From 246bcc73c59c84914dbcb62839f4b2cb671ebd84 Mon Sep 17 00:00:00 2001
From: Dmitriy Pertsev <davaeron@gmail.com>
Date: Thu, 16 Jan 2025 10:23:50 +0300
Subject: [PATCH] Use new ingressClassName only by default (#2268)

- By default, use only `ingressClassName` for ingress class name and
corresponding field in cert-manager
- Only use old 'kubernetes.io/ingress.class' if
ingress.useOldClassAnnotation is set
- Allow for using old annotation only for backwards compatibility, eg.
for GCP
- Closes #2267 and #1570

---------

Co-authored-by: Ilya Kreymer <ikreymer@gmail.com>
---
 chart/templates/ingress.yaml | 13 +++++++++++++
 chart/values.yaml            |  6 ++++++
 2 files changed, 19 insertions(+)

diff --git a/chart/templates/ingress.yaml b/chart/templates/ingress.yaml
index 6ff01dab83..034898bf4e 100644
--- a/chart/templates/ingress.yaml
+++ b/chart/templates/ingress.yaml
@@ -7,6 +7,9 @@ metadata:
   name: ingress-main
   namespace: {{ .Release.Namespace }}
   annotations:
+    {{- if .Values.ingress.useOldClassAnnotation }}
+    kubernetes.io/ingress.class: {{ .Values.ingress_class | default "nginx" }}
+    {{- end }}
     nginx.ingress.kubernetes.io/ssl-redirect: "true"
     nginx.ingress.kubernetes.io/proxy-body-size: "0"
     nginx.ingress.kubernetes.io/proxy-request-buffering: "off"
@@ -21,7 +24,9 @@ metadata:
       proxy_set_header X-Forwarded-Proto {{ .Values.ingress.tls | ternary "https" "http" }};
 
 spec:
+  {{- if not .Values.ingress.useOldClassAnnotation }}
   ingressClassName: {{ .Values.ingress_class | default "nginx" }}
+  {{- end }}
   {{- if .Values.ingress.tls }}
   tls:
     - hosts:
@@ -58,11 +63,16 @@ metadata:
   name: ingress-authsign
   namespace: {{ .Release.Namespace }}
   annotations:
+    {{- if .Values.ingress.useOldClassAnnotation }}
+    kubernetes.io/ingress.class: {{ .Values.ingress_class | default "nginx" }}
+    {{- end }}
     nginx.ingress.kubernetes.io/ssl-redirect: "false"
     nginx.ingress.kubernetes.io/upstream-vhost: "{{ .Values.signer.host }}"
 
 spec:
+  {{- if not .Values.ingress.useOldClassAnnotation }}
   ingressClassName: {{ .Values.ingress_class | default "nginx" }}
+  {{- end }}
   rules:
   - host: {{ .Values.signer.host }}
     http:
@@ -101,8 +111,11 @@ spec:
     solvers:
     - http01:
         ingress:
+          {{- if not .Values.ingress.useOldClassAnnotation }}
           ingressClassName: {{ .Values.ingress_class | default "nginx" }}
+          {{- else }}
           class: {{ .Values.ingress_class | default "nginx" }}
+          {{- end }}
 
 {{ end }}
 {{ end }}
diff --git a/chart/values.yaml b/chart/values.yaml
index c9ad2a2132..d4c068ba59 100644
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -446,6 +446,12 @@ ingress:
   #host: ""
   cert_email: "test@example.com"
   tls: false
+
+  # If set, will use the old 'kubernetes.io/ingress.class' annotation instead of the new ingressClassName
+  # also uses old http01.ingress.class in cert-manager instead of http01.ingress.ingressClassName
+  # provided for backwards compatibility
+  useOldClassAnnotation: false
+
   # Optional: Uncomment to use your own cluster-issuer instead of default ACME https validation
   # custom_cluster_issuer: custom_cluster_issuer-name