github.com/verrazzano/verrazzano@v1.7.1/platform-operator/helm_config/overrides/ingress-nginx-values.yaml (about) 1 # Copyright (c) 2021, 2023, Oracle and/or its affiliates. 2 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. 3 4 controller: 5 image: 6 # NOTE: The image you're looking for isn't here. The nginx-ingress-controller image now comes from 7 # the bill of materials file (verrazzano-bom.json). 8 digest: 9 config: 10 client-body-buffer-size: 64k 11 proxy-buffer-size: 8k 12 log-format-escape-json: "true" 13 log-format-upstream: ' 14 { 15 "@timestamp": "$time_iso8601", 16 "req_id": "$req_id", 17 "proxy_upstream_name": "$proxy_upstream_name", 18 "proxy_alternative_upstream_name": "$proxy_alternative_upstream_name", 19 "upstream_status": "$upstream_status", 20 "upstream_addr": "$upstream_addr", 21 "message": "$request_method $host$request_uri", 22 "http_request": { 23 "requestMethod": "$request_method", 24 "requestUrl": "$host$request_uri", 25 "status": $status, 26 "requestSize": "$request_length", 27 "responseSize": "$upstream_response_length", 28 "userAgent": "$http_user_agent", 29 "remoteIp": "$remote_addr", 30 "referer": "$http_referer", 31 "latency": "$upstream_response_time s", 32 "protocol":"$server_protocol" 33 } 34 }' 35 metrics: 36 enabled: true 37 portName: http-metrics 38 publishService: 39 enabled: true 40 service: 41 enableHttp: false 42 admissionWebhooks: 43 enabled: false 44 podAnnotations: 45 prometheus.io/port: "10254" 46 prometheus.io/scrape: "true" 47 system.io/scrape: "true" 48 traffic.sidecar.istio.io/excludeInboundPorts: "80,443" 49 traffic.sidecar.istio.io/includeInboundPorts: "" 50 sidecar.istio.io/rewriteAppHTTPProbers: "true" 51 extraVolumeMounts: 52 - mountPath: /usr/local/nginx/html 53 name: custom-400-error 54 extraVolumes: 55 - name: custom-400-error 56 configMap: 57 name: ingress-controller-ingress-nginx-defaultbackend-custom-error-pages 58 items: 59 - key: 400.html 60 path: 400.html 61 extraArgs: 62 ingress-class: verrazzano-nginx 63 # controller.ingressClas must be overridden or the pod params wil have nginx as an ingressClass 64 # in addition to verrazzano-nginx 65 ingressClass: verrazzano-nginx 66 67 # -- Process Ingress objects without ingressClass annotation/ingressClassName field 68 # Overrides value for --watch-ingress-without-class flag of the controller binary 69 # Defaults to false 70 watchIngressWithoutClass: true 71 # -- This configuration defines if Ingress Controller should allow users to set 72 # their own *-snippet annotations, otherwise this is forbidden / dropped 73 # when users add those annotations. 74 # Global snippets in ConfigMap are still respected 75 allowSnippetAnnotations: false 76 # Use IngressClass to prevent Ingress Controller race conditions 77 ingressClassByName: true 78 ingressClassResource: 79 name: verrazzano-nginx # default: nginx 80 enabled: true 81 # There may be ingress controllers already present on the cluster, so we set 82 # default to false to prevent conflicts. 83 default: false 84 controllerValue: "k8s.io/verrazzano-ingress-nginx" 85 podSecurityContext: 86 runAsUser: 101 # www-data container user 87 runAsGroup: 101 # www-data container group 88 runAsNonRoot: true 89 seccompProfile: 90 type: RuntimeDefault 91 containerSecurityContext: 92 allowPrivilegeEscalation: false 93 capabilities: 94 add: 95 - NET_BIND_SERVICE 96 drop: 97 - ALL 98 privileged: false 99 100 defaultBackend: 101 # NOTE: The image you're looking for isn't here. The nginx-ingress-default-backend image now comes from 102 # the bill of materials file (verrazzano-bom.json). 