--- charts-original/values.yaml +++ charts/values.yaml @@ -19,22 +19,18 @@ image: ## Keep false as default for now! chroot: false - registry: registry.k8s.io - image: ingress-nginx/controller + repository: rancher/nginx-ingress-controller ## for backwards compatibility consider setting the full image url via the repository value below ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail ## repository: - tag: "v1.9.3" - digest: sha256:8fd21d59428507671ce0fb47f818b1d859c92d2ad07bb7c947268d433030ba98 - digestChroot: sha256:df4931fd6859fbf1a71e785f02a44b2f9a16f010ae852c442e9bb779cbefdc86 - pullPolicy: IfNotPresent + tag: "nginx-1.9.3-hardened1" # www-data -> uid 101 runAsUser: 101 allowPrivilegeEscalation: true # -- Use an existing PSP instead of creating one existingPsp: "" # -- Configures the controller container name - containerName: controller + containerName: rke2-ingress-nginx-controller # -- Configures the ports that the nginx-controller listens on containerPort: http: 80 @@ -64,14 +60,14 @@ # -- Optionally change this to ClusterFirstWithHostNet in case you have 'hostNetwork: true'. # By default, while using host network, name resolution uses the host's DNS. If you wish nginx-controller # to keep resolving names inside the k8s network, use ClusterFirstWithHostNet. - dnsPolicy: ClusterFirst + dnsPolicy: ClusterFirstWithHostNet # -- Bare-metal considerations via the host network https://kubernetes.github.io/ingress-nginx/deploy/baremetal/#via-the-host-network # Ingress status was blank because there is no Service exposing the Ingress-Nginx Controller in a configuration using the host network, the default --publish-service flag used in standard cloud setups does not apply reportNodeInternalIp: false # -- Process Ingress objects without ingressClass annotation/ingressClassName field # Overrides value for --watch-ingress-without-class flag of the controller binary # Defaults to false - watchIngressWithoutClass: false + watchIngressWithoutClass: true # -- Process IngressClass per name (additionally as per spec.controller). ingressClassByName: false # -- This configuration enables Topology Aware Routing feature, used together with service annotation service.kubernetes.io/topology-mode="auto" @@ -90,7 +86,7 @@ ## Disabled by default hostPort: # -- Enable 'hostPort' or not - enabled: false + enabled: true ports: # -- 'hostPort' http port http: 80 @@ -137,7 +133,7 @@ # node or nodes where an ingress controller pod is running. publishService: # -- Enable 'publishService' or not - enabled: true + enabled: false # -- Allows overriding of the publish service to bind to # Must be / pathOverride: "" @@ -181,7 +177,7 @@ # name: secret-resource # -- Use a `DaemonSet` or `Deployment` - kind: Deployment + kind: DaemonSet # -- Annotations to be added to the controller Deployment or DaemonSet ## annotations: {} @@ -432,7 +428,7 @@ configMapName: "" configMapKey: "" service: - enabled: true + enabled: false # -- If enabled is adding an appProtocol option for Kubernetes service. An appProtocol field replacing annotations that were # using for setting a backend protocol. Here is an example for AWS: service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http # It allows choosing the protocol for each backend specified in the Kubernetes service. @@ -618,6 +614,7 @@ loadBalancerSourceRanges: [] servicePort: 443 type: ClusterIP + ipFamilyPolicy: "PreferDualStack" createSecretJob: securityContext: allowPrivilegeEscalation: false @@ -635,13 +632,11 @@ patch: enabled: true image: - registry: registry.k8s.io - image: ingress-nginx/kube-webhook-certgen + repository: rancher/mirrored-ingress-nginx-kube-webhook-certgen ## for backwards compatibility consider setting the full image url via the repository value below ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail ## repository: - tag: v20231011-8b53cabe0 - digest: sha256:a7943503b45d552785aa3b5e457f169a5661fb94d82b8a3373bcd9ebaf9aac80 + tag: v20230312-helm-chart-4.5.2-28-g66a760794 pullPolicy: IfNotPresent # -- Provide a priority class name to the webhook patching job ## @@ -769,12 +764,11 @@ enabled: false name: defaultbackend image: - registry: registry.k8s.io - image: defaultbackend-amd64 + repository: rancher/nginx-ingress-controller-defaultbackend ## for backwards compatibility consider setting the full image url via the repository value below ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail ## repository: - tag: "1.5" + tag: "1.5-rancher1" pullPolicy: IfNotPresent # nobody user -> uid 65534 runAsUser: 65534 @@ -932,3 +926,6 @@ # This can be generated with: `openssl dhparam 4096 2> /dev/null | base64` ## Ref: https://github.com/kubernetes/ingress-nginx/tree/main/docs/examples/customization/ssl-dh-param dhParam: "" + +global: + systemDefaultRegistry: ""