review

Alfresco · Jan 22, 2025 · 0cd1bd2 · 0cd1bd2
1 parent 0466257
commit 0cd1bd2
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 13 deletions.
diff --git a/.github/actions/setup-kind/action.yml b/.github/actions/setup-kind/action.yml
@@ -25,9 +25,11 @@ inputs:
     default: "false"
   ingress-configmap-patch:
     description: |
-      The patch to apply to the ingress-nginx-controller configmap. This is a JSON string.
-    default: '"allow-snippet-annotations":"true"'
-  registry-secret:
+      The patch to apply to the ingress-nginx-controller configmap. The default is off. Other optons are:
+      - allow-snippet-annotations: for ingress-nginx-controller prior to v1.12
+      - annotations-risk-level-critical: for ingress-nginx-controller v1.12 and later
+    default: "off"
+  import-registry-secret:
     description: |
       Whether to create a secret for the docker registry. It will create a secret from file $HOME/.docker/config.json.
       You have to login to the registry when enabling this option.
@@ -60,6 +62,13 @@ runs:
       run: |
         kubectl apply -f "${NGINX_MANIFEST_URL}"
 
+    - name: Set nginx ingress config
+      shell: bash
+      if: inputs.ingress-configmap-patch != 'off'
+      run: |
+        kubectl -n ingress-nginx patch cm ingress-nginx-controller \
+          -p '{"data": {${{ inputs.ingress-configmap-patch == 'allow-snippet-annotations' && '"allow-snippet-annotations":"true"' || (inputs.ingress-configmap-patch == 'annotations-risk-level-critical' && '"annotations-risk-level":"critical"')}}}}'
+
     - name: Wait for ingress ready
       shell: bash
       run: |
@@ -68,15 +77,9 @@ runs:
           --selector=app.kubernetes.io/component=controller \
           --timeout=90s
 
-    - name: Set nginx ingress config
-      shell: bash
-      run: |
-        kubectl -n ingress-nginx patch cm ingress-nginx-controller \
-          -p '{"data": {${{inputs.ingress-configmap-patch}}}}'
-
     - name: Create registries auth secret
       shell: bash
-      if: inputs.registry-secret == 'true'
+      if: inputs.import-registry-secret == 'true'
       run: |
         kubectl create secret generic regcred \
           --from-file=.dockerconfigjson=$HOME/.docker/config.json \

diff --git a/docs/README.md b/docs/README.md
@@ -1600,11 +1600,13 @@ Spin up a local kubernetes cluster with nginx ingress exposing http/https ports.
           # ingress-nginx-ref: controller-v1.8.2
           # Enable deploying Metrics server with KinD
           # metrics: true
-          # The patch to apply to the ingress-nginx-controller configmap (defaults to "allow-snippet-annotations":"true").
-          # ingress-configmap-patch: '"allow-snippet-annotations":"true", "annotations-risk-level":"Critical"'
+          # The patch to apply to the ingress-nginx-controller configmap (defaults to `off`).
+          # When set to `allow-snippet-annotations` patch with "allow-snippet-annotations":"true" will be applied.
+          # When set to `annotations-risk-level-critical` patch with "annotations-risk-level":"Critical" will be applied
+          # ingress-configmap-patch: allow-snippet-annotations
           # Whether to create a secret for the docker registry. It will create a secret from file $HOME/.docker/config.json.
           # You have to login to the registry when enabling this option (defaults to false)
-          # registry-secret: "true"
+          # import-registry-secret: "true"
       - name: Helm deploy
         run: |
           helm dep up ./helm/chart