Open Appsec helm chart automation Mon Nov 20 16:05:56 IST 2023 latest

2025-09-30 03:34:26 +03:00 · 2023-11-20 16:05:56 +02:00
parent 7f712b21e4
commit b2781d63d4
63 changed files with 698 additions and 135 deletions
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/Chart.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/Chart.yaml
@@ -1,6 +1,5 @@
 annotations:
-  artifacthub.io/changes: |
-    - "Update Ingress-Nginx version controller-v1.9.1"
+  artifacthub.io/changes: '- "Update Ingress-Nginx version controller-v1.9.4"'
  artifacthub.io/prerelease: "false"
 apiVersion: v2
 appVersion: latest
@@ -11,4 +10,4 @@ kubeVersion: '>=1.20.0-0'
 name: open-appsec-k8s-nginx-ingress
 sources:
 - https://github.com/kubernetes/ingress-nginx
-version: 4.8.1
+version: 4.8.3
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/README.md
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/README.md
@@ -2,7 +2,7 @@

 [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer

-![Version: 4.8.1](https://img.shields.io/badge/Version-4.8.1-informational?style=flat-square) ![AppVersion: 1.9.1](https://img.shields.io/badge/AppVersion-1.9.1-informational?style=flat-square)
+![Version: 4.8.3](https://img.shields.io/badge/Version-4.8.3-informational?style=flat-square) ![AppVersion: 1.9.4](https://img.shields.io/badge/AppVersion-1.9.4-informational?style=flat-square)

 To use, add `ingressClassName: nginx` spec field or the `kubernetes.io/ingress.class: nginx` annotation to your Ingress resources.

@@ -251,11 +251,11 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu
 | controller.admissionWebhooks.namespaceSelector | object | `{}` |  |
 | controller.admissionWebhooks.objectSelector | object | `{}` |  |
 | controller.admissionWebhooks.patch.enabled | bool | `true` |  |
-| controller.admissionWebhooks.patch.image.digest | string | `"sha256:543c40fd093964bc9ab509d3e791f9989963021f1e9e4c9c7b6700b02bfb227b"` |  |
+| controller.admissionWebhooks.patch.image.digest | string | `"sha256:a7943503b45d552785aa3b5e457f169a5661fb94d82b8a3373bcd9ebaf9aac80"` |  |
 | controller.admissionWebhooks.patch.image.image | string | `"ingress-nginx/kube-webhook-certgen"` |  |
 | controller.admissionWebhooks.patch.image.pullPolicy | string | `"IfNotPresent"` |  |
 | controller.admissionWebhooks.patch.image.registry | string | `"registry.k8s.io"` |  |
-| controller.admissionWebhooks.patch.image.tag | string | `"v20230407"` |  |
+| controller.admissionWebhooks.patch.image.tag | string | `"v20231011-8b53cabe0"` |  |
 | controller.admissionWebhooks.patch.labels | object | `{}` | Labels to be added to patch job resources |
 | controller.admissionWebhooks.patch.nodeSelector."kubernetes.io/os" | string | `"linux"` |  |
 | controller.admissionWebhooks.patch.podAnnotations | object | `{}` |  |
@@ -314,13 +314,13 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu
 | controller.hostname | object | `{}` | Optionally customize the pod hostname. |
 | controller.image.allowPrivilegeEscalation | bool | `true` |  |
 | controller.image.chroot | bool | `false` |  |
-| controller.image.digest | string | `"sha256:605a737877de78969493a4b1213b21de4ee425d2926906857b98050f57a95b25"` |  |
-| controller.image.digestChroot | string | `"sha256:2ac744ef08850ee86ad7162451a6879f47c1a41c6a757f6b6f913c52103b8836"` |  |
+| controller.image.digest | string | `"sha256:5b161f051d017e55d358435f295f5e9a297e66158f136321d9b04520ec6c48a3"` |  |
