feat: make ingress PathType configurable via Helm env var, default to Prefix#126
Open
badal773 wants to merge 1 commit intonabsul:mainfrom
Open
feat: make ingress PathType configurable via Helm env var, default to Prefix#126badal773 wants to merge 1 commit intonabsul:mainfrom
badal773 wants to merge 1 commit intonabsul:mainfrom
Conversation
There was a problem hiding this comment.
Pull Request Overview
This PR makes the Ingress pathType configurable via a new Helm environment variable (defaulting to Prefix) to align with stricter NGINX Ingress Controller validation rules.
- Added
kcertPathTypetovalues.yamlwith a default ofPrefix - Passed
KCERT_PATH_TYPEinto the deployment via an environment variable - Bumped chart version to
1.0.8 - Updated
HttpChallengeProviderto use an environment‐drivenPathType
Reviewed Changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| charts/kcert/values.yaml | Introduced kcertPathType setting with default |
| charts/kcert/templates/070-Deployment.yaml | Inject KCERT_PATH_TYPE into container env |
| charts/kcert/Chart.yaml | Bumped chart version to 1.0.8 |
| Challenge/HttpChallengeProvider.cs | Replaced hardcoded PathType with GetPathType |
Comments suppressed due to low confidence (2)
charts/kcert/values.yaml:43
- [nitpick] Add a comment above
kcertPathTypeinvalues.yamlexplaining its purpose and allowed values (Prefix,Exact,ImplementationSpecific) for clarity.
kcertPathType: Prefix
Challenge/HttpChallengeProvider.cs:82
- Add unit tests for
GetPathTypeto cover both the default fallback and an overridden environment variable scenario, ensuring the new configurable path type logic is verified.
private static string GetPathType()
Comment on lines
+82
to
+84
| private static string GetPathType() | ||
| { | ||
| return Environment.GetEnvironmentVariable("KCERT_PATH_TYPE") ?? "Prefix"; |
There was a problem hiding this comment.
[nitpick] Extract the default path type ("Prefix") into a shared constant or configuration field to avoid duplicating the literal and keep it in sync with the Helm chart default.
Suggested change
| private static string GetPathType() | |
| { | |
| return Environment.GetEnvironmentVariable("KCERT_PATH_TYPE") ?? "Prefix"; | |
| private const string DefaultPathType = "Prefix"; | |
| private static string GetPathType() | |
| { | |
| return Environment.GetEnvironmentVariable("KCERT_PATH_TYPE") ?? DefaultPathType; |
|
|
||
| private static string GetPathType() | ||
| { | ||
| return Environment.GetEnvironmentVariable("KCERT_PATH_TYPE") ?? "Prefix"; |
There was a problem hiding this comment.
Consider validating the environment variable against allowed Kubernetes PathType values (Prefix, Exact, ImplementationSpecific) to fail fast on invalid configuration.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description of Change
In recent versions of the NGINX Ingress Controller, stricter validation rules have been introduced for
ingress.spec.rules.http.paths.pathwhenpathTypeis set toPrefixorExact. These rules enforce that thepathmust://,_, and-If a path contains characters outside this set (e.g., for rewrite purposes), the
pathTypemust be set toImplementationSpecific. This validation is enforced by the Admission Webhook, and non-compliant ingress resources will be denied admission.To ensure compatibility and prevent potential deployment failures, we are explicitly setting the default
pathTypetoPrefixvia an environment variable in the Helm chart. This default is safe for standard use cases where paths comply with the new restrictions.For advanced use cases involving rewrites or non-standard characters in paths, users should explicitly override the
pathTypetoImplementationSpecific.