mirror of https://git.rancher.io/rke2-charts
129 lines
5.3 KiB
Diff
129 lines
5.3 KiB
Diff
--- charts-original/values.yaml
|
|
+++ charts/values.yaml
|
|
@@ -21,15 +21,11 @@
|
|
image:
|
|
## Keep false as default for now!
|
|
chroot: false
|
|
- registry: registry.k8s.io
|
|
- image: ingress-nginx/controller
|
|
+ repository: rancher/nginx-ingress-controller
|
|
## for backwards compatibility consider setting the full image url via the repository value below
|
|
## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail
|
|
## repository:
|
|
- tag: "v1.9.6"
|
|
- digest: sha256:1405cc613bd95b2c6edd8b2a152510ae91c7e62aea4698500d23b2145960ab9c
|
|
- digestChroot: sha256:7eb46ff733429e0e46892903c7394aff149ac6d284d92b3946f3baf7ff26a096
|
|
- pullPolicy: IfNotPresent
|
|
+ tag: "nginx-1.9.6-hardened1"
|
|
runAsNonRoot: true
|
|
# www-data -> uid 101
|
|
runAsUser: 101
|
|
@@ -40,7 +36,7 @@
|
|
# -- Use an existing PSP instead of creating one
|
|
existingPsp: ""
|
|
# -- Configures the controller container name
|
|
- containerName: controller
|
|
+ containerName: rke2-ingress-nginx-controller
|
|
# -- Configures the ports that the nginx-controller listens on
|
|
containerPort:
|
|
http: 80
|
|
@@ -70,14 +66,14 @@
|
|
# -- Optionally change this to ClusterFirstWithHostNet in case you have 'hostNetwork: true'.
|
|
# By default, while using host network, name resolution uses the host's DNS. If you wish nginx-controller
|
|
# to keep resolving names inside the k8s network, use ClusterFirstWithHostNet.
|
|
- dnsPolicy: ClusterFirst
|
|
+ dnsPolicy: ClusterFirstWithHostNet
|
|
# -- Bare-metal considerations via the host network https://kubernetes.github.io/ingress-nginx/deploy/baremetal/#via-the-host-network
|
|
# Ingress status was blank because there is no Service exposing the Ingress-Nginx Controller in a configuration using the host network, the default --publish-service flag used in standard cloud setups does not apply
|
|
reportNodeInternalIp: false
|
|
# -- Process Ingress objects without ingressClass annotation/ingressClassName field
|
|
# Overrides value for --watch-ingress-without-class flag of the controller binary
|
|
# Defaults to false
|
|
- watchIngressWithoutClass: false
|
|
+ watchIngressWithoutClass: true
|
|
# -- Process IngressClass per name (additionally as per spec.controller).
|
|
ingressClassByName: false
|
|
# -- This configuration enables Topology Aware Routing feature, used together with service annotation service.kubernetes.io/topology-mode="auto"
|
|
@@ -96,7 +92,7 @@
|
|
## Disabled by default
|
|
hostPort:
|
|
# -- Enable 'hostPort' or not
|
|
- enabled: false
|
|
+ enabled: true
|
|
ports:
|
|
# -- 'hostPort' http port
|
|
http: 80
|
|
@@ -145,7 +141,7 @@
|
|
# node or nodes where an ingress controller pod is running.
|
|
publishService:
|
|
# -- Enable 'publishService' or not
|
|
- enabled: true
|
|
+ enabled: false
|
|
# -- Allows overriding of the publish service to bind to
|
|
# Must be <namespace>/<service_name>
|
|
pathOverride: ""
|
|
@@ -192,7 +188,7 @@
|
|
# name: secret-resource
|
|
|
|
# -- Use a `DaemonSet` or `Deployment`
|
|
- kind: Deployment
|
|
+ kind: DaemonSet
|
|
# -- Annotations to be added to the controller Deployment or DaemonSet
|
|
##
|
|
annotations: {}
|
|
@@ -444,7 +440,7 @@
|
|
configMapKey: ""
|
|
service:
|
|
# -- Enable controller services or not. This does not influence the creation of either the admission webhook or the metrics service.
|
|
- enabled: true
|
|
+ enabled: false
|
|
external:
|
|
# -- Enable the external controller service or not. Useful for internal-only deployments.
|
|
enabled: true
|
|
@@ -739,6 +735,7 @@
|
|
loadBalancerSourceRanges: []
|
|
servicePort: 443
|
|
type: ClusterIP
|
|
+ ipFamilyPolicy: "PreferDualStack"
|
|
createSecretJob:
|
|
name: create
|
|
# -- Security context for secret creation containers
|
|
@@ -776,13 +773,11 @@
|
|
patch:
|
|
enabled: true
|
|
image:
|
|
- registry: registry.k8s.io
|
|
- image: ingress-nginx/kube-webhook-certgen
|
|
+ repository: rancher/mirrored-ingress-nginx-kube-webhook-certgen
|
|
## for backwards compatibility consider setting the full image url via the repository value below
|
|
## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail
|
|
## repository:
|
|
- tag: v20231226-1a7112e06
|
|
- digest: sha256:25d6a5f11211cc5c3f9f2bf552b585374af287b4debf693cacbe2da47daa5084
|
|
+ tag: v20230312-helm-chart-4.5.2-28-g66a760794
|
|
pullPolicy: IfNotPresent
|
|
# -- Provide a priority class name to the webhook patching job
|
|
##
|
|
@@ -918,12 +913,11 @@
|
|
enabled: false
|
|
name: defaultbackend
|
|
image:
|
|
- registry: registry.k8s.io
|
|
- image: defaultbackend-amd64
|
|
+ repository: rancher/nginx-ingress-controller-defaultbackend
|
|
## for backwards compatibility consider setting the full image url via the repository value below
|
|
## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail
|
|
## repository:
|
|
- tag: "1.5"
|
|
+ tag: "1.5-rancher1"
|
|
pullPolicy: IfNotPresent
|
|
runAsNonRoot: true
|
|
# nobody user -> uid 65534
|
|
@@ -1092,3 +1086,6 @@
|
|
# This can be generated with: `openssl dhparam 4096 2> /dev/null | base64`
|
|
## Ref: https://github.com/kubernetes/ingress-nginx/tree/main/docs/examples/customization/ssl-dh-param
|
|
dhParam: ""
|
|
+
|
|
+global:
|
|
+ systemDefaultRegistry: ""
|