Open Appsec helm chart automation Mon Nov 20 16:05:56 IST 2023 latest

2025-09-30 03:34:26 +03:00 · 2023-11-20 16:05:56 +02:00
parent 7f712b21e4
commit b2781d63d4
63 changed files with 698 additions and 135 deletions
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/templates/_helpers.tpl
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/_helpers.tpl
@@ -30,6 +30,17 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this
 {{- end -}}
 {{- end -}}

+{{/*
+Allow the release namespace to be overridden for multi-namespace deployments in combined charts
+*/}}
+{{- define "ingress-nginx.namespace" -}}
+  {{- if .Values.namespaceOverride -}}
+    {{- .Values.namespaceOverride | trunc 63 | trimSuffix "-" -}}
+  {{- else -}}
+    {{- .Release.Namespace -}}
+  {{- end -}}
+{{- end -}}
+

 {{/*
 Container SecurityContext.
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/templates/admission-webhooks/cert-manager.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/admission-webhooks/cert-manager.yaml
@@ -6,7 +6,7 @@ apiVersion: cert-manager.io/v1
 kind: Issuer
 metadata:
  name: {{ include "ingress-nginx.fullname" . }}-self-signed-issuer
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "ingress-nginx.namespace" . }}
 spec:
  selfSigned: {}
 ---
@@ -15,7 +15,7 @@ apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
  name: {{ include "ingress-nginx.fullname" . }}-root-cert
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "ingress-nginx.namespace" . }}
 spec:
  secretName: {{ include "ingress-nginx.fullname" . }}-root-cert
  duration: {{ .Values.controller.admissionWebhooks.certManager.rootCert.duration | default "43800h0m0s" | quote }}
@@ -32,7 +32,7 @@ apiVersion: cert-manager.io/v1
 kind: Issuer
 metadata:
  name: {{ include "ingress-nginx.fullname" . }}-root-issuer
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "ingress-nginx.namespace" . }}
 spec:
  ca:
    secretName: {{ include "ingress-nginx.fullname" . }}-root-cert
@@ -43,7 +43,7 @@ apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
  name: {{ include "ingress-nginx.fullname" . }}-admission
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "ingress-nginx.namespace" . }}
 spec:
  secretName: {{ include "ingress-nginx.fullname" . }}-admission
  duration: {{ .Values.controller.admissionWebhooks.certManager.admissionCert.duration | default "8760h0m0s" | quote }}
@@ -55,8 +55,8 @@ spec:
    {{- end }}
  dnsNames:
    - {{ include "ingress-nginx.controller.fullname" . }}-admission
-    - {{ include "ingress-nginx.controller.fullname" . }}-admission.{{ .Release.Namespace }}
-    - {{ include "ingress-nginx.controller.fullname" . }}-admission.{{ .Release.Namespace }}.svc
+    - {{ include "ingress-nginx.controller.fullname" . }}-admission.{{ include "ingress-nginx.namespace" . }}
+    - {{ include "ingress-nginx.controller.fullname" . }}-admission.{{ include "ingress-nginx.namespace" . }}.svc
  subject:
    organizations:
      - ingress-nginx-admission
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/templates/admission-webhooks/job-patch/clusterrolebinding.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/admission-webhooks/job-patch/clusterrolebinding.yaml
@@ -19,5 +19,5 @@ roleRef:
 subjects:
  - kind: ServiceAccount
    name: {{ include "ingress-nginx.fullname" . }}-admission
-    namespace: {{ .Release.Namespace | quote }}
+    namespace: {{ (include "ingress-nginx.namespace" .) | quote }}
 {{- end }}
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/templates/admission-webhooks/job-patch/job-createSecret.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/admission-webhooks/job-patch/job-createSecret.yaml
@@ -3,7 +3,7 @@ apiVersion: batch/v1
 kind: Job
 metadata:
  name: {{ include "ingress-nginx.fullname" . }}-admission-create
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "ingress-nginx.namespace" . }}
  annotations:
    "helm.sh/hook": pre-install,pre-upgrade
    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/templates/admission-webhooks/job-patch/job-patchWebhook.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/admission-webhooks/job-patch/job-patchWebhook.yaml
@@ -3,7 +3,7 @@ apiVersion: batch/v1
 kind: Job
 metadata:
  name: {{ include "ingress-nginx.fullname" . }}-admission-patch
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "ingress-nginx.namespace" . }}
  annotations:
    "helm.sh/hook": post-install,post-upgrade
    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/templates/admission-webhooks/job-patch/networkpolicy.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/admission-webhooks/job-patch/networkpolicy.yaml
@@ -3,7 +3,7 @@ apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
 metadata:
  name: {{ include "ingress-nginx.fullname" . }}-admission
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "ingress-nginx.namespace" . }}