+| controller.image.digestChroot | string | `"sha256:5976b1067cfbca8a21d0ba53d71f83543a73316a61ea7f7e436d6cf84ddf9b26"` |  |
 | controller.image.image | string | `"ingress-nginx/controller"` |  |
 | controller.image.pullPolicy | string | `"IfNotPresent"` |  |
 | controller.image.registry | string | `"registry.k8s.io"` |  |
 | controller.image.runAsUser | int | `101` |  |
-| controller.image.tag | string | `"v1.9.1"` |  |
+| controller.image.tag | string | `"v1.9.4"` |  |
 | controller.ingressClass | string | `"nginx"` | For backwards compatibility with ingress.class annotation, use ingressClass. Algorithm is as follows, first ingressClassName is considered, if not present, controller looks for ingress.class annotation |
 | controller.ingressClassByName | bool | `false` | Process IngressClass per name (additionally as per spec.controller). |
 | controller.ingressClassResource.controllerValue | string | `"k8s.io/ingress-nginx"` | Controller-value of the controller that is processing this ingressClass |
@@ -498,6 +498,7 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu
 | defaultBackend.updateStrategy | object | `{}` | The update strategy to apply to the Deployment or DaemonSet # |
 | dhParam | string | `""` | A base64-encoded Diffie-Hellman parameter. This can be generated with: `openssl dhparam 4096 2> /dev/null | base64` # Ref: https://github.com/kubernetes/ingress-nginx/tree/main/docs/examples/customization/ssl-dh-param |
 | imagePullSecrets | list | `[]` | Optional array of imagePullSecrets containing private registry credentials # Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ |
+| namespaceOverride | string | `""` | Override the deployment namespace; defaults to .Release.Namespace |
 | podSecurityPolicy.enabled | bool | `false` |  |
 | portNamePrefix | string | `""` | Prefix for TCP and UDP ports names in ingress controller service # Some cloud providers, like Yandex Cloud may have a requirements for a port name regex to support cloud load balancer integration |
 | rbac.create | bool | `true` |  |
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/changelog/Changelog-4.8.2.md
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/changelog/Changelog-4.8.2.md
@@ -0,0 +1,10 @@
+# Changelog
+
+This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
+
+### 4.8.2
+
+* - "update nginx base, httpbun, e2e, helm webhook cert gen (#10506)"
+* - "Update Ingress-Nginx version controller-v1.9.3"
+
+**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.8.1...helm-chart-4.8.2
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/changelog/Changelog-4.8.3.md
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/changelog/Changelog-4.8.3.md
@@ -0,0 +1,8 @@
+# Changelog
+
+This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
+
+### 4.8.3
+* Update Ingress-Nginx version controller-v1.9.4
+
+**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.8.2...helm-chart-4.8.3
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/templates/_helpers.tpl
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/_helpers.tpl
@@ -30,6 +30,17 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this
 {{- end -}}
 {{- end -}}

+{{/*
+Allow the release namespace to be overridden for multi-namespace deployments in combined charts
+*/}}
+{{- define "ingress-nginx.namespace" -}}
+  {{- if .Values.namespaceOverride -}}
+    {{- .Values.namespaceOverride | trunc 63 | trimSuffix "-" -}}
+  {{- else -}}
+    {{- .Release.Namespace -}}
+  {{- end -}}
+{{- end -}}
+

 {{/*
 Container SecurityContext.
