github.com/verrazzano/verrazzano@v1.7.0/platform-operator/thirdparty/charts/ingress-nginx/values.yaml (about) 1 ## nginx configuration 2 ## Ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/index.md 3 ## 4 5 ## Overrides for generated resource names 6 # See templates/_helpers.tpl 7 # nameOverride: 8 # fullnameOverride: 9 10 ## Labels to apply to all resources 11 ## 12 commonLabels: {} 13 # scmhash: abc123 14 # myLabel: aakkmd 15 16 controller: 17 name: controller 18 image: 19 ## Keep false as default for now! 20 chroot: false 21 registry: registry.k8s.io 22 image: ingress-nginx/controller 23 ## for backwards compatibility consider setting the full image url via the repository value below 24 ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail 25 ## repository: 26 tag: "v1.7.1" 27 digest: sha256:7244b95ea47bddcb8267c1e625fb163fc183ef55448855e3ac52a7b260a60407 28 digestChroot: sha256:e35d5ab487861b9d419c570e3530589229224a0762c7b4d2e2222434abb8d988 29 pullPolicy: IfNotPresent 30 # www-data -> uid 101 31 runAsUser: 101 32 allowPrivilegeEscalation: true 33 # -- Use an existing PSP instead of creating one 34 existingPsp: "" 35 # -- Configures the controller container name 36 containerName: controller 37 # -- Configures the ports that the nginx-controller listens on 38 containerPort: 39 http: 80 40 https: 443 41 # -- Will add custom configuration options to Nginx https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/ 42 config: {} 43 # -- Annotations to be added to the controller config configuration configmap. 44 configAnnotations: {} 45 # -- Will add custom headers before sending traffic to backends according to https://github.com/kubernetes/ingress-nginx/tree/main/docs/examples/customization/custom-headers 46 proxySetHeaders: {} 47 # -- Will add custom headers before sending response traffic to the client according to: https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#add-headers 48 addHeaders: {} 49 # -- Optionally customize the pod dnsConfig. 50 dnsConfig: {} 51 # -- Optionally customize the pod hostname. 52 hostname: {} 53 # -- Optionally change this to ClusterFirstWithHostNet in case you have 'hostNetwork: true'. 54 # By default, while using host network, name resolution uses the host's DNS. If you wish nginx-controller 55 # to keep resolving names inside the k8s network, use ClusterFirstWithHostNet. 56 dnsPolicy: ClusterFirst 57 # -- Bare-metal considerations via the host network https://kubernetes.github.io/ingress-nginx/deploy/baremetal/#via-the-host-network 58 # Ingress status was blank because there is no Service exposing the NGINX Ingress controller in a configuration using the host network, the default --publish-service flag used in standard cloud setups does not apply 59 reportNodeInternalIp: false 60 # -- Process Ingress objects without ingressClass annotation/ingressClassName field 61 # Overrides value for --watch-ingress-without-class flag of the controller binary 62 # Defaults to false 63 watchIngressWithoutClass: false 64 # -- Process IngressClass per name (additionally as per spec.controller). 65 ingressClassByName: false 66 # -- This configuration enables Topology Aware Routing feature, used together with service annotation service.kubernetes.io/topology-aware-hints="auto" 67 # Defaults to false 68 enableTopologyAwareRouting: false 69 # -- This configuration defines if Ingress Controller should allow users to set 70 # their own *-snippet annotations, otherwise this is forbidden / dropped 71 # when users add those annotations. 