nginx-ingress-controller
Helm chart
Request a free trial
Contact our team to test out this Helm chart and related images for free. Please also indicate any other images you would like to evaluate.
Tag:
1
# This file has been modified by Chainguard, Inc.
2
#
3
# Copyright Chainguard, Inc. All Rights Reserved.
4
# Chainguard, Inc. modifications are subject to the license
5
# available at: https://www.chainguard.dev/legal/software-license-agreement
6
#
7
# Copyright Broadcom, Inc. All Rights Reserved.
8
# SPDX-License-Identifier: APACHE-2.0
9
10
## @section Global parameters
11
## Global Docker image parameters
12
## Please, note that this will override the image parameters, including dependencies, configured to use the global value
13
## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass
14
15
## @param global.imageRegistry Global Docker image registry
16
## @param global.imagePullSecrets Global Docker registry secret names as an array
17
##
18
global:
19
imageRegistry: ""
20
## E.g.
21
## imagePullSecrets:
22
## - myRegistryKeySecretName
23
##
24
imagePullSecrets: []
25
## Security parameters
26
##
27
security:
28
## @param global.security.allowInsecureImages Allows skipping image verification
29
allowInsecureImages: false
30
## Compatibility adaptations for Kubernetes platforms
31
##
32
compatibility:
33
## Compatibility adaptations for Openshift
34
##
35
openshift:
36
## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation)
37
##
38
adaptSecurityContext: auto
39
org: ""
40
## @section Common parameters
41
42
## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set)
43
##
44
kubeVersion: ""
45
## @param nameOverride String to partially override common.names.fullname
46
##
47
nameOverride: ""
48
## @param fullnameOverride String to fully override common.names.fullname
49
##
50
fullnameOverride: ""
51
## @param namespaceOverride String to fully override common.names.namespace
52
##
53
namespaceOverride: ""
54
## @param commonLabels Add labels to all the deployed resources
55
##
56
commonLabels: {}
57
## @param commonAnnotations Add annotations to all the deployed resources
58
##
59
commonAnnotations: {}
60
## @param extraDeploy Array of extra objects to deploy with the release
61
##
62
extraDeploy: []
63
## @param clusterDomain Kubernetes cluster domain name
64
##
65
clusterDomain: cluster.local
66
## @section Nginx Ingress Controller parameters
67
68
## Iamguarded NGINX Ingress controller image version
69
## ref: https://hub.docker.com/r/iamguarded/nginx-ingress-controller/tags/
70
## @param image.registry [default: REGISTRY_NAME] Nginx Ingress Controller image registry
71
## @param image.repository [default: REPOSITORY_NAME/nginx-ingress-controller] Nginx Ingress Controller image repository
72
## @skip image.tag Nginx Ingress Controller image tag (immutable tags are recommended)
73
## @param image.digest Nginx Ingress Controller image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
74
## @param image.pullPolicy Nginx Ingress Controller image pull policy
75
## @param image.pullSecrets Specify docker-registry secret names as an array
76
##
77
image:
78
registry: cgr.dev
79
repository: chainguard-private/ingress-nginx-controller-iamguarded
80
tag: 1.14.3
81
digest: ""
82
## Specify a imagePullPolicy
83
## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
84
##
85
pullPolicy: IfNotPresent
86
## Optionally specify an array of imagePullSecrets.
87
## Secrets must be manually created in the namespace.
88
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
89
## Example:
90
## pullSecrets:
91
## - myRegistryKeySecretName
92
##
93
pullSecrets: []
94
## @param containerPorts.http Nginx Ingress Controller HTTP port
95
## @param containerPorts.https Nginx Ingress Controller HTTPS port
96
## @param containerPorts.defaultServer Nginx Ingress Controller default server port
97
## @param containerPorts.metrics Nginx Ingress Controller metrics port
98
## @param containerPorts.profiler Nginx Ingress Controller profiler port
99
## @param containerPorts.status Nginx Ingress Controller status port
100
## @param containerPorts.stream Nginx Ingress Controller stream port
101
##
102
containerPorts:
103
http: 8080
104
https: 8443
105
defaultServer: 8181
106
metrics: 10254
107
profiler: 10245
108
status: 10246
109
stream: 10247
110
## @param automountServiceAccountToken Mount Service Account token in pod
111
##
112
automountServiceAccountToken: true
113
## @param hostAliases Deployment pod host aliases
114
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
115
##
116
hostAliases: []
117
## @param config Custom configuration options for NGINX
118
## ref: https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/
119
##
120
config: {}
121
## @param proxySetHeaders Custom headers before sending traffic to backends
122
## ref: https://github.com/kubernetes/ingress-nginx/tree/master/docs/examples/customization/custom-headers
123
##
124
proxySetHeaders: {}
125
## @param addHeaders Custom headers before sending response traffic to the client
126
## ref: https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#add-headers
127
##
128
addHeaders: {}
129
## @param defaultBackendService Default 404 backend service; required only if `defaultBackend.enabled = false`
130
## Must be <namespace>/<service_name>
131
##
132
defaultBackendService: ""
133
## @param electionID Election ID to use for status update
134
##
135
electionID: ingress-controller-leader
136
## @param allowSnippetAnnotations Allow users to set snippet annotations
137
##
138
allowSnippetAnnotations: false
139
## @param reportNodeInternalIp If using `hostNetwork=true`, setting `reportNodeInternalIp=true`, will pass the flag `report-node-internal-ip-address` to Nginx Ingress Controller
140
## Bare-metal considerations via the host network
141
## ref: https://kubernetes.github.io/ingress-nginx/deploy/baremetal/#via-the-host-network
142
##
143
reportNodeInternalIp: false
144
## @param watchIngressWithoutClass Process Ingress objects without ingressClass annotation/ingressClassName field
145
##
146
watchIngressWithoutClass: false
147
## Configuring this doesn't affect `kubernetes.io/ingress.class` annotation. See `extraArgs` below how to configure processing of custom annotation.