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/templates/admission-webhooks/cert-manager.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/admission-webhooks/cert-manager.yaml
@@ -6,7 +6,7 @@ apiVersion: cert-manager.io/v1
 kind: Issuer
 metadata:
  name: {{ include "ingress-nginx.fullname" . }}-self-signed-issuer
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "ingress-nginx.namespace" . }}
 spec:
  selfSigned: {}
 ---
@@ -15,7 +15,7 @@ apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
  name: {{ include "ingress-nginx.fullname" . }}-root-cert
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "ingress-nginx.namespace" . }}
 spec:
  secretName: {{ include "ingress-nginx.fullname" . }}-root-cert
  duration: {{ .Values.controller.admissionWebhooks.certManager.rootCert.duration | default "43800h0m0s" | quote }}
@@ -32,7 +32,7 @@ apiVersion: cert-manager.io/v1
 kind: Issuer
 metadata:
  name: {{ include "ingress-nginx.fullname" . }}-root-issuer
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "ingress-nginx.namespace" . }}
 spec:
  ca:
    secretName: {{ include "ingress-nginx.fullname" . }}-root-cert
@@ -43,7 +43,7 @@ apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
  name: {{ include "ingress-nginx.fullname" . }}-admission
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "ingress-nginx.namespace" . }}
 spec:
  secretName: {{ include "ingress-nginx.fullname" . }}-admission
  duration: {{ .Values.controller.admissionWebhooks.certManager.admissionCert.duration | default "8760h0m0s" | quote }}
@@ -55,8 +55,8 @@ spec:
    {{- end }}
  dnsNames:
    - {{ include "ingress-nginx.controller.fullname" . }}-admission
-    - {{ include "ingress-nginx.controller.fullname" . }}-admission.{{ .Release.Namespace }}
-    - {{ include "ingress-nginx.controller.fullname" . }}-admission.{{ .Release.Namespace }}.svc
+    - {{ include "ingress-nginx.controller.fullname" . }}-admission.{{ include "ingress-nginx.namespace" . }}
+    - {{ include "ingress-nginx.controller.fullname" . }}-admission.{{ include "ingress-nginx.namespace" . }}.svc
  subject:
    organizations:
      - ingress-nginx-admission
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/templates/admission-webhooks/job-patch/clusterrolebinding.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/admission-webhooks/job-patch/clusterrolebinding.yaml
@@ -19,5 +19,5 @@ roleRef:
 subjects:
  - kind: ServiceAccount
    name: {{ include "ingress-nginx.fullname" . }}-admission
-    namespace: {{ .Release.Namespace | quote }}
+    namespace: {{ (include "ingress-nginx.namespace" .) | quote }}
 {{- end }}
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/templates/admission-webhooks/job-patch/job-createSecret.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/admission-webhooks/job-patch/job-createSecret.yaml
@@ -3,7 +3,7 @@ apiVersion: batch/v1
 kind: Job
 metadata:
  name: {{ include "ingress-nginx.fullname" . }}-admission-create
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "ingress-nginx.namespace" . }}
  annotations:
    "helm.sh/hook": pre-install,pre-upgrade
    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/templates/admission-webhooks/job-patch/job-patchWebhook.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/admission-webhooks/job-patch/job-patchWebhook.yaml
@@ -3,7 +3,7 @@ apiVersion: batch/v1
 kind: Job
 metadata:
  name: {{ include "ingress-nginx.fullname" . }}-admission-patch
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "ingress-nginx.namespace" . }}
  annotations:
    "helm.sh/hook": post-install,post-upgrade
    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/templates/admission-webhooks/job-patch/networkpolicy.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/admission-webhooks/job-patch/networkpolicy.yaml
@@ -3,7 +3,7 @@ apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
 metadata:
  name: {{ include "ingress-nginx.fullname" . }}-admission
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "ingress-nginx.namespace" . }}
  annotations:
    "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/templates/admission-webhooks/job-patch/role.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/admission-webhooks/job-patch/role.yaml
