nginx

Helm chart

Last changed

Request a free trial

Contact our team to test out this Helm chart and related images for free. Please also indicate any other images you would like to evaluate.

Tag:

# This file has been modified by Chainguard, Inc.

# Chainguard, Inc. modifications are subject to the license

# available at: https://www.chainguard.dev/legal/software-license-agreement

# SPDX-License-Identifier: APACHE-2.0

## @section Global parameters

## Global Docker image parameters

## Please, note that this will override the image parameters, including dependencies, configured to use the global value

## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass

## @param global.imageRegistry Global Docker image registry

## @param global.imagePullSecrets Global Docker registry secret names as an array

global:

imageRegistry: ""

## E.g.

## imagePullSecrets:

## - myRegistryKeySecretName

imagePullSecrets: []

## Security parameters

security:

## @param global.security.allowInsecureImages Allows skipping image verification

allowInsecureImages: false

## Compatibility adaptations for Kubernetes platforms

compatibility:

## Compatibility adaptations for Openshift

openshift:

## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation)

adaptSecurityContext: auto

org: ""

## @section Common parameters

## @param nameOverride String to partially override nginx.fullname template (will maintain the release name)

nameOverride: ""

## @param fullnameOverride String to fully override nginx.fullname template

fullnameOverride: ""

## @param namespaceOverride String to fully override common.names.namespace

namespaceOverride: ""

## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set)

kubeVersion: ""

## @param clusterDomain Kubernetes Cluster Domain

clusterDomain: cluster.local

## @param extraDeploy Extra objects to deploy (value evaluated as a template)

extraDeploy: []

## @param commonLabels Add labels to all the deployed resources

commonLabels: {}

## @param commonAnnotations Add annotations to all the deployed resources

commonAnnotations: {}

## Enable diagnostic mode in the deployment(s)/statefulset(s)

diagnosticMode:

## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden)

enabled: false

## @param diagnosticMode.command Command to override all containers in the the deployment(s)/statefulset(s)

command:

- sleep

## @param diagnosticMode.args Args to override all containers in the the deployment(s)/statefulset(s)

args:

- infinity

## @section NGINX parameters

## Iamguarded NGINX image version

## ref: https://hub.docker.com/r/iamguarded/nginx/tags/

## @param image.registry [default: REGISTRY_NAME] NGINX image registry

## @param image.repository [default: REPOSITORY_NAME/nginx] NGINX image repository

## @skip image.tag NGINX image tag (immutable tags are recommended)

## @param image.digest NGINX image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag

## @param image.pullPolicy NGINX image pull policy

## @param image.pullSecrets Specify docker-registry secret names as an array

## @param image.debug Set to true if you would like to see extra information on logs

image:

registry: cgr.dev

repository: chainguard-private/nginx-iamguarded

tag: 1.29.5

digest: ""

## Specify a imagePullPolicy

## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images

100

101

pullPolicy: IfNotPresent

102

## Optionally specify an array of imagePullSecrets.

103

## Secrets must be manually created in the namespace.

104

## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/

105

## E.g.:

106

## pullSecrets:

107

## - myRegistryKeySecretName

108

109

pullSecrets: []

110

## Set to true if you would like to see extra information on logs

111

112

debug: false

113

## @param enableDefaultInitContainers If set to false, disable all init containers except user-defined at `initContainer`.

114

115

enableDefaultInitContainers: true

116

## @param automountServiceAccountToken Mount Service Account token in pod

117

118

automountServiceAccountToken: false

119

## @param hostAliases Deployment pod host aliases

120

## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/

121

122

hostAliases: []

123

## Command and args for running the container (set to default if not set). Use array form

124

## @param command Override default container command (useful when using custom images)

125

## @param args Override default container args (useful when using custom images)

126

127

command: []

128

args: []

129

## @param extraEnvVars Extra environment variables to be set on NGINX containers

130

## E.g:

131

## extraEnvVars:

132

## - name: FOO

133

## value: BAR

134

135

extraEnvVars: []

136

## @param extraEnvVarsCM ConfigMap with extra environment variables

137

138

extraEnvVarsCM: ""

139

## @param extraEnvVarsSecret Secret with extra environment variables

140

141

extraEnvVarsSecret: ""

