648 lines
24 KiB
YAML
648 lines
24 KiB
YAML
controller:
|
|
## The name of the Ingress Controller daemonset or deployment.
|
|
name: controller
|
|
|
|
## The kind of the Ingress Controller installation - deployment or daemonset.
|
|
kind: deployment
|
|
|
|
## The selectorLabels used to override the default values.
|
|
selectorLabels: {}
|
|
|
|
## Annotations for deployments and daemonsets
|
|
annotations: {}
|
|
|
|
## Deploys the Ingress Controller for NGINX Plus.
|
|
nginxplus: false
|
|
|
|
## Timeout in milliseconds which the Ingress Controller will wait for a successful NGINX reload after a change or at the initial start.
|
|
nginxReloadTimeout: 60000
|
|
|
|
## Support for App Protect WAF
|
|
appprotect:
|
|
## Enable the App Protect WAF module in the Ingress Controller.
|
|
enable: false
|
|
## Enables App Protect WAF v5.
|
|
v5: false
|
|
## Sets log level for App Protect WAF. Allowed values: fatal, error, warn, info, debug, trace
|
|
# logLevel: fatal
|
|
|
|
# Volumes for App Protect WAF v5
|
|
# Required volumes are: app-protect-bd-config, app-protect-config, and app-protect-bundles
|
|
volumes:
|
|
- name: app-protect-bd-config
|
|
emptyDir: {}
|
|
- name: app-protect-config
|
|
emptyDir: {}
|
|
- name: app-protect-bundles
|
|
emptyDir: {}
|
|
|
|
## Configuration for App Protect WAF v5 Enforcer
|
|
enforcer:
|
|
# Host that the App Protect WAF v5 Enforcer runs on.
|
|
# This will normally be "127.0.0.1" as the Enforcer container
|
|
# will run in the same pod as the Ingress Controller container.
|
|
host: "127.0.0.1"
|
|
# Port that the App Protect WAF v5 Enforcer runs on.
|
|
port: 50000
|
|
image:
|
|
## The image repository of the App Protect WAF v5 Enforcer.
|
|
repository: private-registry.nginx.com/nap/waf-enforcer
|
|
|
|
## The tag of the App Protect WAF v5 Enforcer image.
|
|
tag: "5.3.0"
|
|
## The digest of the App Protect WAF v5 Enforcer image.
|
|
## If digest is specified it has precedence over tag and will be used instead
|
|
# digest: "sha256:CHANGEME"
|
|
|
|
## The pull policy for the App Protect WAF v5 Enforcer image.
|
|
pullPolicy: IfNotPresent
|
|
securityContext: {}
|
|
|
|
## Configuration for App Protect WAF v5 Configuration Manager
|
|
configManager:
|
|
image:
|
|
## The image repository of the App Protect WAF v5 Configuration Manager.
|
|
repository: private-registry.nginx.com/nap/waf-config-mgr
|
|
|
|
## The tag of the App Protect WAF v5 Configuration Manager image.
|
|
tag: "5.3.0"
|
|
## The digest of the App Protect WAF v5 Configuration Manager image.
|
|
## If digest is specified it has precedence over tag and will be used instead
|
|
# digest: "sha256:CHANGEME"
|
|
|
|
## The pull policy for the App Protect WAF v5 Configuration Manager image.
|
|
pullPolicy: IfNotPresent
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
runAsUser: 101 #nginx
|
|
runAsNonRoot: true
|
|
capabilities:
|
|
drop:
|
|
- all
|
|
|
|
## Support for App Protect DoS
|
|
appprotectdos:
|
|
## Enable the App Protect DoS module in the Ingress Controller.
|
|
enable: false
|
|
## Enable debugging for App Protect DoS.
|
|
debug: false
|
|
## Max number of nginx processes to support.
|
|
maxWorkers: 0
|
|
## Max number of ADMD instances.
|
|
maxDaemons: 0
|
|
## RAM memory size to consume in MB.
|
|
memory: 0
|
|
|
|
## Enables the Ingress Controller pods to use the host's network namespace.
|
|
hostNetwork: false
|
|
|
|
## The hostPort configuration for the Ingress Controller pods.
|
|
hostPort:
|
|
## Enables hostPort for the Ingress Controller pods.
|
|
enable: false
|
|
|
|
## The HTTP hostPort configuration for the Ingress Controller pods.
|
|
http: 80
|
|
|
|
## The HTTPS hostPort configuration for the Ingress Controller pods.
|
|
https: 443
|
|
|
|
containerPort:
|
|
## The HTTP containerPort configuration for the Ingress Controller pods.
|
|
http: 80
|
|
|
|
## The HTTPS containerPort configuration for the Ingress Controller pods.
|
|
https: 443
|
|
|
|
## DNS policy for the Ingress Controller pods
|
|
dnsPolicy: ClusterFirst
|
|
|
|
## Enables debugging for NGINX. Uses the nginx-debug binary. Requires error-log-level: debug in the ConfigMap via `controller.config.entries`.
|
|
nginxDebug: false
|
|
|
|
## Share process namespace between containers in the Ingress Controller pod.
|
|
shareProcessNamespace: false
|
|
|
|
## The log level of the Ingress Controller.
|
|
logLevel: 1
|
|
|
|
## A list of custom ports to expose on the NGINX Ingress Controller pod. Follows the conventional Kubernetes yaml syntax for container ports.
|
|
customPorts: []
|
|
|
|
image:
|
|
## The image repository of the Ingress Controller.
|
|
repository: nginx/nginx-ingress
|
|
|
|
## The tag of the Ingress Controller image. If not specified the appVersion from Chart.yaml is used as a tag.
|
|
# tag: "3.7.0"
|
|
## The digest of the Ingress Controller image.
|
|
## If digest is specified it has precedence over tag and will be used instead
|
|
# digest: "sha256:CHANGEME"
|
|
|
|
## The pull policy for the Ingress Controller image.
|
|
pullPolicy: IfNotPresent
|
|
|
|
## The lifecycle of the Ingress Controller pods.
|
|
lifecycle: {}
|
|
|
|
## The custom ConfigMap to use instead of the one provided by default
|
|
customConfigMap: ""
|
|
|
|
config:
|
|
## The name of the ConfigMap used by the Ingress Controller.
|
|
## Autogenerated if not set or set to "".
|
|
# name: nginx-config
|
|
|
|
## The annotations of the Ingress Controller configmap.
|
|
annotations: {}
|
|
|
|
## The entries of the ConfigMap for customizing NGINX configuration.
|
|
entries: {}
|
|
|
|
## It is recommended to use your own TLS certificates and keys
|
|
defaultTLS:
|
|
## The base64-encoded TLS certificate for the default HTTPS server.
|
|
## Note: It is recommended that you specify your own certificate. Alternatively, omitting the default server secret completely will configure NGINX to reject TLS connections to the default server.
|
|
cert: ""
|
|
|
|
## The base64-encoded TLS key for the default HTTPS server.
|
|
## Note: It is recommended that you specify your own key. Alternatively, omitting the default server secret completely will configure NGINX to reject TLS connections to the default server.
|
|
key: ""
|
|
|
|
## The secret with a TLS certificate and key for the default HTTPS server.
|
|
## The value must follow the following format: `<namespace>/<name>`.
|
|
## Used as an alternative to specifying a certificate and key using `controller.defaultTLS.cert` and `controller.defaultTLS.key` parameters.
|
|
## Note: Alternatively, omitting the default server secret completely will configure NGINX to reject TLS connections to the default server.
|
|
## Format: <namespace>/<secret_name>
|
|
secret: ""
|
|
|
|
wildcardTLS:
|
|
## The base64-encoded TLS certificate for every Ingress/VirtualServer host that has TLS enabled but no secret specified.
|
|
## If the parameter is not set, for such Ingress/VirtualServer hosts NGINX will break any attempt to establish a TLS connection.
|
|
cert: ""
|
|
|
|
## The base64-encoded TLS key for every Ingress/VirtualServer host that has TLS enabled but no secret specified.
|
|
## If the parameter is not set, for such Ingress/VirtualServer hosts NGINX will break any attempt to establish a TLS connection.
