# Copyright VMware, Inc. # SPDX-License-Identifier: APACHE-2.0 ## @section Global parameters ## Global Docker image parameters ## Please, note that this will override the image parameters, including dependencies, configured to use the global value ## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass ## @param global.imageRegistry Global Docker image registry ## @param global.imagePullSecrets Global Docker registry secret names as an array ## global: imageRegistry: "" ## E.g. ## imagePullSecrets: ## - myRegistryKeySecretName ## imagePullSecrets: [] ## @section Common parameters ## @param nameOverride String to partially override nginx.fullname template (will maintain the release name) ## nameOverride: "" ## @param fullnameOverride String to fully override nginx.fullname template ## fullnameOverride: "" ## @param namespaceOverride String to fully override common.names.namespace ## namespaceOverride: "" ## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set) ## kubeVersion: "" ## @param clusterDomain Kubernetes Cluster Domain ## clusterDomain: cluster.local ## @param extraDeploy Extra objects to deploy (value evaluated as a template) ## extraDeploy: [] ## @param commonLabels Add labels to all the deployed resources ## commonLabels: {} ## @param commonAnnotations Add annotations to all the deployed resources ## commonAnnotations: {} ## Enable diagnostic mode in the deployment(s)/statefulset(s) ## diagnosticMode: ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden) ## enabled: false ## @param diagnosticMode.command Command to override all containers in the the deployment(s)/statefulset(s) ## command: - sleep ## @param diagnosticMode.args Args to override all containers in the the deployment(s)/statefulset(s) ## args: - infinity ## @section NGINX parameters ## Bitnami NGINX image version ## ref: https://hub.docker.com/r/bitnami/nginx/tags/ ## @param image.registry [default: REGISTRY_NAME] NGINX image registry ## @param image.repository [default: REPOSITORY_NAME/nginx] NGINX image repository ## @skip image.tag NGINX image tag (immutable tags are recommended) ## @param image.digest NGINX image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag ## @param image.pullPolicy NGINX image pull policy ## @param image.pullSecrets Specify docker-registry secret names as an array ## @param image.debug Set to true if you would like to see extra information on logs ## image: registry: docker.io repository: bitnami/nginx tag: 1.25.3-debian-11-r7 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images ## pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## E.g.: ## pullSecrets: ## - myRegistryKeySecretName ## pullSecrets: [] ## Set to true if you would like to see extra information on logs ## debug: false ## @param automountServiceAccountToken Mount Service Account token in pod ## automountServiceAccountToken: false ## @param hostAliases Deployment pod host aliases ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ ## hostAliases: [] ## Command and args for running the container (set to default if not set). Use array form ## @param command Override default container command (useful when using custom images) ## @param args Override default container args (useful when using custom images) ## command: [] args: [] ## @param extraEnvVars Extra environment variables to be set on NGINX containers ## E.g: ## extraEnvVars: ## - name: FOO ## value: BAR ## extraEnvVars: [] ## @param extraEnvVarsCM ConfigMap with extra environment variables ## extraEnvVarsCM: "" ## @param extraEnvVarsSecret Secret with extra environment variables ## extraEnvVarsSecret: "" ## @section NGINX deployment parameters ## @param replicaCount Number of NGINX replicas to deploy ## replicaCount: 1 ## @param revisionHistoryLimit The number of old history to retain to allow rollback ## revisionHistoryLimit: 10 ## @param updateStrategy.type NGINX deployment strategy type ## @param updateStrategy.rollingUpdate NGINX deployment rolling update configuration parameters ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy ## updateStrategy: type: RollingUpdate rollingUpdate: {} ## @param podLabels Additional labels for NGINX pods ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ ## podLabels: {} ## @param podAnnotations Annotations for NGINX pods ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ ## podAnnotations: {} ## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## podAffinityPreset: "" ## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## podAntiAffinityPreset: soft ## Node affinity preset ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity ## nodeAffinityPreset: ## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` ## type: "" ## @param nodeAffinityPreset.key Node label key to match Ignored if `affinity` is set. ## E.g. ## key: "kubernetes.io/e2e-az-name" ## key: "" ## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set. ## E.g. ## values: ## - e2e-az1 ## - e2e-az2 ## values: [] ## @param affinity Affinity for pod assignment ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity ## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set ## affinity: {} ## @param hostNetwork Specify if host network should be enabled for NGINX pod ## hostNetwork: false ## @param hostIPC Specify if host IPC should be enabled for NGINX pod ## hostIPC: false ## @param nodeSelector Node labels for pod assignment. Evaluated as a template. ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ ## nodeSelector: {} ## @param tolerations Tolerations for pod assignment. Evaluated as a template. ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ ## tolerations: [] ## @param priorityClassName NGINX pods' priorityClassName ## priorityClassName: "" ## @param schedulerName Name of the k8s scheduler (other than default) ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ ## schedulerName: "" ## @param terminationGracePeriodSeconds In seconds, time the given to the NGINX pod needs to terminate gracefully ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods ## terminationGracePeriodSeconds: "" ## @param topologySpreadConstraints Topology Spread Constraints for pod assignment ## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ ## The value is evaluated as a template ## topologySpreadConstraints: [] ## NGINX pods' Security Context. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## @param podSecurityContext.enabled Enabled NGINX pods' Security Context ## @param podSecurityContext.fsGroupChangePolicy Set filesystem group change policy ## @param podSecurityContext.supplementalGroups Set filesystem extra groups ## @param podSecurityContext.fsGroup Set NGINX pod's Security Context fsGroup ## @param podSecurityContext.sysctls sysctl settings of the NGINX pods ## podSecurityContext: enabled: true fsGroupChangePolicy: Always supplementalGroups: [] fsGroup: 1001 ## sysctl settings ## Example: ## sysctls: ## - name: net.core.somaxconn ## value: "10000" ## sysctls: [] ## NGINX containers' Security Context. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param containerSecurityContext.enabled Enabled containers' Security Context ## @param containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container ## @param containerSecurityContext.runAsUser Set containers' Security Context runAsUser ## @param containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot ## @param containerSecurityContext.privileged Set container's Security Context privileged ## @param containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem ## @param containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation ## @param containerSecurityContext.capabilities.drop List of capabilities to be dropped ## @param containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile ## containerSecurityContext: enabled: true seLinuxOptions: null runAsUser: 1001 runAsNonRoot: true privileged: false readOnlyRootFilesystem: false allowPrivilegeEscalation: false capabilities: drop: ["ALL"] seccompProfile: type: "RuntimeDefault" ## Configures the ports NGINX listens on ## @param containerPorts.http Sets http port inside NGINX container ## @param containerPorts.https Sets https port inside NGINX container ## containerPorts: http: 8080 https: "" ## @param extraContainerPorts Array of additional container ports for the Nginx container ## e.g: ## extraContainerPorts: ## - name: grpc ## containerPort: 4317 ## extraContainerPorts: [] ## NGINX containers' resource requests and limits ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ ## We usually recommend not to specify default resources and to leave this as a conscious ## choice for the user. This also increases chances charts run on environments with little ## resources, such as Minikube. If you do want to specify resources, uncomment the following ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. ## @param resources.limits The resources limits for the NGINX container ## @param resources.requests The requested resources for the NGINX container ## resources: ## Example: ## limits: ## cpu: 100m ## memory: 128Mi limits: {} ## Examples: ## requests: ## cpu: 100m ## memory: 128Mi requests: {} ## NGINX containers' lifecycleHooks ## ref: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/ ## If you do want to specify lifecycleHooks, uncomment the following ## lines, adjust them as necessary, and remove the curly braces on 'lifecycle:{}'. ## @param lifecycleHooks Optional lifecycleHooks for the NGINX container lifecycleHooks: {} ## Example: ## postStart: ## exec: ## command: ["/bin/sh", "-c", "echo Hello from the postStart handler > /usr/share/message"] ## Example: ## preStop: ## exec: ## command: ["/bin/sleep", "20"] ## command: ["/bin/sh","-c","nginx -s quit; while killall -0 nginx; do sleep 1; done"] ## NGINX containers' startup probe. ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes ## @param startupProbe.enabled Enable startupProbe ## @param startupProbe.initialDelaySeconds Initial delay seconds for startupProbe ## @param startupProbe.periodSeconds Period seconds for startupProbe ## @param startupProbe.timeoutSeconds Timeout seconds for startupProbe ## @param startupProbe.failureThreshold Failure threshold for startupProbe ## @param startupProbe.successThreshold Success threshold for startupProbe ## startupProbe: enabled: false initialDelaySeconds: 30 timeoutSeconds: 5 periodSeconds: 10 failureThreshold: 6 successThreshold: 1 ## NGINX containers' liveness probe. ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes ## @param livenessProbe.enabled Enable livenessProbe ## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe ## @param livenessProbe.periodSeconds Period seconds for livenessProbe ## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe ## @param livenessProbe.failureThreshold Failure threshold for livenessProbe ## @param livenessProbe.successThreshold Success threshold for livenessProbe ## livenessProbe: enabled: true initialDelaySeconds: 30 timeoutSeconds: 5 periodSeconds: 10 failureThreshold: 6 successThreshold: 1 ## NGINX containers' readiness probe. ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes ## @param readinessProbe.enabled Enable readinessProbe ## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe ## @param readinessProbe.periodSeconds Period seconds for readinessProbe ## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe ## @param readinessProbe.failureThreshold Failure threshold for readinessProbe ## @param readinessProbe.successThreshold Success threshold for readinessProbe ## readinessProbe: enabled: true initialDelaySeconds: 5 timeoutSeconds: 3 periodSeconds: 5 failureThreshold: 3 successThreshold: 1 ## @param customStartupProbe Custom liveness probe for the Web component ## customStartupProbe: {} ## @param customLivenessProbe Override default liveness probe ## customLivenessProbe: {} ## @param customReadinessProbe Override default readiness probe ## customReadinessProbe: {} ## Autoscaling parameters ## @param autoscaling.enabled Enable autoscaling for NGINX deployment ## @param autoscaling.minReplicas Minimum number of replicas to scale back ## @param autoscaling.maxReplicas Maximum number of replicas to scale out ## @param autoscaling.targetCPU Target CPU utilization percentage ## @param autoscaling.targetMemory Target Memory utilization percentage ## autoscaling: enabled: false minReplicas: "" maxReplicas: "" targetCPU: "" targetMemory: "" ## @param extraVolumes Array to add extra volumes ## extraVolumes: [] ## @param extraVolumeMounts Array to add extra mount ## extraVolumeMounts: [] ## Pods Service Account ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ ## serviceAccount: ## @param serviceAccount.create Enable creation of ServiceAccount for nginx pod ## create: true ## @param serviceAccount.name The name of the ServiceAccount to use. ## If not set and create is true, a name is generated using the `common.names.fullname` template name: "" ## @param serviceAccount.annotations Annotations for service account. Evaluated as a template. ## Only used if `create` is `true`. ## annotations: {} ## @param serviceAccount.automountServiceAccountToken Auto-mount the service account token in the pod ## automountServiceAccountToken: false ## @param sidecars Sidecar parameters ## e.g: ## sidecars: ## - name: your-image-name ## image: your-image ## imagePullPolicy: Always ## ports: ## - name: portname ## containerPort: 1234 ## sidecars: [] ## @param sidecarSingleProcessNamespace Enable sharing the process namespace with sidecars ## This will switch pod.spec.shareProcessNamespace parameter ## sidecarSingleProcessNamespace: false ## @param initContainers Extra init containers ## initContainers: [] ## Pod Disruption Budget configuration ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ ## pdb: ## @param pdb.create Created a PodDisruptionBudget ## create: false ## @param pdb.minAvailable Min number of pods that must still be available after the eviction. ## You can specify an integer or a percentage by setting the value to a string representation of a percentage (eg. "50%"). It will be disabled if set to 0 ## minAvailable: 1 ## @param pdb.maxUnavailable Max number of pods that can be unavailable after the eviction. ## You can specify an integer or a percentage by setting the value to a string representation of a percentage (eg. "50%"). It will be disabled if set to 0 ## maxUnavailable: 0 ## @section Custom NGINX application parameters ## Get the server static content from a git repository ## NOTE: This will override staticSiteConfigmap and staticSitePVC ## cloneStaticSiteFromGit: ## @param cloneStaticSiteFromGit.enabled Get the server static content from a Git repository ## enabled: false ## Bitnami Git image version ## ref: https://hub.docker.com/r/bitnami/git/tags/ ## @param cloneStaticSiteFromGit.image.registry [default: REGISTRY_NAME] Git image registry ## @param cloneStaticSiteFromGit.image.repository [default: REPOSITORY_NAME/git] Git image repository ## @skip cloneStaticSiteFromGit.image.tag Git image tag (immutable tags are recommended) ## @param cloneStaticSiteFromGit.image.digest Git image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag ## @param cloneStaticSiteFromGit.image.pullPolicy Git image pull policy ## @param cloneStaticSiteFromGit.image.pullSecrets Specify docker-registry secret names as an array ## image: registry: docker.io repository: bitnami/git tag: 2.43.0-debian-11-r9 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images ## pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## e.g: ## pullSecrets: ## - myRegistryKeySecretName ## pullSecrets: [] ## @param cloneStaticSiteFromGit.repository Git Repository to clone static content from ## repository: "" ## @param cloneStaticSiteFromGit.branch Git branch to checkout ## branch: "" ## @param cloneStaticSiteFromGit.interval Interval for sidecar container pull from the Git repository ## interval: 60 ## Additional configuration for git-clone-repository initContainer ## gitClone: ## @param cloneStaticSiteFromGit.gitClone.command Override default container command for git-clone-repository ## command: [] ## @param cloneStaticSiteFromGit.gitClone.args Override default container args for git-clone-repository ## args: [] ## Additional configuration for the git-repo-syncer container ## gitSync: ## @param cloneStaticSiteFromGit.gitSync.command Override default container command for git-repo-syncer ## command: [] ## @param cloneStaticSiteFromGit.gitSync.args Override default container args for git-repo-syncer ## args: [] ## git-repo-syncer resource requests and limits ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ ## @param cloneStaticSiteFromGit.gitSync.resources.limits The resources limits for the git-repo-syncer container ## @param cloneStaticSiteFromGit.gitSync.resources.requests The requested resources for the git-repo-syncer container ## resources: limits: {} requests: {} ## @param cloneStaticSiteFromGit.extraEnvVars Additional environment variables to set for the in the containers that clone static site from git ## E.g: ## extraEnvVars: ## - name: FOO ## value: BAR ## extraEnvVars: [] ## @param cloneStaticSiteFromGit.extraEnvVarsSecret Secret with extra environment variables ## extraEnvVarsSecret: "" ## @param cloneStaticSiteFromGit.extraVolumeMounts Add extra volume mounts for the Git containers ## Useful to mount keys to connect through ssh. (normally used with extraVolumes) ## E.g: ## extraVolumeMounts: ## - name: ssh-dir ## mountPath: /root/.ssh/ ## extraVolumeMounts: [] ## @param serverBlock Custom server block to be added to NGINX configuration ## PHP-FPM example server block: ## serverBlock: |- ## server { ## listen 0.0.0.0:8080; ## root /app; ## location / { ## index index.html index.php; ## } ## location ~ .php$ { ## fastcgi_pass phpfpm-server:9000; ## fastcgi_index index.php; ## include fastcgi.conf; ## } ## } ## serverBlock: "" ## @param existingServerBlockConfigmap ConfigMap with custom server block to be added to NGINX configuration ## NOTE: This will override serverBlock ## existingServerBlockConfigmap: "" ## @param staticSiteConfigmap Name of existing ConfigMap with the server static site content ## staticSiteConfigmap: "" ## @param staticSitePVC Name of existing PVC with the server static site content ## NOTE: This will override staticSiteConfigmap ## staticSitePVC: "" ## @section Traffic Exposure parameters ## NGINX Service properties ## service: ## @param service.type Service type ## type: LoadBalancer ## @param service.ports.http Service HTTP port ## @param service.ports.https Service HTTPS port ## ports: http: 80 https: 443 ## ## @param service.nodePorts [object] Specify the nodePort(s) value(s) for the LoadBalancer and NodePort service types. ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport ## nodePorts: http: "" https: "" ## @param service.targetPort [object] Target port reference value for the Loadbalancer service types can be specified explicitly. ## Listeners for the Loadbalancer can be custom mapped to the http or https service. ## Example: Mapping the https listener to targetPort http [http: https] ## targetPort: http: http https: https ## @param service.clusterIP NGINX service Cluster IP ## e.g.: ## clusterIP: None ## clusterIP: "" ## @param service.loadBalancerIP LoadBalancer service IP address ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer ## loadBalancerIP: "" ## @param service.loadBalancerSourceRanges NGINX service Load Balancer sources ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service ## e.g: ## loadBalancerSourceRanges: ## - 10.10.10.0/24 ## loadBalancerSourceRanges: [] ## @param service.loadBalancerClass service Load Balancer class if service type is `LoadBalancer` (optional, cloud specific) ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer ## loadBalancerClass: "" ## @param service.extraPorts Extra ports to expose (normally used with the `sidecar` value) ## extraPorts: [] ## @param service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP" ## If "ClientIP", consecutive client requests will be directed to the same Pod ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies ## sessionAffinity: None ## @param service.sessionAffinityConfig Additional settings for the sessionAffinity ## sessionAffinityConfig: ## clientIP: ## timeoutSeconds: 300 ## sessionAffinityConfig: {} ## @param service.annotations Service annotations ## This can be used to set the LoadBalancer service type to internal only. ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer ## annotations: {} ## @param service.externalTrafficPolicy Enable client source IP preservation ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip ## externalTrafficPolicy: Cluster ## Network Policies ## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ ## networkPolicy: ## @param networkPolicy.enabled Specifies whether a NetworkPolicy should be created ## enabled: true ## @param networkPolicy.allowExternal Don't require server label for connections ## The Policy model to apply. When set to false, only pods with the correct ## server label will have network access to the ports server is listening ## on. When true, server will accept connections from any source ## (with the correct destination port). ## allowExternal: true ## @param networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations. ## allowExternalEgress: true ## @param networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolice ## e.g: ## extraIngress: ## - ports: ## - port: 1234 ## from: ## - podSelector: ## - matchLabels: ## - role: frontend ## - podSelector: ## - matchExpressions: ## - key: role ## operator: In ## values: ## - frontend extraIngress: [] ## @param networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy (ignored if allowExternalEgress=true) ## e.g: ## extraEgress: ## - ports: ## - port: 1234 ## to: ## - podSelector: ## - matchLabels: ## - role: frontend ## - podSelector: ## - matchExpressions: ## - key: role ## operator: In ## values: ## - frontend ## extraEgress: [] ## @param networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces ## @param networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces ## ingressNSMatchLabels: {} ingressNSPodMatchLabels: {} ## Configure the ingress resource that allows you to access the ## Nginx installation. Set up the URL ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/ ## ingress: ## @param ingress.enabled Set to true to enable ingress record generation ## enabled: false ## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm ## selfSigned: false ## @param ingress.pathType Ingress path type ## pathType: ImplementationSpecific ## @param ingress.apiVersion Force Ingress API version (automatically detected if not set) ## apiVersion: "" ## @param ingress.hostname Default host for the ingress resource ## hostname: nginx.local ## @param ingress.path The Path to Nginx. You may need to set this to '/*' in order to use this with ALB ingress controllers. ## path: / ## @param ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. ## For a full list of possible ingress annotations, please see ## ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md ## Use this parameter to set the required annotations for cert-manager, see ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations ## ## e.g: ## annotations: ## kubernetes.io/ingress.class: nginx ## cert-manager.io/cluster-issuer: cluster-issuer-name ## annotations: {} ## @param ingress.ingressClassName Set the ingerssClassName on the ingress record for k8s 1.18+ ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster . ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/ ## ingressClassName: "" ## @param ingress.tls Create TLS Secret ## TLS certificates will be retrieved from a TLS secret with name: {{- printf "%s-tls" .Values.ingress.hostname }} ## You can use the ingress.secrets parameter to create this TLS secret or relay on cert-manager to create it ## tls: false ## @param ingress.extraHosts The list of additional hostnames to be covered with this ingress record. ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array ## extraHosts: ## - name: nginx.local ## path: / ## extraHosts: [] ## @param ingress.extraPaths Any additional arbitrary paths that may need to be added to the ingress under the main host. ## For example: The ALB ingress controller requires a special rule for handling SSL redirection. ## extraPaths: ## - path: /* ## backend: ## serviceName: ssl-redirect ## servicePort: use-annotation ## extraPaths: [] ## @param ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record. ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls ## extraTls: ## - hosts: ## - nginx.local ## secretName: nginx.local-tls ## extraTls: [] ## @param ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets ## key and certificate should start with -----BEGIN CERTIFICATE----- or ## -----BEGIN RSA PRIVATE KEY----- ## ## name should line up with a tlsSecret set further up ## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set ## ## It is also possible to create and manage the certificates outside of this helm chart ## Please see README.md for more information ## e.g: ## - name: nginx.local-tls ## key: ## certificate: ## secrets: [] ## @param ingress.extraRules The list of additional rules to be added to this ingress record. Evaluated as a template ## Useful when looking for additional customization, such as using different backend ## extraRules: [] ## Health Ingress parameters ## healthIngress: ## @param healthIngress.enabled Set to true to enable health ingress record generation ## enabled: false ## @param healthIngress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm ## selfSigned: false ## @param healthIngress.pathType Ingress path type ## pathType: ImplementationSpecific ## @param healthIngress.hostname When the health ingress is enabled, a host pointing to this will be created ## hostname: example.local ## @param healthIngress.path Default path for the ingress record ## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers ## path: / ## @param healthIngress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. ## For a full list of possible ingress annotations, please see ## ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md ## Use this parameter to set the required annotations for cert-manager, see ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations ## ## e.g: ## annotations: ## kubernetes.io/ingress.class: nginx ## cert-manager.io/cluster-issuer: cluster-issuer-name ## annotations: {} ## @param healthIngress.tls Enable TLS configuration for the hostname defined at `healthIngress.hostname` parameter ## TLS certificates will be retrieved from a TLS secret with name: {{- printf "%s-tls" .Values.healthIngress.hostname }} ## You can use the healthIngress.secrets parameter to create this TLS secret, relay on cert-manager to create it, or ## let the chart create self-signed certificates for you ## tls: false ## @param healthIngress.extraHosts An array with additional hostname(s) to be covered with the ingress record ## e.g: ## extraHosts: ## - name: example.local ## path: / ## extraHosts: [] ## @param healthIngress.extraPaths An array with additional arbitrary paths that may need to be added to the ingress under the main host ## e.g: ## extraPaths: ## - path: /* ## backend: ## serviceName: ssl-redirect ## servicePort: use-annotation ## extraPaths: [] ## @param healthIngress.extraTls TLS configuration for additional hostnames to be covered ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls ## E.g. ## extraTls: ## - hosts: ## - example.local ## secretName: example.local-tls ## extraTls: [] ## @param healthIngress.secrets TLS Secret configuration ## If you're providing your own certificates, please use this to add the certificates as secrets ## key and certificate should start with -----BEGIN CERTIFICATE----- or -----BEGIN RSA PRIVATE KEY----- ## name should line up with a secretName set further up ## If it is not set and you're using cert-manager, this is unneeded, as it will create the secret for you ## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created ## It is also possible to create and manage the certificates outside of this helm chart ## Please see README.md for more information ## ## E.g. ## secrets: ## - name: example.local-tls ## key: ## certificate: ## secrets: [] ## @param healthIngress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster . ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/ ## ingressClassName: "" ## @param healthIngress.extraRules The list of additional rules to be added to this ingress record. Evaluated as a template ## Useful when looking for additional customization, such as using different backend ## extraRules: [] ## @section Metrics parameters ## Prometheus Exporter / Metrics ## metrics: ## @param metrics.enabled Start a Prometheus exporter sidecar container ## enabled: false ## Bitnami NGINX Prometheus Exporter image ## ref: https://hub.docker.com/r/bitnami/nginx-exporter/tags/ ## @param metrics.image.registry [default: REGISTRY_NAME] NGINX Prometheus exporter image registry ## @param metrics.image.repository [default: REPOSITORY_NAME/nginx-exporter] NGINX Prometheus exporter image repository ## @skip metrics.image.tag NGINX Prometheus exporter image tag (immutable tags are recommended) ## @param metrics.image.digest NGINX