andata
/
rancher-partner-charts
mirror of https://git.rancher.io/partner-charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #305 from nginxinc/update-nic-2.1 

NGINX: Update NIC to version 2.1.0 (helm chart version 0.12.0)
pull/310/head
Samuel Attwood 2022-01-07 19:16:42 -05:00 committed by GitHub
parent d9f378438c ce0efe6065
commit 16b60ea304
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
37 changed files with 5596 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
assets/nginx-ingress/nginx-ingress-0.12.0.tgz Normal file
View File

Binary file not shown.

2
charts/nginx-ingress/nginx-ingress/0.12.0/.helmignore Normal file
View File

@ -0,0 +1,2 @@
# Patterns to ignore when building packages.
*.png

20
charts/nginx-ingress/nginx-ingress/0.12.0/Chart.yaml Normal file
View File

@ -0,0 +1,20 @@
annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: NGINX Ingress Controller
catalog.cattle.io/release-name: nginx-ingress-controller
apiVersion: v1
appVersion: 2.1.0
description: NGINX Ingress Controller
home: https://github.com/nginxinc/kubernetes-ingress
icon: https://raw.githubusercontent.com/nginxinc/kubernetes-ingress/v2.1.0/deployments/helm-chart/chart-icon.png
keywords:
- ingress
- nginx
kubeVersion: 1.19 - 1.23
maintainers:
- email: kubernetes@nginx.com
name: nginxinc
name: nginx-ingress
sources:
- https://github.com/nginxinc/kubernetes-ingress/tree/v2.1.0/deployments/helm-chart
version: 0.12.0

237
charts/nginx-ingress/nginx-ingress/0.12.0/README.md Normal file
View File

@ -0,0 +1,237 @@
# NGINX Ingress Controller Helm Chart
## Introduction
This chart deploys the NGINX Ingress controller in your Kubernetes cluster.
## Prerequisites
- A [Kubernetes Version Supported by the Ingress Controller](https://docs.nginx.com/nginx-ingress-controller/technical-specifications/#supported-kubernetes-versions)
- Helm 3.0+.
- Git.
- If youd like to use NGINX Plus:
- To pull from the F5 Container registry, configure a docker registry secret using your JWT token from the MyF5 portal by following the instructions from [here](https://docs.nginx.com/nginx-ingress-controller/installation/using-the-jwt-token-docker-secret). Make sure to specify the secret using `controller.serviceAccount.imagePullSecretName` parameter.
- Alternatively, pull an Ingress controller image with NGINX Plus and push it to your private registry by following the instructions from [here](https://docs.nginx.com/nginx-ingress-controller/installation/pulling-ingress-controller-image).
- Alternatively, you can build an Ingress controller image with NGINX Plus and push it to your private registry by following the instructions from [here](https://docs.nginx.com/nginx-ingress-controller/installation/building-ingress-controller-image).
- Update the `controller.image.repository` field of the `values-plus.yaml` accordingly.
- If youd like to use App Protect Dos, please install App Protect Dos Arbitrator helm chart. Make sure to install in the same namespace as the NGINX Ingress Controller. Note that if you install multiple NGINX Ingress Controllers in the same namespace, they will need to share the same Arbitrator because it is not possible to install more than one Arbitrator in a single namespace.
## Getting the Chart Sources
This step is required if you're installing the chart using its sources. Additionally, the step is also required for managing the custom resource definitions (CRDs), which the Ingress Controller requires by default, or for upgrading/deleting the CRDs.
1. Clone the Ingress controller repo:
```console
$ git clone https://github.com/nginxinc/kubernetes-ingress/
```
2. Change your working directory to /deployments/helm-chart:
```console
$ cd kubernetes-ingress/deployments/helm-chart
$ git checkout v2.1.0
```
## Adding the Helm Repository
This step is required if you're installing the chart via the helm repository.
```console
$ helm repo add nginx-stable https://helm.nginx.com/stable
$ helm repo update
```
## Installing the Chart
### Installing the CRDs
By default, the Ingress Controller requires a number of custom resource definitions (CRDs) installed in the cluster. The Helm client will install those CRDs. If the CRDs are not installed, the Ingress Controller pods will not become `Ready`.
If you do not use the custom resources that require those CRDs (which corresponds to `controller.enableCustomResources` set to `false` and `controller.appprotect.enable` set to `false` and `controller.appprotectdos.enable` set to `false`), the installation of the CRDs can be skipped by specifying `--skip-crds` for the helm install command.
### Installing via Helm Repository
To install the chart with the release name my-release (my-release is the name that you choose):
For NGINX:
```console
$ helm install my-release nginx-stable/nginx-ingress
```
For NGINX Plus: (assuming you have pushed the Ingress controller image `nginx-plus-ingress` to your private registry `myregistry.example.com`)
```console
$ helm install my-release nginx-stable/nginx-ingress --set controller.image.repository=myregistry.example.com/nginx-plus-ingress --set controller.nginxplus=true
```
**Note**: If you wish to use the experimental repository, replace `stable` with `edge` and add the `--devel` flag.
### Installing Using Chart Sources
To install the chart with the release name my-release (my-release is the name that you choose):
For NGINX:
```console
$ helm install my-release .
```
For NGINX Plus:
```console
$ helm install my-release -f values-plus.yaml .
```
**Note**: If you wish to use the experimental repository, replace the value in the `tag` field inside the yaml files with `edge`.
The command deploys the Ingress controller in your Kubernetes cluster in the default configuration. The configuration section lists the parameters that can be configured during installation.
When deploying the Ingress controller, make sure to use your own TLS certificate and key for the default server rather than the default pre-generated ones. Read the [Configuration](#Configuration) section below to see how to configure a TLS certificate and key for the default server. Note that the default server returns the Not Found page with the 404 status code for all requests for domains for which there are no Ingress rules defined.
## Upgrading the Chart
### Upgrading the CRDs
Helm does not upgrade the CRDs during a release upgrade. Before you upgrade a release, run the following command to upgrade the CRDs:
```console
$ kubectl apply -f crds/
```
> **Note**: The following warning is expected and can be ignored: `Warning: kubectl apply should be used on resource created by either kubectl create --save-config or kubectl apply`.
> **Note**: Make sure to check the [release notes](https://www.github.com/nginxinc/kubernetes-ingress/releases)for a new release for any special upgrade procedures.
### Upgrading the Release
To upgrade the release `my-release`:
#### Upgrade Using Chart Sources:
```console
$ helm upgrade my-release .
```
#### Upgrade via Helm Repository:
```console
$ helm upgrade my-release nginx-stable/nginx-ingress
```
## Uninstalling the Chart
### Uninstalling the Release
To uninstall/delete the release `my-release`:
```console
$ helm uninstall my-release
```
The command removes all the Kubernetes components associated with the release and deletes the release.
### Uninstalling the CRDs
Uninstalling the release does not remove the CRDs. To remove the CRDs, run:
```console
$ kubectl delete -f crds/
```
> **Note**: This command will delete all the corresponding custom resources in your cluster across all namespaces. Please ensure there are no custom resources that you want to keep and there are no other Ingress Controller releases running in the cluster.
## Running Multiple Ingress Controllers
If you are running multiple Ingress Controller releases in your cluster with enabled custom resources, the releases will share a single version of the CRDs. As a result, make sure that the Ingress Controller versions match the version of the CRDs. Additionally, when uninstalling a release, ensure that you dont remove the CRDs until there are no other Ingress Controller releases running in the cluster.
See [running multiple ingress controllers](https://docs.nginx.com/nginx-ingress-controller/installation/running-multiple-ingress-controllers/) for more details.
## Configuration
The following tables lists the configurable parameters of the NGINX Ingress controller chart and their default values.
Parameter | Description | Default
--- | --- | ---
`controller.name` | The name of the Ingress controller daemonset or deployment. | Autogenerated
`controller.kind` | The kind of the Ingress controller installation - deployment or daemonset. | deployment
`controller.nginxplus` | Deploys the Ingress controller for NGINX Plus. | false
`controller.nginxReloadTimeout` | The timeout in milliseconds which the Ingress Controller will wait for a successful NGINX reload after a change or at the initial start. | 60000
`controller.hostNetwork` | Enables the Ingress controller pods to use the host's network namespace. | false
`controller.nginxDebug` | Enables debugging for NGINX. Uses the `nginx-debug` binary. Requires `error-log-level: debug` in the ConfigMap via `controller.config.entries`. | false
`controller.logLevel` | The log level of the Ingress Controller. | 1
`controller.image.repository` | The image repository of the Ingress controller. | nginx/nginx-ingress
`controller.image.tag` | The tag of the Ingress controller image. | 2.1.0
`controller.image.pullPolicy` | The pull policy for the Ingress controller image. | IfNotPresent
`controller.config.name` | The name of the ConfigMap used by the Ingress controller. | Autogenerated
`controller.config.annotations` | The annotations of the Ingress controller configmap. | {}
`controller.config.entries` | The entries of the ConfigMap for customizing NGINX configuration. See [ConfigMap resource docs](https://docs.nginx.com/nginx-ingress-controller/configuration/global-configuration/configmap-resource/) for the list of supported ConfigMap keys. | {}
`controller.customPorts` | A list of custom ports to expose on the NGINX ingress controller pod. Follows the conventional Kubernetes yaml syntax for container ports. | []
`controller.defaultTLS.cert` | The base64-encoded TLS certificate for the default HTTPS server. If not specified, a pre-generated self-signed certificate is used. **Note:** It is recommended that you specify your own certificate. | A pre-generated self-signed certificate.
`controller.defaultTLS.key` | The base64-encoded TLS key for the default HTTPS server. **Note:** If not specified, a pre-generated key is used. It is recommended that you specify your own key. | A pre-generated key.
`controller.defaultTLS.secret` | The secret with a TLS certificate and key for the default HTTPS server. The value must follow the following format: `<namespace>/<name>`. Used as an alternative to specifying a certificate and key using `controller.defaultTLS.cert` and `controller.defaultTLS.key` parameters. | None
`controller.wildcardTLS.cert` | The base64-encoded TLS certificate for every Ingress/VirtualServer host that has TLS enabled but no secret specified. If the parameter is not set, for such Ingress/VirtualServer hosts NGINX will break any attempt to establish a TLS connection. | None
`controller.wildcardTLS.key` | The base64-encoded TLS key for every Ingress/VirtualServer host that has TLS enabled but no secret specified. If the parameter is not set, for such Ingress/VirtualServer hosts NGINX will break any attempt to establish a TLS connection. | None
`controller.wildcardTLS.secret` | The secret with a TLS certificate and key for every Ingress/VirtualServer host that has TLS enabled but no secret specified. The value must follow the following format: `<namespace>/<name>`. Used as an alternative to specifying a certificate and key using `controller.wildcardTLS.cert` and `controller.wildcardTLS.key` parameters. | None
`controller.nodeSelector` | The node selector for pod assignment for the Ingress controller pods. | {}
`controller.terminationGracePeriodSeconds` | The termination grace period of the Ingress controller pod. | 30
`controller.tolerations` | The tolerations of the Ingress controller pods. | []
`controller.affinity` | The affinity of the Ingress controller pods. | {}
`controller.volumes` | The volumes of the Ingress controller pods. | []
`controller.volumeMounts` | The volumeMounts of the Ingress controller pods. | []
`controller.initContainers` | InitContainers for the Ingress controller pods. | []
`controller.resources` | The resources of the Ingress controller pods. | {}
`controller.replicaCount` | The number of replicas of the Ingress controller deployment. | 1
`controller.ingressClass` | A class of the Ingress controller. An IngressClass resource with the name equal to the class must be deployed. Otherwise, the Ingress Controller will fail to start. The Ingress controller only processes resources that belong to its class - i.e. have the "ingressClassName" field resource equal to the class. The Ingress Controller processes all the VirtualServer/VirtualServerRoute/TransportServer resources that do not have the "ingressClassName" field for all versions of kubernetes. | nginx
`controller.setAsDefaultIngress` | New Ingresses without an `"ingressClassName"` field specified will be assigned the class specified in `controller.ingressClass`. | false
`controller.watchNamespace` | Namespace to watch for Ingress resources. By default the Ingress controller watches all namespaces. | ""
`controller.enableCustomResources` | Enable the custom resources. | true
`controller.enablePreviewPolicies` | Enable preview policies. | false
`controller.enableTLSPassthrough` | Enable TLS Passthrough on port 443. Requires `controller.enableCustomResources`. | false
`controller.globalConfiguration.create` | Creates the GlobalConfiguration custom resource. Requires `controller.enableCustomResources`. | false
`controller.globalConfiguration.spec` | The spec of the GlobalConfiguration for defining the global configuration parameters of the Ingress Controller. | {}
`controller.enableSnippets` | Enable custom NGINX configuration snippets in Ingress, VirtualServer, VirtualServerRoute and TransportServer resources. | false
`controller.healthStatus` | Add a location "/nginx-health" to the default server. The location responds with the 200 status code for any request. Useful for external health-checking of the Ingress controller. | false
`controller.healthStatusURI` | Sets the URI of health status location in the default server. Requires `controller.healthStatus`. | "/nginx-health"
`controller.nginxStatus.enable` | Enable the NGINX stub_status, or the NGINX Plus API. | true
`controller.nginxStatus.port` | Set the port where the NGINX stub_status or the NGINX Plus API is exposed. | 8080
`controller.nginxStatus.allowCidrs` | Add IPv4 IP/CIDR blocks to the allow list for NGINX stub_status or the NGINX Plus API. Separate multiple IP/CIDR by commas. | 127.0.0.1
`controller.priorityClassName` | The PriorityClass of the Ingress controller pods. | None
`controller.service.create` | Creates a service to expose the Ingress controller pods. | true
`controller.service.type` | The type of service to create for the Ingress controller. | LoadBalancer
`controller.service.externalTrafficPolicy` | The externalTrafficPolicy of the service. The value Local preserves the client source IP. | Local
`controller.service.annotations` | The annotations of the Ingress controller service. | {}
`controller.service.extraLabels` | The extra labels of the service. | {}
`controller.service.loadBalancerIP` | The static IP address for the load balancer. Requires `controller.service.type` set to `LoadBalancer`. The cloud provider must support this feature. | ""
`controller.service.externalIPs` | The list of external IPs for the Ingress controller service. | []
`controller.service.loadBalancerSourceRanges` | The IP ranges (CIDR) that are allowed to access the load balancer. Requires `controller.service.type` set to `LoadBalancer`. The cloud provider must support this feature. | []
`controller.service.name` | The name of the service. | Autogenerated
`controller.service.customPorts` | A list of custom ports to expose through the Ingress controller service. Follows the conventional Kubernetes yaml syntax for service ports. | []
`controller.service.httpPort.enable` | Enables the HTTP port for the Ingress controller service. | true
`controller.service.httpPort.port` | The HTTP port of the Ingress controller service. | 80
`controller.service.httpPort.nodePort` | The custom NodePort for the HTTP port. Requires `controller.service.type` set to `NodePort`. | ""
`controller.service.httpPort.targetPort` | The target port of the HTTP port of the Ingress controller service. | 80
`controller.service.httpsPort.enable` | Enables the HTTPS port for the Ingress controller service. | true
`controller.service.httpsPort.port` | The HTTPS port of the Ingress controller service. | 443
`controller.service.httpsPort.nodePort` | The custom NodePort for the HTTPS port. Requires `controller.service.type` set to `NodePort`. | ""
`controller.service.httpsPort.targetPort` | The target port of the HTTPS port of the Ingress controller service. | 443
`controller.serviceAccount.name` | The name of the service account of the Ingress controller pods. Used for RBAC. | Autogenerated
`controller.serviceAccount.imagePullSecretName` | The name of the secret containing docker registry credentials. Secret must exist in the same namespace as the helm release. | ""
`controller.reportIngressStatus.enable` | Updates the address field in the status of Ingress resources with an external address of the Ingress controller. You must also specify the source of the external address either through an external service via `controller.reportIngressStatus.externalService`, `controller.reportIngressStatus.ingressLink` or the `external-status-address` entry in the ConfigMap via `controller.config.entries`. **Note:** `controller.config.entries.external-status-address` takes precedence over the others. | true
`controller.reportIngressStatus.externalService` | Specifies the name of the service with the type LoadBalancer through which the Ingress controller is exposed externally. The external address of the service is used when reporting the status of Ingress, VirtualServer and VirtualServerRoute resources. `controller.reportIngressStatus.enable` must be set to `true`. The default is autogenerated and enabled when `controller.service.create` is set to `true` and `controller.service.type` is set to `LoadBalancer`. | Autogenerated
`controller.reportIngressStatus.ingressLink` | Specifies the name of the IngressLink resource, which exposes the Ingress Controller pods via a BIG-IP system. The IP of the BIG-IP system is used when reporting the status of Ingress, VirtualServer and VirtualServerRoute resources. `controller.reportIngressStatus.enable` must be set to `true`. | ""
`controller.reportIngressStatus.enableLeaderElection` | Enable Leader election to avoid multiple replicas of the controller reporting the status of Ingress resources. `controller.reportIngressStatus.enable` must be set to `true`. | true
`controller.reportIngressStatus.leaderElectionLockName` | Specifies the name of the ConfigMap, within the same namespace as the controller, used as the lock for leader election. controller.reportIngressStatus.enableLeaderElection must be set to true. | Autogenerated
`controller.reportIngressStatus.annotations` | The annotations of the leader election configmap. | {}
`controller.pod.annotations` | The annotations of the Ingress Controller pod. | {}
`controller.pod.extraLabels` | The additional extra labels of the Ingress Controller pod. | {}
`controller.appprotect.enable` | Enables the App Protect module in the Ingress Controller. | false
`controller.appprotectdos.enable` | Enables the App Protect Dos module in the Ingress Controller. | false
`controller.appprotectdos.debug` | Enable debugging for App Protect Dos. | false
`controller.appprotectdos.maxDaemons` | Max number of ADMD instances. | 1
`controller.appprotectdos.maxWorkers` | Max number of nginx processes to support. | Number of CPU cores in the machine
`controller.appprotectdos.memory` | RAM memory size to consume in MB. | 50% of free RAM in the container or 80MB, the smaller
`controller.readyStatus.enable` | Enables the readiness endpoint `"/nginx-ready"`. The endpoint returns a success code when NGINX has loaded all the config after the startup. This also configures a readiness probe for the Ingress Controller pods that uses the readiness endpoint. | true
`controller.readyStatus.port` | The HTTP port for the readiness endpoint. | 8081
`controller.enableLatencyMetrics` | Enable collection of latency metrics for upstreams. Requires `prometheus.create`. | false
`rbac.create` | Configures RBAC. | true
`prometheus.create` | Expose NGINX or NGINX Plus metrics in the Prometheus format. | false
`prometheus.port` | Configures the port to scrape the metrics. | 9113
`prometheus.scheme` | Configures the HTTP scheme to use for connections to the Prometheus endpoint. | http
`prometheus.secret` | The namespace / name of a Kubernetes TLS Secret. If specified, this secret is used to secure the Prometheus endpoint with TLS connections. | ""
## Notes
* The values-icp.yaml file is used for deploying the Ingress controller on IBM Cloud Private. See the [blog post](https://www.nginx.com/blog/nginx-ingress-controller-ibm-cloud-private/) for more details.

