nginx
Helm chart
Request a free trial
Contact our team to test out this Helm chart and related images for free. Please also indicate any other images you would like to evaluate.
Tag:
1
# This file has been modified by Chainguard, Inc.
2
#
3
# Copyright Chainguard, Inc. All Rights Reserved.
4
# Chainguard, Inc. modifications are subject to the license
5
# available at: https://www.chainguard.dev/legal/software-license-agreement
6
#
7
# Copyright Broadcom, Inc. All Rights Reserved.
8
# SPDX-License-Identifier: APACHE-2.0
9
10
## @section Global parameters
11
## Global Docker image parameters
12
## Please, note that this will override the image parameters, including dependencies, configured to use the global value
13
## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass
14
15
## @param global.imageRegistry Global Docker image registry
16
## @param global.imagePullSecrets Global Docker registry secret names as an array
17
##
18
global:
19
imageRegistry: ""
20
## E.g.
21
## imagePullSecrets:
22
## - myRegistryKeySecretName
23
##
24
imagePullSecrets: []
25
## Security parameters
26
##
27
security:
28
## @param global.security.allowInsecureImages Allows skipping image verification
29
##
30
allowInsecureImages: false
31
## Compatibility adaptations for Kubernetes platforms
32
##
33
compatibility:
34
## Compatibility adaptations for Openshift
35
##
36
openshift:
37
## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation)
38
##
39
adaptSecurityContext: auto
40
org: ""
41
## @section Common parameters
42
43
## @param nameOverride String to partially override nginx.fullname template (will maintain the release name)
44
##
45
nameOverride: ""
46
## @param fullnameOverride String to fully override nginx.fullname template
47
##
48
fullnameOverride: ""
49
## @param namespaceOverride String to fully override common.names.namespace
50
##
51
namespaceOverride: ""
52
## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set)
53
##
54
kubeVersion: ""
55
## @param clusterDomain Kubernetes Cluster Domain
56
##
57
clusterDomain: cluster.local
58
## @param extraDeploy Extra objects to deploy (value evaluated as a template)
59
##
60
extraDeploy: []
61
## @param commonLabels Add labels to all the deployed resources
62
##
63
commonLabels: {}
64
## @param commonAnnotations Add annotations to all the deployed resources
65
##
66
commonAnnotations: {}
67
## Enable diagnostic mode in the deployment(s)/statefulset(s)
68
##
69
diagnosticMode:
70
## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden)
71
##
72
enabled: false
73
## @param diagnosticMode.command Command to override all containers in the the deployment(s)/statefulset(s)
74
##
75
command:
76
- sleep
77
## @param diagnosticMode.args Args to override all containers in the the deployment(s)/statefulset(s)
78
##
79
args:
80
- infinity
81
## @section NGINX parameters
82
83
## Iamguarded NGINX image version
84
## @param image.registry [default: REGISTRY_NAME] NGINX image registry
85
## @param image.repository [default: REPOSITORY_NAME/nginx] NGINX image repository
86
## @skip image.tag NGINX image tag (immutable tags are recommended)
87
## @param image.digest NGINX image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
88
## @param image.pullPolicy NGINX image pull policy
89
## @param image.pullSecrets Specify docker-registry secret names as an array
90
## @param image.debug Set to true if you would like to see extra information on logs
91
##
92
image:
93
registry: cgr.dev
94
repository: chainguard-private/nginx-iamguarded
95
tag: 1.29.6
96
digest: ""
97
## Specify a imagePullPolicy
98
## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
99
##
100
pullPolicy: IfNotPresent
101
## Optionally specify an array of imagePullSecrets.
102
## Secrets must be manually created in the namespace.
103
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
104
## E.g.:
105
## pullSecrets:
106
## - myRegistryKeySecretName
107
##
108
pullSecrets: []
109
## Set to true if you would like to see extra information on logs
110
##
111
debug: false
112
## @param enableDefaultInitContainers If set to false, disable all init containers except user-defined at `initContainer`.
113
##
114
enableDefaultInitContainers: true
115
## @param automountServiceAccountToken Mount Service Account token in pod
116
##
117
automountServiceAccountToken: false
118
## @param hostAliases Deployment pod host aliases
119
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
120
##
121
hostAliases: []
122
## Command and args for running the container (set to default if not set). Use array form
123
## @param command Override default container command (useful when using custom images)
124
## @param args Override default container args (useful when using custom images)
125
##
126
command: []
127
args: []
128
## @param extraEnvVars Extra environment variables to be set on NGINX containers
129
## E.g:
130
## extraEnvVars:
131
## - name: FOO
132
## value: BAR
133
##
134
extraEnvVars: []
135
## @param extraEnvVarsCM ConfigMap with extra environment variables
136
##
137
extraEnvVarsCM: ""
138
## @param extraEnvVarsSecret Secret with extra environment variables
139
##
140
extraEnvVarsSecret: ""
141
## @section NGINX deployment parameters
142
143
## @param replicaCount Number of NGINX replicas to deploy
144
##
145
replicaCount: 1
146
## @param revisionHistoryLimit The number of old history to retain to allow rollback
147
##
148
revisionHistoryLimit: 10
149
## @param updateStrategy.type NGINX deployment strategy type
150
## @param updateStrategy.rollingUpdate NGINX deployment rolling update configuration parameters
151
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
152
##
153
updateStrategy:
154
type: RollingUpdate
155
rollingUpdate: {}
156
## @param podLabels Additional labels for NGINX pods
157
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
158
##
159
podLabels: {}
160
## @param podAnnotations Annotations for NGINX pods
161
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
162
##
163
podAnnotations: {}
164
## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
165
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
166
##
167
podAffinityPreset: ""
168
## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
169
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
170
##
171
podAntiAffinityPreset: soft
172
## Node affinity preset
173
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
174
##
175
nodeAffinityPreset:
176
## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
177
##
178
type: ""
179
## @param nodeAffinityPreset.key Node label key to match Ignored if `affinity` is set.
180
## E.g.
181
## key: "kubernetes.io/e2e-az-name"
182
##
183
key: ""
184
## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set.