|
|
key: ""
|
|
|
|
## The secret with a TLS certificate and key for every Ingress/VirtualServer host that has TLS enabled but no secret specified.
|
|
## The value must follow the following format: `<namespace>/<name>`.
|
|
## Used as an alternative to specifying a certificate and key using `controller.wildcardTLS.cert` and `controller.wildcardTLS.key` parameters.
|
|
## Format: <namespace>/<secret_name>
|
|
secret: ""
|
|
|
|
## The node selector for pod assignment for the Ingress Controller pods.
|
|
# nodeSelector: {}
|
|
|
|
## The termination grace period of the Ingress Controller pod.
|
|
terminationGracePeriodSeconds: 30
|
|
|
|
## HorizontalPodAutoscaling (HPA)
|
|
autoscaling:
|
|
## Enables HorizontalPodAutoscaling.
|
|
enabled: false
|
|
## The annotations of the Ingress Controller HorizontalPodAutoscaler.
|
|
annotations: {}
|
|
## Minimum number of replicas for the HPA.
|
|
minReplicas: 1
|
|
## Maximum number of replicas for the HPA.
|
|
maxReplicas: 3
|
|
## The target cpu utilization percentage.
|
|
targetCPUUtilizationPercentage: 50
|
|
## The target memory utilization percentage.
|
|
targetMemoryUtilizationPercentage: 50
|
|
## Custom behavior policies
|
|
behavior: {}
|
|
|
|
## The resources of the Ingress Controller pods.
|
|
resources:
|
|
requests:
|
|
cpu: 100m
|
|
memory: 128Mi
|
|
# limits:
|
|
# cpu: 1
|
|
# memory: 1Gi
|
|
|
|
## The security context for the Ingress Controller pods.
|
|
podSecurityContext:
|
|
seccompProfile:
|
|
type: RuntimeDefault
|
|
|
|
## The security context for the Ingress Controller containers.
|
|
securityContext:
|
|
{} # Remove curly brackets before adding values
|
|
# allowPrivilegeEscalation: true
|
|
# readOnlyRootFilesystem: true
|
|
# runAsUser: 101 #nginx
|
|
# runAsNonRoot: true
|
|
# capabilities:
|
|
# drop:
|
|
# - ALL
|
|
# add:
|
|
# - NET_BIND_SERVICE
|
|
|
|
## The security context for the Ingress Controller init container which is used when readOnlyRootFilesystem is set to true.
|
|
initContainerSecurityContext: {}
|
|
|
|
## The resources for the Ingress Controller init container which is used when readOnlyRootFilesystem is set to true.
|
|
initContainerResources:
|
|
requests:
|
|
cpu: 100m
|
|
memory: 128Mi
|
|
# limits:
|
|
# cpu: 1
|
|
# memory: 1Gi
|
|
|
|
## The tolerations of the Ingress Controller pods.
|
|
tolerations: []
|
|
|
|
## The affinity of the Ingress Controller pods.
|
|
affinity: {}
|
|
|
|
## The topology spread constraints of the Ingress controller pods.
|
|
# topologySpreadConstraints: {}
|
|
|
|
## The additional environment variables to be set on the Ingress Controller pods.
|
|
env: []
|
|
# - name: MY_VAR
|
|
# value: myvalue
|
|
|
|
## The volumes of the Ingress Controller pods.
|
|
volumes: []
|
|
# - name: extra-conf
|
|
# configMap:
|
|
# name: extra-conf
|
|
|
|
## The volumeMounts of the Ingress Controller pods.
|
|
volumeMounts: []
|
|
# - name: extra-conf
|
|
# mountPath: /etc/nginx/conf.d/extra.conf
|
|
# subPath: extra.conf
|
|
|
|
## InitContainers for the Ingress Controller pods.
|
|
initContainers: []
|
|
# - name: init-container
|
|
# image: busybox:1.34
|
|
# command: ['sh', '-c', 'echo this is initial setup!']
|
|
|
|
## The minimum number of seconds for which a newly created Pod should be ready without any of its containers crashing, for it to be considered available.
