Bitnami/charts
2
0
Fork 0
mirror of https://github.com/bitnami/charts.git synced 2026-02-27 06:48:01 +08:00
Code Issues Packages Projects Releases Wiki Activity

[bitnami/nginx-ingress-controller] feat: 🔒 Add resource preset support (#23498)

Browse Source 
Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>
This commit is contained in:
Javier J. Salmerón-García
2024-02-16 10:33:54 +01:00
committed by GitHub
parent 7ef876ceb4
commit e9211cb1fd
8 changed files with 200 additions and 193 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
bitnami/nginx-ingress-controller/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies:
- name: common
repository: oci://registry-1.docker.io/bitnamicharts
version: 2.14.1
digest: sha256:5ccbe5f1fe4459864a8c9d7329c400b678666b6cfb1450818a830bda81995bc3
generated: "2023-12-22T11:41:26.944124565Z"
version: 2.15.3
digest: sha256:d80293db4b59902571fcfcbeabb6b81aebb1c05e8a6d25510053e7c329d73002
generated: "2024-02-14T15:40:38.320549804+01:00"

2
bitnami/nginx-ingress-controller/Chart.yaml
View File

@@ -34,4 +34,4 @@ maintainers:
name: nginx-ingress-controller
sources:
- https://github.com/bitnami/charts/tree/main/bitnami/nginx-ingress-controller
version: 10.3.5
version: 10.4.0