15
charts/nginx-ingress/nginx-ingress/0.12.0/app-readme.md Normal file
View File

@ -0,0 +1,15 @@
# NGINX Ingress Controller
The [NGINX Ingress Controller](https://github.com/nginxinc/kubernetes-ingress) for Kubernetes provides an enterprisegrade implementation of an Ingress controller for NGINX and NGINX Plus for Kubernetes applications.
The Ingress controller is an application that runs in a cluster and configures an HTTP load balancer according to Ingress resources. The load balancer can be a software load balancer running in the cluster or a hardware or cloud load balancer running externally. Different load balancers require different Ingress controller implementations.
In the case of NGINX, the Ingress controller is deployed in a pod along with the load balancer.
NGINX Ingress controller works with both NGINX and NGINX Plus and supports the standard Ingress features - content-based routing and TLS/SSL termination.
Additionally, several NGINX and NGINX Plus features are available as extensions to the Ingress resource via annotations and the ConfigMap resource. In addition to HTTP, NGINX Ingress controller supports load balancing Websocket, gRPC, TCP and UDP applications. See ConfigMap and Annotations docs to learn more about the supported features and customization options.
As an alternative to the Ingress, NGINX Ingress controller supports the VirtualServer and VirtualServerRoute resources. They enable use cases not supported with the Ingress resource, such as traffic splitting and advanced content-based routing.
TCP, UDP and TLS Passthrough load balancing is also supported.

65
charts/nginx-ingress/nginx-ingress/0.12.0/crds/appprotect.f5.com_aplogconfs.yaml Normal file
View File

@ -0,0 +1,65 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.4.0
creationTimestamp: null
name: aplogconfs.appprotect.f5.com
spec:
group: appprotect.f5.com
names:
kind: APLogConf
listKind: APLogConfList
plural: aplogconfs
singular: aplogconf
preserveUnknownFields: false
scope: Namespaced
versions:
- name: v1beta1
schema:
openAPIV3Schema:
description: APLogConf is the Schema for the APLogConfs API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: APLogConfSpec defines the desired state of APLogConf
properties:
content:
properties:
format:
enum:
- splunk
- arcsight
- default
- user-defined
- grpc
type: string
format_string:
type: string
max_message_size:
pattern: ^([1-9]|[1-5][0-9]|6[0-4])k$
type: string
max_request_size:
pattern: ^([1-9]|[1-9][0-9]|[1-9][0-9]{2}|1[0-9]{3}|20[1-3][0-9]|204[1-8]|any)$
type: string
type: object
filter:
properties:
request_type:
enum:
- all
- illegal
- blocked
type: string
type: object
type: object
type: object
served: true
storage: true

1901
charts/nginx-ingress/nginx-ingress/0.12.0/crds/appprotect.f5.com_appolicies.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

93
charts/nginx-ingress/nginx-ingress/0.12.0/crds/appprotect.f5.com_apusersigs.yaml Normal file
View File

@ -0,0 +1,93 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.4.0
creationTimestamp: null
name: apusersigs.appprotect.f5.com
spec:
group: appprotect.f5.com
names:
kind: APUserSig
listKind: APUserSigList
plural: apusersigs
singular: apusersig
preserveUnknownFields: false
scope: Namespaced
versions:
- name: v1beta1
schema:
openAPIV3Schema:
description: APUserSig is the Schema for the apusersigs API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: APUserSigSpec defines the desired state of APUserSig
properties:
properties:
type: string
signatures:
items:
properties:
accuracy:
enum:
- high
- medium
- low
type: string
attackType:
properties:
name:
type: string
type: object
description:
type: string
name:
type: string
references:
properties:
type:
enum:
- bugtraq
- cve
- nessus
- url
type: string
value:
type: string
type: object
risk:
enum:
- high
- medium
- low
type: string
rule:
type: string
signatureType:
enum:
- request
- response
type: string
systems:
items:
properties:
name:
type: string
type: object
type: array
type: object
type: array
tag:
type: string
type: object
type: object
served: true
storage: true

70
charts/nginx-ingress/nginx-ingress/0.12.0/crds/appprotectdos.f5.com_apdoslogconfs.yaml Normal file
View File

@ -0,0 +1,70 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.4.0
creationTimestamp: null
name: apdoslogconfs.appprotectdos.f5.com
spec:
group: appprotectdos.f5.com
names:
kind: APDosLogConf
listKind: APDosLogConfList
plural: apdoslogconfs
singular: apdoslogconf
preserveUnknownFields: false
scope: Namespaced
versions:
- name: v1beta1
schema:
openAPIV3Schema:
description: APDosLogConf is the Schema for the APDosLogConfs API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: APDosLogConfSpec defines the desired state of APDosLogConf
properties:
content:
properties:
format:
enum:
- splunk
- arcsight
- user-defined
default: splunk
type: string
format_string:
type: string
max_message_size:
pattern: ^([1-9]|[1-5][0-9]|6[0-4])k$
default: 5k
type: string
type: object
filter:
properties:
traffic-mitigation-stats:
enum:
- none
- all
default: all
type: string
bad-actors:
pattern: ^(none|all|top ([1-9]|[1-9][0-9]|[1-9][0-9]{2,4}|100000))$
default: top 10
type: string
attack-signatures:
pattern: ^(none|all|top ([1-9]|[1-9][0-9]|[1-9][0-9]{2,4}|100000))$
default: top 10
type: string
type: object
type: object
type: object
served: true
storage: true

68
charts/nginx-ingress/nginx-ingress/0.12.0/crds/appprotectdos.f5.com_apdospolicy.yaml Normal file
View File

@ -0,0 +1,68 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.4.0
creationTimestamp: null
name: apdospolicies.appprotectdos.f5.com
spec:
group: appprotectdos.f5.com
names:
kind: APDosPolicy
listKind: APDosPoliciesList
plural: apdospolicies
singular: apdospolicy
preserveUnknownFields: false
scope: Namespaced
versions:
- name: v1beta1
schema:
openAPIV3Schema:
type: object
description: APDosPolicy is the Schema for the APDosPolicy API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
type: object
description: APDosPolicySpec defines the desired state of APDosPolicy
properties:
mitigation_mode:
enum:
- "standard"
- "conservative"
- "none"
default: "standard"
type: string
signatures:
enum:
- "on"
- "off"
default: "on"
type: string
bad_actors:
enum:
- "on"
- "off"
default: "on"
type: string
automation_tools_detection:
enum:
- "on"
- "off"
default: "on"
type: string
tls_fingerprint:
enum:
- "on"
- "off"
default: "on"
type: string
served: true
storage: true

87
charts/nginx-ingress/nginx-ingress/0.12.0/crds/appprotectdos.f5.com_dosprotectedresources.yaml Normal file
View File