185
## E.g.
186
## values:
187
## - e2e-az1
188
## - e2e-az2
189
##
190
values: []
191
## @param affinity Affinity for pod assignment
192
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
193
## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set
194
##
195
affinity: {}
196
## @param hostNetwork Specify if host network should be enabled for NGINX pod
197
##
198
hostNetwork: false
199
## @param hostIPC Specify if host IPC should be enabled for NGINX pod
200
##
201
hostIPC: false
202
## DNS-Pod services
203
## Ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/
204
## @param dnsPolicy Specifies the DNS policy for the NGINX pod
205
## DNS policies can be set on a per-Pod basis. Currently Kubernetes supports the following Pod-specific DNS policies.
206
## Available options: Default, ClusterFirst, ClusterFirstWithHostNet, None
207
## Ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy
208
dnsPolicy: ""
209
## @param dnsConfig Allows users more control on the DNS settings for a Pod. Required if `dnsPolicy` is set to `None`
210
## The dnsConfig field is optional and it can work with any dnsPolicy settings.
211
## Ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config
212
## E.g.
213
## dnsConfig:
214
## nameservers:
215
## - 192.0.2.1 # this is an example
216
## searches:
217
## - ns1.svc.cluster-domain.example
218
## - my.dns.search.suffix
219
## options:
220
## - name: ndots
221
## value: "2"
222
## - name: edns0
223
dnsConfig: {}
224
## @param nodeSelector Node labels for pod assignment. Evaluated as a template.
225
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
226
##
227
nodeSelector: {}
228
## @param tolerations Tolerations for pod assignment. Evaluated as a template.
229
## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
230
##
231
tolerations: []
232
## @param priorityClassName NGINX pods' priorityClassName
233
##
234
priorityClassName: ""
235
## @param schedulerName Name of the k8s scheduler (other than default)
236
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
237
##
238
schedulerName: ""
239
## @param terminationGracePeriodSeconds In seconds, time the given to the NGINX pod needs to terminate gracefully
240
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods
241
##
242
terminationGracePeriodSeconds: ""
243
## @param topologySpreadConstraints Topology Spread Constraints for pod assignment
244
## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
245
## The value is evaluated as a template
246
##
247
topologySpreadConstraints: []
248
## TLS settings
249
##
250
tls:
251
## @param tls.enabled Enable TLS transport
252
##
253
enabled: true
254
## @param tls.autoGenerated Auto-generate self-signed certificates
255
##
256
autoGenerated: true
257
## @param tls.existingSecret Name of a secret containing the certificates
258
##
259
existingSecret: ""
260
## @param tls.certFilename Path of the certificate file when mounted as a secret
261
##
262
certFilename: tls.crt
263
## @param tls.certKeyFilename Path of the certificate key file when mounted as a secret
264
##
265
certKeyFilename: tls.key
266
## @param tls.certCAFilename Path of the certificate CA file when mounted as a secret
267
##
268
certCAFilename: ca.crt
269
## @param tls.cert Content of the certificate to be added to the secret
270
##
271
cert: ""
272
## @param tls.key Content of the certificate key to be added to the secret
273
##
274
key: ""
275
## @param tls.ca Content of the certificate CA to be added to the secret
276
##
277
ca: ""
278
## NGINX pods' Security Context.
279
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
280
## @param podSecurityContext.enabled Enabled NGINX pods' Security Context
281
## @param podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
282
## @param podSecurityContext.supplementalGroups Set filesystem extra groups
283
## @param podSecurityContext.fsGroup Set NGINX pod's Security Context fsGroup
284
## @param podSecurityContext.sysctls sysctl settings of the NGINX pods
285
##
286
podSecurityContext:
287
enabled: true
288
fsGroupChangePolicy: Always
289
supplementalGroups: []
290
fsGroup: 1001
291
## sysctl settings
292
## Example:
293
## sysctls:
294
## - name: net.core.somaxconn
295
## value: "10000"
296
##
297
sysctls: []
