm-chart-4.0.5

12
manifest/sonarqube/charts/ingress-nginx/changelog/helm-chart-4.0.6.md Normal file
View File

@@ -0,0 +1,12 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 4.0.6
* [7804] https://github.com/kubernetes/ingress-nginx/pull/7804 Release v1.0.4 of ingress-nginx
* [7651] https://github.com/kubernetes/ingress-nginx/pull/7651 Support ipFamilyPolicy and ipFamilies fields in Helm Chart
* [7798] https://github.com/kubernetes/ingress-nginx/pull/7798 Exoscale: use HTTP Healthcheck mode
* [7793] https://github.com/kubernetes/ingress-nginx/pull/7793 Update kube-webhook-certgen to v1.1.1
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.0.5...helm-chart-4.0.6

10
manifest/sonarqube/charts/ingress-nginx/changelog/helm-chart-4.0.7.md Normal file
View File

@@ -0,0 +1,10 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 4.0.7
* [7923] https://github.com/kubernetes/ingress-nginx/pull/7923 Release v1.0.5 of ingress-nginx
* [7806] https://github.com/kubernetes/ingress-nginx/pull/7806 Choice option for internal/external loadbalancer type service
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.0.6...helm-chart-4.0.7

9
manifest/sonarqube/charts/ingress-nginx/changelog/helm-chart-4.0.9.md Normal file
View File

@@ -0,0 +1,9 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 4.0.9
* [6992] https://github.com/kubernetes/ingress-nginx/pull/6992 Add ability to specify labels for all resources
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.0.7...helm-chart-4.0.9

21
manifest/sonarqube/charts/ingress-nginx/changelog/helm-chart-4.1.0.md Normal file
View File

@@ -0,0 +1,21 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 4.1.0
* [8481](https://github.com/kubernetes/ingress-nginx/pull/8481) Fix log creation in chroot script
* [8479](https://github.com/kubernetes/ingress-nginx/pull/8479) changed nginx base img tag to img built with alpine3.14.6
* [8478](https://github.com/kubernetes/ingress-nginx/pull/8478) update base images and protobuf gomod
* [8468](https://github.com/kubernetes/ingress-nginx/pull/8468) Fallback to ngx.var.scheme for redirectScheme with use-forward-headers when X-Forwarded-Proto is empty
* [8456](https://github.com/kubernetes/ingress-nginx/pull/8456) Implement object deep inspector
* [8455](https://github.com/kubernetes/ingress-nginx/pull/8455) Update dependencies
* [8454](https://github.com/kubernetes/ingress-nginx/pull/8454) Update index.md
* [8447](https://github.com/kubernetes/ingress-nginx/pull/8447) typo fixing
* [8446](https://github.com/kubernetes/ingress-nginx/pull/8446) Fix suggested annotation-value-word-blocklist
* [8444](https://github.com/kubernetes/ingress-nginx/pull/8444) replace deprecated topology key in example with current one
* [8443](https://github.com/kubernetes/ingress-nginx/pull/8443) Add dependency review enforcement
* [8434](https://github.com/kubernetes/ingress-nginx/pull/8434) added new auth-tls-match-cn annotation
* [8426](https://github.com/kubernetes/ingress-nginx/pull/8426) Bump github.com/prometheus/common from 0.32.1 to 0.33.0
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.0.18...helm-chart-4.1.0

11
manifest/sonarqube/charts/ingress-nginx/changelog/helm-chart-4.1.2.md Normal file
View File

@@ -0,0 +1,11 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 4.1.2
* [8587](https://github.com/kubernetes/ingress-nginx/pull/8587) Add CAP_SYS_CHROOT to DS/PSP when needed
* [8458](https://github.com/kubernetes/ingress-nginx/pull/8458) Add portNamePrefix Helm chart parameter
* [8522](https://github.com/kubernetes/ingress-nginx/pull/8522) Add documentation for controller.service.loadBalancerIP in Helm chart
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.1.0...helm-chart-4.1.2

9
manifest/sonarqube/charts/ingress-nginx/changelog/helm-chart-4.10.0.md Normal file
View File

@@ -0,0 +1,9 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 4.10.0
* - "Update Ingress-Nginx version controller-v1.10.0"
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.9.1...helm-chart-4.10.0

11
manifest/sonarqube/charts/ingress-nginx/changelog/helm-chart-4.10.1.md Normal file
View File

@@ -0,0 +1,11 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 4.10.1
* - "update post submit helm ci and clean up (#11221)"
* - "refactor helm ci tests part I (#11188)"
* - "Update Ingress-Nginx version controller-v1.10.1"
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.10.0...helm-chart-4.10.1

18
manifest/sonarqube/charts/ingress-nginx/changelog/helm-chart-4.10.2.md Normal file
View File

@@ -0,0 +1,18 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 4.10.2
* Chores: Align security contacts & chart maintainers to actual owners. (#11480)
* Fix helm install on cloud provider admonition block (#11412)
* edited helm-install tips (#11411)
* added info for aws helm install (#11410)
* add workflow to helm release and update ct for branch (#11317)
* Merge pull request #11277 from strongjz/chart-1.10.1 (#11314)
* release helm chart from release branch (#11278)
* update post submit helm ci and clean up (#11221)
* refactor helm ci tests part I (#11188)
* Update Ingress-Nginx version controller-v1.10.2
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.10.1...helm-chart-4.10.2

