|
|
@@ -137,11 +137,11 @@ For annotations, please see [this document](https://github.com/kubernetes/ingres
|
|
|
|
|
|
### Global parameters
|
|
|
|
|
|
-| Name | Description | Value |
|
|
|
-| ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------- |
|
|
|
-| `global.imageRegistry` | Global Docker image registry | `""` |
|
|
|
-| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` |
|
|
|
-| `global.compatibility.openshift.adaptSecurityContext` | Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) | `disabled` |
|
|
|
+| Name | Description | Value |
|
|
|
+| ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------ |
|
|
|
+| `global.imageRegistry` | Global Docker image registry | `""` |
|
|
|
+| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` |
|
|
|
+| `global.compatibility.openshift.adaptSecurityContext` | Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) | `auto` |
|
|
|
|
|
|
### Common parameters
|
|
|
|
|
|
@@ -179,114 +179,123 @@ For annotations, please see [this document](https://github.com/kubernetes/ingres
|
|
|
|
|
|
### NGINX deployment parameters
|
|
|
|
|
|
-| Name | Description | Value |
|
|
|
-| --------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- |
|
|
|
-| `replicaCount` | Number of NGINX replicas to deploy | `1` |
|
|
|
-| `revisionHistoryLimit` | The number of old history to retain to allow rollback | `10` |
|
|
|
-| `updateStrategy.type` | NGINX deployment strategy type | `RollingUpdate` |
|
|
|
-| `updateStrategy.rollingUpdate` | NGINX deployment rolling update configuration parameters | `{}` |
|
|
|
-| `podLabels` | Additional labels for NGINX pods | `{}` |
|
|
|
-| `podAnnotations` | Annotations for NGINX pods | `{}` |
|
|
|
-| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
|
|
|
-| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` |
|
|
|
-| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
|
|
|
-| `nodeAffinityPreset.key` | Node label key to match Ignored if `affinity` is set. | `""` |
|
|
|
-| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` |
|
|
|
-| `affinity` | Affinity for pod assignment | `{}` |
|
|
|
-| `hostNetwork` | Specify if host network should be enabled for NGINX pod | `false` |
|
|
|
-| `hostIPC` | Specify if host IPC should be enabled for NGINX pod | `false` |
|
|
|
-| `nodeSelector` | Node labels for pod assignment. Evaluated as a template. | `{}` |
|
|
|
-| `tolerations` | Tolerations for pod assignment. Evaluated as a template. | `[]` |
|
|
|
-| `priorityClassName` | NGINX pods' priorityClassName | `""` |
|
|
|
-| `schedulerName` | Name of the k8s scheduler (other than default) | `""` |
|
|
|
-| `terminationGracePeriodSeconds` | In seconds, time the given to the NGINX pod needs to terminate gracefully | `""` |
|
|
|
-| `topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` |
|
|
|
-| `podSecurityContext.enabled` | Enabled NGINX pods' Security Context | `true` |
|
|
|
-| `podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
|
|
|
-| `podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
|
|
|
-| `podSecurityContext.fsGroup` | Set NGINX pod's Security Context fsGroup | `1001` |
|
|
|
-| `podSecurityContext.sysctls` | sysctl settings of the NGINX pods | `[]` |
|
|
|
-| `containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
|
|
|
-| `containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` |
|
|
|
-| `containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
|
|
|
-| `containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `0` |
|
|
|
-| `containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
|
|
|
-| `containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
|
|
|
-| `containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` |
|
|
|
-| `containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
|
|
|
-| `containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
|
|
|
-| `containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
|
|
|
-| `containerPorts.http` | Sets http port inside NGINX container | `8080` |
