## If digest is specified it has precedence over tag and will be used instead
# digest: "sha256:CHANGEME"
## The pull policy for the Ingress Controller image.
pullPolicy:IfNotPresent
## The lifecycle of the Ingress Controller pods.
lifecycle:{}
## The custom ConfigMap to use instead of the one provided by default
customConfigMap:""
config:
## The name of the ConfigMap used by the Ingress Controller.
## Autogenerated if not set or set to "".
# name: nginx-config
## The annotations of the Ingress Controller configmap.
annotations:{}
## The entries of the ConfigMap for customizing NGINX configuration.
entries:{}
## It is recommended to use your own TLS certificates and keys
defaultTLS:
## The base64-encoded TLS certificate for the default HTTPS server. By default, a pre-generated self-signed certificate is used.
## Note: It is recommended that you specify your own certificate. Alternatively, omitting the default server secret completely will configure NGINX to reject TLS connections to the default server.
## The base64-encoded TLS key for the default HTTPS server. By default, a pre-generated key is used.
## Note: It is recommended that you specify your own key. Alternatively, omitting the default server secret completely will configure NGINX to reject TLS connections to the default server.
## The volumeMounts of the Ingress Controller pods.
volumeMounts:[]
# - name: extra-conf
# mountPath: /etc/nginx/conf.d/extra.conf
# subPath: extra.conf
## InitContainers for the Ingress Controller pods.
initContainers:[]
# - name: init-container
# image: busybox:1.34
# command: ['sh', '-c', 'echo this is initial setup!']
## The minimum number of seconds for which a newly created Pod should be ready without any of its containers crashing, for it to be considered available.
minReadySeconds:0
## Strategy used to replace old Pods by new ones. .spec.strategy.type can be "Recreate" or "RollingUpdate". "RollingUpdate" is the default value.
strategy:{}
## Extra containers for the Ingress Controller pods.
extraContainers:[]
# - name: container
# image: busybox:1.34
# command: ['sh', '-c', 'echo this is a sidecar!']
## The number of replicas of the Ingress Controller deployment.
replicaCount:1
## A class of the Ingress Controller.
## IngressClass resource with the name equal to the class must be deployed. Otherwise,
## the Ingress Controller will fail to start.
## The Ingress Controller only processes resources that belong to its class - i.e. have the "ingressClassName" field resource equal to the class.
## The Ingress Controller processes all the resources that do not have the "ingressClassName" field for all versions of kubernetes.
ingressClass:nginx
## New Ingresses without an ingressClassName field specified will be assigned the class specified in `controller.ingressClass`.
## Comma separated list of namespaces to watch for Ingress resources. By default the Ingress Controller watches all namespaces. Mutually exclusive with "controller.watchNamespaceLabel".
## Configures the Ingress Controller to watch only those namespaces with label foo=bar. By default the Ingress Controller watches all namespaces. Mutually exclusive with "controller.watchNamespace".
watchNamespaceLabel:""
## Comma separated list of namespaces to watch for Secret resources. By default the Ingress Controller watches all namespaces.
## Enable preview policies. This parameter is deprecated. To enable OIDC Policies please use controller.enableOIDC instead.
enablePreviewPolicies:false
## Enable OIDC policies.
enableOIDC:false
## Include year in log header. This parameter will be removed in release 2.7 and the year will be included by default.
includeYear:false
## Enable TLS Passthrough on port 443. Requires controller.enableCustomResources.
enableTLSPassthrough:false
## Enable cert manager for Virtual Server resources. Requires controller.enableCustomResources.
enableCertManager:false
## Enable external DNS for Virtual Server resources. Requires controller.enableCustomResources.
enableExternalDNS:false
globalConfiguration:
## Creates the GlobalConfiguration custom resource. Requires controller.enableCustomResources.
create:false
## The spec of the GlobalConfiguration for defining the global configuration parameters of the Ingress Controller.
spec:{}
# listeners:
# - name: dns-udp
# port: 5353
# protocol: UDP
# - name: dns-tcp
# port: 5353
# protocol: TCP
## Enable custom NGINX configuration snippets in Ingress, VirtualServer, VirtualServerRoute and TransportServer resources.
enableSnippets:false
## Add a location based on the value of health-status-uri to the default server. The location responds with the 200 status code for any request.
## Useful for external health-checking of the Ingress Controller.
healthStatus:false
## Sets the URI of health status location in the default server. Requires controller.healthStatus.
healthStatusURI:"/nginx-health"
nginxStatus:
## Enable the NGINX stub_status, or the NGINX Plus API.
enable:true
## Set the port where the NGINX stub_status or the NGINX Plus API is exposed.
port:8080
## Add IPv4 IP/CIDR blocks to the allow list for NGINX stub_status or the NGINX Plus API. Separate multiple IP/CIDR by commas.
allowCidrs:"127.0.0.1"
service:
## Creates a service to expose the Ingress Controller pods.
create:true
## The type of service to create for the Ingress Controller.
type:LoadBalancer
## The externalTrafficPolicy of the service. The value Local preserves the client source IP.
externalTrafficPolicy:Local
## The annotations of the Ingress Controller service.
annotations:{}
## The extra labels of the service.
extraLabels:{}
## The static IP address for the load balancer. Requires controller.service.type set to LoadBalancer. The cloud provider must support this feature.
loadBalancerIP:""
## The list of external IPs for the Ingress Controller service.
externalIPs:[]
## The IP ranges (CIDR) that are allowed to access the load balancer. Requires controller.service.type set to LoadBalancer. The cloud provider must support this feature.
loadBalancerSourceRanges:[]
## The name of the service
## Autogenerated if not set or set to "".
# name: nginx-ingress
## Whether to automatically allocate NodePorts (only for LoadBalancers).
## Updates the address field in the status of Ingress resources with an external address of the Ingress Controller.
## You must also specify the source of the external address either through an external service via controller.reportIngressStatus.externalService,
## controller.reportIngressStatus.ingressLink or the external-status-address entry in the ConfigMap via controller.config.entries.
## Note: controller.config.entries.external-status-address takes precedence over the others.
enable:true
## Specifies the name of the service with the type LoadBalancer through which the Ingress Controller is exposed externally.
## The external address of the service is used when reporting the status of Ingress, VirtualServer and VirtualServerRoute resources.
## controller.reportIngressStatus.enable must be set to true.
## The default is autogenerated and matches the created service (see controller.service.create).
# externalService: nginx-ingress
## Specifies the name of the IngressLink resource, which exposes the Ingress Controller pods via a BIG-IP system.
## The IP of the BIG-IP system is used when reporting the status of Ingress, VirtualServer and VirtualServerRoute resources.
## controller.reportIngressStatus.enable must be set to true.
ingressLink:""
## Enable Leader election to avoid multiple replicas of the controller reporting the status of Ingress resources. controller.reportIngressStatus.enable must be set to true.
enableLeaderElection:true
## Specifies the name of the ConfigMap, within the same namespace as the controller, used as the lock for leader election. controller.reportIngressStatus.enableLeaderElection must be set to true.
