414 lines
19 KiB
YAML
414 lines
19 KiB
YAML
controller:
|
|
## The name of the Ingress Controller daemonset or deployment.
|
|
## Autogenerated if not set or set to "".
|
|
# name: nginx-ingress
|
|
|
|
## The kind of the Ingress Controller installation - deployment or daemonset.
|
|
kind: deployment
|
|
|
|
## Deploys the Ingress Controller for NGINX Plus.
|
|
nginxplus: false
|
|
|
|
# Timeout in milliseconds which the Ingress Controller will wait for a successful NGINX reload after a change or at the initial start.
|
|
nginxReloadTimeout: 60000
|
|
|
|
## Support for App Protect WAF
|
|
appprotect:
|
|
## Enable the App Protect WAF module in the Ingress Controller.
|
|
enable: false
|
|
## Sets log level for App Protect WAF. Allowed values: fatal, error, warn, info, debug, trace
|
|
# logLevel: fatal
|
|
|
|
## Support for App Protect Dos
|
|
appprotectdos:
|
|
## Enable the App Protect Dos module in the Ingress Controller.
|
|
enable: false
|
|
## Enable debugging for App Protect Dos.
|
|
debug: false
|
|
## Max number of nginx processes to support.
|
|
maxWorkers: 0
|
|
## Max number of ADMD instances.
|
|
maxDaemons: 0
|
|
## RAM memory size to consume in MB.
|
|
memory: 0
|
|
|
|
## Enables the Ingress Controller pods to use the host's network namespace.
|
|
hostNetwork: false
|
|
|
|
## Enables debugging for NGINX. Uses the nginx-debug binary. Requires error-log-level: debug in the ConfigMap via `controller.config.entries`.
|
|
nginxDebug: false
|
|
|
|
## The log level of the Ingress Controller.
|
|
logLevel: 1
|
|
|
|
## A list of custom ports to expose on the NGINX ingress controller pod. Follows the conventional Kubernetes yaml syntax for container ports.
|
|
customPorts: []
|
|
|
|
image:
|
|
## The image repository of the Ingress Controller.
|
|
repository: nginx/nginx-ingress
|
|
|
|
## The tag of the Ingress Controller image.
|
|
tag: "2.4.2"
|
|
|
|
## The digest of the Ingress Controller image.
|
|
## If digest is specified it has precedence over tag and will be used instead
|
|
# digest: "sha256:CHANGEME"
|
|
|
|
## The pull policy for the Ingress Controller image.
|
|
pullPolicy: IfNotPresent
|
|
|
|
## The lifecycle of the Ingress Controller pods.
|
|
lifecycle: {}
|
|
|
|
## The custom ConfigMap to use instead of the one provided by default
|
|
customConfigMap: ""
|
|
|
|
config:
|
|
## The name of the ConfigMap used by the Ingress Controller.
|
|
## Autogenerated if not set or set to "".
|
|
# name: nginx-config
|
|
|
|
## The annotations of the Ingress Controller configmap.
|
|
annotations: {}
|
|
|
|
## The entries of the ConfigMap for customizing NGINX configuration.
|
|
entries: {}
|
|
|
|
## It is recommended to use your own TLS certificates and keys
|
|
defaultTLS:
|
|
## The base64-encoded TLS certificate for the default HTTPS server. By default, a pre-generated self-signed certificate is used.
|
|
## Note: It is recommended that you specify your own certificate. Alternatively, omitting the default server secret completely will configure NGINX to reject TLS connections to the default server.