316
bitnami/nginx-ingress-controller/README.md
View File

@@ -121,164 +121,164 @@ The command removes all the Kubernetes components associated with the chart and
### Nginx Ingress deployment / daemonset parameters
| Name | Description | Value |
| --------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- |
| `kind` | Install as Deployment or DaemonSet | `Deployment` |
| `daemonset.useHostPort` | If `kind` is `DaemonSet`, this will enable `hostPort` for `TCP/80` and `TCP/443` | `false` |
| `daemonset.hostPorts` | HTTP and HTTPS ports | `{}` |
| `replicaCount` | Desired number of Controller pods | `1` |
| `updateStrategy` | Strategy to use to update Pods | `{}` |
| `revisionHistoryLimit` | The number of old history to retain to allow rollback | `10` |
| `podSecurityContext.enabled` | Enable Controller pods' Security Context | `true` |
| `podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
| `podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` |
| `podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
| `podSecurityContext.fsGroup` | Group ID for the container filesystem | `1001` |
| `containerSecurityContext.enabled` | Enable Controller containers' Security Context | `true` |
| `containerSecurityContext.allowPrivilegeEscalation` | Switch to allow priviledge escalation on the Controller container | `false` |
| `containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` |
| `containerSecurityContext.runAsUser` | User ID for the Controller container | `1001` |
| `containerSecurityContext.capabilities.drop` | Linux Kernel capabilities that should be dropped | `[]` |
| `containerSecurityContext.capabilities.add` | Linux Kernel capabilities that should be added | `[]` |
| `containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
| `containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `minReadySeconds` | How many seconds a pod needs to be ready before killing the next, during update | `0` |
| `resources.limits` | The resources limits for the Controller container | `{}` |
| `resources.requests` | The requested resources for the Controller container | `{}` |
| `livenessProbe.enabled` | Enable livenessProbe | `true` |
| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `10` |
| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` |
| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` |
| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
| `readinessProbe.enabled` | Enable readinessProbe | `true` |
| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `10` |
| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` |
| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` |
| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
| `startupProbe.enabled` | Enable startupProbe | `false` |
| `startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `10` |
| `startupProbe.periodSeconds` | Period seconds for startupProbe | `10` |
| `startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` |
| `startupProbe.failureThreshold` | Failure threshold for startupProbe | `3` |
| `startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
| `customLivenessProbe` | Override default liveness probe | `{}` |
| `customReadinessProbe` | Override default readiness probe | `{}` |
| `customStartupProbe` | Custom liveness probe for the Web component | `{}` |
| `lifecycle` | LifecycleHooks to set additional configuration at startup | `{}` |
| `podLabels` | Extra labels for Controller pods | `{}` |
| `podAnnotations` | Annotations for Controller pods | `{}` |
| `priorityClassName` | Controller priorityClassName | `""` |
| `schedulerName` | Name of the k8s scheduler (other than default) | `""` |
| `hostNetwork` | If the Nginx deployment / daemonset should run on the host's network namespace | `false` |
| `dnsPolicy` | By default, while using host network, name resolution uses the host's DNS | `ClusterFirst` |
| `dnsConfig` | is an object with optional parameters to pass to the DNS resolver | `{}` |
| `terminationGracePeriodSeconds` | How many seconds to wait before terminating a pod | `60` |
| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` |
| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set. | `""` |
| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` |
| `affinity` | Affinity for pod assignment. Evaluated as a template. | `{}` |
| `nodeSelector` | Node labels for pod assignment. Evaluated as a template. | `{}` |
| `tolerations` | Tolerations for pod assignment. Evaluated as a template. | `[]` |
| `extraVolumes` | Optionally specify extra list of additional volumes for Controller pods | `[]` |
| `extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for Controller container(s) | `[]` |
| `initContainers` | Add init containers to the controller pods | `[]` |
| `sidecars` | Add sidecars to the controller pods. | `[]` |
| `customTemplate` | Override NGINX template | `{}` |
| `topologySpreadConstraints` | Topology spread constraints rely on node labels to identify the topology domain(s) that each Node is in | `[]` |
| `podSecurityPolicy.enabled` | Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later | `false` |
| Name | Description | Value |
| --------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- |
| `kind` | Install as Deployment or DaemonSet | `Deployment` |
| `daemonset.useHostPort` | If `kind` is `DaemonSet`, this will enable `hostPort` for `TCP/80` and `TCP/443` | `false` |
| `daemonset.hostPorts` | HTTP and HTTPS ports | `{}` |
| `replicaCount` | Desired number of Controller pods | `1` |
| `updateStrategy` | Strategy to use to update Pods | `{}` |
| `revisionHistoryLimit` | The number of old history to retain to allow rollback | `10` |
| `podSecurityContext.enabled` | Enable Controller pods' Security Context | `true` |
| `podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
| `podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` |
| `podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
| `podSecurityContext.fsGroup` | Group ID for the container filesystem | `1001` |
| `containerSecurityContext.enabled` | Enable Controller containers' Security Context | `true` |
| `containerSecurityContext.allowPrivilegeEscalation` | Switch to allow priviledge escalation on the Controller container | `false` |
| `containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` |
| `containerSecurityContext.runAsUser` | User ID for the Controller container | `1001` |
| `containerSecurityContext.capabilities.drop` | Linux Kernel capabilities that should be dropped | `[]` |
| `containerSecurityContext.capabilities.add` | Linux Kernel capabilities that should be added | `[]` |
