2021-02-26 01:34:15 +00:00
--- charts-original/values.yaml
+++ charts/values.yaml
2021-07-08 23:40:54 +00:00
@@ -10,13 +10,11 @@
2021-02-26 01:34:15 +00:00
controller:
2021-04-05 22:47:34 +00:00
name: controller
2021-02-26 01:34:15 +00:00
image:
2021-07-08 23:40:54 +00:00
- registry: k8s.gcr.io
- image: ingress-nginx/controller
2021-02-26 01:34:15 +00:00
+ repository: rancher/nginx-ingress-controller
2021-07-08 23:40:54 +00:00
# for backwards compatibility consider setting the full image url via the repository value below
# use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail
# repository:
2021-10-06 21:42:18 +00:00
- tag: "v1.0.2"
- digest: sha256:85b53b493d6d658d8c013449223b0ffd739c76d76dc9bf9000786669ec04e049
+ tag: "nginx-1.0.2-hardened1"
2021-02-26 01:34:15 +00:00
pullPolicy: IfNotPresent
# www-data -> uid 101
2021-04-05 22:47:34 +00:00
runAsUser: 101
2021-07-08 23:40:54 +00:00
@@ -26,7 +24,7 @@
existingPsp: ""
# Configures the controller container name
- containerName: controller
+ containerName: rke2-ingress-nginx-controller
# Configures the ports the nginx-controller listens on
containerPort:
2021-10-06 21:42:18 +00:00
@@ -55,7 +53,7 @@
2021-02-26 01:34:15 +00:00
# Optionally change this to ClusterFirstWithHostNet in case you have 'hostNetwork: true'.
# By default, while using host network, name resolution uses the host's DNS. If you wish nginx-controller
# to keep resolving names inside the k8s network, use ClusterFirstWithHostNet.
- dnsPolicy: ClusterFirst
+ dnsPolicy: ClusterFirstWithHostNet
# Bare-metal considerations via the host network https://kubernetes.github.io/ingress-nginx/deploy/baremetal/#via-the-host-network
# Ingress status was blank because there is no Service exposing the NGINX Ingress controller in a configuration using the host network, the default --publish-service flag used in standard cloud setups does not apply
2021-10-07 21:50:41 +00:00
@@ -64,7 +62,7 @@
# Process Ingress objects without ingressClass annotation/ingressClassName field
# Overrides value for --watch-ingress-without-class flag of the controller binary
# Defaults to false
- watchIngressWithoutClass: false
+ watchIngressWithoutClass: true
# Process IngressClass per name (additionally as per spec.controller)
ingressClassByName: false
2021-10-08 18:46:17 +00:00
@@ -73,18 +71,18 @@
# their own *-snippet annotations, otherwise this is forbidden / dropped
# when users add those annotations.
# Global snippets in ConfigMap are still respected
- allowSnippetAnnotations: true
+ allowSnippetAnnotations: false
2021-05-07 19:43:34 +00:00
# Required for use with CNI based kubernetes installations (such as ones set up by kubeadm),
# since CNI and hostport don't mix yet. Can be deprecated once https://github.com/kubernetes/kubernetes/issues/23920
# is merged
- hostNetwork: false
+ hostNetwork: true
2021-05-06 20:05:17 +00:00
## Use host ports 80 and 443
2021-05-07 19:43:34 +00:00
## Disabled by default
##
hostPort:
- enabled: false
+ enabled: true
ports:
2021-05-06 20:05:17 +00:00
http: 80
2021-05-07 19:43:34 +00:00
https: 443
2021-10-06 21:42:18 +00:00
@@ -126,7 +124,7 @@
2021-07-28 17:21:38 +00:00
## by the service. If disable, the status field reports the IP address of the
## node or nodes where an ingress controller pod is running.
publishService:
- enabled: true
+ enabled: false
## Allows overriding of the publish service to bind to
## Must be <namespace>/<service_name>
##
2021-10-06 21:42:18 +00:00
@@ -177,7 +175,7 @@
2021-05-06 20:05:17 +00:00
## DaemonSet or Deployment
##
- kind: Deployment
+ kind: DaemonSet
2021-05-07 19:43:34 +00:00
## Annotations to be added to the controller Deployment or DaemonSet
2021-05-06 20:05:17 +00:00
##
2021-10-06 21:42:18 +00:00
@@ -427,7 +425,7 @@
2021-07-28 17:21:38 +00:00
configMapKey: ""
service:
- enabled: true
+ enabled: false
annotations: {}
labels: {}
2021-10-07 05:10:08 +00:00
@@ -574,13 +572,11 @@
2021-05-11 17:07:23 +00:00
patch:
enabled: true
image:
2021-10-06 21:42:18 +00:00
- registry: k8s.gcr.io
- image: ingress-nginx/kube-webhook-certgen
+ repository: rancher/mirrored-ingress-nginx-kube-webhook-certgen
2021-07-08 23:40:54 +00:00
# for backwards compatibility consider setting the full image url via the repository value below
# use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail
# repository:
2021-10-06 21:42:18 +00:00
tag: v1.0
- digest: sha256:f3b6b39a6062328c095337b4cadcefd1612348fdd5190b1dcbcb9b9e90bd8068
pullPolicy: IfNotPresent
## Provide a priority class name to the webhook patching job
2021-08-19 17:53:12 +00:00
##
2021-10-07 05:10:08 +00:00
@@ -697,12 +693,11 @@
2021-02-26 01:34:15 +00:00
2021-05-07 19:43:34 +00:00
name: defaultbackend
2021-02-26 01:34:15 +00:00
image:
2021-07-08 23:40:54 +00:00
- registry: k8s.gcr.io
- image: defaultbackend-amd64
2021-02-26 01:34:15 +00:00
+ repository: rancher/nginx-ingress-controller-defaultbackend
2021-07-08 23:40:54 +00:00
# for backwards compatibility consider setting the full image url via the repository value below
# use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail
# repository:
- tag: "1.5"
2021-02-26 01:34:15 +00:00
+ tag: "1.5-rancher1"
pullPolicy: IfNotPresent
# nobody user -> uid 65534
runAsUser: 65534
2021-10-07 05:10:08 +00:00
@@ -854,3 +849,6 @@
2021-05-07 19:43:34 +00:00
# This can be generated with: openssl dhparam 4096 2> /dev/null | base64
2021-10-06 21:42:18 +00:00
# Ref: https://github.com/kubernetes/ingress-nginx/tree/main/docs/examples/customization/ssl-dh-param
2021-05-07 19:43:34 +00:00
dhParam:
2021-02-26 01:34:15 +00:00
+
+global:
+ systemDefaultRegistry: ""