@ -0,0 +1,87 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.7.0
creationTimestamp: null
name: dosprotectedresources.appprotectdos.f5.com
spec:
group: appprotectdos.f5.com
names:
kind: DosProtectedResource
listKind: DosProtectedResourceList
plural: dosprotectedresources
shortNames:
- pr
singular: dosprotectedresource
scope: Namespaced
versions:
- name: v1beta1
schema:
openAPIV3Schema:
description: DosProtectedResource defines a Dos protected resource.
type: object
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: DosProtectedResourceSpec deines the properties and values a DosProtectedResource can have.
type: object
properties:
apDosMonitor:
description: 'ApDosMonitor is how NGINX App Protect DoS monitors the stress level of the protected object. The monitor requests are sent from localhost (127.0.0.1). Default value: URI - None, protocol - http1, timeout - NGINX App Protect DoS default.'
type: object
properties:
protocol:
description: Protocol determines if the server listens on http1 / http2 / grpc. The default is http1.
type: string
enum:
- http1
- http2
- grpc
timeout:
description: Timeout determines how long (in seconds) should NGINX App Protect DoS wait for a response. Default is 10 seconds for http1/http2 and 5 seconds for grpc.
type: integer
format: int64
uri:
description: 'URI is the destination to the desired protected object in the nginx.conf:'
type: string
apDosPolicy:
description: ApDosPolicy is the namespace/name of a ApDosPolicy resource
type: string
dosAccessLogDest:
description: DosAccessLogDest is the network address for the access logs
type: string
dosSecurityLog:
description: DosSecurityLog defines the security log of the DosProtectedResource.
type: object
properties:
apDosLogConf:
description: ApDosLogConf is the namespace/name of a APDosLogConf resource
type: string
dosLogDest:
description: DosLogDest is the network address of a logging service, can be either IP or DNS name.
type: string
enable:
description: Enable enables the security logging feature if set to true
type: boolean
enable:
description: Enable enables the DOS feature if set to true
type: boolean
name:
description: Name is the name of protected object, max of 63 characters.
type: string
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

56
charts/nginx-ingress/nginx-ingress/0.12.0/crds/k8s.nginx.org_globalconfigurations.yaml Normal file
View File

@ -0,0 +1,56 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.7.0
creationTimestamp: null
name: globalconfigurations.k8s.nginx.org
spec:
group: k8s.nginx.org
names:
kind: GlobalConfiguration
listKind: GlobalConfigurationList
plural: globalconfigurations
shortNames:
- gc
singular: globalconfiguration
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: GlobalConfiguration defines the GlobalConfiguration resource.
type: object
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: GlobalConfigurationSpec is the spec of the GlobalConfiguration resource.
type: object
properties:
listeners:
type: array
items:
description: Listener defines a listener.
type: object
properties:
name:
type: string
port:
type: integer
protocol:
type: string
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

274
charts/nginx-ingress/nginx-ingress/0.12.0/crds/k8s.nginx.org_policies.yaml Normal file
View File

@ -0,0 +1,274 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.7.0
creationTimestamp: null
name: policies.k8s.nginx.org
spec:
group: k8s.nginx.org
names:
kind: Policy
listKind: PolicyList
plural: policies
shortNames:
- pol
singular: policy
scope: Namespaced
versions:
- additionalPrinterColumns:
- description: Current state of the Policy. If the resource has a valid status, it means it has been validated and accepted by the Ingress Controller.
jsonPath: .status.state
name: State
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1
schema:
openAPIV3Schema:
description: Policy defines a Policy for VirtualServer and VirtualServerRoute resources.
type: object
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: PolicySpec is the spec of the Policy resource. The spec includes multiple fields, where each field represents a different policy. Only one policy (field) is allowed.
type: object
properties:
accessControl:
description: 'AccessControl defines an access policy based on the source IP of a request. policy status: production-ready'
type: object
properties:
allow:
type: array
items:
type: string
deny:
type: array
items:
type: string
egressMTLS:
description: 'EgressMTLS defines an Egress MTLS policy. policy status: preview'
type: object
properties:
ciphers:
type: string
protocols:
type: string
serverName:
type: boolean
sessionReuse:
type: boolean
sslName:
type: string
tlsSecret:
type: string
trustedCertSecret:
type: string
verifyDepth:
type: integer
verifyServer:
type: boolean
ingressClassName:
type: string
ingressMTLS:
description: 'IngressMTLS defines an Ingress MTLS policy. policy status: preview'
type: object
properties:
clientCertSecret:
type: string
verifyClient:
type: string
verifyDepth:
type: integer
jwt:
description: 'JWTAuth holds JWT authentication configuration. policy status: preview'
type: object
properties:
realm:
type: string
secret:
type: string
token:
type: string
oidc:
description: OIDC defines an Open ID Connect policy.
type: object
properties:
authEndpoint:
type: string
clientID:
type: string
clientSecret:
type: string
jwksURI:
type: string
redirectURI:
type: string
scope:
type: string
tokenEndpoint:
type: string
rateLimit:
description: 'RateLimit defines a rate limit policy. policy status: preview'
type: object
properties:
burst:
type: integer
delay:
type: integer
dryRun:
type: boolean
key:
type: string
logLevel:
type: string
noDelay:
type: boolean
rate:
type: string
rejectCode:
type: integer
zoneSize:
type: string
waf:
description: 'WAF defines an WAF policy. policy status: preview'
type: object
properties:
apPolicy:
type: string
enable:
type: boolean
securityLog:
description: SecurityLog defines the security log of a WAF policy.
type: object
properties:
apLogConf:
type: string
enable:
type: boolean
logDest:
type: string
status:
description: PolicyStatus is the status of the policy resource
type: object
properties:
message:
type: string
reason:
type: string
state:
type: string
served: true
storage: true
subresources:
status: {}
- name: v1alpha1
schema:
openAPIV3Schema:
description: Policy defines a Policy for VirtualServer and VirtualServerRoute resources.
type: object
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: PolicySpec is the spec of the Policy resource. The spec includes multiple fields, where each field represents a different policy. Only one policy (field) is allowed.
type: object
properties:
accessControl:
description: AccessControl defines an access policy based on the source IP of a request.
type: object
properties:
allow:
type: array
items:
type: string
deny:
type: array
items:
type: string
egressMTLS:
description: EgressMTLS defines an Egress MTLS policy.
type: object
properties:
ciphers:
type: string
protocols:
type: string
serverName:
type: boolean
sessionReuse:
type: boolean
sslName:
type: string
tlsSecret:
type: string
trustedCertSecret:
type: string
verifyDepth:
type: integer
verifyServer:
type: boolean
ingressMTLS:
description: IngressMTLS defines an Ingress MTLS policy.
type: object
properties:
clientCertSecret:
type: string
verifyClient:
type: string
verifyDepth:
type: integer
jwt:
description: JWTAuth holds JWT authentication configuration.
type: object
properties:
realm:
type: string
secret:
type: string
token:
type: string
rateLimit:
description: RateLimit defines a rate limit policy.
type: object
properties:
burst:
type: integer
delay:
type: integer
dryRun:
type: boolean
key:
type: string
logLevel:
type: string
noDelay:
type: boolean
rate:
type: string
rejectCode:
type: integer
zoneSize:
type: string
served: true
storage: false
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

157
charts/nginx-ingress/nginx-ingress/0.12.0/crds/k8s.nginx.org_transportservers.yaml Normal file
View File

@ -0,0 +1,157 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.7.0
creationTimestamp: null
name: transportservers.k8s.nginx.org
spec:
group: k8s.nginx.org
names:
kind: TransportServer
listKind: TransportServerList
plural: transportservers
shortNames:
- ts
singular: transportserver
scope: Namespaced
versions:
- additionalPrinterColumns:
- description: Current state of the TransportServer. If the resource has a valid status, it means it has been validated and accepted by the Ingress Controller.
jsonPath: .status.state
name: State
type: string
- jsonPath: .status.reason
name: Reason
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1alpha1
schema:
openAPIV3Schema:
description: TransportServer defines the TransportServer resource.
type: object
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: TransportServerSpec is the spec of the TransportServer resource.
type: object
properties:
action:
description: Action defines an action.
type: object
properties:
pass:
type: string
host:
type: string
ingressClassName:
type: string
listener:
description: TransportServerListener defines a listener for a TransportServer.
type: object
properties:
name:
type: string
protocol:
type: string
serverSnippets:
type: string
sessionParameters:
description: SessionParameters defines session parameters.
type: object
properties:
timeout:
type: string
streamSnippets:
type: string
upstreamParameters:
description: UpstreamParameters defines parameters for an upstream.
type: object
properties:
connectTimeout:
type: string
nextUpstream:
type: boolean
nextUpstreamTimeout:
type: string
nextUpstreamTries:
type: integer
udpRequests:
type: integer
udpResponses:
type: integer
upstreams:
type: array
items:
description: Upstream defines an upstream.
type: object
properties:
failTimeout:
type: string
healthCheck:
description: HealthCheck defines the parameters for active Upstream HealthChecks.
type: object
properties:
enable:
type: boolean
fails:
type: integer
interval:
type: string
jitter:
type: string
match:
description: Match defines the parameters of a custom health check.
type: object
properties:
expect:
type: string
send:
type: string
passes:
type: integer
port:
type: integer
timeout:
type: string
loadBalancingMethod:
type: string
maxConns:
type: integer
maxFails:
type: integer
name:
type: string
port:
type: integer
service:
type: string
status:
description: TransportServerStatus defines the status for the TransportServer resource.
type: object
properties:
message:
type: string
reason:
type: string
state:
type: string
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

635
charts/nginx-ingress/nginx-ingress/0.12.0/crds/k8s.nginx.org_virtualserverroutes.yaml Normal file
View File

@ -0,0 +1,635 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.7.0
creationTimestamp: null
name: virtualserverroutes.k8s.nginx.org
spec:
group: k8s.nginx.org
names:
kind: VirtualServerRoute
listKind: VirtualServerRouteList
plural: virtualserverroutes
shortNames:
- vsr
singular: virtualserverroute
scope: Namespaced
versions:
- additionalPrinterColumns:
- description: Current state of the VirtualServerRoute. If the resource has a valid status, it means it has been validated and accepted by the Ingress Controller.
jsonPath: .status.state
name: State
type: string
- jsonPath: .spec.host
name: Host
type: string
- jsonPath: .status.externalEndpoints[*].ip
name: IP
type: string
- jsonPath: .status.externalEndpoints[*].ports
name: Ports
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1
schema:
openAPIV3Schema:
description: VirtualServerRoute defines the VirtualServerRoute resource.
type: object
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: VirtualServerRouteSpec is the spec of the VirtualServerRoute resource.
type: object
properties:
host:
type: string
ingressClassName:
type: string
subroutes:
type: array
items:
description: Route defines a route.
type: object
properties:
action:
description: Action defines an action.
type: object
properties:
pass:
type: string
proxy:
description: ActionProxy defines a proxy in an Action.
type: object
properties:
requestHeaders:
description: ProxyRequestHeaders defines the request headers manipulation in an ActionProxy.
type: object
properties:
pass:
type: boolean
set:
type: array
items:
description: Header defines an HTTP Header.
type: object
properties:
name:
type: string
value:
type: string
responseHeaders:
description: ProxyResponseHeaders defines the response headers manipulation in an ActionProxy.
type: object
properties:
add:
type: array
items:
description: AddHeader defines an HTTP Header with an optional Always field to use with the add_header NGINX directive.
type: object
properties:
always:
type: boolean
name:
type: string
value:
type: string
hide:
type: array
items:
type: string
ignore:
type: array
items:
type: string
pass:
type: array
items:
type: string
rewritePath:
type: string
upstream:
type: string
redirect:
description: ActionRedirect defines a redirect in an Action.
type: object
properties:
code:
type: integer
url:
type: string
return:
description: ActionReturn defines a return in an Action.
type: object
properties:
body:
type: string
code:
type: integer
type:
type: string
dos:
type: string
errorPages:
type: array
items:
description: ErrorPage defines an ErrorPage in a Route.
type: object
properties:
codes:
type: array
items:
type: integer
redirect:
description: ErrorPageRedirect defines a redirect for an ErrorPage.
type: object
properties:
code:
type: integer
url:
type: string
return:
description: ErrorPageReturn defines a return for an ErrorPage.
type: object
properties:
body:
type: string
code:
type: integer
headers:
type: array
items:
description: Header defines an HTTP Header.
type: object
properties:
name:
type: string
value:
type: string
type:
type: string
location-snippets:
type: string
matches:
type: array
items:
description: Match defines a match.
type: object
properties:
action:
description: Action defines an action.
type: object
properties:
pass:
type: string
proxy:
description: ActionProxy defines a proxy in an Action.
type: object
properties:
requestHeaders:
description: ProxyRequestHeaders defines the request headers manipulation in an ActionProxy.
type: object
properties:
pass:
type: boolean
set:
type: array
items:
description: Header defines an HTTP Header.
type: object
properties:
name:
type: string
value:
type: string
responseHeaders:
description: ProxyResponseHeaders defines the response headers manipulation in an ActionProxy.
type: object
properties:
add:
type: array
items:
description: AddHeader defines an HTTP Header with an optional Always field to use with the add_header NGINX directive.
type: object
properties:
always:
type: boolean
name:
type: string
value:
type: string
hide:
type: array
items:
type: string
ignore:
type: array
items:
type: string
pass:
type: array
items:
type: string
rewritePath:
type: string
upstream:
type: string
redirect:
description: ActionRedirect defines a redirect in an Action.
type: object
properties:
code:
type: integer
url:
type: string
return:
description: ActionReturn defines a return in an Action.
type: object
properties:
body:
type: string
code:
type: integer
type:
type: string
conditions:
type: array
items:
description: Condition defines a condition in a MatchRule.
type: object
properties:
argument:
type: string
cookie:
type: string
header:
type: string
value:
type: string
variable:
type: string
splits:
type: array
items:
description: Split defines a split.
type: object
properties:
action:
description: Action defines an action.
type: object
properties:
pass:
type: string
proxy:
description: ActionProxy defines a proxy in an Action.
type: object
properties:
requestHeaders:
description: ProxyRequestHeaders defines the request headers manipulation in an ActionProxy.
type: object
properties:
pass:
type: boolean
set:
type: array
items:
description: Header defines an HTTP Header.
type: object
properties:
name:
type: string
value:
type: string
responseHeaders:
description: ProxyResponseHeaders defines the response headers manipulation in an ActionProxy.
type: object
properties:
add:
type: array
items:
description: AddHeader defines an HTTP Header with an optional Always field to use with the add_header NGINX directive.
type: object
properties:
always:
type: boolean
name:
type: string
value:
type: string
hide:
type: array
items:
type: string
ignore:
type: array
items:
type: string
pass:
type: array
items:
type: string
rewritePath:
type: string
upstream:
type: string
redirect:
description: ActionRedirect defines a redirect in an Action.
type: object
properties:
code:
type: integer
url:
type: string
return:
description: ActionReturn defines a return in an Action.
type: object
properties:
body:
type: string
code:
type: integer
type:
type: string
weight:
type: integer
path:
type: string
policies:
type: array
items:
description: PolicyReference references a policy by name and an optional namespace.
type: object
properties:
name:
type: string
namespace:
type: string
route:
type: string
splits:
type: array
items:
description: Split defines a split.
type: object
properties:
action:
description: Action defines an action.
type: object
properties:
pass:
type: string
proxy:
description: ActionProxy defines a proxy in an Action.
type: object
properties:
requestHeaders:
description: ProxyRequestHeaders defines the request headers manipulation in an ActionProxy.
type: object
properties:
pass:
type: boolean
set:
type: array
items:
description: Header defines an HTTP Header.
type: object
properties:
name:
type: string
value:
type: string
responseHeaders:
description: ProxyResponseHeaders defines the response headers manipulation in an ActionProxy.
type: object
properties:
add:
type: array
items:
description: AddHeader defines an HTTP Header with an optional Always field to use with the add_header NGINX directive.
type: object
properties:
always:
type: boolean
name:
type: string
value:
type: string
hide:
type: array
items:
type: string
ignore:
type: array
items:
type: string
pass:
type: array
items:
type: string
rewritePath:
type: string
upstream:
type: string
redirect:
description: ActionRedirect defines a redirect in an Action.
type: object
properties:
code:
type: integer
url:
type: string
return:
description: ActionReturn defines a return in an Action.
type: object
properties:
body:
type: string
code:
type: integer
type:
type: string
weight:
type: integer
upstreams:
type: array
items:
description: Upstream defines an upstream.
type: object
properties:
buffer-size:
type: string
buffering:
type: boolean
buffers:
description: UpstreamBuffers defines Buffer Configuration for an Upstream.
type: object
properties:
number:
type: integer
size:
type: string
client-max-body-size:
type: string
connect-timeout:
type: string
fail-timeout:
type: string
healthCheck:
description: HealthCheck defines the parameters for active Upstream HealthChecks.
type: object
properties:
connect-timeout:
type: string
enable:
type: boolean
fails:
type: integer
grpcService:
type: string
grpcStatus:
type: integer
headers:
type: array
items:
description: Header defines an HTTP Header.
type: object
properties:
name:
type: string
value:
type: string
interval:
type: string
jitter:
type: string
mandatory:
type: boolean
passes:
type: integer
path:
type: string
persistent:
type: boolean
port:
type: integer
read-timeout:
type: string
send-timeout:
type: string
statusMatch:
type: string
tls:
description: UpstreamTLS defines a TLS configuration for an Upstream.
type: object
properties:
enable:
type: boolean
keepalive:
type: integer
lb-method:
type: string
max-conns:
type: integer
max-fails:
type: integer
name:
type: string
next-upstream:
type: string
next-upstream-timeout:
type: string
next-upstream-tries:
type: integer
ntlm:
type: boolean
port:
type: integer
queue:
description: UpstreamQueue defines Queue Configuration for an Upstream.
type: object
properties:
size:
type: integer
timeout:
type: string
read-timeout:
type: string
send-timeout:
type: string
service:
type: string
sessionCookie:
description: SessionCookie defines the parameters for session persistence.
type: object
properties:
domain:
type: string
enable:
type: boolean
expires:
type: string
httpOnly:
type: boolean
name:
type: string
path:
type: string
secure:
type: boolean
slow-start:
type: string
subselector:
type: object
additionalProperties:
type: string
tls:
description: UpstreamTLS defines a TLS configuration for an Upstream.
type: object
properties:
enable:
type: boolean
type:
type: string
use-cluster-ip:
type: boolean
status:
description: VirtualServerRouteStatus defines the status for the VirtualServerRoute resource.
type: object
properties:
externalEndpoints:
type: array
items:
description: ExternalEndpoint defines the IP and ports used to connect to this resource.
type: object
properties:
ip:
type: string
ports:
type: string
message:
type: string
reason:
type: string
referencedBy:
type: string
state:
type: string
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