@@ -2,8 +2,8 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
-  name: {{ include "ingress-nginx.fullname" . }}-admission
-  namespace: {{ .Release.Namespace }}
+  name:  {{ include "ingress-nginx.fullname" . }}-admission
+  namespace: {{ include "ingress-nginx.namespace" . }}
  annotations:
    "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/templates/admission-webhooks/job-patch/rolebinding.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/admission-webhooks/job-patch/rolebinding.yaml
@@ -3,7 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
  name: {{ include "ingress-nginx.fullname" . }}-admission
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "ingress-nginx.namespace" . }}
  annotations:
    "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
@@ -20,5 +20,5 @@ roleRef:
 subjects:
  - kind: ServiceAccount
    name: {{ include "ingress-nginx.fullname" . }}-admission
-    namespace: {{ .Release.Namespace | quote }}
+    namespace: {{ (include "ingress-nginx.namespace" .) | quote }}
 {{- end }}
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/templates/admission-webhooks/job-patch/serviceaccount.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/admission-webhooks/job-patch/serviceaccount.yaml
@@ -3,7 +3,7 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: {{ include "ingress-nginx.fullname" . }}-admission
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "ingress-nginx.namespace" . }}
  annotations:
    "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/templates/admission-webhooks/validating-webhook.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/admission-webhooks/validating-webhook.yaml
@@ -38,7 +38,7 @@ webhooks:
      - v1
    clientConfig:
      service:
-        namespace: {{ .Release.Namespace | quote }}
+        namespace: {{ (include "ingress-nginx.namespace" .) | quote }}
        name: {{ include "ingress-nginx.controller.fullname" . }}-admission
        path: /networking/v1/ingresses
    {{- if .Values.controller.admissionWebhooks.timeoutSeconds }}
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/templates/appsec.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/appsec.yaml
@@ -18,7 +18,7 @@ metadata:
    {{- toYaml . | nindent 4 }}
    {{- end }}
  name: {{ include "ingress-nginx.controller.fullname" . }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "ingress-nginx.namespace" . }}
  {{- if .Values.controller.annotations }}
  annotations: {{ toYaml .Values.controller.annotations | nindent 4 }}
  {{- end }}
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/templates/clusterrolebinding.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/clusterrolebinding.yaml
@@ -15,5 +15,5 @@ roleRef:
 subjects:
  - kind: ServiceAccount
    name: {{ template "ingress-nginx.serviceAccountName" . }}
-    namespace: {{ .Release.Namespace | quote }}
+    namespace: {{ (include "ingress-nginx.namespace" .) | quote }}
 {{- end }}
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/templates/controller-configmap-addheaders.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/controller-configmap-addheaders.yaml
@@ -9,6 +9,6 @@ metadata:
    {{- toYaml . | nindent 4 }}
    {{- end }}
  name: {{ include "ingress-nginx.fullname" . }}-custom-add-headers
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "ingress-nginx.namespace" . }}
 data: {{ toYaml .Values.controller.addHeaders | nindent 2 }}
 {{- end }}
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/templates/controller-configmap-proxyheaders.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/controller-configmap-proxyheaders.yaml
@@ -9,6 +9,6 @@ metadata:
    {{- toYaml . | nindent 4 }}
    {{- end }}
  name: {{ include "ingress-nginx.fullname" . }}-custom-proxy-headers
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "ingress-nginx.namespace" . }}
 data: {{ toYaml .Values.controller.proxySetHeaders | nindent 2 }}
 {{- end }}
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/templates/controller-configmap-tcp.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/controller-configmap-tcp.yaml
@@ -12,6 +12,6 @@ metadata:
  annotations: {{ toYaml .Values.controller.tcp.annotations | nindent 4 }}
 {{- end }}
