Skip to content

Ingress-NGINX Controller Schema

Note

This is auto-generated documentation from a JSON schema that is under construction, this will improve over time.

Return to the root config schema

https://raw.githubusercontent.com/elastisys/compliantkubernetes-apps/v0.40.1/config/schemas/config.yaml#/properties/ingressNginx/properties/controller

Configure the controller daemonset of Ingress-NGINX.

Abstract Extensible Status Identifiable Custom Properties Additional Properties Access Restrictions Defined In
Can be instantiated No Unknown status No Forbidden Forbidden none config/schemas/config.yaml*

TYPE:

object (Ingress-NGINX Controller)

PROPERTIES:

Property Type Required Nullable Defined by
chroot boolean Optional cannot be null Compliant Kubernetes Apps Config
allowSnippetAnnotations boolean Optional cannot be null Compliant Kubernetes Apps Config
config object Optional cannot be null Compliant Kubernetes Apps Config
enableAnnotationValidations boolean Optional cannot be null Compliant Kubernetes Apps Config
additionalConfig object Optional cannot be null Compliant Kubernetes Apps Config
extraArgs object Optional cannot be null Compliant Kubernetes Apps Config
enablepublishService boolean Optional cannot be null Compliant Kubernetes Apps Config
service object Optional cannot be null Compliant Kubernetes Apps Config
useHostPort boolean Optional cannot be null Compliant Kubernetes Apps Config
resources object Optional cannot be null Compliant Kubernetes Apps Config
tolerations array Optional cannot be null Compliant Kubernetes Apps Config
nodeSelector object Optional cannot be null Compliant Kubernetes Apps Config
affinity object Optional cannot be null Compliant Kubernetes Apps Config

chroot

When enabled NGINX itself will run in a chroot under the controller namespace for increased separation between the controller and the proxy.

This requires a special seccomp profile to be available to give the controller the SYS_ADMIN capability, which will be provided by a separate daemon set.

chroot

TYPE:

boolean (Ingress-NGINX Controller Chroot)

DEFAULTS:

The default value is:

true

allowSnippetAnnotations

When enabled annotations on Ingress resources can add snippets to the config of NGINX.

[!danger] Only enable this after evaluating the risks it poses.

Note

See the upstream documentation for reference.

allowSnippetAnnotations

TYPE:

boolean (Ingress-NGINX Allow Snippet Annotations)

config

Configure the Ingress-NGINX controller.

config

TYPE:

object (Ingress-NGINX Config)

enableAnnotationValidations

When enabled annotations on Ingress resources are validated.

This is disabled by default due to the maturity of the feature and lack of documentation.

enableAnnotationValidations

TYPE:

boolean (Ingress-NGINX Annotation Validation)

additionalConfig

Configure additional configuration for Ingress-NGINX controller.

Note

See the upstream documentation for reference.

additionalConfig

TYPE:

object (Ingress-NGINX Additional Config)

DEFAULTS:

The default value is:

{}

extraArgs

Configure extra args to pass to Ingress NGINX Controller.

extraArgs

TYPE:

object (Ingress NGINX Extra Args)

DEFAULTS:

The default value is:

{}

enablepublishService

When enabled it allows customisation of the IP or FQDN to report the external address of the Service in the Ingress status field.

When disabled it reports the IPs of the nodes where the controller pods are running.

enablepublishService

TYPE:

boolean (Ingress-NGINX Publish Service)

service

Configure the Service for traffic to Ingress-NGINX.

service

TYPE:

object (Ingress-NGINX Service)

useHostPort

When enabled ingress traffic is directly forwarded from target ports on the nodes to reach Ingress-NGINX.

This requires the namespace to use Pod Security Standard privileged.

useHostPort

TYPE:

boolean (Ingress-NGINX Host Port)

resources

Resource requests are used by the kube-scheduler to pick a node to schedule pods on.

Limits are enforced. Resources are commonly 'cpu' and 'memory'.

resources

TYPE:

object (Kubernetes Resource Requirements)

EXAMPLES:

requests:
  memory: 128Mi
  cpu: 100m
limits:
  memory: 256Mi
  cpu: 250m

tolerations

Kubernetes Tolerations

Kubernetes taint and toleration

tolerations

TYPE:

an array of merged types (Details)

nodeSelector

Kubernetes node selector

Kubernetes assign pod node

nodeSelector

TYPE:

object (Kubernetes Node Selector)

EXAMPLES:

kubernetes.io/os: linux

affinity

Affinity is a group of affinity scheduling rules.

affinity

TYPE:

object (Affinity)

Return to the root config schema


Generated Thu Nov 14 16:18:57 UTC 2024 from elastisys/compliantkubernetes-apps@v0.40.1