nginx-ingress-controller
Helm chart
Request a free trial
Contact our team to test out this Helm chart and related images for free. Please also indicate any other images you would like to evaluate.
Tag:
1
# This file has been modified by Chainguard, Inc.
2
#
3
# Copyright Chainguard, Inc. All Rights Reserved.
4
# Chainguard, Inc. modifications are subject to the license
5
# available at: https://www.chainguard.dev/legal/software-license-agreement
6
#
7
# Copyright Broadcom, Inc. All Rights Reserved.
8
# SPDX-License-Identifier: APACHE-2.0
9
10
## @section Global parameters
11
## Global Docker image parameters
12
## Please, note that this will override the image parameters, including dependencies, configured to use the global value
13
## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass
14
15
## @param global.imageRegistry Global Docker image registry
16
## @param global.imagePullSecrets Global Docker registry secret names as an array
17
##
18
global:
19
imageRegistry: ""
20
## E.g.
21
## imagePullSecrets:
22
## - myRegistryKeySecretName
23
##
24
imagePullSecrets: []
25
## Security parameters
26
##
27
security:
28
## @param global.security.allowInsecureImages Allows skipping image verification
29
allowInsecureImages: false
30
## Compatibility adaptations for Kubernetes platforms
31
##
32
compatibility:
33
## Compatibility adaptations for Openshift
34
##
35
openshift:
36
## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation)
37
##
38
adaptSecurityContext: auto
39
org: ""
40
## @section Common parameters
41
42
## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set)
43
##
44
kubeVersion: ""
45
## @param nameOverride String to partially override common.names.fullname
46
##
47
nameOverride: ""
48
## @param fullnameOverride String to fully override common.names.fullname
49
##
50
fullnameOverride: ""
51
## @param namespaceOverride String to fully override common.names.namespace
52
##
53
namespaceOverride: ""
54
## @param commonLabels Add labels to all the deployed resources
55
##
56
commonLabels: {}
57
## @param commonAnnotations Add annotations to all the deployed resources
58
##
59
commonAnnotations: {}
60
## @param extraDeploy Array of extra objects to deploy with the release
61
##
62
extraDeploy: []
63
## @param clusterDomain Kubernetes cluster domain name
64
##
65
clusterDomain: cluster.local
66
## @section Nginx Ingress Controller parameters
67
68
## Iamguarded NGINX Ingress controller image version
69
## @param image.registry [default: REGISTRY_NAME] Nginx Ingress Controller image registry
70
## @param image.repository [default: REPOSITORY_NAME/nginx-ingress-controller] Nginx Ingress Controller image repository
71
## @skip image.tag Nginx Ingress Controller image tag (immutable tags are recommended)
72
## @param image.digest Nginx Ingress Controller image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
73
## @param image.pullPolicy Nginx Ingress Controller image pull policy
74
## @param image.pullSecrets Specify docker-registry secret names as an array
75
##
76
image:
77
registry: cgr.dev
78
repository: chainguard-private/ingress-nginx-controller-iamguarded
79
tag: 1.15.3
80
digest: ""
81
## Specify a imagePullPolicy
82
## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
83
##
84
pullPolicy: IfNotPresent
85
## Optionally specify an array of imagePullSecrets.
86
## Secrets must be manually created in the namespace.
87
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
88
## Example:
89
## pullSecrets:
90
## - myRegistryKeySecretName
91
##
92
pullSecrets: []
93
## @param containerPorts.http Nginx Ingress Controller HTTP port
94
## @param containerPorts.https Nginx Ingress Controller HTTPS port
95
## @param containerPorts.defaultServer Nginx Ingress Controller default server port
96
## @param containerPorts.metrics Nginx Ingress Controller metrics port
97
## @param containerPorts.profiler Nginx Ingress Controller profiler port
98
## @param containerPorts.status Nginx Ingress Controller status port
99
## @param containerPorts.stream Nginx Ingress Controller stream port
100
##
101
containerPorts:
102
http: 8080
103
https: 8443
104
defaultServer: 8181
105
metrics: 10254
106
profiler: 10245
107
status: 10246
108
stream: 10247
109
## @param automountServiceAccountToken Mount Service Account token in pod
110
##
111
automountServiceAccountToken: true
112
## @param hostAliases Deployment pod host aliases
113
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
114
##
115
hostAliases: []
116
## @param config Custom configuration options for NGINX
117
## ref: https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/
118
##
119
config: {}
120
## @param proxySetHeaders Custom headers before sending traffic to backends
121
## ref: https://github.com/kubernetes/ingress-nginx/tree/master/docs/examples/customization/custom-headers
122
##
123
proxySetHeaders: {}
124
## @param addHeaders Custom headers before sending response traffic to the client
125
## ref: https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#add-headers
126
##
127
addHeaders: {}
128
## @param defaultBackendService Default 404 backend service; required only if `defaultBackend.enabled = false`
129
## Must be <namespace>/<service_name>
130
##
131
defaultBackendService: ""
132
## @param electionID Election ID to use for status update
133
##
134
electionID: ingress-controller-leader
135
## @param allowSnippetAnnotations Allow users to set snippet annotations
136
##
137
allowSnippetAnnotations: false
138
## @param reportNodeInternalIp If using `hostNetwork=true`, setting `reportNodeInternalIp=true`, will pass the flag `report-node-internal-ip-address` to Nginx Ingress Controller
139
## Bare-metal considerations via the host network
140
## ref: https://kubernetes.github.io/ingress-nginx/deploy/baremetal/#via-the-host-network
141
##
142
reportNodeInternalIp: false
143
## @param watchIngressWithoutClass Process Ingress objects without ingressClass annotation/ingressClassName field
144
##
145
watchIngressWithoutClass: false
146
## Configuring this doesn't affect `kubernetes.io/ingress.class` annotation. See `extraArgs` below how to configure processing of custom annotation.