|
|
cert: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUN2akNDQWFZQ0NRREFPRjl0THNhWFhEQU5CZ2txaGtpRzl3MEJBUXNGQURBaE1SOHdIUVlEVlFRRERCWk8KUjBsT1dFbHVaM0psYzNORGIyNTBjbTlzYkdWeU1CNFhEVEU0TURreE1qRTRNRE16TlZvWERUSXpNRGt4TVRFNApNRE16TlZvd0lURWZNQjBHQTFVRUF3d1dUa2RKVGxoSmJtZHlaWE56UTI5dWRISnZiR3hsY2pDQ0FTSXdEUVlKCktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQUwvN2hIUEtFWGRMdjNyaUM3QlBrMTNpWkt5eTlyQ08KR2xZUXYyK2EzUDF0azIrS3YwVGF5aGRCbDRrcnNUcTZzZm8vWUk1Y2Vhbkw4WGM3U1pyQkVRYm9EN2REbWs1Qgo4eDZLS2xHWU5IWlg0Rm5UZ0VPaStlM2ptTFFxRlBSY1kzVnNPazFFeUZBL0JnWlJVbkNHZUtGeERSN0tQdGhyCmtqSXVuektURXUyaDU4Tlp0S21ScUJHdDEwcTNRYzhZT3ExM2FnbmovUWRjc0ZYYTJnMjB1K1lYZDdoZ3krZksKWk4vVUkxQUQ0YzZyM1lma1ZWUmVHd1lxQVp1WXN2V0RKbW1GNWRwdEMzN011cDBPRUxVTExSakZJOTZXNXIwSAo1TmdPc25NWFJNV1hYVlpiNWRxT3R0SmRtS3FhZ25TZ1JQQVpQN2MwQjFQU2FqYzZjNGZRVXpNQ0F3RUFBVEFOCkJna3Foa2lHOXcwQkFRc0ZBQU9DQVFFQWpLb2tRdGRPcEsrTzhibWVPc3lySmdJSXJycVFVY2ZOUitjb0hZVUoKdGhrYnhITFMzR3VBTWI5dm15VExPY2xxeC9aYzJPblEwMEJCLzlTb0swcitFZ1U2UlVrRWtWcitTTFA3NTdUWgozZWI4dmdPdEduMS9ienM3bzNBaS9kclkrcUI5Q2k1S3lPc3FHTG1US2xFaUtOYkcyR1ZyTWxjS0ZYQU80YTY3Cklnc1hzYktNbTQwV1U3cG9mcGltU1ZmaXFSdkV5YmN3N0NYODF6cFErUyt1eHRYK2VBZ3V0NHh3VlI5d2IyVXYKelhuZk9HbWhWNThDd1dIQnNKa0kxNXhaa2VUWXdSN0diaEFMSkZUUkk3dkhvQXprTWIzbjAxQjQyWjNrN3RXNQpJUDFmTlpIOFUvOWxiUHNoT21FRFZkdjF5ZytVRVJxbStGSis2R0oxeFJGcGZnPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
|
|
|
|
## The base64-encoded TLS key for the default HTTPS server. By default, a pre-generated key is used.
|
|
## Note: It is recommended that you specify your own key. Alternatively, omitting the default server secret completely will configure NGINX to reject TLS connections to the default server.
|
|
key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBdi91RWM4b1JkMHUvZXVJTHNFK1RYZUprckxMMnNJNGFWaEMvYjVyYy9XMlRiNHEvClJOcktGMEdYaVN1eE9ycXgrajlnamx4NXFjdnhkenRKbXNFUkJ1Z1B0ME9hVGtIekhvb3FVWmcwZGxmZ1dkT0EKUTZMNTdlT1l0Q29VOUZ4amRXdzZUVVRJVUQ4R0JsRlNjSVo0b1hFTkhzbysyR3VTTWk2Zk1wTVM3YUhudzFtMApxWkdvRWEzWFNyZEJ6eGc2clhkcUNlUDlCMXl3VmRyYURiUzc1aGQzdUdETDU4cGszOVFqVUFQaHpxdmRoK1JWClZGNGJCaW9CbTVpeTlZTW1hWVhsMm0wTGZzeTZuUTRRdFFzdEdNVWozcGJtdlFmazJBNnljeGRFeFpkZFZsdmwKMm82MjBsMllxcHFDZEtCRThCay90elFIVTlKcU56cHpoOUJUTXdJREFRQUJBb0lCQVFDZklHbXowOHhRVmorNwpLZnZJUXQwQ0YzR2MxNld6eDhVNml4MHg4Mm15d1kxUUNlL3BzWE9LZlRxT1h1SENyUlp5TnUvZ2IvUUQ4bUFOCmxOMjRZTWl0TWRJODg5TEZoTkp3QU5OODJDeTczckM5bzVvUDlkazAvYzRIbjAzSkVYNzZ5QjgzQm9rR1FvYksKMjhMNk0rdHUzUmFqNjd6Vmc2d2szaEhrU0pXSzBwV1YrSjdrUkRWYmhDYUZhNk5nMUZNRWxhTlozVDhhUUtyQgpDUDNDeEFTdjYxWTk5TEI4KzNXWVFIK3NYaTVGM01pYVNBZ1BkQUk3WEh1dXFET1lvMU5PL0JoSGt1aVg2QnRtCnorNTZud2pZMy8yUytSRmNBc3JMTnIwMDJZZi9oY0IraVlDNzVWYmcydVd6WTY3TWdOTGQ5VW9RU3BDRkYrVm4KM0cyUnhybnhBb0dCQU40U3M0ZVlPU2huMVpQQjdhTUZsY0k2RHR2S2ErTGZTTXFyY2pOZjJlSEpZNnhubmxKdgpGenpGL2RiVWVTbWxSekR0WkdlcXZXaHFISy9iTjIyeWJhOU1WMDlRQ0JFTk5jNmtWajJTVHpUWkJVbEx4QzYrCk93Z0wyZHhKendWelU0VC84ajdHalRUN05BZVpFS2FvRHFyRG5BYWkyaW5oZU1JVWZHRXFGKzJyQW9HQkFOMVAKK0tZL0lsS3RWRzRKSklQNzBjUis3RmpyeXJpY05iWCtQVzUvOXFHaWxnY2grZ3l4b25BWlBpd2NpeDN3QVpGdwpaZC96ZFB2aTBkWEppc1BSZjRMazg5b2pCUmpiRmRmc2l5UmJYbyt3TFU4NUhRU2NGMnN5aUFPaTVBRHdVU0FkCm45YWFweUNweEFkREtERHdObit3ZFhtaTZ0OHRpSFRkK3RoVDhkaVpBb0dCQUt6Wis1bG9OOTBtYlF4VVh5YUwKMjFSUm9tMGJjcndsTmVCaWNFSmlzaEhYa2xpSVVxZ3hSZklNM2hhUVRUcklKZENFaHFsV01aV0xPb2I2NTNyZgo3aFlMSXM1ZUtka3o0aFRVdnpldm9TMHVXcm9CV2xOVHlGanIrSWhKZnZUc0hpOGdsU3FkbXgySkJhZUFVWUNXCndNdlQ4NmNLclNyNkQrZG8wS05FZzFsL0FvR0FlMkFVdHVFbFNqLzBmRzgrV3hHc1RFV1JqclRNUzRSUjhRWXQKeXdjdFA4aDZxTGxKUTRCWGxQU05rMXZLTmtOUkxIb2pZT2pCQTViYjhibXNVU1BlV09NNENoaFJ4QnlHbmR2eAphYkJDRkFwY0IvbEg4d1R0alVZYlN5T294ZGt5OEp0ek90ajJhS0FiZHd6NlArWDZDODhjZmxYVFo5MWpYL3RMCjF3TmRKS2tDZ1lCbyt0UzB5TzJ2SWFmK2UwSkN5TGhzVDQ5cTN3Zis2QWVqWGx2WDJ1VnRYejN5QTZnbXo5aCsKcDNlK2JMRUxwb3B0WFhNdUFRR0xhUkcrYlNNcjR5dERYbE5ZSndUeThXczNKY3dlSTdqZVp2b0ZpbmNvVlVIMwphdmxoTUVCRGYxSjltSDB5cDBwWUNaS2ROdHNvZEZtQktzVEtQMjJhTmtsVVhCS3gyZzR6cFE9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
|
|
|
|
## The secret with a TLS certificate and key for the default HTTPS server.
|
|
## The value must follow the following format: `<namespace>/<name>`.
|
|
## Used as an alternative to specifying a certificate and key using `controller.defaultTLS.cert` and `controller.defaultTLS.key` parameters.
|
|
## Note: Alternatively, omitting the default server secret completely will configure NGINX to reject TLS connections to the default server.
|
|
## Format: <namespace>/<secret_name>
|
|
secret:
|
|
|
|
wildcardTLS:
|
|
## The base64-encoded TLS certificate for every Ingress/VirtualServer host that has TLS enabled but no secret specified.
|
|
## If the parameter is not set, for such Ingress/VirtualServer hosts NGINX will break any attempt to establish a TLS connection.
|
|
cert: ""
|
|
|
|
## The base64-encoded TLS key for every Ingress/VirtualServer host that has TLS enabled but no secret specified.
|
|
## If the parameter is not set, for such Ingress/VirtualServer hosts NGINX will break any attempt to establish a TLS connection.
|
|
key: ""
|
|
|
|
## The secret with a TLS certificate and key for every Ingress/VirtualServer host that has TLS enabled but no secret specified.
