From e59a5bd62b308d4e6bbddfe0a941c49bdba1b282 Mon Sep 17 00:00:00 2001 From: Darren Shepherd Date: Wed, 21 Apr 2021 12:53:31 -0700 Subject: [PATCH] Switch to new helm chart structure for rke2 --- channels-rke2.yaml | 703 +-------------------------------------------- data/data.json | 20 +- 2 files changed, 30 insertions(+), 693 deletions(-) diff --git a/channels-rke2.yaml b/channels-rke2.yaml index cb4505445..9b046879e 100644 --- a/channels-rke2.yaml +++ b/channels-rke2.yaml @@ -8,696 +8,19 @@ releases: - version: v1.20.5+rke2r1 minChannelServerVersion: v2.5.6-rc1 maxChannelServerVersion: v2.5.99 - chartValues: - rke2-ingress: | - ## nginx configuration - ## Ref: https://github.com/kubernetes/ingress/blob/master/controllers/nginx/configuration.md - ## - controller: - name: controller - image: - pullPolicy: IfNotPresent - # www-data -> uid 101 - runAsUser: 101 - allowPrivilegeEscalation: true - - # This will fix the issue of HPA not being able to read the metrics. - # Note that if you enable it for existing deployments, it won't work as the labels are immutable. - # We recommend setting this to true for new deployments. - useComponentLabel: false - - # Configures the ports the nginx-controller listens on - containerPort: - http: 80 - https: 443 - - # Will add custom configuration options to Nginx https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/ - config: {} - - # Maxmind license key to download GeoLite2 Databases - # https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-geolite2-databases - maxmindLicenseKey: "" - - # Will add custom headers before sending traffic to backends according to https://github.com/kubernetes/ingress-nginx/tree/master/docs/examples/customization/custom-headers - proxySetHeaders: {} - - # Will add custom headers before sending response traffic to the client according to: https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#add-headers - addHeaders: {} - - # Required for use with CNI based kubernetes installations (such as ones set up by kubeadm), - # since CNI and hostport don't mix yet. Can be deprecated once https://github.com/kubernetes/kubernetes/issues/23920 - # is merged - hostNetwork: true - - # Optionally customize the pod dnsConfig. - dnsConfig: {} - - # Optionally change this to ClusterFirstWithHostNet in case you have 'hostNetwork: true'. - # By default, while using host network, name resolution uses the host's DNS. If you wish nginx-controller - # to keep resolving names inside the k8s network, use ClusterFirstWithHostNet. - dnsPolicy: ClusterFirstWithHostNet - - # Bare-metal considerations via the host network https://kubernetes.github.io/ingress-nginx/deploy/baremetal/#via-the-host-network - # Ingress status was blank because there is no Service exposing the NGINX Ingress controller in a configuration using the host network, the default --publish-service flag used in standard cloud setups does not apply - reportNodeInternalIp: false - - ## Use host ports 80 and 443 - daemonset: - useHostPort: false - - hostPorts: - http: 80 - https: 443 - - ## Required only if defaultBackend.enabled = false - ## Must be / - ## - defaultBackendService: "" - - ## Election ID to use for status update - ## - electionID: ingress-controller-leader - - ## Name of the ingress class to route through this controller - ## - ingressClass: nginx - - # labels to add to the deployment metadata - deploymentLabels: {} - - # labels to add to the pod container metadata - podLabels: {} - # key: value - - ## Security Context policies for controller pods - ## See https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ for - ## notes on enabling and using sysctls - ## - podSecurityContext: {} - - ## Allows customization of the external service - ## the ingress will be bound to via DNS - publishService: - enabled: false - ## Allows overriding of the publish service to bind to - ## Must be / - ## - pathOverride: "" - - ## Limit the scope of the controller - ## - scope: - enabled: false - namespace: "" # defaults to .Release.Namespace - - ## Allows customization of the configmap / nginx-configmap namespace - ## - configMapNamespace: "" # defaults to .Release.Namespace - - ## Allows customization of the tcp-services-configmap namespace - ## - tcp: - configMapNamespace: "" # defaults to .Release.Namespace - - ## Allows customization of the udp-services-configmap namespace - ## - udp: - configMapNamespace: "" # defaults to .Release.Namespace - - ## Additional command line arguments to pass to nginx-ingress-controller - ## E.g. to specify the default SSL certificate you can use - ## extraArgs: - ## default-ssl-certificate: "/" - extraArgs: {} - - ## Additional environment variables to set - extraEnvs: [] - # extraEnvs: - # - name: FOO - # valueFrom: - # secretKeyRef: - # key: FOO - # name: secret-resource - - ## DaemonSet or Deployment - ## - kind: Deployment - - ## Annotations to be added to the controller deployment - ## - deploymentAnnotations: {} - - # The update strategy to apply to the Deployment or DaemonSet - ## - updateStrategy: {} - # rollingUpdate: - # maxUnavailable: 1 - # type: RollingUpdate - - # minReadySeconds to avoid killing pods before we are ready - ## - minReadySeconds: 0 - - - ## Node tolerations for server scheduling to nodes with taints - ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - ## - tolerations: [] - # - key: "key" - # operator: "Equal|Exists" - # value: "value" - # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)" - - ## Affinity and anti-affinity - ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## - affinity: {} - # # An example of preferred pod anti-affinity, weight is in the range 1-100 - # podAntiAffinity: - # preferredDuringSchedulingIgnoredDuringExecution: - # - weight: 100 - # podAffinityTerm: - # labelSelector: - # matchExpressions: - # - key: app - # operator: In - # values: - # - nginx-ingress - # topologyKey: kubernetes.io/hostname - - # # An example of required pod anti-affinity - # podAntiAffinity: - # requiredDuringSchedulingIgnoredDuringExecution: - # - labelSelector: - # matchExpressions: - # - key: app - # operator: In - # values: - # - nginx-ingress - # topologyKey: "kubernetes.io/hostname" - - ## terminationGracePeriodSeconds - ## - terminationGracePeriodSeconds: 60 - - ## Node labels for controller pod assignment - ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ - ## - nodeSelector: {} - - ## Liveness and readiness probe values - ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes - ## - livenessProbe: - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - port: 10254 - readinessProbe: - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - port: 10254 - - ## Annotations to be added to controller pods - ## - podAnnotations: {} - - replicaCount: 1 - - minAvailable: 1 - - resources: {} - # limits: - # cpu: 100m - # memory: 64Mi - # requests: - # cpu: 100m - # memory: 64Mi - - autoscaling: - enabled: false - minReplicas: 2 - maxReplicas: 11 - targetCPUUtilizationPercentage: 50 - targetMemoryUtilizationPercentage: 50 - - ## Override NGINX template - customTemplate: - configMapName: "" - configMapKey: "" - - service: - enabled: false - - annotations: {} - labels: {} - ## Deprecated, instead simply do not provide a clusterIP value - omitClusterIP: false - # clusterIP: "" - - ## List of IP addresses at which the controller services are available - ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips - ## - externalIPs: [] - - loadBalancerIP: "" - loadBalancerSourceRanges: [] - - enableHttp: true - enableHttps: true - - ## Set external traffic policy to: "Local" to preserve source IP on - ## providers supporting it - ## Ref: https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-typeloadbalancer - externalTrafficPolicy: "" - - # Must be either "None" or "ClientIP" if set. Kubernetes will default to "None". - # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - sessionAffinity: "" - - healthCheckNodePort: 0 - - ports: - http: 80 - https: 443 - - targetPorts: - http: http - https: https - - type: LoadBalancer - - # type: NodePort - # nodePorts: - # http: 32080 - # https: 32443 - # tcp: - # 8080: 32808 - nodePorts: - http: "" - https: "" - tcp: {} - udp: {} - - extraContainers: [] - ## Additional containers to be added to the controller pod. - ## See https://github.com/lemonldap-ng-controller/lemonldap-ng-controller as example. - # - name: my-sidecar - # image: nginx:latest - # - name: lemonldap-ng-controller - # image: lemonldapng/lemonldap-ng-controller:0.2.0 - # args: - # - /lemonldap-ng-controller - # - --alsologtostderr - # - --configmap=$(POD_NAMESPACE)/lemonldap-ng-configuration - # env: - # - name: POD_NAME - # valueFrom: - # fieldRef: - # fieldPath: metadata.name - # - name: POD_NAMESPACE - # valueFrom: - # fieldRef: - # fieldPath: metadata.namespace - # volumeMounts: - # - name: copy-portal-skins - # mountPath: /srv/var/lib/lemonldap-ng/portal/skins - - extraVolumeMounts: [] - ## Additional volumeMounts to the controller main container. - # - name: copy-portal-skins - # mountPath: /var/lib/lemonldap-ng/portal/skins - - extraVolumes: [] - ## Additional volumes to the controller pod. - # - name: copy-portal-skins - # emptyDir: {} - - extraInitContainers: [] - ## Containers, which are run before the app containers are started. - # - name: init-myservice - # image: busybox - # command: ['sh', '-c', 'until nslookup myservice; do echo waiting for myservice; sleep 2; done;'] - - admissionWebhooks: - enabled: false - failurePolicy: Fail - port: 8443 - - service: - annotations: {} - ## Deprecated, instead simply do not provide a clusterIP value - omitClusterIP: false - # clusterIP: "" - externalIPs: [] - loadBalancerIP: "" - loadBalancerSourceRanges: [] - servicePort: 443 - type: ClusterIP - - patch: - enabled: true - image: - repository: jettech/kube-webhook-certgen - tag: v1.0.0 - pullPolicy: IfNotPresent - ## Provide a priority class name to the webhook patching job - ## - priorityClassName: "" - podAnnotations: {} - nodeSelector: {} - - metrics: - port: 10254 - # if this port is changed, change healthz-port: in extraArgs: accordingly - enabled: false - - service: - annotations: {} - # prometheus.io/scrape: "true" - # prometheus.io/port: "10254" - - ## Deprecated, instead simply do not provide a clusterIP value - omitClusterIP: false - # clusterIP: "" - - ## List of IP addresses at which the stats-exporter service is available - ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips - ## - externalIPs: [] - - loadBalancerIP: "" - loadBalancerSourceRanges: [] - servicePort: 9913 - type: ClusterIP - - serviceMonitor: - enabled: false - additionalLabels: {} - namespace: "" - namespaceSelector: {} - # Default: scrape .Release.Namespace only - # To scrape all, use the following: - # namespaceSelector: - # any: true - scrapeInterval: 30s - # honorLabels: true - - prometheusRule: - enabled: false - additionalLabels: {} - namespace: "" - rules: [] - # # These are just examples rules, please adapt them to your needs - # - alert: TooMany500s - # expr: 100 * ( sum( nginx_ingress_controller_requests{status=~"5.+"} ) / sum(nginx_ingress_controller_requests) ) > 5 - # for: 1m - # labels: - # severity: critical - # annotations: - # description: Too many 5XXs - # summary: More than 5% of the all requests did return 5XX, this require your attention - # - alert: TooMany400s - # expr: 100 * ( sum( nginx_ingress_controller_requests{status=~"4.+"} ) / sum(nginx_ingress_controller_requests) ) > 5 - # for: 1m - # labels: - # severity: critical - # annotations: - # description: Too many 4XXs - # summary: More than 5% of the all requests did return 4XX, this require your attention - - - lifecycle: {} - - priorityClassName: "" - - ## Rollback limit - ## - revisionHistoryLimit: 10 - - ## Default 404 backend - ## - defaultBackend: - - ## If false, controller.defaultBackendService must be provided - ## - enabled: true - - name: default-backend - image: - repository: rancher/nginx-ingress-controller-defaultbackend - tag: "1.5-rancher1" - pullPolicy: IfNotPresent - # nobody user -> uid 65534 - runAsUser: 65534 - - # This will fix the issue of HPA not being able to read the metrics. - # Note that if you enable it for existing deployments, it won't work as the labels are immutable. - # We recommend setting this to true for new deployments. - useComponentLabel: false - - extraArgs: {} - - serviceAccount: - create: true - name: - ## Additional environment variables to set for defaultBackend pods - extraEnvs: [] - - port: 8080 - - ## Readiness and liveness probes for default backend - ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ - ## - livenessProbe: - failureThreshold: 3 - initialDelaySeconds: 30 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - readinessProbe: - failureThreshold: 6 - initialDelaySeconds: 0 - periodSeconds: 5 - successThreshold: 1 - timeoutSeconds: 5 - - ## Node tolerations for server scheduling to nodes with taints - ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - ## - tolerations: [] - # - key: "key" - # operator: "Equal|Exists" - # value: "value" - # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)" - - affinity: {} - - ## Security Context policies for controller pods - ## See https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ for - ## notes on enabling and using sysctls - ## - podSecurityContext: {} - - # labels to add to the deployment metadata - deploymentLabels: {} - - # labels to add to the pod container metadata - podLabels: {} - # key: value - - ## Node labels for default backend pod assignment - ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ - ## - nodeSelector: {} - - ## Annotations to be added to default backend pods - ## - podAnnotations: {} - - replicaCount: 1 - - minAvailable: 1 - - resources: {} - # limits: - # cpu: 10m - # memory: 20Mi - # requests: - # cpu: 10m - # memory: 20Mi - - service: - annotations: {} - ## Deprecated, instead simply do not provide a clusterIP value - omitClusterIP: false - # clusterIP: "" - - ## List of IP addresses at which the default backend service is available - ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips - ## - externalIPs: [] - - loadBalancerIP: "" - loadBalancerSourceRanges: [] - servicePort: 80 - type: ClusterIP - - priorityClassName: "" - - # If provided, the value will be used as the `release` label instead of .Release.Name - releaseLabelOverride: "" - - ## Enable RBAC as per https://github.com/kubernetes/ingress/tree/master/examples/rbac/nginx and https://github.com/kubernetes/ingress/issues/266 - rbac: - create: true - scope: false - - # If true, create & use Pod Security Policy resources - # https://kubernetes.io/docs/concepts/policy/pod-security-policy/ - podSecurityPolicy: - enabled: false - - serviceAccount: - create: true - name: - - ## Optional array of imagePullSecrets containing private registry credentials - ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - imagePullSecrets: [] - # - name: secretName - - # TCP service key:value pairs - # Ref: https://github.com/kubernetes/contrib/tree/master/ingress/controllers/nginx/examples/tcp - ## - tcp: {} - # 8080: "default/example-tcp-svc:9000" - - # UDP service key:value pairs - # Ref: https://github.com/kubernetes/contrib/tree/master/ingress/controllers/nginx/examples/udp - ## - udp: {} - # 53: "kube-system/kube-dns:53" - - global: - systemDefaultRegistry: "" - canal: | - rbac: - # Specifies whether RBAC resources should be created - create: true - pspEnabled: false - - serviceAccount: - # Specifies whether a ServiceAccount should be created - create: true - # The name of the ServiceAccount to use. - # If not set and create is true, a name is generated using the fullname template - name: - - apiService: - # Specifies if the v1beta1.metrics.k8s.io API service should be created. - # - # You typically want this enabled! If you disable API service creation you have to - # manage it outside of this chart for e.g horizontal pod autoscaling to - # work with this release. - create: true - - hostNetwork: - # Specifies if metrics-server should be started in hostNetwork mode. - # - # You would require this enabled if you use alternate overlay networking for pods and - # API server unable to communicate with metrics-server. As an example, this is required - # if you use Weave network on EKS - enabled: false - - image: - pullPolicy: IfNotPresent - - imagePullSecrets: [] - # - registrySecretName - - args: - # enable this if you have self-signed certificates, see: https://github.com/kubernetes-incubator/metrics-server - # - --kubelet-insecure-tls - - --kubelet-preferred-address-types=InternalIP - - resources: {} - - nodeSelector: {} - - tolerations: [] - - affinity: {} - - replicas: 1 - - extraContainers: [] - - podLabels: {} - - podAnnotations: {} - # The following annotations guarantee scheduling for critical add-on pods. - # See more at: https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/ - # scheduler.alpha.kubernetes.io/critical-pod: '' - - ## Set a pod priorityClassName - priorityClassName: system-node-critical - - extraVolumeMounts: [] - # - name: secrets - # mountPath: /etc/kubernetes/secrets - # readOnly: true - - extraVolumes: [] - # - name: secrets - # secret: - # secretName: kube-apiserver - - livenessProbe: - httpGet: - path: /healthz - port: https - scheme: HTTPS - initialDelaySeconds: 20 - - readinessProbe: - httpGet: - path: /healthz - port: https - scheme: HTTPS - initialDelaySeconds: 20 - - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: ["all"] - readOnlyRootFilesystem: true - runAsGroup: 10001 - runAsNonRoot: true - runAsUser: 10001 - - service: - annotations: {} - labels: {} - # Add these labels to have metrics-server show up in `kubectl cluster-info` - # kubernetes.io/cluster-service: "true" - # kubernetes.io/name: "Metrics-server" - port: 443 - type: ClusterIP - - podDisruptionBudget: - # https://kubernetes.io/docs/tasks/run-application/configure-pdb/ - enabled: false - minAvailable: - maxUnavailable: - - global: - systemDefaultRegistry: "" + charts: + rke2-canal: + version: v3.13.300-build2021022302 + repo: rke2-charts + rke2-coredns: + version: 1.10.101-build2021022301 + repo: rke2-charts + rke2-ingress-nginx: + version: v1.20.5-build2021031801 + repo: rke2-charts + rke2-metrics-server: + version: 2.11.100-build2021022300 + repo: rke2-charts serverArgs: cni: type: array diff --git a/data/data.json b/data/data.json index 21a986b42..31ea3bfb8 100644 --- a/data/data.json +++ b/data/data.json @@ -8969,9 +8969,23 @@ "type": "string" } }, - "chartValues": { - "canal": "rbac:\n # Specifies whether RBAC resources should be created\n create: true\n pspEnabled: false\n\nserviceAccount:\n # Specifies whether a ServiceAccount should be created\n create: true\n # The name of the ServiceAccount to use.