148
## @param ingressClassResource.name Name of the IngressClass resource
149
## @param ingressClassResource.enabled Create the IngressClass resource
150
## @param ingressClassResource.default Set the created IngressClass resource as default class
151
## @param ingressClassResource.controllerClass IngressClass identifier for the controller
152
## @param ingressClassResource.parameters Optional parameters for the controller
153
##
154
ingressClassResource:
155
name: nginx
156
enabled: true
157
default: false
158
controllerClass: "k8s.io/ingress-nginx"
159
parameters: {}
160
## Allows customization of the external service
161
## the ingress will be bound to via DNS
162
##
163
publishService:
164
## @param publishService.enabled Set the endpoint records on the Ingress objects to reflect those on the service
165
##
166
enabled: false
167
## @param publishService.pathOverride Allows overriding of the publish service to bind to
168
## Must be <namespace>/<service_name>
169
##
170
pathOverride: ""
171
## @param scope.enabled Limit the scope of the controller.
172
## @param scope.namespace Scope namespace. Defaults to `.Release.Namespace`
173
##
174
scope:
175
enabled: false
176
namespace: ""
177
## @param configMapNamespace Allows customization of the configmap / nginx-configmap namespace
178
## Defaults to .Release.Namespace
179
##
180
configMapNamespace: ""
181
## @param tcpConfigMapNamespace Allows customization of the tcp-services-configmap namespace
182
## Defaults to .Release.Namespace
183
##
184
tcpConfigMapNamespace: ""
185
## @param udpConfigMapNamespace Allows customization of the udp-services-configmap namespace
186
## Defaults to .Release.Namespace
187
##
188
udpConfigMapNamespace: ""
189
## @param maxmindLicenseKey License key used to download Geolite2 database
190
##
191
maxmindLicenseKey: ""
192
## @param dhParam A base64ed Diffie-Hellman parameter
193
## This can be generated with: openssl dhparam 4096 2> /
194
## Ref: https://github.com/krmichel/ingress-nginx/blob/master/docs/examples/customization/ssl-dh-param
195
dhParam: ""
196
## @param tcp TCP service key:value pairs
197
## ref: https://github.com/kubernetes/contrib/tree/master/ingress/controllers/nginx/examples/tcp
198
## e.g:
199
## tcp:
200
## 8080: "default/example-tcp-svc:9000"
201
##
202
tcp: {}
203
## @param udp UDP service key:value pairs
204
## ref: https://github.com/kubernetes/contrib/tree/master/ingress/controllers/nginx/examples/udp
205
## e.g:
206
## udp:
207
## 53: "kube-system/kube-dns:53"
208
##
209
udp: {}
210
## @param svcPortNamesPrefix Prefix for TCP and UDP ports names in ingress controller service
211
## Some cloud providers, like Yandex Cloud may have a requirements for a port name regex to support cloud load balancer integration
212
##
213
svcPortNamesPrefix: ""
214
## @param command Override default container command (useful when using custom images)
215
##
216
command: []
217
## @param args Override default container args (useful when using custom images)
218
##
219
args: []
220
## @param lifecycleHooks for the %%MAIN_CONTAINER_NAME%% container(s) to automate configuration before or after startup
221
##
222
lifecycleHooks: {}
223
## @param extraArgs Additional command line arguments to pass to nginx-ingress-controller
224
## E.g. to specify the default SSL certificate you can use
225
## extraArgs:
226
## default-ssl-certificate: "<namespace>/<secret_name>"
227
## ingress-class: nginx
228
##
229
extraArgs: {}
230
## @param extraEnvVars Extra environment variables to be set on Nginx Ingress container
231
## E.g:
232
## extraEnvs:
233
## - name: FOO
234
## valueFrom:
235
## secretKeyRef:
236
## key: FOO
237
## name: secret-resource
238
##
239
extraEnvVars: []
240
## @param extraEnvVarsCM Name of a existing ConfigMap containing extra environment variables
241
##
242
extraEnvVarsCM: ""
243
## @param extraEnvVarsSecret Name of a existing Secret containing extra environment variables
244
##
245
extraEnvVarsSecret: ""
246
## @section Nginx Ingress deployment / daemonset parameters
247
248
## @param kind Install as Deployment or DaemonSet
249
##
250
kind: Deployment
251
## Daemonset configuration
252
##
253
daemonset:
254
## @param daemonset.useHostPort If `kind` is `DaemonSet`, this will enable `hostPort` for `TCP/80` and `TCP/443`
255
##
256
useHostPort: false
257
## @param daemonset.hostPorts [object] HTTP and HTTPS ports
258
##
259
hostPorts:
260
http: 80
261
https: 443
262
## @param replicaCount Desired number of Controller pods
263
##
264
replicaCount: 1
265
## @param updateStrategy Strategy to use to update Pods
266
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
267
##
268
updateStrategy: {}
269
## @param revisionHistoryLimit The number of old history to retain to allow rollback
270
##
271
revisionHistoryLimit: 10
272
## Controller pods' Security Context
273
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
274
## @param podSecurityContext.enabled Enable Controller pods' Security Context
275
## @param podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
276
## @param podSecurityContext.sysctls Set kernel settings using the sysctl interface
277
## @param podSecurityContext.supplementalGroups Set filesystem extra groups
278
## @param podSecurityContext.fsGroup Group ID for the container filesystem
279
##
280
podSecurityContext:
281
enabled: true
282
fsGroupChangePolicy: Always
283
sysctls: []
284
supplementalGroups: []
285
fsGroup: 1001
286
## Controller containers' Security Context (only main container)
287