147
## @param ingressClassResource.name Name of the IngressClass resource
148
## @param ingressClassResource.enabled Create the IngressClass resource
149
## @param ingressClassResource.default Set the created IngressClass resource as default class
150
## @param ingressClassResource.controllerClass IngressClass identifier for the controller
151
## @param ingressClassResource.parameters Optional parameters for the controller
152
##
153
ingressClassResource:
154
name: nginx
155
enabled: true
156
default: false
157
controllerClass: "k8s.io/ingress-nginx"
158
parameters: {}
159
## Allows customization of the external service
160
## the ingress will be bound to via DNS
161
##
162
publishService:
163
## @param publishService.enabled Set the endpoint records on the Ingress objects to reflect those on the service
164
##
165
enabled: false
166
## @param publishService.pathOverride Allows overriding of the publish service to bind to
167
## Must be <namespace>/<service_name>
168
##
169
pathOverride: ""
170
## @param scope.enabled Limit the scope of the controller.
171
## @param scope.namespace Scope namespace. Defaults to `.Release.Namespace`
172
##
173
scope:
174
enabled: false
175
namespace: ""
176
## @param configMapNamespace Allows customization of the configmap / nginx-configmap namespace
177
## Defaults to .Release.Namespace
178
##
179
configMapNamespace: ""
180
## @param tcpConfigMapNamespace Allows customization of the tcp-services-configmap namespace
181
## Defaults to .Release.Namespace
182
##
183
tcpConfigMapNamespace: ""
184
## @param udpConfigMapNamespace Allows customization of the udp-services-configmap namespace
185
## Defaults to .Release.Namespace
186
##
187
udpConfigMapNamespace: ""
188
## @param maxmindLicenseKey License key used to download Geolite2 database
189
##
190
maxmindLicenseKey: ""
191
## @param dhParam A base64ed Diffie-Hellman parameter
192
## This can be generated with: openssl dhparam 4096 2> /
193
## Ref: https://github.com/krmichel/ingress-nginx/blob/master/docs/examples/customization/ssl-dh-param
194
dhParam: ""
195
## @param tcp TCP service key:value pairs
196
## ref: https://github.com/kubernetes/contrib/tree/master/ingress/controllers/nginx/examples/tcp
197
## e.g:
198
## tcp:
199
## 8080: "default/example-tcp-svc:9000"
200
##
201
tcp: {}
202
## @param udp UDP service key:value pairs
203
## ref: https://github.com/kubernetes/contrib/tree/master/ingress/controllers/nginx/examples/udp
204
## e.g:
205
## udp:
206
## 53: "kube-system/kube-dns:53"
207
##
208
udp: {}
209
## @param svcPortNamesPrefix Prefix for TCP and UDP ports names in ingress controller service
210
## Some cloud providers, like Yandex Cloud may have a requirements for a port name regex to support cloud load balancer integration
211
##
212
svcPortNamesPrefix: ""
213
## @param command Override default container command (useful when using custom images)
214
##
215
command: []
216
## @param args Override default container args (useful when using custom images)
217
##
218
args: []
219
## @param lifecycleHooks for the %%MAIN_CONTAINER_NAME%% container(s) to automate configuration before or after startup
220
##
221
lifecycleHooks: {}
222
## @param extraArgs Additional command line arguments to pass to nginx-ingress-controller
223
## E.g. to specify the default SSL certificate you can use
224
## extraArgs:
225
## default-ssl-certificate: "<namespace>/<secret_name>"
226
## ingress-class: nginx
227
##
228
extraArgs: {}
229
## @param extraEnvVars Extra environment variables to be set on Nginx Ingress container
230
## E.g:
231
## extraEnvs:
232
## - name: FOO
233
## valueFrom:
234
## secretKeyRef:
235
## key: FOO
236
## name: secret-resource
237
##
238
extraEnvVars: []
239
## @param extraEnvVarsCM Name of a existing ConfigMap containing extra environment variables
240
##
241
extraEnvVarsCM: ""
242
## @param extraEnvVarsSecret Name of a existing Secret containing extra environment variables
243
##
244
extraEnvVarsSecret: ""
245
## @section Nginx Ingress deployment / daemonset parameters
246
247
## @param kind Install as Deployment or DaemonSet
248
##
249
kind: Deployment
250
## Daemonset configuration
251
##
252
daemonset:
253
## @param daemonset.useHostPort If `kind` is `DaemonSet`, this will enable `hostPort` for `TCP/80` and `TCP/443`
254
##
255
useHostPort: false
256
## @param daemonset.hostPorts [object] HTTP and HTTPS ports
257
##
258
hostPorts:
259
http: 80
260
https: 443
261
## @param replicaCount Desired number of Controller pods
262
##
263
replicaCount: 1
264
## @param updateStrategy Strategy to use to update Pods
265
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
266
##
267
updateStrategy: {}
268
## @param revisionHistoryLimit The number of old history to retain to allow rollback
269
##
270
revisionHistoryLimit: 10
271
## Controller pods' Security Context
272
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
273
## @param podSecurityContext.enabled Enable Controller pods' Security Context
274
## @param podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
275
## @param podSecurityContext.sysctls Set kernel settings using the sysctl interface
276
## @param podSecurityContext.supplementalGroups Set filesystem extra groups
277
## @param podSecurityContext.fsGroup Group ID for the container filesystem
278
##
279
podSecurityContext:
280
enabled: true
281
fsGroupChangePolicy: Always
282
sysctls: []
283
supplementalGroups: []
284
fsGroup: 1001
285
