Skip to content

Commit 5fca904

Browse files
bjee19bjee19
committed
Add openshift manifests and helm template generation
1 parent b13ec53 commit 5fca904

File tree

7 files changed

+1469
-11
lines changed

7 files changed

+1469
-11
lines changed

Makefile

+5
Original file line numberDiff line numberDiff line change
@@ -109,6 +109,11 @@ generate-manifests: ## Generate manifests using Helm.
109109
helm template nginx-gateway $(CHART_DIR) $(HELM_TEMPLATE_COMMON_ARGS) $(HELM_TEMPLATE_EXTRA_ARGS_FOR_ALL_MANIFESTS_FILE) --set nginx.plus=true --set nginx.image.repository=$(NGINX_PLUS_PREFIX) -n nginx-gateway | cat $(strip $(MANIFEST_DIR))/namespace.yaml - > $(strip $(MANIFEST_DIR))/nginx-plus-gateway.yaml
110110
helm template nginx-gateway $(CHART_DIR) $(HELM_TEMPLATE_COMMON_ARGS) $(HELM_TEMPLATE_EXTRA_ARGS_FOR_ALL_MANIFESTS_FILE) --set nginxGateway.gwAPIExperimentalFeatures.enable=true -n nginx-gateway | cat $(strip $(MANIFEST_DIR))/namespace.yaml - > $(strip $(MANIFEST_DIR))/nginx-gateway-experimental.yaml
111111
helm template nginx-gateway $(CHART_DIR) $(HELM_TEMPLATE_COMMON_ARGS) $(HELM_TEMPLATE_EXTRA_ARGS_FOR_ALL_MANIFESTS_FILE) --set nginxGateway.gwAPIExperimentalFeatures.enable=true --set nginx.plus=true --set nginx.image.repository=$(NGINX_PLUS_PREFIX) -n nginx-gateway | cat $(strip $(MANIFEST_DIR))/namespace.yaml - > $(strip $(MANIFEST_DIR))/nginx-plus-gateway-experimental.yaml
112+
helm template nginx-gateway $(CHART_DIR) $(HELM_TEMPLATE_COMMON_ARGS) $(HELM_TEMPLATE_EXTRA_ARGS_FOR_ALL_MANIFESTS_FILE) -n nginx-gateway --set platform=openshift -s templates/scc.yaml > $(strip $(MANIFEST_DIR))/openshift/scc.yaml
113+
helm template nginx-gateway $(CHART_DIR) $(HELM_TEMPLATE_COMMON_ARGS) $(HELM_TEMPLATE_EXTRA_ARGS_FOR_ALL_MANIFESTS_FILE) -n nginx-gateway --set platform=openshift | cat $(strip $(MANIFEST_DIR))/namespace.yaml - > $(strip $(MANIFEST_DIR))/openshift/nginx-gateway.yaml
114+
helm template nginx-gateway $(CHART_DIR) $(HELM_TEMPLATE_COMMON_ARGS) $(HELM_TEMPLATE_EXTRA_ARGS_FOR_ALL_MANIFESTS_FILE) --set nginx.plus=true --set nginx.image.repository=$(NGINX_PLUS_PREFIX) -n nginx-gateway --set platform=openshift | cat $(strip $(MANIFEST_DIR))/namespace.yaml - > $(strip $(MANIFEST_DIR))/openshift/nginx-plus-gateway.yaml
115+
helm template nginx-gateway $(CHART_DIR) $(HELM_TEMPLATE_COMMON_ARGS) $(HELM_TEMPLATE_EXTRA_ARGS_FOR_ALL_MANIFESTS_FILE) --set nginxGateway.gwAPIExperimentalFeatures.enable=true -n nginx-gateway --set platform=openshift | cat $(strip $(MANIFEST_DIR))/namespace.yaml - > $(strip $(MANIFEST_DIR))/openshift/nginx-gateway-experimental.yaml
116+
helm template nginx-gateway $(CHART_DIR) $(HELM_TEMPLATE_COMMON_ARGS) $(HELM_TEMPLATE_EXTRA_ARGS_FOR_ALL_MANIFESTS_FILE) --set nginxGateway.gwAPIExperimentalFeatures.enable=true --set nginx.plus=true --set nginx.image.repository=$(NGINX_PLUS_PREFIX) -n nginx-gateway --set platform=openshift | cat $(strip $(MANIFEST_DIR))/namespace.yaml - > $(strip $(MANIFEST_DIR))/openshift/nginx-plus-gateway-experimental.yaml
112117
helm template nginx-gateway $(CHART_DIR) $(HELM_TEMPLATE_COMMON_ARGS) --set metrics.enable=false --set nginxGateway.productTelemetry.enable=false -n nginx-gateway -s templates/deployment.yaml > conformance/provisioner/static-deployment.yaml
113118
helm template nginx-gateway $(CHART_DIR) $(HELM_TEMPLATE_COMMON_ARGS) -n nginx-gateway -s templates/service.yaml > $(strip $(MANIFEST_DIR))/service/loadbalancer.yaml
114119
helm template nginx-gateway $(CHART_DIR) $(HELM_TEMPLATE_COMMON_ARGS) --set service.annotations.'service\.beta\.kubernetes\.io\/aws-load-balancer-type'="nlb" -n nginx-gateway -s templates/service.yaml > $(strip $(MANIFEST_DIR))/service/loadbalancer-aws-nlb.yaml

charts/nginx-gateway-fabric/templates/scc.yaml

+10-11
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,3 @@
1-
# Create SCC for Gateway resources
21
{{- if and (eq .Values.platform "openshift") .Values.createOpenShiftSCC }}
32
kind: SecurityContextConstraints
43
apiVersion: security.openshift.io/v1
@@ -19,23 +18,23 @@ runAsUser:
1918
fsGroup:
2019
type: MustRunAs
2120
ranges:
22-
- min: 1001
23-
max: 1001
21+
- min: 1001
22+
max: 1001
2423
supplementalGroups:
2524
type: MustRunAs
2625
ranges:
27-
- min: 1001
28-
max: 1001
26+
- min: 1001
27+
max: 1001
2928
seLinuxContext:
3029
type: MustRunAs
3130
volumes:
32-
- emptyDir
33-
- secret
31+
- emptyDir
32+
- secret
3433
users:
35-
- {{ printf "system:serviceaccount:*:%s" (include "nginx-gateway.fullname" .) }}
34+
- {{ printf "system:serviceaccount:*:%s" (include "nginx-gateway.fullname" .) }}
3635
allowedCapabilities:
37-
- NET_BIND_SERVICE
38-
- KILL
36+
- NET_BIND_SERVICE
37+
- KILL
3938
requiredDropCapabilities:
40-
- ALL
39+
- ALL
4140
{{- end }}

0 commit comments

Comments
 (0)