|
|
## The value must follow the following format: `<namespace>/<name>`.
|
|
## Used as an alternative to specifying a certificate and key using `controller.wildcardTLS.cert` and `controller.wildcardTLS.key` parameters.
|
|
## Format: <namespace>/<secret_name>
|
|
secret:
|
|
|
|
## The node selector for pod assignment for the Ingress Controller pods.
|
|
nodeSelector: {}
|
|
|
|
## The termination grace period of the Ingress Controller pod.
|
|
terminationGracePeriodSeconds: 30
|
|
|
|
## The resources of the Ingress Controller pods.
|
|
resources:
|
|
requests:
|
|
cpu: 100m
|
|
memory: 128Mi
|
|
# limits:
|
|
# cpu: 1
|
|
# memory: 1Gi
|
|
|
|
|
|
## The tolerations of the Ingress Controller pods.
|
|
tolerations: []
|
|
|
|
## The affinity of the Ingress Controller pods.
|
|
affinity: {}
|
|
|
|
## The topology spread constraints of the Ingress controller pods.
|
|
topologySpreadConstraints: {}
|
|
|
|
## The volumes of the Ingress Controller pods.
|
|
volumes: []
|
|
# - name: extra-conf
|
|
# configMap:
|
|
# name: extra-conf
|
|
|
|
## The volumeMounts of the Ingress Controller pods.
|
|
volumeMounts: []
|
|
# - name: extra-conf
|
|
# mountPath: /etc/nginx/conf.d/extra.conf
|
|
# subPath: extra.conf
|
|
|
|
## InitContainers for the Ingress Controller pods.
|
|
initContainers: []
|
|
# - name: init-container
|
|
# image: busybox:1.34
|
|
# command: ['sh', '-c', 'echo this is initial setup!']
|
|
|
|
## The minimum number of seconds for which a newly created Pod should be ready without any of its containers crashing, for it to be considered available.
|
|
minReadySeconds: 0
|
|
|
|
## Strategy used to replace old Pods by new ones. .spec.strategy.type can be "Recreate" or "RollingUpdate". "RollingUpdate" is the default value.
|
|
strategy: {}
|
|
|
|
## Extra containers for the Ingress Controller pods.
|
|
extraContainers: []
|
|
# - name: container
|
|
# image: busybox:1.34
|
|
# command: ['sh', '-c', 'echo this is a sidecar!']
|
|
|
|
## The number of replicas of the Ingress Controller deployment.
|
|
replicaCount: 1
|
|
|
|
## A class of the Ingress Controller.
|
|
|
|
## IngressClass resource with the name equal to the class must be deployed. Otherwise,
|
|
## the Ingress Controller will fail to start.
|
|
## The Ingress Controller only processes resources that belong to its class - i.e. have the "ingressClassName" field resource equal to the class.
|
|
|
|
## The Ingress Controller processes all the resources that do not have the "ingressClassName" field for all versions of kubernetes.
|
|
ingressClass: nginx
|
|
|
|
## New Ingresses without an ingressClassName field specified will be assigned the class specified in `controller.ingressClass`.
|
|
setAsDefaultIngress: false
|
|
|
|
## Comma separated list of namespaces to watch for Ingress resources. By default the Ingress Controller watches all namespaces.
|
|
watchNamespace: ""
|
|
|
|
## Enable the custom resources.
|
|
enableCustomResources: true
|
|
|
|
## Enable preview policies. This parameter is deprecated. To enable OIDC Policies please use controller.enableOIDC instead.
|
|
enablePreviewPolicies: false
|
|
|
|
## Enable OIDC policies.
|
|
enableOIDC: false
|
|
|
|
## Include year in log header. This parameter will be removed in release 2.7 and the year will be included by default.
|
|
includeYear: false
|
|
|
|
## Enable TLS Passthrough on port 443. Requires controller.enableCustomResources.
|
|
enableTLSPassthrough: false
|
|
|
|
## Enable cert manager for Virtual Server resources. Requires controller.enableCustomResources.
|
|
enableCertManager: false
|
|
|
|
## Enable external DNS for Virtual Server resources. Requires controller.enableCustomResources.
|
|
enableExternalDNS: false
|
|
|
|
globalConfiguration:
|
|
## Creates the GlobalConfiguration custom resource. Requires controller.enableCustomResources.
|
|
create: false
|
|
|
|
## The spec of the GlobalConfiguration for defining the global configuration parameters of the Ingress Controller.
|
|
spec: {}
|
|
# listeners:
|
|
# - name: dns-udp
|
|
# port: 5353
|
|
# protocol: UDP
|
|
# - name: dns-tcp
|
|
# port: 5353
|
|
# protocol: TCP
|
|
|
|
## Enable custom NGINX configuration snippets in Ingress, VirtualServer, VirtualServerRoute and TransportServer resources.