  name: {{ include "ingress-nginx.fullname" . }}-tcp
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "ingress-nginx.namespace" . }}
 data: {{ tpl (toYaml .Values.tcp) . | nindent 2 }}
 {{- end }}
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/templates/controller-configmap-udp.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/controller-configmap-udp.yaml
@@ -12,6 +12,6 @@ metadata:
  annotations: {{ toYaml .Values.controller.udp.annotations | nindent 4 }}
 {{- end }}
  name: {{ include "ingress-nginx.fullname" . }}-udp
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "ingress-nginx.namespace" . }}
 data: {{ tpl (toYaml .Values.udp) . | nindent 2 }}
 {{- end }}
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/templates/controller-configmap.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/controller-configmap.yaml
@@ -11,17 +11,17 @@ metadata:
  annotations: {{ toYaml .Values.controller.configAnnotations | nindent 4 }}
 {{- end }}
  name: {{ include "ingress-nginx.controller.fullname" . }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "ingress-nginx.namespace" . }}
 data:
  allow-snippet-annotations: "{{ .Values.controller.allowSnippetAnnotations }}"
 {{- if .Values.controller.addHeaders }}
-  add-headers: {{ .Release.Namespace }}/{{ include "ingress-nginx.fullname" . }}-custom-add-headers
+  add-headers: {{ include "ingress-nginx.namespace" . }}/{{ include "ingress-nginx.fullname" . }}-custom-add-headers
 {{- end }}
 {{- if .Values.controller.proxySetHeaders }}
-  proxy-set-headers: {{ .Release.Namespace }}/{{ include "ingress-nginx.fullname" . }}-custom-proxy-headers
+  proxy-set-headers: {{ include "ingress-nginx.namespace" . }}/{{ include "ingress-nginx.fullname" . }}-custom-proxy-headers
 {{- end }}
 {{- if .Values.dhParam }}
-  ssl-dh-param: {{ .Release.Namespace }}/{{ include "ingress-nginx.controller.fullname" . }}
+  ssl-dh-param: {{ include "ingress-nginx.namespace" . }}/{{ include "ingress-nginx.controller.fullname" . }}
 {{- end }}
 {{- range $key, $value := .Values.controller.config }}
  {{- $key | nindent 2 }}: {{ $value | quote }}
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/templates/controller-daemonset.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/controller-daemonset.yaml
@@ -1,4 +1,4 @@
-{{- if and (eq .Values.kind "Vanilla") (or (eq .Values.controller.kind "DaemonSet") (eq .Values.controller.kind "Both")) -}}
+{{- if and (eq .Values.kind "Vanilla") (eq .Values.controller.kind "DaemonSet") -}}
 {{- include  "isControllerTagValid" . -}}
 apiVersion: apps/v1
 kind: DaemonSet
@@ -10,7 +10,7 @@ metadata:
    {{- toYaml . | nindent 4 }}
    {{- end }}
  name: {{ include "ingress-nginx.controller.fullname" . }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "ingress-nginx.namespace" . }}
  {{- if .Values.controller.annotations }}
  annotations: {{ toYaml .Values.controller.annotations | nindent 4 }}
  {{- end }}
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/templates/controller-deployment.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/controller-deployment.yaml
@@ -1,4 +1,4 @@
-{{- if and (eq .Values.kind "Vanilla") (or (eq .Values.controller.kind "Deployment") (eq .Values.controller.kind "Both")) -}}
+{{- if and (eq .Values.kind "Vanilla") (eq .Values.controller.kind "Deployment") -}}
 {{- include  "isControllerTagValid" . -}}
 apiVersion: apps/v1
 kind: Deployment
@@ -10,7 +10,7 @@ metadata:
    {{- toYaml . | nindent 4 }}
    {{- end }}
  name: {{ include "ingress-nginx.controller.fullname" . }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "ingress-nginx.namespace" . }}
  {{- if .Values.controller.annotations }}
  annotations: {{ toYaml .Values.controller.annotations | nindent 4 }}
  {{- end }}
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/templates/controller-hpa.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/controller-hpa.yaml
@@ -1,4 +1,4 @@
-{{- if and (or (eq .Values.controller.kind "Deployment") (eq .Values.controller.kind "Both")) .Values.controller.autoscaling.enabled (not .Values.controller.keda.enabled) -}}
+{{- if and (eq .Values.controller.kind "Deployment") .Values.controller.autoscaling.enabled (not .Values.controller.keda.enabled) -}}
