--- charts-original/values.yaml +++ charts/values.yaml @@ -18,14 +18,11 @@ image: ## Keep false as default for now! chroot: false - registry: k8s.gcr.io - image: ingress-nginx/controller + repository: rancher/nginx-ingress-controller ## for backwards compatibility consider setting the full image url via the repository value below ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail ## repository: - tag: "v1.2.0" - digest: sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185 - digestChroot: sha256:fb17f1700b77d4fcc52ca6f83ffc2821861ae887dbb87149cf5cbc52bea425e5 + tag: "nginx-1.2.1-hardened7" pullPolicy: IfNotPresent # www-data -> uid 101 runAsUser: 101 @@ -35,7 +32,7 @@ existingPsp: "" # -- Configures the controller container name - containerName: controller + containerName: rke2-ingress-nginx-controller # -- Configures the ports that the nginx-controller listens on containerPort: @@ -63,7 +60,7 @@ # -- Optionally change this to ClusterFirstWithHostNet in case you have 'hostNetwork: true'. # By default, while using host network, name resolution uses the host's DNS. If you wish nginx-controller # to keep resolving names inside the k8s network, use ClusterFirstWithHostNet. - dnsPolicy: ClusterFirst + dnsPolicy: ClusterFirstWithHostNet # -- Bare-metal considerations via the host network https://kubernetes.github.io/ingress-nginx/deploy/baremetal/#via-the-host-network # Ingress status was blank because there is no Service exposing the NGINX Ingress controller in a configuration using the host network, the default --publish-service flag used in standard cloud setups does not apply @@ -72,7 +69,7 @@ # -- Process Ingress objects without ingressClass annotation/ingressClassName field # Overrides value for --watch-ingress-without-class flag of the controller binary # Defaults to false - watchIngressWithoutClass: false + watchIngressWithoutClass: true # -- Process IngressClass per name (additionally as per spec.controller). ingressClassByName: false @@ -81,7 +78,7 @@ # their own *-snippet annotations, otherwise this is forbidden / dropped # when users add those annotations. # Global snippets in ConfigMap are still respected - allowSnippetAnnotations: true + allowSnippetAnnotations: false # -- Required for use with CNI based kubernetes installations (such as ones set up by kubeadm), # since CNI and hostport don't mix yet. Can be deprecated once https://github.com/kubernetes/kubernetes/issues/23920 @@ -92,7 +89,7 @@ ## Disabled by default hostPort: # -- Enable 'hostPort' or not - enabled: false + enabled: true ports: # -- 'hostPort' http port http: 80 @@ -141,7 +138,7 @@ # node or nodes where an ingress controller pod is running. publishService: # -- Enable 'publishService' or not - enabled: true + enabled: false # -- Allows overriding of the publish service to bind to # Must be / pathOverride: "" @@ -191,7 +188,7 @@ # name: secret-resource # -- Use a `DaemonSet` or `Deployment` - kind: Deployment + kind: DaemonSet # -- Annotations to be added to the controller Deployment or DaemonSet ## @@ -441,7 +438,7 @@ configMapKey: "" service: - enabled: true + enabled: false # -- If enabled is adding an appProtocol option for Kubernetes service. An appProtocol field replacing annotations that were # using for setting a backend protocol. Here is an example for AWS: service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http @@ -630,13 +627,11 @@ patch: enabled: true image: - registry: k8s.gcr.io - image: ingress-nginx/kube-webhook-certgen + repository: rancher/mirrored-ingress-nginx-kube-webhook-certgen ## for backwards compatibility consider setting the full image url via the repository value below ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail ## repository: tag: v1.1.1 - digest: sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 pullPolicy: IfNotPresent # -- Provide a priority class name to the webhook patching job ## @@ -757,12 +752,11 @@ name: defaultbackend image: - registry: k8s.gcr.io - image: defaultbackend-amd64 + repository: rancher/nginx-ingress-controller-defaultbackend ## for backwards compatibility consider setting the full image url via the repository value below ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail ## repository: - tag: "1.5" + tag: "1.5-rancher1" pullPolicy: IfNotPresent # nobody user -> uid 65534 runAsUser: 65534 @@ -924,3 +918,6 @@ # This can be generated with: `openssl dhparam 4096 2> /dev/null | base64` ## Ref: https://github.com/kubernetes/ingress-nginx/tree/main/docs/examples/customization/ssl-dh-param dhParam: + +global: + systemDefaultRegistry: "" \ No newline at end of file