github.com/nginxinc/kubernetes-ingress@v1.12.5/deployments/helm-chart/values.yaml (about) 1 controller: 2 ## The name of the Ingress controller daemonset or deployment. 3 ## Autogenerated if not set or set to "". 4 # name: nginx-ingress 5 6 ## The kind of the Ingress controller installation - deployment or daemonset. 7 kind: deployment 8 9 ## Deploys the Ingress controller for NGINX Plus. 10 nginxplus: false 11 12 # Timeout in milliseconds which the Ingress Controller will wait for a successful NGINX reload after a change or at the initial start. 13 # Default is 4000 (default is 20000 instead if enable-app-protect is true) 14 # If set to 0, default values will be used. 15 nginxReloadTimeout: 0 16 17 ## Support for App Protect 18 appprotect: 19 ## Enable the App Protect module in the Ingress Controller. 20 enable: false 21 22 ## Enables the Ingress controller pods to use the host's network namespace. 23 hostNetwork: false 24 25 ## Enables debugging for NGINX. Uses the nginx-debug binary. Requires error-log-level: debug in the ConfigMap via `controller.config.entries`. 26 nginxDebug: false 27 28 ## The log level of the Ingress Controller. 29 logLevel: 1 30 31 ## A list of custom ports to expose on the NGINX ingress controller pod. Follows the conventional Kubernetes yaml syntax for container ports. 32 customPorts: [] 33 34 image: 35 ## The image repository of the Ingress controller. 36 repository: nginx/nginx-ingress 37 38 ## The tag of the Ingress controller image. 39 tag: "1.12.5" 40 41 ## The pull policy for the Ingress controller image. 42 pullPolicy: IfNotPresent 43 44 config: 45 ## The name of the ConfigMap used by the Ingress controller. 46 ## Autogenerated if not set or set to "". 47 # name: nginx-config 48 49 ## The annotations of the Ingress Controller configmap. 50 annotations: {} 51 52 ## The entries of the ConfigMap for customizing NGINX configuration. 53 entries: {} 54 55 ## It is recommended to use your own TLS certificates and keys 56 defaultTLS: 57 ## The base64-encoded TLS certificate for the default HTTPS server. If not specified, a pre-generated self-signed certificate is used. 58 ## Note: It is recommended that you specify your own certificate. 59 cert: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUN2akNDQWFZQ0NRREFPRjl0THNhWFhEQU5CZ2txaGtpRzl3MEJBUXNGQURBaE1SOHdIUVlEVlFRRERCWk8KUjBsT1dFbHVaM0psYzNORGIyNTBjbTlzYkdWeU1CNFhEVEU0TURreE1qRTRNRE16TlZvWERUSXpNRGt4TVRFNApNRE16TlZvd0lURWZNQjBHQTFVRUF3d1dUa2RKVGxoSmJtZHlaWE56UTI5dWRISnZiR3hsY2pDQ0FTSXdEUVlKCktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQUwvN2hIUEtFWGRMdjNyaUM3QlBrMTNpWkt5eTlyQ08KR2xZUXYyK2EzUDF0azIrS3YwVGF5aGRCbDRrcnNUcTZzZm8vWUk1Y2Vhbkw4WGM3U1pyQkVRYm9EN2REbWs1Qgo4eDZLS2xHWU5IWlg0Rm5UZ0VPaStlM2ptTFFxRlBSY1kzVnNPazFFeUZBL0JnWlJVbkNHZUtGeERSN0tQdGhyCmtqSXVuektURXUyaDU4Tlp0S21ScUJHdDEwcTNRYzhZT3ExM2FnbmovUWRjc0ZYYTJnMjB1K1lYZDdoZ3krZksKWk4vVUkxQUQ0YzZyM1lma1ZWUmVHd1lxQVp1WXN2V0RKbW1GNWRwdEMzN011cDBPRUxVTExSakZJOTZXNXIwSAo1TmdPc25NWFJNV1hYVlpiNWRxT3R0SmRtS3FhZ25TZ1JQQVpQN2MwQjFQU2FqYzZjNGZRVXpNQ0F3RUFBVEFOCkJna3Foa2lHOXcwQkFRc0ZBQU9DQVFFQWpLb2tRdGRPcEsrTzhibWVPc3lySmdJSXJycVFVY2ZOUitjb0hZVUoKdGhrYnhITFMzR3VBTWI5dm15VExPY2xxeC9aYzJPblEwMEJCLzlTb0swcitFZ1U2UlVrRWtWcitTTFA3NTdUWgozZWI4dmdPdEduMS9ienM3bzNBaS9kclkrcUI5Q2k1S3lPc3FHTG1US2xFaUtOYkcyR1ZyTWxjS0ZYQU80YTY3Cklnc1hzYktNbTQwV1U3cG9mcGltU1ZmaXFSdkV5YmN3N0NYODF6cFErUyt1eHRYK2VBZ3V0NHh3VlI5d2IyVXYKelhuZk9HbWhWNThDd1dIQnNKa0kxNXhaa2VUWXdSN0diaEFMSkZUUkk3dkhvQXprTWIzbjAxQjQyWjNrN3RXNQpJUDFmTlpIOFUvOWxiUHNoT21FRFZkdjF5ZytVRVJxbStGSis2R0oxeFJGcGZnPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= 