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
288
## @param containerSecurityContext.enabled Enable Controller containers' Security Context
289
## @param containerSecurityContext.allowPrivilegeEscalation Switch to allow priviledge escalation on the Controller container
290
## @param containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
291
## @param containerSecurityContext.runAsUser User ID for the Controller container
292
## @param containerSecurityContext.runAsGroup Group ID for the Controller container
293
## @param containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
294
## @param containerSecurityContext.capabilities.drop [array] Linux Kernel capabilities that should be dropped
295
## @param containerSecurityContext.capabilities.add [array] Linux Kernel capabilities that should be added
296
## @param containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
297
## @param containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
298
##
299
containerSecurityContext:
300
enabled: true
301
allowPrivilegeEscalation: false
302
seLinuxOptions: {}
303
runAsUser: 1001
304
runAsGroup: 1001
305
readOnlyRootFilesystem: true
306
capabilities:
307
drop: ["ALL"]
308
add: ["NET_BIND_SERVICE"]
309
runAsNonRoot: true
310
seccompProfile:
311
type: "RuntimeDefault"
312
## @param minReadySeconds How many seconds a pod needs to be ready before killing the next, during update
313
##
314
minReadySeconds: 0
315
## Controller containers' resource requests and limits
316
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
317
## We usually recommend not to specify default resources and to leave this as a conscious
318
## choice for the user. This also increases chances charts run on environments with little
319
## resources, such as Minikube. If you do want to specify resources, uncomment the following
320
## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
321
## @param resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).
322
## More information: https://github.com/iamguarded/charts/blob/main/iamguarded/common/templates/_resources.tpl#L15
323
##
324
resourcesPreset: "nano"
325
## @param resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
326
## Example:
327
## resources:
328
## requests:
329
## cpu: 2
330
## memory: 512Mi
331
## limits:
332
## cpu: 3
333
## memory: 1024Mi
334
##
335
resources: {}
336
## Controller containers' liveness probe. Evaluated as a template.
337
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
338
## @param livenessProbe.enabled Enable livenessProbe
339
## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
340
## @param livenessProbe.periodSeconds Period seconds for livenessProbe
341
## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
342
## @param livenessProbe.failureThreshold Failure threshold for livenessProbe
343
## @param livenessProbe.successThreshold Success threshold for livenessProbe
344
##
345
livenessProbe:
346
enabled: true
347
failureThreshold: 3
348
initialDelaySeconds: 10
349
periodSeconds: 10
350
successThreshold: 1
351
timeoutSeconds: 1
352
## Controller containers' readiness probe. Evaluated as a template.
353
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
354
## @param readinessProbe.enabled Enable readinessProbe
355
## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
356
## @param readinessProbe.periodSeconds Period seconds for readinessProbe
357
## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
358
## @param readinessProbe.failureThreshold Failure threshold for readinessProbe
359
## @param readinessProbe.successThreshold Success threshold for readinessProbe
360
##
361
readinessProbe:
362
enabled: true
363
failureThreshold: 3
364
initialDelaySeconds: 10
365
periodSeconds: 10
366
successThreshold: 1
367
timeoutSeconds: 1
368
## Controller containers' startup probe. Evaluated as a template.
369
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
370
## @param startupProbe.enabled Enable startupProbe
371
## @param startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
372
## @param startupProbe.periodSeconds Period seconds for startupProbe
373
## @param startupProbe.timeoutSeconds Timeout seconds for startupProbe
374
## @param startupProbe.failureThreshold Failure threshold for startupProbe
375
## @param startupProbe.successThreshold Success threshold for startupProbe
376
##
377
startupProbe:
378
enabled: false
379
failureThreshold: 3
380
initialDelaySeconds: 10
381
periodSeconds: 10
382
successThreshold: 1
383
timeoutSeconds: 1
384
## @param customLivenessProbe Override default liveness probe
385
##
386
customLivenessProbe: {}
387
## @param customReadinessProbe Override default readiness probe
388
##
389
customReadinessProbe: {}
390
## @param customStartupProbe Custom liveness probe for the Web component
391
##
392
customStartupProbe: {}
393
## @param lifecycle LifecycleHooks to set additional configuration at startup
394
##
395
lifecycle: {}
396
## @param podLabels Extra labels for Controller pods
397
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
398
##
399
podLabels: {}
400
## @param podAnnotations Annotations for Controller pods
401
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
402
##
403
podAnnotations: {}
404
## @param priorityClassName Controller priorityClassName
405
## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass
406
##
407
priorityClassName: ""
408
## @param schedulerName Name of the k8s scheduler (other than default)
409
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
410
##
411
schedulerName: ""