665
charts/nginx-ingress/nginx-ingress/0.12.0/crds/k8s.nginx.org_virtualservers.yaml Normal file
View File

@ -0,0 +1,665 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.7.0
creationTimestamp: null
name: virtualservers.k8s.nginx.org
spec:
group: k8s.nginx.org
names:
kind: VirtualServer
listKind: VirtualServerList
plural: virtualservers
shortNames:
- vs
singular: virtualserver
scope: Namespaced
versions:
- additionalPrinterColumns:
- description: Current state of the VirtualServer. If the resource has a valid status, it means it has been validated and accepted by the Ingress Controller.
jsonPath: .status.state
name: State
type: string
- jsonPath: .spec.host
name: Host
type: string
- jsonPath: .status.externalEndpoints[*].ip
name: IP
type: string
- jsonPath: .status.externalEndpoints[*].ports
name: Ports
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1
schema:
openAPIV3Schema:
description: VirtualServer defines the VirtualServer resource.
type: object
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: VirtualServerSpec is the spec of the VirtualServer resource.
type: object
properties:
dos:
type: string
host:
type: string
http-snippets:
type: string
ingressClassName:
type: string
policies:
type: array
items:
description: PolicyReference references a policy by name and an optional namespace.
type: object
properties:
name:
type: string
namespace:
type: string
routes:
type: array
items:
description: Route defines a route.
type: object
properties:
action:
description: Action defines an action.
type: object
properties:
pass:
type: string
proxy:
description: ActionProxy defines a proxy in an Action.
type: object
properties:
requestHeaders:
description: ProxyRequestHeaders defines the request headers manipulation in an ActionProxy.
type: object
properties:
pass:
type: boolean
set:
type: array
items:
description: Header defines an HTTP Header.
type: object
properties:
name:
type: string
value:
type: string
responseHeaders:
description: ProxyResponseHeaders defines the response headers manipulation in an ActionProxy.
type: object
properties:
add:
type: array
items:
description: AddHeader defines an HTTP Header with an optional Always field to use with the add_header NGINX directive.
type: object
properties:
always:
type: boolean
name:
type: string
value:
type: string
hide:
type: array
items:
type: string
ignore:
type: array
items:
type: string
pass:
type: array
items:
type: string
rewritePath:
type: string
upstream:
type: string
redirect:
description: ActionRedirect defines a redirect in an Action.
type: object
properties:
code:
type: integer
url:
type: string
return:
description: ActionReturn defines a return in an Action.
type: object
properties:
body:
type: string
code:
type: integer
type:
type: string
dos:
type: string
errorPages:
type: array
items:
description: ErrorPage defines an ErrorPage in a Route.
type: object
properties:
codes:
type: array
items:
type: integer
redirect:
description: ErrorPageRedirect defines a redirect for an ErrorPage.
type: object
properties:
code:
type: integer
url:
type: string
return:
description: ErrorPageReturn defines a return for an ErrorPage.
type: object
properties:
body:
type: string
code:
type: integer
headers:
type: array
items:
description: Header defines an HTTP Header.
type: object
properties:
name:
type: string
value:
type: string
type:
type: string
location-snippets:
type: string
matches:
type: array
items:
description: Match defines a match.
type: object
properties:
action:
description: Action defines an action.
type: object
properties:
pass:
type: string
proxy:
description: ActionProxy defines a proxy in an Action.
type: object
properties:
requestHeaders:
description: ProxyRequestHeaders defines the request headers manipulation in an ActionProxy.
type: object
properties:
pass:
type: boolean
set:
type: array
items:
description: Header defines an HTTP Header.
type: object
properties:
name:
type: string
value:
type: string
responseHeaders:
description: ProxyResponseHeaders defines the response headers manipulation in an ActionProxy.
type: object
properties:
add:
type: array
items:
description: AddHeader defines an HTTP Header with an optional Always field to use with the add_header NGINX directive.
type: object
properties:
always:
type: boolean
name:
type: string
value:
type: string
hide:
type: array
items:
type: string
ignore:
type: array
items:
type: string
pass:
type: array
items:
type: string
rewritePath:
type: string
upstream:
type: string
redirect:
description: ActionRedirect defines a redirect in an Action.
type: object
properties:
code:
type: integer
url:
type: string
return:
description: ActionReturn defines a return in an Action.
type: object
properties:
body:
type: string
code:
type: integer
type:
type: string
conditions:
type: array
items:
description: Condition defines a condition in a MatchRule.
type: object
properties:
argument:
type: string
cookie:
type: string
header:
type: string
value:
type: string
variable:
type: string
splits:
type: array
items:
description: Split defines a split.
type: object
properties:
action:
description: Action defines an action.
type: object
properties:
pass:
type: string
proxy:
description: ActionProxy defines a proxy in an Action.
type: object
properties:
requestHeaders:
description: ProxyRequestHeaders defines the request headers manipulation in an ActionProxy.
type: object
properties:
pass:
type: boolean
set:
type: array
items:
description: Header defines an HTTP Header.
type: object
properties:
name:
type: string
value:
type: string
responseHeaders:
description: ProxyResponseHeaders defines the response headers manipulation in an ActionProxy.
type: object
properties:
add:
type: array
items:
description: AddHeader defines an HTTP Header with an optional Always field to use with the add_header NGINX directive.
type: object
properties:
always:
type: boolean
name:
type: string
value:
type: string
hide:
type: array
items:
type: string
ignore:
type: array
items:
type: string
pass:
type: array
items:
type: string
rewritePath:
type: string
upstream:
type: string
redirect:
description: ActionRedirect defines a redirect in an Action.
type: object
properties:
code:
type: integer
url:
type: string
return:
description: ActionReturn defines a return in an Action.
type: object
properties:
body:
type: string
code:
type: integer
type:
type: string
weight:
type: integer
path:
type: string
policies:
type: array
items:
description: PolicyReference references a policy by name and an optional namespace.
type: object
properties:
name:
type: string
namespace:
type: string
route:
type: string
splits:
type: array
items:
description: Split defines a split.
type: object
properties:
action:
description: Action defines an action.
type: object
properties:
pass:
type: string
proxy:
description: ActionProxy defines a proxy in an Action.
type: object
properties:
requestHeaders:
description: ProxyRequestHeaders defines the request headers manipulation in an ActionProxy.
type: object
properties:
pass:
type: boolean
set:
type: array
items:
description: Header defines an HTTP Header.
type: object
properties:
name:
type: string
value:
type: string
responseHeaders:
description: ProxyResponseHeaders defines the response headers manipulation in an ActionProxy.
type: object
properties:
add:
type: array
items:
description: AddHeader defines an HTTP Header with an optional Always field to use with the add_header NGINX directive.
type: object
properties:
always:
type: boolean
name:
type: string
value:
type: string
hide:
type: array
items:
type: string
ignore:
type: array
items:
type: string
pass:
type: array
items:
type: string
rewritePath:
type: string
upstream:
type: string
redirect:
description: ActionRedirect defines a redirect in an Action.
type: object
properties:
code:
type: integer
url:
type: string
return:
description: ActionReturn defines a return in an Action.
type: object
properties:
body:
type: string
code:
type: integer
type:
type: string
weight:
type: integer
server-snippets:
type: string
tls:
description: TLS defines TLS configuration for a VirtualServer.
type: object
properties:
redirect:
description: TLSRedirect defines a redirect for a TLS.
type: object
properties:
basedOn:
type: string
code:
type: integer
enable:
type: boolean
secret:
type: string
upstreams:
type: array
items:
description: Upstream defines an upstream.
type: object
properties:
buffer-size:
type: string
buffering:
type: boolean
buffers:
description: UpstreamBuffers defines Buffer Configuration for an Upstream.
type: object
properties:
number:
type: integer
size:
type: string
client-max-body-size:
type: string
connect-timeout:
type: string
fail-timeout:
type: string
healthCheck:
description: HealthCheck defines the parameters for active Upstream HealthChecks.
type: object
properties:
connect-timeout:
type: string
enable:
type: boolean
fails:
type: integer
grpcService:
type: string
grpcStatus:
type: integer
headers:
type: array
items:
description: Header defines an HTTP Header.
type: object
properties:
name:
type: string
value:
type: string
interval:
type: string
jitter:
type: string
mandatory:
type: boolean
passes:
type: integer
path:
type: string
persistent:
type: boolean
port:
type: integer
read-timeout:
type: string
send-timeout:
type: string
statusMatch:
type: string
tls:
description: UpstreamTLS defines a TLS configuration for an Upstream.
type: object
properties:
enable:
type: boolean
keepalive:
type: integer
lb-method:
type: string
max-conns:
type: integer
max-fails:
type: integer
name:
type: string
next-upstream:
type: string
next-upstream-timeout:
type: string
next-upstream-tries:
type: integer
ntlm:
type: boolean
port:
type: integer
queue:
description: UpstreamQueue defines Queue Configuration for an Upstream.
type: object
properties:
size:
type: integer
timeout:
type: string
read-timeout:
type: string
send-timeout:
type: string
service:
type: string
sessionCookie:
description: SessionCookie defines the parameters for session persistence.
type: object
properties:
domain:
type: string
enable:
type: boolean
expires:
type: string
httpOnly:
type: boolean
name:
type: string
path:
type: string
secure:
type: boolean
slow-start:
type: string
subselector:
type: object
additionalProperties:
type: string
tls:
description: UpstreamTLS defines a TLS configuration for an Upstream.
type: object
properties:
enable:
type: boolean
type:
type: string
use-cluster-ip:
type: boolean
status:
description: VirtualServerStatus defines the status for the VirtualServer resource.
type: object
properties:
externalEndpoints:
type: array
items:
description: ExternalEndpoint defines the IP and ports used to connect to this resource.
type: object
properties:
ip:
type: string
ports:
type: string
message:
type: string
reason:
type: string
state:
type: string
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

