From f96dfbdf7fb89581e3c18b49894f04fea4779f44 Mon Sep 17 00:00:00 2001 From: Luca Comellini Date: Tue, 13 Aug 2024 18:10:36 -0700 Subject: [PATCH] Add Helm schema Problem: Deploying the chart with wrong values could result in an incorrectly configured NGF Solution: Enforce the values with a schema.json --- .pre-commit-config.yaml | 10 + .yamllint.yaml | 7 +- Makefile | 8 +- charts/nginx-gateway-fabric/README.md | 6 +- .../nginx-gateway-fabric/values.schema.json | 601 ++++++++++++++++++ charts/nginx-gateway-fabric/values.yaml | 166 ++++- tests/Makefile | 2 +- 7 files changed, 765 insertions(+), 35 deletions(-) create mode 100644 charts/nginx-gateway-fabric/values.schema.json diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index ff2a31f28e..66cbf3f8e0 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -85,6 +85,16 @@ repos: - id: shfmt-src args: [-w, -s, -i, "4"] + - repo: https://github.com/dadav/helm-schema + rev: 0.13.0 + hooks: + - id: helm-schema + args: + - --chart-search-root=charts + - --add-schema-reference + - "--skip-auto-generation=required,additionalProperties" + - --append-newline + ci: skip: [golangci-lint-full, prettier, markdownlint-cli2, yamllint] autofix_prs: false diff --git a/.yamllint.yaml b/.yamllint.yaml index 28fd5a76a7..f4ae917a19 100644 --- a/.yamllint.yaml +++ b/.yamllint.yaml @@ -1,10 +1,6 @@ --- -yaml-files: - - "*.yaml" - - "*.yml" - ignore: - - charts/nginx-gateway-fabric/ + - charts/nginx-gateway-fabric/templates - config/crd/bases/ - deploy/crds.yaml - site/static @@ -39,6 +35,7 @@ rules: .github/ tests/suite/manifests/longevity/cronjob.yaml .goreleaser.yml + charts/nginx-gateway-fabric/ new-line-at-end-of-file: enable new-lines: enable octal-values: disable diff --git a/Makefile b/Makefile index c85acfbe1e..717ca64086 100644 --- a/Makefile +++ b/Makefile @@ -37,6 +37,8 @@ CONTROLLER_TOOLS_VERSION = v0.16.3 NODE_VERSION = 20 # renovate: datasource=docker depName=quay.io/helmpack/chart-testing CHART_TESTING_VERSION = v3.11.0 +# renovate: datasource=github-tags depName=dadav/helm-schema +HELM_SCHEMA_VERSION = 0.13.0 # variables that can be overridden by the user PREFIX ?= nginx-gateway-fabric## The name of the NGF image. For example, nginx-gateway-fabric @@ -142,8 +144,12 @@ generate-api-docs: ## Generate API docs generate-helm-docs: ## Generate the Helm chart documentation go run github.com/norwoodj/helm-docs/cmd/helm-docs@$(HELM_DOCS_VERSION) --chart-search-root=charts --template-files _templates.gotmpl --template-files README.md.gotmpl +.PHONY: generate-helm-schema +generate-helm-schema: ## Generate the Helm chart schema + go run github.com/dadav/helm-schema/cmd/helm-schema@$(HELM_SCHEMA_VERSION) --chart-search-root=charts --add-schema-reference "--skip-auto-generation=required,additionalProperties" --append-newline + .PHONY: generate-all -generate-all: generate generate-crds generate-manifests generate-api-docs generate-helm-docs ## Generate all the necessary files +generate-all: generate generate-crds generate-helm-schema generate-manifests generate-api-docs generate-helm-docs ## Generate all the necessary files .PHONY: clean clean: ## Clean the build diff --git a/charts/nginx-gateway-fabric/README.md b/charts/nginx-gateway-fabric/README.md index 11497d608a..6819034420 100644 --- a/charts/nginx-gateway-fabric/README.md +++ b/charts/nginx-gateway-fabric/README.md @@ -258,7 +258,7 @@ The following table lists the configurable parameters of the NGINX Gateway Fabri | `affinity` | The affinity of the NGINX Gateway Fabric pod. | object | `{}` | | `extraVolumes` | extraVolumes for the NGINX Gateway Fabric pod. Use in conjunction with nginxGateway.extraVolumeMounts and nginx.extraVolumeMounts to mount additional volumes to the containers. | list | `[]` | | `metrics.enable` | Enable exposing metrics in the Prometheus format. | bool | `true` | -| `metrics.port` | Set the port where the Prometheus metrics are exposed. Format: [1024 - 65535] | int | `9113` | +| `metrics.port` | Set the port where the Prometheus metrics are exposed. | int | `9113` | | `metrics.secure` | Enable serving metrics via https. By default metrics are served via http. Please note that this endpoint will be secured with a self-signed certificate. | bool | `false` | | `nginx.config` | The configuration for the data plane that is contained in the NginxProxy resource. | object | `{}` | | `nginx.extraVolumeMounts` | extraVolumeMounts are the additional volume mounts for the nginx container. | list | `[]` | @@ -271,7 +271,7 @@ The following table lists the configurable parameters of the NGINX Gateway Fabri | `nginx.usage.insecureSkipVerify` | Disable client verification of the NGINX Plus usage reporting server certificate. | bool | `false` | | `nginx.usage.secretName` | The namespace/name of the Secret containing the credentials for NGINX Plus usage reporting. | string | `""` | | `nginx.usage.serverURL` | The base server URL of the NGINX Plus usage reporting server. | string | `""` | -| `nginxGateway.config.logging.level` | Log level. Supported values "info", "debug", "error". | string | `"info"` | +| `nginxGateway.config.logging.level` | Log level. | string | `"info"` | | `nginxGateway.configAnnotations` | Set of custom annotations for NginxGateway objects. | object | `{}` | | `nginxGateway.extraVolumeMounts` | extraVolumeMounts are the additional volume mounts for the nginx-gateway container. | list | `[]` | | `nginxGateway.gatewayClassAnnotations` | Set of custom annotations for GatewayClass objects. | object | `{}` | @@ -299,7 +299,7 @@ The following table lists the configurable parameters of the NGINX Gateway Fabri | `service.externalTrafficPolicy` | The externalTrafficPolicy of the service. The value Local preserves the client source IP. | string | `"Local"` | | `service.ports` | A list of ports to expose through the NGINX Gateway Fabric service. Update it to match the listener ports from your Gateway resource. Follows the conventional Kubernetes yaml syntax for service ports. | list | `[{"name":"http","port":80,"protocol":"TCP","targetPort":80},{"name":"https","port":443,"protocol":"TCP","targetPort":443}]` | | `service.type` | The type of service to create for the NGINX Gateway Fabric. | string | `"LoadBalancer"` | -| `serviceAccount.annotations` | | object | `{}` | +| `serviceAccount.annotations` | Set of custom annotations for the NGINX Gateway Fabric service account. | object | `{}` | | `serviceAccount.imagePullSecret` | The name of the secret containing docker registry credentials. Secret must exist in the same namespace as the helm release. | string | `""` | | `serviceAccount.imagePullSecrets` | A list of secret names containing docker registry credentials. Secrets must exist in the same namespace as the helm release. | list | `[]` | | `serviceAccount.name` | The name of the service account of the NGINX Gateway Fabric pods. Used for RBAC. | string | Autogenerated if not set or set to "" | diff --git a/charts/nginx-gateway-fabric/values.schema.json b/charts/nginx-gateway-fabric/values.schema.json new file mode 100644 index 0000000000..b9e0fe79a9 --- /dev/null +++ b/charts/nginx-gateway-fabric/values.schema.json @@ -0,0 +1,601 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "properties": { + "affinity": { + "description": "The affinity of the NGINX Gateway Fabric pod.", + "required": [], + "title": "affinity", + "type": "object" + }, + "extraVolumes": { + "description": "extraVolumes for the NGINX Gateway Fabric pod. Use in conjunction with\nnginxGateway.extraVolumeMounts and nginx.extraVolumeMounts to mount additional volumes to the containers.", + "items": { + "required": [], + "type": "array" + }, + "required": [], + "title": "extraVolumes", + "type": "array" + }, + "global": { + "description": "Global values are values that can be accessed from any chart or subchart by exactly the same name.", + "required": [], + "title": "global", + "type": "object" + }, + "metrics": { + "properties": { + "enable": { + "default": true, + "description": "Enable exposing metrics in the Prometheus format.", + "required": [], + "title": "enable", + "type": "boolean" + }, + "port": { + "default": 9113, + "description": "Set the port where the Prometheus metrics are exposed.", + "maximum": 65535, + "minimum": 1, + "required": [], + "title": "port", + "type": "integer" + }, + "secure": { + "default": false, + "description": "Enable serving metrics via https. By default metrics are served via http.