72 # Global snippets in ConfigMap are still respected 73 allowSnippetAnnotations: true 74 # -- Required for use with CNI based kubernetes installations (such as ones set up by kubeadm), 75 # since CNI and hostport don't mix yet. Can be deprecated once https://github.com/kubernetes/kubernetes/issues/23920 76 # is merged 77 hostNetwork: false 78 ## Use host ports 80 and 443 79 ## Disabled by default 80 hostPort: 81 # -- Enable 'hostPort' or not 82 enabled: false 83 ports: 84 # -- 'hostPort' http port 85 http: 80 86 # -- 'hostPort' https port 87 https: 443 88 # -- Election ID to use for status update, by default it uses the controller name combined with a suffix of 'leader' 89 electionID: "" 90 ## This section refers to the creation of the IngressClass resource 91 ## IngressClass resources are supported since k8s >= 1.18 and required since k8s >= 1.19 92 ingressClassResource: 93 # -- Name of the ingressClass 94 name: nginx 95 # -- Is this ingressClass enabled or not 96 enabled: true 97 # -- Is this the default ingressClass for the cluster 98 default: false 99 # -- Controller-value of the controller that is processing this ingressClass 100 controllerValue: "k8s.io/ingress-nginx" 101 # -- Parameters is a link to a custom resource containing additional 102 # configuration for the controller. This is optional if the controller 103 # does not require extra parameters. 104 parameters: {} 105 # -- For backwards compatibility with ingress.class annotation, use ingressClass. 106 # Algorithm is as follows, first ingressClassName is considered, if not present, controller looks for ingress.class annotation 107 ingressClass: nginx 108 # -- Labels to add to the pod container metadata 109 podLabels: {} 110 # key: value 111 112 # -- Security Context policies for controller pods 113 podSecurityContext: {} 114 # -- See https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ for notes on enabling and using sysctls 115 sysctls: {} 116 # sysctls: 117 # "net.core.somaxconn": "8192" 118 119 # -- Allows customization of the source of the IP address or FQDN to report 120 # in the ingress status field. By default, it reads the information provided 121 # by the service. If disable, the status field reports the IP address of the 122 # node or nodes where an ingress controller pod is running. 123 publishService: 124 # -- Enable 'publishService' or not 125 enabled: true 126 # -- Allows overriding of the publish service to bind to 127 # Must be <namespace>/<service_name> 128 pathOverride: "" 129 # Limit the scope of the controller to a specific namespace 130 scope: 131 # -- Enable 'scope' or not 132 enabled: false 133 # -- Namespace to limit the controller to; defaults to $(POD_NAMESPACE) 134 namespace: "" 135 # -- When scope.enabled == false, instead of watching all namespaces, we watching namespaces whose labels 136 # only match with namespaceSelector. Format like foo=bar. Defaults to empty, means watching all namespaces. 137 namespaceSelector: "" 138 # -- Allows customization of the configmap / nginx-configmap namespace; defaults to $(POD_NAMESPACE) 139 configMapNamespace: "" 140 tcp: 141 # -- Allows customization of the tcp-services-configmap; defaults to $(POD_NAMESPACE) 142 configMapNamespace: "" 143 # -- Annotations to be added to the tcp config configmap 144 annotations: {} 145 udp: 146 # -- Allows customization of the udp-services-configmap; defaults to $(POD_NAMESPACE) 147 configMapNamespace: "" 148 # -- Annotations to be added to the udp config configmap 149 annotations: {} 150 # -- Maxmind license key to download GeoLite2 Databases. 151 ## https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-geolite2-databases 152 maxmindLicenseKey: "" 153 # -- Additional command line arguments to pass to nginx-ingress-controller 154 # E.g. to specify the default SSL certificate you can use 155 extraArgs: {} 156 ## extraArgs: 157 ## default-ssl-certificate: "<namespace>/<secret_name>" 158 159 # -- Additional environment variables to set 160 extraEnvs: [] 161 # extraEnvs: 162 # - name: FOO 163 # valueFrom: 164 # secretKeyRef: 165 # key: FOO 166 # name: secret-resource 167 168 # -- Use a `DaemonSet` or `Deployment` 169 kind: Deployment 170 # -- Annotations to be added to the controller Deployment or DaemonSet 171 ## 172 annotations: {} 173 # keel.sh/pollSchedule: "@every 60m" 174 175 # -- Labels to be added to the controller Deployment or DaemonSet and other resources