Added ingress for apiVersion: networking.k8s.io/v1 (oauth2-proxy#37)

* Added ingress for apiVersion: networking.k8s.io/v1 fix variables added missing new line character * add deprecation yaml, docs + major version bump
T-vK · Jun 24, 2021 · 4d36457 · 4d36457
1 parent 9b07555
commit 4d36457
Show file tree

Hide file tree

Showing 7 changed files with 60 additions and 13 deletions.
diff --git a/helm/oauth2-proxy/Chart.yaml b/helm/oauth2-proxy/Chart.yaml
@@ -1,5 +1,5 @@
 name: oauth2-proxy
-version: 3.3.2
+version: 4.0.0
 apiVersion: v2
 appVersion: 7.1.3
 home: https://oauth2-proxy.github.io/oauth2-proxy/

diff --git a/helm/oauth2-proxy/README.md b/helm/oauth2-proxy/README.md
@@ -46,12 +46,20 @@ This version upgrades oauth2-proxy to v4.0.0. Please see the [changelog](https:/
 
 Version 2.0.0 of this chart introduces support for Kubernetes v1.16.x by way of addressing the deprecation of the Deployment object apiVersion `apps/v1beta2`.  See [the v1.16 API deprecations page](https://kubernetes.io/blog/2019/07/18/api-deprecations-in-1-16/) for more information.
 
-Due to [this issue](https://github.com/helm/helm/issues/6583) there may be errors performing a `helm upgrade`of this chart from versions earlier than 2.0.0.
+Due to [this issue](https://github.com/helm/helm/issues/6583) there may be errors performing a `helm upgrade` of this chart from versions earlier than 2.0.0.
 
 ### To 3.0.0
 
 Version 3.0.0 introduces support for [EKS IAM roles for service accounts](https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html) by adding a managed service account to the chart.  This is a breaking change since the service account is enabled by default.  To disable this behaviour set `serviceAccount.enabled` to `false`
 
+### To 4.0.0
+
+Version 4.0.0 adds support for the new Ingress apiVersion **networking.k8s.io/v1**.
+Therefore the `ingress.extraPaths` parameter needs to be updated to the new format.
+See the [v1.22 API deprecations guide](https://kubernetes.io/docs/reference/using-api/deprecation-guide/#ingress-v122) for more information.
+
+For the same reason `service.port` was renamed to `service.portNumber`.
+
 ## Configuration
 
 The following table lists the configurable parameters of the oauth2-proxy chart and their default values.
@@ -109,7 +117,7 @@ Parameter | Description | Default
 `readinessProbe.successThreshold` | number of successes | 1
 `replicaCount` | desired number of pods | `1`
 `resources` | pod resource requests & limits | `{}`
-`service.port` | port for the service | `80`
+`service.portNumber` | port number for the service | `80`
 `service.type` | type of service | `ClusterIP`
 `service.clusterIP` | cluster ip address | `nil`
 `service.loadBalancerIP` | ip of load balancer | `nil`
@@ -131,7 +139,7 @@ Parameter | Description | Default
 `sessionStorage.redis.sentinel.masterName` | Redis sentinel master name | `nil`
 `sessionStorage.redis.sentinel.connectionUrls` | List of Redis sentinel connection URLs (e.g. redis://HOST[:PORT]) | `[]`
 `redis.enabled` | Enable the redis subchart deployment | `false`
-
+`checkDeprecation` | Enable deprecation checks | `true`
 
 Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
 

diff --git a/helm/oauth2-proxy/ci/ingress-extra-paths-values.yaml b/helm/oauth2-proxy/ci/ingress-extra-paths-values.yaml
@@ -1,6 +1,9 @@
 ingress:
   extraPaths:
   - path: /*
+    pathType: ImplementationSpecific
     backend:
-      serviceName: ssl-redirect
-      servicePort: use-annotation
+      service:
+        name: ssl-redirect
+        port:
+          name: use-annotation
diff --git a/helm/oauth2-proxy/templates/deprecation.yaml b/helm/oauth2-proxy/templates/deprecation.yaml
@@ -0,0 +1,12 @@
+{{- if .Values.checkDeprecation }}
+    {{- if .Values.service.port }}
+        {{ fail "`service.port` does no longer exist. It has been renamed to `service.portNumber`" }}
+    {{- end }}
+    {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" -}}
+        {{- range .Values.ingress.extraPaths }}
+            {{- if or (.backend.serviceName) (.backend.servicePort) }}
+                {{ fail "Please update the format of your `ingress.extraPaths` to the new ingress apiVersion `networking.k8s.io/v1` format" }}
+            {{- end }}
+        {{- end }}
+    {{- end }}
+{{- end }}
diff --git a/helm/oauth2-proxy/templates/ingress.yaml b/helm/oauth2-proxy/templates/ingress.yaml
@@ -1,9 +1,14 @@
 {{- if .Values.ingress.enabled -}}
 {{- $serviceName := include "oauth2-proxy.fullname" . -}}
-{{- $servicePort := .Values.service.port -}}
+{{- $servicePort := .Values.service.portNumber -}}
 {{- $ingressPath := .Values.ingress.path -}}
+{{- $ingressPathType := .Values.ingress.pathType -}}
 {{- $extraPaths := .Values.ingress.extraPaths -}}
-{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" -}}
+{{- $apiV1 := false -}}
+{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" -}}
+apiVersion: networking.k8s.io/v1
+{{- $apiV1 = true -}}
+{{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" -}}
 apiVersion: networking.k8s.io/v1beta1
 {{- else -}}
 apiVersion: extensions/v1beta1
@@ -26,13 +31,23 @@ spec:
     - host: {{ $host | quote }}
       http:
         paths:
-{{ if $extraPaths }}
+{{- if $extraPaths }}
 {{ toYaml $extraPaths | indent 10 }}
 {{- end }}
+          {{- if $apiV1 }}
+          - path: {{ $ingressPath }}
+            pathType: {{ $ingressPathType }}
+            backend:
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+          {{- else }}
           - path: {{ $ingressPath }}
             backend:
               serviceName: {{ $serviceName }}
               servicePort: {{ $servicePort }}
+          {{- end }}
     {{- end -}}
   {{- if .Values.ingress.tls }}
   tls:

diff --git a/helm/oauth2-proxy/templates/service.yaml b/helm/oauth2-proxy/templates/service.yaml
@@ -30,7 +30,7 @@ spec:
   type: {{ .Values.service.type }}
 {{- end }}
   ports:
-    - port: {{ .Values.service.port }}
+    - port: {{ .Values.service.portNumber }}
       targetPort: {{ .Values.httpScheme }}
       protocol: TCP
       name: {{ .Values.httpScheme }}

diff --git a/helm/oauth2-proxy/values.yaml b/helm/oauth2-proxy/values.yaml
@@ -73,7 +73,7 @@ service:
   # when service.type is LoadBalancer ...
   # loadBalancerIP: 198.51.100.40
   # loadBalancerSourceRanges: 203.0.113.0/24
-  port: 80
+  portNumber: 80
   annotations: {}
   # foo.io/bar: "true"
 
@@ -89,15 +89,21 @@ serviceAccount:
 ingress:
   enabled: false
   path: /
+  # Only used if API capabilities (networking.k8s.io/v1) allow it
+  pathType: ImplementationSpecific
   # Used to create an Ingress record.
   # hosts:
     # - chart-example.local
   # Extra paths to prepend to every host configuration. This is useful when working with annotation based services.
+  # Warning! The configuration is dependant on your current k8s API version capabilities (networking.k8s.io/v1)
   # extraPaths:
   # - path: /*
+  #   pathType: ImplementationSpecific
   #   backend:
-  #     serviceName: ssl-redirect
-  #     servicePort: use-annotation
+  #     service:
+  #       name: ssl-redirect
+  #       port:
+  #         name: use-annotation
   # annotations:
   #   kubernetes.io/ingress.class: nginx
   #   kubernetes.io/tls-acme: "true"
@@ -222,3 +228,6 @@ redis:
   # cluster:
   #   enabled: false
   #   slaveCount: 1
+
+# Enables apiVersion deprecation checks
+checkDeprecation: true