Ingress-NGINX Controller Schema¶
Note
This is auto-generated documentation from a JSON schema that is under construction, this will improve over time.
Return to the root config schema
https://raw.githubusercontent.com/elastisys/compliantkubernetes-apps/main/config/schemas/config.yaml#/properties/ingressNginx/properties/controller
Configure the controller daemonset of Ingress-NGINX.
| Abstract | Extensible | Status | Identifiable | Custom Properties | Additional Properties | Access Restrictions | Defined In |
|---|---|---|---|---|---|---|---|
| Can be instantiated | No | Unknown status | No | Forbidden | Forbidden | none | config/schemas/config.yaml* |
TYPE:
object (Ingress-NGINX Controller)
PROPERTIES:
chroot¶
When enabled NGINX itself will run in a chroot under the controller namespace for increased separation between the controller and the proxy.
This requires a special seccomp profile to be available to give the controller the SYS_ADMIN capability, which will be provided by a separate daemon set.
chroot
-
is optional
-
Type:
boolean(Ingress-NGINX Controller Chroot) -
cannot be null
-
defined in: Compliant Kubernetes Apps Config
TYPE:
boolean (Ingress-NGINX Controller Chroot)
DEFAULTS:
The default value is:
true
allowSnippetAnnotations¶
When enabled annotations on Ingress resources can add snippets to the config of NGINX.
[!danger] Only enable this after evaluating the risks it poses.
Note
See the upstream documentation for reference.
allowSnippetAnnotations
-
is optional
-
Type:
boolean(Ingress-NGINX Allow Snippet Annotations) -
cannot be null
-
defined in: Compliant Kubernetes Apps Config
TYPE:
boolean (Ingress-NGINX Allow Snippet Annotations)
config¶
Configure the Ingress-NGINX controller.
config
-
is optional
-
Type:
object(Ingress-NGINX Config) -
cannot be null
-
defined in: Compliant Kubernetes Apps Config
TYPE:
object (Ingress-NGINX Config)
enableAnnotationValidations¶
When enabled annotations on Ingress resources are validated.
This is disabled by default due to the maturity of the feature and lack of documentation.
enableAnnotationValidations
-
is optional
-
Type:
boolean(Ingress-NGINX Annotation Validation) -
cannot be null
-
defined in: Compliant Kubernetes Apps Config
TYPE:
boolean (Ingress-NGINX Annotation Validation)
additionalConfig¶
Configure additional configuration for Ingress-NGINX controller.
Note
See the upstream documentation for reference.
additionalConfig
-
is optional
-
Type:
object(Ingress-NGINX Additional Config) -
cannot be null
-
defined in: Compliant Kubernetes Apps Config
TYPE:
object (Ingress-NGINX Additional Config)
DEFAULTS:
The default value is:
{}
extraArgs¶
Configure extra args to pass to Ingress NGINX Controller.
extraArgs
-
is optional
-
Type:
object(Ingress NGINX Extra Args) -
cannot be null
-
defined in: Compliant Kubernetes Apps Config
TYPE:
object (Ingress NGINX Extra Args)
DEFAULTS:
The default value is:
{}
enablepublishService¶
When enabled it allows customisation of the IP or FQDN to report the external address of the Service in the Ingress status field.
When disabled it reports the IPs of the nodes where the controller pods are running.
enablepublishService
-
is optional
-
Type:
boolean(Ingress-NGINX Publish Service) -
cannot be null
-
defined in: Compliant Kubernetes Apps Config
TYPE:
boolean (Ingress-NGINX Publish Service)
service¶
Configure the Service for traffic to Ingress-NGINX.
service
-
is optional
-
Type:
object(Ingress-NGINX Service) -
cannot be null
-
defined in: Compliant Kubernetes Apps Config
TYPE:
object (Ingress-NGINX Service)
useHostPort¶
When enabled ingress traffic is directly forwarded from target ports on the nodes to reach Ingress-NGINX.
This requires the namespace to use Pod Security Standard privileged.
useHostPort
-
is optional
-
Type:
boolean(Ingress-NGINX Host Port) -
cannot be null
-
defined in: Compliant Kubernetes Apps Config
TYPE:
boolean (Ingress-NGINX Host Port)
resources¶
Resource requests are used by the kube-scheduler to pick a node to schedule pods on.
Limits are enforced. Resources are commonly 'cpu' and 'memory'.
resources
-
is optional
-
Type:
object(Kubernetes Resource Requirements) -
cannot be null
-
defined in: Compliant Kubernetes Apps Config
TYPE:
object (Kubernetes Resource Requirements)
EXAMPLES:
requests:
memory: 128Mi
cpu: 100m
limits:
memory: 256Mi
cpu: 250m
tolerations¶
Kubernetes Tolerations
Kubernetes taint and toleration
tolerations
-
is optional
-
Type: an array of merged types (Details)
-
cannot be null
-
defined in: Compliant Kubernetes Apps Config
TYPE:
an array of merged types (Details)
nodeSelector¶
Kubernetes node selector
nodeSelector
-
is optional
-
Type:
object(Kubernetes Node Selector) -
cannot be null
-
defined in: Compliant Kubernetes Apps Config
TYPE:
object (Kubernetes Node Selector)
EXAMPLES:
kubernetes.io/os: linux
affinity¶
Affinity is a group of affinity scheduling rules.
affinity
-
is optional
-
Type:
object(Affinity) -
cannot be null
-
defined in: Compliant Kubernetes Apps Config
TYPE:
object (Affinity)
Return to the root config schema
Generated Sun Jun 23 03:48:25 UTC 2024 from elastisys/compliantkubernetes-apps@main