298
## NGINX containers' Security Context.
299
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
300
## @param containerSecurityContext.enabled Enabled containers' Security Context
301
## @param containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
302
## @param containerSecurityContext.runAsUser Set containers' Security Context runAsUser
303
## @param containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
304
## @param containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
305
## @param containerSecurityContext.privileged Set container's Security Context privileged
306
## @param containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
307
## @param containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
308
## @param containerSecurityContext.capabilities.drop List of capabilities to be dropped
309
## @param containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
310
##
311
containerSecurityContext:
312
enabled: true
313
seLinuxOptions: {}
314
runAsUser: 1001
315
runAsGroup: 1001
316
runAsNonRoot: true
317
privileged: false
318
readOnlyRootFilesystem: true
319
allowPrivilegeEscalation: false
320
capabilities:
321
drop: ["ALL"]
322
seccompProfile:
323
type: "RuntimeDefault"
324
## Configures the ports NGINX listens on
325
## @param containerPorts.http Sets http port inside NGINX container
326
## @param containerPorts.https Sets https port inside NGINX container
327
##
328
containerPorts:
329
http: 8080
330
https: 8443
331
## @param extraContainerPorts Array of additional container ports for the Nginx container
332
## e.g:
333
## extraContainerPorts:
334
## - name: grpc
335
## containerPort: 4317
336
##
337
extraContainerPorts: []
338
## NGINX containers' resource requests and limits
339
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
340
## We usually recommend not to specify default resources and to leave this as a conscious
341
## choice for the user. This also increases chances charts run on environments with little
342
## resources, such as Minikube. If you do want to specify resources, uncomment the following
343
## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
344
## @param resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).
345
##
346
resourcesPreset: "nano"
347
## @param resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
348
## Example:
349
## resources:
350
## requests:
351
## cpu: 2
352
## memory: 512Mi
353
## limits:
354
## cpu: 3
355
## memory: 1024Mi
356
##
357
resources: {}
358
## NGINX containers' lifecycleHooks
359
## ref: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
360
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/
361
## If you do want to specify lifecycleHooks, uncomment the following
362
## lines, adjust them as necessary, and remove the curly braces on 'lifecycle:{}'.
363
## @param lifecycleHooks Optional lifecycleHooks for the NGINX container
364
lifecycleHooks: {}
365
## Example:
366
## postStart:
367
## exec:
368
## command: ["/bin/sh", "-c", "echo Hello from the postStart handler > /usr/share/message"]
369
## Example:
370
## preStop:
371
## exec:
372
## command: ["/bin/sleep", "20"]
373
## command: ["/bin/sh","-c","nginx -s quit; while killall -0 nginx; do sleep 1; done"]
374
375
## NGINX containers' startup probe.
376
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
377
## @param startupProbe.enabled Enable startupProbe
378
## @param startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
379
## @param startupProbe.periodSeconds Period seconds for startupProbe
380
## @param startupProbe.timeoutSeconds Timeout seconds for startupProbe
381
## @param startupProbe.failureThreshold Failure threshold for startupProbe
382
## @param startupProbe.successThreshold Success threshold for startupProbe
383
##
384
startupProbe:
385
enabled: false
386
initialDelaySeconds: 30
387
timeoutSeconds: 5
388
periodSeconds: 10
389
failureThreshold: 6
390
successThreshold: 1
391
## NGINX containers' liveness probe.
392
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
393
## @param livenessProbe.enabled Enable livenessProbe
394
## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
395
## @param livenessProbe.periodSeconds Period seconds for livenessProbe
396
## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
397
## @param livenessProbe.failureThreshold Failure threshold for livenessProbe
398
## @param livenessProbe.successThreshold Success threshold for livenessProbe
399
##
400
livenessProbe:
401
enabled: true
402
initialDelaySeconds: 30
403
timeoutSeconds: 5
404
periodSeconds: 10
405
failureThreshold: 6
406
successThreshold: 1
407
## NGINX containers' readiness probe.
408
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
409
## @param readinessProbe.enabled Enable readinessProbe
410
## @param readinessProbe.path Request path for livenessProbe
411
## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
412
## @param readinessProbe.periodSeconds Period seconds for readinessProbe
413
## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
414
## @param readinessProbe.failureThreshold Failure threshold for readinessProbe
415
## @param readinessProbe.successThreshold Success threshold for readinessProbe
416
##
417
readinessProbe:
418
enabled: true
419
path: /
420
initialDelaySeconds: 5
421
timeoutSeconds: 3
422
periodSeconds: 5
423
failureThreshold: 3
424
successThreshold: 1
425
## @param customStartupProbe Custom liveness probe for the Web component
426
##
427
customStartupProbe: {}
428
## @param customLivenessProbe Override default liveness probe
429
##
430
customLivenessProbe: {}
431
## @param customReadinessProbe Override default readiness probe
432
##
433
customReadinessProbe: {}
434
## Autoscaling parameters
435
## @param autoscaling.enabled Enable autoscaling for NGINX deployment
436
## @param autoscaling.minReplicas Minimum number of replicas to scale back
437
## @param autoscaling.maxReplicas Maximum number of replicas to scale out
438
## @param autoscaling.targetCPU Target CPU utilization percentage
439
## @param autoscaling.targetMemory Target Memory utilization percentage
440
##
441
autoscaling:
442
enabled: false
443
minReplicas: ""
444
maxReplicas: ""
445
targetCPU: ""
446
targetMemory: ""
447
## @param extraVolumes Array to add extra volumes
448
##
449
extraVolumes: []
450
## @param extraVolumeMounts Array to add extra mount
451
##
452
extraVolumeMounts: []
453
## Pods Service Account
454
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
455
##
456
serviceAccount:
457
## @param serviceAccount.create Enable creation of ServiceAccount for nginx pod
458
##
459
create: true
460
## @param serviceAccount.name The name of the ServiceAccount to use.
461
## If not set and create is true, a name is generated using the `common.names.fullname` template
462
name: ""