  annotations:
    "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/templates/admission-webhooks/job-patch/role.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/admission-webhooks/job-patch/role.yaml
@@ -2,8 +2,8 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
-  name: {{ include "ingress-nginx.fullname" . }}-admission
-  namespace: {{ .Release.Namespace }}
+  name:  {{ include "ingress-nginx.fullname" . }}-admission
+  namespace: {{ include "ingress-nginx.namespace" . }}
  annotations:
    "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/templates/admission-webhooks/job-patch/rolebinding.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/admission-webhooks/job-patch/rolebinding.yaml
@@ -3,7 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
  name: {{ include "ingress-nginx.fullname" . }}-admission
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "ingress-nginx.namespace" . }}
  annotations:
    "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
@@ -20,5 +20,5 @@ roleRef:
 subjects:
  - kind: ServiceAccount
    name: {{ include "ingress-nginx.fullname" . }}-admission
-    namespace: {{ .Release.Namespace | quote }}
+    namespace: {{ (include "ingress-nginx.namespace" .) | quote }}
 {{- end }}
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/templates/admission-webhooks/job-patch/serviceaccount.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/admission-webhooks/job-patch/serviceaccount.yaml
@@ -3,7 +3,7 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: {{ include "ingress-nginx.fullname" . }}-admission
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "ingress-nginx.namespace" . }}
  annotations:
    "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/templates/admission-webhooks/validating-webhook.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/admission-webhooks/validating-webhook.yaml
@@ -38,7 +38,7 @@ webhooks:
      - v1
    clientConfig:
      service:
-        namespace: {{ .Release.Namespace | quote }}
+        namespace: {{ (include "ingress-nginx.namespace" .) | quote }}
        name: {{ include "ingress-nginx.controller.fullname" . }}-admission
        path: /networking/v1/ingresses
    {{- if .Values.controller.admissionWebhooks.timeoutSeconds }}
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/templates/appsec.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/appsec.yaml
@@ -18,7 +18,7 @@ metadata:
    {{- toYaml . | nindent 4 }}
    {{- end }}
  name: {{ include "ingress-nginx.controller.fullname" . }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "ingress-nginx.namespace" . }}
  {{- if .Values.controller.annotations }}
  annotations: {{ toYaml .Values.controller.annotations | nindent 4 }}
  {{- end }}
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/templates/clusterrolebinding.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/clusterrolebinding.yaml
@@ -15,5 +15,5 @@ roleRef:
 subjects:
  - kind: ServiceAccount
    name: {{ template "ingress-nginx.serviceAccountName" . }}
-    namespace: {{ .Release.Namespace | quote }}
+    namespace: {{ (include "ingress-nginx.namespace" .) | quote }}
 {{- end }}
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/templates/controller-configmap-addheaders.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/controller-configmap-addheaders.yaml
@@ -9,6 +9,6 @@ metadata:
    {{- toYaml . | nindent 4 }}
    {{- end }}
  name: {{ include "ingress-nginx.fullname" . }}-custom-add-headers
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "ingress-nginx.namespace" . }}
 data: {{ toYaml .Values.controller.addHeaders | nindent 2 }}
 {{- end }}
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/templates/controller-configmap-proxyheaders.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/controller-configmap-proxyheaders.yaml
@@ -9,6 +9,6 @@ metadata:
    {{- toYaml . | nindent 4 }}
    {{- end }}
  name: {{ include "ingress-nginx.fullname" . }}-custom-proxy-headers
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "ingress-nginx.namespace" . }}
 data: {{ toYaml .Values.controller.proxySetHeaders | nindent 2 }}
 {{- end }}
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/templates/controller-configmap-tcp.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/controller-configmap-tcp.yaml
@@ -12,6 +12,6 @@ metadata:
  annotations: {{ toYaml .Values.controller.tcp.annotations | nindent 4 }}
 {{- end }}
  name: {{ include "ingress-nginx.fullname" . }}-tcp
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "ingress-nginx.namespace" . }}
 data: {{ tpl (toYaml .Values.tcp) . | nindent 2 }}
 {{- end }}
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/templates/controller-configmap-udp.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/controller-configmap-udp.yaml
@@ -12,6 +12,6 @@ metadata:
  annotations: {{ toYaml .Values.controller.udp.annotations | nindent 4 }}