142

## @section NGINX deployment parameters

143

144

## @param replicaCount Number of NGINX replicas to deploy

145

146

replicaCount: 1

147

## @param revisionHistoryLimit The number of old history to retain to allow rollback

148

149

revisionHistoryLimit: 10

150

## @param updateStrategy.type NGINX deployment strategy type

151

## @param updateStrategy.rollingUpdate NGINX deployment rolling update configuration parameters

152

## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy

153

154

updateStrategy:

155

type: RollingUpdate

156

rollingUpdate: {}

157

## @param podLabels Additional labels for NGINX pods

158

## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/

159

160

podLabels: {}

161

## @param podAnnotations Annotations for NGINX pods

162

## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/

163

164

podAnnotations: {}

165

## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`

166

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity

167

168

podAffinityPreset: ""

169

## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`

170

## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity

171

172

podAntiAffinityPreset: soft

173

## Node affinity preset

174

## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity

175

176

nodeAffinityPreset:

177

## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard`

178

179

type: ""

180

## @param nodeAffinityPreset.key Node label key to match Ignored if `affinity` is set.

181

## E.g.

182

## key: "kubernetes.io/e2e-az-name"

183

184

key: ""

185

## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set.

186

## E.g.

187

## values:

188

## - e2e-az1

189

## - e2e-az2

190

191

values: []

192

## @param affinity Affinity for pod assignment

193

## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity

194

## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set

195

196

affinity: {}

197

## @param hostNetwork Specify if host network should be enabled for NGINX pod

198

199

hostNetwork: false

200

## @param hostIPC Specify if host IPC should be enabled for NGINX pod

201

202

hostIPC: false

203

## DNS-Pod services

204

## Ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/

205

## @param dnsPolicy Specifies the DNS policy for the NGINX pod

206

## DNS policies can be set on a per-Pod basis. Currently Kubernetes supports the following Pod-specific DNS policies.

207

## Available options: Default, ClusterFirst, ClusterFirstWithHostNet, None

208

## Ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy

209

dnsPolicy: ""

210

## @param dnsConfig Allows users more control on the DNS settings for a Pod. Required if `dnsPolicy` is set to `None`

211

## The dnsConfig field is optional and it can work with any dnsPolicy settings.

212

## Ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config

213

## E.g.

214

## dnsConfig:

215

## nameservers:

216

## - 192.0.2.1 # this is an example

217

## searches:

218

## - ns1.svc.cluster-domain.example

219

## - my.dns.search.suffix

220

## options:

221

## - name: ndots

222

## value: "2"

223

## - name: edns0

224

dnsConfig: {}

225

## @param nodeSelector Node labels for pod assignment. Evaluated as a template.

226

## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/

227

228

nodeSelector: {}

229

## @param tolerations Tolerations for pod assignment. Evaluated as a template.

230

## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/

231

232

tolerations: []

233

## @param priorityClassName NGINX pods' priorityClassName

234

235

priorityClassName: ""

236

## @param schedulerName Name of the k8s scheduler (other than default)

237

## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/

238

239

schedulerName: ""

240

## @param terminationGracePeriodSeconds In seconds, time the given to the NGINX pod needs to terminate gracefully

241

## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods

242

243

terminationGracePeriodSeconds: ""

244

## @param topologySpreadConstraints Topology Spread Constraints for pod assignment

245

## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/

246

## The value is evaluated as a template

247

248

topologySpreadConstraints: []

249

## TLS settings

250

251

tls:

252

## @param tls.enabled Enable TLS transport

253

254

enabled: true

255

## @param tls.autoGenerated Auto-generate self-signed certificates

256

257

autoGenerated: true

258

## @param tls.existingSecret Name of a secret containing the certificates

259

260

existingSecret: ""

261

## @param tls.certFilename Path of the certificate file when mounted as a secret

262

263

certFilename: tls.crt

264

## @param tls.certKeyFilename Path of the certificate key file when mounted as a secret

265

266

certKeyFilename: tls.key

267

## @param tls.certCAFilename Path of the certificate CA file when mounted as a secret

268

269

certCAFilename: ca.crt

270

## @param tls.cert Content of the certificate to be added to the secret

271

272

cert: ""

273

## @param tls.key Content of the certificate key to be added to the secret

274

275

key: ""

276

## @param tls.ca Content of the certificate CA to be added to the secret

277

278

ca: ""