that do not have option to specify labels 176 ## 177 labels: {} 178 # keel.sh/policy: patch 179 # keel.sh/trigger: poll 180 181 # -- The update strategy to apply to the Deployment or DaemonSet 182 ## 183 updateStrategy: {} 184 # rollingUpdate: 185 # maxUnavailable: 1 186 # type: RollingUpdate 187 188 # -- `minReadySeconds` to avoid killing pods before we are ready 189 ## 190 minReadySeconds: 0 191 # -- Node tolerations for server scheduling to nodes with taints 192 ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ 193 ## 194 tolerations: [] 195 # - key: "key" 196 # operator: "Equal|Exists" 197 # value: "value" 198 # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)" 199 200 # -- Affinity and anti-affinity rules for server scheduling to nodes 201 ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity 202 ## 203 affinity: {} 204 # # An example of preferred pod anti-affinity, weight is in the range 1-100 205 # podAntiAffinity: 206 # preferredDuringSchedulingIgnoredDuringExecution: 207 # - weight: 100 208 # podAffinityTerm: 209 # labelSelector: 210 # matchExpressions: 211 # - key: app.kubernetes.io/name 212 # operator: In 213 # values: 214 # - ingress-nginx 215 # - key: app.kubernetes.io/instance 216 # operator: In 217 # values: 218 # - ingress-nginx 219 # - key: app.kubernetes.io/component 220 # operator: In 221 # values: 222 # - controller 223 # topologyKey: kubernetes.io/hostname 224 225 # # An example of required pod anti-affinity 226 # podAntiAffinity: 227 # requiredDuringSchedulingIgnoredDuringExecution: 228 # - labelSelector: 229 # matchExpressions: 230 # - key: app.kubernetes.io/name 231 # operator: In 232 # values: 233 # - ingress-nginx 234 # - key: app.kubernetes.io/instance 235 # operator: In 236 # values: 237 # - ingress-nginx 238 # - key: app.kubernetes.io/component 239 # operator: In 240 # values: 241 # - controller 242 # topologyKey: "kubernetes.io/hostname" 243 244 # -- Topology spread constraints rely on node labels to identify the topology domain(s) that each Node is in. 245 ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ 246 ## 247 topologySpreadConstraints: [] 248 # - maxSkew: 1 249 # topologyKey: topology.kubernetes.io/zone 250 # whenUnsatisfiable: DoNotSchedule 251 # labelSelector: 252 # matchLabels: 253 # app.kubernetes.io/instance: ingress-nginx-internal 254 255 # -- `terminationGracePeriodSeconds` to avoid killing pods before we are ready 256 ## wait up to five minutes for the drain of connections 257 ## 258 terminationGracePeriodSeconds: 300 259 # -- Node labels for controller pod assignment 260 ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ 261 ## 262 nodeSelector: 263 kubernetes.io/os: linux 264 ## Liveness and readiness probe values 265 ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes 266 ## 267 ## startupProbe: 268 ## httpGet: 269 ## # should match container.healthCheckPath 270 ## path: "/healthz" 271 ## port: 10254 272 ## scheme: HTTP 273 ## initialDelaySeconds: 5 274 ## periodSeconds: 5 275 ## timeoutSeconds: 2 276 ## successThreshold: 1 277 ## failureThreshold: 5 278 livenessProbe: 279 httpGet: 280 # should match container.healthCheckPath 281 path: "/healthz" 282 port: 10254 283 scheme: HTTP 284 initialDelaySeconds: 10 285 periodSeconds: 10 286 timeoutSeconds: 1 287 successThreshold: 1 288 failureThreshold: 5 289 readinessProbe: 290 httpGet: 291 # should match container.healthCheckPath 292 path: "/healthz" 293 port: 10254 294 scheme: HTTP 295 initialDelaySeconds: 10 296 periodSeconds: 10 297 timeoutSeconds: 1 298 successThreshold: 1 299 failureThreshold: 3 300 # -- Path of the health check endpoint. All requests received on the port defined by 301 # the healthz-port parameter are forwarded internally to this path. 302 healthCheckPath: "/healthz" 303 # -- Address to bind the health check endpoint. 