| `containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
| `containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `minReadySeconds` | How many seconds a pod needs to be ready before killing the next, during update | `0` |
| `resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). | `none` |
| `resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
| `livenessProbe.enabled` | Enable livenessProbe | `true` |
| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `10` |
| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` |
| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` |
| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
| `readinessProbe.enabled` | Enable readinessProbe | `true` |
| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `10` |
| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` |
| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` |
| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
| `startupProbe.enabled` | Enable startupProbe | `false` |
| `startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `10` |
| `startupProbe.periodSeconds` | Period seconds for startupProbe | `10` |
| `startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` |
| `startupProbe.failureThreshold` | Failure threshold for startupProbe | `3` |
| `startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
| `customLivenessProbe` | Override default liveness probe | `{}` |
| `customReadinessProbe` | Override default readiness probe | `{}` |
| `customStartupProbe` | Custom liveness probe for the Web component | `{}` |
| `lifecycle` | LifecycleHooks to set additional configuration at startup | `{}` |
| `podLabels` | Extra labels for Controller pods | `{}` |
| `podAnnotations` | Annotations for Controller pods | `{}` |
| `priorityClassName` | Controller priorityClassName | `""` |
| `schedulerName` | Name of the k8s scheduler (other than default) | `""` |
| `hostNetwork` | If the Nginx deployment / daemonset should run on the host's network namespace | `false` |
| `dnsPolicy` | By default, while using host network, name resolution uses the host's DNS | `ClusterFirst` |
| `dnsConfig` | is an object with optional parameters to pass to the DNS resolver | `{}` |
| `terminationGracePeriodSeconds` | How many seconds to wait before terminating a pod | `60` |
| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` |
| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set. | `""` |
| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` |
| `affinity` | Affinity for pod assignment. Evaluated as a template. | `{}` |
| `nodeSelector` | Node labels for pod assignment. Evaluated as a template. | `{}` |
| `tolerations` | Tolerations for pod assignment. Evaluated as a template. | `[]` |
| `extraVolumes` | Optionally specify extra list of additional volumes for Controller pods | `[]` |
| `extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for Controller container(s) | `[]` |
| `initContainers` | Add init containers to the controller pods | `[]` |
| `sidecars` | Add sidecars to the controller pods. | `[]` |
| `customTemplate` | Override NGINX template | `{}` |
| `topologySpreadConstraints` | Topology spread constraints rely on node labels to identify the topology domain(s) that each Node is in | `[]` |
| `podSecurityPolicy.enabled` | Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later | `false` |
### Default backend parameters
| Name | Description | Value |
| ------------------------------------------------------------------ | --------------------------------------------------------------------------------------------------------------- | ----------------------- |
| `defaultBackend.enabled` | Enable a default backend based on NGINX | `true` |
| `defaultBackend.automountServiceAccountToken` | Mount Service Account token in pod | `true` |
| `defaultBackend.hostAliases` | Add deployment host aliases | `[]` |
| `defaultBackend.image.registry` | Default backend image registry | `REGISTRY_NAME` |
| `defaultBackend.image.repository` | Default backend image repository | `REPOSITORY_NAME/nginx` |
| `defaultBackend.image.digest` | Default backend image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `defaultBackend.image.pullPolicy` | Image pull policy | `IfNotPresent` |
| `defaultBackend.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
| `defaultBackend.extraArgs` | Additional command line arguments to pass to Nginx container | `{}` |
| `defaultBackend.containerPort` | HTTP container port number | `8080` |
| `defaultBackend.serverBlockConfig` | NGINX backend default server block configuration | `""` |
| `defaultBackend.replicaCount` | Desired number of default backend pods | `1` |
| `defaultBackend.podSecurityContext.enabled` | Enable Default backend pods' Security Context | `true` |
| `defaultBackend.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
| `defaultBackend.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` |
| `defaultBackend.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
| `defaultBackend.podSecurityContext.fsGroup` | Group ID for the container filesystem | `1001` |
| `defaultBackend.containerSecurityContext.enabled` | Enable Default backend containers' Security Context | `true` |
| `defaultBackend.containerSecurityContext.capabilities.drop` | Linux Kernel capabilities that should be dropped | `[]` |
| `defaultBackend.containerSecurityContext.allowPrivilegeEscalation` | Switch to allow priviledge escalation on the container | `false` |
| `defaultBackend.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` |
| `defaultBackend.containerSecurityContext.runAsUser` | User ID for the Default backend container | `1001` |
| `defaultBackend.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
| `defaultBackend.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `defaultBackend.resources.limits` | The resources limits for the Default backend container | `{}` |
| `defaultBackend.resources.requests` | The requested resources for the Default backend container | `{}` |
| `defaultBackend.livenessProbe.enabled` | Enable livenessProbe | `true` |
| `defaultBackend.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `30` |
| `defaultBackend.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
| `defaultBackend.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
| `defaultBackend.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` |
| `defaultBackend.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
| `defaultBackend.readinessProbe.enabled` | Enable readinessProbe | `true` |
| `defaultBackend.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `0` |
| `defaultBackend.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `5` |