412
## @param hostNetwork If the Nginx deployment / daemonset should run on the host's network namespace
413
## Required on CNI based K8s installations, since CNI and hostport don't mix yet
414
## Can be deprecated once https://github.com/kubernetes/kubernetes/issues/23920 is merged
415
##
416
hostNetwork: false
417
## @param dnsPolicy By default, while using host network, name resolution uses the host's DNS
418
## Optionally, change this to ClusterFirstWithHostNet in case you have 'hostNetwork: true' if you wish nginx-controller
419
## to keep resolving names inside the Kubernetes network
420
##
421
dnsPolicy: ClusterFirst
422
## @param dnsConfig is an object with optional parameters to pass to the DNS resolver
423
## The dnsConfig field is optional and it can work with any dnsPolicy settings.
424
## However, when a Pod's dnsPolicy is set to "None", the dnsConfig field has to be specified.
425
##
426
dnsConfig: {}
427
## @param terminationGracePeriodSeconds How many seconds to wait before terminating a pod
428
##
429
terminationGracePeriodSeconds: 60
430
## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
431
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
432
##
433
podAffinityPreset: ""
434
## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
435
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
436
##
437
podAntiAffinityPreset: soft
438
## Node affinity preset
439
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
440
##
441
nodeAffinityPreset:
442
## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
443
##
444
type: ""
445
## @param nodeAffinityPreset.key Node label key to match. Ignored if `affinity` is set.
446
## E.g.
447
## key: "kubernetes.io/e2e-az-name"
448
##
449
key: ""
450
## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set.
451
## E.g.
452
## values:
453
## - e2e-az1
454
## - e2e-az2
455
##
456
values: []
457
## @param affinity Affinity for pod assignment. Evaluated as a template.
458
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
459
## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set
460
##
461
affinity: {}
462
## @param nodeSelector Node labels for pod assignment. Evaluated as a template.
463
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
464
##
465
nodeSelector: {}
466
## @param tolerations Tolerations for pod assignment. Evaluated as a template.
467
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
468
##
469
tolerations: []
470
## @param extraVolumes Optionally specify extra list of additional volumes for Controller pods
471
##
472
extraVolumes: []
473
## @param extraVolumeMounts Optionally specify extra list of additional volumeMounts for Controller container(s)
474
##
475
extraVolumeMounts: []
476
## @param initContainers Add init containers to the controller pods
477
## Example:
478
## initContainers:
479
## - name: your-image-name
480
## image: your-image
481
## imagePullPolicy: Always
482
## ports:
483
## - name: portname
484
## containerPort: 1234
485
##
486
initContainers: []
487
## @param sidecars Add sidecars to the controller pods.
488
## Example:
489
## sidecars:
490
## - name: your-image-name
491
## image: your-image
492
## imagePullPolicy: Always
493
## ports:
494
## - name: portname
495
## containerPort: 1234
496
##
497
sidecars: []
498
## @param customTemplate [object] Override NGINX template
499
##
500
customTemplate:
501
configMapName: ""
502
configMapKey: ""
503
## @param topologySpreadConstraints Topology spread constraints rely on node labels to identify the topology domain(s) that each Node is in
504
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
505
##
506
## topologySpreadConstraints:
507
## - maxSkew: 1
508
## topologyKey: failure-domain.beta.kubernetes.io/zone
509
## whenUnsatisfiable: DoNotSchedule
510
## labelSelector:
511
## matchLabels:
512
## app.kubernetes.io/instance: ingress-nginx-internal
513
##
514
topologySpreadConstraints: []
515
## @param podSecurityPolicy.enabled Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later
516
## https://kubernetes.io/docs/concepts/policy/pod-security-policy/
517
##
518
podSecurityPolicy:
519
enabled: false
520
## @section Default backend parameters
521
522
## Default 404 backend
523
##
524
defaultBackend:
525
## @param defaultBackend.enabled Enable a default backend based on NGINX
526
##
527
enabled: true
528
## @param defaultBackend.automountServiceAccountToken Mount Service Account token in pod
529
##
530
automountServiceAccountToken: true
531
## @param defaultBackend.hostAliases Add deployment host aliases
532
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
533
##
534
hostAliases: []
535
## Iamguarded NGINX image
536
## ref: https://hub.docker.com/r/iamguarded/nginx/tags/
537
## @param defaultBackend.image.registry [default: REGISTRY_NAME] Default backend image registry
538
## @param defaultBackend.image.repository [default: REPOSITORY_NAME/nginx] Default backend image repository
539
## @skip defaultBackend.image.tag Default backend image tag (immutable tags are recommended)
540
## @param defaultBackend.image.digest Default backend image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
541
## @param defaultBackend.image.pullPolicy Image pull policy
542
## @param defaultBackend.image.pullSecrets Specify docker-registry secret names as an array
543
##
544
image:
545
registry: cgr.dev
546
repository: chainguard-private/nginx-iamguarded
547
tag: 1.29.6
548
digest: ""