## Controller containers' Security Context (only main container)
286
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
287
## @param containerSecurityContext.enabled Enable Controller containers' Security Context
288
## @param containerSecurityContext.allowPrivilegeEscalation Switch to allow priviledge escalation on the Controller container
289
## @param containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
290
## @param containerSecurityContext.runAsUser User ID for the Controller container
291
## @param containerSecurityContext.runAsGroup Group ID for the Controller container
292
## @param containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
293
## @param containerSecurityContext.capabilities.drop [array] Linux Kernel capabilities that should be dropped
294
## @param containerSecurityContext.capabilities.add [array] Linux Kernel capabilities that should be added
295
## @param containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
296
## @param containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
297
##
298
containerSecurityContext:
299
enabled: true
300
allowPrivilegeEscalation: false
301
seLinuxOptions: {}
302
runAsUser: 1001
303
runAsGroup: 1001
304
readOnlyRootFilesystem: true
305
capabilities:
306
drop: ["ALL"]
307
add: ["NET_BIND_SERVICE"]
308
runAsNonRoot: true
309
seccompProfile:
310
type: "RuntimeDefault"
311
## @param minReadySeconds How many seconds a pod needs to be ready before killing the next, during update
312
##
313
minReadySeconds: 0
314
## Controller containers' resource requests and limits
315
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
316
## We usually recommend not to specify default resources and to leave this as a conscious
317
## choice for the user. This also increases chances charts run on environments with little
318
## resources, such as Minikube. If you do want to specify resources, uncomment the following
319
## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
320
## @param resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).
321
##
322
resourcesPreset: "nano"
323
## @param resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
324
## Example:
325
## resources:
326
## requests:
327
## cpu: 2
328
## memory: 512Mi
329
## limits:
330
## cpu: 3
331
## memory: 1024Mi
332
##
333
resources: {}
334
## Controller containers' liveness probe. Evaluated as a template.
335
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
336
## @param livenessProbe.enabled Enable livenessProbe
337
## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
338
## @param livenessProbe.periodSeconds Period seconds for livenessProbe
339
## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
340
## @param livenessProbe.failureThreshold Failure threshold for livenessProbe
341
## @param livenessProbe.successThreshold Success threshold for livenessProbe
342
##
343
livenessProbe:
344
enabled: true
345
failureThreshold: 3
346
initialDelaySeconds: 10
347
periodSeconds: 10
348
successThreshold: 1
349
timeoutSeconds: 1
350
## Controller containers' readiness probe. Evaluated as a template.
351
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
352
## @param readinessProbe.enabled Enable readinessProbe
353
## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
354
## @param readinessProbe.periodSeconds Period seconds for readinessProbe
355
## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
356
## @param readinessProbe.failureThreshold Failure threshold for readinessProbe
357
## @param readinessProbe.successThreshold Success threshold for readinessProbe
358
##
359
readinessProbe:
360
enabled: true
361
failureThreshold: 3
362
initialDelaySeconds: 10
363
periodSeconds: 10
364
successThreshold: 1
365
timeoutSeconds: 1
366
## Controller containers' startup probe. Evaluated as a template.
367
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
368
## @param startupProbe.enabled Enable startupProbe
369
## @param startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
370
## @param startupProbe.periodSeconds Period seconds for startupProbe
371
## @param startupProbe.timeoutSeconds Timeout seconds for startupProbe
372
## @param startupProbe.failureThreshold Failure threshold for startupProbe
373
## @param startupProbe.successThreshold Success threshold for startupProbe
374
##
375
startupProbe:
376
enabled: false
377
failureThreshold: 3
378
initialDelaySeconds: 10
379
periodSeconds: 10
380
successThreshold: 1
381
timeoutSeconds: 1
382
## @param customLivenessProbe Override default liveness probe
383
##
384
customLivenessProbe: {}
385
## @param customReadinessProbe Override default readiness probe
386
##
387
customReadinessProbe: {}
388
## @param customStartupProbe Custom liveness probe for the Web component
389
##
390
customStartupProbe: {}
391
## @param lifecycle LifecycleHooks to set additional configuration at startup
392
##
393
lifecycle: {}
394
## @param podLabels Extra labels for Controller pods
395
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
396
##
397
podLabels: {}
398
## @param podAnnotations Annotations for Controller pods
399
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
400
##
401
podAnnotations: {}
402
## @param priorityClassName Controller priorityClassName
403
## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass
404
##
405
priorityClassName: ""
406
## @param schedulerName Name of the k8s scheduler (other than default)
407
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
408
##
409
schedulerName: ""