| `defaultBackend.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` |
| `defaultBackend.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` |
| `defaultBackend.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
| `defaultBackend.startupProbe.enabled` | Enable startupProbe | `false` |
| `defaultBackend.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `0` |
| `defaultBackend.startupProbe.periodSeconds` | Period seconds for startupProbe | `5` |
| `defaultBackend.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` |
| `defaultBackend.startupProbe.failureThreshold` | Failure threshold for startupProbe | `6` |
| `defaultBackend.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
| `defaultBackend.customStartupProbe` | Custom liveness probe for the Web component | `{}` |
| `defaultBackend.customLivenessProbe` | Custom liveness probe for the Web component | `{}` |
| `defaultBackend.customReadinessProbe` | Custom readiness probe for the Web component | `{}` |
| `defaultBackend.podLabels` | Extra labels for Controller pods | `{}` |
| `defaultBackend.podAnnotations` | Annotations for Controller pods | `{}` |
| `defaultBackend.priorityClassName` | priorityClassName | `""` |
| `defaultBackend.schedulerName` | Name of the k8s scheduler (other than default) | `""` |
| `defaultBackend.terminationGracePeriodSeconds` | In seconds, time the given to the pod to terminate gracefully | `60` |
| `defaultBackend.topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` |
| `defaultBackend.podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `defaultBackend.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` |
| `defaultBackend.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `defaultBackend.nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set. | `""` |
| `defaultBackend.nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` |
| `defaultBackend.command` | Override default container command (useful when using custom images) | `[]` |
| `defaultBackend.args` | Override default container args (useful when using custom images) | `[]` |
| `defaultBackend.lifecycleHooks` | for the %%MAIN_CONTAINER_NAME%% container(s) to automate configuration before or after startup | `{}` |
| `defaultBackend.extraEnvVars` | Array with extra environment variables to add to %%MAIN_CONTAINER_NAME%% nodes | `[]` |
| `defaultBackend.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for %%MAIN_CONTAINER_NAME%% nodes | `""` |
| `defaultBackend.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for %%MAIN_CONTAINER_NAME%% nodes | `""` |
| `defaultBackend.extraVolumes` | Optionally specify extra list of additional volumes for the %%MAIN_CONTAINER_NAME%% pod(s) | `[]` |
| `defaultBackend.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the %%MAIN_CONTAINER_NAME%% container(s) | `[]` |
| `defaultBackend.sidecars` | Add additional sidecar containers to the %%MAIN_CONTAINER_NAME%% pod(s) | `[]` |
| `defaultBackend.initContainers` | Add additional init containers to the %%MAIN_CONTAINER_NAME%% pod(s) | `[]` |
| `defaultBackend.affinity` | Affinity for pod assignment | `{}` |
| `defaultBackend.nodeSelector` | Node labels for pod assignment | `{}` |
| `defaultBackend.tolerations` | Tolerations for pod assignment | `[]` |
| `defaultBackend.service.type` | Kubernetes Service type for default backend | `ClusterIP` |
| `defaultBackend.service.ports.http` | Default backend service HTTP port | `80` |
| `defaultBackend.service.annotations` | Annotations for the default backend service | `{}` |
| `defaultBackend.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` |
| `defaultBackend.networkPolicy.allowExternal` | Don't require server label for connections | `true` |
| `defaultBackend.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` |
| `defaultBackend.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` |
| `defaultBackend.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` |
| `defaultBackend.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` |
| `defaultBackend.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` |
| `defaultBackend.pdb.create` | Enable/disable a Pod Disruption Budget creation for Default backend | `false` |
| `defaultBackend.pdb.minAvailable` | Minimum number/percentage of Default backend pods that should remain scheduled | `1` |
| `defaultBackend.pdb.maxUnavailable` | Maximum number/percentage of Default backend pods that may be made unavailable | `""` |
| Name | Description | Value |
| ------------------------------------------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------- |
| `defaultBackend.enabled` | Enable a default backend based on NGINX | `true` |
| `defaultBackend.automountServiceAccountToken` | Mount Service Account token in pod | `true` |
| `defaultBackend.hostAliases` | Add deployment host aliases | `[]` |
| `defaultBackend.image.registry` | Default backend image registry | `REGISTRY_NAME` |
| `defaultBackend.image.repository` | Default backend image repository | `REPOSITORY_NAME/nginx` |
| `defaultBackend.image.digest` | Default backend image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `defaultBackend.image.pullPolicy` | Image pull policy | `IfNotPresent` |
| `defaultBackend.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
| `defaultBackend.extraArgs` | Additional command line arguments to pass to Nginx container | `{}` |
| `defaultBackend.containerPort` | HTTP container port number | `8080` |
| `defaultBackend.serverBlockConfig` | NGINX backend default server block configuration | `""` |
| `defaultBackend.replicaCount` | Desired number of default backend pods | `1` |
| `defaultBackend.podSecurityContext.enabled` | Enable Default backend pods' Security Context | `true` |
| `defaultBackend.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
| `defaultBackend.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` |
| `defaultBackend.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
| `defaultBackend.podSecurityContext.fsGroup` | Group ID for the container filesystem | `1001` |
| `defaultBackend.containerSecurityContext.enabled` | Enable Default backend containers' Security Context | `true` |
| `defaultBackend.containerSecurityContext.capabilities.drop` | Linux Kernel capabilities that should be dropped | `[]` |
| `defaultBackend.containerSecurityContext.allowPrivilegeEscalation` | Switch to allow priviledge escalation on the container | `false` |
| `defaultBackend.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` |
| `defaultBackend.containerSecurityContext.runAsUser` | User ID for the Default backend container | `1001` |