|
|
minReadySeconds: 0
|
|
|
|
## Pod disruption budget for the Ingress Controller pods.
|
|
podDisruptionBudget:
|
|
## Enables PodDisruptionBudget.
|
|
enabled: false
|
|
## The annotations of the Ingress Controller pod disruption budget.
|
|
annotations: {}
|
|
## The number of Ingress Controller pods that should be available. This is a mutually exclusive setting with "maxUnavailable".
|
|
# minAvailable: 1
|
|
## The number of Ingress Controller pods that can be unavailable. This is a mutually exclusive setting with "minAvailable".
|
|
# maxUnavailable: 1
|
|
|
|
## Strategy used to replace old Pods by new ones. .spec.strategy.type can be "Recreate" or "RollingUpdate" for Deployments, and "OnDelete" or "RollingUpdate" for Daemonsets. "RollingUpdate" is the default value.
|
|
strategy: {}
|
|
|
|
## Extra containers for the Ingress Controller pods.
|
|
extraContainers: []
|
|
# - name: container
|
|
# image: busybox:1.34
|
|
# command: ['sh', '-c', 'echo this is a sidecar!']
|
|
|
|
## The number of replicas of the Ingress Controller deployment.
|
|
replicaCount: 1
|
|
|
|
## Configures the ingress class the Ingress Controller uses.
|
|
ingressClass:
|
|
## A class of the Ingress Controller.
|
|
|
|
## IngressClass resource with the name equal to the class must be deployed. Otherwise,
|
|
## the Ingress Controller will fail to start.
|
|
## The Ingress Controller only processes resources that belong to its class - i.e. have the "ingressClassName" field resource equal to the class.
|
|
|
|
## The Ingress Controller processes all the resources that do not have the "ingressClassName" field for all versions of kubernetes.
|
|
name: nginx
|
|
|
|
## Creates a new IngressClass object with the name "controller.ingressClass.name". To use an existing IngressClass with the same name, set this value to false. If you use helm upgrade, do not change the values from the previous release as helm will delete IngressClass objects managed by helm. If you are upgrading from a release earlier than 3.3.0, do not set the value to false.
|
|
create: true
|
|
|
|
## New Ingresses without an ingressClassName field specified will be assigned the class specified in `controller.ingressClass`. Requires "controller.ingressClass.create".
|
|
setAsDefaultIngress: false
|
|
|
|
## Comma separated list of namespaces to watch for Ingress resources. By default, the Ingress Controller watches all namespaces. Mutually exclusive with "controller.watchNamespaceLabel".
|
|
watchNamespace: ""
|
|
|
|
## Configures the Ingress Controller to watch only those namespaces with label foo=bar. By default, the Ingress Controller watches all namespaces. Mutually exclusive with "controller.watchNamespace".
|
|
watchNamespaceLabel: ""
|
|
|
|
## Comma separated list of namespaces to watch for Secret resources. By default, the Ingress Controller watches all namespaces.
|
|
watchSecretNamespace: ""
|
|
|
|
## Enable the custom resources.
|
|
enableCustomResources: true
|
|
|
|
## Enable OIDC policies.
|
|
enableOIDC: false
|
|
|
|
## Enable TLS Passthrough on port 443. Requires controller.enableCustomResources.
|
|
enableTLSPassthrough: false
|
|
|
|
## Set the port for TLS Passthrough. Requires controller.enableCustomResources and controller.enableTLSPassthrough.
|
|
tlsPassthroughPort: 443
|
|
|
|
## Enable cert manager for Virtual Server resources. Requires controller.enableCustomResources.
|
|
enableCertManager: false
|
|
|
|
## Enable external DNS for Virtual Server resources. Requires controller.enableCustomResources.
|
|
enableExternalDNS: false
|
|
|
|
globalConfiguration:
|
|
## Creates the GlobalConfiguration custom resource. Requires controller.enableCustomResources.
|
|
create: false
|
|
|
|
## The spec of the GlobalConfiguration for defining the global configuration parameters of the Ingress Controller.
|
|
spec: {} ## Ensure both curly brackets are removed when adding listeners in YAML format.