\n # If not set and create is true, a name is generated using the fullname template\n name:\n\napiService:\n # Specifies if the v1beta1.metrics.k8s.io API service should be created.\n #\n # You typically want this enabled! If you disable API service creation you have to\n # manage it outside of this chart for e.g horizontal pod autoscaling to\n # work with this release.\n create: true\n\nhostNetwork:\n # Specifies if metrics-server should be started in hostNetwork mode.\n #\n # You would require this enabled if you use alternate overlay networking for pods and\n # API server unable to communicate with metrics-server. As an example, this is required\n # if you use Weave network on EKS\n enabled: false\n\nimage:\n pullPolicy: IfNotPresent\n\nimagePullSecrets: []\n# - registrySecretName\n\nargs:\n# enable this if you have self-signed certificates, see: https://github.com/kubernetes-incubator/metrics-server\n# - --kubelet-insecure-tls\n - --kubelet-preferred-address-types=InternalIP\n\nresources: {}\n\nnodeSelector: {}\n\ntolerations: []\n\naffinity: {}\n\nreplicas: 1\n\nextraContainers: []\n\npodLabels: {}\n\npodAnnotations: {}\n# The following annotations guarantee scheduling for critical add-on pods.\n# See more at: https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/\n# scheduler.alpha.kubernetes.io/critical-pod: ''\n\n## Set a pod priorityClassName\npriorityClassName: system-node-critical\n\nextraVolumeMounts: []\n# - name: secrets\n# mountPath: /etc/kubernetes/secrets\n# readOnly: true\n\nextraVolumes: []\n# - name: secrets\n# secret:\n# secretName: kube-apiserver\n\nlivenessProbe:\n httpGet:\n path: /healthz\n port: https\n scheme: HTTPS\n initialDelaySeconds: 20\n\nreadinessProbe:\n httpGet:\n path: /healthz\n port: https\n scheme: HTTPS\n initialDelaySeconds: 20\n\nsecurityContext:\n allowPrivilegeEscalation: false\n capabilities:\n drop: [\"all\"]\n readOnlyRootFilesystem: true\n runAsGroup: 10001\n runAsNonRoot: true\n runAsUser: 10001\n\nservice:\n annotations: {}\n labels: {}\n # Add these labels to have metrics-server show up in `kubectl cluster-info`\n # kubernetes.io/cluster-service: \"true\"\n # kubernetes.io/name: \"Metrics-server\"\n port: 443\n type: ClusterIP\n\npodDisruptionBudget:\n # https://kubernetes.io/docs/tasks/run-application/configure-pdb/\n enabled: false\n minAvailable:\n maxUnavailable:\n\nglobal:\n systemDefaultRegistry: \"\"\n", - "rke2-ingress": "## nginx configuration\n## Ref: https://github.com/kubernetes/ingress/blob/master/controllers/nginx/configuration.md\n##\ncontroller:\n name: controller\n image:\n pullPolicy: IfNotPresent\n # www-data -\u003e uid 101\n runAsUser: 101\n allowPrivilegeEscalation: true\n\n # This will fix the issue of HPA not being able to read the metrics.\n # Note that if you enable it for existing deployments, it won't work as the labels are immutable.\n # We recommend setting this to true for new deployments.\n useComponentLabel: false\n\n # Configures the ports the nginx-controller listens on\n containerPort:\n http: 80\n https: 443\n\n # Will add custom configuration options to Nginx https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/\n config: {}\n\n # Maxmind license key to download GeoLite2 Databases\n # https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-geolite2-databases\n maxmindLicenseKey: \"\"\n\n # Will add custom headers before sending traffic to backends according to https://github.com/kubernetes/ingress-nginx/tree/master/docs/examples/customization/custom-headers\n proxySetHeaders: {}\n\n # Will add custom headers before sending response traffic to the client according to: https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#add-headers\n addHeaders: {}\n\n # Required for use with CNI based kubernetes installations (such as ones set up by kubeadm),\n # since CNI and hostport don't mix yet. Can be deprecated once https://github.com/kubernetes/kubernetes/issues/23920\n # is merged\n hostNetwork: true\n\n # Optionally customize the pod dnsConfig.\n dnsConfig: {}\n\n # Optionally change this to ClusterFirstWithHostNet in case you have 'hostNetwork: true'.