mirror of https://git.rancher.io/rke2-charts
132 lines
4.4 KiB
Diff
132 lines
4.4 KiB
Diff
--- charts-original/values.yaml
|
|
+++ charts/values.yaml
|
|
@@ -10,13 +10,11 @@
|
|
controller:
|
|
name: controller
|
|
image:
|
|
- registry: k8s.gcr.io
|
|
- image: ingress-nginx/controller
|
|
+ repository: rancher/nginx-ingress-controller
|
|
# for backwards compatibility consider setting the full image url via the repository value below
|
|
# use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail
|
|
# repository:
|
|
- tag: "v0.47.0"
|
|
- digest: sha256:a1e4efc107be0bb78f32eaec37bef17d7a0c81bec8066cdf2572508d21351d0b
|
|
+ tag: "nginx-0.47.0-hardened1"
|
|
pullPolicy: IfNotPresent
|
|
# www-data -> uid 101
|
|
runAsUser: 101
|
|
@@ -26,7 +24,7 @@
|
|
existingPsp: ""
|
|
|
|
# Configures the controller container name
|
|
- containerName: controller
|
|
+ containerName: rke2-ingress-nginx-controller
|
|
|
|
# Configures the ports the nginx-controller listens on
|
|
containerPort:
|
|
@@ -52,7 +50,7 @@
|
|
# Optionally change this to ClusterFirstWithHostNet in case you have 'hostNetwork: true'.
|
|
# By default, while using host network, name resolution uses the host's DNS. If you wish nginx-controller
|
|
# to keep resolving names inside the k8s network, use ClusterFirstWithHostNet.
|
|
- dnsPolicy: ClusterFirst
|
|
+ dnsPolicy: ClusterFirstWithHostNet
|
|
|
|
# Bare-metal considerations via the host network https://kubernetes.github.io/ingress-nginx/deploy/baremetal/#via-the-host-network
|
|
# Ingress status was blank because there is no Service exposing the NGINX Ingress controller in a configuration using the host network, the default --publish-service flag used in standard cloud setups does not apply
|
|
@@ -61,13 +59,13 @@
|
|
# Required for use with CNI based kubernetes installations (such as ones set up by kubeadm),
|
|
# since CNI and hostport don't mix yet. Can be deprecated once https://github.com/kubernetes/kubernetes/issues/23920
|
|
# is merged
|
|
- hostNetwork: false
|
|
+ hostNetwork: true
|
|
|
|
## Use host ports 80 and 443
|
|
## Disabled by default
|
|
##
|
|
hostPort:
|
|
- enabled: false
|
|
+ enabled: true
|
|
ports:
|
|
http: 80
|
|
https: 443
|
|
@@ -111,7 +109,7 @@
|
|
## by the service. If disable, the status field reports the IP address of the
|
|
## node or nodes where an ingress controller pod is running.
|
|
publishService:
|
|
- enabled: true
|
|
+ enabled: false
|
|
## Allows overriding of the publish service to bind to
|
|
## Must be <namespace>/<service_name>
|
|
##
|
|
@@ -162,7 +160,7 @@
|
|
|
|
## DaemonSet or Deployment
|
|
##
|
|
- kind: Deployment
|
|
+ kind: DaemonSet
|
|
|
|
## Annotations to be added to the controller Deployment or DaemonSet
|
|
##
|
|
@@ -394,7 +392,7 @@
|
|
configMapKey: ""
|
|
|
|
service:
|
|
- enabled: true
|
|
+ enabled: false
|
|
|
|
annotations: {}
|
|
labels: {}
|
|
@@ -529,8 +527,7 @@
|
|
patch:
|
|
enabled: true
|
|
image:
|
|
- registry: docker.io
|
|
- image: jettech/kube-webhook-certgen
|
|
+ repository: rancher/mirrored-jettech-kube-webhook-certgen
|
|
# for backwards compatibility consider setting the full image url via the repository value below
|
|
# use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail
|
|
# repository:
|
|
@@ -540,7 +537,8 @@
|
|
##
|
|
priorityClassName: ""
|
|
podAnnotations: {}
|
|
- nodeSelector: {}
|
|
+ nodeSelector:
|
|
+ kubernetes.io/os: linux
|
|
tolerations: []
|
|
runAsUser: 2000
|
|
|
|
@@ -650,12 +648,11 @@
|
|
|
|
name: defaultbackend
|
|
image:
|
|
- registry: k8s.gcr.io
|
|
- image: defaultbackend-amd64
|
|
+ repository: rancher/nginx-ingress-controller-defaultbackend
|
|
# for backwards compatibility consider setting the full image url via the repository value below
|
|
# use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail
|
|
# repository:
|
|
- tag: "1.5"
|
|
+ tag: "1.5-rancher1"
|
|
pullPolicy: IfNotPresent
|
|
# nobody user -> uid 65534
|
|
runAsUser: 65534
|
|
@@ -717,7 +714,8 @@
|
|
## Node labels for default backend pod assignment
|
|
## Ref: https://kubernetes.io/docs/user-guide/node-selection/
|
|
##
|
|
- nodeSelector: {}
|
|
+ nodeSelector:
|
|
+ kubernetes.io/os: linux
|
|
|
|
## Annotations to be added to default backend pods
|
|
##
|
|
@@ -806,3 +804,6 @@
|
|
# This can be generated with: openssl dhparam 4096 2> /dev/null | base64
|
|
# Ref: https://github.com/krmichel/ingress-nginx/blob/master/docs/examples/customization/ssl-dh-param
|
|
dhParam:
|
|
+
|
|
+global:
|
|
+ systemDefaultRegistry: ""
|