Fix-semver-and-gcp-appProtocol

karolkieglerski · karolkieglerski · commit 43613935d790 · 2024-04-03T09:57:10.000+02:00
diff --git a/charts/ingress-nginx/README.md b/charts/ingress-nginx/README.md
@@ -536,6 +536,7 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu
 | defaultBackend.tolerations | list | `[]` | Node tolerations for server scheduling to nodes with taints # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ # |
 | defaultBackend.updateStrategy | object | `{}` | The update strategy to apply to the Deployment or DaemonSet # |
 | dhParam | string | `""` | A base64-encoded Diffie-Hellman parameter. This can be generated with: `openssl dhparam 4096 2> /dev/null | base64` # Ref: https://github.com/kubernetes/ingress-nginx/tree/main/docs/examples/customization/ssl-dh-param |
+| cloudProvider | string | `""` | Specify cloud provider which will be used to install chart, eg GCP, AWS, Azure ... # Ref: https://cloud.google.com/kubernetes-engine/docs/how-to/secure-gateway |
 | imagePullSecrets | list | `[]` | Optional array of imagePullSecrets containing private registry credentials # Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ |
 | namespaceOverride | string | `""` | Override the deployment namespace; defaults to .Release.Namespace |
 | podSecurityPolicy.enabled | bool | `false` |  |
diff --git a/charts/ingress-nginx/templates/controller-service-internal.yaml b/charts/ingress-nginx/templates/controller-service-internal.yaml
@@ -58,8 +58,12 @@ spec:
       port: {{ .Values.controller.service.internal.ports.http | default .Values.controller.service.ports.http }}
       protocol: TCP
       targetPort: {{ .Values.controller.service.internal.targetPorts.http | default .Values.controller.service.targetPorts.http }}
-    {{- if and (semverCompare ">=1.20" .Capabilities.KubeVersion.Version) (.Values.controller.service.internal.appProtocol) }}
+    {{- if and (semverCompare ">=1.20.0-0" .Capabilities.KubeVersion.Version) (.Values.controller.service.internal.appProtocol) }}
+      {{- if eq .Values.cloudProvider "GCP" }}
+      appProtocol: HTTP
+      {{- else }}
       appProtocol: http
+      {{- end }}
     {{- end }}
     {{- if (and $setNodePorts (not (empty .Values.controller.service.internal.nodePorts.http))) }}
       nodePort: {{ .Values.controller.service.internal.nodePorts.http }}
@@ -70,8 +74,12 @@ spec:
       port: {{ .Values.controller.service.internal.ports.https | default .Values.controller.service.ports.https }}
       protocol: TCP
       targetPort: {{ .Values.controller.service.internal.targetPorts.https | default .Values.controller.service.targetPorts.https }}
-    {{- if and (semverCompare ">=1.20" .Capabilities.KubeVersion.Version) (.Values.controller.service.internal.appProtocol) }}
+    {{- if and (semverCompare ">=1.20.0-0" .Capabilities.KubeVersion.Version) (.Values.controller.service.internal.appProtocol) }}
+      {{- if eq .Values.cloudProvider "GCP" }}
+      appProtocol: HTTPS
+      {{- else }}
       appProtocol: https
+      {{- end }}
     {{- end }}
     {{- if (and $setNodePorts (not (empty .Values.controller.service.internal.nodePorts.https))) }}
       nodePort: {{ .Values.controller.service.internal.nodePorts.https }}
diff --git a/charts/ingress-nginx/templates/controller-service-webhook.yaml b/charts/ingress-nginx/templates/controller-service-webhook.yaml
@@ -31,8 +31,12 @@ spec:
     - name: https-webhook
       port: 443
       targetPort: webhook
-    {{- if semverCompare ">=1.20" .Capabilities.KubeVersion.Version }}
+    {{- if semverCompare ">=1.20.0-0" .Capabilities.KubeVersion.Version }}
+      {{- if eq .Values.cloudProvider "GCP" }}
+      appProtocol: HTTPS
+      {{- else }}
       appProtocol: https
+      {{- end }}
     {{- end }}
   selector:
     {{- include "ingress-nginx.selectorLabels" . | nindent 4 }}
diff --git a/charts/ingress-nginx/templates/controller-service.yaml b/charts/ingress-nginx/templates/controller-service.yaml
@@ -58,8 +58,12 @@ spec:
       port: {{ .Values.controller.service.ports.http }}
       protocol: TCP
       targetPort: {{ .Values.controller.service.targetPorts.http }}
-    {{- if and (semverCompare ">=1.20" .Capabilities.KubeVersion.Version) (.Values.controller.service.appProtocol) }}
+    {{- if and (semverCompare ">=1.20.0-0" .Capabilities.KubeVersion.Version) (.Values.controller.service.appProtocol) }}
+      {{- if eq .Values.cloudProvider "GCP" }}
+      appProtocol: HTTP
+      {{- else }}
       appProtocol: http
+      {{- end }}
     {{- end }}
     {{- if (and $setNodePorts (not (empty .Values.controller.service.nodePorts.http))) }}
       nodePort: {{ .Values.controller.service.nodePorts.http }}
@@ -70,8 +74,12 @@ spec:
       port: {{ .Values.controller.service.ports.https }}
       protocol: TCP
       targetPort: {{ .Values.controller.service.targetPorts.https }}
-    {{- if and (semverCompare ">=1.20" .Capabilities.KubeVersion.Version) (.Values.controller.service.appProtocol) }}
+    {{- if and (semverCompare ">=1.20.0-0" .Capabilities.KubeVersion.Version) (.Values.controller.service.appProtocol) }}
+      {{- if eq .Values.cloudProvider "GCP" }}
+      appProtocol: HTTPS
+      {{- else }}
       appProtocol: https
+      {{- end }}
     {{- end }}
     {{- if (and $setNodePorts (not (empty .Values.controller.service.nodePorts.https))) }}
       nodePort: {{ .Values.controller.service.nodePorts.https }}
diff --git a/charts/ingress-nginx/templates/default-backend-service.yaml b/charts/ingress-nginx/templates/default-backend-service.yaml
@@ -32,8 +32,12 @@ spec:
       port: {{ .Values.defaultBackend.service.servicePort }}
       protocol: TCP
       targetPort: http
-    {{- if semverCompare ">=1.20" .Capabilities.KubeVersion.Version }}
+    {{- if semverCompare ">=1.20.0-0" .Capabilities.KubeVersion.Version }}
+      {{- if eq .Values.cloudProvider "GCP" }}
+      appProtocol: HTTP
+      {{- else }}
       appProtocol: http
+      {{- end }}
     {{- end }}
   selector:
     {{- include "ingress-nginx.selectorLabels" . | nindent 4 }}
diff --git a/charts/ingress-nginx/values.yaml b/charts/ingress-nginx/values.yaml
@@ -1112,3 +1112,9 @@ portNamePrefix: ""
 # This can be generated with: `openssl dhparam 4096 2> /dev/null | base64`
 ## Ref: https://github.com/kubernetes/ingress-nginx/tree/main/docs/examples/customization/ssl-dh-param
 dhParam: ""
+
+# -- (string) Specify cloud provider which will be used to install chart
+# eg GCP, AWS, Azure ...
+# Some configuration like appProtocol is differet for GCP cloud
+## Ref: https://cloud.google.com/kubernetes-engine/docs/how-to/secure-gateway
+cloudProvider: ""