\n # By default, while using host network, name resolution uses the host's DNS. If you wish nginx-controller\n # to keep resolving names inside the k8s network, use ClusterFirstWithHostNet.\n dnsPolicy: ClusterFirstWithHostNet\n\n # Bare-metal considerations via the host network https://kubernetes.github.io/ingress-nginx/deploy/baremetal/#via-the-host-network\n # Ingress status was blank because there is no Service exposing the NGINX Ingress controller in a configuration using the host network, the default --publish-service flag used in standard cloud setups does not apply\n reportNodeInternalIp: false\n\n ## Use host ports 80 and 443\n daemonset:\n useHostPort: false\n\n hostPorts:\n http: 80\n https: 443\n\n ## Required only if defaultBackend.enabled = false\n ## Must be \u003cnamespace\u003e/\u003cservice_name\u003e\n ##\n defaultBackendService: \"\"\n\n ## Election ID to use for status update\n ##\n electionID: ingress-controller-leader\n\n ## Name of the ingress class to route through this controller\n ##\n ingressClass: nginx\n\n # labels to add to the deployment metadata\n deploymentLabels: {}\n\n # labels to add to the pod container metadata\n podLabels: {}\n # key: value\n\n ## Security Context policies for controller pods\n ## See https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ for\n ## notes on enabling and using sysctls\n ##\n podSecurityContext: {}\n\n ## Allows customization of the external service\n ## the ingress will be bound to via DNS\n publishService:\n enabled: false\n ## Allows overriding of the publish service to bind to\n ## Must be \u003cnamespace\u003e/\u003cservice_name\u003e\n ##\n pathOverride: \"\"\n\n ## Limit the scope of the controller\n ##\n scope:\n enabled: false\n namespace: \"\" # defaults to .Release.Namespace\n\n ## Allows customization of the configmap / nginx-configmap namespace\n ##\n configMapNamespace: \"\" # defaults to .Release.Namespace\n\n ## Allows customization of the tcp-services-configmap namespace\n ##\n tcp:\n configMapNamespace: \"\" # defaults to .Release.Namespace\n\n ## Allows customization of the udp-services-configmap namespace\n ##\n udp:\n configMapNamespace: \"\" # defaults to .Release.Namespace\n\n ## Additional command line arguments to pass to nginx-ingress-controller\n ## E.g. to specify the default SSL certificate you can use\n ## extraArgs:\n ## default-ssl-certificate: \"\u003cnamespace\u003e/\u003csecret_name\u003e\"\n extraArgs: {}\n\n ## Additional environment variables to set\n extraEnvs: []\n # extraEnvs:\n # - name: FOO\n # valueFrom:\n # secretKeyRef:\n # key: FOO\n # name: secret-resource\n\n ## DaemonSet or Deployment\n ##\n kind: Deployment\n\n ## Annotations to be added to the controller deployment\n ##\n deploymentAnnotations: {}\n\n # The update strategy to apply to the Deployment or DaemonSet\n ##\n updateStrategy: {}\n # rollingUpdate:\n # maxUnavailable: 1\n # type: RollingUpdate\n\n # minReadySeconds to avoid killing pods before we are ready\n ##\n minReadySeconds: 0\n\n\n ## Node tolerations for server scheduling to nodes with taints\n ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/\n ##\n tolerations: []\n # - key: \"key\"\n # operator: \"Equal|Exists\"\n # value: \"value\"\n # effect: \"NoSchedule|PreferNoSchedule|NoExecute(1.6 only)\"\n\n ## Affinity and anti-affinity\n ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity\n ##\n affinity: {}\n # # An example of preferred pod anti-affinity, weight is in the range 1-100\n # podAntiAffinity:\n # preferredDuringSchedulingIgnoredDuringExecution:\n # - weight: 100\n # podAffinityTerm:\n # labelSelector:\n # matchExpressions:\n # - key: app\n # operator: In\n # values:\n # - nginx-ingress\n # topologyKey: kubernetes.io/hostname\n\n # # An example of required pod anti-affinity\n # podAntiAffinity:\n # requiredDuringSchedulingIgnoredDuringExecution:\n # - labelSelector:\n # matchExpressions:\n # - key: app\n # operator: In\n # values:\n # - nginx-ingress\n # topologyKey: \"kubernetes.io/hostname\"\n\n ## terminationGracePeriodSeconds\n ##\n terminationGracePeriodSeconds: 60\n\n ## Node labels for controller pod assignment\n ## Ref: https://kubernetes.io/docs/user-guide/node-selection/\n ##\n nodeSelector: {}\n\n ## Liveness and readiness probe values\n ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes\n ##\n livenessProbe:\n failureThreshold: 3\n initialDelaySeconds: 10\n periodSeconds: 10\n successThreshold: 1\n timeoutSeconds: 1\n port: 10254\n readinessProbe:\n failureThreshold: 3\n initialDelaySeconds: 10\n periodSeconds: 10\n successThreshold: 1\n timeoutSeconds: 1\n port: 10254\n\n ## Annotations to be added to controller pods\n ##\n podAnnotations: {}\n\n replicaCount: 1\n\n minAvailable: 1\n\n resources: {}\n # limits:\n # cpu: 100m\n # memory: 64Mi\n # requests:\n # cpu: 100m\n # memory: 64Mi\n\n autoscaling:\n enabled: false\n minReplicas: 2\n maxReplicas: 11\n targetCPUUtilizationPercentage: 50\n targetMemoryUtilizationPercentage: 50\n\n ## Override NGINX template\n customTemplate:\n configMapName: \"\"\n configMapKey: \"\"\n\n service:\n enabled: false\n\n annotations: {}\n labels: {}\n ## Deprecated, instead simply do not provide a clusterIP value\n omitClusterIP: false\n # clusterIP: \"\"\n\n ## List of IP addresses at which the controller services are available\n ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips\n ##\n externalIPs: []\n\n loadBalancerIP: \"\"\n loadBalancerSourceRanges: []\n\n enableHttp: true\n enableHttps: true\n\n ## Set external traffic policy to: \"Local\" to preserve source IP on\n ## providers supporting it\n ## Ref: https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-typeloadbalancer\n externalTrafficPolicy: \"\"\n\n # Must be either \"None\" or \"ClientIP\" if set. Kubernetes will default to \"None\".\n # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies\n sessionAffinity: \"\"\n\n healthCheckNodePort: 0\n\n ports:\n http: 80\n https: 443\n\n targetPorts:\n http: http\n https: https\n\n type: LoadBalancer\n\n # type: NodePort\n # nodePorts:\n # http: 32080\n # https: 32443\n # tcp:\n # 8080: 32808\n nodePorts:\n http: \"\"\n https: \"\"\n tcp: {}\n udp: {}\n\n extraContainers: []\n ## Additional containers to be added to the controller pod.\n ## See https://github.com/lemonldap-ng-controller/lemonldap-ng-controller as example.\n # - name: my-sidecar\n # image: nginx:latest\n # - name: lemonldap-ng-controller\n # image: lemonldapng/lemonldap-ng-controller:0.2.0\n # args:\n # - /lemonldap-ng-controller\n # - --alsologtostderr\n # - --configmap=$(POD_NAMESPACE)/lemonldap-ng-configuration\n # env:\n # - name: POD_NAME\n # valueFrom:\n # fieldRef:\n # fieldPath: metadata.name\n # - name: POD_NAMESPACE\n # valueFrom:\n # fieldRef:\n # fieldPath: metadata.namespace\n # volumeMounts:\n # - name: copy-portal-skins\n # mountPath: /srv/var/lib/lemonldap-ng/portal/skins\n\n extraVolumeMounts: []\n ## Additional volumeMounts to the controller main container.\n # - name: copy-portal-skins\n # mountPath: /var/lib/lemonldap-ng/portal/skins\n\n extraVolumes: []\n ## Additional volumes to the controller pod.\n # - name: copy-portal-skins\n # emptyDir: {}\n\n extraInitContainers: []\n ## Containers, which are run before the app containers are started.\n # - name: init-myservice\n # image: busybox\n # command: ['sh', '-c', 'until nslookup myservice; do echo waiting for myservice; sleep 2; done;']\n\n admissionWebhooks:\n enabled: false\n failurePolicy: Fail\n port: 8443\n\n service:\n annotations: {}\n ## Deprecated, instead simply do not provide a clusterIP value\n omitClusterIP: false\n # clusterIP: \"\"\n externalIPs: []\n loadBalancerIP: \"\"\n loadBalancerSourceRanges: []\n servicePort: 443\n type: ClusterIP\n\n patch:\n enabled: true\n image:\n repository: jettech/kube-webhook-certgen\n tag: v1.0.0\n pullPolicy: IfNotPresent\n ## Provide a priority class name to the webhook patching job\n ##\n priorityClassName: \"\"\n podAnnotations: {}\n nodeSelector: {}\n\n metrics:\n port: 10254\n # if this port is changed, change healthz-port: in extraArgs: accordingly\n enabled: false\n\n service:\n annotations: {}\n # prometheus.io/scrape: \"true\"\n # prometheus.io/port: \"10254\"\n\n ## Deprecated, instead simply do not provide a clusterIP value\n omitClusterIP: false\n # clusterIP: \"\"\n\n ## List of IP addresses at which the stats-exporter service is available\n ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips\n ##\n externalIPs: []\n\n loadBalancerIP: \"\"\n loadBalancerSourceRanges: []\n servicePort: 9913\n type: ClusterIP\n\n serviceMonitor:\n enabled: false\n additionalLabels: {}\n namespace: \"\"\n namespaceSelector: {}\n # Default: scrape .Release.Namespace only\n # To scrape all, use the following:\n # namespaceSelector:\n # any: true\n scrapeInterval: 30s\n # honorLabels: true\n\n prometheusRule:\n enabled: false\n additionalLabels: {}\n namespace: \"\"\n rules: []\n # # These are just examples rules, please adapt them to your needs\n # - alert: TooMany500s\n # expr: 100 * ( sum( nginx_ingress_controller_requests{status=~\"5.+\"} ) / sum(nginx_ingress_controller_requests) ) \u003e 5\n # for: 1m\n # labels:\n # severity: critical\n # annotations:\n # description: Too many 5XXs\n # summary: More than 5% of the all requests did return 5XX, this require your attention\n # - alert: TooMany400s\n # expr: 100 * ( sum( nginx_ingress_controller_requests{status=~\"4.