60 61 ## The base64-encoded TLS key for the default HTTPS server. Note: If not specified, a pre-generated key is used. 62 ## Note: It is recommended that you specify your own key. 63 key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBdi91RWM4b1JkMHUvZXVJTHNFK1RYZUprckxMMnNJNGFWaEMvYjVyYy9XMlRiNHEvClJOcktGMEdYaVN1eE9ycXgrajlnamx4NXFjdnhkenRKbXNFUkJ1Z1B0ME9hVGtIekhvb3FVWmcwZGxmZ1dkT0EKUTZMNTdlT1l0Q29VOUZ4amRXdzZUVVRJVUQ4R0JsRlNjSVo0b1hFTkhzbysyR3VTTWk2Zk1wTVM3YUhudzFtMApxWkdvRWEzWFNyZEJ6eGc2clhkcUNlUDlCMXl3VmRyYURiUzc1aGQzdUdETDU4cGszOVFqVUFQaHpxdmRoK1JWClZGNGJCaW9CbTVpeTlZTW1hWVhsMm0wTGZzeTZuUTRRdFFzdEdNVWozcGJtdlFmazJBNnljeGRFeFpkZFZsdmwKMm82MjBsMllxcHFDZEtCRThCay90elFIVTlKcU56cHpoOUJUTXdJREFRQUJBb0lCQVFDZklHbXowOHhRVmorNwpLZnZJUXQwQ0YzR2MxNld6eDhVNml4MHg4Mm15d1kxUUNlL3BzWE9LZlRxT1h1SENyUlp5TnUvZ2IvUUQ4bUFOCmxOMjRZTWl0TWRJODg5TEZoTkp3QU5OODJDeTczckM5bzVvUDlkazAvYzRIbjAzSkVYNzZ5QjgzQm9rR1FvYksKMjhMNk0rdHUzUmFqNjd6Vmc2d2szaEhrU0pXSzBwV1YrSjdrUkRWYmhDYUZhNk5nMUZNRWxhTlozVDhhUUtyQgpDUDNDeEFTdjYxWTk5TEI4KzNXWVFIK3NYaTVGM01pYVNBZ1BkQUk3WEh1dXFET1lvMU5PL0JoSGt1aVg2QnRtCnorNTZud2pZMy8yUytSRmNBc3JMTnIwMDJZZi9oY0IraVlDNzVWYmcydVd6WTY3TWdOTGQ5VW9RU3BDRkYrVm4KM0cyUnhybnhBb0dCQU40U3M0ZVlPU2huMVpQQjdhTUZsY0k2RHR2S2ErTGZTTXFyY2pOZjJlSEpZNnhubmxKdgpGenpGL2RiVWVTbWxSekR0WkdlcXZXaHFISy9iTjIyeWJhOU1WMDlRQ0JFTk5jNmtWajJTVHpUWkJVbEx4QzYrCk93Z0wyZHhKendWelU0VC84ajdHalRUN05BZVpFS2FvRHFyRG5BYWkyaW5oZU1JVWZHRXFGKzJyQW9HQkFOMVAKK0tZL0lsS3RWRzRKSklQNzBjUis3RmpyeXJpY05iWCtQVzUvOXFHaWxnY2grZ3l4b25BWlBpd2NpeDN3QVpGdwpaZC96ZFB2aTBkWEppc1BSZjRMazg5b2pCUmpiRmRmc2l5UmJYbyt3TFU4NUhRU2NGMnN5aUFPaTVBRHdVU0FkCm45YWFweUNweEFkREtERHdObit3ZFhtaTZ0OHRpSFRkK3RoVDhkaVpBb0dCQUt6Wis1bG9OOTBtYlF4VVh5YUwKMjFSUm9tMGJjcndsTmVCaWNFSmlzaEhYa2xpSVVxZ3hSZklNM2hhUVRUcklKZENFaHFsV01aV0xPb2I2NTNyZgo3aFlMSXM1ZUtka3o0aFRVdnpldm9TMHVXcm9CV2xOVHlGanIrSWhKZnZUc0hpOGdsU3FkbXgySkJhZUFVWUNXCndNdlQ4NmNLclNyNkQrZG8wS05FZzFsL0FvR0FlMkFVdHVFbFNqLzBmRzgrV3hHc1RFV1JqclRNUzRSUjhRWXQKeXdjdFA4aDZxTGxKUTRCWGxQU05rMXZLTmtOUkxIb2pZT2pCQTViYjhibXNVU1BlV09NNENoaFJ4QnlHbmR2eAphYkJDRkFwY0IvbEg4d1R0alVZYlN5T294ZGt5OEp0ek90ajJhS0FiZHd6NlArWDZDODhjZmxYVFo5MWpYL3RMCjF3TmRKS2tDZ1lCbyt0UzB5TzJ2SWFmK2UwSkN5TGhzVDQ5cTN3Zis2QWVqWGx2WDJ1VnRYejN5QTZnbXo5aCsKcDNlK2JMRUxwb3B0WFhNdUFRR0xhUkcrYlNNcjR5dERYbE5ZSndUeThXczNKY3dlSTdqZVp2b0ZpbmNvVlVIMwphdmxoTUVCRGYxSjltSDB5cDBwWUNaS2ROdHNvZEZtQktzVEtQMjJhTmtsVVhCS3gyZzR6cFE9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo= 64 65 ## The secret with a TLS certificate and key for the default HTTPS server. 66 ## The value must follow the following format: `<namespace>/<name>`. 67 ## Used as an alternative to specifying a certificate and key using `controller.defaultTLS.cert` and `controller.defaultTLS.key` parameters. 68 ## Format: <namespace>/<secret_name> 69 secret: 70 71 wildcardTLS: 72 ## The base64-encoded TLS certificate for every Ingress host that has TLS enabled but no secret specified. 73 ## If the parameter is not set, for such Ingress hosts NGINX will break any attempt to establish a TLS connection. 74 cert: "" 75 76 ## The base64-encoded TLS key for every Ingress host that has TLS enabled but no secret specified. 