|
|
|
-| `containerPorts.https` | Sets https port inside NGINX container | `""` |
|
|
|
-| `extraContainerPorts` | Array of additional container ports for the Nginx container | `[]` |
|
|
|
-| `resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). | `none` |
|
|
|
-| `resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
|
|
|
-| `lifecycleHooks` | Optional lifecycleHooks for the NGINX container | `{}` |
|
|
|
-| `startupProbe.enabled` | Enable startupProbe | `false` |
|
|
|
-| `startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `30` |
|
|
|
-| `startupProbe.periodSeconds` | Period seconds for startupProbe | `10` |
|
|
|
-| `startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` |
|
|
|
-| `startupProbe.failureThreshold` | Failure threshold for startupProbe | `6` |
|
|
|
-| `startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
|
|
|
-| `livenessProbe.enabled` | Enable livenessProbe | `true` |
|
|
|
-| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `30` |
|
|
|
-| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
|
|
|
-| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
|
|
|
-| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` |
|
|
|
-| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
|
|
|
-| `readinessProbe.enabled` | Enable readinessProbe | `true` |
|
|
|
-| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` |
|
|
|
-| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `5` |
|
|
|
-| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `3` |
|
|
|
-| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` |
|
|
|
-| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
|
|
|
-| `customStartupProbe` | Custom liveness probe for the Web component | `{}` |
|
|
|
-| `customLivenessProbe` | Override default liveness probe | `{}` |
|
|
|
-| `customReadinessProbe` | Override default readiness probe | `{}` |
|
|
|
-| `autoscaling.enabled` | Enable autoscaling for NGINX deployment | `false` |
|
|
|
-| `autoscaling.minReplicas` | Minimum number of replicas to scale back | `""` |
|
|
|
-| `autoscaling.maxReplicas` | Maximum number of replicas to scale out | `""` |
|
|
|
-| `autoscaling.targetCPU` | Target CPU utilization percentage | `""` |
|
|
|
-| `autoscaling.targetMemory` | Target Memory utilization percentage | `""` |
|
|
|
-| `extraVolumes` | Array to add extra volumes | `[]` |
|
|
|
-| `extraVolumeMounts` | Array to add extra mount | `[]` |
|
|
|
-| `serviceAccount.create` | Enable creation of ServiceAccount for nginx pod | `true` |
|
|
|
-| `serviceAccount.name` | The name of the ServiceAccount to use. | `""` |
|
|
|
-| `serviceAccount.annotations` | Annotations for service account. Evaluated as a template. | `{}` |
|
|
|
-| `serviceAccount.automountServiceAccountToken` | Auto-mount the service account token in the pod | `false` |
|
|
|
-| `sidecars` | Sidecar parameters | `[]` |
|
|
|
-| `sidecarSingleProcessNamespace` | Enable sharing the process namespace with sidecars | `false` |
|
|
|
-| `initContainers` | Extra init containers | `[]` |
|
|
|
-| `pdb.create` | Created a PodDisruptionBudget | `false` |
|
|
|
-| `pdb.minAvailable` | Min number of pods that must still be available after the eviction. | `1` |
|
|
|
-| `pdb.maxUnavailable` | Max number of pods that can be unavailable after the eviction. | `0` |
|
|
|
+| Name | Description | Value |
|
|
|
+| --------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- |
|
|
|
+| `replicaCount` | Number of NGINX replicas to deploy | `1` |
|
|
|
+| `revisionHistoryLimit` | The number of old history to retain to allow rollback | `10` |
|
|
|
+| `updateStrategy.type` | NGINX deployment strategy type | `RollingUpdate` |
|
|
|
+| `updateStrategy.rollingUpdate` | NGINX deployment rolling update configuration parameters | `{}` |
|
|
|
+| `podLabels` | Additional labels for NGINX pods | `{}` |
|
|
|
+| `podAnnotations` | Annotations for NGINX pods | `{}` |
|
|
|
+| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