410
## @param hostNetwork If the Nginx deployment / daemonset should run on the host's network namespace
411
## Required on CNI based K8s installations, since CNI and hostport don't mix yet
412
## Can be deprecated once https://github.com/kubernetes/kubernetes/issues/23920 is merged
413
##
414
hostNetwork: false
415
## @param dnsPolicy By default, while using host network, name resolution uses the host's DNS
416
## Optionally, change this to ClusterFirstWithHostNet in case you have 'hostNetwork: true' if you wish nginx-controller
417
## to keep resolving names inside the Kubernetes network
418
##
419
dnsPolicy: ClusterFirst
420
## @param dnsConfig is an object with optional parameters to pass to the DNS resolver
421
## The dnsConfig field is optional and it can work with any dnsPolicy settings.
422
## However, when a Pod's dnsPolicy is set to "None", the dnsConfig field has to be specified.
423
##
424
dnsConfig: {}
425
## @param terminationGracePeriodSeconds How many seconds to wait before terminating a pod
426
##
427
terminationGracePeriodSeconds: 60
428
## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
429
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
430
##
431
podAffinityPreset: ""
432
## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
433
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
434
##
435
podAntiAffinityPreset: soft
436
## Node affinity preset
437
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
438
##
439
nodeAffinityPreset:
440
## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
441
##
442
type: ""
443
## @param nodeAffinityPreset.key Node label key to match. Ignored if `affinity` is set.
444
## E.g.
445
## key: "kubernetes.io/e2e-az-name"
446
##
447
key: ""
448
## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set.
449
## E.g.
450
## values:
451
## - e2e-az1
452
## - e2e-az2
453
##
454
values: []
455
## @param affinity Affinity for pod assignment. Evaluated as a template.
456
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
457
## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set
458
##
459
affinity: {}
460
## @param nodeSelector Node labels for pod assignment. Evaluated as a template.
461
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
462
##
463
nodeSelector: {}
464
## @param tolerations Tolerations for pod assignment. Evaluated as a template.
465
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
466
##
467
tolerations: []
468
## @param extraVolumes Optionally specify extra list of additional volumes for Controller pods
469
##
470
extraVolumes: []
471
## @param extraVolumeMounts Optionally specify extra list of additional volumeMounts for Controller container(s)
472
##
473
extraVolumeMounts: []
474
## @param initContainers Add init containers to the controller pods
475
## Example:
476
## initContainers:
477
## - name: your-image-name
478
## image: your-image
479
## imagePullPolicy: Always
480
## ports:
481
## - name: portname
482
## containerPort: 1234
483
##
484
initContainers: []
485
## @param sidecars Add sidecars to the controller pods.
486
## Example:
487
## sidecars:
488
## - name: your-image-name
489
## image: your-image
490
## imagePullPolicy: Always
491
## ports:
492
## - name: portname
493
## containerPort: 1234
494
##
495
sidecars: []
496
## @param customTemplate [object] Override NGINX template
497
##
498
customTemplate:
499
configMapName: ""
500
configMapKey: ""
501
## @param topologySpreadConstraints Topology spread constraints rely on node labels to identify the topology domain(s) that each Node is in
502
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
503
##
504
## topologySpreadConstraints:
505
## - maxSkew: 1
506
## topologyKey: failure-domain.beta.kubernetes.io/zone
507
## whenUnsatisfiable: DoNotSchedule
508
## labelSelector:
509
## matchLabels:
510
## app.kubernetes.io/instance: ingress-nginx-internal
511
##
512
topologySpreadConstraints: []
513
## @param podSecurityPolicy.enabled Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later
514
## https://kubernetes.io/docs/concepts/policy/pod-security-policy/
515
##
516
podSecurityPolicy:
517
enabled: false
518
## @section Default backend parameters
519
520
## Default 404 backend
521
##
522
defaultBackend:
523
## @param defaultBackend.enabled Enable a default backend based on NGINX
524
##
525
enabled: true
526
## @param defaultBackend.automountServiceAccountToken Mount Service Account token in pod
527
##
528
automountServiceAccountToken: true
529
## @param defaultBackend.hostAliases Add deployment host aliases
530
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
531
##
532
hostAliases: []
533
## Iamguarded NGINX image
534
## @param defaultBackend.image.registry [default: REGISTRY_NAME] Default backend image registry
535
## @param defaultBackend.image.repository [default: REPOSITORY_NAME/nginx] Default backend image repository
536
## @skip defaultBackend.image.tag Default backend image tag (immutable tags are recommended)
537
## @param defaultBackend.image.digest Default backend image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
538
## @param defaultBackend.image.pullPolicy Image pull policy
539
## @param defaultBackend.image.pullSecrets Specify docker-registry secret names as an array
540
##
541
image:
542
registry: cgr.dev
543
repository: chainguard-private/nginx-iamguarded
544
tag: 1.29.7
545
digest: ""