549
## Specify a imagePullPolicy
550
## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
551
##
552
pullPolicy: IfNotPresent
553
## Optionally specify an array of imagePullSecrets.
554
## Secrets must be manually created in the namespace.
555
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
556
## Example:
557
## pullSecrets:
558
## - myRegistryKeySecretName
559
##
560
pullSecrets: []
561
## @param defaultBackend.extraArgs Additional command line arguments to pass to Nginx container
562
##
563
extraArgs: {}
564
## @param defaultBackend.containerPort HTTP container port number
565
##
566
containerPort: 8080
567
## @param defaultBackend.serverBlockConfig [string] NGINX backend default server block configuration
568
## Should be compliant with: https://kubernetes.github.io/ingress-nginx/user-guide/default-backend/
569
##
570
serverBlockConfig: |-
571
location /healthz {
572
return 200;
573
}
574
575
location / {
576
return 404;
577
}
578
## @param defaultBackend.replicaCount Desired number of default backend pods
579
##
580
replicaCount: 1
581
## Default backend pods' Security Context
582
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
583
## @param defaultBackend.podSecurityContext.enabled Enable Default backend pods' Security Context
584
## @param defaultBackend.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
585
## @param defaultBackend.podSecurityContext.sysctls Set kernel settings using the sysctl interface
586
## @param defaultBackend.podSecurityContext.supplementalGroups Set filesystem extra groups
587
## @param defaultBackend.podSecurityContext.fsGroup Group ID for the container filesystem
588
##
589
podSecurityContext:
590
enabled: true
591
fsGroupChangePolicy: Always
592
sysctls: []
593
supplementalGroups: []
594
fsGroup: 1001
595
## Default backend containers' Security Context (only main container)
596
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
597
## @param defaultBackend.containerSecurityContext.enabled Enable Default backend containers' Security Context
598
## @param defaultBackend.containerSecurityContext.capabilities.drop [array] Linux Kernel capabilities that should be dropped
599
## @param defaultBackend.containerSecurityContext.allowPrivilegeEscalation Switch to allow priviledge escalation on the container
600
## @param defaultBackend.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
601
## @param defaultBackend.containerSecurityContext.runAsUser User ID for the Default backend container
602
## @param defaultBackend.containerSecurityContext.runAsGroup Group ID for the Default backend container
603
## @param defaultBackend.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
604
## @param defaultBackend.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
605
## @param defaultBackend.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
606
##
607
containerSecurityContext:
608
enabled: true
609
allowPrivilegeEscalation: false
610
seLinuxOptions: {}
611
runAsUser: 1001
612
runAsGroup: 1001
613
readOnlyRootFilesystem: true
614
capabilities:
615
drop: ["ALL"]
616
runAsNonRoot: true
617
seccompProfile:
618
type: "RuntimeDefault"
619
## Default backend containers' resource requests and limits
620
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
621
## We usually recommend not to specify default resources and to leave this as a conscious
622
## choice for the user. This also increases chances charts run on environments with little
623
## resources, such as Minikube. If you do want to specify resources, uncomment the following
624
## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
625
## @param defaultBackend.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if defaultBackend.resources is set (defaultBackend.resources is recommended for production).
626
## More information: https://github.com/iamguarded/charts/blob/main/iamguarded/common/templates/_resources.tpl#L15
627
##
628
resourcesPreset: "nano"
629
## @param defaultBackend.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
630
## Example:
631
## resources:
632
## requests:
633
## cpu: 2
634
## memory: 512Mi
635
## limits:
636
## cpu: 3
637
## memory: 1024Mi
638
##
639
resources: {}
640
## Default backend containers' liveness probe. Evaluated as a template.
641
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
642
## @param defaultBackend.livenessProbe.enabled Enable livenessProbe
643
## @param defaultBackend.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
644
## @param defaultBackend.livenessProbe.periodSeconds Period seconds for livenessProbe
645
## @param defaultBackend.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
646
## @param defaultBackend.livenessProbe.failureThreshold Failure threshold for livenessProbe
647
## @param defaultBackend.livenessProbe.successThreshold Success threshold for livenessProbe
648
##
649
livenessProbe:
650
enabled: true
651
failureThreshold: 3
652
initialDelaySeconds: 30
653
periodSeconds: 10
654
successThreshold: 1
655
timeoutSeconds: 5
656
## Default backend containers' readiness probe. Evaluated as a template.
657
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
658
## @param defaultBackend.readinessProbe.enabled Enable readinessProbe
659
## @param defaultBackend.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
660
## @param defaultBackend.readinessProbe.periodSeconds Period seconds for readinessProbe
661
## @param defaultBackend.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
662
## @param defaultBackend.readinessProbe.failureThreshold Failure threshold for readinessProbe
663
## @param defaultBackend.readinessProbe.successThreshold Success threshold for readinessProbe
664
##
665
readinessProbe:
666
enabled: true
667
failureThreshold: 6
668
initialDelaySeconds: 0
669
periodSeconds: 5
670
successThreshold: 1
671
timeoutSeconds: 5
672
## Default backend containers' startup probe. Evaluated as a template.
673
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
674
## @param defaultBackend.startupProbe.enabled Enable startupProbe
675
## @param defaultBackend.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
676
## @param defaultBackend.startupProbe.periodSeconds Period seconds for startupProbe
677
## @param defaultBackend.startupProbe.timeoutSeconds Timeout seconds for startupProbe
678
## @param defaultBackend.startupProbe.failureThreshold Failure threshold for startupProbe
679
## @param defaultBackend.startupProbe.successThreshold Success threshold for startupProbe
680
##
681
startupProbe:
682
enabled: false
683
failureThreshold: 6
684
initialDelaySeconds: 0
685
periodSeconds: 5
686
successThreshold: 1
687
timeoutSeconds: 5
688
## @param defaultBackend.customStartupProbe Custom liveness probe for the Web component
689
##
690
customStartupProbe: {}
691
## @param defaultBackend.customLivenessProbe Custom liveness probe for the Web component
692
##
693
customLivenessProbe: {}
694
## @param defaultBackend.customReadinessProbe Custom readiness probe for the Web component
695
##
696
customReadinessProbe: {}
697
## @param defaultBackend.podLabels Extra labels for Controller pods
698
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
699
##
700
podLabels: {}
701
## @param defaultBackend.podAnnotations Annotations for Controller pods
702
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
703
##
704
podAnnotations: {}
705
## @param defaultBackend.priorityClassName priorityClassName
706
## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass
707
##
708
priorityClassName: ""
709
## @param defaultBackend.schedulerName Name of the k8s scheduler (other than default)
710
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
711
##
712
schedulerName: ""
713
## @param defaultBackend.terminationGracePeriodSeconds In seconds, time the given to the pod to terminate gracefully
714
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods
715
##
716
terminationGracePeriodSeconds: 60
717
## @param defaultBackend.topologySpreadConstraints Topology Spread Constraints for pod assignment
718
## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
719
## The value is evaluated as a template
720
##
721
topologySpreadConstraints: []
722
## @param defaultBackend.podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
723
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
724
##
725
podAffinityPreset: ""
726
## @param defaultBackend.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
727
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
728
##
729
podAntiAffinityPreset: soft
730
## Node affinity preset
731
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
732
##
733
nodeAffinityPreset:
734
## @param defaultBackend.nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
735
##
736
type: ""