|
|
|
+| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` |
|
|
|
+| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
|
|
|
+| `nodeAffinityPreset.key` | Node label key to match Ignored if `affinity` is set. | `""` |
|
|
|
+| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` |
|
|
|
+| `affinity` | Affinity for pod assignment | `{}` |
|
|
|
+| `hostNetwork` | Specify if host network should be enabled for NGINX pod | `false` |
|
|
|
+| `hostIPC` | Specify if host IPC should be enabled for NGINX pod | `false` |
|
|
|
+| `nodeSelector` | Node labels for pod assignment. Evaluated as a template. | `{}` |
|
|
|
+| `tolerations` | Tolerations for pod assignment. Evaluated as a template. | `[]` |
|
|
|
+| `priorityClassName` | NGINX pods' priorityClassName | `""` |
|
|
|
+| `schedulerName` | Name of the k8s scheduler (other than default) | `""` |
|
|
|
+| `terminationGracePeriodSeconds` | In seconds, time the given to the NGINX pod needs to terminate gracefully | `""` |
|
|
|
+| `topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` |
|
|
|
+| `tls.enabled` | Enable TLS transport | `true` |
|
|
|
+| `tls.autoGenerated` | Auto-generate self-signed certificates | `true` |
|
|
|
+| `tls.existingSecret` | Name of a secret containing the certificates | `""` |
|
|
|
+| `tls.certFilename` | Path of the certificate file when mounted as a secret | `tls.crt` |
|
|
|
+| `tls.certKeyFilename` | Path of the certificate key file when mounted as a secret | `tls.key` |
|
|
|
+| `tls.certCAFilename` | Path of the certificate CA file when mounted as a secret | `ca.crt` |
|
|
|
+| `tls.cert` | Content of the certificate to be added to the secret | `""` |
|
|
|
+| `tls.key` | Content of the certificate key to be added to the secret | `""` |
|
|
|
+| `tls.ca` | Content of the certificate CA to be added to the secret | `""` |
|
|
|
+| `podSecurityContext.enabled` | Enabled NGINX pods' Security Context | `true` |
|
|
|
+| `podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
|
|
|
+| `podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
|
|
|
+| `podSecurityContext.fsGroup` | Set NGINX pod's Security Context fsGroup | `1001` |
|
|
|
+| `podSecurityContext.sysctls` | sysctl settings of the NGINX pods | `[]` |
|
|
|
+| `containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
|
|
|
+| `containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` |
|
|
|
+| `containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
|
|
|
+| `containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `1001` |
|
|
|
+| `containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
|
|
|
+| `containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
|
|
|
+| `containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `true` |
|
|
|
+| `containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
|
|
|
+| `containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
|
|
|
+| `containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
|
|
|
+| `containerPorts.http` | Sets http port inside NGINX container | `8080` |
|
|
|
+| `containerPorts.https` | Sets https port inside NGINX container | `""` |
|
|
|
+| `extraContainerPorts` | Array of additional container ports for the Nginx container | `[]` |
|
|
|
+| `resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). | `nano` |
|
|
|
+| `resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
|
|
|
+| `lifecycleHooks` | Optional lifecycleHooks for the NGINX container | `{}` |
|
|
|
+| `startupProbe.enabled` | Enable startupProbe | `false` |
|
|
|
+| `startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `30` |
|
|
|
+| `startupProbe.periodSeconds` | Period seconds for startupProbe | `10` |
|
|
|
+| `startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` |
|
|
|
+| `startupProbe.failureThreshold` | Failure threshold for startupProbe | `6` |
|
|
|
+| `startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
|
|
|
+| `livenessProbe.enabled` | Enable livenessProbe | `true` |