Prometheus exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag ## @param metrics.image.pullPolicy NGINX Prometheus exporter image pull policy ## @param metrics.image.pullSecrets Specify docker-registry secret names as an array ## image: registry: docker.io repository: bitnami/nginx-exporter tag: 1.1.0-debian-11-r3 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## e.g: ## pullSecrets: ## - myRegistryKeySecretName ## pullSecrets: [] ## @param metrics.port NGINX Container Status Port scraped by Prometheus Exporter ## Defaults to specified http port ## port: "" ## @param metrics.extraArgs Extra arguments for Prometheus exporter ## e.g: ## extraArgs: ## - --nginx.timeout ## - 5s ## extraArgs: [] ## @param metrics.containerPorts.metrics Prometheus exporter container port ## containerPorts: metrics: 9113 ## @param metrics.podAnnotations Additional annotations for NGINX Prometheus exporter pod(s) ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ ## podAnnotations: {} ## Container Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ ## @param metrics.securityContext.enabled Enabled NGINX Exporter containers' Security Context ## @param metrics.securityContext.seLinuxOptions [object,nullable] Set SELinux options in container ## @param metrics.securityContext.runAsUser Set NGINX Exporter container's Security Context runAsUser ## securityContext: enabled: false seLinuxOptions: null runAsUser: 1001 ## Prometheus exporter service parameters ## service: ## @param metrics.service.port NGINX Prometheus exporter service port ## port: 9113 ## @param metrics.service.annotations [object] Annotations for the Prometheus exporter service ## annotations: prometheus.io/scrape: "true" prometheus.io/port: "{{ .Values.metrics.service.port }}" ## NGINX Prometheus exporter resource requests and limits ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ ## We usually recommend not to specify default resources and to leave this as a conscious ## choice for the user. This also increases chances charts run on environments with little ## resources, such as Minikube. If you do want to specify resources, uncomment the following ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. ## @param metrics.resources.limits The resources limits for the NGINX Prometheus exporter container ## @param metrics.resources.requests The requested resources for the NGINX Prometheus exporter container ## resources: ## Example: ## limits: ## cpu: 100m ## memory: 128Mi limits: {} ## Examples: ## requests: ## cpu: 100m ## memory: 128Mi requests: {} ## Prometheus Operator ServiceMonitor configuration ## serviceMonitor: ## @param metrics.serviceMonitor.enabled Creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`) ## enabled: false ## @param metrics.serviceMonitor.namespace Namespace in which Prometheus is running ## namespace: "" ## @param metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus. ## jobLabel: "" ## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped. ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint ## e.g: ## interval: 10s ## interval: "" ## @param metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint ## e.g: ## scrapeTimeout: 10s ## scrapeTimeout: "" ## @param metrics.serviceMonitor.selector Prometheus instance selector labels ## ref: https://github.com/bitnami/charts/tree/main/bitnami/prometheus-operator#prometheus-configuration ## ## selector: ## prometheus: my-prometheus ## selector: {} ## @param metrics.serviceMonitor.labels Additional labels that can be used so PodMonitor will be discovered by Prometheus ## labels: {} ## @param metrics.serviceMonitor.relabelings RelabelConfigs to apply to samples before scraping ## relabelings: [] ## @param metrics.serviceMonitor.metricRelabelings MetricRelabelConfigs to apply to samples before ingestion ## metricRelabelings: [] ## @param metrics.serviceMonitor.honorLabels honorLabels chooses the metric's labels on collisions with target labels ## honorLabels: false ## Prometheus Operator PrometheusRule configuration ## prometheusRule: ## @param metrics.prometheusRule.enabled if `true`, creates a Prometheus Operator PrometheusRule (also requires `metrics.enabled` to be `true` and `metrics.prometheusRule.rules`) ## enabled: false ## @param metrics.prometheusRule.namespace Namespace for the PrometheusRule Resource (defaults to the Release Namespace) ## namespace: "" ## @param metrics.prometheusRule.additionalLabels Additional labels that can be used so PrometheusRule will be discovered by Prometheus ## additionalLabels: {} ## @param metrics.prometheusRule.rules Prometheus Rule definitions ## - alert: LowInstance ## expr: up{service="{{ template "common.names.fullname" . }}"} < 1 ## for: 1m ## labels: ## severity: critical ## annotations: ## description: Service {{ template "common.names.fullname" . }} Tomcat is down since 1m. ## summary: Tomcat instance is down. ## rules: []