77 ## If the parameter is not set, for such Ingress hosts NGINX will break any attempt to establish a TLS connection. 78 key: "" 79 80 ## The secret with a TLS certificate and key for every Ingress host that has TLS enabled but no secret specified. 81 ## The value must follow the following format: `<namespace>/<name>`. 82 ## Used as an alternative to specifying a certificate and key using `controller.wildcardTLS.cert` and `controller.wildcardTLS.key` parameters. 83 ## Format: <namespace>/<secret_name> 84 secret: 85 86 ## The node selector for pod assignment for the Ingress controller pods. 87 nodeSelector: {} 88 89 ## The termination grace period of the Ingress controller pod. 90 terminationGracePeriodSeconds: 30 91 92 ## The resources of the Ingress controller pods. 93 resources: {} 94 # limits: 95 # cpu: 100m 96 # memory: 64Mi 97 # requests: 98 # cpu: 100m 99 # memory: 64Mi 100 101 ## The tolerations of the Ingress controller pods. 102 tolerations: [] 103 104 ## The affinity of the Ingress controller pods. 105 affinity: {} 106 107 ## The volumes of the Ingress controller pods. 108 volumes: [] 109 # - name: extra-conf 110 # configMap: 111 # name: extra-conf 112 113 ## The volumeMounts of the Ingress controller pods. 114 volumeMounts: [] 115 # - name: extra-conf 116 # mountPath: /etc/nginx/conf.d/extra.conf 117 # subPath: extra.conf 118 119 ## The number of replicas of the Ingress controller deployment. 120 replicaCount: 1 121 122 ## A class of the Ingress controller. 123 124 ## For Kubernetes >= 1.18, a corresponding IngressClass resource with the name equal to the class must be deployed. Otherwise, 125 ## the Ingress Controller will fail to start. 126 ## The Ingress controller only processes resources that belong to its class - i.e. have the "ingressClassName" field resource equal to the class. 127 128 ## For Kubernetes < 1.18, the Ingress Controller only processes resources that belong to its class - 129 ## i.e have the annotation "kubernetes.io/ingress.class" (for Ingress resources) 130 ## or field "ingressClassName" (for VirtualServer/VirtualServerRoute/TransportServer resources) equal to the class. 131 ## Additionally, the Ingress Controller processes resources that do not have the class set, 132 ## which can be disabled by setting the controller.useIngressClassOnly parameter to true. 133 134 ## The Ingress Controller processes all the VirtualServer/VirtualServerRoute/TransportServer resources that do not have the "ingressClassName" field for all versions of kubernetes. 135 ingressClass: nginx 136 137 ## For kubernetes versions >= 1.18 this flag will be IGNORED. 138 ## Ignore Ingress resources without the "kubernetes.io/ingress.class" annotation 139 useIngressClassOnly: false 140 141 ## Only for Kubernetes >= 1.18 142 ## New Ingresses without an ingressClassName field specified will be assigned the class specified in `controller.ingressClass`. 143 setAsDefaultIngress: false 144 145 ## Namespace to watch for Ingress resources. By default the Ingress controller watches all namespaces. 146 watchNamespace: "" 147 148 ## Enable the custom resources. 149 enableCustomResources: true 150 151 ## Enable preview policies. 152 enablePreviewPolicies: false 153 154 ## Enable TLS Passthrough on port 443. Requires controller.enableCustomResources. 