168
charts/nginx-ingress/nginx-ingress/0.12.0/questions.yaml Normal file
View File

@ -0,0 +1,168 @@
questions:
- variable: controller.kind
type: enum
options:
- deployment
- daemonset
default: deployment
description: "The kind of the Ingress controller installation - deployment or daemonset."
label: Installation Kind
group: "Settings"
- variable: imageDefault
default: true
description: "Use default Docker image"
label: Use Default Image
type: boolean
group: "Settings"
show_subquestion_if: false
subquestions:
- variable: controller.nginxplus
default: false
description: "Deploys the Ingress controller for NGINX Plus."
label: Deploy NGINX Plus
type: boolean
group: "NGINX Plus"
- variable: controller.appprotect.enable
default: false
description: "Enable the App Protect module in the Ingress Controller."
label: Enable the App Protect module.
type: boolean
- variable: controller.appprotectdos.enable
default: false
description: "Enable the App Protect DoS module in the Ingress Controller."
label: Enable the App Protect DoS module.
type: boolean
- variable: controller.image.repository
default: nginx/nginx-ingress
description: "The image repository of the Ingress controller."
type: string
label: NGINX Ingress Controller Image Repository
required: true
- variable: controller.image.tag
default: 2.1.0
description: "The tag of the Ingress controller image."
type: string
label: NGINX Ingress Controller Image Tag
required: true
- variable: controller.image.pullPolicy
type: enum
options:
- IfNotPresent
- Always
- Never
default: IfNotPresent
description: "The pull policy for the Ingress controller image."
label: NGINX Ingress Controller Image Pull Policy
- variable: controller.serviceAccount.imagePullSecretName
default: ""
description: "The name of the secret containing docker registry credentials. Secret must exist in the same namespace as the helm release."
type: string
label: Image Pull Secret Name
- variable: controller.defaultTLS.secret
default: ""
description: "The secret with a TLS certificate and key for the default HTTPS server. The value must follow the following format: `<namespace>/<name>`."
label: TLS Secret
type: string
group: "Settings"
- variable: controller.ingressClass
default: nginx
description: "A class of the Ingress controller. The Ingress controller only processes Ingress resources that belong to its class - i.e. have the annotation `[kubernetes.io/ingress.class]` equal to the class. Additionally, the Ingress controller processes Ingress resources that do not have that annotation which can be disabled by setting the [-use-ingress-class-only] flag."
label: Ingress Class
type: string
group: "Settings"
required: true
subquestions:
- variable: controller.useIngressClassOnly
default: false
description: "Ignore Ingress resources without the `[kubernetes.io/ingress.class]` annotation."
label: Use Ingress Class Only
type: boolean
group: "Settings"
- variable: controller.enableCustomResources
default: true
label: Enable Custom Resources
type: boolean
group: "Settings"
show_subquestion_if: true
subquestions:
- variable: controller.globalConfiguration.create
default: true
description: "Creates the GlobalConfiguration custom resource."
label: Create GlobalConfiguration Custom Resource
type: boolean
group: "Settings"
- variable: controller.watchNamespace
default: ""
description: "Namespace to watch for Ingress resources. By default the Ingress controller watches all namespaces."
label: Watch Namespace
type: string
group: "Settings"
- variable: controller.service.create
default: true
description: "Creates a service to expose the Ingress controller pods."
label: Create a Service
type: boolean
group: "Service"
show_subquestion_if: true
subquestions:
- variable: controller.service.type
type: enum
options:
- LoadBalancer
- NodePort
default: LoadBalancer
description: "The type of service to create for the Ingress controller."
label: Type of Service
- variable: controller.service.httpPort.enable
default: true
description: "Enables the HTTP port for the Ingress controller service."
label: Enable HTTP Port
type: boolean
group: "Service"
show_subquestion_if: true
subquestions:
- variable: controller.service.httpPort.port
default: 80
description: "The HTTP port of the Ingress controller service."
label: HTTP Port
type: int
required: true
- variable: controller.service.httpsPort.enable
default: true
description: "Enables the HTTPS port for the Ingress controller service."
label: Enable HTTPS Port
type: boolean
group: "Service"
show_subquestion_if: true
subquestions:
- variable: controller.service.httpsPort.port
default: 443
description: "The HTTPS port of the Ingress controller service."
label: HTTPS Port
type: int
required: true
- variable: prometheus.create
default: false
description: "Expose NGINX or NGINX Plus metrics in the Prometheus format."
label: Enable Exposing Prometheus Metrics
type: boolean
group: "Prometheus"
show_subquestion_if: true
subquestions:
- variable: prometheus.port
default: 9113
description: "Configures the port to scrape the metrics."
label: Prometheus Port
type: int
required: true
- variable: prometheus.scheme
default: http
description: "Configures the HTTP scheme to use for connections to the Prometheus endpoint."
label: Prometheus Scheme
type: string
required: true
- variable: prometheus.secret
default: ""
description: "The namespace / name of a Kubernetes TLS Secret. If specified, this secret is used to secure the Prometheus endpoint with TLS connections."
label: Prometheus Secret
type: string

1
charts/nginx-ingress/nginx-ingress/0.12.0/templates/NOTES.txt Normal file
View File

@ -0,0 +1 @@
The NGINX Ingress Controller has been installed.

71
charts/nginx-ingress/nginx-ingress/0.12.0/templates/_helpers.tpl Normal file
View File

@ -0,0 +1,71 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "nginx-ingress.name" -}}
{{- printf "%s-%s" .Release.Name .Chart.Name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create labels
*/}}
{{- define "nginx-ingress.labels" -}}
app.kubernetes.io/name: {{ include "nginx-ingress.name" . }}
helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end -}}
{{/*
Expand the name of the configmap.
*/}}
{{- define "nginx-ingress.configName" -}}
{{- default (include "nginx-ingress.name" .) .Values.controller.config.name -}}
{{- end -}}
{{/*
Expand leader election lock name.
*/}}
{{- define "nginx-ingress.leaderElectionName" -}}
{{- if .Values.controller.reportIngressStatus.leaderElectionLockName -}}
{{ .Values.controller.reportIngressStatus.leaderElectionLockName }}
{{- else -}}
{{- printf "%s-%s" (include "nginx-ingress.name" .) "leader-election" -}}
{{- end -}}
{{- end -}}
{{/*
Expand service account name.
*/}}
{{- define "nginx-ingress.serviceAccountName" -}}
{{- default (include "nginx-ingress.name" .) .Values.controller.serviceAccount.name -}}
{{- end -}}
{{/*
Expand service name.
*/}}
{{- define "nginx-ingress.serviceName" -}}
{{- default (include "nginx-ingress.name" .) .Values.controller.service.name }}
{{- end -}}
{{/*
Expand default TLS name.
*/}}
{{- define "nginx-ingress.defaultTLSName" -}}
{{- printf "%s-%s" (include "nginx-ingress.name" .) "default-server-tls" -}}
{{- end -}}
{{/*
Expand wildcard TLS name.
*/}}
{{- define "nginx-ingress.wildcardTLSName" -}}
{{- printf "%s-%s" (include "nginx-ingress.name" .) "wildcard-tls" -}}
{{- end -}}
{{/*
Expand app name.
*/}}
{{- define "nginx-ingress.appName" -}}
{{- default (include "nginx-ingress.name" .) .Values.controller.name -}}
{{- end -}}

15
charts/nginx-ingress/nginx-ingress/0.12.0/templates/controller-configmap.yaml Normal file
View File

@ -0,0 +1,15 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "nginx-ingress.configName" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "nginx-ingress.labels" . | nindent 4 }}
{{- if .Values.controller.config.annotations }}
annotations:
{{ toYaml .Values.controller.config.annotations | indent 4 }}
{{- end }}
data:
{{- if .Values.controller.config.entries }}
{{ toYaml .Values.controller.config.entries | indent 2 }}
{{- end }}

169
charts/nginx-ingress/nginx-ingress/0.12.0/templates/controller-daemonset.yaml Normal file
View File

@ -0,0 +1,169 @@
{{- if eq .Values.controller.kind "daemonset" }}
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: {{ default (include "nginx-ingress.name" .) .Values.controller.name }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "nginx-ingress.labels" . | nindent 4 }}
spec:
selector:
matchLabels:
app: {{ include "nginx-ingress.appName" . }}
template:
metadata:
labels:
app: {{ include "nginx-ingress.appName" . }}
{{- if .Values.controller.pod.extraLabels }}
{{ toYaml .Values.controller.pod.extraLabels | indent 8 }}
{{- end }}
{{- if or (.Values.prometheus.create) (.Values.controller.pod.annotations) }}
annotations:
{{- if .Values.prometheus.create }}
prometheus.io/scrape: "true"
prometheus.io/port: "{{ .Values.prometheus.port }}"
prometheus.io/scheme: "{{ .Values.prometheus.scheme }}"
{{- end }}
{{- if .Values.controller.pod.annotations }}
{{ toYaml .Values.controller.pod.annotations | indent 8 }}
{{- end }}
{{- end }}
spec:
serviceAccountName: {{ include "nginx-ingress.serviceAccountName" . }}
terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }}
{{- if .Values.controller.nodeSelector }}
nodeSelector:
{{ toYaml .Values.controller.nodeSelector | indent 8 }}
{{- end }}
{{- if .Values.controller.tolerations }}
tolerations:
{{ toYaml .Values.controller.tolerations | indent 6 }}
{{- end }}
{{- if .Values.controller.affinity }}
affinity:
{{ toYaml .Values.controller.affinity | indent 8 }}
{{- end }}
{{- if .Values.controller.volumes }}
volumes:
{{ toYaml .Values.controller.volumes | indent 6 }}
{{- end }}
{{- if .Values.controller.priorityClassName }}
priorityClassName: {{ .Values.controller.priorityClassName }}
{{- end }}
hostNetwork: {{ .Values.controller.hostNetwork }}
containers:
- name: {{ include "nginx-ingress.name" . }}
image: "{{ .Values.controller.image.repository }}:{{ .Values.controller.image.tag }}"
imagePullPolicy: "{{ .Values.controller.image.pullPolicy }}"
ports:
- name: http
containerPort: 80
hostPort: 80
- name: https
containerPort: 443
hostPort: 443
{{ if .Values.controller.customPorts }}
{{ toYaml .Values.controller.customPorts | indent 8 }}
{{ end }}
{{- if .Values.prometheus.create }}
- name: prometheus
containerPort: {{ .Values.prometheus.port }}
{{- end }}
{{- if .Values.controller.readyStatus.enable }}
- name: readiness-port
containerPort: {{ .Values.controller.readyStatus.port}}
readinessProbe:
httpGet:
path: /nginx-ready
port: readiness-port
periodSeconds: 1
{{- end }}
securityContext:
allowPrivilegeEscalation: true
runAsUser: 101 #nginx
capabilities:
drop:
- ALL
add:
- NET_BIND_SERVICE
{{- if .Values.controller.volumeMounts }}
volumeMounts:
{{ toYaml .Values.controller.volumeMounts | indent 8 }}
{{- end }}
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
resources:
{{ toYaml .Values.controller.resources | indent 10 }}
args:
- -nginx-plus={{ .Values.controller.nginxplus }}
- -nginx-reload-timeout={{ .Values.controller.nginxReloadTimeout }}
- -enable-app-protect={{ .Values.controller.appprotect.enable }}
- -enable-app-protect-dos={{ .Values.controller.appprotectdos.enable }}
{{- if .Values.controller.appprotectdos.enable }}
- -app-protect-dos-debug={{ .Values.controller.appprotectdos.debug }}
- -app-protect-dos-max-daemons={{ .Values.controller.appprotectdos.maxWorkers }}
- -app-protect-dos-max-workers={{ .Values.controller.appprotectdos.maxDaemons }}
- -app-protect-dos-memory={{ .Values.controller.appprotectdos.memory }}
{{ end }}
- -nginx-configmaps=$(POD_NAMESPACE)/{{ include "nginx-ingress.configName" . }}
{{- if .Values.controller.defaultTLS.secret }}
- -default-server-tls-secret={{ .Values.controller.defaultTLS.secret }}
{{ else }}
- -default-server-tls-secret=$(POD_NAMESPACE)/{{ include "nginx-ingress.defaultTLSName" . }}
{{- end }}
- -ingress-class={{ .Values.controller.ingressClass }}
{{- if .Values.controller.watchNamespace }}
- -watch-namespace={{ .Values.controller.watchNamespace }}
{{- end }}
- -health-status={{ .Values.controller.healthStatus }}
- -health-status-uri={{ .Values.controller.healthStatusURI }}
- -nginx-debug={{ .Values.controller.nginxDebug }}
- -v={{ .Values.controller.logLevel }}
- -nginx-status={{ .Values.controller.nginxStatus.enable }}
{{- if .Values.controller.nginxStatus.enable }}
- -nginx-status-port={{ .Values.controller.nginxStatus.port }}
- -nginx-status-allow-cidrs={{ .Values.controller.nginxStatus.allowCidrs }}
{{- end }}
{{- if .Values.controller.reportIngressStatus.enable }}
- -report-ingress-status
{{- if .Values.controller.reportIngressStatus.ingressLink }}
- -ingresslink={{ .Values.controller.reportIngressStatus.ingressLink }}
{{- else if .Values.controller.reportIngressStatus.externalService }}
- -external-service={{ .Values.controller.reportIngressStatus.externalService }}
{{- else if and (.Values.controller.service.create) (eq .Values.controller.service.type "LoadBalancer") }}
- -external-service={{ include "nginx-ingress.serviceName" . }}
{{- end }}
- -enable-leader-election={{ .Values.controller.reportIngressStatus.enableLeaderElection }}
- -leader-election-lock-name={{ include "nginx-ingress.leaderElectionName" . }}
{{- end }}
{{- if .Values.controller.wildcardTLS.secret }}
- -wildcard-tls-secret={{ .Values.controller.wildcardTLS.secret }}
{{- else if and .Values.controller.wildcardTLS.cert .Values.controller.wildcardTLS.key }}
- -wildcard-tls-secret=$(POD_NAMESPACE)/{{ include "nginx-ingress.wildcardTLSName" . }}
{{- end }}
- -enable-prometheus-metrics={{ .Values.prometheus.create }}
- -prometheus-metrics-listen-port={{ .Values.prometheus.port }}
- -prometheus-tls-secret={{ .Values.prometheus.secret }}
- -enable-custom-resources={{ .Values.controller.enableCustomResources }}
- -enable-snippets={{ .Values.controller.enableSnippets }}
{{- if .Values.controller.enableCustomResources }}
- -enable-tls-passthrough={{ .Values.controller.enableTLSPassthrough }}
- -enable-preview-policies={{ .Values.controller.enablePreviewPolicies }}
{{- if .Values.controller.globalConfiguration.create }}
- -global-configuration=$(POD_NAMESPACE)/{{ include "nginx-ingress.name" . }}
{{- end }}
{{- end }}
- -ready-status={{ .Values.controller.readyStatus.enable }}
- -ready-status-port={{ .Values.controller.readyStatus.port }}
- -enable-latency-metrics={{ .Values.controller.enableLatencyMetrics }}
{{- if .Values.controller.initContainers }}
initContainers: {{ toYaml .Values.controller.initContainers | nindent 8 }}
{{- end }}
{{- end }}

