diff --git a/charts/nginx-ingress/values.schema.json b/charts/nginx-ingress/values.schema.json index 58d31ef018..e821021d36 100644 --- a/charts/nginx-ingress/values.schema.json +++ b/charts/nginx-ingress/values.schema.json @@ -1671,13 +1671,55 @@ }, "examples": [ { - "name": "", + "name": "controller", "kind": "deployment", "nginxplus": false, "nginxReloadTimeout": 60000, "appprotect": { "enable": false, - "logLevel": "fatal" + "v5": false, + "logLevel": "fatal", + "volumes": [ + { + "name": "app-protect-bd-config", + "emptyDir": {} + }, + { + "name": "app-protect-config", + "emptyDir": {} + }, + { + "name": "app-protect-bundles", + "emptyDir": {} + } + ], + "enforcer": { + "host": "127.0.0.1", + "port": 50000, + "image": { + "repository": "private-registry.nginx.com/nap/waf-enforcer", + "tag": "5.3.0", + "pullPolicy": "IfNotPresent" + }, + "securityContext": {} + }, + "configManager": { + "image": { + "repository": "private-registry.nginx.com/nap/waf-config-mgr", + "tag": "5.3.0", + "pullPolicy": "IfNotPresent" + }, + "securityContext": { + "allowPrivilegeEscalation": false, + "runAsUser": 101, + "runAsNonRoot": true, + "capabilities": { + "drop": [ + "all" + ] + } + } + } }, "appprotectdos": { "enable": false, @@ -1687,9 +1729,20 @@ "memory": 0 }, "hostNetwork": false, + "hostPort": { + "enable": false, + "http": 80, + "https": 443 + }, + "containerPort": { + "http": 80, + "https": 443 + }, + "dnsPolicy": "ClusterFirst", "nginxDebug": false, "shareProcessNamespace": false, "logLevel": "info", + "logFormat": "glog", "customPorts": [], "image": { "repository": "nginx/nginx-ingress", @@ -1716,19 +1769,28 @@ }, "nodeSelector": {}, "terminationGracePeriodSeconds": 30, - "podSecurityContext": { - "seccompProfile": { - "type": "RuntimeDefault" - } + "autoscaling": { + "enabled": false, + "annotations": {}, + "minReplicas": 1, + "maxReplicas": 3, + "targetCPUUtilizationPercentage": 50, + "targetMemoryUtilizationPercentage": 50, + "behavior": {} }, - "securityContext": {}, - "initContainerSecurityContext": {}, "resources": { "requests": { "cpu": "100m", "memory": "128Mi" } }, + "podSecurityContext": { + "seccompProfile": { + "type": "RuntimeDefault" + } + }, + "securityContext": {}, + "initContainerSecurityContext": {}, "initContainerResources": { "requests": { "cpu": "100m", @@ -1743,11 +1805,20 @@ "volumeMounts": [], "initContainers": [], "minReadySeconds": 0, + "podDisruptionBudget": { + "enabled": false, + "annotations": {}, + "minAvailable": 1, + "minUnavailable": 1 + }, "strategy": {}, "extraContainers": [], "replicaCount": 1, - "ingressClass": "nginx", - "setAsDefaultIngress": false, + "ingressClass": { + "name": "nginx", + "create": true, + "setAsDefaultIngress": false + }, "watchNamespace": "", "enableCustomResources": true, "enableOIDC": false, @@ -1774,6 +1845,7 @@ "annotations": {}, "extraLabels": {}, "loadBalancerIP": "", + "clusterIP": "", "externalIPs": [], "loadBalancerSourceRanges": [], "allocateLoadBalancerNodePorts": false, @@ -1782,26 +1854,23 @@ "httpPort": { "enable": true, "port": 80, + "nodePort": "", "targetPort": 80 }, "httpsPort": { "enable": true, "port": 443, + "nodePort": "", "targetPort": 443 }, "customPorts": [] }, "serviceAccount": { + "annotations": {}, "name": "", "imagePullSecretName": "", "imagePullSecretsNames": [] }, - "serviceMonitor": { - "create": false, - "labels": {}, - "selectorMatchLabels": {}, - "endpoints": {} - }, "reportIngressStatus": { "enable": true, "externalService": "", @@ -1824,7 +1893,12 @@ "disableIPV6": false, "defaultHTTPListenerPort": 80, "defaultHTTPSListenerPort": 443, - "readOnlyRootFilesystem": false + "readOnlyRootFilesystem": false, + "enableSSLDynamicReload": true, + "telemetryReporting": { + "enable": true + }, + "enableWeightChangesDynamicReload": false } ] }, @@ -2212,13 +2286,55 @@ "examples": [ { "controller": { - "name": "", + "name": "controller", "kind": "deployment", "nginxplus": false, "nginxReloadTimeout": 60000, "appprotect": { "enable": false, - "logLevel": "fatal" + "v5": false, + "logLevel": "fatal", + "volumes": [ + { + "name": "app-protect-bd-config", + "emptyDir": {} + }, + { + "name": "app-protect-config", + "emptyDir": {} + }, + { + "name": "app-protect-bundles", + "emptyDir": {} + } + ], + "enforcer": { + "host": "127.0.0.1", + "port": 50000, + "image": { + "repository": "private-registry.nginx.com/nap/waf-enforcer", + "tag": "5.3.0", + "pullPolicy": "IfNotPresent" + }, + "securityContext": {} + }, + "configManager": { + "image": { + "repository": "private-registry.nginx.com/nap/waf-config-mgr", + "tag": "5.3.0", + "pullPolicy": "IfNotPresent" + }, + "securityContext": { + "allowPrivilegeEscalation": false, + "runAsUser": 101, + "runAsNonRoot": true, + "capabilities": { + "drop": [ + "all" + ] + } + } + } }, "appprotectdos": { "enable": false, @@ -2228,8 +2344,20 @@ "memory": 0 }, "hostNetwork": false, + "hostPort": { + "enable": false, + "http": 80, + "https": 443 + }, + "containerPort": { + "http": 80, + "https": 443 + }, + "dnsPolicy": "ClusterFirst", "nginxDebug": false, + "shareProcessNamespace": false, "logLevel": "info", + "logFormat": "glog", "customPorts": [], "image": { "repository": "nginx/nginx-ingress", @@ -2256,12 +2384,28 @@ }, "nodeSelector": {}, "terminationGracePeriodSeconds": 30, + "autoscaling": { + "enabled": false, + "annotations": {}, + "minReplicas": 1, + "maxReplicas": 3, + "targetCPUUtilizationPercentage": 50, + "targetMemoryUtilizationPercentage": 50, + "behavior": {} + }, "resources": { "requests": { "cpu": "100m", "memory": "128Mi" } }, + "podSecurityContext": { + "seccompProfile": { + "type": "RuntimeDefault" + } + }, + "securityContext": {}, + "initContainerSecurityContext": {}, "initContainerResources": { "requests": { "cpu": "100m", @@ -2276,15 +2420,25 @@ "volumeMounts": [], "initContainers": [], "minReadySeconds": 0, + "podDisruptionBudget": { + "enabled": false, + "annotations": {}, + "minAvailable": 1, + "minUnavailable": 1 + }, "strategy": {}, "extraContainers": [], "replicaCount": 1, - "ingressClass": "nginx", - "setAsDefaultIngress": false, + "ingressClass": { + "name": "nginx", + "create": true, + "setAsDefaultIngress": false + }, "watchNamespace": "", "enableCustomResources": true, "enableOIDC": false, "enableTLSPassthrough": false, + "tlsPassthroughPort": 443, "enableCertManager": false, "enableExternalDNS": false, "globalConfiguration": { @@ -2306,6 +2460,7 @@ "annotations": {}, "extraLabels": {}, "loadBalancerIP": "", + "clusterIP": "", "externalIPs": [], "loadBalancerSourceRanges": [], "allocateLoadBalancerNodePorts": false, @@ -2326,16 +2481,11 @@ "customPorts": [] }, "serviceAccount": { + "annotations": {}, "name": "", "imagePullSecretName": "", "imagePullSecretsNames": [] }, - "podDisruptionBudget": { - "enabled": false, - "annotations": {}, - "minAvailable": 0, - "minUnavailable": 0 - }, "reportIngressStatus": { "enable": true, "externalService": "", @@ -2358,10 +2508,18 @@ "disableIPV6": false, "defaultHTTPListenerPort": 80, "defaultHTTPSListenerPort": 443, - "readOnlyRootFilesystem": false + "readOnlyRootFilesystem": false, + "enableSSLDynamicReload": true, + "telemetryReporting": { + "enable": true + }, + "enableWeightChangesDynamicReload": false }, "rbac": { - "create": true + "create": true, + "clusterrole": { + "create": true + } }, "prometheus": { "create": true, @@ -2370,17 +2528,25 @@ "scheme": "http", "service": { "create": false, - "labels": {} + "labels": { + "service": "nginx-ingress-prometheus-service" + } }, "serviceMonitor": { "create": false, "labels": {}, - "selectorMatchLabels": {}, - "endpoints": {} + "selectorMatchLabels": { + "service": "nginx-ingress-prometheus-service" + }, + "endpoints": [ + { + "port": "prometheus" + } + ] } }, "serviceInsight": { - "create": true, + "create": false, "port": 9114, "secret": "", "scheme": "http" @@ -2388,6 +2554,31 @@ "nginxServiceMesh": { "enable": false, "enableEgress": false + }, + "nginxAgent": { + "enable": false, + "instanceGroup": "", + "logLevel": "error", + "syslog": { + "host": "127.0.0.1", + "port": "1514" + }, + "napMonitoring": { + "collectorBufferSize": 50000, + "processorBufferSize": 50000 + }, + "instanceManager": { + "host": "", + "grpcPort": 443, + "sni": "", + "tls": { + "enabled": true, + "skipVerify": false, + "secret": "", + "caSecret": "" + } + }, + "customConfigMap": "" } } ]