--- charts-original/values.yaml +++ charts/values.yaml @@ -10,13 +10,11 @@ controller: name: controller image: - registry: k8s.gcr.io - image: ingress-nginx/controller + repository: rancher/nginx-ingress-controller # for backwards compatibility consider setting the full image url via the repository value below # use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail # repository: - tag: "v0.47.0" - digest: sha256:a1e4efc107be0bb78f32eaec37bef17d7a0c81bec8066cdf2572508d21351d0b + tag: "nginx-0.47.0-hardened1" pullPolicy: IfNotPresent # www-data -> uid 101 runAsUser: 101 @@ -26,7 +24,7 @@ existingPsp: "" # Configures the controller container name - containerName: controller + containerName: rke2-ingress-nginx-controller # Configures the ports the nginx-controller listens on containerPort: @@ -52,7 +50,7 @@ # Optionally change this to ClusterFirstWithHostNet in case you have 'hostNetwork: true'. # By default, while using host network, name resolution uses the host's DNS. If you wish nginx-controller # to keep resolving names inside the k8s network, use ClusterFirstWithHostNet. - dnsPolicy: ClusterFirst + dnsPolicy: ClusterFirstWithHostNet # Bare-metal considerations via the host network https://kubernetes.github.io/ingress-nginx/deploy/baremetal/#via-the-host-network # Ingress status was blank because there is no Service exposing the NGINX Ingress controller in a configuration using the host network, the default --publish-service flag used in standard cloud setups does not apply @@ -61,13 +59,13 @@ # Required for use with CNI based kubernetes installations (such as ones set up by kubeadm), # since CNI and hostport don't mix yet. Can be deprecated once https://github.com/kubernetes/kubernetes/issues/23920 # is merged - hostNetwork: false + hostNetwork: true ## Use host ports 80 and 443 ## Disabled by default ## hostPort: - enabled: false + enabled: true ports: http: 80 https: 443 @@ -111,7 +109,7 @@ ## by the service. If disable, the status field reports the IP address of the ## node or nodes where an ingress controller pod is running. publishService: - enabled: true + enabled: false ## Allows overriding of the publish service to bind to ## Must be / ## @@ -162,7 +160,7 @@ ## DaemonSet or Deployment ## - kind: Deployment + kind: DaemonSet ## Annotations to be added to the controller Deployment or DaemonSet ## @@ -394,7 +392,7 @@ configMapKey: "" service: - enabled: true + enabled: false annotations: {} labels: {} @@ -529,8 +527,7 @@ patch: enabled: true image: - registry: docker.io - image: jettech/kube-webhook-certgen + repository: rancher/mirrored-jettech-kube-webhook-certgen # for backwards compatibility consider setting the full image url via the repository value below # use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail # repository: @@ -540,7 +537,8 @@ ## priorityClassName: "" podAnnotations: {} - nodeSelector: {} + nodeSelector: + kubernetes.io/os: linux tolerations: [] runAsUser: 2000 @@ -650,12 +648,11 @@ name: defaultbackend image: - registry: k8s.gcr.io - image: defaultbackend-amd64 + repository: rancher/nginx-ingress-controller-defaultbackend # for backwards compatibility consider setting the full image url via the repository value below # use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail # repository: - tag: "1.5" + tag: "1.5-rancher1" pullPolicy: IfNotPresent # nobody user -> uid 65534 runAsUser: 65534 @@ -717,7 +714,8 @@ ## Node labels for default backend pod assignment ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ ## - nodeSelector: {} + nodeSelector: + kubernetes.io/os: linux ## Annotations to be added to default backend pods ## @@ -806,3 +804,6 @@ # This can be generated with: openssl dhparam 4096 2> /dev/null | base64 # Ref: https://github.com/krmichel/ingress-nginx/blob/master/docs/examples/customization/ssl-dh-param dhParam: + +global: + systemDefaultRegistry: ""