546
## Specify a imagePullPolicy
547
## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
548
##
549
pullPolicy: IfNotPresent
550
## Optionally specify an array of imagePullSecrets.
551
## Secrets must be manually created in the namespace.
552
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
553
## Example:
554
## pullSecrets:
555
## - myRegistryKeySecretName
556
##
557
pullSecrets: []
558
## @param defaultBackend.extraArgs Additional command line arguments to pass to Nginx container
559
##
560
extraArgs: {}
561
## @param defaultBackend.containerPort HTTP container port number
562
##
563
containerPort: 8080
564
## @param defaultBackend.serverBlockConfig [string] NGINX backend default server block configuration
565
## Should be compliant with: https://kubernetes.github.io/ingress-nginx/user-guide/default-backend/
566
##
567
serverBlockConfig: |-
568
location /healthz {
569
return 200;
570
}
571
572
location / {
573
return 404;
574
}
575
## @param defaultBackend.replicaCount Desired number of default backend pods
576
##
577
replicaCount: 1
578
## Default backend pods' Security Context
579
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
580
## @param defaultBackend.podSecurityContext.enabled Enable Default backend pods' Security Context
581
## @param defaultBackend.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
582
## @param defaultBackend.podSecurityContext.sysctls Set kernel settings using the sysctl interface
583
## @param defaultBackend.podSecurityContext.supplementalGroups Set filesystem extra groups
584
## @param defaultBackend.podSecurityContext.fsGroup Group ID for the container filesystem
585
##
586
podSecurityContext:
587
enabled: true
588
fsGroupChangePolicy: Always
589
sysctls: []
590
supplementalGroups: []
591
fsGroup: 1001
592
## Default backend containers' Security Context (only main container)
593
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
594
## @param defaultBackend.containerSecurityContext.enabled Enable Default backend containers' Security Context
595
## @param defaultBackend.containerSecurityContext.capabilities.drop [array] Linux Kernel capabilities that should be dropped
596
## @param defaultBackend.containerSecurityContext.allowPrivilegeEscalation Switch to allow priviledge escalation on the container
597
## @param defaultBackend.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
598
## @param defaultBackend.containerSecurityContext.runAsUser User ID for the Default backend container
599
## @param defaultBackend.containerSecurityContext.runAsGroup Group ID for the Default backend container
600
## @param defaultBackend.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
601
## @param defaultBackend.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
602
## @param defaultBackend.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
603
##
604
containerSecurityContext:
605
enabled: true
606
allowPrivilegeEscalation: false
607
seLinuxOptions: {}
608
runAsUser: 1001
609
runAsGroup: 1001
610
readOnlyRootFilesystem: true
611
capabilities:
612
drop: ["ALL"]
613
runAsNonRoot: true
614
seccompProfile:
615
type: "RuntimeDefault"
616
## Default backend containers' resource requests and limits
617
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
618
## We usually recommend not to specify default resources and to leave this as a conscious
619
## choice for the user. This also increases chances charts run on environments with little
620
## resources, such as Minikube. If you do want to specify resources, uncomment the following
621
## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
622
## @param defaultBackend.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if defaultBackend.resources is set (defaultBackend.resources is recommended for production).
623
##
624
resourcesPreset: "nano"
625
## @param defaultBackend.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
626
## Example:
627
## resources:
628
## requests:
629
## cpu: 2
630
## memory: 512Mi
631
## limits:
632
## cpu: 3
633
## memory: 1024Mi
634
##
635
resources: {}
636
## Default backend containers' liveness probe. Evaluated as a template.
637
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
638
## @param defaultBackend.livenessProbe.enabled Enable livenessProbe
639
## @param defaultBackend.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
640
## @param defaultBackend.livenessProbe.periodSeconds Period seconds for livenessProbe
641
## @param defaultBackend.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
642
## @param defaultBackend.livenessProbe.failureThreshold Failure threshold for livenessProbe
643
## @param defaultBackend.livenessProbe.successThreshold Success threshold for livenessProbe
644
##
645
livenessProbe:
646
enabled: true
647
failureThreshold: 3
648
initialDelaySeconds: 30
649
periodSeconds: 10
650
successThreshold: 1
651
timeoutSeconds: 5
652
## Default backend containers' readiness probe. Evaluated as a template.
653
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
654
## @param defaultBackend.readinessProbe.enabled Enable readinessProbe
655
## @param defaultBackend.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
656
## @param defaultBackend.readinessProbe.periodSeconds Period seconds for readinessProbe
657
## @param defaultBackend.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
658
## @param defaultBackend.readinessProbe.failureThreshold Failure threshold for readinessProbe
659
## @param defaultBackend.readinessProbe.successThreshold Success threshold for readinessProbe
660
##
661
readinessProbe:
662
enabled: true
663
failureThreshold: 6
664
initialDelaySeconds: 0
665
periodSeconds: 5
666
successThreshold: 1
667
timeoutSeconds: 5
668
## Default backend containers' startup probe. Evaluated as a template.
669
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
670
## @param defaultBackend.startupProbe.enabled Enable startupProbe
671
## @param defaultBackend.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
672
## @param defaultBackend.startupProbe.periodSeconds Period seconds for startupProbe
673
## @param defaultBackend.startupProbe.timeoutSeconds Timeout seconds for startupProbe
674
## @param defaultBackend.startupProbe.failureThreshold Failure threshold for startupProbe
675
## @param defaultBackend.startupProbe.successThreshold Success threshold for startupProbe
676
##
677
startupProbe:
678
enabled: false
679
failureThreshold: 6
680
initialDelaySeconds: 0
681
periodSeconds: 5
682
successThreshold: 1
683
timeoutSeconds: 5
684
## @param defaultBackend.customStartupProbe Custom liveness probe for the Web component
685
##
686
customStartupProbe: {}
687
## @param defaultBackend.customLivenessProbe Custom liveness probe for the Web component
688
##
689
customLivenessProbe: {}
690
## @param defaultBackend.customReadinessProbe Custom readiness probe for the Web component
691
##
692
customReadinessProbe: {}
693
## @param defaultBackend.podLabels Extra labels for Controller pods
694
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
695
##
696
podLabels: {}
697
## @param defaultBackend.podAnnotations Annotations for Controller pods
698
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
699
##
700
podAnnotations: {}
701
## @param defaultBackend.priorityClassName priorityClassName
702
## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass
703
##
704
priorityClassName: ""
705
## @param defaultBackend.schedulerName Name of the k8s scheduler (other than default)
706
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
707
##
708
schedulerName: ""
709
## @param defaultBackend.terminationGracePeriodSeconds In seconds, time the given to the pod to terminate gracefully
710
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods
711
##
712
terminationGracePeriodSeconds: 60
713
## @param defaultBackend.topologySpreadConstraints Topology Spread Constraints for pod assignment
714
## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
715
## The value is evaluated as a template
716
##
717
topologySpreadConstraints: []
718
## @param defaultBackend.podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
719
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
720
##
721
podAffinityPreset: ""
722
## @param defaultBackend.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
723
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
724
##
725
podAntiAffinityPreset: soft
726
## Node affinity preset
727
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
728
##
729
nodeAffinityPreset:
730
## @param defaultBackend.nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
731
##
732
type: ""