\nPlease note that this endpoint will be secured with a self-signed certificate.", + "required": [], + "title": "secure", + "type": "boolean" + } + }, + "required": [], + "title": "metrics", + "type": "object" + }, + "nginx": { + "properties": { + "config": { + "description": "The configuration for the data plane that is contained in the NginxProxy resource.", + "properties": { + "disableHTTP2": { + "description": "DisableHTTP2 defines if http2 should be disabled for all servers.", + "required": [], + "type": "boolean" + }, + "ipFamily": { + "description": "IPFamily specifies the IP family to be used by the NGINX.", + "enum": [ + "ipv4", + "ipv6", + "dual" + ], + "required": [], + "type": "string" + }, + "telemetry": { + "description": "Telemetry specifies the OpenTelemetry configuration.", + "properties": { + "exporter": { + "properties": { + "batchCount": { + "minimum": 0, + "required": [], + "type": "integer" + }, + "batchSize": { + "minimum": 0, + "required": [], + "type": "integer" + }, + "endpoint": { + "pattern": "^(?:http?:\\/\\/)?[a-z0-9]([a-z0-9-]{0,61}[a-z0-9])?(?:\\.[a-z0-9]([a-z0-9-]{0,61}[a-z0-9])?)*(?::\\d{1,5})?$", + "required": [], + "type": "string" + }, + "interval": { + "pattern": "^\\d{1,4}(ms|s)?$", + "required": [], + "type": "string" + } + }, + "required": [], + "type": "object" + }, + "serviceName": { + "pattern": "^[a-zA-Z0-9_-]+$", + "required": [], + "type": "string" + }, + "spanAttributes": { + "items": { + "properties": { + "key": { + "pattern": "^([^\"$\\\\]|\\\\[^$])*$", + "required": [], + "type": "string" + }, + "value": { + "pattern": "^([^\"$\\\\]|\\\\[^$])*$", + "required": [], + "type": "string" + } + }, + "required": [] + }, + "required": [], + "type": "array" + } + }, + "required": [], + "type": "object" + } + }, + "required": [], + "title": "config", + "type": "object" + }, + "extraVolumeMounts": { + "description": "extraVolumeMounts are the additional volume mounts for the nginx container.", + "items": { + "required": [], + "type": "array" + }, + "required": [], + "title": "extraVolumeMounts", + "type": "array" + }, + "image": { + "properties": { + "pullPolicy": { + "default": "Always", + "enum": [ + "Always", + "IfNotPresent", + "Never" + ], + "required": [], + "title": "pullPolicy" + }, + "repository": { + "default": "ghcr.io/nginxinc/nginx-gateway-fabric/nginx", + "description": "The NGINX image to use.", + "required": [], + "title": "repository", + "type": "string" + }, + "tag": { + "default": "edge", + "required": [], + "title": "tag", + "type": "string" + } + }, + "required": [], + "title": "image", + "type": "object" + }, + "lifecycle": { + "description": "The lifecycle of the nginx container.", + "required": [], + "title": "lifecycle", + "type": "object" + }, + "plus": { + "default": false, + "description": "Is NGINX Plus image being used", + "required": [], + "title": "plus", + "type": "boolean" + }, + "usage": { + "description": "Configuration for NGINX Plus usage reporting.", + "properties": { + "clusterName": { + "default": "", + "description": "The display name of the Kubernetes cluster in the NGINX Plus usage reporting server.", + "required": [], + "title": "clusterName", + "type": "string" + }, + "insecureSkipVerify": { + "default": false, + "description": "Disable client verification of the NGINX Plus usage reporting server certificate.", + "required": [], + "title": "insecureSkipVerify", + "type": "boolean" + }, + "secretName": { + "default": "", + "description": "The namespace/name of the Secret containing the credentials for NGINX Plus usage reporting.", + "required": [], + "title": "secretName", + "type": "string" + }, + "serverURL": { + "default": "", + "description": "The base server URL of the NGINX Plus usage reporting server.", + "required": [], + "title": "serverURL", + "type": "string" + } + }, + "required": [], + "title": "usage", + "type": "object" + } + }, + "required": [], + "title": "nginx", + "type": "object" + }, + "nginxGateway": { + "properties": { + "config": { + "description": "The dynamic configuration for the control plane that is contained in the NginxGateway resource.", + "properties": { + "logging": { + "properties": { + "level": { + "default": "info", + "description": "Log level.", + "enum": [ + "info", + "debug", + "error" + ], + "required": [], + "title": "level" + } + }, + "required": [], + "title": "logging", + "type": "object" + } + }, + "required": [], + "title": "config", + "type": "object" + }, + "configAnnotations": { + "description": "Set of custom annotations for NginxGateway objects.", + "required": [], + "title": "configAnnotations", + "type": "object" + }, + "extraVolumeMounts": { + "description": "extraVolumeMounts are the additional volume mounts for the nginx-gateway container.", + "items": { + "required": [], + "type": "array" + }, + "required": [], + "title": "extraVolumeMounts", + "type": "array" + }, + "gatewayClassAnnotations": { + "description": "Set of custom annotations for GatewayClass objects.", + "required": [], + "title": "gatewayClassAnnotations", + "type": "object" + }, + "gatewayClassName": { + "default": "nginx", + "description": "The name of the GatewayClass that will be created as part of this release. Every NGINX Gateway\nFabric must have a unique corresponding GatewayClass resource. NGINX Gateway Fabric only processes resources that\nbelong to its class - i.e. have the \"gatewayClassName\" field resource equal to the class.", + "required": [], + "title": "gatewayClassName", + "type": "string" + }, + "gatewayControllerName": { + "default": "gateway.nginx.org/nginx-gateway-controller", + "description": "The name of the Gateway controller. The controller name must be of the form: DOMAIN/PATH. The controller's domain\nis gateway.nginx.org.", + "pattern": "^gateway.nginx.org/.*", + "required": [], + "title": "gatewayControllerName" + }, + "gwAPIExperimentalFeatures": { + "properties": { + "enable": { + "default": false, + "description": "Enable the experimental features of Gateway API which are supported by NGINX Gateway Fabric. Requires the Gateway\nAPIs installed from the experimental channel.", + "required": [], + "title": "enable", + "type": "boolean" + } + }, + "required": [], + "title": "gwAPIExperimentalFeatures", + "type": "object" + }, + "image": { + "properties": { + "pullPolicy": { + "default": "Always", + "enum": [ + "Always", + "IfNotPresent", + "Never" + ], + "required": [], + "title": "pullPolicy" + }, + "repository": { + "default": "ghcr.io/nginxinc/nginx-gateway-fabric", + "description": "The NGINX Gateway Fabric image to use", + "required": [], + "title": "repository", + "type": "string" + }, + "tag": { + "default": "edge", + "required": [], + "title": "tag", + "type": "string" + } + }, + "required": [], + "title": "image", + "type": "object" + }, + "kind": { + "const": "deployment", + "default": "deployment", + "description": "The kind of the NGINX Gateway Fabric installation - currently, only deployment is supported.", + "required": [], + "title": "kind" + }, + "leaderElection": { + "description": "The configuration for leader election.", + "properties": { + "enable": { + "default": true, + "description": "Enable leader election. Leader election is used to avoid multiple replicas of the NGINX Gateway Fabric\nreporting the status of the Gateway API resources. If not enabled, all replicas of NGINX Gateway Fabric\nwill update the statuses of the Gateway API resources.", + "required": [], + "title": "enable", + "type": "boolean" + }, + "lockName": { + "default": "", + "description": "The name of the leader election lock. A Lease object with this name will be created in the same Namespace as\nthe controller.", + "required": [], + "title": "lockName", + "type": "string" + } + }, + "required": [], + "title": "leaderElection", + "type": "object" + }, + "lifecycle": { + "description": "The lifecycle of the nginx-gateway container.", + "required": [], + "title": "lifecycle", + "type": "object" + }, + "podAnnotations": { + "description": "Set of custom annotations for the NGINX Gateway Fabric pods.", + "required": [], + "title": "podAnnotations", + "type": "object" + }, + "productTelemetry": { + "properties": { + "enable": { + "default": true, + "description": "Enable the collection of product telemetry.", + "required": [], + "title": "enable", + "type": "boolean" + } + }, + "required": [], + "title": "productTelemetry", + "type": "object" + }, + "readinessProbe": { + "description": "# Defines the settings for the control plane readiness probe. This