| `defaultBackend.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
| `defaultBackend.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `defaultBackend.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if defaultBackend.resources is set (defaultBackend.resources is recommended for production). | `none` |
| `defaultBackend.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
| `defaultBackend.livenessProbe.enabled` | Enable livenessProbe | `true` |
| `defaultBackend.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `30` |
| `defaultBackend.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
| `defaultBackend.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
| `defaultBackend.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` |
| `defaultBackend.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
| `defaultBackend.readinessProbe.enabled` | Enable readinessProbe | `true` |
| `defaultBackend.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `0` |
| `defaultBackend.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `5` |
| `defaultBackend.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` |
| `defaultBackend.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` |
| `defaultBackend.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
| `defaultBackend.startupProbe.enabled` | Enable startupProbe | `false` |
| `defaultBackend.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `0` |
| `defaultBackend.startupProbe.periodSeconds` | Period seconds for startupProbe | `5` |
| `defaultBackend.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` |
| `defaultBackend.startupProbe.failureThreshold` | Failure threshold for startupProbe | `6` |
| `defaultBackend.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
| `defaultBackend.customStartupProbe` | Custom liveness probe for the Web component | `{}` |
| `defaultBackend.customLivenessProbe` | Custom liveness probe for the Web component | `{}` |
| `defaultBackend.customReadinessProbe` | Custom readiness probe for the Web component | `{}` |
| `defaultBackend.podLabels` | Extra labels for Controller pods | `{}` |
| `defaultBackend.podAnnotations` | Annotations for Controller pods | `{}` |
| `defaultBackend.priorityClassName` | priorityClassName | `""` |
| `defaultBackend.schedulerName` | Name of the k8s scheduler (other than default) | `""` |
| `defaultBackend.terminationGracePeriodSeconds` | In seconds, time the given to the pod to terminate gracefully | `60` |
| `defaultBackend.topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` |
| `defaultBackend.podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `defaultBackend.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` |
| `defaultBackend.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `defaultBackend.nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set. | `""` |
| `defaultBackend.nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` |
| `defaultBackend.command` | Override default container command (useful when using custom images) | `[]` |
| `defaultBackend.args` | Override default container args (useful when using custom images) | `[]` |
| `defaultBackend.lifecycleHooks` | for the %%MAIN_CONTAINER_NAME%% container(s) to automate configuration before or after startup | `{}` |
| `defaultBackend.extraEnvVars` | Array with extra environment variables to add to %%MAIN_CONTAINER_NAME%% nodes | `[]` |
| `defaultBackend.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for %%MAIN_CONTAINER_NAME%% nodes | `""` |
| `defaultBackend.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for %%MAIN_CONTAINER_NAME%% nodes | `""` |
| `defaultBackend.extraVolumes` | Optionally specify extra list of additional volumes for the %%MAIN_CONTAINER_NAME%% pod(s) | `[]` |
| `defaultBackend.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the %%MAIN_CONTAINER_NAME%% container(s) | `[]` |
| `defaultBackend.sidecars` | Add additional sidecar containers to the %%MAIN_CONTAINER_NAME%% pod(s) | `[]` |
| `defaultBackend.initContainers` | Add additional init containers to the %%MAIN_CONTAINER_NAME%% pod(s) | `[]` |
| `defaultBackend.affinity` | Affinity for pod assignment | `{}` |
| `defaultBackend.nodeSelector` | Node labels for pod assignment | `{}` |
| `defaultBackend.tolerations` | Tolerations for pod assignment | `[]` |
| `defaultBackend.service.type` | Kubernetes Service type for default backend | `ClusterIP` |
| `defaultBackend.service.ports.http` | Default backend service HTTP port | `80` |
| `defaultBackend.service.annotations` | Annotations for the default backend service | `{}` |
| `defaultBackend.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` |
| `defaultBackend.networkPolicy.allowExternal` | Don't require server label for connections | `true` |
| `defaultBackend.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` |
| `defaultBackend.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` |
| `defaultBackend.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` |
| `defaultBackend.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` |
| `defaultBackend.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` |
| `defaultBackend.pdb.create` | Enable/disable a Pod Disruption Budget creation for Default backend | `false` |
| `defaultBackend.pdb.minAvailable` | Minimum number/percentage of Default backend pods that should remain scheduled | `1` |
| `defaultBackend.pdb.maxUnavailable` | Maximum number/percentage of Default backend pods that may be made unavailable | `""` |
### Traffic exposure parameters
@@ -382,6 +382,12 @@ helm install my-release -f values.yaml oci://REGISTRY_NAME/REPOSITORY_NAME/nginx
## Configuration and installation details
### Resource requests and limits
Bitnami charts allow setting resource requests and limits for all containers inside the chart deployment. These are inside the `resources` value (check parameter table). Setting requests is essential for production workloads and these should be adapted to your specific use case.
To make this process easier, the chart contains the `resourcesPreset` values, which automatically sets the `resources` section according to different presets. Check these presets in [the bitnami/common chart](https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15). However, in production workloads using `resourcePreset` is discouraged as it may not fully adapt to your specific needs. Find more information on container resource management in the [official Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/).
### [Rolling VS Immutable tags](https://docs.bitnami.com/tutorials/understand-rolling-tags-containers)
It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image.