304 # It is better to set this option to the internal node address 305 # if the ingress nginx controller is running in the `hostNetwork: true` mode. 306 healthCheckHost: "" 307 # -- Annotations to be added to controller pods 308 ## 309 podAnnotations: {} 310 replicaCount: 1 311 # -- Define either 'minAvailable' or 'maxUnavailable', never both. 312 minAvailable: 1 313 # -- Define either 'minAvailable' or 'maxUnavailable', never both. 314 # maxUnavailable: 1 315 316 ## Define requests resources to avoid probe issues due to CPU utilization in busy nodes 317 ## ref: https://github.com/kubernetes/ingress-nginx/issues/4735#issuecomment-551204903 318 ## Ideally, there should be no limits. 319 ## https://engineering.indeedblog.com/blog/2019/12/cpu-throttling-regression-fix/ 320 resources: 321 ## limits: 322 ## cpu: 100m 323 ## memory: 90Mi 324 requests: 325 cpu: 100m 326 memory: 90Mi 327 # Mutually exclusive with keda autoscaling 328 autoscaling: 329 apiVersion: autoscaling/v2 330 enabled: false 331 annotations: {} 332 minReplicas: 1 333 maxReplicas: 11 334 targetCPUUtilizationPercentage: 50 335 targetMemoryUtilizationPercentage: 50 336 behavior: {} 337 # scaleDown: 338 # stabilizationWindowSeconds: 300 339 # policies: 340 # - type: Pods 341 # value: 1 342 # periodSeconds: 180 343 # scaleUp: 344 # stabilizationWindowSeconds: 300 345 # policies: 346 # - type: Pods 347 # value: 2 348 # periodSeconds: 60 349 autoscalingTemplate: [] 350 # Custom or additional autoscaling metrics 351 # ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/#support-for-custom-metrics 352 # - type: Pods 353 # pods: 354 # metric: 355 # name: nginx_ingress_controller_nginx_process_requests_total 356 # target: 357 # type: AverageValue 358 # averageValue: 10000m 359 360 # Mutually exclusive with hpa autoscaling 361 keda: 362 apiVersion: "keda.sh/v1alpha1" 363 ## apiVersion changes with keda 1.x vs 2.x 364 ## 2.x = keda.sh/v1alpha1 365 ## 1.x = keda.k8s.io/v1alpha1 366 enabled: false 367 minReplicas: 1 368 maxReplicas: 11 369 pollingInterval: 30 370 cooldownPeriod: 300 371 restoreToOriginalReplicaCount: false 372 scaledObject: 373 annotations: {} 374 # Custom annotations for ScaledObject resource 375 # annotations: 376 # key: value 377 triggers: [] 378 # - type: prometheus 379 # metadata: 380 # serverAddress: http://<prometheus-host>:9090 381 # metricName: http_requests_total 382 # threshold: '100' 383 # query: sum(rate(http_requests_total{deployment="my-deployment"}[2m])) 384 385 behavior: {} 386 # scaleDown: 387 # stabilizationWindowSeconds: 300 388 # policies: 389 # - type: Pods 390 # value: 1 391 # periodSeconds: 180 392 # scaleUp: 393 # stabilizationWindowSeconds: 300 394 # policies: 395 # - type: Pods 396 # value: 2 397 # periodSeconds: 60 398 # -- Enable mimalloc as a drop-in replacement for malloc. 399 ## ref: https://github.com/microsoft/mimalloc 400 ## 401 enableMimalloc: true 402 ## Override NGINX template 403 customTemplate: 404 configMapName: "" 405 configMapKey: "" 406 service: 407 enabled: true 408 # -- If enabled is adding an appProtocol option for Kubernetes service. An appProtocol field replacing annotations that were 409 # using for setting a backend protocol. Here is an example for AWS: service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http 410 # It allows choosing the protocol for each backend specified in the Kubernetes service. 411 # See the following GitHub issue for more details about the purpose: https://github.com/kubernetes/kubernetes/issues/40244 412 # Will be ignored for Kubernetes versions older than 1.20 413 ## 414 appProtocol: true 415 annotations: {} 416 labels: {} 417 # clusterIP: "" 418 419 # -- List of IP addresses at which the controller services are available 420 ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips 421 ## 422 externalIPs: [] 423 # -- Used by cloud providers to connect the resulting `LoadBalancer` to a pre-existing static IP according to https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer 424 loadBalancerIP: "" 425 loadBalancerSourceRanges: [] 426 enableHttp: true 427 enableHttps: true 428 ## Set external traffic policy to: "Local" to preserve source IP on providers supporting it. 429 ## Ref: https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-typeloadbalancer 430 # externalTrafficPolicy: "" 431 432 ## Must be either "None" or "ClientIP" if set. Kubernetes will default to "None". 