|
|
enableSnippets: false
|
|
|
|
## Add a location based on the value of health-status-uri to the default server. The location responds with the 200 status code for any request.
|
|
## Useful for external health-checking of the Ingress Controller.
|
|
healthStatus: false
|
|
|
|
## Sets the URI of health status location in the default server. Requires controller.healthStatus.
|
|
healthStatusURI: "/nginx-health"
|
|
|
|
nginxStatus:
|
|
## Enable the NGINX stub_status, or the NGINX Plus API.
|
|
enable: true
|
|
|
|
## Set the port where the NGINX stub_status or the NGINX Plus API is exposed.
|
|
port: 8080
|
|
|
|
## Add IPv4 IP/CIDR blocks to the allow list for NGINX stub_status or the NGINX Plus API. Separate multiple IP/CIDR by commas.
|
|
allowCidrs: "127.0.0.1"
|
|
|
|
service:
|
|
## Creates a service to expose the Ingress Controller pods.
|
|
create: true
|
|
|
|
## The type of service to create for the Ingress Controller.
|
|
type: LoadBalancer
|
|
|
|
## The externalTrafficPolicy of the service. The value Local preserves the client source IP.
|
|
externalTrafficPolicy: Local
|
|
|
|
## The annotations of the Ingress Controller service.
|
|
annotations: {}
|
|
|
|
## The extra labels of the service.
|
|
extraLabels: {}
|
|
|
|
## The static IP address for the load balancer. Requires controller.service.type set to LoadBalancer. The cloud provider must support this feature.
|
|
loadBalancerIP: ""
|
|
|
|
## The list of external IPs for the Ingress Controller service.
|
|
externalIPs: []
|
|
|
|
## The IP ranges (CIDR) that are allowed to access the load balancer. Requires controller.service.type set to LoadBalancer. The cloud provider must support this feature.
|
|
loadBalancerSourceRanges: []
|
|
|
|
## The name of the service
|
|
## Autogenerated if not set or set to "".
|
|
# name: nginx-ingress
|
|
|
|
## Whether to automatically allocate NodePorts (only for LoadBalancers).
|
|
# allocateLoadBalancerNodePorts: false
|
|
|
|
## Dual stack preference.
|
|
## Valid values: SingleStack, PreferDualStack, RequireDualStack
|
|
# ipFamilyPolicy: SingleStack
|
|
|
|
## List of IP families assigned to this service.
|
|
## Valid values: IPv4, IPv6
|
|
# ipFamilies:
|
|
# - IPv6
|
|
|
|
httpPort:
|
|
## Enables the HTTP port for the Ingress Controller service.
|
|
enable: true
|
|
|
|
## The HTTP port of the Ingress Controller service.
|
|
port: 80
|
|
|
|
## The custom NodePort for the HTTP port. Requires controller.service.type set to NodePort.
|
|
nodePort: ""
|
|
|
|
## The HTTP port on the POD where the Ingress Controller service is running.
|
|
targetPort: 80
|
|
|
|
httpsPort:
|
|
## Enables the HTTPS port for the Ingress Controller service.
|
|
enable: true
|
|
|
|
## The HTTPS port of the Ingress Controller service.
|
|
port: 443
|
|
|
|
## The custom NodePort for the HTTPS port. Requires controller.service.type set to NodePort.
|
|
nodePort: ""
|
|
|
|
## The HTTPS port on the POD where the Ingress Controller service is running.
|
|
targetPort: 443
|
|
|
|
## A list of custom ports to expose through the Ingress Controller service. Follows the conventional Kubernetes yaml syntax for service ports.