|
|
|
+| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `30` |
|
|
|
+| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
|
|
|
+| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
|
|
|
+| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` |
|
|
|
+| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
|
|
|
+| `readinessProbe.enabled` | Enable readinessProbe | `true` |
|
|
|
+| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` |
|
|
|
+| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `5` |
|
|
|
+| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `3` |
|
|
|
+| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` |
|
|
|
+| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
|
|
|
+| `customStartupProbe` | Custom liveness probe for the Web component | `{}` |
|
|
|
+| `customLivenessProbe` | Override default liveness probe | `{}` |
|
|
|
+| `customReadinessProbe` | Override default readiness probe | `{}` |
|
|
|
+| `autoscaling.enabled` | Enable autoscaling for NGINX deployment | `false` |
|
|
|
+| `autoscaling.minReplicas` | Minimum number of replicas to scale back | `""` |
|
|
|
+| `autoscaling.maxReplicas` | Maximum number of replicas to scale out | `""` |
|
|
|
+| `autoscaling.targetCPU` | Target CPU utilization percentage | `""` |
|
|
|
+| `autoscaling.targetMemory` | Target Memory utilization percentage | `""` |
|
|
|
+| `extraVolumes` | Array to add extra volumes | `[]` |
|
|
|
+| `extraVolumeMounts` | Array to add extra mount | `[]` |
|
|
|
+| `serviceAccount.create` | Enable creation of ServiceAccount for nginx pod | `true` |
|
|
|
+| `serviceAccount.name` | The name of the ServiceAccount to use. | `""` |
|
|
|
+| `serviceAccount.annotations` | Annotations for service account. Evaluated as a template. | `{}` |
|
|
|
+| `serviceAccount.automountServiceAccountToken` | Auto-mount the service account token in the pod | `false` |
|
|
|
+| `sidecars` | Sidecar parameters | `[]` |
|
|
|
+| `sidecarSingleProcessNamespace` | Enable sharing the process namespace with sidecars | `false` |
|
|
|
+| `initContainers` | Extra init containers | `[]` |
|
|
|
+| `pdb.create` | Created a PodDisruptionBudget | `false` |
|
|
|
+| `pdb.minAvailable` | Min number of pods that must still be available after the eviction. | `1` |
|
|
|
+| `pdb.maxUnavailable` | Max number of pods that can be unavailable after the eviction. | `0` |
|
|
|
|
|
|
### Custom NGINX application parameters
|
|
|
|
|
|
-| Name | Description | Value |
|
|
|
-| ------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | --------------------- |
|
|
|
-| `cloneStaticSiteFromGit.enabled` | Get the server static content from a Git repository | `false` |
|
|
|
-| `cloneStaticSiteFromGit.image.registry` | Git image registry | `REGISTRY_NAME` |
|
|
|
-| `cloneStaticSiteFromGit.image.repository` | Git image repository | `REPOSITORY_NAME/git` |
|
|
|
-| `cloneStaticSiteFromGit.image.digest` | Git image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
|
|
-| `cloneStaticSiteFromGit.image.pullPolicy` | Git image pull policy | `IfNotPresent` |
|
|
|
-| `cloneStaticSiteFromGit.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
|
|
|
-| `cloneStaticSiteFromGit.repository` | Git Repository to clone static content from | `""` |
|
|
|
-| `cloneStaticSiteFromGit.branch` | Git branch to checkout | `""` |
|
|
|
-| `cloneStaticSiteFromGit.interval` | Interval for sidecar container pull from the Git repository | `60` |
|
|
|
-| `cloneStaticSiteFromGit.gitClone.command` | Override default container command for git-clone-repository | `[]` |
|
|
|
-| `cloneStaticSiteFromGit.gitClone.args` | Override default container args for git-clone-repository | `[]` |
|
|
|
-| `cloneStaticSiteFromGit.gitSync.command` | Override default container command for git-repo-syncer | `[]` |
|
|
|
-| `cloneStaticSiteFromGit.gitSync.args` | Override default container args for git-repo-syncer | `[]` |
|
|
|