737
## @param defaultBackend.nodeAffinityPreset.key Node label key to match. Ignored if `affinity` is set.
738
## E.g.
739
## key: "kubernetes.io/e2e-az-name"
740
##
741
key: ""
742
## @param defaultBackend.nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set.
743
## E.g.
744
## values:
745
## - e2e-az1
746
## - e2e-az2
747
##
748
values: []
749
## @param defaultBackend.command Override default container command (useful when using custom images)
750
##
751
command: []
752
## @param defaultBackend.args Override default container args (useful when using custom images)
753
##
754
args: []
755
## @param defaultBackend.lifecycleHooks for the %%MAIN_CONTAINER_NAME%% container(s) to automate configuration before or after startup
756
##
757
lifecycleHooks: {}
758
## @param defaultBackend.extraEnvVars Array with extra environment variables to add to %%MAIN_CONTAINER_NAME%% nodes
759
## e.g:
760
## extraEnvVars:
761
## - name: FOO
762
## value: "bar"
763
##
764
extraEnvVars: []
765
## @param defaultBackend.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for %%MAIN_CONTAINER_NAME%% nodes
766
##
767
extraEnvVarsCM: ""
768
## @param defaultBackend.extraEnvVarsSecret Name of existing Secret containing extra env vars for %%MAIN_CONTAINER_NAME%% nodes
769
##
770
extraEnvVarsSecret: ""
771
## @param defaultBackend.extraVolumes Optionally specify extra list of additional volumes for the %%MAIN_CONTAINER_NAME%% pod(s)
772
##
773
extraVolumes: []
774
## @param defaultBackend.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the %%MAIN_CONTAINER_NAME%% container(s)
775
##
776
extraVolumeMounts: []
777
## @param defaultBackend.sidecars Add additional sidecar containers to the %%MAIN_CONTAINER_NAME%% pod(s)
778
## e.g:
779
## sidecars:
780
## - name: your-image-name
781
## image: your-image
782
## imagePullPolicy: Always
783
## ports:
784
## - name: portname
785
## containerPort: 1234
786
##
787
sidecars: []
788
## @param defaultBackend.initContainers Add additional init containers to the %%MAIN_CONTAINER_NAME%% pod(s)
789
## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
790
## e.g:
791
## initContainers:
792
## - name: your-image-name
793
## image: your-image
794
## imagePullPolicy: Always
795
## command: ['sh', '-c', 'echo "hello world"']
796
##
797
initContainers: []
798
## @param defaultBackend.affinity Affinity for pod assignment
799
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
800
## Note: defaultBackend.podAffinityPreset, defaultBackend.podAntiAffinityPreset, and defaultBackend.nodeAffinityPreset will be ignored when it's set
801
##
802
affinity: {}
803
## @param defaultBackend.nodeSelector Node labels for pod assignment
804
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
805
##
806
nodeSelector: {}
807
## @param defaultBackend.tolerations Tolerations for pod assignment
808
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
809
##
810
tolerations: []
811
## Default backend Service parameters
812
##
813
service:
814
## @param defaultBackend.service.type Kubernetes Service type for default backend
815
##
816
type: ClusterIP
817
## @param defaultBackend.service.ports.http Default backend service HTTP port
818
##
819
ports:
820
http: 80
821
## @param defaultBackend.service.annotations Annotations for the default backend service
822
##
823
annotations: {}
824
## Network Policies
825
## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
826
##
827
networkPolicy:
828
## @param defaultBackend.networkPolicy.enabled Specifies whether a NetworkPolicy should be created
829
##
830
enabled: true
831
## @param defaultBackend.networkPolicy.allowExternal Don't require server label for connections
832
## The Policy model to apply. When set to false, only pods with the correct
833
## server label will have network access to the ports server is listening
834
## on. When true, server will accept connections from any source
835
## (with the correct destination port).
836
##
837
allowExternal: true
838
## @param defaultBackend.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
839
##
840
allowExternalEgress: true
841
## @param defaultBackend.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
842
## e.g:
843
## extraIngress:
844
## - ports:
845
## - port: 1234
846
## from:
847
## - podSelector:
848
## - matchLabels:
849
## - role: frontend
850
## - podSelector:
851
## - matchExpressions:
852
## - key: role
853
## operator: In
854
## values:
855
## - frontend
856
extraIngress: []
857
## @param defaultBackend.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy
858
## e.g:
859
## extraEgress:
860
## - ports:
861
## - port: 1234
862
## to:
863
## - podSelector:
864
## - matchLabels:
865
## - role: frontend
866
## - podSelector:
867
## - matchExpressions:
868
## - key: role
869
## operator: In
870
## values:
871
## - frontend
872
##
873
extraEgress: []
874
## @param defaultBackend.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces
875
## @param defaultBackend.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces
876
##
877
ingressNSMatchLabels: {}
878
ingressNSPodMatchLabels: {}
879
## Default backend Pod Disruption Budget configuration
880
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
881
##
882
pdb:
883
## @param defaultBackend.pdb.create Enable/disable a Pod Disruption Budget creation for Default backend
884
##
885
create: true
886
## @param defaultBackend.pdb.minAvailable Minimum number/percentage of Default backend pods that should remain scheduled
887
##
888
minAvailable: ""
889
## @param defaultBackend.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable. Defaults to `1` if both `defaultBackend.pdb.minAvailable` and `defaultBackend.pdb.maxUnavailable` are empty.