733
## @param defaultBackend.nodeAffinityPreset.key Node label key to match. Ignored if `affinity` is set.
734
## E.g.
735
## key: "kubernetes.io/e2e-az-name"
736
##
737
key: ""
738
## @param defaultBackend.nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set.
739
## E.g.
740
## values:
741
## - e2e-az1
742
## - e2e-az2
743
##
744
values: []
745
## @param defaultBackend.command Override default container command (useful when using custom images)
746
##
747
command: []
748
## @param defaultBackend.args Override default container args (useful when using custom images)
749
##
750
args: []
751
## @param defaultBackend.lifecycleHooks for the %%MAIN_CONTAINER_NAME%% container(s) to automate configuration before or after startup
752
##
753
lifecycleHooks: {}
754
## @param defaultBackend.extraEnvVars Array with extra environment variables to add to %%MAIN_CONTAINER_NAME%% nodes
755
## e.g:
756
## extraEnvVars:
757
## - name: FOO
758
## value: "bar"
759
##
760
extraEnvVars: []
761
## @param defaultBackend.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for %%MAIN_CONTAINER_NAME%% nodes
762
##
763
extraEnvVarsCM: ""
764
## @param defaultBackend.extraEnvVarsSecret Name of existing Secret containing extra env vars for %%MAIN_CONTAINER_NAME%% nodes
765
##
766
extraEnvVarsSecret: ""
767
## @param defaultBackend.extraVolumes Optionally specify extra list of additional volumes for the %%MAIN_CONTAINER_NAME%% pod(s)
768
##
769
extraVolumes: []
770
## @param defaultBackend.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the %%MAIN_CONTAINER_NAME%% container(s)
771
##
772
extraVolumeMounts: []
773
## @param defaultBackend.sidecars Add additional sidecar containers to the %%MAIN_CONTAINER_NAME%% pod(s)
774
## e.g:
775
## sidecars:
776
## - name: your-image-name
777
## image: your-image
778
## imagePullPolicy: Always
779
## ports:
780
## - name: portname
781
## containerPort: 1234
782
##
783
sidecars: []
784
## @param defaultBackend.initContainers Add additional init containers to the %%MAIN_CONTAINER_NAME%% pod(s)
785
## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
786
## e.g:
787
## initContainers:
788
## - name: your-image-name
789
## image: your-image
790
## imagePullPolicy: Always
791
## command: ['sh', '-c', 'echo "hello world"']
792
##
793
initContainers: []
794
## @param defaultBackend.affinity Affinity for pod assignment
795
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
796
## Note: defaultBackend.podAffinityPreset, defaultBackend.podAntiAffinityPreset, and defaultBackend.nodeAffinityPreset will be ignored when it's set
797
##
798
affinity: {}
799
## @param defaultBackend.nodeSelector Node labels for pod assignment
800
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
801
##
802
nodeSelector: {}
803
## @param defaultBackend.tolerations Tolerations for pod assignment
804
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
805
##
806
tolerations: []
807
## Default backend Service parameters
808
##
809
service:
810
## @param defaultBackend.service.type Kubernetes Service type for default backend
811
##
812
type: ClusterIP
813
## @param defaultBackend.service.ports.http Default backend service HTTP port
814
##
815
ports:
816
http: 80
817
## @param defaultBackend.service.annotations Annotations for the default backend service
818
##
819
annotations: {}
820
## Network Policies
821
## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
822
##
823
networkPolicy:
824
## @param defaultBackend.networkPolicy.enabled Specifies whether a NetworkPolicy should be created
825
##
826
enabled: true
827
## @param defaultBackend.networkPolicy.allowExternal Don't require server label for connections
828
## The Policy model to apply. When set to false, only pods with the correct
829
## server label will have network access to the ports server is listening
830
## on. When true, server will accept connections from any source
831
## (with the correct destination port).
832
##
833
allowExternal: true
834
## @param defaultBackend.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
835
##
836
allowExternalEgress: true
837
## @param defaultBackend.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
838
## e.g:
839
## extraIngress:
840
## - ports:
841
## - port: 1234
842
## from:
843
## - podSelector:
844
## - matchLabels:
845
## - role: frontend
846
## - podSelector:
847
## - matchExpressions:
848
## - key: role
849
## operator: In
850
## values:
851
## - frontend
852
extraIngress: []
853
## @param defaultBackend.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy
854
## e.g:
855
## extraEgress:
856
## - ports:
857
## - port: 1234
858
## to:
859
## - podSelector:
860
## - matchLabels:
861
## - role: frontend
862
## - podSelector:
863
## - matchExpressions:
864
## - key: role
865
## operator: In
866
## values:
867
## - frontend
868
##
869
extraEgress: []
870
## @param defaultBackend.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces
871
## @param defaultBackend.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces
872
##
873
ingressNSMatchLabels: {}
874
ingressNSPodMatchLabels: {}
875
## Default backend Pod Disruption Budget configuration
876
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
877
##
878
pdb:
879
## @param defaultBackend.pdb.create Enable/disable a Pod Disruption Budget creation for Default backend
880
##
881
create: true
882
## @param defaultBackend.pdb.minAvailable Minimum number/percentage of Default backend pods that should remain scheduled
883
##
884
minAvailable: ""
885
## @param defaultBackend.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable. Defaults to `1` if both `defaultBackend.pdb.minAvailable` and `defaultBackend.pdb.maxUnavailable` are empty.