-| `cloneStaticSiteFromGit.gitSync.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if cloneStaticSiteFromGit.gitSync.resources is set (cloneStaticSiteFromGit.gitSync.resources is recommended for production). | `none` |
|
|
|
-| `cloneStaticSiteFromGit.gitSync.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
|
|
|
-| `cloneStaticSiteFromGit.extraEnvVars` | Additional environment variables to set for the in the containers that clone static site from git | `[]` |
|
|
|
-| `cloneStaticSiteFromGit.extraEnvVarsSecret` | Secret with extra environment variables | `""` |
|
|
|
-| `cloneStaticSiteFromGit.extraVolumeMounts` | Add extra volume mounts for the Git containers | `[]` |
|
|
|
-| `serverBlock` | Custom server block to be added to NGINX configuration | `""` |
|
|
|
-| `existingServerBlockConfigmap` | ConfigMap with custom server block to be added to NGINX configuration | `""` |
|
|
|
-| `staticSiteConfigmap` | Name of existing ConfigMap with the server static site content | `""` |
|
|
|
-| `staticSitePVC` | Name of existing PVC with the server static site content | `""` |
|
|
|
+| Name | Description | Value |
|
|
|
+| ------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------- |
|
|
|
+| `cloneStaticSiteFromGit.enabled` | Get the server static content from a Git repository | `false` |
|
|
|
+| `cloneStaticSiteFromGit.image.registry` | Git image registry | `REGISTRY_NAME` |
|
|
|
+| `cloneStaticSiteFromGit.image.repository` | Git image repository | `REPOSITORY_NAME/git` |
|
|
|
+| `cloneStaticSiteFromGit.image.digest` | Git image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
|
|
+| `cloneStaticSiteFromGit.image.pullPolicy` | Git image pull policy | `IfNotPresent` |
|
|
|
+| `cloneStaticSiteFromGit.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
|
|
|
+| `cloneStaticSiteFromGit.repository` | Git Repository to clone static content from | `""` |
|
|
|
+| `cloneStaticSiteFromGit.branch` | Git branch to checkout | `""` |
|
|
|
+| `cloneStaticSiteFromGit.interval` | Interval for sidecar container pull from the Git repository | `60` |
|
|
|
+| `cloneStaticSiteFromGit.gitClone.command` | Override default container command for git-clone-repository | `[]` |
|
|
|
+| `cloneStaticSiteFromGit.gitClone.args` | Override default container args for git-clone-repository | `[]` |
|
|
|
+| `cloneStaticSiteFromGit.gitSync.command` | Override default container command for git-repo-syncer | `[]` |
|
|
|
+| `cloneStaticSiteFromGit.gitSync.args` | Override default container args for git-repo-syncer | `[]` |
|
|
|
+| `cloneStaticSiteFromGit.gitSync.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if cloneStaticSiteFromGit.gitSync.resources is set (cloneStaticSiteFromGit.gitSync.resources is recommended for production). | `nano` |
|
|
|
+| `cloneStaticSiteFromGit.gitSync.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
|
|
|
+| `cloneStaticSiteFromGit.extraEnvVars` | Additional environment variables to set for the in the containers that clone static site from git | `[]` |
|
|
|
+| `cloneStaticSiteFromGit.extraEnvVarsSecret` | Secret with extra environment variables | `""` |
|
|
|
+| `cloneStaticSiteFromGit.extraVolumeMounts` | Add extra volume mounts for the Git containers | `[]` |
|
|
|
+| `serverBlock` | Custom server block to be added to NGINX configuration | `""` |
|
|
|
+| `existingServerBlockConfigmap` | ConfigMap with custom server block to be added to NGINX configuration | `""` |
|
|
|
+| `staticSiteConfigmap` | Name of existing ConfigMap with the server static site content | `""` |
|
|
|
+| `staticSitePVC` | Name of existing PVC with the server static site content | `""` |
|
|
|
|
|
|
### Traffic Exposure parameters
|
|
|
|
|
|
@@ -344,39 +353,39 @@ For annotations, please see [this document](https://github.com/kubernetes/ingres
|
|
|
|
|
|
### Metrics parameters
|
|
|
|
|
|
-| Name | Description | Value |
|
|
|
-| ------------------------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------- |
|
|
|
-| `metrics.enabled` | Start a Prometheus exporter sidecar container | `false` |