1
bitnami/nginx-ingress-controller/templates/NOTES.txt
View File

@@ -91,3 +91,4 @@ If TLS is enabled for the Ingress, a Secret containing the certificate and key m
{{- include "common.warnings.rollingTag" .Values.image }}
{{- include "common.warnings.rollingTag" .Values.defaultBackend.image }}
{{- include "common.warnings.resources" (dict "sections" (list "defaultBackend" "") "context" $) }}

2
bitnami/nginx-ingress-controller/templates/controller-daemonset.yaml
View File

@@ -207,6 +207,8 @@ spec:
{{- end }}
{{- if .Values.resources }}
resources: {{- toYaml .Values.resources | nindent 12 }}
{{- else if ne .Values.resourcesPreset "none" }}
resources: {{- include "common.resources.preset" (dict "type" .Values.resourcesPreset) | nindent 12 }}
{{- end }}
volumeMounts:
{{- if .Values.customTemplate.configMapName }}

2
bitnami/nginx-ingress-controller/templates/controller-deployment.yaml
View File

@@ -197,6 +197,8 @@ spec:
{{- end }}
{{- if .Values.resources }}
resources: {{- toYaml .Values.resources | nindent 12 }}
{{- else if ne .Values.resourcesPreset "none" }}
resources: {{- include "common.resources.preset" (dict "type" .Values.resourcesPreset) | nindent 12 }}
{{- end }}
volumeMounts:
{{- if .Values.customTemplate.configMapName }}

2
bitnami/nginx-ingress-controller/templates/default-backend-deployment.yaml
View File

@@ -137,6 +137,8 @@ spec:
protocol: TCP
{{- if .Values.defaultBackend.resources }}
resources: {{- toYaml .Values.defaultBackend.resources | nindent 12 }}
{{- else if ne .Values.defaultBackend.resourcesPreset "none" }}
resources: {{- include "common.resources.preset" (dict "type" .Values.defaultBackend.resourcesPreset) | nindent 12 }}
{{- end }}
volumeMounts:
{{- if .Values.defaultBackend.serverBlockConfig }}