|
|
# listeners:
|
|
# - name: dns-udp
|
|
# port: 5353
|
|
# protocol: UDP
|
|
# - name: dns-tcp
|
|
# port: 5353
|
|
# protocol: TCP
|
|
|
|
## Enable custom NGINX configuration snippets in Ingress, VirtualServer, VirtualServerRoute and TransportServer resources.
|
|
enableSnippets: false
|
|
|
|
## Add a location based on the value of health-status-uri to the default server. The location responds with the 200 status code for any request.
|
|
## Useful for external health-checking of the Ingress Controller.
|
|
healthStatus: false
|
|
|
|
## Sets the URI of health status location in the default server. Requires controller.healthStatus.
|
|
healthStatusURI: "/nginx-health"
|
|
|
|
nginxStatus:
|
|
## Enable the NGINX stub_status, or the NGINX Plus API.
|
|
enable: true
|
|
|
|
## Set the port where the NGINX stub_status or the NGINX Plus API is exposed.
|
|
port: 8080
|
|
|
|
## Add IPv4 IP/CIDR blocks to the allow list for NGINX stub_status or the NGINX Plus API. Separate multiple IP/CIDR by commas.
|
|
allowCidrs: "127.0.0.1"
|
|
|
|
service:
|
|
## Creates a service to expose the Ingress Controller pods.
|
|
create: true
|
|
|
|
## The type of service to create for the Ingress Controller.
|
|
type: LoadBalancer
|
|
|
|
## The externalTrafficPolicy of the service. The value Local preserves the client source IP.
|
|
externalTrafficPolicy: Local
|
|
|
|
## The annotations of the Ingress Controller service.
|
|
annotations: {}
|
|
|
|
## The extra labels of the service.
|
|
extraLabels: {}
|
|
|
|
## The static IP address for the load balancer. Requires controller.service.type set to LoadBalancer. The cloud provider must support this feature.
|
|
loadBalancerIP: ""
|
|
|
|
## The ClusterIP for the Ingress Controller service, autoassigned if not specified.
|
|
clusterIP: ""
|
|
|
|
## The list of external IPs for the Ingress Controller service.
|
|
externalIPs: []
|
|
|
|
## The IP ranges (CIDR) that are allowed to access the load balancer. Requires controller.service.type set to LoadBalancer. The cloud provider must support this feature.
|
|
loadBalancerSourceRanges: []
|
|
|
|
## Whether to automatically allocate NodePorts (only for LoadBalancers).
|
|
# allocateLoadBalancerNodePorts: false
|
|
|
|
## Dual stack preference.
|
|
## Valid values: SingleStack, PreferDualStack, RequireDualStack
|
|
# ipFamilyPolicy: SingleStack
|
|
|
|
## List of IP families assigned to this service.
|
|
## Valid values: IPv4, IPv6
|
|
# ipFamilies:
|
|
# - IPv6
|
|
|
|
httpPort:
|
|
## Enables the HTTP port for the Ingress Controller service.
|
|
enable: true
|
|
|
|
## The HTTP port of the Ingress Controller service.
|
|
port: 80
|
|
|
|
## The custom NodePort for the HTTP port. Requires controller.service.type set to NodePort or LoadBalancer.
|
|
# nodePort: 80
|
|
|
|
## The HTTP port on the POD where the Ingress Controller service is running.
|
|
targetPort: 80
|
|
|
|
httpsPort:
|
|
## Enables the HTTPS port for the Ingress Controller service.
|
|
enable: true
|
|
|
|
## The HTTPS port of the Ingress Controller service.
|
|
port: 443
|
|
|
|
## The custom NodePort for the HTTPS port. Requires controller.service.type set to NodePort or LoadBalancer.
|
|
# nodePort: 443
|
|
|
|
## The HTTPS port on the POD where the Ingress Controller service is running.
|
|
targetPort: 443
|
|
|
|
## A list of custom ports to expose through the Ingress Controller service. Follows the conventional Kubernetes yaml syntax for service ports.