 {{- end }}
  name: {{ include "ingress-nginx.fullname" . }}-udp
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "ingress-nginx.namespace" . }}
 data: {{ tpl (toYaml .Values.udp) . | nindent 2 }}
 {{- end }}
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/templates/controller-configmap.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/controller-configmap.yaml
@@ -11,17 +11,17 @@ metadata:
  annotations: {{ toYaml .Values.controller.configAnnotations | nindent 4 }}
 {{- end }}
  name: {{ include "ingress-nginx.controller.fullname" . }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "ingress-nginx.namespace" . }}
 data:
  allow-snippet-annotations: "{{ .Values.controller.allowSnippetAnnotations }}"
 {{- if .Values.controller.addHeaders }}
-  add-headers: {{ .Release.Namespace }}/{{ include "ingress-nginx.fullname" . }}-custom-add-headers
+  add-headers: {{ include "ingress-nginx.namespace" . }}/{{ include "ingress-nginx.fullname" . }}-custom-add-headers
 {{- end }}
 {{- if .Values.controller.proxySetHeaders }}
-  proxy-set-headers: {{ .Release.Namespace }}/{{ include "ingress-nginx.fullname" . }}-custom-proxy-headers
+  proxy-set-headers: {{ include "ingress-nginx.namespace" . }}/{{ include "ingress-nginx.fullname" . }}-custom-proxy-headers
 {{- end }}
 {{- if .Values.dhParam }}
-  ssl-dh-param: {{ .Release.Namespace }}/{{ include "ingress-nginx.controller.fullname" . }}
+  ssl-dh-param: {{ include "ingress-nginx.namespace" . }}/{{ include "ingress-nginx.controller.fullname" . }}
 {{- end }}
 {{- range $key, $value := .Values.controller.config }}
  {{- $key | nindent 2 }}: {{ $value | quote }}
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/templates/controller-daemonset.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/controller-daemonset.yaml
@@ -1,4 +1,4 @@
-{{- if and (eq .Values.kind "Vanilla") (or (eq .Values.controller.kind "DaemonSet") (eq .Values.controller.kind "Both")) -}}
+{{- if and (eq .Values.kind "Vanilla") (eq .Values.controller.kind "DaemonSet") -}}
 {{- include  "isControllerTagValid" . -}}
 apiVersion: apps/v1
 kind: DaemonSet
@@ -10,7 +10,7 @@ metadata:
    {{- toYaml . | nindent 4 }}
    {{- end }}
  name: {{ include "ingress-nginx.controller.fullname" . }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "ingress-nginx.namespace" . }}
  {{- if .Values.controller.annotations }}
  annotations: {{ toYaml .Values.controller.annotations | nindent 4 }}
  {{- end }}
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/templates/controller-deployment.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/controller-deployment.yaml
@@ -1,4 +1,4 @@
-{{- if and (eq .Values.kind "Vanilla") (or (eq .Values.controller.kind "Deployment") (eq .Values.controller.kind "Both")) -}}
+{{- if and (eq .Values.kind "Vanilla") (eq .Values.controller.kind "Deployment") -}}
 {{- include  "isControllerTagValid" . -}}
 apiVersion: apps/v1
 kind: Deployment
@@ -10,7 +10,7 @@ metadata:
    {{- toYaml . | nindent 4 }}
    {{- end }}
  name: {{ include "ingress-nginx.controller.fullname" . }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "ingress-nginx.namespace" . }}
  {{- if .Values.controller.annotations }}
  annotations: {{ toYaml .Values.controller.annotations | nindent 4 }}
  {{- end }}
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/templates/controller-hpa.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/controller-hpa.yaml
@@ -1,4 +1,4 @@
-{{- if and (or (eq .Values.controller.kind "Deployment") (eq .Values.controller.kind "Both")) .Values.controller.autoscaling.enabled (not .Values.controller.keda.enabled) -}}
+{{- if and (eq .Values.controller.kind "Deployment") .Values.controller.autoscaling.enabled (not .Values.controller.keda.enabled) -}}
 apiVersion: {{ ternary "autoscaling/v2" "autoscaling/v2beta2" (.Capabilities.APIVersions.Has "autoscaling/v2") }}
 kind: HorizontalPodAutoscaler
 metadata:
@@ -12,7 +12,7 @@ metadata:
    {{- toYaml . | nindent 4 }}
    {{- end }}
  name: {{ include "ingress-nginx.controller.fullname" . }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "ingress-nginx.namespace" . }}
 spec:
  scaleTargetRef:
    apiVersion: apps/v1
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/templates/controller-keda.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/controller-keda.yaml
@@ -1,4 +1,4 @@
-{{- if and .Values.controller.keda.enabled (or (eq .Values.controller.kind "Deployment") (eq .Values.controller.kind "Both")) -}}
+{{- if and .Values.controller.keda.enabled (eq .Values.controller.kind "Deployment") -}}
 # https://keda.sh/docs/

 apiVersion: {{ .Values.controller.keda.apiVersion }}
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/templates/controller-networkpolicy.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/controller-networkpolicy.yaml