|
|
|
-| `metrics.image.registry` | NGINX Prometheus exporter image registry | `REGISTRY_NAME` |
|
|
|
-| `metrics.image.repository` | NGINX Prometheus exporter image repository | `REPOSITORY_NAME/nginx-exporter` |
|
|
|
-| `metrics.image.digest` | NGINX Prometheus exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
|
|
-| `metrics.image.pullPolicy` | NGINX Prometheus exporter image pull policy | `IfNotPresent` |
|
|
|
-| `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
|
|
|
-| `metrics.port` | NGINX Container Status Port scraped by Prometheus Exporter | `""` |
|
|
|
-| `metrics.extraArgs` | Extra arguments for Prometheus exporter | `[]` |
|
|
|
-| `metrics.containerPorts.metrics` | Prometheus exporter container port | `9113` |
|
|
|
-| `metrics.podAnnotations` | Additional annotations for NGINX Prometheus exporter pod(s) | `{}` |
|
|
|
-| `metrics.securityContext.enabled` | Enabled NGINX Exporter containers' Security Context | `false` |
|
|
|
-| `metrics.securityContext.seLinuxOptions` | Set SELinux options in container | `nil` |
|
|
|
-| `metrics.securityContext.runAsUser` | Set NGINX Exporter container's Security Context runAsUser | `1001` |
|
|
|
-| `metrics.service.port` | NGINX Prometheus exporter service port | `9113` |
|
|
|
-| `metrics.service.annotations` | Annotations for the Prometheus exporter service | `{}` |
|
|
|
-| `metrics.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if metrics.resources is set (metrics.resources is recommended for production). | `none` |
|
|
|
-| `metrics.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
|
|
|
-| `metrics.serviceMonitor.enabled` | Creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`) | `false` |
|
|
|
-| `metrics.serviceMonitor.namespace` | Namespace in which Prometheus is running | `""` |
|
|
|
-| `metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in prometheus. | `""` |
|
|
|
-| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped. | `""` |
|
|
|
-| `metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `""` |
|
|
|
-| `metrics.serviceMonitor.selector` | Prometheus instance selector labels | `{}` |
|
|
|
-| `metrics.serviceMonitor.labels` | Additional labels that can be used so PodMonitor will be discovered by Prometheus | `{}` |
|
|
|
-| `metrics.serviceMonitor.relabelings` | RelabelConfigs to apply to samples before scraping | `[]` |
|
|
|
-| `metrics.serviceMonitor.metricRelabelings` | MetricRelabelConfigs to apply to samples before ingestion | `[]` |
|
|
|
-| `metrics.serviceMonitor.honorLabels` | honorLabels chooses the metric's labels on collisions with target labels | `false` |
|
|
|
-| `metrics.prometheusRule.enabled` | if `true`, creates a Prometheus Operator PrometheusRule (also requires `metrics.enabled` to be `true` and `metrics.prometheusRule.rules`) | `false` |
|
|
|
-| `metrics.prometheusRule.namespace` | Namespace for the PrometheusRule Resource (defaults to the Release Namespace) | `""` |
|
|
|
-| `metrics.prometheusRule.additionalLabels` | Additional labels that can be used so PrometheusRule will be discovered by Prometheus | `{}` |
|
|
|
-| `metrics.prometheusRule.rules` | Prometheus Rule definitions | `[]` |
|
|
|
+| Name | Description | Value |
|
|
|
+| ------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------- |
|
|
|
+| `metrics.enabled` | Start a Prometheus exporter sidecar container | `false` |
|
|
|
+| `metrics.image.registry` | NGINX Prometheus exporter image registry | `REGISTRY_NAME` |
|
|
|
+| `metrics.image.repository` | NGINX Prometheus exporter image repository | `REPOSITORY_NAME/nginx-exporter` |
|
|
|
+| `metrics.image.digest` | NGINX Prometheus exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
|
|
+| `metrics.image.pullPolicy` | NGINX Prometheus exporter image pull policy | `IfNotPresent` |
|
|
|
+| `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
|
|
|
+| `metrics.port` | NGINX Container Status Port scraped by Prometheus Exporter | `""` |
|
|
|
