apiVersion: gateway.kubesphere.io/v1alpha1 kind: Nginx metadata: name: {{ .Release.Name }}-ingress spec: fullnameOverride: {{ .Release.Name }} controller: # To rolling upgrade from old nginx ingress controller, we have to overide the name pattern name: "" image: {{- with .Values.controller.image }} {{- toYaml . | nindent 6 }} {{- end }} publishService: enabled: {{ eq .Values.service.type "LoadBalancer" }} # Will add custom configuration options to Nginx https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/ {{- if .Values.controller.config }} config: {{ toYaml .Values.controller.config | nindent 6 }} {{- end }} {{- if hasKey .Values.deployment.annotations "servicemesh.kubesphere.io/enabled" }} podAnnotations: sidecar.istio.io/inject: {{ get .Values.deployment.annotations "servicemesh.kubesphere.io/enabled" }} {{- end }} ## Annotations to be added to the controller config configuration configmap ## configAnnotations: {} # Will add custom headers before sending traffic to backends according to https://github.com/kubernetes/ingress-nginx/tree/master/docs/examples/customization/custom-headers proxySetHeaders: {} # Will add custom headers before sending response traffic to the client according to: https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#add-headers addHeaders: {} # Optionally customize the pod dnsConfig. dnsConfig: {} # Bare-metal considerations via the host network https://kubernetes.github.io/ingress-nginx/deploy/baremetal/#via-the-host-network # Ingress status was blank because there is no Service exposing the NGINX Ingress controller in a configuration using the host network, the default --publish-service flag used in standard cloud setups does not apply reportNodeInternalIp: false ## Election ID to use for status update ## electionID: ingress-controller-leader-{{ .Release.Name }} ## Name of the ingress class to route through this controller ## ingressClass: nginx # This section refers to the creation of the IngressClass resource # IngressClass resources are supported since k8s >= 1.18 ingressClassResource: enabled: false default: false # Parameters is a link to a custom resource containing additional # configuration for the controller. This is optional if the controller # does not require extra parameters. parameters: {} # labels to add to the pod container metadata podLabels: {} # key: value ## Limit the scope of the controller ## {{- if .Values.controller.scope.enabled }} scope: enabled: true namespace: {{ default .Release.Namespace .Values.controller.scope.namespace }} # defaults to .Release.Namespace {{- end }} ## Allows customization of the configmap / nginx-configmap namespace ## configMapNamespace: "" # defaults to .Release.Namespace ## Allows customization of the tcp-services-configmap ## tcp: configMapNamespace: "" # defaults to .Release.Namespace ## Annotations to be added to the tcp config configmap annotations: {} ## Allows customization of the udp-services-configmap ## udp: configMapNamespace: "" # defaults to .Release.Namespace ## Annotations to be added to the udp config configmap annotations: {} ## Additional command line arguments to pass to nginx-ingress-controller ## E.g. to specify the default SSL certificate you can use ## extraArgs: ## default-ssl-certificate: "/" extraArgs: {} ## Additional environment variables to set extraEnvs: [] kind: Deployment ## Annotations to be added to the controller Deployment or DaemonSet ## {{- if .Values.deployment.annotations }} annotations: {{ toYaml .Values.deployment.annotations | nindent 6 }} {{- end }} ## Labels to be added to the controller Deployment or DaemonSet ## labels: {} # keel.sh/policy: patch # keel.sh/trigger: poll ## Node tolerations for server scheduling to nodes with taints ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ ## tolerations: [] # - key: "key" # operator: "Equal|Exists" # value: "value" # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)" ## Affinity and anti-affinity ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity ## affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - weight: 100 podAffinityTerm: labelSelector: matchExpressions: - key: app.kubernetes.io/name operator: In values: - ingress-nginx - key: app.kubernetes.io/instance operator: In values: - {{ .Release.Name }}-ingress - key: app.kubernetes.io/component operator: In values: - controller topologyKey: kubernetes.io/hostname # # An example of required pod anti-affinity # podAntiAffinity: # requiredDuringSchedulingIgnoredDuringExecution: # - labelSelector: # matchExpressions: # - key: app.kubernetes.io/name # operator: In # values: # - ingress-nginx # - key: app.kubernetes.io/instance # operator: In # values: # - ingress-nginx # - key: app.kubernetes.io/component # operator: In # values: # - controller # topologyKey: "kubernetes.io/hostname" ## Topology spread constraints rely on node labels to identify the topology domain(s) that each Node is in. ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ ## topologySpreadConstraints: [] # - maxSkew: 1 # topologyKey: failure-domain.beta.kubernetes.io/zone # whenUnsatisfiable: DoNotSchedule # labelSelector: # matchLabels: # app.kubernetes.io/instance: ingress-nginx-internal replicaCount: {{.Values.deployment.replicas}} minAvailable: 1 # Define requests resources to avoid probe issues due to CPU utilization in busy nodes # ref: https://github.com/kubernetes/ingress-nginx/issues/4735#issuecomment-551204903 # Ideally, there should be no limits. # https://engineering.indeedblog.com/blog/2019/12/cpu-throttling-regression-fix/ resources: # limits: # cpu: 100m # memory: 90Mi requests: cpu: 100m memory: 90Mi # Mutually exclusive with keda autoscaling autoscaling: enabled: false minReplicas: 1 maxReplicas: 11 targetCPUUtilizationPercentage: 50 targetMemoryUtilizationPercentage: 50 ## Override NGINX template customTemplate: configMapName: "" configMapKey: "" service: enabled: true {{- if .Values.service.annotations }} annotations: {{ toYaml .Values.service.annotations | nindent 8 }} {{- end }} labels: {} # clusterIP: "" ## List of IP addresses at which the controller services are available ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips ## externalIPs: [] # loadBalancerIP: "" loadBalancerSourceRanges: [] ## Set external traffic policy to: "Local" to preserve source IP on ## providers supporting it ## Ref: https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-typeloadbalancer # externalTrafficPolicy: "" # Must be either "None" or "ClientIP" if set. Kubernetes will default to "None". # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies # sessionAffinity: "" type: {{ .Values.service.type }} # type: NodePort # nodePorts: # http: 32080 # https: 32443 # tcp: # 8080: 32808 nodePorts: http: "" https: "" tcp: {} udp: {} admissionWebhooks: enabled: false metrics: port: 10254 enabled: true serviceMonitor: enabled: true prometheusRule: enabled: false ## Optional array of imagePullSecrets containing private registry credentials ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ imagePullSecrets: [] # - name: secretName