62
bitnami/nginx-ingress-controller/values.yaml
View File

@@ -16,7 +16,6 @@ global:
## - myRegistryKeySecretName
##
imagePullSecrets: []
## @section Common parameters
## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set)
@@ -43,7 +42,6 @@ extraDeploy: []
## @param clusterDomain Kubernetes cluster domain name
##
clusterDomain: cluster.local
## @section Nginx Ingress Controller parameters
## Bitnami NGINX Ingress controller image version
@@ -211,7 +209,6 @@ extraEnvVarsCM: ""
## @param extraEnvVarsSecret Name of a existing Secret containing extra environment variables
##
extraEnvVarsSecret: ""
## @section Nginx Ingress deployment / daemonset parameters
## @param kind Install as Deployment or DaemonSet
@@ -283,20 +280,21 @@ minReadySeconds: 0
## choice for the user. This also increases chances charts run on environments with little
## resources, such as Minikube. If you do want to specify resources, uncomment the following
## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
## @param resources.limits The resources limits for the Controller container
## @param resources.requests The requested resources for the Controller container
## @param resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
resources:
## Example:
## limits:
## cpu: 250m
## memory: 256Mi
limits: {}
## Examples:
## requests:
## cpu: 250m
## memory: 256Mi
requests: {}
resourcesPreset: "none"
## @param resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
## Example:
## resources:
## requests:
## cpu: 2
## memory: 512Mi
## limits:
## cpu: 3
## memory: 1024Mi
##
resources: {}
## Controller containers' liveness probe. Evaluated as a template.
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
## @param livenessProbe.enabled Enable livenessProbe
@@ -481,7 +479,6 @@ topologySpreadConstraints: []
##
podSecurityPolicy:
enabled: false
## @section Default backend parameters
## Default 404 backend
@@ -584,20 +581,21 @@ defaultBackend:
## choice for the user. This also increases chances charts run on environments with little
## resources, such as Minikube. If you do want to specify resources, uncomment the following
## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
## @param defaultBackend.resources.limits The resources limits for the Default backend container
## @param defaultBackend.resources.requests The requested resources for the Default backend container
## @param defaultBackend.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if defaultBackend.resources is set (defaultBackend.resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
resources:
## Example:
## limits:
## cpu: 250m
## memory: 256Mi
limits: {}
## Examples:
## requests:
## cpu: 250m
## memory: 256Mi
requests: {}
resourcesPreset: "none"
## @param defaultBackend.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
## Example:
## resources:
## requests:
## cpu: 2
## memory: 512Mi
## limits:
## cpu: 3
## memory: 1024Mi
##
resources: {}
## Default backend containers' liveness probe. Evaluated as a template.
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
## @param defaultBackend.livenessProbe.enabled Enable livenessProbe
@@ -850,7 +848,6 @@ defaultBackend:
## @param defaultBackend.pdb.maxUnavailable Maximum number/percentage of Default backend pods that may be made unavailable
##
maxUnavailable: ""
## @section Traffic exposure parameters
## Service parameters
@@ -990,7 +987,6 @@ networkPolicy:
##
ingressNSMatchLabels: {}
ingressNSPodMatchLabels: {}
## @section RBAC parameters
## Pods Service Account
@@ -1057,7 +1053,6 @@ autoscaling:
maxReplicas: 11
targetCPU: ""
targetMemory: ""
## @section Metrics parameters
## Prometheus exporter parameters
@@ -1130,7 +1125,6 @@ metrics:
## @param metrics.serviceMonitor.honorLabels honorLabels chooses the metric's labels on collisions with target labels
##
honorLabels: false
## @param metrics.prometheusRule.enabled Create PrometheusRules resource for scraping metrics using PrometheusOperator
## @param metrics.prometheusRule.additionalLabels Used to pass Labels that are required by the Installed Prometheus Operator
## @param metrics.prometheusRule.namespace Namespace which Prometheus is running in