probe returns Ready when the controller\n# has started and configured NGINX to serve traffic.", + "properties": { + "enable": { + "default": true, + "description": "Enable the /readyz endpoint on the control plane.", + "required": [], + "title": "enable", + "type": "boolean" + }, + "initialDelaySeconds": { + "default": 3, + "description": "The number of seconds after the Pod has started before the readiness probes are initiated.", + "required": [], + "title": "initialDelaySeconds", + "type": "integer" + }, + "port": { + "default": 8081, + "description": "Port in which the readiness endpoint is exposed.", + "maximum": 65535, + "minimum": 1, + "required": [], + "title": "port", + "type": "integer" + } + }, + "required": [], + "title": "readinessProbe", + "type": "object" + }, + "replicaCount": { + "default": 1, + "description": "The number of replicas of the NGINX Gateway Fabric Deployment.", + "required": [], + "title": "replicaCount", + "type": "integer" + }, + "resources": { + "description": "The resource requests and/or limits of the nginx-gateway container.", + "required": [], + "title": "resources", + "type": "object" + }, + "securityContext": { + "properties": { + "allowPrivilegeEscalation": { + "default": false, + "description": "Some environments may need this set to true in order for the control plane to successfully reload NGINX.", + "required": [], + "title": "allowPrivilegeEscalation", + "type": "boolean" + } + }, + "required": [], + "title": "securityContext", + "type": "object" + } + }, + "required": [ + "gatewayClassName", + "gatewayControllerName" + ], + "title": "nginxGateway", + "type": "object" + }, + "nodeSelector": { + "description": "The nodeSelector of the NGINX Gateway Fabric pod.", + "required": [], + "title": "nodeSelector", + "type": "object" + }, + "service": { + "properties": { + "annotations": { + "description": "The annotations of the NGINX Gateway Fabric service.", + "required": [], + "title": "annotations", + "type": "object" + }, + "create": { + "default": true, + "description": "Creates a service to expose the NGINX Gateway Fabric pods.", + "required": [], + "title": "create", + "type": "boolean" + }, + "externalTrafficPolicy": { + "default": "Local", + "description": "The externalTrafficPolicy of the service. The value Local preserves the client source IP.", + "enum": [ + "Cluster", + "Local" + ], + "required": [], + "title": "externalTrafficPolicy" + }, + "ports": { + "description": "A list of ports to expose through the NGINX Gateway Fabric service. Update it to match the listener ports from\nyour Gateway resource. Follows the conventional Kubernetes yaml syntax for service ports.", + "items": { + "properties": { + "name": { + "required": [], + "type": "string" + }, + "port": { + "maximum": 65535, + "minimum": 1, + "required": [], + "type": "integer" + }, + "protocol": { + "enum": [ + "TCP", + "UDP" + ], + "required": [], + "type": "string" + }, + "targetPort": { + "maximum": 65535, + "minimum": 1, + "required": [], + "type": "integer" + } + }, + "required": [], + "type": "object" + }, + "required": [], + "title": "ports", + "type": "array" + }, + "type": { + "default": "LoadBalancer", + "description": "The type of service to create for the NGINX Gateway Fabric.", + "enum": [ + "ClusterIP", + "NodePort", + "LoadBalancer" + ], + "required": [], + "title": "type" + } + }, + "required": [], + "title": "service", + "type": "object" + }, + "serviceAccount": { + "properties": { + "annotations": { + "description": "Set of custom annotations for the NGINX Gateway Fabric service account.", + "required": [], + "title": "annotations", + "type": "object" + }, + "imagePullSecret": { + "default": "", + "description": "The name of the secret containing docker registry credentials.\nSecret must exist in the same namespace as the helm release.", + "required": [], + "title": "imagePullSecret", + "type": "string" + }, + "imagePullSecrets": { + "description": "A list of secret names containing docker registry credentials.