167
charts/nginx-ingress/nginx-ingress/0.12.0/templates/controller-deployment.yaml Normal file
View File

@ -0,0 +1,167 @@
{{- if eq .Values.controller.kind "deployment" }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ default (include "nginx-ingress.name" .) .Values.controller.name }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "nginx-ingress.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.controller.replicaCount }}
selector:
matchLabels:
app: {{ include "nginx-ingress.appName" . }}
template:
metadata:
labels:
app: {{ include "nginx-ingress.appName" . }}
{{- if .Values.controller.pod.extraLabels }}
{{ toYaml .Values.controller.pod.extraLabels | indent 8 }}
{{- end }}
{{- if or (.Values.prometheus.create) (.Values.controller.pod.annotations) }}
annotations:
{{- if .Values.prometheus.create }}
prometheus.io/scrape: "true"
prometheus.io/port: "{{ .Values.prometheus.port }}"
prometheus.io/scheme: "{{ .Values.prometheus.scheme }}"
{{- end }}
{{- if .Values.controller.pod.annotations }}
{{ toYaml .Values.controller.pod.annotations | indent 8 }}
{{- end }}
{{- end }}
spec:
{{- if .Values.controller.nodeSelector }}
nodeSelector:
{{ toYaml .Values.controller.nodeSelector | indent 8 }}
{{- end }}
{{- if .Values.controller.tolerations }}
tolerations:
{{ toYaml .Values.controller.tolerations | indent 6 }}
{{- end }}
{{- if .Values.controller.affinity }}
affinity:
{{ toYaml .Values.controller.affinity | indent 8 }}
{{- end }}
{{- if .Values.controller.volumes }}
volumes:
{{ toYaml .Values.controller.volumes | indent 6 }}
{{- end }}
{{- if .Values.controller.priorityClassName }}
priorityClassName: {{ .Values.controller.priorityClassName }}
{{- end }}
serviceAccountName: {{ include "nginx-ingress.serviceAccountName" . }}
hostNetwork: {{ .Values.controller.hostNetwork }}
containers:
- image: "{{ .Values.controller.image.repository }}:{{ .Values.controller.image.tag }}"
name: {{ include "nginx-ingress.name" . }}
imagePullPolicy: "{{ .Values.controller.image.pullPolicy }}"
ports:
- name: http
containerPort: 80
- name: https
containerPort: 443
{{ if .Values.controller.customPorts }}
{{ toYaml .Values.controller.customPorts | indent 8 }}
{{ end }}
{{- if .Values.prometheus.create }}
- name: prometheus
containerPort: {{ .Values.prometheus.port }}
{{- end }}
{{- if .Values.controller.readyStatus.enable }}
- name: readiness-port
containerPort: {{ .Values.controller.readyStatus.port}}
readinessProbe:
httpGet:
path: /nginx-ready
port: readiness-port
periodSeconds: 1
{{- end }}
resources:
{{ toYaml .Values.controller.resources | indent 10 }}
securityContext:
allowPrivilegeEscalation: true
runAsUser: 101 #nginx
capabilities:
drop:
- ALL
add:
- NET_BIND_SERVICE
{{- if .Values.controller.volumeMounts }}
volumeMounts:
{{ toYaml .Values.controller.volumeMounts | indent 8 }}
{{- end }}
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
args:
- -nginx-plus={{ .Values.controller.nginxplus }}
- -nginx-reload-timeout={{ .Values.controller.nginxReloadTimeout }}
- -enable-app-protect={{ .Values.controller.appprotect.enable }}
- -enable-app-protect-dos={{ .Values.controller.appprotectdos.enable }}
{{- if .Values.controller.appprotectdos.enable }}
- -app-protect-dos-debug={{ .Values.controller.appprotectdos.debug }}
- -app-protect-dos-max-daemons={{ .Values.controller.appprotectdos.maxWorkers }}
- -app-protect-dos-max-workers={{ .Values.controller.appprotectdos.maxDaemons }}
- -app-protect-dos-memory={{ .Values.controller.appprotectdos.memory }}
{{ end }}
- -nginx-configmaps=$(POD_NAMESPACE)/{{ include "nginx-ingress.configName" . }}
{{- if .Values.controller.defaultTLS.secret }}
- -default-server-tls-secret={{ .Values.controller.defaultTLS.secret }}
{{ else }}
- -default-server-tls-secret=$(POD_NAMESPACE)/{{ include "nginx-ingress.defaultTLSName" . }}
{{- end }}
- -ingress-class={{ .Values.controller.ingressClass }}
{{- if .Values.controller.watchNamespace }}
- -watch-namespace={{ .Values.controller.watchNamespace }}
{{- end }}
- -health-status={{ .Values.controller.healthStatus }}
- -health-status-uri={{ .Values.controller.healthStatusURI }}
- -nginx-debug={{ .Values.controller.nginxDebug }}
- -v={{ .Values.controller.logLevel }}
- -nginx-status={{ .Values.controller.nginxStatus.enable }}
{{- if .Values.controller.nginxStatus.enable }}
- -nginx-status-port={{ .Values.controller.nginxStatus.port }}
- -nginx-status-allow-cidrs={{ .Values.controller.nginxStatus.allowCidrs }}
{{- end }}
{{- if .Values.controller.reportIngressStatus.enable }}
- -report-ingress-status
{{- if .Values.controller.reportIngressStatus.ingressLink }}
- -ingresslink={{ .Values.controller.reportIngressStatus.ingressLink }}
{{- else if .Values.controller.reportIngressStatus.externalService }}
- -external-service={{ .Values.controller.reportIngressStatus.externalService }}
{{- else if and (.Values.controller.service.create) (eq .Values.controller.service.type "LoadBalancer") }}
- -external-service={{ include "nginx-ingress.serviceName" . }}
{{- end }}
- -enable-leader-election={{ .Values.controller.reportIngressStatus.enableLeaderElection }}
- -leader-election-lock-name={{ include "nginx-ingress.leaderElectionName" . }}
{{- end }}
{{- if .Values.controller.wildcardTLS.secret }}
- -wildcard-tls-secret={{ .Values.controller.wildcardTLS.secret }}
{{- else if and .Values.controller.wildcardTLS.cert .Values.controller.wildcardTLS.key }}
- -wildcard-tls-secret=$(POD_NAMESPACE)/{{ include "nginx-ingress.wildcardTLSName" . }}
{{- end }}
- -enable-prometheus-metrics={{ .Values.prometheus.create }}
- -prometheus-metrics-listen-port={{ .Values.prometheus.port }}
- -prometheus-tls-secret={{ .Values.prometheus.secret }}
- -enable-custom-resources={{ .Values.controller.enableCustomResources }}
- -enable-snippets={{ .Values.controller.enableSnippets }}
{{- if .Values.controller.enableCustomResources }}
- -enable-tls-passthrough={{ .Values.controller.enableTLSPassthrough }}
- -enable-preview-policies={{ .Values.controller.enablePreviewPolicies }}
{{- if .Values.controller.globalConfiguration.create }}
- -global-configuration=$(POD_NAMESPACE)/{{ include "nginx-ingress.name" . }}
{{- end }}
{{- end }}
- -ready-status={{ .Values.controller.readyStatus.enable }}
- -ready-status-port={{ .Values.controller.readyStatus.port }}
- -enable-latency-metrics={{ .Values.controller.enableLatencyMetrics }}
{{- if .Values.controller.initContainers }}
initContainers: {{ toYaml .Values.controller.initContainers | nindent 8 }}
{{- end }}
{{- end }}

11
charts/nginx-ingress/nginx-ingress/0.12.0/templates/controller-globalconfiguration.yaml Normal file
View File

@ -0,0 +1,11 @@
{{ if .Values.controller.globalConfiguration.create }}
apiVersion: k8s.nginx.org/v1alpha1
kind: GlobalConfiguration
metadata:
name: {{ include "nginx-ingress.name" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "nginx-ingress.labels" . | nindent 4 }}
spec:
{{ toYaml .Values.controller.globalConfiguration.spec | indent 2 }}
{{- end }}

10
charts/nginx-ingress/nginx-ingress/0.12.0/templates/controller-ingress-class.yaml Normal file
View File

@ -0,0 +1,10 @@
apiVersion: networking.k8s.io/v1
kind: IngressClass
metadata:
name: {{ .Values.controller.ingressClass }}
{{- if .Values.controller.setAsDefaultIngress }}
annotations:
ingressclass.kubernetes.io/is-default-class: "true"
{{- end }}
spec:
controller: nginx.org/ingress-controller

11
charts/nginx-ingress/nginx-ingress/0.12.0/templates/controller-leader-election-configmap.yaml Normal file
View File

@ -0,0 +1,11 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "nginx-ingress.leaderElectionName" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "nginx-ingress.labels" . | nindent 4 }}
{{- if .Values.controller.reportIngressStatus.annotations }}
annotations:
{{ toYaml .Values.controller.reportIngressStatus.annotations | indent 4 }}
{{- end }}

13
charts/nginx-ingress/nginx-ingress/0.12.0/templates/controller-secret.yaml Normal file
View File

@ -0,0 +1,13 @@
{{ if not .Values.controller.defaultTLS.secret }}
apiVersion: v1
kind: Secret
metadata:
name: {{ include "nginx-ingress.defaultTLSName" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "nginx-ingress.labels" . | nindent 4 }}
type: kubernetes.io/tls
data:
tls.crt: {{ .Values.controller.defaultTLS.cert }}
tls.key: {{ .Values.controller.defaultTLS.key }}
{{- end }}

60
charts/nginx-ingress/nginx-ingress/0.12.0/templates/controller-service.yaml Normal file
View File

@ -0,0 +1,60 @@
{{- if .Values.controller.service.create }}
apiVersion: v1
kind: Service
metadata:
name: {{ include "nginx-ingress.serviceName" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "nginx-ingress.labels" . | nindent 4 }}
{{- if .Values.controller.service.extraLabels }}
{{ toYaml .Values.controller.service.extraLabels | indent 4 }}
{{- end }}
{{- if .Values.controller.service.annotations }}
annotations:
{{ toYaml .Values.controller.service.annotations | indent 4 }}
{{- end }}
spec:
{{- if or (eq .Values.controller.service.type "LoadBalancer") (eq .Values.controller.service.type "NodePort") }}
{{- if .Values.controller.service.externalTrafficPolicy }}
externalTrafficPolicy: {{ .Values.controller.service.externalTrafficPolicy }}
{{- end }}
{{- end }}
{{- if eq .Values.controller.service.type "LoadBalancer" }}
{{- if .Values.controller.service.loadBalancerIP }}
loadBalancerIP: {{ .Values.controller.service.loadBalancerIP }}
{{- end }}
{{- if .Values.controller.service.loadBalancerSourceRanges }}
loadBalancerSourceRanges:
{{ toYaml .Values.controller.service.loadBalancerSourceRanges | indent 4 }}
{{- end }}
{{- end }}
type: {{ .Values.controller.service.type }}
ports:
{{- if .Values.controller.service.customPorts }}
{{ toYaml .Values.controller.service.customPorts | indent 2 }}
{{ end }}
{{- if .Values.controller.service.httpPort.enable }}
- port: {{ .Values.controller.service.httpPort.port }}
targetPort: {{ .Values.controller.service.httpPort.targetPort }}
protocol: TCP
name: http
{{- if eq .Values.controller.service.type "NodePort" }}
nodePort: {{ .Values.controller.service.httpPort.nodePort }}
{{- end }}
{{- end }}
{{- if .Values.controller.service.httpsPort.enable }}
- port: {{ .Values.controller.service.httpsPort.port }}
targetPort: {{ .Values.controller.service.httpsPort.targetPort }}
protocol: TCP
name: https
{{- if eq .Values.controller.service.type "NodePort" }}
nodePort: {{ .Values.controller.service.httpsPort.nodePort }}
{{- end }}
{{- end }}
selector:
app: {{ include "nginx-ingress.appName" . }}
{{- if .Values.controller.service.externalIPs }}
externalIPs:
{{ toYaml .Values.controller.service.externalIPs | indent 4 }}
{{- end }}
{{- end }}