@@ -9,7 +9,7 @@ metadata:
    {{- toYaml . | nindent 4 }}
    {{- end }}
  name: {{ include "ingress-nginx.controller.fullname" . }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "ingress-nginx.namespace" . }}
 spec:
  podSelector:
    matchLabels:
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/templates/controller-poddisruptionbudget.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/controller-poddisruptionbudget.yaml
@@ -9,7 +9,7 @@ metadata:
    {{- toYaml . | nindent 4 }}
    {{- end }}
  name: {{ include "ingress-nginx.controller.fullname" . }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "ingress-nginx.namespace" . }}
  {{- if .Values.controller.annotations }}
  annotations: {{ toYaml .Values.controller.annotations | nindent 4 }}
  {{- end }}
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/templates/controller-role.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/controller-role.yaml
@@ -9,7 +9,7 @@ metadata:
    {{- toYaml . | nindent 4 }}
    {{- end }}
  name: {{ include "ingress-nginx.fullname" . }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "ingress-nginx.namespace" . }}
 rules:
  - apiGroups:
      - ""
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/templates/controller-rolebinding.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/controller-rolebinding.yaml
@@ -9,7 +9,7 @@ metadata:
    {{- toYaml . | nindent 4 }}
    {{- end }}
  name: {{ include "ingress-nginx.fullname" . }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "ingress-nginx.namespace" . }}
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
@@ -17,5 +17,5 @@ roleRef:
 subjects:
  - kind: ServiceAccount
    name: {{ template "ingress-nginx.serviceAccountName" . }}
-    namespace: {{ .Release.Namespace | quote }}
+    namespace: {{ (include "ingress-nginx.namespace" .) | quote }}
 {{- end }}
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/templates/controller-secret.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/controller-secret.yaml
@@ -9,7 +9,7 @@ metadata:
    {{- toYaml . | nindent 4 }}
    {{- end }}
  name: {{ include "ingress-nginx.controller.fullname" . }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "ingress-nginx.namespace" . }}
 data:
  dhparam.pem: {{ .Values.dhParam }}
 {{- end }}
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/templates/controller-service-internal.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/controller-service-internal.yaml
@@ -13,7 +13,7 @@ metadata:
    {{- toYaml .Values.controller.service.labels | nindent 4 }}
  {{- end }}
  name: {{ include "ingress-nginx.controller.fullname" . }}-internal
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "ingress-nginx.namespace" . }}
 spec:
  type: "{{ .Values.controller.service.type }}"
 {{- if .Values.controller.service.internal.loadBalancerIP }}
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/templates/controller-service-metrics.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/controller-service-metrics.yaml
@@ -12,7 +12,7 @@ metadata:
    {{- toYaml .Values.controller.metrics.service.labels | nindent 4 }}
  {{- end }}
  name: {{ include "ingress-nginx.controller.fullname" . }}-metrics
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "ingress-nginx.namespace" . }}
 spec:
  type: {{ .Values.controller.metrics.service.type }}
 {{- if .Values.controller.metrics.service.clusterIP }}
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/templates/controller-service-webhook.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/controller-service-webhook.yaml
@@ -12,7 +12,7 @@ metadata:
    {{- toYaml . | nindent 4 }}
    {{- end }}
  name: {{ include "ingress-nginx.controller.fullname" . }}-admission
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "ingress-nginx.namespace" . }}
 spec:
  type: {{ .Values.controller.admissionWebhooks.service.type }}
 {{- if .Values.controller.admissionWebhooks.service.clusterIP }}
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/templates/controller-service.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/controller-service.yaml
@@ -13,7 +13,7 @@ metadata:
    {{- toYaml .Values.controller.service.labels | nindent 4 }}
  {{- end }}
  name: {{ include "ingress-nginx.controller.fullname" . }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "ingress-nginx.namespace" . }}
 spec:
  type: {{ .Values.controller.service.type }}
 {{- if .Values.controller.service.clusterIP }}
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/templates/controller-serviceaccount.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/controller-serviceaccount.yaml
@@ -9,7 +9,7 @@ metadata:
    {{- toYaml . | nindent 4 }}
    {{- end }}
  name: {{ template "ingress-nginx.serviceAccountName" . }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "ingress-nginx.namespace" . }}
  {{- if .Values.serviceAccount.annotations }}