+| `metrics.extraArgs` | Extra arguments for Prometheus exporter | `[]` |
|
|
|
+| `metrics.containerPorts.metrics` | Prometheus exporter container port | `9113` |
|
|
|
+| `metrics.podAnnotations` | Additional annotations for NGINX Prometheus exporter pod(s) | `{}` |
|
|
|
+| `metrics.securityContext.enabled` | Enabled NGINX Exporter containers' Security Context | `false` |
|
|
|
+| `metrics.securityContext.seLinuxOptions` | Set SELinux options in container | `nil` |
|
|
|
+| `metrics.securityContext.runAsUser` | Set NGINX Exporter container's Security Context runAsUser | `1001` |
|
|
|
+| `metrics.service.port` | NGINX Prometheus exporter service port | `9113` |
|
|
|
+| `metrics.service.annotations` | Annotations for the Prometheus exporter service | `{}` |
|
|
|
+| `metrics.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if metrics.resources is set (metrics.resources is recommended for production). | `nano` |
|
|
|
+| `metrics.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
|
|
|
+| `metrics.serviceMonitor.enabled` | Creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`) | `false` |
|
|
|
+| `metrics.serviceMonitor.namespace` | Namespace in which Prometheus is running | `""` |
|
|
|
+| `metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in prometheus. | `""` |
|
|
|
+| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped. | `""` |
|
|
|
+| `metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `""` |
|
|
|
+| `metrics.serviceMonitor.selector` | Prometheus instance selector labels | `{}` |
|
|
|
+| `metrics.serviceMonitor.labels` | Additional labels that can be used so PodMonitor will be discovered by Prometheus | `{}` |
|
|
|
+| `metrics.serviceMonitor.relabelings` | RelabelConfigs to apply to samples before scraping | `[]` |
|
|
|
+| `metrics.serviceMonitor.metricRelabelings` | MetricRelabelConfigs to apply to samples before ingestion | `[]` |
|
|
|
+| `metrics.serviceMonitor.honorLabels` | honorLabels chooses the metric's labels on collisions with target labels | `false` |
|
|
|
+| `metrics.prometheusRule.enabled` | if `true`, creates a Prometheus Operator PrometheusRule (also requires `metrics.enabled` to be `true` and `metrics.prometheusRule.rules`) | `false` |
|
|
|
+| `metrics.prometheusRule.namespace` | Namespace for the PrometheusRule Resource (defaults to the Release Namespace) | `""` |
|
|
|
+| `metrics.prometheusRule.additionalLabels` | Additional labels that can be used so PrometheusRule will be discovered by Prometheus | `{}` |
|
|
|
+| `metrics.prometheusRule.rules` | Prometheus Rule definitions | `[]` |
|
|
|
|
|
|
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
|
|
|
|
|
|
@@ -405,6 +414,17 @@ Find more information about how to deal with common errors related to Bitnami's
|
|
|
|
|
|
## Upgrading
|
|
|
|
|
|
+### To 16.0.0
|
|
|
+
|
|
|
+This major bump changes the following security defaults:
|
|
|
+
|
|
|
+- `runAsGroup` is changed from `0` to `1001`
|
|
|
+- `readOnlyRootFilesystem` is set to `true`
|
|
|
+- `resourcesPreset` is changed from `none` to the minimum size working in our test suites (NOTE: `resourcesPreset` is not meant for production usage, but `resources` adapted to your use case).
|
|
|
+- `global.compatibility.openshift.adaptSecurityContext` is changed from `disabled` to `auto`.
|
|
|
+
|
|
|
+This could potentially break any customization or init scripts used in your deployment. If this is the case, change the default values to the previous ones.
|
|
|
+
|
|
|
### To 11.0.0
|
|
|
|
|
|
This major release renames several values in this chart and adds missing features, in order to be aligned with the rest of the assets in the Bitnami charts repository.
|
|
|
@@ -495,4 +515,4 @@ Unless required by applicable law or agreed to in writing, software
|
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
See the License for the specific language governing permissions and
|
|
|
-limitations under the License.
|
|
|
+limitations under the License.
|
Alejandro Moreno