463
## @param serviceAccount.annotations Annotations for service account. Evaluated as a template.
464
## Only used if `create` is `true`.
465
##
466
annotations: {}
467
## @param serviceAccount.automountServiceAccountToken Auto-mount the service account token in the pod
468
##
469
automountServiceAccountToken: false
470
## @param sidecars Sidecar parameters
471
## e.g:
472
## sidecars:
473
## - name: your-image-name
474
## image: your-image
475
## imagePullPolicy: Always
476
## ports:
477
## - name: portname
478
## containerPort: 1234
479
##
480
sidecars: []
481
## @param sidecarSingleProcessNamespace Enable sharing the process namespace with sidecars
482
## This will switch pod.spec.shareProcessNamespace parameter
483
##
484
sidecarSingleProcessNamespace: false
485
## @param initContainers Extra init containers
486
##
487
initContainers: []
488
## Pod Disruption Budget configuration
489
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
490
##
491
pdb:
492
## @param pdb.create Created a PodDisruptionBudget
493
##
494
create: true
495
## @param pdb.minAvailable Min number of pods that must still be available after the eviction.
496
## You can specify an integer or a percentage by setting the value to a string representation of a percentage (eg. "50%"). It will be disabled if set to 0
497
##
498
minAvailable: ""
499
## @param pdb.maxUnavailable Max number of pods that can be unavailable after the eviction.
500
## You can specify an integer or a percentage by setting the value to a string representation of a percentage (eg. "50%"). It will be disabled if set to 0. Defaults to `1` if both `pdb.minAvailable` and `pdb.maxUnavailable` are empty.
501
##
502
maxUnavailable: ""
503
## @section Custom NGINX application parameters
504
505
## Get the server static content from a git repository
506
## NOTE: This will override staticSiteConfigmap and staticSitePVC
507
##
508
cloneStaticSiteFromGit:
509
## @param cloneStaticSiteFromGit.enabled Get the server static content from a Git repository
510
##
511
enabled: false
512
## Iamguarded Git image version
513
## @param cloneStaticSiteFromGit.image.registry [default: REGISTRY_NAME] Git image registry
514
## @param cloneStaticSiteFromGit.image.repository [default: REPOSITORY_NAME/git] Git image repository
515
## @skip cloneStaticSiteFromGit.image.tag Git image tag (immutable tags are recommended)
516
## @param cloneStaticSiteFromGit.image.digest Git image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
517
## @param cloneStaticSiteFromGit.image.pullPolicy Git image pull policy
518
## @param cloneStaticSiteFromGit.image.pullSecrets Specify docker-registry secret names as an array
519
##
520
image:
521
registry: cgr.dev
522
repository: chainguard-private/git-iamguarded
523
tag: 2.53.0
524
digest: ""
525
## Specify a imagePullPolicy
526
## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
527
##
528
pullPolicy: IfNotPresent
529
## Optionally specify an array of imagePullSecrets.
530
## Secrets must be manually created in the namespace.
531
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
532
## e.g:
533
## pullSecrets:
534
## - myRegistryKeySecretName
535
##
536
pullSecrets: []
537
## @param cloneStaticSiteFromGit.repository Git Repository to clone static content from
538
##
539
repository: ""
540
## @param cloneStaticSiteFromGit.branch Git branch to checkout
541
##
542
branch: ""
543
## @param cloneStaticSiteFromGit.interval Interval for sidecar container pull from the Git repository
544
##
545
interval: 60
546
## Additional configuration for git-clone-repository initContainer
547
##
548
gitClone:
549
## @param cloneStaticSiteFromGit.gitClone.command Override default container command for git-clone-repository
550
##
551
command: []
552
## @param cloneStaticSiteFromGit.gitClone.args Override default container args for git-clone-repository
553
##
554
args: []
555
## Additional configuration for the git-repo-syncer container
556
##
557
gitSync:
558
## @param cloneStaticSiteFromGit.gitSync.command Override default container command for git-repo-syncer
559
##
560
command: []
561
## @param cloneStaticSiteFromGit.gitSync.args Override default container args for git-repo-syncer
562
##
563
args: []
564
## git-repo-syncer resource requests and limits
565
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
566
## @param cloneStaticSiteFromGit.gitSync.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if cloneStaticSiteFromGit.gitSync.resources is set (cloneStaticSiteFromGit.gitSync.resources is recommended for production).