|
|
customPorts: []
|
|
|
|
serviceAccount:
|
|
## The annotations of the service account of the Ingress Controller pods.
|
|
annotations: {}
|
|
|
|
## The name of the service account of the Ingress Controller pods. Used for RBAC.
|
|
## Autogenerated if not set or set to "".
|
|
# name: nginx-ingress
|
|
|
|
## The name of the secret containing docker registry credentials.
|
|
## Secret must exist in the same namespace as the helm release.
|
|
imagePullSecretName: ""
|
|
|
|
## A list of secret names containing docker registry credentials.
|
|
## Secrets must exist in the same namespace as the helm release.
|
|
imagePullSecretsNames: []
|
|
|
|
reportIngressStatus:
|
|
## Updates the address field in the status of Ingress resources with an external address of the Ingress Controller.
|
|
## You must also specify the source of the external address either through an external service via controller.reportIngressStatus.externalService,
|
|
## controller.reportIngressStatus.ingressLink or the external-status-address entry in the ConfigMap via controller.config.entries.
|
|
## Note: controller.config.entries.external-status-address takes precedence over the others.
|
|
enable: true
|
|
|
|
## Specifies the name of the service with the type LoadBalancer through which the Ingress Controller is exposed externally.
|
|
## The external address of the service is used when reporting the status of Ingress, VirtualServer and VirtualServerRoute resources.
|
|
## controller.reportIngressStatus.enable must be set to true.
|
|
## The default is autogenerated and matches the created service (see controller.service.create).
|
|
# externalService: nginx-ingress
|
|
|
|
## Specifies the name of the IngressLink resource, which exposes the Ingress Controller pods via a BIG-IP system.
|
|
## The IP of the BIG-IP system is used when reporting the status of Ingress, VirtualServer and VirtualServerRoute resources.
|
|
## controller.reportIngressStatus.enable must be set to true.
|
|
ingressLink: ""
|
|
|
|
## Enable Leader election to avoid multiple replicas of the controller reporting the status of Ingress resources. controller.reportIngressStatus.enable must be set to true.
|
|
enableLeaderElection: true
|
|
|
|
## Specifies the name to be used as the lock for leader election. controller.reportIngressStatus.enableLeaderElection must be set to true.
|
|
## The default is autogenerated.
|
|
leaderElectionLockName: ""
|
|
|
|
## The annotations of the leader election configmap.
|
|
annotations: {}
|
|
|
|
pod:
|
|
## The annotations of the Ingress Controller pod.
|
|
annotations: {}
|
|
|
|
## The additional extra labels of the Ingress Controller pod.
|
|
extraLabels: {}
|
|
|
|
## The PriorityClass of the Ingress Controller pods.
|
|
# priorityClassName: ""
|
|
|
|
readyStatus:
|
|
## Enables readiness endpoint "/nginx-ready". The endpoint returns a success code when NGINX has loaded all the config after startup.
