Chart: Add `activeDeadlineSeconds`. (#13497)

2025-06-10 14:04:24 +05:30 · 2025-06-10 14:04:24 +05:30 · 6338a3ac71
parent 311a2082c5
commit 6338a3ac71
6 changed files with 28 additions and 0 deletions
--- a/charts/ingress-nginx/README.md
+++ b/charts/ingress-nginx/README.md
@ -260,6 +260,7 @@ metadata:
 | controller.admissionWebhooks.certManager.rootCert.duration | string | `""` |  |
 | controller.admissionWebhooks.certManager.rootCert.revisionHistoryLimit | int | `0` | Revision history limit of the root certificate. Ref.: https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.CertificateSpec |
 | controller.admissionWebhooks.certificate | string | `"/usr/local/certificates/cert"` |  |
+| controller.admissionWebhooks.createSecretJob.activeDeadlineSeconds | int | `0` | Deadline in seconds for the job to complete. Must be greater than 0 to enforce. If unset or 0, no deadline is enforced. |
 | controller.admissionWebhooks.createSecretJob.name | string | `"create"` |  |
 | controller.admissionWebhooks.createSecretJob.resources | object | `{}` |  |
 | controller.admissionWebhooks.createSecretJob.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsGroup":65532,"runAsNonRoot":true,"runAsUser":65532,"seccompProfile":{"type":"RuntimeDefault"}}` | Security context for secret creation containers |
@ -290,6 +291,7 @@ metadata:
 | controller.admissionWebhooks.patch.serviceAccount.create | bool | `true` | Create a service account or not |
 | controller.admissionWebhooks.patch.serviceAccount.name | string | `""` | Custom service account name |
 | controller.admissionWebhooks.patch.tolerations | list | `[]` |  |
+| controller.admissionWebhooks.patchWebhookJob.activeDeadlineSeconds | int | `0` | Deadline in seconds for the job to complete. Must be greater than 0 to enforce. If unset or 0, no deadline is enforced. |
 | controller.admissionWebhooks.patchWebhookJob.name | string | `"patch"` |  |
 | controller.admissionWebhooks.patchWebhookJob.resources | object | `{}` |  |
 | controller.admissionWebhooks.patchWebhookJob.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsGroup":65532,"runAsNonRoot":true,"runAsUser":65532,"seccompProfile":{"type":"RuntimeDefault"}}` | Security context for webhook patch containers |
--- a/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml
+++ b/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml
@ -18,6 +18,9 @@ metadata:
    {{- end }}
 spec:
  ttlSecondsAfterFinished: 0
+{{- if gt (int .Values.controller.admissionWebhooks.createSecretJob.activeDeadlineSeconds) 0 }}
+  activeDeadlineSeconds: {{ .Values.controller.admissionWebhooks.createSecretJob.activeDeadlineSeconds }}
+{{- end }}
  template:
    metadata:
      name: {{ include "ingress-nginx.admissionWebhooks.createSecretJob.fullname" . }}
--- a/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml
+++ b/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml
@ -18,6 +18,9 @@ metadata:
    {{- end }}
 spec:
  ttlSecondsAfterFinished: 0
+{{- if gt (int .Values.controller.admissionWebhooks.patchWebhookJob.activeDeadlineSeconds) 0 }}
+  activeDeadlineSeconds: {{ .Values.controller.admissionWebhooks.patchWebhookJob.activeDeadlineSeconds }}
+{{- end }}
  template:
    metadata:
      name: {{ include "ingress-nginx.admissionWebhooks.patchWebhookJob.fullname" . }}
--- a/charts/ingress-nginx/tests/admission-webhooks/job-patch/job-createSecret_test.yaml
+++ b/charts/ingress-nginx/tests/admission-webhooks/job-patch/job-createSecret_test.yaml
@ -10,3 +10,11 @@ tests:
      - equal:
          path: spec.template.spec.automountServiceAccountToken
          value: false
+
+  - it: should create a Job with `activeDeadlineSeconds` if `controller.admissionWebhooks.createSecretJob.activeDeadlineSeconds ` is set
+    set:
+      controller.admissionWebhooks.createSecretJob.activeDeadlineSeconds: 1
+    asserts:
+      - equal:
+          path: spec.activeDeadlineSeconds
+          value: 1
--- a/charts/ingress-nginx/tests/admission-webhooks/job-patch/job-patchWebhook_test.yaml
+++ b/charts/ingress-nginx/tests/admission-webhooks/job-patch/job-patchWebhook_test.yaml
@ -10,3 +10,11 @@ tests:
      - equal:
          path: spec.template.spec.automountServiceAccountToken
          value: false
+
+  - it: should create a Job with `activeDeadlineSeconds` if `controller.admissionWebhooks.patchWebhookJob.activeDeadlineSeconds ` is set
+    set:
+      controller.admissionWebhooks.patchWebhookJob.activeDeadlineSeconds: 1
+    asserts:
+      - equal:
+          path: spec.activeDeadlineSeconds
+          value: 1
--- a/charts/ingress-nginx/values.yaml
+++ b/charts/ingress-nginx/values.yaml
@ -776,6 +776,8 @@ controller:
      type: ClusterIP
    createSecretJob:
      name: create
+      # -- Deadline in seconds for the job to complete. Must be greater than 0 to enforce. If unset or 0, no deadline is enforced.
+      activeDeadlineSeconds: 0
      # -- Security context for secret creation containers
      securityContext:
        runAsNonRoot: true
@ -797,6 +799,8 @@ controller:
      #   memory: 20Mi
    patchWebhookJob:
      name: patch
+      # -- Deadline in seconds for the job to complete. Must be greater than 0 to enforce. If unset or 0, no deadline is enforced.
+      activeDeadlineSeconds: 0
      # -- Security context for webhook patch containers
      securityContext:
        runAsNonRoot: true