886
##
887
maxUnavailable: ""
888
## @section Traffic exposure parameters
889
890
## Service parameters
891
##
892
service:
893
## @param service.type Kubernetes Service type for Controller
894
##
895
type: LoadBalancer
896
## @param service.ports [object] Service ports
897
##
898
ports:
899
http: 80
900
https: 443
901
## @param service.targetPorts [object] Map the controller service HTTP/HTTPS port
902
##
903
targetPorts:
904
http: http
905
https: https
906
## @param service.nodePorts [object] Specify the nodePort value(s) for the LoadBalancer and NodePort service types.
907
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
908
##
909
nodePorts:
910
http: ""
911
https: ""
912
tcp: {}
913
udp: {}
914
## @param service.annotations Annotations for controller service
915
## This can be used to set the LoadBalancer service type to internal only.
916
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
917
##
918
annotations: {}
919
## @param service.labels Labels for controller service
920
##
921
labels: {}
922
## @param service.clusterIP Controller Internal Cluster Service IP (optional)
923
##
924
clusterIP: ""
925
## @param service.externalIPs Controller Service external IP addresses
926
## Ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips
927
##
928
externalIPs: []
929
## @param service.ipFamilyPolicy Controller Service ipFamilyPolicy (optional, cloud specific)
930
## This can be either SingleStack, PreferDualStack or RequireDualStack
931
## ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services
932
##
933
ipFamilyPolicy: ""
934
## @param service.ipFamilies Controller Service ipFamilies (optional, cloud specific)
935
## This can be either ["IPv4"], ["IPv6"], ["IPv4", "IPv6"] or ["IPv6", "IPv4"]
936
## ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services
937
##
938
ipFamilies: []
939
## @param service.loadBalancerClass Load balancer class if service type is `LoadBalancer`
940
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-class
941
##
942
loadBalancerClass: ""
943
## @param service.loadBalancerIP Kubernetes LoadBalancerIP to request for Controller (optional, cloud specific)
944
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
945
##
946
loadBalancerIP: ""
947
## @param service.loadBalancerSourceRanges List of IP CIDRs allowed access to load balancer (if supported)
948
## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
949
##
950
loadBalancerSourceRanges: []
951
## @param service.extraPorts Extra ports to expose (normally used with the `sidecar` value)
952
##
953
extraPorts: []
954
## @param service.externalTrafficPolicy Set external traffic policy to: "Local" to preserve source IP on providers supporting it
955
## Enable client source IP preservation
956
## Ref: https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-typeloadbalancer
957
##
958
externalTrafficPolicy: ""
959
## @param service.healthCheckNodePort Set this to the managed health-check port the kube-proxy will expose. If blank, a random port in the `NodePort` range will be assigned
960
##
961
healthCheckNodePort: 0
962
## @param service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
963
## If "ClientIP", consecutive client requests will be directed to the same Pod
964
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
965
##
966
sessionAffinity: None
967
## @param service.sessionAffinityConfig Additional settings for the sessionAffinity
968
## sessionAffinityConfig:
969
## clientIP:
970
## timeoutSeconds: 300
971
##
972
sessionAffinityConfig: {}
973
## Network Policies
974
## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
975
##
976
networkPolicy:
977
## @param networkPolicy.enabled Specifies whether a NetworkPolicy should be created
978
##
979
enabled: true
980
## @param networkPolicy.allowExternal Don't require server label for connections
981
## The Policy model to apply. When set to false, only pods with the correct
982
## server label will have network access to the ports server is listening
983
## on. When true, server will accept connections from any source
984
## (with the correct destination port).
985
##
986
allowExternal: true
987
## @param networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
988
##
989
allowExternalEgress: true
990
## @param networkPolicy.kubeAPIServerPorts [array] List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security)
991
##
992
kubeAPIServerPorts: [443, 6443, 8443]
993
## @param networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
994
## e.g:
995
## extraIngress:
996
## - ports:
997
## - port: 1234
998
## from:
999
## - podSelector:
1000
## - matchLabels:
1001
## - role: frontend
1002
## - podSelector:
1003
## - matchExpressions:
1004
## - key: role
1005
## operator: In
1006
## values:
1007
## - frontend
1008
extraIngress: []
1009
## @param networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy
1010
## e.g:
1011
## extraEgress:
1012
## - ports:
1013
## - port: 1234
1014
## to:
1015
## - podSelector:
1016
## - matchLabels:
1017
## - role: frontend
1018
## - podSelector:
1019
## - matchExpressions:
1020
## - key: role
1021
## operator: In
1022
## values:
1023
## - frontend
1024
##
1025
extraEgress: []
1026
## @param networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces
1027
## @param networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces
1028
##
1029
ingressNSMatchLabels: {}
1030
ingressNSPodMatchLabels: {}
1031
## @section RBAC parameters
1032
1033
## Pods Service Account
1034
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
1035
##
1036
serviceAccount:
1037
## @param serviceAccount.create Enable the creation of a ServiceAccount for Controller pods
1038
##
1039
create: true
1040
## @param serviceAccount.name Name of the created ServiceAccount
1041
## If not set and create is true, a name is generated using the metrics-server.fullname template
1042
name: ""