  annotations: {{ toYaml .Values.serviceAccount.annotations | nindent 4 }}
  {{- end }}
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/templates/controller-servicemonitor.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/controller-servicemonitor.yaml
@@ -6,7 +6,7 @@ metadata:
 {{- if .Values.controller.metrics.serviceMonitor.namespace }}
  namespace: {{ .Values.controller.metrics.serviceMonitor.namespace | quote }}
 {{- else }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "ingress-nginx.namespace" . }}
 {{- end }}
  labels:
    {{- include "ingress-nginx.labels" . | nindent 4 }}
@@ -35,7 +35,7 @@ spec:
 {{- else }}
  namespaceSelector:
    matchNames:
-      - {{ .Release.Namespace }}
+      - {{ include "ingress-nginx.namespace" . }}
 {{- end }}
 {{- if .Values.controller.metrics.serviceMonitor.targetLabels }}
  targetLabels:
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/templates/default-backend-deployment.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/default-backend-deployment.yaml
@@ -9,7 +9,7 @@ metadata:
    {{- toYaml . | nindent 4 }}
    {{- end }}
  name: {{ include "ingress-nginx.defaultBackend.fullname" . }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "ingress-nginx.namespace" . }}
 spec:
  selector:
    matchLabels:
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/templates/default-backend-hpa.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/default-backend-hpa.yaml
@@ -12,7 +12,7 @@ metadata:
    {{- toYaml . | nindent 4 }}
    {{- end }}
  name: {{ include "ingress-nginx.defaultBackend.fullname" . }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "ingress-nginx.namespace" . }}
 spec:
  scaleTargetRef:
    apiVersion: apps/v1
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/templates/default-backend-networkpolicy.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/default-backend-networkpolicy.yaml
@@ -9,7 +9,7 @@ metadata:
    {{- toYaml . | nindent 4 }}
    {{- end }}
  name: {{ include "ingress-nginx.defaultBackend.fullname" . }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "ingress-nginx.namespace" . }}
 spec:
  podSelector:
    matchLabels:
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/templates/default-backend-poddisruptionbudget.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/default-backend-poddisruptionbudget.yaml
@@ -10,7 +10,7 @@ metadata:
    {{- toYaml . | nindent 4 }}
    {{- end }}
  name: {{ include "ingress-nginx.defaultBackend.fullname" . }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "ingress-nginx.namespace" . }}
 spec:
  selector:
    matchLabels:
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/templates/default-backend-role.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/default-backend-role.yaml
@@ -9,7 +9,7 @@ metadata:
    {{- toYaml . | nindent 4 }}
    {{- end }}
  name: {{ include "ingress-nginx.fullname" . }}-backend
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "ingress-nginx.namespace" . }}
 rules:
  - apiGroups:      [{{ template "podSecurityPolicy.apiGroup" . }}]
    resources:      ['podsecuritypolicies']
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/templates/default-backend-rolebinding.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/default-backend-rolebinding.yaml
@@ -9,7 +9,7 @@ metadata:
    {{- toYaml . | nindent 4 }}
    {{- end }}
  name: {{ include "ingress-nginx.fullname" . }}-backend
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "ingress-nginx.namespace" . }}
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
@@ -17,5 +17,5 @@ roleRef:
 subjects:
  - kind: ServiceAccount
    name: {{ template "ingress-nginx.defaultBackend.serviceAccountName" . }}
-    namespace: {{ .Release.Namespace | quote }}
+    namespace: {{ (include "ingress-nginx.namespace" .) | quote }}
 {{- end }}
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/templates/default-backend-service.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/default-backend-service.yaml
@@ -12,7 +12,7 @@ metadata:
    {{- toYaml . | nindent 4 }}
    {{- end }}
  name: {{ include "ingress-nginx.defaultBackend.fullname" . }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "ingress-nginx.namespace" . }}
 spec:
  type: {{ .Values.defaultBackend.service.type }}
 {{- if .Values.defaultBackend.service.clusterIP }}
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/templates/default-backend-serviceaccount.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/default-backend-serviceaccount.yaml
@@ -9,6 +9,6 @@ metadata:
    {{- toYaml . | nindent 4 }}
    {{- end }}
  name: {{ template "ingress-nginx.defaultBackend.serviceAccountName" . }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "ingress-nginx.namespace" . }}
 automountServiceAccountToken: {{ .Values.defaultBackend.serviceAccount.automountServiceAccountToken }}
 {{- end }}