|
|
enable: true
|
|
|
|
## Set the port where the readiness endpoint is exposed.
|
|
port: 8081
|
|
|
|
## The number of seconds after the Ingress Controller pod has started before readiness probes are initiated.
|
|
initialDelaySeconds: 0
|
|
|
|
## Enable collection of latency metrics for upstreams. Requires prometheus.create.
|
|
enableLatencyMetrics: false
|
|
|
|
## Disable IPV6 listeners explicitly for nodes that do not support the IPV6 stack.
|
|
disableIPV6: false
|
|
|
|
## Sets the port for the HTTP `default_server` listener.
|
|
defaultHTTPListenerPort: 80
|
|
|
|
## Sets the port for the HTTPS `default_server` listener.
|
|
defaultHTTPSListenerPort: 443
|
|
|
|
## Configure root filesystem as read-only and add volumes for temporary data.
|
|
## Three major releases after 3.5.x this argument will be moved to the `securityContext` section.
|
|
## This value will not be used if `controller.securityContext` is set
|
|
readOnlyRootFilesystem: false
|
|
|
|
## Enable dynamic reloading of certificates
|
|
enableSSLDynamicReload: true
|
|
|
|
## Configure telemetry reporting options
|
|
telemetryReporting:
|
|
## Enable telemetry reporting
|
|
enable: true
|
|
|
|
## Allows weight adjustments without reloading the NGINX Configuration for two-way splits in NGINX Plus.
|
|
## May require increasing map_hash_bucket_size, map_hash_max_size,
|
|
## variable_hash_bucket_size, and variable_hash_max_size in the ConfigMap based on the number of two-way splits.
|
|
enableWeightChangesDynamicReload: false
|
|
|
|
rbac:
|
|
## Configures RBAC.
|
|
create: true
|
|
|
|
clusterrole:
|
|
## Create ClusterRole
|
|
create: true
|
|
|
|
prometheus:
|
|
## Expose NGINX or NGINX Plus metrics in the Prometheus format.
|
|
create: true
|
|
|
|
## Configures the port to scrape the metrics.
|
|
port: 9113
|
|
|
|
## Specifies the namespace/name of a Kubernetes TLS Secret which will be used to protect the Prometheus endpoint.
|
|
secret: ""
|
|
|
|
## Configures the HTTP scheme used.
|
|
scheme: http
|
|
|
|
service:
|
|
## Creates a ClusterIP Service to expose Prometheus metrics internally
|
|
## Requires prometheus.create=true
|
|
create: false
|
|
|
|
labels:
|
|
service: "nginx-ingress-prometheus-service"
|
|
|
|
serviceMonitor:
|
|
## Creates a serviceMonitor to expose statistics on the kubernetes pods.
|
|
create: false
|
|
|
|
## Kubernetes object labels to attach to the serviceMonitor object.
|
|
labels: {}
|
|
|
|
## A set of labels to allow the selection of endpoints for the ServiceMonitor.
|
|
selectorMatchLabels:
|
|
service: "nginx-ingress-prometheus-service"
|
|
|
|
## A list of endpoints allowed as part of this ServiceMonitor.
|
|
## Matches on the name of a Service port.
|
|
endpoints:
|
|
- port: prometheus
|
|
|
|
serviceInsight:
|
|
## Expose NGINX Plus Service Insight endpoint.
|
|
create: false
|
|
|
|
## Configures the port to expose endpoint.
|
|
port: 9114
|
|
|
|
## Specifies the namespace/name of a Kubernetes TLS Secret which will be used to protect the Service Insight endpoint.
|
|
secret: ""
|
|
|
|
## Configures the HTTP scheme used.
|
|
scheme: http
|
|
|
|
nginxServiceMesh:
|
|
## Enables integration with NGINX Service Mesh.
|
|
enable: false
|
|
|
|
## Enables NGINX Service Mesh workload to route egress traffic through the Ingress Controller.
|
|
## Requires nginxServiceMesh.enable
|
|
enableEgress: false
|
|
|
|
nginxAgent:
|
|
## Enables NGINX Agent.
|
|
enable: false
|
|
## If nginxAgent.instanceGroup is not set the value of nginx-ingress.controller.fullname will be used
|
|
instanceGroup: ""
|
|
logLevel: "error"
|
|
## Syslog listener which NGINX Agent uses to accept messages from App Protect WAF
|
|
syslog:
|
|
host: "127.0.0.1"
|
|
port: 1514
|
|
napMonitoring:
|
|
collectorBufferSize: 50000
|
|
processorBufferSize: 50000
|
|
instanceManager:
|
|
# FQDN or IP for connecting to NGINX Instance Manager, e.g. nim.example.com
|
|
host: ""
|
|
grpcPort: 443
|
|
sni: ""
|
|
tls:
|
|
enabled: true
|
|
skipVerify: false
|
|
## kubernetes.io/tls secret with a TLS certificate and key for using mTLS between NGINX Agent and Instance Manager
|
|
secret: ""
|
|
## nginx.org/ca secret for verification of Instance Manager TLS
|
|
caSecret: ""
|
|
## The name of a custom ConfigMap to use instead of the one provided by default
|
|
customConfigMap: ""
|