155 enableTLSPassthrough: false 156 157 globalConfiguration: 158 ## Creates the GlobalConfiguration custom resource. Requires controller.enableCustomResources. 159 create: false 160 161 ## The spec of the GlobalConfiguration for defining the global configuration parameters of the Ingress Controller. 162 spec: {} 163 # listeners: 164 # - name: dns-udp 165 # port: 5353 166 # protocol: UDP 167 # - name: dns-tcp 168 # port: 5353 169 # protocol: TCP 170 171 ## Enable custom NGINX configuration snippets in Ingress, VirtualServer, VirtualServerRoute and TransportServer resources. 172 enableSnippets: false 173 174 ## Add a location based on the value of health-status-uri to the default server. The location responds with the 200 status code for any request. 175 ## Useful for external health-checking of the Ingress controller. 176 healthStatus: false 177 178 ## Sets the URI of health status location in the default server. Requires controller.healthStatus. 179 healthStatusURI: "/nginx-health" 180 181 nginxStatus: 182 ## Enable the NGINX stub_status, or the NGINX Plus API. 183 enable: true 184 185 ## Set the port where the NGINX stub_status or the NGINX Plus API is exposed. 186 port: 8080 187 188 ## Add IPv4 IP/CIDR blocks to the allow list for NGINX stub_status or the NGINX Plus API. Separate multiple IP/CIDR by commas. 189 allowCidrs: "127.0.0.1" 190 191 service: 192 ## Creates a service to expose the Ingress controller pods. 193 create: true 194 195 ## The type of service to create for the Ingress controller. 196 type: LoadBalancer 197 198 ## The externalTrafficPolicy of the service. The value Local preserves the client source IP. 199 externalTrafficPolicy: Local 200 201 ## The annotations of the Ingress controller service. 202 annotations: {} 203 204 ## The extra labels of the service. 205 extraLabels: {} 206 207 ## The static IP address for the load balancer. Requires controller.service.type set to LoadBalancer. The cloud provider must support this feature. 208 loadBalancerIP: "" 209 210 ## The list of external IPs for the Ingress controller service. 211 externalIPs: [] 212 213 ## The IP ranges (CIDR) that are allowed to access the load balancer. Requires controller.service.type set to LoadBalancer. The cloud provider must support this feature. 214 loadBalancerSourceRanges: [] 215 216 ## The name of the service 217 ## Autogenerated if not set or set to "". 218 # name: nginx-ingress 219 220 httpPort: 221 ## Enables the HTTP port for the Ingress controller service. 222 enable: true 223 224 ## The HTTP port of the Ingress controller service. 225 port: 80 226 227 ## The custom NodePort for the HTTP port. Requires controller.service.type set to NodePort. 228 nodePort: "" 229 230 ## The HTTP port on the POD where the Ingress controller service is running. 231 targetPort: 80 232 233 httpsPort: 234 ## Enables the HTTPS port for the Ingress controller service. 235 enable: true 236 237 ## The HTTPS port of the Ingress controller service. 238 port: 443 239 240 ## The custom NodePort for the HTTPS port. Requires controller.service.type set to NodePort. 241 nodePort: "" 242 243 ## The HTTPS port on the POD where the Ingress controller service is running. 244 targetPort: 443 245 246 ## A list of custom ports to expose through the Ingress controller service. Follows the conventional Kubernetes yaml syntax for service ports. 