13
charts/nginx-ingress/nginx-ingress/0.12.0/templates/controller-serviceaccount.yaml Normal file
View File

@ -0,0 +1,13 @@
{{- if .Values.rbac.create }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "nginx-ingress.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "nginx-ingress.labels" . | nindent 4 }}
{{- if .Values.controller.serviceAccount.imagePullSecretName }}
imagePullSecrets:
- name: {{ .Values.controller.serviceAccount.imagePullSecretName }}
{{- end }}
{{- end }}

13
charts/nginx-ingress/nginx-ingress/0.12.0/templates/controller-wildcard-secret.yaml Normal file
View File

@ -0,0 +1,13 @@
{{ if and (not .Values.controller.wildcardTLS.secret) (and .Values.controller.wildcardTLS.cert .Values.controller.wildcardTLS.key) }}
apiVersion: v1
kind: Secret
metadata:
name: {{ include "nginx-ingress.wildcardTLSName" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "nginx-ingress.labels" . | nindent 4 }}
type: kubernetes.io/tls
data:
tls.crt: {{ .Values.controller.wildcardTLS.cert }}
tls.key: {{ .Values.controller.wildcardTLS.key }}
{{- end }}

147
charts/nginx-ingress/nginx-ingress/0.12.0/templates/rbac.yaml Normal file
View File

@ -0,0 +1,147 @@
{{- if .Values.rbac.create }}
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "nginx-ingress.name" . }}
labels:
{{- include "nginx-ingress.labels" . | nindent 4 }}
rules:
{{- if .Values.controller.appprotect.enable }}
- apiGroups:
- appprotect.f5.com
resources:
- appolicies
- aplogconfs
- apusersigs
verbs:
- get
- watch
- list
{{- end }}
{{- if .Values.controller.appprotectdos.enable }}
- apiGroups:
- appprotectdos.f5.com
resources:
- apdospolicies
- apdoslogconfs
- dosprotectedresources
verbs:
- get
- watch
- list
{{- end }}
- apiGroups:
- ""
resources:
- services
- endpoints
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
{{- if .Values.controller.reportIngressStatus.enableLeaderElection }}
- update
- create
{{- end }}
- apiGroups:
- ""
resources:
- pods
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- list
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- networking.k8s.io
resources:
- ingressclasses
verbs:
- get
{{- if .Values.controller.reportIngressStatus.enable }}
- apiGroups:
- networking.k8s.io
resources:
- ingresses/status
verbs:
- update
{{- end }}
{{- if .Values.controller.enableCustomResources }}
- apiGroups:
- k8s.nginx.org
resources:
- virtualservers
- virtualserverroutes
- globalconfigurations
- transportservers
- policies
verbs:
- list
- watch
- get
- apiGroups:
- k8s.nginx.org
resources:
- virtualservers/status
- virtualserverroutes/status
- policies/status
- transportservers/status
verbs:
- update
{{- end }}
{{- if .Values.controller.reportIngressStatus.ingressLink }}
- apiGroups:
- cis.f5.com
resources:
- ingresslinks
verbs:
- list
- watch
- get
{{- end }}
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "nginx-ingress.name" . }}
labels:
{{- include "nginx-ingress.labels" . | nindent 4 }}
subjects:
- kind: ServiceAccount
name: {{ include "nginx-ingress.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
roleRef:
kind: ClusterRole
name: {{ include "nginx-ingress.name" . }}
apiGroup: rbac.authorization.k8s.io
{{- end }}

16
charts/nginx-ingress/nginx-ingress/0.12.0/values-icp.yaml Normal file
View File

@ -0,0 +1,16 @@
controller:
kind: daemonset
nginxplus: true
image:
repository: mycluster.icp:8500/kube-system/nginx-plus-ingress
tag: "2.1.0"
nodeSelector:
beta.kubernetes.io/arch: "amd64"
proxy: true
terminationGracePeriodSeconds: 60
tolerations:
- key: "dedicated"
operator: "Exists"
effect: "NoSchedule"
- key: "CriticalAddonsOnly"
operator: "Exists"

5
charts/nginx-ingress/nginx-ingress/0.12.0/values-plus.yaml Normal file
View File

@ -0,0 +1,5 @@
controller:
nginxplus: true
image:
repository: nginx-plus-ingress
tag: "2.1.0"