890
##
891
maxUnavailable: ""
892
## @section Traffic exposure parameters
893
894
## Service parameters
895
##
896
service:
897
## @param service.type Kubernetes Service type for Controller
898
##
899
type: LoadBalancer
900
## @param service.ports [object] Service ports
901
##
902
ports:
903
http: 80
904
https: 443
905
## @param service.targetPorts [object] Map the controller service HTTP/HTTPS port
906
##
907
targetPorts:
908
http: http
909
https: https
910
## @param service.nodePorts [object] Specify the nodePort value(s) for the LoadBalancer and NodePort service types.
911
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
912
##
913
nodePorts:
914
http: ""
915
https: ""
916
tcp: {}
917
udp: {}
918
## @param service.annotations Annotations for controller service
919
## This can be used to set the LoadBalancer service type to internal only.
920
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
921
##
922
annotations: {}
923
## @param service.labels Labels for controller service
924
##
925
labels: {}
926
## @param service.clusterIP Controller Internal Cluster Service IP (optional)
927
##
928
clusterIP: ""
929
## @param service.externalIPs Controller Service external IP addresses
930
## Ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips
931
##
932
externalIPs: []
933
## @param service.ipFamilyPolicy Controller Service ipFamilyPolicy (optional, cloud specific)
934
## This can be either SingleStack, PreferDualStack or RequireDualStack
935
## ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services
936
##
937
ipFamilyPolicy: ""
938
## @param service.ipFamilies Controller Service ipFamilies (optional, cloud specific)
939
## This can be either ["IPv4"], ["IPv6"], ["IPv4", "IPv6"] or ["IPv6", "IPv4"]
940
## ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services
941
##
942
ipFamilies: []
943
## @param service.loadBalancerClass Load balancer class if service type is `LoadBalancer`
944
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-class
945
##
946
loadBalancerClass: ""
947
## @param service.loadBalancerIP Kubernetes LoadBalancerIP to request for Controller (optional, cloud specific)
948
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
949
##
950
loadBalancerIP: ""
951
## @param service.loadBalancerSourceRanges List of IP CIDRs allowed access to load balancer (if supported)
952
## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
953
##
954
loadBalancerSourceRanges: []
955
## @param service.extraPorts Extra ports to expose (normally used with the `sidecar` value)
956
##
957
extraPorts: []
958
## @param service.externalTrafficPolicy Set external traffic policy to: "Local" to preserve source IP on providers supporting it
959
## Enable client source IP preservation
960
## Ref: https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-typeloadbalancer
961
##
962
externalTrafficPolicy: ""
963
## @param service.healthCheckNodePort Set this to the managed health-check port the kube-proxy will expose. If blank, a random port in the `NodePort` range will be assigned
964
##
965
healthCheckNodePort: 0
966
## @param service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
967
## If "ClientIP", consecutive client requests will be directed to the same Pod
968
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
969
##
970
sessionAffinity: None
971
## @param service.sessionAffinityConfig Additional settings for the sessionAffinity
972
## sessionAffinityConfig:
973
## clientIP:
974
## timeoutSeconds: 300
975
##
976
sessionAffinityConfig: {}
977
## Network Policies
978
## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
979
##
980
networkPolicy:
981
## @param networkPolicy.enabled Specifies whether a NetworkPolicy should be created
982
##
983
enabled: true
984
## @param networkPolicy.allowExternal Don't require server label for connections
985
## The Policy model to apply. When set to false, only pods with the correct
986
## server label will have network access to the ports server is listening
987
## on. When true, server will accept connections from any source
988
## (with the correct destination port).
989
##
990
allowExternal: true
991
## @param networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
992
##
993
allowExternalEgress: true
994
## @param networkPolicy.kubeAPIServerPorts [array] List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security)
995
##
996
kubeAPIServerPorts: [443, 6443, 8443]
997
## @param networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
998
## e.g:
999
## extraIngress:
1000
## - ports:
1001
## - port: 1234
1002
## from:
1003
## - podSelector:
1004
## - matchLabels:
1005
## - role: frontend
1006
## - podSelector:
1007
## - matchExpressions:
1008
## - key: role
1009
## operator: In
1010
## values:
1011
## - frontend
1012
extraIngress: []
1013
## @param networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy
1014
## e.g:
1015
## extraEgress:
1016
## - ports:
1017
## - port: 1234
1018
## to:
1019
## - podSelector:
1020
## - matchLabels:
1021
## - role: frontend
1022
## - podSelector:
1023
## - matchExpressions:
1024
## - key: role
1025
## operator: In
1026
## values:
1027
## - frontend
1028
##
1029
extraEgress: []
1030
## @param networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces
1031
## @param networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces
1032
##
1033
ingressNSMatchLabels: {}
1034
ingressNSPodMatchLabels: {}
1035
## @section RBAC parameters
1036
1037
## Pods Service Account
1038
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
1039
##
1040
serviceAccount:
1041
## @param serviceAccount.create Enable the creation of a ServiceAccount for Controller pods
1042
##
1043
create: true
1044
## @param serviceAccount.name Name of the created ServiceAccount
1045
## If not set and create is true, a name is generated using the metrics-server.fullname template
1046
name: ""