567
##
568
resourcesPreset: "nano"
569
## @param cloneStaticSiteFromGit.gitSync.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
570
## Example:
571
## resources:
572
## requests:
573
## cpu: 2
574
## memory: 512Mi
575
## limits:
576
## cpu: 3
577
## memory: 1024Mi
578
##
579
resources: {}
580
## @param cloneStaticSiteFromGit.extraEnvVars Additional environment variables to set for the in the containers that clone static site from git
581
## E.g:
582
## extraEnvVars:
583
## - name: FOO
584
## value: BAR
585
##
586
extraEnvVars: []
587
## @param cloneStaticSiteFromGit.extraEnvVarsSecret Secret with extra environment variables
588
##
589
extraEnvVarsSecret: ""
590
## @param cloneStaticSiteFromGit.extraVolumeMounts Add extra volume mounts for the Git containers
591
## Useful to mount keys to connect through ssh. (normally used with extraVolumes)
592
## E.g:
593
## extraVolumeMounts:
594
## - name: ssh-dir
595
## mountPath: /root/.ssh/
596
##
597
extraVolumeMounts: []
598
## @param serverBlock Custom server block to be added to NGINX configuration
599
## PHP-FPM example server block:
600
## serverBlock: |-
601
## server {
602
## listen 0.0.0.0:8080;
603
## root /app;
604
## location / {
605
## index index.html index.php;
606
## }
607
## location ~ \.php$ {
608
## fastcgi_pass phpfpm-server:9000;
609
## fastcgi_index index.php;
610
## include fastcgi.conf;
611
## }
612
## }
613
##
614
serverBlock: ""
615
## @param streamServerBlock Custom stream server block to be added to NGINX configuration
616
## streamServerBlock: |-
617
## server {
618
## listen 0.0.0.0:8080 udp;
619
## proxy_pass localhost:9000;
620
## }
621
##
622
streamServerBlock: ""
623
## @param existingServerBlockConfigmap ConfigMap with custom server block to be added to NGINX configuration
624
## NOTE: This will override serverBlock
625
##
626
existingServerBlockConfigmap: ""
627
## @param existingStreamServerBlockConfigmap ConfigMap with custom stream server block to be added to NGINX configuration
628
## NOTE: This will override streamServerBlock
629
##
630
existingStreamServerBlockConfigmap: ""
631
## Collection of NGINX context based includes
632
## e.g:
633
## contextIncludes:
634
## main: |
635
## load_module /opt/iamguarded/nginx/modules/ngx_http_dav_module.so;
636
##
637
contextIncludes:
638
## @param contextIncludes.main Custom configuration for the main context
639
##
640
main: ""
641
## @param contextIncludes.events Custom configuration for the events context
642
##
643
events: ""
644
## @param contextIncludes.http Custom configuration for the http context
645
##
646
http: ""
647
## @param existingContextMainConfigmaps List of existing ConfigMaps with custom main context configuration
648
## NOTE: These will be mounted alongside contextIncludes.main
649
## e.g:
650
## existingContextMainConfigmaps:
651
## - "my-modules-config"
652
## - "my-main-directives-config"
653
##
654
existingContextMainConfigmaps: []
655
## @param existingContextEventsConfigmaps List of existing ConfigMaps with custom events context configuration
656
## NOTE: These will be mounted alongside contextIncludes.events
657
##
658
existingContextEventsConfigmaps: []
659
## @param existingContextHttpConfigmaps List of existing ConfigMaps with custom http context configuration
660
## NOTE: These will be mounted alongside contextIncludes.http
661
##
662
existingContextHttpConfigmaps: []
663
## @param staticSiteConfigmap Name of existing ConfigMap with the server static site content
664
##
665
staticSiteConfigmap: ""
666
## @param staticSitePVC Name of existing PVC with the server static site content
667
## NOTE: This will override staticSiteConfigmap
668
##
669
staticSitePVC: ""
670
## @section Traffic Exposure parameters
671
672
## NGINX Service properties
673
##
674
service:
675
## @param service.type Service type
676
##
677
type: LoadBalancer
678
## @param service.ports.http Service HTTP port
679
## @param service.ports.https Service HTTPS port
680
##
681
ports:
682
http: 80
683
https: 443
684
##
685
## @param service.nodePorts [object] Specify the nodePort(s) value(s) for the LoadBalancer and NodePort service types.
686
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
687
##
688
nodePorts:
689
http: ""
690
https: ""
691
## @param service.targetPort [object] Target port reference value for the Loadbalancer service types can be specified explicitly.
692
## Listeners for the Loadbalancer can be custom mapped to the http or https service.
693
## Example: Mapping the https listener to targetPort http [http: https]
694
##
695
targetPort:
696
http: http
697
https: https
698
## @param service.clusterIP NGINX service Cluster IP
699
## e.g.:
700
## clusterIP: None
701
##
702
clusterIP: ""
703
## @param service.loadBalancerIP LoadBalancer service IP address
704
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
705
##
706
loadBalancerIP: ""
707
## @param service.loadBalancerSourceRanges NGINX service Load Balancer sources
708
## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
709
## e.g:
710
## loadBalancerSourceRanges:
711
## - 10.10.10.0/24
712
##
713
loadBalancerSourceRanges: []
714
## @param service.loadBalancerClass service Load Balancer class if service type is `LoadBalancer` (optional, cloud specific)
715
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
716
##
717
loadBalancerClass: ""
718
## @param service.extraPorts Extra ports to expose (normally used with the `sidecar` value)
719
##
720
extraPorts: []
721
## @param service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
722
## If "ClientIP", consecutive client requests will be directed to the same Pod
723
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
724
##
725
sessionAffinity: None
726
## @param service.sessionAffinityConfig Additional settings for the sessionAffinity
727
## sessionAffinityConfig:
728
## clientIP:
729
## timeoutSeconds: 300
730
##
731
sessionAffinityConfig: {}
732
## @param service.annotations Service annotations
733
## This can be used to set the LoadBalancer service type to internal only.
734
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
735
##
736
annotations: {}
737
## @param service.externalTrafficPolicy Enable client source IP preservation
738
## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
739
##
740
externalTrafficPolicy: Cluster
741
## Network Policies
742
## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
743
##
744
networkPolicy:
745
## @param networkPolicy.enabled Specifies whether a NetworkPolicy should be created
746
##
747
enabled: true
748
## @param networkPolicy.allowExternal Don't require server label for connections
749
## The Policy model to apply. When set to false, only pods with the correct
750
## server label will have network access to the ports server is listening
751
## on. When true, server will accept connections from any source
752
## (with the correct destination port).
753
##
754
allowExternal: true
755
## @param networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
756
##
757
allowExternalEgress: true
758
## @param networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
759
## e.g:
760
## extraIngress:
761
## - ports:
762
## - port: 1234
763
## from:
764
## - podSelector:
765
## - matchLabels:
766
## - role: frontend
767
## - podSelector:
768
## - matchExpressions:
769
## - key: role
770
## operator: In
771
## values:
772
## - frontend
773
extraIngress: []
774
## @param networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy (ignored if allowExternalEgress=true)
775
## e.g:
776
## extraEgress:
777
## - ports:
778
## - port: 1234
779
## to:
780
## - podSelector:
781
## - matchLabels:
782
## - role: frontend
783
## - podSelector:
784
## - matchExpressions:
785
## - key: role
786
## operator: In
787
## values:
788
## - frontend
789
##
790
extraEgress: []
791
## @param networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces
792
## @param networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces
793
##
794
ingressNSMatchLabels: {}
795
ingressNSPodMatchLabels: {}
796
## Configure the ingress resource that allows you to access the
797
## Nginx installation. Set up the URL
798
## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/
799
##
800
ingress:
801
## @param ingress.enabled Set to true to enable ingress record generation
802
##
803
enabled: false
804
## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm
805
##
806
selfSigned: false
807
## @param ingress.pathType Ingress path type
808
##
809
pathType: ImplementationSpecific
810
## @param ingress.apiVersion Force Ingress API version (automatically detected if not set)
811
##
812
apiVersion: ""
813
## @param ingress.hostname Default host for the ingress resource
814
##
815
hostname: nginx.local
816
## @param ingress.path The Path to Nginx. You may need to set this to '/*' in order to use this with ALB ingress controllers.
817
##
818
path: /
819
## @param ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations.
820
## For a full list of possible ingress annotations, please see
821
## ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md
822
## Use this parameter to set the required annotations for cert-manager, see
823
## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations
824
##
825
## e.g:
826
## annotations:
827
## kubernetes.io/ingress.class: nginx
828
## cert-manager.io/cluster-issuer: cluster-issuer-name
829
##
830
annotations: {}
831
## @param ingress.ingressClassName Set the ingerssClassName on the ingress record for k8s 1.18+
832
## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster .
833
## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/
834
##
835
ingressClassName: ""
836
## @param ingress.tls Create TLS Secret
837
## TLS certificates will be retrieved from a TLS secret with name: {{- printf "%s-tls" .Values.ingress.hostname }}
838
## You can use the ingress.secrets parameter to create this TLS secret or relay on cert-manager to create it
839
##
840
tls: false
841
## @param ingress.tlsWwwPrefix Adds www subdomain to default cert
842
## Creates tls host with ingress.hostname: {{ print "www.%s" .Values.ingress.hostname }}
843
## Is enabled if "nginx.ingress.kubernetes.io/from-to-www-redirect" is "true"
844
tlsWwwPrefix: false
845
## @param ingress.extraHosts The list of additional hostnames to be covered with this ingress record.
846
## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array
847
## extraHosts:
848
## - name: nginx.local
849
## path: /
850
##
851
extraHosts: []
852
## @param ingress.extraPaths Any additional arbitrary paths that may need to be added to the ingress under the main host.
853
## For example: The ALB ingress controller requires a special rule for handling SSL redirection.
854
## extraPaths:
855
## - path: /*
856
## backend:
857
## serviceName: ssl-redirect
858
## servicePort: use-annotation
859
##
860
extraPaths: []
861
## @param ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record.
862
## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
863
## extraTls:
864
## - hosts:
865
## - nginx.local
866
## secretName: nginx.local-tls
867
##
868
extraTls: []
869
## @param ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets
870
## key and certificate should start with -----BEGIN CERTIFICATE----- or
871
## -----BEGIN RSA PRIVATE KEY-----
872
##
873
## name should line up with a tlsSecret set further up
874
## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set
875
##
876
## It is also possible to create and manage the certificates outside of this helm chart
877
## Please see README.md for more information
878
## e.g:
879
## - name: nginx.local-tls
880
## key:
881
## certificate:
882
##
883
secrets: []
884
## @param ingress.extraRules The list of additional rules to be added to this ingress record. Evaluated as a template
885
## Useful when looking for additional customization, such as using different backend
886
##
887
extraRules: []
888
## Health Ingress parameters
889
##
890
healthIngress:
891
## @param healthIngress.enabled Set to true to enable health ingress record generation
892
##
893
enabled: false
894
## @param healthIngress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm
895
##
896
selfSigned: false
897
## @param healthIngress.pathType Ingress path type
898
##
899
pathType: ImplementationSpecific
900
## @param healthIngress.hostname When the health ingress is enabled, a host pointing to this will be created
901
##
902
hostname: example.local
903
## @param healthIngress.path Default path for the ingress record
904
## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers
905
##
906
path: /
907
## @param healthIngress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations.
908
## For a full list of possible ingress annotations, please see
909
## ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md
910
## Use this parameter to set the required annotations for cert-manager, see
911
## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations
912
##
913
## e.g:
914
## annotations:
915
## kubernetes.io/ingress.class: nginx
916
## cert-manager.io/cluster-issuer: cluster-issuer-name
917
##
918
annotations: {}
919
## @param healthIngress.tls Enable TLS configuration for the hostname defined at `healthIngress.hostname` parameter
920
## TLS certificates will be retrieved from a TLS secret with name: {{- printf "%s-tls" .Values.healthIngress.hostname }}
921
## You can use the healthIngress.secrets parameter to create this TLS secret, relay on cert-manager to create it, or
922
## let the chart create self-signed certificates for you
923
##
924
tls: false
925
## @param healthIngress.extraHosts An array with additional hostname(s) to be covered with the ingress record
926
## e.g:
927
## extraHosts:
928
## - name: example.local
929
## path: /
930
##
931
extraHosts: []
932
## @param healthIngress.extraPaths An array with additional arbitrary paths that may need to be added to the ingress under the main host
933
## e.g:
934
## extraPaths:
935
## - path: /*
936
## backend:
937
## serviceName: ssl-redirect
938
## servicePort: use-annotation
939
##
940
extraPaths: []
941
## @param healthIngress.extraTls TLS configuration for additional hostnames to be covered
942
## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
943
## E.g.
944
## extraTls:
945
## - hosts:
946
## - example.local
947
## secretName: example.local-tls
948
##
949
extraTls: []
950
## @param healthIngress.secrets TLS Secret configuration
951
## If you're providing your own certificates, please use this to add the certificates as secrets
952
## key and certificate should start with -----BEGIN CERTIFICATE----- or -----BEGIN RSA PRIVATE KEY-----
953
## name should line up with a secretName set further up
954
## If it is not set and you're using cert-manager, this is unneeded, as it will create the secret for you
955
## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created
956
## It is also possible to create and manage the certificates outside of this helm chart
957
## Please see README.md for more information
958
##
959
## E.g.
960
## secrets:
961
## - name: example.local-tls
962
## key:
963
## certificate:
964
##
965
secrets: []
966
## @param healthIngress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+)
967
## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster .
968
## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/
969
##
970
ingressClassName: ""
971
## @param healthIngress.extraRules The list of additional rules to be added to this ingress record. Evaluated as a template
972
## Useful when looking for additional customization, such as using different backend
973
##
974
extraRules: []
975
## @section Metrics parameters
976
977
## Prometheus Exporter / Metrics
978
##
979
metrics:
980
## @param metrics.enabled Start a Prometheus exporter sidecar container
981
##
982
enabled: false
983
## Iamguarded NGINX Prometheus Exporter image
984
## @param metrics.image.registry [default: REGISTRY_NAME] NGINX Prometheus exporter image registry
985
## @param metrics.image.repository [default: REPOSITORY_NAME/nginx-exporter] NGINX Prometheus exporter image repository
986
## @skip metrics.image.tag NGINX Prometheus exporter image tag (immutable tags are recommended)
987
## @param metrics.image.digest NGINX Prometheus exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
988
## @param metrics.image.pullPolicy NGINX Prometheus exporter image pull policy
989
## @param metrics.image.pullSecrets Specify docker-registry secret names as an array
990
##
991
image:
992
registry: cgr.dev
993
repository: chainguard-private/nginx-prometheus-exporter-iamguarded
994
tag: 1.5.1
995
digest: ""
996
pullPolicy: IfNotPresent
997
## Optionally specify an array of imagePullSecrets.
998
## Secrets must be manually created in the namespace.
999
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
1000
## e.g:
1001
## pullSecrets:
1002
## - myRegistryKeySecretName
1003
##
1004
pullSecrets: []
1005
## @param metrics.port NGINX Container Status Port scraped by Prometheus Exporter
1006
## Defaults to specified http port
1007
##
1008
port: ""
1009
## @param metrics.extraArgs Extra arguments for Prometheus exporter
1010
## e.g:
1011
## extraArgs:
1012
## - --nginx.timeout
1013
## - 5s
1014
##
1015
extraArgs: []
1016
## @param metrics.containerPorts.metrics Prometheus exporter container port
1017
##
1018
containerPorts:
1019
metrics: 9113
1020
## @param metrics.podAnnotations Additional annotations for NGINX Prometheus exporter pod(s)
1021
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
1022
##
1023
podAnnotations: {}
1024
## Container Security Context
1025
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
1026
## @param metrics.securityContext.enabled Enabled NGINX Exporter containers' Security Context
1027
## @param metrics.securityContext.seLinuxOptions [object,nullable] Set SELinux options in container
1028
## @param metrics.securityContext.runAsUser Set NGINX Exporter container's Security Context runAsUser
1029
##
1030
securityContext:
1031
enabled: false
1032
seLinuxOptions: {}
1033
runAsUser: 1001
1034
## Prometheus exporter service parameters
1035
##
1036
service:
1037
## @param metrics.service.port NGINX Prometheus exporter service port
1038
##
1039
port: 9113
1040
## @param metrics.service.annotations [object] Annotations for the Prometheus exporter service
1041
##
1042
annotations:
1043
prometheus.io/scrape: "true"
1044
prometheus.io/port: "{{ .Values.metrics.service.port }}"
1045
## NGINX Prometheus exporter resource requests and limits
1046
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
1047
## We usually recommend not to specify default resources and to leave this as a conscious
1048
## choice for the user. This also increases chances charts run on environments with little
1049
## resources, such as Minikube. If you do want to specify resources, uncomment the following
1050
## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
1051
## @param metrics.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if metrics.resources is set (metrics.resources is recommended for production).