247 customPorts: [] 248 249 serviceAccount: 250 ## The name of the service account of the Ingress controller pods. Used for RBAC. 251 ## Autogenerated if not set or set to "". 252 # name: nginx-ingress 253 254 ## The name of the secret containing docker registry credentials. 255 ## Secret must exist in the same namespace as the helm release. 256 imagePullSecretName: "" 257 258 reportIngressStatus: 259 ## Updates the address field in the status of Ingress resources with an external address of the Ingress controller. 260 ## You must also specify the source of the external address either through an external service via controller.reportIngressStatus.externalService, 261 ## controller.reportIngressStatus.ingressLink or the external-status-address entry in the ConfigMap via controller.config.entries. 262 ## Note: controller.config.entries.external-status-address takes precedence over the others. 263 enable: true 264 265 ## Specifies the name of the service with the type LoadBalancer through which the Ingress controller is exposed externally. 266 ## The external address of the service is used when reporting the status of Ingress, VirtualServer and VirtualServerRoute resources. 267 ## controller.reportIngressStatus.enable must be set to true. 268 ## The default is autogenerated and matches the created service (see controller.service.create). 269 # externalService: nginx-ingress 270 271 ## Specifies the name of the IngressLink resource, which exposes the Ingress Controller pods via a BIG-IP system. 272 ## The IP of the BIG-IP system is used when reporting the status of Ingress, VirtualServer and VirtualServerRoute resources. 273 ## controller.reportIngressStatus.enable must be set to true. 274 ingressLink: "" 275 276 ## Enable Leader election to avoid multiple replicas of the controller reporting the status of Ingress resources. controller.reportIngressStatus.enable must be set to true. 277 enableLeaderElection: true 278 279 ## Specifies the name of the ConfigMap, within the same namespace as the controller, used as the lock for leader election. controller.reportIngressStatus.enableLeaderElection must be set to true. 280 ## Autogenerated if not set or set to "". 281 # leaderElectionLockName: "nginx-ingress-leader-election" 282 283 ## The annotations of the leader election configmap. 284 annotations: {} 285 286 pod: 287 ## The annotations of the Ingress Controller pod. 288 annotations: {} 289 290 ## The PriorityClass of the ingress controller pods. 291 priorityClassName: 292 293 readyStatus: 294 ## Enables readiness endpoint "/nginx-ready". The endpoint returns a success code when NGINX has loaded all the config after startup. 295 enable: true 296 297 ## Set the port where the readiness endpoint is exposed. 298 port: 8081 299 300 ## Enable collection of latency metrics for upstreams. Requires prometheus.create. 301 enableLatencyMetrics: false 302 303 rbac: 304 ## Configures RBAC. 305 create: true 306 307 prometheus: 308 ## Expose NGINX or NGINX Plus metrics in the Prometheus format. 309 create: true 310 311 ## Configures the port to scrape the metrics. 312 port: 9113 313 314 ## Specifies the namespace/name of a Kubernetes TLS Secret which will be used to protect the Prometheus endpoint. 315 secret: "" 316 317 ## Configures the HTTP scheme used. 318 scheme: http