 apiVersion: {{ ternary "autoscaling/v2" "autoscaling/v2beta2" (.Capabilities.APIVersions.Has "autoscaling/v2") }}
 kind: HorizontalPodAutoscaler
 metadata:
@@ -12,7 +12,7 @@ metadata:
    {{- toYaml . | nindent 4 }}
    {{- end }}
  name: {{ include "ingress-nginx.controller.fullname" . }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "ingress-nginx.namespace" . }}
 spec:
  scaleTargetRef:
    apiVersion: apps/v1
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/templates/controller-keda.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/controller-keda.yaml
@@ -1,4 +1,4 @@
-{{- if and .Values.controller.keda.enabled (or (eq .Values.controller.kind "Deployment") (eq .Values.controller.kind "Both")) -}}
+{{- if and .Values.controller.keda.enabled (eq .Values.controller.kind "Deployment") -}}
 # https://keda.sh/docs/

 apiVersion: {{ .Values.controller.keda.apiVersion }}
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/templates/controller-networkpolicy.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/controller-networkpolicy.yaml
@@ -9,7 +9,7 @@ metadata:
    {{- toYaml . | nindent 4 }}
    {{- end }}
  name: {{ include "ingress-nginx.controller.fullname" . }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "ingress-nginx.namespace" . }}
 spec:
  podSelector:
    matchLabels:
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/templates/controller-poddisruptionbudget.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/controller-poddisruptionbudget.yaml
@@ -9,7 +9,7 @@ metadata:
    {{- toYaml . | nindent 4 }}
    {{- end }}
  name: {{ include "ingress-nginx.controller.fullname" . }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "ingress-nginx.namespace" . }}
  {{- if .Values.controller.annotations }}
  annotations: {{ toYaml .Values.controller.annotations | nindent 4 }}
  {{- end }}
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/templates/controller-role.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/controller-role.yaml
@@ -9,7 +9,7 @@ metadata:
    {{- toYaml . | nindent 4 }}
    {{- end }}
  name: {{ include "ingress-nginx.fullname" . }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "ingress-nginx.namespace" . }}
 rules:
  - apiGroups:
      - ""
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/templates/controller-rolebinding.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/controller-rolebinding.yaml
@@ -9,7 +9,7 @@ metadata:
    {{- toYaml . | nindent 4 }}
    {{- end }}
  name: {{ include "ingress-nginx.fullname" . }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "ingress-nginx.namespace" . }}
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
@@ -17,5 +17,5 @@ roleRef:
 subjects:
  - kind: ServiceAccount
    name: {{ template "ingress-nginx.serviceAccountName" . }}
-    namespace: {{ .Release.Namespace | quote }}
+    namespace: {{ (include "ingress-nginx.namespace" .) | quote }}
 {{- end }}
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/templates/controller-secret.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/controller-secret.yaml
@@ -9,7 +9,7 @@ metadata:
    {{- toYaml . | nindent 4 }}
    {{- end }}
  name: {{ include "ingress-nginx.controller.fullname" . }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "ingress-nginx.namespace" . }}
 data:
  dhparam.pem: {{ .Values.dhParam }}
 {{- end }}
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/templates/controller-service-internal.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/controller-service-internal.yaml
@@ -13,7 +13,7 @@ metadata:
    {{- toYaml .Values.controller.service.labels | nindent 4 }}
  {{- end }}
  name: {{ include "ingress-nginx.controller.fullname" . }}-internal
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "ingress-nginx.namespace" . }}
 spec:
  type: "{{ .Values.controller.service.type }}"
 {{- if .Values.controller.service.internal.loadBalancerIP }}
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/templates/controller-service-metrics.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/controller-service-metrics.yaml
@@ -12,7 +12,7 @@ metadata:
    {{- toYaml .Values.controller.metrics.service.labels | nindent 4 }}
  {{- end }}
  name: {{ include "ingress-nginx.controller.fullname" . }}-metrics