\nSecrets must exist in the same namespace as the helm release.", + "items": { + "required": [], + "type": "array" + }, + "required": [], + "title": "imagePullSecrets", + "type": "array" + }, + "name": { + "default": "", + "description": "The name of the service account of the NGINX Gateway Fabric pods. Used for RBAC.", + "required": [], + "title": "name", + "type": "string" + } + }, + "required": [], + "title": "serviceAccount", + "type": "object" + }, + "terminationGracePeriodSeconds": { + "default": 30, + "description": "The termination grace period of the NGINX Gateway Fabric pod.", + "required": [], + "title": "terminationGracePeriodSeconds", + "type": "integer" + }, + "tolerations": { + "description": "Tolerations for the NGINX Gateway Fabric pod.", + "items": { + "required": [], + "type": "array" + }, + "required": [], + "title": "tolerations", + "type": "array" + } + }, + "required": [], + "type": "object" +} diff --git a/charts/nginx-gateway-fabric/values.yaml b/charts/nginx-gateway-fabric/values.yaml index b81fb9063d..d9177df929 100644 --- a/charts/nginx-gateway-fabric/values.yaml +++ b/charts/nginx-gateway-fabric/values.yaml @@ -1,7 +1,18 @@ +# yaml-language-server: $schema=values.schema.json + nginxGateway: + # FIXME(lucacome): https://github.com/nginxinc/nginx-gateway-fabric/issues/2490 + + # @schema + # const: deployment + # @schema # -- The kind of the NGINX Gateway Fabric installation - currently, only deployment is supported. kind: deployment + # @schema + # required: true + # type: string + # @schema # -- The name of the GatewayClass that will be created as part of this release. Every NGINX Gateway # Fabric must have a unique corresponding GatewayClass resource. NGINX Gateway Fabric only processes resources that # belong to its class - i.e. have the "gatewayClassName" field resource equal to the class. @@ -13,6 +24,10 @@ nginxGateway: # -- Set of custom annotations for GatewayClass objects. gatewayClassAnnotations: {} + # @schema + # pattern: ^gateway.nginx.org/.* + # required: true + # @schema # -- The name of the Gateway controller. The controller name must be of the form: DOMAIN/PATH. The controller's domain # is gateway.nginx.org. gatewayControllerName: gateway.nginx.org/nginx-gateway-controller @@ -20,7 +35,13 @@ nginxGateway: # The dynamic configuration for the control plane that is contained in the NginxGateway resource. config: logging: - # -- Log level. Supported values "info", "debug", "error". + # @schema + # enum: + # - info + # - debug + # - error + # @schema + # -- Log level. level: info # -- Set of custom annotations for NginxGateway objects. @@ -35,6 +56,7 @@ nginxGateway: # reporting the status of the Gateway API resources. If not enabled, all replicas of NGINX Gateway Fabric # will update the statuses of the Gateway API resources. enable: true + # -- The name of the leader election lock. A Lease object with this name will be created in the same Namespace as # the controller. # @default -- Autogenerated if not set or set to "". @@ -45,8 +67,15 @@ nginxGateway: readinessProbe: # -- Enable the /readyz endpoint on the control plane. enable: true + + # @schema + # type: integer + # minimum: 1 + # maximum: 65535 + # @schema # -- Port in which the readiness endpoint is exposed. port: 8081 + # -- The number of seconds after the Pod has started before the readiness probes are initiated. initialDelaySeconds: 3 @@ -54,6 +83,12 @@ nginxGateway: # -- The NGINX Gateway Fabric image to use repository: ghcr.io/nginxinc/nginx-gateway-fabric tag: edge + # @schema + # enum: + # - Always + # - IfNotPresent + # - Never + # @schema pullPolicy: Always securityContext: @@ -83,44 +118,81 @@ nginx: # -- The NGINX image to use. repository: ghcr.io/nginxinc/nginx-gateway-fabric/nginx tag: edge + # @schema + # enum: + # - Always + # - IfNotPresent + # - Never + # @schema pullPolicy: Always # -- Is NGINX Plus image being used plus: false + # @schema + # type: object + # properties: + # disableHTTP2: + # description: DisableHTTP2 defines if http2 should be disabled for all servers. + # type: boolean + # ipFamily: + # description: IPFamily specifies the IP family to be used by the NGINX. + # type: string + # enum: + # - ipv4 + # - ipv6 + # - dual + # telemetry: + # type: object + # description: Telemetry specifies the OpenTelemetry configuration. + # properties: + # exporter: + # type: object + # properties: + # endpoint: + # type: string + # pattern: ^(?:http?:\/\/)?[a-z0-9]([a-z0-9-]{0,61}[a-z0-9])?