327
charts/nginx-ingress/nginx-ingress/0.12.0/values.yaml Normal file
View File

@ -0,0 +1,327 @@
controller:
## The name of the Ingress controller daemonset or deployment.
## Autogenerated if not set or set to "".
# name: nginx-ingress
## The kind of the Ingress controller installation - deployment or daemonset.
kind: deployment
## Deploys the Ingress controller for NGINX Plus.
nginxplus: false
# Timeout in milliseconds which the Ingress Controller will wait for a successful NGINX reload after a change or at the initial start.
nginxReloadTimeout: 60000
## Support for App Protect
appprotect:
## Enable the App Protect module in the Ingress Controller.
enable: false
## Support for App Protect Dos
appprotectdos:
## Enable the App Protect Dos module in the Ingress Controller.
enable: false
## Enable debugging for App Protect Dos.
debug: false
## Max number of nginx processes to support.
maxWorkers: 0
## Max number of ADMD instances.
maxDaemons: 0
## RAM memory size to consume in MB.
memory: 0
## Enables the Ingress controller pods to use the host's network namespace.
hostNetwork: false
## Enables debugging for NGINX. Uses the nginx-debug binary. Requires error-log-level: debug in the ConfigMap via `controller.config.entries`.
nginxDebug: false
## The log level of the Ingress Controller.
logLevel: 1
## A list of custom ports to expose on the NGINX ingress controller pod. Follows the conventional Kubernetes yaml syntax for container ports.
customPorts: []
image:
## The image repository of the Ingress controller.
repository: nginx/nginx-ingress
## The tag of the Ingress controller image.
tag: "2.1.0"
## The pull policy for the Ingress controller image.
pullPolicy: IfNotPresent
config:
## The name of the ConfigMap used by the Ingress controller.
## Autogenerated if not set or set to "".
# name: nginx-config
## The annotations of the Ingress Controller configmap.
annotations: {}
## The entries of the ConfigMap for customizing NGINX configuration.
entries: {}
## It is recommended to use your own TLS certificates and keys
defaultTLS:
## The base64-encoded TLS certificate for the default HTTPS server. If not specified, a pre-generated self-signed certificate is used.
## Note: It is recommended that you specify your own certificate.
cert: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUN2akNDQWFZQ0NRREFPRjl0THNhWFhEQU5CZ2txaGtpRzl3MEJBUXNGQURBaE1SOHdIUVlEVlFRRERCWk8KUjBsT1dFbHVaM0psYzNORGIyNTBjbTlzYkdWeU1CNFhEVEU0TURreE1qRTRNRE16TlZvWERUSXpNRGt4TVRFNApNRE16TlZvd0lURWZNQjBHQTFVRUF3d1dUa2RKVGxoSmJtZHlaWE56UTI5dWRISnZiR3hsY2pDQ0FTSXdEUVlKCktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQUwvN2hIUEtFWGRMdjNyaUM3QlBrMTNpWkt5eTlyQ08KR2xZUXYyK2EzUDF0azIrS3YwVGF5aGRCbDRrcnNUcTZzZm8vWUk1Y2Vhbkw4WGM3U1pyQkVRYm9EN2REbWs1Qgo4eDZLS2xHWU5IWlg0Rm5UZ0VPaStlM2ptTFFxRlBSY1kzVnNPazFFeUZBL0JnWlJVbkNHZUtGeERSN0tQdGhyCmtqSXVuektURXUyaDU4Tlp0S21ScUJHdDEwcTNRYzhZT3ExM2FnbmovUWRjc0ZYYTJnMjB1K1lYZDdoZ3krZksKWk4vVUkxQUQ0YzZyM1lma1ZWUmVHd1lxQVp1WXN2V0RKbW1GNWRwdEMzN011cDBPRUxVTExSakZJOTZXNXIwSAo1TmdPc25NWFJNV1hYVlpiNWRxT3R0SmRtS3FhZ25TZ1JQQVpQN2MwQjFQU2FqYzZjNGZRVXpNQ0F3RUFBVEFOCkJna3Foa2lHOXcwQkFRc0ZBQU9DQVFFQWpLb2tRdGRPcEsrTzhibWVPc3lySmdJSXJycVFVY2ZOUitjb0hZVUoKdGhrYnhITFMzR3VBTWI5dm15VExPY2xxeC9aYzJPblEwMEJCLzlTb0swcitFZ1U2UlVrRWtWcitTTFA3NTdUWgozZWI4dmdPdEduMS9ienM3bzNBaS9kclkrcUI5Q2k1S3lPc3FHTG1US2xFaUtOYkcyR1ZyTWxjS0ZYQU80YTY3Cklnc1hzYktNbTQwV1U3cG9mcGltU1ZmaXFSdkV5YmN3N0NYODF6cFErUyt1eHRYK2VBZ3V0NHh3VlI5d2IyVXYKelhuZk9HbWhWNThDd1dIQnNKa0kxNXhaa2VUWXdSN0diaEFMSkZUUkk3dkhvQXprTWIzbjAxQjQyWjNrN3RXNQpJUDFmTlpIOFUvOWxiUHNoT21FRFZkdjF5ZytVRVJxbStGSis2R0oxeFJGcGZnPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
## The base64-encoded TLS key for the default HTTPS server. Note: If not specified, a pre-generated key is used.
## Note: It is recommended that you specify your own key.
key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBdi91RWM4b1JkMHUvZXVJTHNFK1RYZUprckxMMnNJNGFWaEMvYjVyYy9XMlRiNHEvClJOcktGMEdYaVN1eE9ycXgrajlnamx4NXFjdnhkenRKbXNFUkJ1Z1B0ME9hVGtIekhvb3FVWmcwZGxmZ1dkT0EKUTZMNTdlT1l0Q29VOUZ4amRXdzZUVVRJVUQ4R0JsRlNjSVo0b1hFTkhzbysyR3VTTWk2Zk1wTVM3YUhudzFtMApxWkdvRWEzWFNyZEJ6eGc2clhkcUNlUDlCMXl3VmRyYURiUzc1aGQzdUdETDU4cGszOVFqVUFQaHpxdmRoK1JWClZGNGJCaW9CbTVpeTlZTW1hWVhsMm0wTGZzeTZuUTRRdFFzdEdNVWozcGJtdlFmazJBNnljeGRFeFpkZFZsdmwKMm82MjBsMllxcHFDZEtCRThCay90elFIVTlKcU56cHpoOUJUTXdJREFRQUJBb0lCQVFDZklHbXowOHhRVmorNwpLZnZJUXQwQ0YzR2MxNld6eDhVNml4MHg4Mm15d1kxUUNlL3BzWE9LZlRxT1h1SENyUlp5TnUvZ2IvUUQ4bUFOCmxOMjRZTWl0TWRJODg5TEZoTkp3QU5OODJDeTczckM5bzVvUDlkazAvYzRIbjAzSkVYNzZ5QjgzQm9rR1FvYksKMjhMNk0rdHUzUmFqNjd6Vmc2d2szaEhrU0pXSzBwV1YrSjdrUkRWYmhDYUZhNk5nMUZNRWxhTlozVDhhUUtyQgpDUDNDeEFTdjYxWTk5TEI4KzNXWVFIK3NYaTVGM01pYVNBZ1BkQUk3WEh1dXFET1lvMU5PL0JoSGt1aVg2QnRtCnorNTZud2pZMy8yUytSRmNBc3JMTnIwMDJZZi9oY0IraVlDNzVWYmcydVd6WTY3TWdOTGQ5VW9RU3BDRkYrVm4KM0cyUnhybnhBb0dCQU40U3M0ZVlPU2huMVpQQjdhTUZsY0k2RHR2S2ErTGZTTXFyY2pOZjJlSEpZNnhubmxKdgpGenpGL2RiVWVTbWxSekR0WkdlcXZXaHFISy9iTjIyeWJhOU1WMDlRQ0JFTk5jNmtWajJTVHpUWkJVbEx4QzYrCk93Z0wyZHhKendWelU0VC84ajdHalRUN05BZVpFS2FvRHFyRG5BYWkyaW5oZU1JVWZHRXFGKzJyQW9HQkFOMVAKK0tZL0lsS3RWRzRKSklQNzBjUis3RmpyeXJpY05iWCtQVzUvOXFHaWxnY2grZ3l4b25BWlBpd2NpeDN3QVpGdwpaZC96ZFB2aTBkWEppc1BSZjRMazg5b2pCUmpiRmRmc2l5UmJYbyt3TFU4NUhRU2NGMnN5aUFPaTVBRHdVU0FkCm45YWFweUNweEFkREtERHdObit3ZFhtaTZ0OHRpSFRkK3RoVDhkaVpBb0dCQUt6Wis1bG9OOTBtYlF4VVh5YUwKMjFSUm9tMGJjcndsTmVCaWNFSmlzaEhYa2xpSVVxZ3hSZklNM2hhUVRUcklKZENFaHFsV01aV0xPb2I2NTNyZgo3aFlMSXM1ZUtka3o0aFRVdnpldm9TMHVXcm9CV2xOVHlGanIrSWhKZnZUc0hpOGdsU3FkbXgySkJhZUFVWUNXCndNdlQ4NmNLclNyNkQrZG8wS05FZzFsL0FvR0FlMkFVdHVFbFNqLzBmRzgrV3hHc1RFV1JqclRNUzRSUjhRWXQKeXdjdFA4aDZxTGxKUTRCWGxQU05rMXZLTmtOUkxIb2pZT2pCQTViYjhibXNVU1BlV09NNENoaFJ4QnlHbmR2eAphYkJDRkFwY0IvbEg4d1R0alVZYlN5T294ZGt5OEp0ek90ajJhS0FiZHd6NlArWDZDODhjZmxYVFo5MWpYL3RMCjF3TmRKS2tDZ1lCbyt0UzB5TzJ2SWFmK2UwSkN5TGhzVDQ5cTN3Zis2QWVqWGx2WDJ1VnRYejN5QTZnbXo5aCsKcDNlK2JMRUxwb3B0WFhNdUFRR0xhUkcrYlNNcjR5dERYbE5ZSndUeThXczNKY3dlSTdqZVp2b0ZpbmNvVlVIMwphdmxoTUVCRGYxSjltSDB5cDBwWUNaS2ROdHNvZEZtQktzVEtQMjJhTmtsVVhCS3gyZzR6cFE9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
## The secret with a TLS certificate and key for the default HTTPS server.
## The value must follow the following format: `<namespace>/<name>`.
## Used as an alternative to specifying a certificate and key using `controller.defaultTLS.cert` and `controller.defaultTLS.key` parameters.
## Format: <namespace>/<secret_name>
secret:
wildcardTLS:
## The base64-encoded TLS certificate for every Ingress/VirtualServer host that has TLS enabled but no secret specified.
## If the parameter is not set, for such Ingress/VirtualServer hosts NGINX will break any attempt to establish a TLS connection.
cert: ""
## The base64-encoded TLS key for every Ingress/VirtualServer host that has TLS enabled but no secret specified.
## If the parameter is not set, for such Ingress/VirtualServer hosts NGINX will break any attempt to establish a TLS connection.
key: ""
## The secret with a TLS certificate and key for every Ingress/VirtualServer host that has TLS enabled but no secret specified.
## The value must follow the following format: `<namespace>/<name>`.
## Used as an alternative to specifying a certificate and key using `controller.wildcardTLS.cert` and `controller.wildcardTLS.key` parameters.
## Format: <namespace>/<secret_name>
secret:
## The node selector for pod assignment for the Ingress controller pods.
nodeSelector: {}
## The termination grace period of the Ingress controller pod.
terminationGracePeriodSeconds: 30
## The resources of the Ingress controller pods.
resources: {}
# limits:
# cpu: 100m
# memory: 64Mi
# requests:
# cpu: 100m
# memory: 64Mi
## The tolerations of the Ingress controller pods.
tolerations: []
## The affinity of the Ingress controller pods.
affinity: {}
## The volumes of the Ingress controller pods.
volumes: []
# - name: extra-conf
# configMap:
# name: extra-conf
## The volumeMounts of the Ingress controller pods.
volumeMounts: []
# - name: extra-conf
# mountPath: /etc/nginx/conf.d/extra.conf
# subPath: extra.conf
## InitContainers for the Ingress controller pods.
initContainers: []
# - name: init-container
# image: busybox:1.34
# command: ['sh', '-c', 'echo this is initial setup!']
## The number of replicas of the Ingress controller deployment.
replicaCount: 1
## A class of the Ingress controller.
## IngressClass resource with the name equal to the class must be deployed. Otherwise,
## the Ingress Controller will fail to start.
## The Ingress controller only processes resources that belong to its class - i.e. have the "ingressClassName" field resource equal to the class.
## The Ingress Controller processes all the resources that do not have the "ingressClassName" field for all versions of kubernetes.
ingressClass: nginx
## New Ingresses without an ingressClassName field specified will be assigned the class specified in `controller.ingressClass`.
setAsDefaultIngress: false
## Namespace to watch for Ingress resources. By default the Ingress controller watches all namespaces.
watchNamespace: ""
## Enable the custom resources.
enableCustomResources: true
## Enable preview policies.
enablePreviewPolicies: false
## Enable TLS Passthrough on port 443. Requires controller.enableCustomResources.
enableTLSPassthrough: false
globalConfiguration:
## Creates the GlobalConfiguration custom resource. Requires controller.enableCustomResources.
create: false
## The spec of the GlobalConfiguration for defining the global configuration parameters of the Ingress Controller.
spec: {}
# listeners:
# - name: dns-udp
# port: 5353
# protocol: UDP
# - name: dns-tcp
# port: 5353
# protocol: TCP
## Enable custom NGINX configuration snippets in Ingress, VirtualServer, VirtualServerRoute and TransportServer resources.
enableSnippets: false
## Add a location based on the value of health-status-uri to the default server. The location responds with the 200 status code for any request.
## Useful for external health-checking of the Ingress controller.
healthStatus: false
## Sets the URI of health status location in the default server. Requires controller.healthStatus.
healthStatusURI: "/nginx-health"
nginxStatus:
## Enable the NGINX stub_status, or the NGINX Plus API.
enable: true
## Set the port where the NGINX stub_status or the NGINX Plus API is exposed.
port: 8080
## Add IPv4 IP/CIDR blocks to the allow list for NGINX stub_status or the NGINX Plus API. Separate multiple IP/CIDR by commas.
allowCidrs: "127.0.0.1"
service:
## Creates a service to expose the Ingress controller pods.
create: true
## The type of service to create for the Ingress controller.
type: LoadBalancer
## The externalTrafficPolicy of the service. The value Local preserves the client source IP.
externalTrafficPolicy: Local
## The annotations of the Ingress controller service.
annotations: {}
## The extra labels of the service.
extraLabels: {}
## The static IP address for the load balancer. Requires controller.service.type set to LoadBalancer. The cloud provider must support this feature.
loadBalancerIP: ""
## The list of external IPs for the Ingress controller service.
externalIPs: []
## The IP ranges (CIDR) that are allowed to access the load balancer. Requires controller.service.type set to LoadBalancer. The cloud provider must support this feature.
loadBalancerSourceRanges: []
## The name of the service
## Autogenerated if not set or set to "".
# name: nginx-ingress
httpPort:
## Enables the HTTP port for the Ingress controller service.
enable: true
## The HTTP port of the Ingress controller service.
port: 80
## The custom NodePort for the HTTP port. Requires controller.service.type set to NodePort.
nodePort: ""
## The HTTP port on the POD where the Ingress controller service is running.
targetPort: 80
httpsPort:
## Enables the HTTPS port for the Ingress controller service.
enable: true
## The HTTPS port of the Ingress controller service.
port: 443
## The custom NodePort for the HTTPS port. Requires controller.service.type set to NodePort.
nodePort: ""
## The HTTPS port on the POD where the Ingress controller service is running.
targetPort: 443
## A list of custom ports to expose through the Ingress controller service. Follows the conventional Kubernetes yaml syntax for service ports.
customPorts: []
serviceAccount:
## The name of the service account of the Ingress controller pods. Used for RBAC.
## Autogenerated if not set or set to "".
# name: nginx-ingress
## The name of the secret containing docker registry credentials.
## Secret must exist in the same namespace as the helm release.
imagePullSecretName: ""
reportIngressStatus:
## Updates the address field in the status of Ingress resources with an external address of the Ingress controller.
## You must also specify the source of the external address either through an external service via controller.reportIngressStatus.externalService,
## controller.reportIngressStatus.ingressLink or the external-status-address entry in the ConfigMap via controller.config.entries.
## Note: controller.config.entries.external-status-address takes precedence over the others.
enable: true
## Specifies the name of the service with the type LoadBalancer through which the Ingress controller is exposed externally.
## The external address of the service is used when reporting the status of Ingress, VirtualServer and VirtualServerRoute resources.
## controller.reportIngressStatus.enable must be set to true.
## The default is autogenerated and matches the created service (see controller.service.create).
# externalService: nginx-ingress
## Specifies the name of the IngressLink resource, which exposes the Ingress Controller pods via a BIG-IP system.
## The IP of the BIG-IP system is used when reporting the status of Ingress, VirtualServer and VirtualServerRoute resources.
## controller.reportIngressStatus.enable must be set to true.
ingressLink: ""
## Enable Leader election to avoid multiple replicas of the controller reporting the status of Ingress resources. controller.reportIngressStatus.enable must be set to true.
enableLeaderElection: true
## Specifies the name of the ConfigMap, within the same namespace as the controller, used as the lock for leader election. controller.reportIngressStatus.enableLeaderElection must be set to true.
## Autogenerated if not set or set to "".
# leaderElectionLockName: "nginx-ingress-leader-election"
## The annotations of the leader election configmap.
annotations: {}
pod:
## The annotations of the Ingress Controller pod.
annotations: {}
## The additional extra labels of the Ingress Controller pod.
extraLabels: {}
## The PriorityClass of the ingress controller pods.
priorityClassName:
readyStatus:
## Enables readiness endpoint "/nginx-ready". The endpoint returns a success code when NGINX has loaded all the config after startup.
enable: true
## Set the port where the readiness endpoint is exposed.
port: 8081
## Enable collection of latency metrics for upstreams. Requires prometheus.create.
enableLatencyMetrics: false
rbac:
## Configures RBAC.
create: true
prometheus:
## Expose NGINX or NGINX Plus metrics in the Prometheus format.
create: true
## Configures the port to scrape the metrics.
port: 9113
## Specifies the namespace/name of a Kubernetes TLS Secret which will be used to protect the Prometheus endpoint.
secret: ""
## Configures the HTTP scheme used.
scheme: http

24
index.yaml
View File

@ -2137,6 +2137,30 @@ entries:
- assets/neuvector/neuvector-1.8.0.tgz
version: 1.8.0
nginx-ingress:
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: NGINX Ingress Controller
catalog.cattle.io/release-name: nginx-ingress-controller
apiVersion: v1
appVersion: 2.1.0
created: "2022-01-07T10:26:27.40059Z"
description: NGINX Ingress Controller
digest: 5c28dfe157d19aa19c8f35acab983d1e9483e462d39dd0454ec271011ccdd697
home: https://github.com/nginxinc/kubernetes-ingress
icon: https://raw.githubusercontent.com/nginxinc/kubernetes-ingress/v2.1.0/deployments/helm-chart/chart-icon.png
keywords:
- ingress
- nginx
kubeVersion: 1.19 - 1.23
maintainers:
- email: kubernetes@nginx.com
name: nginxinc
name: nginx-ingress
sources:
- https://github.com/nginxinc/kubernetes-ingress/tree/v2.1.0/deployments/helm-chart
urls:
- assets/nginx-ingress/nginx-ingress-0.12.0.tgz
version: 0.12.0
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: NGINX Ingress Controller

9
packages/nginx-ingress/generated-changes/overlay/questions.yaml
View File

@ -25,7 +25,12 @@ questions:
- variable: controller.appprotect.enable
default: false
description: "Enable the App Protect module in the Ingress Controller."
label: Enable the App Protect.
label: Enable the App Protect module.
type: boolean
- variable: controller.appprotectdos.enable
default: false
description: "Enable the App Protect DoS module in the Ingress Controller."
label: Enable the App Protect DoS module.
type: boolean
- variable: controller.image.repository
default: nginx/nginx-ingress
@ -34,7 +39,7 @@ questions:
label: NGINX Ingress Controller Image Repository
required: true
- variable: controller.image.tag
default: 2.0.0
default: 2.1.0
description: "The tag of the Ingress controller image."
type: string
label: NGINX Ingress Controller Image Tag

4
packages/nginx-ingress/generated-changes/patch/Chart.yaml.patch
View File

@ -6,14 +6,14 @@
+ catalog.cattle.io/release-name: nginx-ingress-controller
+ catalog.cattle.io/display-name: NGINX Ingress Controller
apiVersion: v1
appVersion: 2.0.0
appVersion: 2.1.0
description: NGINX Ingress Controller
@@ -6,7 +10,7 @@
keywords:
- ingress
- nginx
-kubeVersion: '>= 1.19.0-0'
+kubeVersion: "1.19 - 1.22"
+kubeVersion: "1.19 - 1.23"
maintainers:
- email: kubernetes@nginx.com
name: nginxinc

2
packages/nginx-ingress/package.yaml
View File

@ -1,2 +1,2 @@
url: https://helm.nginx.com/stable/nginx-ingress-0.11.0.tgz
url: https://helm.nginx.com/stable/nginx-ingress-0.12.0.tgz
packageVersion: 00