+\"} ) / sum(nginx_ingress_controller_requests) ) \u003e 5\n # for: 1m\n # labels:\n # severity: critical\n # annotations:\n # description: Too many 4XXs\n # summary: More than 5% of the all requests did return 4XX, this require your attention\n\n\n lifecycle: {}\n\n priorityClassName: \"\"\n\n## Rollback limit\n##\nrevisionHistoryLimit: 10\n\n## Default 404 backend\n##\ndefaultBackend:\n\n ## If false, controller.defaultBackendService must be provided\n ##\n enabled: true\n\n name: default-backend\n image:\n repository: rancher/nginx-ingress-controller-defaultbackend\n tag: \"1.5-rancher1\"\n pullPolicy: IfNotPresent\n # nobody user -\u003e uid 65534\n runAsUser: 65534\n\n # This will fix the issue of HPA not being able to read the metrics.\n # Note that if you enable it for existing deployments, it won't work as the labels are immutable.\n # We recommend setting this to true for new deployments.\n useComponentLabel: false\n\n extraArgs: {}\n\n serviceAccount:\n create: true\n name:\n ## Additional environment variables to set for defaultBackend pods\n extraEnvs: []\n\n port: 8080\n\n ## Readiness and liveness probes for default backend\n ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/\n ##\n livenessProbe:\n failureThreshold: 3\n initialDelaySeconds: 30\n periodSeconds: 10\n successThreshold: 1\n timeoutSeconds: 5\n readinessProbe:\n failureThreshold: 6\n initialDelaySeconds: 0\n periodSeconds: 5\n successThreshold: 1\n timeoutSeconds: 5\n\n ## Node tolerations for server scheduling to nodes with taints\n ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/\n ##\n tolerations: []\n # - key: \"key\"\n # operator: \"Equal|Exists\"\n # value: \"value\"\n # effect: \"NoSchedule|PreferNoSchedule|NoExecute(1.6 only)\"\n\n affinity: {}\n\n ## Security Context policies for controller pods\n ## See https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ for\n ## notes on enabling and using sysctls\n ##\n podSecurityContext: {}\n\n # labels to add to the deployment metadata\n deploymentLabels: {}\n\n # labels to add to the pod container metadata\n podLabels: {}\n # key: value\n\n ## Node labels for default backend pod assignment\n ## Ref: https://kubernetes.io/docs/user-guide/node-selection/\n ##\n nodeSelector: {}\n\n ## Annotations to be added to default backend pods\n ##\n podAnnotations: {}\n\n replicaCount: 1\n\n minAvailable: 1\n\n resources: {}\n # limits:\n # cpu: 10m\n # memory: 20Mi\n # requests:\n # cpu: 10m\n # memory: 20Mi\n\n service:\n annotations: {}\n ## Deprecated, instead simply do not provide a clusterIP value\n omitClusterIP: false\n # clusterIP: \"\"\n\n ## List of IP addresses at which the default backend service is available\n ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips\n ##\n externalIPs: []\n\n loadBalancerIP: \"\"\n loadBalancerSourceRanges: []\n servicePort: 80\n type: ClusterIP\n\n priorityClassName: \"\"\n\n# If provided, the value will be used as the `release` label instead of .Release.Name\nreleaseLabelOverride: \"\"\n\n## Enable RBAC as per https://github.com/kubernetes/ingress/tree/master/examples/rbac/nginx and https://github.com/kubernetes/ingress/issues/266\nrbac:\n create: true\n scope: false\n\n# If true, create \u0026 use Pod Security Policy resources\n# https://kubernetes.io/docs/concepts/policy/pod-security-policy/\npodSecurityPolicy:\n enabled: false\n\nserviceAccount:\n create: true\n name:\n\n## Optional array of imagePullSecrets containing private registry credentials\n## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/\nimagePullSecrets: []\n# - name: secretName\n\n# TCP service key:value pairs\n# Ref: https://github.com/kubernetes/contrib/tree/master/ingress/controllers/nginx/examples/tcp\n##\ntcp: {}\n# 8080: \"default/example-tcp-svc:9000\"\n\n# UDP service key:value pairs\n# Ref: https://github.com/kubernetes/contrib/tree/master/ingress/controllers/nginx/examples/udp\n##\nudp: {}\n# 53: \"kube-system/kube-dns:53\"\n\nglobal:\n systemDefaultRegistry: \"\"\n" + "charts": { + "rke2-canal": { + "repo": "rke2-charts", + "version": "v3.13.300-build2021022302" + }, + "rke2-coredns": { + "repo": "rke2-charts", + "version": "1.10.101-build2021022301" + }, + "rke2-ingress-nginx": { + "repo": "rke2-charts", + "version": "v1.20.5-build2021031801" + }, + "rke2-metrics-server": { + "repo": "rke2-charts", + "version": "2.11.100-build2021022300" + } }, "maxChannelServerVersion": "v2.5.99", "minChannelServerVersion": "v2.5.6-rc1",