--- charts-original/values.yaml +++ charts/values.yaml @@ -10,13 +10,11 @@ controller: name: controller image: - registry: k8s.gcr.io - image: ingress-nginx/controller + repository: rancher/nginx-ingress-controller # for backwards compatibility consider setting the full image url via the repository value below # use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail # repository: - tag: "v1.0.2" - digest: sha256:85b53b493d6d658d8c013449223b0ffd739c76d76dc9bf9000786669ec04e049 + tag: "nginx-1.0.2-hardened1" pullPolicy: IfNotPresent # www-data -> uid 101 runAsUser: 101 @@ -26,7 +24,7 @@ existingPsp: "" # Configures the controller container name - containerName: controller + containerName: rke2-ingress-nginx-controller # Configures the ports the nginx-controller listens on containerPort: @@ -55,7 +53,7 @@ # Optionally change this to ClusterFirstWithHostNet in case you have 'hostNetwork: true'. # By default, while using host network, name resolution uses the host's DNS. If you wish nginx-controller # to keep resolving names inside the k8s network, use ClusterFirstWithHostNet. - dnsPolicy: ClusterFirst + dnsPolicy: ClusterFirstWithHostNet # Bare-metal considerations via the host network https://kubernetes.github.io/ingress-nginx/deploy/baremetal/#via-the-host-network # Ingress status was blank because there is no Service exposing the NGINX Ingress controller in a configuration using the host network, the default --publish-service flag used in standard cloud setups does not apply @@ -78,13 +76,13 @@ # Required for use with CNI based kubernetes installations (such as ones set up by kubeadm), # since CNI and hostport don't mix yet. Can be deprecated once https://github.com/kubernetes/kubernetes/issues/23920 # is merged - hostNetwork: false + hostNetwork: true ## Use host ports 80 and 443 ## Disabled by default ## hostPort: - enabled: false + enabled: true ports: http: 80 https: 443 @@ -126,7 +124,7 @@ ## by the service. If disable, the status field reports the IP address of the ## node or nodes where an ingress controller pod is running. publishService: - enabled: true + enabled: false ## Allows overriding of the publish service to bind to ## Must be / ## @@ -177,7 +175,7 @@ ## DaemonSet or Deployment ## - kind: Deployment + kind: DaemonSet ## Annotations to be added to the controller Deployment or DaemonSet ## @@ -427,7 +425,7 @@ configMapKey: "" service: - enabled: true + enabled: false annotations: {} labels: {} @@ -574,13 +572,12 @@ patch: enabled: true image: - registry: k8s.gcr.io - image: ingress-nginx/kube-webhook-certgen + repository: rancher/mirrored-ingress-nginx-kube-webhook-certgen # for backwards compatibility consider setting the full image url via the repository value below # use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail # repository: tag: v1.0 - digest: sha256:f3b6b39a6062328c095337b4cadcefd1612348fdd5190b1dcbcb9b9e90bd8068 + digest: sha256:6b91d0434942504defa54cd50b15cddda0df58b4cc99cf5ec365762f295306ea pullPolicy: IfNotPresent ## Provide a priority class name to the webhook patching job ## @@ -697,12 +694,11 @@ name: defaultbackend image: - registry: k8s.gcr.io - image: defaultbackend-amd64 + repository: rancher/nginx-ingress-controller-defaultbackend # for backwards compatibility consider setting the full image url via the repository value below # use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail # repository: - tag: "1.5" + tag: "1.5-rancher1" pullPolicy: IfNotPresent # nobody user -> uid 65534 runAsUser: 65534 @@ -854,3 +850,6 @@ # This can be generated with: openssl dhparam 4096 2> /dev/null | base64 # Ref: https://github.com/kubernetes/ingress-nginx/tree/main/docs/examples/customization/ssl-dh-param dhParam: + +global: + systemDefaultRegistry: ""