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "ingress-nginx.namespace" . }}
 spec:
  type: {{ .Values.controller.metrics.service.type }}
 {{- if .Values.controller.metrics.service.clusterIP }}
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/templates/controller-service-webhook.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/controller-service-webhook.yaml
@@ -12,7 +12,7 @@ metadata:
    {{- toYaml . | nindent 4 }}
    {{- end }}
  name: {{ include "ingress-nginx.controller.fullname" . }}-admission
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "ingress-nginx.namespace" . }}
 spec:
  type: {{ .Values.controller.admissionWebhooks.service.type }}
 {{- if .Values.controller.admissionWebhooks.service.clusterIP }}
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/templates/controller-service.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/controller-service.yaml
@@ -13,7 +13,7 @@ metadata:
    {{- toYaml .Values.controller.service.labels | nindent 4 }}
  {{- end }}
  name: {{ include "ingress-nginx.controller.fullname" . }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "ingress-nginx.namespace" . }}
 spec:
  type: {{ .Values.controller.service.type }}
 {{- if .Values.controller.service.clusterIP }}
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/templates/controller-serviceaccount.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/controller-serviceaccount.yaml
@@ -9,7 +9,7 @@ metadata:
    {{- toYaml . | nindent 4 }}
    {{- end }}
  name: {{ template "ingress-nginx.serviceAccountName" . }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "ingress-nginx.namespace" . }}
  {{- if .Values.serviceAccount.annotations }}
  annotations: {{ toYaml .Values.serviceAccount.annotations | nindent 4 }}
  {{- end }}
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/templates/controller-servicemonitor.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/controller-servicemonitor.yaml
@@ -6,7 +6,7 @@ metadata:
 {{- if .Values.controller.metrics.serviceMonitor.namespace }}
  namespace: {{ .Values.controller.metrics.serviceMonitor.namespace | quote }}
 {{- else }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "ingress-nginx.namespace" . }}
 {{- end }}
  labels:
    {{- include "ingress-nginx.labels" . | nindent 4 }}
@@ -35,7 +35,7 @@ spec:
 {{- else }}
  namespaceSelector:
    matchNames:
-      - {{ .Release.Namespace }}
+      - {{ include "ingress-nginx.namespace" . }}
 {{- end }}
 {{- if .Values.controller.metrics.serviceMonitor.targetLabels }}
  targetLabels:
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/templates/default-backend-deployment.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/default-backend-deployment.yaml
@@ -9,7 +9,7 @@ metadata:
    {{- toYaml . | nindent 4 }}
    {{- end }}
  name: {{ include "ingress-nginx.defaultBackend.fullname" . }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "ingress-nginx.namespace" . }}
 spec:
  selector:
    matchLabels:
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/templates/default-backend-hpa.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/default-backend-hpa.yaml
@@ -12,7 +12,7 @@ metadata:
    {{- toYaml . | nindent 4 }}
    {{- end }}
  name: {{ include "ingress-nginx.defaultBackend.fullname" . }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "ingress-nginx.namespace" . }}
 spec:
  scaleTargetRef:
    apiVersion: apps/v1
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/templates/default-backend-networkpolicy.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/default-backend-networkpolicy.yaml
@@ -9,7 +9,7 @@ metadata:
    {{- toYaml . | nindent 4 }}
    {{- end }}
  name: {{ include "ingress-nginx.defaultBackend.fullname" . }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "ingress-nginx.namespace" . }}
 spec:
  podSelector:
    matchLabels:
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/templates/default-backend-poddisruptionbudget.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/default-backend-poddisruptionbudget.yaml
@@ -10,7 +10,7 @@ metadata:
    {{- toYaml . | nindent 4 }}
    {{- end }}
  name: {{ include "ingress-nginx.defaultBackend.fullname" . }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "ingress-nginx.namespace" . }}