433 ## Ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies 434 # sessionAffinity: "" 435 436 ## Specifies the health check node port (numeric port number) for the service. If healthCheckNodePort isn’t specified, 437 ## the service controller allocates a port from your cluster’s NodePort range. 438 ## Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip 439 # healthCheckNodePort: 0 440 441 # -- Represents the dual-stack-ness requested or required by this Service. Possible values are 442 # SingleStack, PreferDualStack or RequireDualStack. 443 # The ipFamilies and clusterIPs fields depend on the value of this field. 444 ## Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/ 445 ipFamilyPolicy: "SingleStack" 446 # -- List of IP families (e.g. IPv4, IPv6) assigned to the service. This field is usually assigned automatically 447 # based on cluster configuration and the ipFamilyPolicy field. 448 ## Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/ 449 ipFamilies: 450 - IPv4 451 ports: 452 http: 80 453 https: 443 454 targetPorts: 455 http: http 456 https: https 457 type: LoadBalancer 458 ## type: NodePort 459 ## nodePorts: 460 ## http: 32080 461 ## https: 32443 462 ## tcp: 463 ## 8080: 32808 464 nodePorts: 465 http: "" 466 https: "" 467 tcp: {} 468 udp: {} 469 external: 470 enabled: true 471 internal: 472 # -- Enables an additional internal load balancer (besides the external one). 473 enabled: false 474 # -- Annotations are mandatory for the load balancer to come up. Varies with the cloud service. 475 annotations: {} 476 # loadBalancerIP: "" 477 478 # -- Restrict access For LoadBalancer service. Defaults to 0.0.0.0/0. 479 loadBalancerSourceRanges: [] 480 ## Set external traffic policy to: "Local" to preserve source IP on 481 ## providers supporting it 482 ## Ref: https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-typeloadbalancer 483 # externalTrafficPolicy: "" 484 485 # -- Custom port mapping for internal service 486 ports: {} 487 # http: 80 488 # https: 443 489 490 # -- Custom target port mapping for internal service 491 targetPorts: {} 492 # http: http 493 # https: https 494 # shareProcessNamespace enables process namespace sharing within the pod. 495 # This can be used for example to signal log rotation using `kill -USR1` from a sidecar. 496 shareProcessNamespace: false 497 # -- Additional containers to be added to the controller pod. 498 # See https://github.com/lemonldap-ng-controller/lemonldap-ng-controller as example. 499 extraContainers: [] 500 # - name: my-sidecar 501 # image: nginx:latest 502 # - name: lemonldap-ng-controller 503 # image: lemonldapng/lemonldap-ng-controller:0.2.0 504 # args: 505 # - /lemonldap-ng-controller 506 # - --alsologtostderr 507 # - --configmap=$(POD_NAMESPACE)/lemonldap-ng-configuration 508 # env: 509 # - name: POD_NAME 510 # valueFrom: 511 # fieldRef: 512 # fieldPath: metadata.name 513 # - name: POD_NAMESPACE 514 # valueFrom: 515 # fieldRef: 516 # fieldPath: metadata.namespace 517 # volumeMounts: 518 # - name: copy-portal-skins 519 # mountPath: /srv/var/lib/lemonldap-ng/portal/skins 520 521 # -- Additional volumeMounts to the controller main container. 522 extraVolumeMounts: [] 523 # - name: copy-portal-skins 524 # mountPath: /var/lib/lemonldap-ng/portal/skins 525 526 # -- Additional volumes to the controller pod. 527 extraVolumes: [] 528 # - name: copy-portal-skins 529 # emptyDir: {} 530 531 # -- Containers, which are run before the app containers are started. 