manifests/values/ingress-nginx/values/ingress-nginx.yaml.gotmpl

## nginx configuration
## Ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/index.md
##
## Overrides for generated resource names
# See templates/_helpers.tpl
# nameOverride:
fullnameOverride: main-ingress-nginx
controller:
  resources:
    #limits:
    #  memory: {{ .Values.nginx.resources.controller.memory }}
    requests:
      cpu: {{ .Values.nginx.resources.controller.cpu }}
      memory: {{ .Values.nginx.resources.controller.memory }}

  {{if .Values.clusterConfig.ingress_hostnetwork }}
  config:
    worker-processes: 8
  {{end }}

  ingressClassResource:
    default: true

  tolerations:
   - key: unschedulable
     operator: Exists
     effect: NoSchedule
   - key: node-role.kubernetes.io/control-plane
     operator: Exists
     effect: NoSchedule

  affinity:
    nodeAffinity:
      requiredDuringSchedulingIgnoredDuringExecution:
        nodeSelectorTerms:
        - matchExpressions:
          - key: kubernetes.io/hostname
            operator: In
            values: {{ .Values.clusterConfig.ingress_nodes }}

    podAntiAffinity:
      requiredDuringSchedulingIgnoredDuringExecution:
      - labelSelector:
          matchExpressions:
          - key: app.kubernetes.io/instance
            operator: In
            values:
            - ingress-nginx
          - key: app.kubernetes.io/component
            operator: In
            values:
            - controller
        topologyKey: "kubernetes.io/hostname"

  podAnnotations:
    config.linkerd.io/skip-inbound-ports: 80,443

  replicaCount: {{ .Values.clusterConfig.ingress_replica_count }}

  minAvailable: {{ .Values.nginx.pdb.minAvailable }}

  service:
  {{- if .Values.clusterConfig.ingress_loadbalancer }}
    type: LoadBalancer
    {{- if .Values.clusterConfig.ingress_nodeport }}
    nodePorts:
      http: 30080
      https: 30443
    {{- end }}
  {{- else if .Values.clusterConfig.ingress_nodeport }}
    type: NodePort
    externalTrafficPolicy: Local
    nodePorts:
      http: 30080
      https: 30443
      tcp: {}
      udp: {}
  {{- else }}
    type: ClusterIP
  {{- end }}
    annotations:
      {{- with .Values.nginx.annotations }}
      {{ toYaml . | nindent 8 }}
      {{- end }}

  hostNetwork: {{ .Values.clusterConfig.ingress_hostnetwork }}

  hostPort:
    enabled: {{ .Values.clusterConfig.ingress_hostport }}
    ports:
      http: 80
      https: 443

  metrics:
    enabled: true

    service:
      annotations:
        prometheus.io/scrape: "true"
        prometheus.io/port: "10254"

      servicePort: 9913
      type: ClusterIP

    serviceMonitor:
      enabled: true

  admissionWebhooks:
    enabled: false

## Default 404 backend
##
defaultBackend:
  enabled: true

  image:
    registry: registry.k8s.io
    image: ingress-nginx/custom-error-pages
    ## for backwards compatibility consider setting the full image url via the repository value below
    ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail
    ## repository:
    tag: "v1.2.5"
    pullPolicy: IfNotPresent
    # nobody user -> uid 65534
    runAsUser: 65534
    runAsNonRoot: true
    readOnlyRootFilesystem: true
    allowPrivilegeEscalation: false

  tolerations:
   - key: unschedulable
     operator: Exists
     effect: NoSchedule

  ## Additional volumeMounts to the default backend container.
  #  - name: copy-portal-skins
  #   mountPath: /var/lib/lemonldap-ng/portal/skins
  extraVolumeMounts:
    - name: custom-error-pages
      mountPath: /www

  ## Additional volumes to the default backend pod.
  #  - name: copy-portal-skins
  #    emptyDir: {}
  extraVolumes:
  - name: custom-error-pages
    configMap:
      name: custom-error-pages
      items:
      - key: "404"
        path: "404.html"
      - key: "503"
        path: "503.html"