103 enabled: true 104 105 podAnnotations: 106 traffic.sidecar.istio.io/excludeInboundPorts: "8080" 107 108 extraVolumeMounts: 109 - name: error-pages 110 mountPath: /www 111 112 extraVolumes: 113 - name: error-pages 114 configMap: 115 name: ingress-controller-ingress-nginx-defaultbackend-custom-error-pages 116 items: 117 - key: 301.html 118 path: 301.html 119 - key: 302.html 120 path: 302.html 121 - key: 304.html 122 path: 304.html 123 - key: 307.html 124 path: 307.html 125 - key: 308.html 126 path: 308.html 127 - key: 400.html 128 path: 400.html 129 - key: 401.html 130 path: 401.html 131 - key: 403.html 132 path: 403.html 133 - key: 404.html 134 path: 404.html 135 - key: 407.html 136 path: 407.html 137 - key: 408.html 138 path: 408.html 139 - key: 409.html 140 path: 409.html 141 - key: 413.html 142 path: 413.html 143 - key: 414.html 144 path: 414.html 145 - key: 415.html 146 path: 415.html 147 - key: 416.html 148 path: 416.html 149 - key: 418.html 150 path: 418.html 151 - key: 421.html 152 path: 421.html 153 - key: 429.html 154 path: 429.html 155 - key: 431.html 156 path: 431.html 157 - key: 500.html 158 path: 500.html 159 - key: 501.html 160 path: 501.html 161 - key: 502.html 162 path: 502.html 163 - key: 503.html 164 path: 503.html 165 - key: 504.html 166 path: 504.html 167 - key: 505.html 168 path: 505.html 169 - key: 301.html 170 path: 301.htm 171 - key: 302.html 172 path: 302.htm 173 - key: 304.html 174 path: 304.htm 175 - key: 307.html 176 path: 307.htm 177 - key: 308.html 178 path: 308.htm 179 - key: 400.html 180 path: 400.htm 181 - key: 401.html 182 path: 401.htm 183 - key: 403.html 184 path: 403.htm 185 - key: 404.html 186 path: 404.htm 187 - key: 407.html 188 path: 407.htm 189 - key: 408.html 190 path: 408.htm 191 - key: 409.html 192 path: 409.htm 193 - key: 413.html 194 path: 413.htm 195 - key: 414.html 196 path: 414.htm 197 - key: 415.html 198 path: 415.htm 199 - key: 416.html 200 path: 416.htm 201 - key: 418.html 202 path: 418.htm 203 - key: 421.html 204 path: 421.htm 205 - key: 429.html 206 path: 429.htm 207 - key: 431.html 208 path: 431.htm 209 - key: 500.html 210 path: 500.htm 211 - key: 501.html 212 path: 501.htm 213 - key: 502.html 214 path: 502.htm 215 - key: 503.html 216 path: 503.htm 217 - key: 504.html 218 path: 504.htm 219 - key: 505.html 220 path: 505.htm 221 - key: 301.json 222 path: 301.json 223 - key: 302.json 224 path: 302.json 225 - key: 304.json 226 path: 304.json 227 - key: 307.json 228 path: 307.json 229 - key: 308.json 230 path: 308.json 231 - key: 400.json 232 path: 400.json 233 - key: 401.json 234 path: 401.json 235 - key: 403.json 236 path: 403.json 237 - key: 404.json 238 path: 404.json 239 - key: 407.json 240 path: 407.json 241 - key: 408.json 242 path: 408.json 243 - key: 409.json 244 path: 409.json 245 - key: 413.json 246 path: 413.json 247 - key: 414.json 248 path: 414.json 249 - key: 415.json 250 path: 415.json 251 - key: 416.json 252 path: 416.json 253 - key: 418.json 254 path: 418.json 255 - key: 421.json 256 path: 421.json 257 - key: 429.json 258 path: 429.json 259 - key: 431.json 260 path: 431.json 261 - key: 500.json 262 path: 500.json 263 - key: 501.json 264 path: 501.json 265 - key: 502.json 266 path: 502.json 267 - key: 503.json 268 path: 503.json 269 - key: 504.json 270 path: 504.json 271 - key: 505.json 272 path: 505.json 273 274 podSecurityContext: 275 runAsUser: 65534 # nobody container user 276 runAsGroup: 65534 # nobody container group 277 runAsNonRoot: true 278 seccompProfile: 279 type: RuntimeDefault