|
|
customPorts: []
|
|
|
|
serviceAccount:
|
|
## The name of the service account of the Ingress Controller pods. Used for RBAC.
|
|
## Autogenerated if not set or set to "".
|
|
# name: nginx-ingress
|
|
|
|
## The name of the secret containing docker registry credentials.
|
|
## Secret must exist in the same namespace as the helm release.
|
|
imagePullSecretName: ""
|
|
|
|
serviceMonitor:
|
|
## Creates a serviceMonitor to expose statistics on the kubernetes pods.
|
|
create: false
|
|
|
|
## The name of the serviceMonitor
|
|
## Autogenerated if not set or set to "".
|
|
# name: nginx-ingress
|
|
|
|
|
|
## Kubernetes object labels to attach to the serviceMonitor object.
|
|
labels: {}
|
|
|
|
## A set of labels to allow the selection of endpoints for the ServiceMonitor.
|
|
selectorMatchLabels: {}
|
|
|
|
## A list of endpoints allowed as part of this ServiceMonitor.
|
|
endpoints: {}
|
|
|
|
reportIngressStatus:
|
|
## Updates the address field in the status of Ingress resources with an external address of the Ingress Controller.
|
|
## You must also specify the source of the external address either through an external service via controller.reportIngressStatus.externalService,
|
|
## controller.reportIngressStatus.ingressLink or the external-status-address entry in the ConfigMap via controller.config.entries.
|
|
## Note: controller.config.entries.external-status-address takes precedence over the others.
|
|
enable: true
|
|
|
|
## Specifies the name of the service with the type LoadBalancer through which the Ingress Controller is exposed externally.
|
|
## The external address of the service is used when reporting the status of Ingress, VirtualServer and VirtualServerRoute resources.
|
|
## controller.reportIngressStatus.enable must be set to true.
|
|
## The default is autogenerated and matches the created service (see controller.service.create).
|
|
# externalService: nginx-ingress
|
|
|
|
## Specifies the name of the IngressLink resource, which exposes the Ingress Controller pods via a BIG-IP system.
|
|
## The IP of the BIG-IP system is used when reporting the status of Ingress, VirtualServer and VirtualServerRoute resources.
|
|
## controller.reportIngressStatus.enable must be set to true.
|
|
ingressLink: ""
|
|
|
|
## Enable Leader election to avoid multiple replicas of the controller reporting the status of Ingress resources. controller.reportIngressStatus.enable must be set to true.
|
|
enableLeaderElection: true
|
|
|
|
## Specifies the name of the ConfigMap, within the same namespace as the controller, used as the lock for leader election. controller.reportIngressStatus.enableLeaderElection must be set to true.
|
|
## Autogenerated if not set or set to "".
|
|
# leaderElectionLockName: "nginx-ingress-leader-election"
|
|
|
|
## The annotations of the leader election configmap.
|
|
annotations: {}
|
|
|
|
pod:
|
|
## The annotations of the Ingress Controller pod.
|
|
annotations: {}
|
|
|
|
## The additional extra labels of the Ingress Controller pod.
|
|
extraLabels: {}
|
|
|
|
## The PriorityClass of the ingress controller pods.
|
|
priorityClassName:
|
|
|
|
readyStatus:
|
|
## Enables readiness endpoint "/nginx-ready". The endpoint returns a success code when NGINX has loaded all the config after startup.
|
|
enable: true
|
|
|
|
## Set the port where the readiness endpoint is exposed.
|
|
port: 8081
|
|
|
|
## The number of seconds after the Ingress Controller pod has started before readiness probes are initiated.
|
|
initialDelaySeconds: 0
|
|
|
|
## Enable collection of latency metrics for upstreams. Requires prometheus.create.
|
|
enableLatencyMetrics: false
|
|
|
|
## Disable IPV6 listeners explicitly for nodes that do not support the IPV6 stack.
|
|
disableIPV6: false
|
|
|
|
rbac:
|
|
## Configures RBAC.
|
|
create: true
|
|
|
|
prometheus:
|
|
## Expose NGINX or NGINX Plus metrics in the Prometheus format.
|
|
create: true
|
|
|
|
## Configures the port to scrape the metrics.
|
|
port: 9113
|
|
|
|
## Specifies the namespace/name of a Kubernetes TLS Secret which will be used to protect the Prometheus endpoint.
|
|
secret: ""
|
|
|
|
## Configures the HTTP scheme used.
|
|
scheme: http
|
|
|
|
nginxServiceMesh:
|
|
## Enables integration with NGINX Service Mesh.
|
|
## Requires controller.nginxplus
|
|
enable: false
|
|
|
|
## Enables NGINX Service Mesh workload to route egress traffic through the Ingress Controller.
|
|
## Requires nginxServiceMesh.enable
|
|
enableEgress: false
|