2021-02-26 01:34:15 +00:00
--- charts-original/values.yaml
+++ charts/values.yaml
2024-04-02 16:39:18 +00:00
@@ -21,15 +21,11 @@
2023-06-30 17:51:55 +00:00
image:
## Keep false as default for now!
chroot: false
- registry: registry.k8s.io
- image: ingress-nginx/controller
+ repository: rancher/nginx-ingress-controller
## for backwards compatibility consider setting the full image url via the repository value below
## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail
## repository:
2024-10-10 15:52:02 +00:00
- tag: "v1.10.5"
- digest: sha256:c84d11b1f7bd14ebbf49918a7f0dc01b31c0c6e757e0129520ea93453096315c
- digestChroot: sha256:030a43bdd5f0212a7e135cc4da76b15a6706ef65a6824eb4cc401f87a81c2987
2023-10-25 16:35:23 +00:00
- pullPolicy: IfNotPresent
2024-10-31 18:53:55 +00:00
+ tag: "v1.10.5-hardened4"
2024-04-02 16:39:18 +00:00
runAsNonRoot: true
2023-06-30 17:51:55 +00:00
# www-data -> uid 101
runAsUser: 101
2024-04-02 16:39:18 +00:00
@@ -40,7 +36,7 @@
2023-06-30 17:51:55 +00:00
# -- Use an existing PSP instead of creating one
existingPsp: ""
# -- Configures the controller container name
- containerName: controller
+ containerName: rke2-ingress-nginx-controller
# -- Configures the ports that the nginx-controller listens on
containerPort:
http: 80
2024-07-10 07:46:36 +00:00
@@ -70,7 +66,7 @@
2023-06-30 17:51:55 +00:00
# -- Optionally change this to ClusterFirstWithHostNet in case you have 'hostNetwork: true'.
# By default, while using host network, name resolution uses the host's DNS. If you wish nginx-controller
# to keep resolving names inside the k8s network, use ClusterFirstWithHostNet.
- dnsPolicy: ClusterFirst
+ dnsPolicy: ClusterFirstWithHostNet
# -- Bare-metal considerations via the host network https://kubernetes.github.io/ingress-nginx/deploy/baremetal/#via-the-host-network
2023-10-25 16:35:23 +00:00
# Ingress status was blank because there is no Service exposing the Ingress-Nginx Controller in a configuration using the host network, the default --publish-service flag used in standard cloud setups does not apply
2023-06-30 17:51:55 +00:00
reportNodeInternalIp: false
2024-04-02 16:39:18 +00:00
@@ -96,7 +92,7 @@
2023-06-30 17:51:55 +00:00
## Disabled by default
hostPort:
# -- Enable 'hostPort' or not
- enabled: false
+ enabled: true
ports:
# -- 'hostPort' http port
http: 80
2024-05-24 16:23:07 +00:00
@@ -154,7 +150,7 @@
2023-06-30 17:51:55 +00:00
# node or nodes where an ingress controller pod is running.
publishService:
# -- Enable 'publishService' or not
- enabled: true
+ enabled: false
# -- Allows overriding of the publish service to bind to
# Must be <namespace>/<service_name>
pathOverride: ""
2024-05-24 16:23:07 +00:00
@@ -201,7 +197,7 @@
2023-06-30 17:51:55 +00:00
# name: secret-resource
2021-02-26 01:34:15 +00:00
2023-06-30 17:51:55 +00:00
# -- Use a `DaemonSet` or `Deployment`
- kind: Deployment
+ kind: DaemonSet
# -- Annotations to be added to the controller Deployment or DaemonSet
##
annotations: {}
2024-05-24 16:23:07 +00:00
@@ -453,7 +449,7 @@
2023-06-30 17:51:55 +00:00
configMapKey: ""
service:
2024-04-02 16:39:18 +00:00
# -- Enable controller services or not. This does not influence the creation of either the admission webhook or the metrics service.
2023-06-30 17:51:55 +00:00
- enabled: true
+ enabled: false
2024-04-02 16:39:18 +00:00
external:
# -- Enable the external controller service or not. Useful for internal-only deployments.
enabled: true
2024-05-24 16:23:07 +00:00
@@ -748,6 +744,7 @@
2023-09-20 13:27:05 +00:00
loadBalancerSourceRanges: []
servicePort: 443
type: ClusterIP
+ ipFamilyPolicy: "PreferDualStack"
createSecretJob:
2024-04-02 16:39:18 +00:00
name: create
# -- Security context for secret creation containers
2024-05-24 16:23:07 +00:00
@@ -785,13 +782,11 @@
2023-06-30 17:51:55 +00:00
patch:
enabled: true
image:
2023-03-31 16:13:02 +00:00
- registry: registry.k8s.io
2023-06-30 17:51:55 +00:00
- image: ingress-nginx/kube-webhook-certgen
+ repository: rancher/mirrored-ingress-nginx-kube-webhook-certgen
2023-03-31 16:13:02 +00:00
## for backwards compatibility consider setting the full image url via the repository value below
## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail
## repository:
2024-10-10 15:52:02 +00:00
tag: v1.4.4
- digest: sha256:a9f03b34a3cbfbb26d103a14046ab2c5130a80c3d69d526ff8063d2b37b9fd3f
2023-03-31 16:13:02 +00:00
pullPolicy: IfNotPresent
2023-06-30 17:51:55 +00:00
# -- Provide a priority class name to the webhook patching job
##
2024-10-10 15:52:02 +00:00
@@ -928,12 +923,11 @@
2023-06-30 17:51:55 +00:00
enabled: false
name: defaultbackend
image:
- registry: registry.k8s.io
- image: defaultbackend-amd64
+ repository: rancher/nginx-ingress-controller-defaultbackend
## for backwards compatibility consider setting the full image url via the repository value below
## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail
## repository:
- tag: "1.5"
+ tag: "1.5-rancher1"
pullPolicy: IfNotPresent
2024-04-02 16:39:18 +00:00
runAsNonRoot: true
2023-06-30 17:51:55 +00:00
# nobody user -> uid 65534
2024-10-10 15:52:02 +00:00
@@ -1103,3 +1097,7 @@
2022-04-26 02:34:15 +00:00
# This can be generated with: `openssl dhparam 4096 2> /dev/null | base64`
## Ref: https://github.com/kubernetes/ingress-nginx/tree/main/docs/examples/customization/ssl-dh-param
2023-06-30 17:51:55 +00:00
dhParam: ""
2021-02-26 01:34:15 +00:00
+
+global:
+ systemDefaultRegistry: ""
2024-05-22 18:14:58 +00:00
+ systemDefaultIngressClass: ""