532 extraInitContainers: [] 533 # - name: init-myservice 534 # image: busybox 535 # command: ['sh', '-c', 'until nslookup myservice; do echo waiting for myservice; sleep 2; done;'] 536 537 # -- Modules, which are mounted into the core nginx image. See values.yaml for a sample to add opentelemetry module 538 extraModules: [] 539 # - name: mytestmodule 540 # image: registry.k8s.io/ingress-nginx/mytestmodule 541 # containerSecurityContext: 542 # allowPrivilegeEscalation: false 543 # 544 # The image must contain a `/usr/local/bin/init_module.sh` executable, which 545 # will be executed as initContainers, to move its config files within the 546 # mounted volume. 547 548 opentelemetry: 549 enabled: false 550 image: registry.k8s.io/ingress-nginx/opentelemetry:v20230312-helm-chart-4.5.2-28-g66a760794@sha256:40f766ac4a9832f36f217bb0e98d44c8d38faeccbfe861fbc1a76af7e9ab257f 551 containerSecurityContext: 552 allowPrivilegeEscalation: false 553 admissionWebhooks: 554 annotations: {} 555 # ignore-check.kube-linter.io/no-read-only-rootfs: "This deployment needs write access to root filesystem". 556 557 ## Additional annotations to the admission webhooks. 558 ## These annotations will be added to the ValidatingWebhookConfiguration and 559 ## the Jobs Spec of the admission webhooks. 560 enabled: true 561 # -- Additional environment variables to set 562 extraEnvs: [] 563 # extraEnvs: 564 # - name: FOO 565 # valueFrom: 566 # secretKeyRef: 567 # key: FOO 568 # name: secret-resource 569 # -- Admission Webhook failure policy to use 570 failurePolicy: Fail 571 # timeoutSeconds: 10 572 port: 8443 573 certificate: "/usr/local/certificates/cert" 574 key: "/usr/local/certificates/key" 575 namespaceSelector: {} 576 objectSelector: {} 577 # -- Labels to be added to admission webhooks 578 labels: {} 579 # -- Use an existing PSP instead of creating one 580 existingPsp: "" 581 networkPolicyEnabled: false 582 service: 583 annotations: {} 584 # clusterIP: "" 585 externalIPs: [] 586 # loadBalancerIP: "" 587 loadBalancerSourceRanges: [] 588 servicePort: 443 589 type: ClusterIP 590 createSecretJob: 591 securityContext: 592 allowPrivilegeEscalation: false 593 resources: {} 594 # limits: 595 # cpu: 10m 596 # memory: 20Mi 597 # requests: 598 # cpu: 10m 599 # memory: 20Mi 600 patchWebhookJob: 601 securityContext: 602 allowPrivilegeEscalation: false 603 resources: {} 604 patch: 605 enabled: true 606 image: 607 registry: registry.k8s.io 608 image: ingress-nginx/kube-webhook-certgen 609 ## for backwards compatibility consider setting the full image url via the repository value below 610 ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail 611 ## repository: 612 tag: v20230312-helm-chart-4.5.2-28-g66a760794 613 digest: sha256:01d181618f270f2a96c04006f33b2699ad3ccb02da48d0f89b22abce084b292f 614 pullPolicy: IfNotPresent 615 # -- Provide a priority class name to the webhook patching job 616 ## 617 priorityClassName: "" 618 podAnnotations: {} 619 nodeSelector: 620 kubernetes.io/os: linux 621 tolerations: [] 622 # -- Labels to be added to patch job resources 623 labels: {} 624 securityContext: 625 runAsNonRoot: true 626 runAsUser: 2000 627 fsGroup: 2000 628 # Use certmanager to generate webhook certs 629 certManager: 630 enabled: false 631 # self-signed root certificate 632 rootCert: 633 # default to be 5y 634 duration: "" 635 admissionCert: 636 # default to be 1y 637 duration: "" 638 # issuerRef: 639 # name: "issuer" 640 # kind: "ClusterIssuer" 641 metrics: 642 port: 10254 643 portName: metrics 644 # if this port is changed, change healthz-port: in extraArgs: accordingly 645 enabled: false 646 service: 647 annotations: {} 648 # prometheus.io/scrape: "true" 649 # prometheus.io/port: "10254" 650 # -- Labels to be added to the metrics service resource 651 labels: {} 652 # clusterIP: "" 653 654 # -- List of IP addresses at which the stats-exporter service is available 655 ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips 656 ## 657 externalIPs: [] 658 # loadBalancerIP: "" 659 loadBalancerSourceRanges: [] 660 servicePort: 10254 661 type: ClusterIP 662 # externalTrafficPolicy: "" 663 # nodePort: "" 664 serviceMonitor: 665 enabled: false 666 additionalLabels: {} 667 ## The label to use to retrieve the job name from. 668 ## jobLabel: "app.kubernetes.io/name" 669 namespace: "" 670 namespaceSelector: {} 671 ## Default: scrape .Release.Namespace only 672 ## To scrape all, use the following: 673 ## namespaceSelector: 674 ## any: true 675 scrapeInterval: 30s 676 # honorLabels: true 677 targetLabels: [] 678 relabelings: [] 679 metricRelabelings: [] 680 prometheusRule: 681 enabled: false 682 additionalLabels: {} 683 # namespace: "" 684 rules: [] 685 # # These are just examples rules, please adapt them to your needs 686 # - alert: NGINXConfigFailed 687 # expr: count(nginx_ingress_controller_config_last_reload_successful == 0) > 0 688 # for: 1s 689 # labels: 690 # severity: critical 691 # annotations: 692 # description: bad ingress config - nginx config test failed 693 # summary: uninstall the latest ingress changes to allow config reloads to resume 694 # - alert: NGINXCertificateExpiry 695 # expr: (avg(nginx_ingress_controller_ssl_expire_time_seconds) by (host) - time()) < 604800 696 # for: 1s 697 # labels: 698 # severity: critical 699 # annotations: 700 # description: ssl certificate(s) will expire in less then a week 701 # summary: renew expiring certificates to avoid downtime 702 # - alert: NGINXTooMany500s 703 # expr: 100 * ( sum( nginx_ingress_controller_requests{status=~"5.+"} ) / sum(nginx_ingress_controller_requests) ) > 5 704 # for: 1m 705 # labels: 706 # severity: warning 707 # annotations: 708 # description: Too many 5XXs 709 # summary: More than 5% of all requests returned 5XX, this requires your attention 710 # - alert: NGINXTooMany400s 711 # expr: 100 * ( sum( nginx_ingress_controller_requests{status=~"4.+"} ) / sum(nginx_ingress_controller_requests) ) > 5 712 # for: 1m 713 # labels: 714 # severity: warning 715 # annotations: 716 # description: Too many 4XXs 717 # summary: More than 5% of all requests returned 4XX, this requires your attention 718 # -- Improve connection draining when ingress controller pod is deleted using a lifecycle hook: 719 # With this new hook, we increased the default terminationGracePeriodSeconds from 30 seconds 720 # to 300, allowing the draining of connections up to five minutes. 721 # If the active connections end before that, the pod will terminate gracefully at that time. 722 # To effectively take advantage of this feature, the Configmap feature 723 # worker-shutdown-timeout new value is 240s instead of 10s. 724 ## 725 lifecycle: 726 preStop: 727 exec: 728 command: 729 - /wait-shutdown 730 priorityClassName: "" 731 # -- Rollback limit 732 ## 733 revisionHistoryLimit: 10 734 ## Default 404 backend 735 ## 736 defaultBackend: 737 ## 738 enabled: false 739 name: defaultbackend 740 image: 741 registry: registry.k8s.io 742 image: defaultbackend-amd64 743 ## for backwards compatibility consider setting the full image url via the repository value below 744 ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail 745 ## repository: 746 tag: "1.5" 747 pullPolicy: IfNotPresent 748 # nobody user -> uid 65534 749 runAsUser: 65534 750 runAsNonRoot: true 751 readOnlyRootFilesystem: true 752 allowPrivilegeEscalation: false 753 privileged: false 754 755 # -- Use an existing PSP instead of creating one 756 existingPsp: "" 757 extraArgs: {} 758 serviceAccount: 759 create: true 760 name: "" 761 automountServiceAccountToken: true 762 # -- Additional environment variables to set for defaultBackend pods 763 extraEnvs: [] 764 port: 8080 765 ## Readiness and liveness probes for default backend 766 ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ 767 ## 768 livenessProbe: 769 failureThreshold: 3 770 initialDelaySeconds: 30 771 periodSeconds: 10 772 successThreshold: 1 773 timeoutSeconds: 5 774 readinessProbe: 775 failureThreshold: 6 776 initialDelaySeconds: 0 777 periodSeconds: 5 778 successThreshold: 1 779 timeoutSeconds: 5 780 # -- The update strategy to apply to the Deployment or DaemonSet 781 ## 782 updateStrategy: {} 783 # rollingUpdate: 784 # maxUnavailable: 1 785 # type: RollingUpdate 786 787 # -- `minReadySeconds` to avoid killing pods before we are ready 788 ## 789 minReadySeconds: 0 790 # -- Node tolerations for server scheduling to nodes with taints 791 ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ 792 ## 793 tolerations: [] 794 # - key: "key" 795 # operator: "Equal|Exists" 796 # value: "value" 797 # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)" 798 799 affinity: {} 800 # -- Security Context policies for controller pods 801 # See https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ for 802 # notes on enabling and using sysctls 803 ## 804 podSecurityContext: {} 805 # -- Security Context policies for controller main container. 806 # See https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ for 807 # notes on enabling and using sysctls 808 ## 809 containerSecurityContext: {} 810 # -- Labels to add to the pod container metadata 811 podLabels: {} 812 # key: value 813 814 # -- Node labels for default backend pod assignment 815 ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ 816 ## 817 nodeSelector: 818 kubernetes.io/os: linux 819 # -- Annotations to be added to default backend pods 820 ## 821 podAnnotations: {} 822 replicaCount: 1 823 minAvailable: 1 824 resources: {} 825 # limits: 826 # cpu: 10m 827 # memory: 20Mi 828 # requests: 829 # cpu: 10m 830 # memory: 20Mi 831 832 extraVolumeMounts: [] 833 ## Additional volumeMounts to the default backend container. 834 # - name: copy-portal-skins 835 # mountPath: /var/lib/lemonldap-ng/portal/skins 836 837 extraVolumes: [] 838 ## Additional volumes to the default backend pod. 839 # - name: copy-portal-skins 840 # emptyDir: {} 841 842 autoscaling: 843 apiVersion: autoscaling/v2 844 annotations: {} 845 enabled: false 846 minReplicas: 1 847 maxReplicas: 2 848 targetCPUUtilizationPercentage: 50 849 targetMemoryUtilizationPercentage: 50 850 service: 851 annotations: {} 852 # clusterIP: "" 853 854 # -- List of IP addresses at which the default backend service is available 855 ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips 856 ## 857 externalIPs: [] 858 # loadBalancerIP: "" 859 loadBalancerSourceRanges: [] 860 servicePort: 80 861 type: ClusterIP 862 priorityClassName: "" 863 # -- Labels to be added to the default backend resources 864 labels: {} 865 ## Enable RBAC as per https://github.com/kubernetes/ingress-nginx/blob/main/docs/deploy/rbac.md and https://github.com/kubernetes/ingress-nginx/issues/266 866 rbac: 867 create: true 868 scope: false 869 ## If true, create & use Pod Security Policy resources 870 ## https://kubernetes.io/docs/concepts/policy/pod-security-policy/ 871 podSecurityPolicy: 872 enabled: false 873 serviceAccount: 874 create: true 875 name: "" 876 automountServiceAccountToken: true 877 # -- Annotations for the controller service account 878 annotations: {} 879 # -- Optional array of imagePullSecrets containing private registry credentials 880 ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ 881 imagePullSecrets: [] 882 # - name: secretName 883 884 # -- TCP service key-value pairs 885 ## Ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/exposing-tcp-udp-services.md 886 ## 887 tcp: {} 888 # 8080: "default/example-tcp-svc:9000" 889 890 # -- UDP service key-value pairs 891 ## Ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/exposing-tcp-udp-services.md 892 ## 893 udp: {} 894 # 53: "kube-system/kube-dns:53" 895 896 # -- Prefix for TCP and UDP ports names in ingress controller service 897 ## Some cloud providers, like Yandex Cloud may have a requirements for a port name regex to support cloud load balancer integration 898 portNamePrefix: "" 899 # -- (string) A base64-encoded Diffie-Hellman parameter. 900 # This can be generated with: `openssl dhparam 4096 2> /dev/null | base64` 901 ## Ref: https://github.com/kubernetes/ingress-nginx/tree/main/docs/examples/customization/ssl-dh-param 902 dhParam: ""