 spec:
  selector:
    matchLabels:
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/templates/default-backend-role.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/default-backend-role.yaml
@@ -9,7 +9,7 @@ metadata:
    {{- toYaml . | nindent 4 }}
    {{- end }}
  name: {{ include "ingress-nginx.fullname" . }}-backend
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "ingress-nginx.namespace" . }}
 rules:
  - apiGroups:      [{{ template "podSecurityPolicy.apiGroup" . }}]
    resources:      ['podsecuritypolicies']
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/templates/default-backend-rolebinding.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/default-backend-rolebinding.yaml
@@ -9,7 +9,7 @@ metadata:
    {{- toYaml . | nindent 4 }}
    {{- end }}
  name: {{ include "ingress-nginx.fullname" . }}-backend
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "ingress-nginx.namespace" . }}
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
@@ -17,5 +17,5 @@ roleRef:
 subjects:
  - kind: ServiceAccount
    name: {{ template "ingress-nginx.defaultBackend.serviceAccountName" . }}
-    namespace: {{ .Release.Namespace | quote }}
+    namespace: {{ (include "ingress-nginx.namespace" .) | quote }}
 {{- end }}
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/templates/default-backend-service.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/default-backend-service.yaml
@@ -12,7 +12,7 @@ metadata:
    {{- toYaml . | nindent 4 }}
    {{- end }}
  name: {{ include "ingress-nginx.defaultBackend.fullname" . }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "ingress-nginx.namespace" . }}
 spec:
  type: {{ .Values.defaultBackend.service.type }}
 {{- if .Values.defaultBackend.service.clusterIP }}
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/templates/default-backend-serviceaccount.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/default-backend-serviceaccount.yaml
@@ -9,6 +9,6 @@ metadata:
    {{- toYaml . | nindent 4 }}
    {{- end }}
  name: {{ template "ingress-nginx.defaultBackend.serviceAccountName" . }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "ingress-nginx.namespace" . }}
 automountServiceAccountToken: {{ .Values.defaultBackend.serviceAccount.automountServiceAccountToken }}
 {{- end }}
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/values.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/values.yaml
@@ -7,6 +7,9 @@
 # nameOverride:
 # fullnameOverride:

+# -- Override the deployment namespace; defaults to .Release.Namespace
+namespaceOverride: ""
+
 ## Labels to apply to all resources
 ##
 commonLabels: {}
@@ -24,9 +27,9 @@ controller:
    ## for backwards compatibility consider setting the full image url via the repository value below
    ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail
    ## repository:
-    tag: "v1.9.1"
-    digest: sha256:605a737877de78969493a4b1213b21de4ee425d2926906857b98050f57a95b25
-    digestChroot: sha256:2ac744ef08850ee86ad7162451a6879f47c1a41c6a757f6b6f913c52103b8836
+    tag: "v1.9.4"
+    digest: sha256:5b161f051d017e55d358435f295f5e9a297e66158f136321d9b04520ec6c48a3
+    digestChroot: sha256:5976b1067cfbca8a21d0ba53d71f83543a73316a61ea7f7e436d6cf84ddf9b26
    pullPolicy: IfNotPresent
    # www-data -> uid 101
    runAsUser: 101
@@ -640,8 +643,8 @@ controller:
        ## for backwards compatibility consider setting the full image url via the repository value below
        ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail
        ## repository:
-        tag: v20230407
-        digest: sha256:543c40fd093964bc9ab509d3e791f9989963021f1e9e4c9c7b6700b02bfb227b
+        tag: v20231011-8b53cabe0
+        digest: sha256:a7943503b45d552785aa3b5e457f169a5661fb94d82b8a3373bcd9ebaf9aac80
        pullPolicy: IfNotPresent
      # -- Provide a priority class name to the webhook patching job
      ##
@@ -699,7 +702,7 @@ controller:
      ## jobLabel: "app.kubernetes.io/name"
      namespace: ""
      namespaceSelector: {}
-      ## Default: scrape .Release.Namespace only
+      ## Default: scrape .Release.Namespace or namespaceOverride only
      ## To scrape all, use the following:
      ## namespaceSelector:
      ##   any: true