(?:\.[a-z0-9]([a-z0-9-]{0,61}[a-z0-9])?)*(?::\d{1,5})?$ + # interval: + # type: string + # pattern: ^\d{1,4}(ms|s)?$ + # batchSize: + # type: integer + # minimum: 0 + # batchCount: + # type: integer + # minimum: 0 + # serviceName: + # type: string + # pattern: ^[a-zA-Z0-9_-]+$ + # spanAttributes: + # type: array + # items: + # properties: + # key: + # type: string + # pattern: ^([^"$\\]|\\[^$])*$ + # minLength: 1 + # maxLength: 255 + # value: + # type: string + # pattern: ^([^"$\\]|\\[^$])*$ + # minLength: 1 + # maxLength: 255 + # @schema # -- The configuration for the data plane that is contained in the NginxProxy resource. - config: - {} - # disableHTTP2: false - # ipFamily: dual - # rewriteClientIP: - # mode: "ProxyProtocol" - # # -- The trusted addresses field needs to be replaced with the load balancer's address and type. - # trustedAddresses: [ - # { - # # -- The CIDR block of the load balancer(s). - # value: "", - # type: "cidr", - # } - # ] - # setIPRecursively: true - # telemetry: - # exporter: - # endpoint: otel-collector.default.svc:4317 - # interval: 5s - # batchSize: 512 - # batchCount: 4 - # serviceName: "" - # spanAttributes: [] + config: {} # Configuration for NGINX Plus usage reporting. usage: # -- The namespace/name of the Secret containing the credentials for NGINX Plus usage reporting. secretName: "" + # -- The base server URL of the NGINX Plus usage reporting server. serverURL: "" + # -- The display name of the Kubernetes cluster in the NGINX Plus usage reporting server. clusterName: "" + # -- Disable client verification of the NGINX Plus usage reporting server certificate. insecureSkipVerify: false @@ -143,7 +215,9 @@ nodeSelector: {} affinity: {} serviceAccount: + # -- Set of custom annotations for the NGINX Gateway Fabric service account. annotations: {} + # -- The name of the service account of the NGINX Gateway Fabric pods. Used for RBAC. # @default -- Autogenerated if not set or set to "" name: "" @@ -159,13 +233,48 @@ serviceAccount: service: # -- Creates a service to expose the NGINX Gateway Fabric pods. create: true + + # @schema + # enum: + # - ClusterIP + # - NodePort + # - LoadBalancer + # @schema # -- The type of service to create for the NGINX Gateway Fabric. type: LoadBalancer + + # @schema + # enum: + # - Cluster + # - Local + # @schema # -- The externalTrafficPolicy of the service. The value Local preserves the client source IP. externalTrafficPolicy: Local + # -- The annotations of the NGINX Gateway Fabric service. annotations: {} + # @schema + # type: array + # items: + # type: object + # properties: + # port: + # type: integer + # minimum: 1 + # maximum: 65535 + # targetPort: + # type: integer + # minimum: 1 + # maximum: 65535 + # protocol: + # type: string + # enum: + # - TCP + # - UDP + # name: + # type: string + # @schema # -- A list of ports to expose through the NGINX Gateway Fabric service. Update it to match the listener ports from # your Gateway resource. Follows the conventional Kubernetes yaml syntax for service ports. ports: @@ -181,8 +290,15 @@ service: metrics: # -- Enable exposing metrics in the Prometheus format. enable: true - # -- Set the port where the Prometheus metrics are exposed. Format: [1024 - 65535] + + # @schema + # type: integer + # minimum: 1 + # maximum: 65535 + # @schema + # -- Set the port where the Prometheus metrics are exposed. port: 9113 + # -- Enable serving metrics via https. By default metrics are served via http. # Please note that this endpoint will be secured with a self-signed certificate. secure: false diff --git a/tests/Makefile b/tests/Makefile index 2930ddd8b4..fdb25a87d5 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -166,7 +166,7 @@ delete-gke-cluster: ## Delete the GKE cluster add-local-ip-to-cluster: ## Add local IP to the GKE cluster master-authorized-networks ./scripts/add-local-ip-auth-networks.sh -HELM_PARAMETERS += --set nameOverride=nginx-gateway --set nginxGateway.kind=skip --set service.create=false +HELM_PARAMETERS += --set nameOverride=nginx-gateway --set nginxGateway.kind=skip --set service.create=false --skip-schema-validation .PHONY: deploy-updated-provisioner deploy-updated-provisioner: ## Update provisioner manifest and deploy to the configured kind cluster