--- charts-original/values.yaml +++ charts/values.yaml @@ -21,15 +21,11 @@ image: ## Keep false as default for now! chroot: false - registry: registry.k8s.io - image: ingress-nginx/controller + repository: rancher/nginx-ingress-controller ## for backwards compatibility consider setting the full image url via the repository value below ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail ## repository: - tag: "v1.9.6" - digest: sha256:1405cc613bd95b2c6edd8b2a152510ae91c7e62aea4698500d23b2145960ab9c - digestChroot: sha256:7eb46ff733429e0e46892903c7394aff149ac6d284d92b3946f3baf7ff26a096 - pullPolicy: IfNotPresent + tag: "nginx-1.9.6-hardened1" runAsNonRoot: true # www-data -> uid 101 runAsUser: 101 @@ -40,7 +36,7 @@ # -- Use an existing PSP instead of creating one existingPsp: "" # -- Configures the controller container name - containerName: controller + containerName: rke2-ingress-nginx-controller # -- Configures the ports that the nginx-controller listens on containerPort: http: 80 @@ -70,14 +66,14 @@ # -- Optionally change this to ClusterFirstWithHostNet in case you have 'hostNetwork: true'. # By default, while using host network, name resolution uses the host's DNS. If you wish nginx-controller # to keep resolving names inside the k8s network, use ClusterFirstWithHostNet. - dnsPolicy: ClusterFirst + dnsPolicy: ClusterFirstWithHostNet # -- Bare-metal considerations via the host network https://kubernetes.github.io/ingress-nginx/deploy/baremetal/#via-the-host-network # Ingress status was blank because there is no Service exposing the Ingress-Nginx Controller in a configuration using the host network, the default --publish-service flag used in standard cloud setups does not apply reportNodeInternalIp: false # -- Process Ingress objects without ingressClass annotation/ingressClassName field # Overrides value for --watch-ingress-without-class flag of the controller binary # Defaults to false - watchIngressWithoutClass: false + watchIngressWithoutClass: true # -- Process IngressClass per name (additionally as per spec.controller). ingressClassByName: false # -- This configuration enables Topology Aware Routing feature, used together with service annotation service.kubernetes.io/topology-mode="auto" @@ -96,7 +92,7 @@ ## Disabled by default hostPort: # -- Enable 'hostPort' or not - enabled: false + enabled: true ports: # -- 'hostPort' http port http: 80 @@ -145,7 +141,7 @@ # node or nodes where an ingress controller pod is running. publishService: # -- Enable 'publishService' or not - enabled: true + enabled: false # -- Allows overriding of the publish service to bind to # Must be / pathOverride: "" @@ -192,7 +188,7 @@ # name: secret-resource # -- Use a `DaemonSet` or `Deployment` - kind: Deployment + kind: DaemonSet # -- Annotations to be added to the controller Deployment or DaemonSet ## annotations: {} @@ -444,7 +440,7 @@ configMapKey: "" service: # -- Enable controller services or not. This does not influence the creation of either the admission webhook or the metrics service. - enabled: true + enabled: false external: # -- Enable the external controller service or not. Useful for internal-only deployments. enabled: true @@ -739,6 +735,7 @@ loadBalancerSourceRanges: [] servicePort: 443 type: ClusterIP + ipFamilyPolicy: "PreferDualStack" createSecretJob: name: create # -- Security context for secret creation containers @@ -776,13 +773,11 @@ patch: enabled: true image: - registry: registry.k8s.io - image: ingress-nginx/kube-webhook-certgen + repository: rancher/mirrored-ingress-nginx-kube-webhook-certgen ## for backwards compatibility consider setting the full image url via the repository value below ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail ## repository: - tag: v20231226-1a7112e06 - digest: sha256:25d6a5f11211cc5c3f9f2bf552b585374af287b4debf693cacbe2da47daa5084 + tag: v20230312-helm-chart-4.5.2-28-g66a760794 pullPolicy: IfNotPresent # -- Provide a priority class name to the webhook patching job ## @@ -918,12 +913,11 @@ enabled: false name: defaultbackend image: - registry: registry.k8s.io - image: defaultbackend-amd64 + repository: rancher/nginx-ingress-controller-defaultbackend ## for backwards compatibility consider setting the full image url via the repository value below ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail ## repository: - tag: "1.5" + tag: "1.5-rancher1" pullPolicy: IfNotPresent runAsNonRoot: true # nobody user -> uid 65534 @@ -1092,3 +1086,6 @@ # This can be generated with: `openssl dhparam 4096 2> /dev/null | base64` ## Ref: https://github.com/kubernetes/ingress-nginx/tree/main/docs/examples/customization/ssl-dh-param dhParam: "" + +global: + systemDefaultRegistry: ""