1047
## @param serviceAccount.annotations Annotations for service account.
1048
## Only used if `create` is `true`.
1049
##
1050
annotations: {}
1051
## @param serviceAccount.automountServiceAccountToken Automount service account token for the server service account
1052
##
1053
automountServiceAccountToken: false
1054
## Role Based Access
1055
## Ref: https://kubernetes.io/docs/admin/authorization/rbac/
1056
##
1057
rbac:
1058
## @param rbac.create Specifies whether RBAC rules should be created
1059
##
1060
create: true
1061
## @param rbac.rules Custom RBAC rules
1062
## Example:
1063
## rules:
1064
## - apiGroups:
1065
## - ""
1066
## resources:
1067
## - pods
1068
## verbs:
1069
## - get
1070
## - list
1071
##
1072
rules: []
1073
## @section Other parameters
1074
1075
## Controller Pod Disruption Budget configuration
1076
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
1077
##
1078
pdb:
1079
## @param pdb.create Enable/disable a Pod Disruption Budget creation for Controller
1080
##
1081
create: true
1082
## @param pdb.minAvailable Minimum number/percentage of Controller pods that should remain scheduled
1083
##
1084
minAvailable: ""
1085
## @param pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable. Defaults to `1` if both `pdb.minAvailable` and `pdb.maxUnavailable` are empty.
1086
##
1087
maxUnavailable: ""
1088
## Controller Autoscaling configuration
1089
## @param autoscaling.enabled Enable autoscaling for Controller
1090
## @param autoscaling.minReplicas Minimum number of Controller replicas
1091
## @param autoscaling.maxReplicas Maximum number of Controller replicas
1092
## @param autoscaling.targetCPU Target CPU utilization percentage
1093
## @param autoscaling.targetMemory Target Memory utilization percentage
1094
##
1095
autoscaling:
1096
enabled: false
1097
minReplicas: 1
1098
maxReplicas: 11
1099
targetCPU: ""
1100
targetMemory: ""
1101
## @section Metrics parameters
1102
1103
## Prometheus exporter parameters
1104
##
1105
metrics:
1106
## @param metrics.enabled Enable exposing Controller statistics
1107
##
1108
enabled: false
1109
## Prometheus exporter service parameters
1110
##
1111
service:
1112
## @param metrics.service.type Type of Prometheus metrics service to create
1113
##
1114
type: ClusterIP
1115
## @param metrics.service.ports.metrics Service HTTP management port
1116
##
1117
ports:
1118
metrics: 9913
1119
## @param metrics.service.annotations [object] Annotations for the Prometheus exporter service
1120
##
1121
annotations:
1122
prometheus.io/scrape: "true"
1123
prometheus.io/port: "{{ coalesce .Values.metrics.service.ports.metrics .Values.metrics.service.port }}"
1124
## @param metrics.service.labels Labels for the Prometheus exporter service
1125
##
1126
labels: {}
1127
## Prometheus Operator ServiceMonitor configuration
1128
##
1129
serviceMonitor:
1130
## @param metrics.serviceMonitor.enabled Create ServiceMonitor resource for scraping metrics using PrometheusOperator
1131
##
1132
enabled: false
1133
## @param metrics.serviceMonitor.namespace Namespace in which Prometheus is running
1134
##
1135
namespace: ""
1136
## @param metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus.
1137
##
1138
jobLabel: ""
1139
## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped
1140
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
1141
##
1142
interval: 30s
1143
## @param metrics.serviceMonitor.scrapeTimeout Specify the timeout after which the scrape is ended
1144
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
1145
## e.g:
1146
## scrapeTimeout: 10s
1147
##
1148
scrapeTimeout: ""
1149
## @param metrics.serviceMonitor.relabelings RelabelConfigs to apply to samples before scraping
1150
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig
1151
##
1152
relabelings: []
1153
## @param metrics.serviceMonitor.metricRelabelings MetricRelabelConfigs to apply to samples before ingestion
1154
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig
1155
##
1156
metricRelabelings: []
1157
## @param metrics.serviceMonitor.selector ServiceMonitor selector labels
1158
## ref: https://github.com/iamguarded/charts/tree/main/iamguarded/prometheus-operator#prometheus-configuration
1159
## e.g:
1160
## selector:
1161
## prometheus: my-prometheus
1162
##
1163
selector: {}
1164
## @param metrics.serviceMonitor.annotations Extra annotations for the ServiceMonitor
1165
##
1166
annotations: {}
1167
## @param metrics.serviceMonitor.labels Extra labels for the ServiceMonitor
1168
##
1169
labels: {}
1170
## @param metrics.serviceMonitor.honorLabels honorLabels chooses the metric's labels on collisions with target labels
1171
##
1172
honorLabels: false
1173
## @param metrics.prometheusRule.enabled Create PrometheusRules resource for scraping metrics using PrometheusOperator
1174
## @param metrics.prometheusRule.additionalLabels Used to pass Labels that are required by the Installed Prometheus Operator
1175
## @param metrics.prometheusRule.namespace Namespace which Prometheus is running in
1176
## @param metrics.prometheusRule.rules Rules to be prometheus in YAML format, check values for an example
1177
##
1178
prometheusRule:
1179
enabled: false
1180
additionalLabels: {}
1181
namespace: ""
1182
rules: []
1183
The trusted source for open source
Talk to an expertCustomers
© 2026 Chainguard, Inc. All Rights Reserved.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.