9
manifest/sonarqube/charts/ingress-nginx/changelog/helm-chart-4.10.3.md Normal file
View File

@@ -0,0 +1,9 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 4.10.3
* Update Ingress-Nginx version controller-v1.10.3
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.10.2...helm-chart-4.10.3

9
manifest/sonarqube/charts/ingress-nginx/changelog/helm-chart-4.10.4.md Normal file
View File

@@ -0,0 +1,9 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 4.10.4
* Update Ingress-Nginx version controller-v1.10.4
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.10.3...helm-chart-4.10.4

9
manifest/sonarqube/charts/ingress-nginx/changelog/helm-chart-4.10.5.md Normal file
View File

@@ -0,0 +1,9 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 4.10.5
* Update Ingress-Nginx version controller-v1.10.5
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.10.4...helm-chart-4.10.5

10
manifest/sonarqube/charts/ingress-nginx/changelog/helm-chart-4.10.6.md Normal file
View File

@@ -0,0 +1,10 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 4.10.6
* CI: Fix chart testing. (#12260)
* Update Ingress-Nginx version controller-v1.10.6
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.10.5...helm-chart-4.10.6

18
manifest/sonarqube/charts/ingress-nginx/changelog/helm-chart-4.11.0.md Normal file
View File

@@ -0,0 +1,18 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 4.11.0
* Chores: Align security contacts & chart maintainers to actual owners. (#11465)
* Merge pull request #11277 from strongjz/chart-1.10.1 (#11415)
* Fix helm install on cloud provider admonition block (#11394)
* edited helm-install tips (#11393)
* added info for aws helm install (#11390)
* add workflow to helm release and update ct for branch (#11378)
* release helm chart from release branch (#11276)
* update post submit helm ci and clean up (#11220)
* refactor helm ci tests part I (#11178)
* Update Ingress-Nginx version controller-v1.11.0
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.10.2...helm-chart-4.11.0

9
manifest/sonarqube/charts/ingress-nginx/changelog/helm-chart-4.11.1.md Normal file
View File

@@ -0,0 +1,9 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 4.11.1
* Update Ingress-Nginx version controller-v1.11.1
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.11.0...helm-chart-4.11.1

9
manifest/sonarqube/charts/ingress-nginx/changelog/helm-chart-4.11.2.md Normal file
View File

@@ -0,0 +1,9 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 4.11.2
* Update Ingress-Nginx version controller-v1.11.2
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.11.1...helm-chart-4.11.2

9
manifest/sonarqube/charts/ingress-nginx/changelog/helm-chart-4.11.3.md Normal file
View File

@@ -0,0 +1,9 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 4.11.3
* Update Ingress-Nginx version controller-v1.11.3
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.11.2...helm-chart-4.11.3

10
manifest/sonarqube/charts/ingress-nginx/changelog/helm-chart-4.11.4.md Normal file
View File

@@ -0,0 +1,10 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 4.11.4
* CI: Fix chart testing. (#12259)
* Update Ingress-Nginx version controller-v1.11.4
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.11.3...helm-chart-4.11.4

9
manifest/sonarqube/charts/ingress-nginx/changelog/helm-chart-4.11.5.md Normal file
View File

@@ -0,0 +1,9 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 4.11.5
* Update Ingress-Nginx version controller-v1.11.5
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.11.4...helm-chart-4.11.5

9
manifest/sonarqube/charts/ingress-nginx/changelog/helm-chart-4.11.6.md Normal file
View File

@@ -0,0 +1,9 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 4.11.6
* Update Ingress-Nginx version controller-v1.11.6
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.11.5...helm-chart-4.11.6

9
manifest/sonarqube/charts/ingress-nginx/changelog/helm-chart-4.11.7.md Normal file
View File

@@ -0,0 +1,9 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 4.11.7
* Update Ingress-Nginx version controller-v1.11.7
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.11.6...helm-chart-4.11.7

9
manifest/sonarqube/charts/ingress-nginx/changelog/helm-chart-4.11.8.md Normal file
View File

@@ -0,0 +1,9 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 4.11.8
* Update Ingress-Nginx version controller-v1.11.8
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.11.7...helm-chart-4.11.8

9
manifest/sonarqube/charts/ingress-nginx/changelog/helm-chart-4.12.0-beta.0.md Normal file
View File

@@ -0,0 +1,9 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 4.12.0-beta.0
* Update Ingress-Nginx version controller-v1.12.0-beta.0
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.11.0...helm-chart-4.12.0-beta.0

10
manifest/sonarqube/charts/ingress-nginx/changelog/helm-chart-4.12.0.md Normal file
View File

@@ -0,0 +1,10 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 4.12.0
* CI: Fix chart testing. (#12258)
* Update Ingress-Nginx version controller-v1.12.0
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.11.0...helm-chart-4.12.0

Some files were not shown because too many files have changed in this diff Show More