1043
## @param serviceAccount.annotations Annotations for service account.
1044
## Only used if `create` is `true`.
1045
##
1046
annotations: {}
1047
## @param serviceAccount.automountServiceAccountToken Automount service account token for the server service account
1048
##
1049
automountServiceAccountToken: false
1050
## Role Based Access
1051
## Ref: https://kubernetes.io/docs/admin/authorization/rbac/
1052
##
1053
rbac:
1054
## @param rbac.create Specifies whether RBAC rules should be created
1055
##
1056
create: true
1057
## @param rbac.rules Custom RBAC rules
1058
## Example:
1059
## rules:
1060
## - apiGroups:
1061
## - ""
1062
## resources:
1063
## - pods
1064
## verbs:
1065
## - get
1066
## - list
1067
##
1068
rules: []
1069
## @section Other parameters
1070
1071
## Controller Pod Disruption Budget configuration
1072
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
1073
##
1074
pdb:
1075
## @param pdb.create Enable/disable a Pod Disruption Budget creation for Controller
1076
##
1077
create: true
1078
## @param pdb.minAvailable Minimum number/percentage of Controller pods that should remain scheduled
1079
##
1080
minAvailable: ""
1081
## @param pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable. Defaults to `1` if both `pdb.minAvailable` and `pdb.maxUnavailable` are empty.
1082
##
1083
maxUnavailable: ""
1084
## Controller Autoscaling configuration
1085
## @param autoscaling.enabled Enable autoscaling for Controller
1086
## @param autoscaling.minReplicas Minimum number of Controller replicas
1087
## @param autoscaling.maxReplicas Maximum number of Controller replicas
1088
## @param autoscaling.targetCPU Target CPU utilization percentage
1089
## @param autoscaling.targetMemory Target Memory utilization percentage
1090
##
1091
autoscaling:
1092
enabled: false
1093
minReplicas: 1
1094
maxReplicas: 11
1095
targetCPU: ""
1096
targetMemory: ""
1097
## @section Metrics parameters
1098
1099
## Prometheus exporter parameters
1100
##
1101
metrics:
1102
## @param metrics.enabled Enable exposing Controller statistics
1103
##
1104
enabled: false
1105
## Prometheus exporter service parameters
1106
##
1107
service:
1108
## @param metrics.service.type Type of Prometheus metrics service to create
1109
##
1110
type: ClusterIP
1111
## @param metrics.service.ports.metrics Service HTTP management port
1112
##
1113
ports:
1114
metrics: 9913
1115
## @param metrics.service.annotations [object] Annotations for the Prometheus exporter service
1116
##
1117
annotations:
1118
prometheus.io/scrape: "true"
1119
prometheus.io/port: "{{ coalesce .Values.metrics.service.ports.metrics .Values.metrics.service.port }}"
1120
## @param metrics.service.labels Labels for the Prometheus exporter service
1121
##
1122
labels: {}
1123
## Prometheus Operator ServiceMonitor configuration
1124
##
1125
serviceMonitor:
1126
## @param metrics.serviceMonitor.enabled Create ServiceMonitor resource for scraping metrics using PrometheusOperator
1127
##
1128
enabled: false
1129
## @param metrics.serviceMonitor.namespace Namespace in which Prometheus is running
1130
##
1131
namespace: ""
1132
## @param metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus.
1133
##
1134
jobLabel: ""
1135
## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped
1136
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
1137
##
1138
interval: 30s
1139
## @param metrics.serviceMonitor.scrapeTimeout Specify the timeout after which the scrape is ended
1140
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
1141
## e.g:
1142
## scrapeTimeout: 10s
1143
##
1144
scrapeTimeout: ""
1145
## @param metrics.serviceMonitor.relabelings RelabelConfigs to apply to samples before scraping
1146
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig
1147
##
1148
relabelings: []
1149
## @param metrics.serviceMonitor.metricRelabelings MetricRelabelConfigs to apply to samples before ingestion
1150
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig
1151
##
1152
metricRelabelings: []
1153
## @param metrics.serviceMonitor.selector ServiceMonitor selector labels
1154
## e.g:
1155
## selector:
1156
## prometheus: my-prometheus
1157
##
1158
selector: {}
1159
## @param metrics.serviceMonitor.annotations Extra annotations for the ServiceMonitor
1160
##
1161
annotations: {}
1162
## @param metrics.serviceMonitor.labels Extra labels for the ServiceMonitor
1163
##
1164
labels: {}
1165
## @param metrics.serviceMonitor.honorLabels honorLabels chooses the metric's labels on collisions with target labels
1166
##
1167
honorLabels: false
1168
## @param metrics.prometheusRule.enabled Create PrometheusRules resource for scraping metrics using PrometheusOperator
1169
## @param metrics.prometheusRule.additionalLabels Used to pass Labels that are required by the Installed Prometheus Operator
1170
## @param metrics.prometheusRule.namespace Namespace which Prometheus is running in
1171
## @param metrics.prometheusRule.rules Rules to be prometheus in YAML format, check values for an example
1172
##
1173
prometheusRule:
1174
enabled: false
1175
additionalLabels: {}
1176
namespace: ""
1177
rules: []
1178
The trusted source for open source
Talk to an expertProduct
Customers
© 2026 Chainguard, Inc. All Rights Reserved.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.