1052
##
1053
resourcesPreset: "nano"
1054
## @param metrics.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
1055
## Example:
1056
## resources:
1057
## requests:
1058
## cpu: 2
1059
## memory: 512Mi
1060
## limits:
1061
## cpu: 3
1062
## memory: 1024Mi
1063
##
1064
resources: {}
1065
## Prometheus Operator ServiceMonitor configuration
1066
##
1067
serviceMonitor:
1068
## @param metrics.serviceMonitor.enabled Creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`)
1069
##
1070
enabled: false
1071
## @param metrics.serviceMonitor.namespace Namespace in which Prometheus is running
1072
##
1073
namespace: ""
1074
## @param metrics.serviceMonitor.tlsConfig [object] TLS configuration used for scrape endpoints used by Prometheus
1075
##
1076
tlsConfig: {}
1077
## @param metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus.
1078
##
1079
jobLabel: ""
1080
## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped.
1081
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
1082
## e.g:
1083
## interval: 10s
1084
##
1085
interval: ""
1086
## @param metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended
1087
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
1088
## e.g:
1089
## scrapeTimeout: 10s
1090
##
1091
scrapeTimeout: ""
1092
## @param metrics.serviceMonitor.selector Prometheus instance selector labels
1093
##
1094
## selector:
1095
## prometheus: my-prometheus
1096
##
1097
selector: {}
1098
## @param metrics.serviceMonitor.labels Additional labels that can be used so PodMonitor will be discovered by Prometheus
1099
##
1100
labels: {}
1101
## @param metrics.serviceMonitor.relabelings RelabelConfigs to apply to samples before scraping
1102
##
1103
relabelings: []
1104
## @param metrics.serviceMonitor.metricRelabelings MetricRelabelConfigs to apply to samples before ingestion
1105
##
1106
metricRelabelings: []
1107
## @param metrics.serviceMonitor.honorLabels honorLabels chooses the metric's labels on collisions with target labels
1108
##
1109
honorLabels: false
1110
## Prometheus Operator PrometheusRule configuration
1111
##
1112
prometheusRule:
1113
## @param metrics.prometheusRule.enabled if `true`, creates a Prometheus Operator PrometheusRule (also requires `metrics.enabled` to be `true` and `metrics.prometheusRule.rules`)
1114
##
1115
enabled: false
1116
## @param metrics.prometheusRule.namespace Namespace for the PrometheusRule Resource (defaults to the Release Namespace)
1117
##
1118
namespace: ""
1119
## @param metrics.prometheusRule.additionalLabels Additional labels that can be used so PrometheusRule will be discovered by Prometheus
1120
##
1121
additionalLabels: {}
1122
## @param metrics.prometheusRule.rules Prometheus Rule definitions
1123
## - alert: LowInstance
1124
## expr: up{service="{{ template "common.names.fullname" . }}"} < 1
1125
## for: 1m
1126
## labels:
1127
## severity: critical
1128
## annotations:
1129
## description: Service {{ template "common.names.fullname" . }} Tomcat is down since 1m.
1130
## summary: Tomcat instance is down.
1131
##
1132
rules: []
1133
## @param metrics.customLivenessProbe Override default metrics liveness probe
1134
##
1135
customLivenessProbe: {}
1136
## NGINX metrics containers' liveness probe.
1137
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
1138
## @param metrics.livenessProbe.enabled Enable livenessProbe
1139
## @param metrics.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
1140
## @param metrics.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
1141
## @param metrics.livenessProbe.periodSeconds Period seconds for livenessProbe
1142
## @param metrics.livenessProbe.failureThreshold Failure threshold for livenessProbe
1143
## @param metrics.livenessProbe.successThreshold Success threshold for livenessProbe
1144
##
1145
livenessProbe:
1146
enabled: true
1147
initialDelaySeconds: 30
1148
timeoutSeconds: 5
1149
periodSeconds: 10
1150
failureThreshold: 2
1151
successThreshold: 1
1152
## @param metrics.customReadinessProbe Override default metrics readiness probe
1153
##
1154
customReadinessProbe: {}
1155
## NGINX metrics containers' readiness probe.
1156
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
1157
## @param metrics.readinessProbe.enabled Enable readinessProbe
1158
## @param metrics.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
1159
## @param metrics.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
1160
## @param metrics.readinessProbe.periodSeconds Period seconds for readinessProbe
1161
## @param metrics.readinessProbe.failureThreshold Failure threshold for readinessProbe
1162
## @param metrics.readinessProbe.successThreshold Success threshold for readinessProbe
1163
1164
##
1165
readinessProbe:
1166
enabled: true
1167
initialDelaySeconds: 5
1168
timeoutSeconds: 3
1169
periodSeconds: 30
1170
failureThreshold: 2
1171
successThreshold: 1
1172
## @param metrics.customStartupProbe Override default metrics startup probe
1173
##
1174
customStartupProbe: {}
1175
## NGINX metrics containers' startup probe.
1176
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
1177
## @param metrics.startupProbe.enabled Enable startupProbe
1178
## @param metrics.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
1179
## @param metrics.startupProbe.timeoutSeconds Timeout seconds for startupProbe
1180
## @param metrics.startupProbe.periodSeconds Period seconds for startupProbe
1181
## @param metrics.startupProbe.failureThreshold Failure threshold for startupProbe
1182
## @param metrics.startupProbe.successThreshold Success threshold for startupProbe
1183
1184
##
1185
startupProbe:
1186
enabled: false
1187
initialDelaySeconds: 5
1188
timeoutSeconds: 3
1189
periodSeconds: 5
1190
failureThreshold: 10
1191
successThreshold: 1
1192
The trusted source for open source
Talk to an expertCustomers
© 2026 Chainguard, Inc. All Rights Reserved.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.