279

## NGINX pods' Security Context.

280

## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod

281

## @param podSecurityContext.enabled Enabled NGINX pods' Security Context

282

## @param podSecurityContext.fsGroupChangePolicy Set filesystem group change policy

283

## @param podSecurityContext.supplementalGroups Set filesystem extra groups

284

## @param podSecurityContext.fsGroup Set NGINX pod's Security Context fsGroup

285

## @param podSecurityContext.sysctls sysctl settings of the NGINX pods

286

287

podSecurityContext:

288

enabled: true

289

fsGroupChangePolicy: Always

290

supplementalGroups: []

291

fsGroup: 1001

292

## sysctl settings

293

## Example:

294

## sysctls:

295

## - name: net.core.somaxconn

296

## value: "10000"

297

298

sysctls: []

299

## NGINX containers' Security Context.

300

## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container

301

## @param containerSecurityContext.enabled Enabled containers' Security Context

302

## @param containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container

303

## @param containerSecurityContext.runAsUser Set containers' Security Context runAsUser

304

## @param containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup

305

## @param containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot

306

## @param containerSecurityContext.privileged Set container's Security Context privileged

307

## @param containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem

308

## @param containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation

309

## @param containerSecurityContext.capabilities.drop List of capabilities to be dropped

310

## @param containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile

311

312

containerSecurityContext:

313

enabled: true

314

seLinuxOptions: {}

315

runAsUser: 1001

316

runAsGroup: 1001

317

runAsNonRoot: true

318

privileged: false

319

readOnlyRootFilesystem: true

320

allowPrivilegeEscalation: false

321

capabilities:

322

drop: ["ALL"]

323

seccompProfile:

324

type: "RuntimeDefault"

325

## Configures the ports NGINX listens on

326

## @param containerPorts.http Sets http port inside NGINX container

327

## @param containerPorts.https Sets https port inside NGINX container

328

329

containerPorts:

330

http: 8080

331

https: 8443

332

## @param extraContainerPorts Array of additional container ports for the Nginx container

333

## e.g:

334

## extraContainerPorts:

335

## - name: grpc

336

## containerPort: 4317

337

338

extraContainerPorts: []

339

## NGINX containers' resource requests and limits

340

## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/

341

## We usually recommend not to specify default resources and to leave this as a conscious

342

## choice for the user. This also increases chances charts run on environments with little

343

## resources, such as Minikube. If you do want to specify resources, uncomment the following

344

## lines, adjust them as necessary, and remove the curly braces after 'resources:'.

345

## @param resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).

346

## More information: https://github.com/iamguarded/charts/blob/main/iamguarded/common/templates/_resources.tpl#L15

347

348

resourcesPreset: "nano"

349

## @param resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)

350

## Example:

351

## resources:

352

## requests:

353

## cpu: 2

354

## memory: 512Mi

355

## limits:

356

## cpu: 3

357

## memory: 1024Mi

358

359

resources: {}

360

## NGINX containers' lifecycleHooks

361

## ref: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/

362

## ref: https://kubernetes.io/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/

363

## If you do want to specify lifecycleHooks, uncomment the following

364

## lines, adjust them as necessary, and remove the curly braces on 'lifecycle:{}'.

365

## @param lifecycleHooks Optional lifecycleHooks for the NGINX container

366

lifecycleHooks: {}

367

## Example:

368

## postStart:

369

## exec:

370

## command: ["/bin/sh", "-c", "echo Hello from the postStart handler > /usr/share/message"]

371

## Example:

372

## preStop:

373

## exec:

374

## command: ["/bin/sleep", "20"]

375

## command: ["/bin/sh","-c","nginx -s quit; while killall -0 nginx; do sleep 1; done"]

376

377

## NGINX containers' startup probe.

378

## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes

379

## @param startupProbe.enabled Enable startupProbe

380

## @param startupProbe.initialDelaySeconds Initial delay seconds for startupProbe

381

## @param startupProbe.periodSeconds Period seconds for startupProbe

382

## @param startupProbe.timeoutSeconds Timeout seconds for startupProbe

383

## @param startupProbe.failureThreshold Failure threshold for startupProbe

384

## @param startupProbe.successThreshold Success threshold for startupProbe

385

386

startupProbe:

387

enabled: false

388

initialDelaySeconds: 30

389

timeoutSeconds: 5

390

periodSeconds: 10

391

failureThreshold: 6

392

successThreshold: 1

393

## NGINX containers' liveness probe.

394

## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes

395

## @param livenessProbe.enabled Enable livenessProbe

396

## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe

397

## @param livenessProbe.periodSeconds Period seconds for livenessProbe

398

## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe

399

## @param livenessProbe.failureThreshold Failure threshold for livenessProbe

400

## @param livenessProbe.successThreshold Success threshold for livenessProbe

401

402

livenessProbe:

403

enabled: true

404

initialDelaySeconds: 30

405

timeoutSeconds: 5

406

periodSeconds: 10

407

failureThreshold: 6

408

successThreshold: 1

409

## NGINX containers' readiness probe.

410

## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes

411

## @param readinessProbe.enabled Enable readinessProbe

412

## @param readinessProbe.path Request path for livenessProbe

413

## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe

414

## @param readinessProbe.periodSeconds Period seconds for readinessProbe

415

## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe

416

## @param readinessProbe.failureThreshold Failure threshold for readinessProbe

417

## @param readinessProbe.successThreshold Success threshold for readinessProbe

418

419

readinessProbe:

420

enabled: true

421

path: /

422

initialDelaySeconds: 5

423

timeoutSeconds: 3

424

periodSeconds: 5

425

failureThreshold: 3

426

successThreshold: 1

427

## @param customStartupProbe Custom liveness probe for the Web component

428

429

customStartupProbe: {}

430

## @param customLivenessProbe Override default liveness probe

431

432

customLivenessProbe: {}

433

## @param customReadinessProbe Override default readiness probe

434

435

customReadinessProbe: {}

436

## Autoscaling parameters

437

## @param autoscaling.enabled Enable autoscaling for NGINX deployment

438

## @param autoscaling.minReplicas Minimum number of replicas to scale back

439

## @param autoscaling.maxReplicas Maximum number of replicas to scale out

440

## @param autoscaling.targetCPU Target CPU utilization percentage

441

## @param autoscaling.targetMemory Target Memory utilization percentage

442

443

autoscaling:

444

enabled: false

445

minReplicas: ""

446

maxReplicas: ""

447

targetCPU: ""

448

targetMemory: ""

449

## @param extraVolumes Array to add extra volumes

450

451

extraVolumes: []

452

## @param extraVolumeMounts Array to add extra mount

453

454

extraVolumeMounts: []

455

## Pods Service Account

456

## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/

457

458

serviceAccount:

459

## @param serviceAccount.create Enable creation of ServiceAccount for nginx pod

460

461

create: true

462

## @param serviceAccount.name The name of the ServiceAccount to use.

463

## If not set and create is true, a name is generated using the `common.names.fullname` template

464

name: ""

465

## @param serviceAccount.annotations Annotations for service account. Evaluated as a template.

466

## Only used if `create` is `true`.

467

468

annotations: {}

469

## @param serviceAccount.automountServiceAccountToken Auto-mount the service account token in the pod

470

471

automountServiceAccountToken: false

472

## @param sidecars Sidecar parameters

473

## e.g:

474

## sidecars:

475

## - name: your-image-name

476

## image: your-image

477

## imagePullPolicy: Always

478

## ports:

479

## - name: portname

480

## containerPort: 1234

481

482

sidecars: []

483

## @param sidecarSingleProcessNamespace Enable sharing the process namespace with sidecars

484

## This will switch pod.spec.shareProcessNamespace parameter

485

486

sidecarSingleProcessNamespace: false

487

## @param initContainers Extra init containers

488

489

initContainers: []

490

## Pod Disruption Budget configuration

491

## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/

492

493

pdb:

494

## @param pdb.create Created a PodDisruptionBudget

495

496

create: true

497

## @param pdb.minAvailable Min number of pods that must still be available after the eviction.

498

## You can specify an integer or a percentage by setting the value to a string representation of a percentage (eg. "50%"). It will be disabled if set to 0

499

500

minAvailable: ""

501

## @param pdb.maxUnavailable Max number of pods that can be unavailable after the eviction.

502

## You can specify an integer or a percentage by setting the value to a string representation of a percentage (eg. "50%"). It will be disabled if set to 0. Defaults to `1` if both `pdb.minAvailable` and `pdb.maxUnavailable` are empty.

503

504

maxUnavailable: ""

505

## @section Custom NGINX application parameters

506

507

## Get the server static content from a git repository

508

## NOTE: This will override staticSiteConfigmap and staticSitePVC

509

510

cloneStaticSiteFromGit:

511

## @param cloneStaticSiteFromGit.enabled Get the server static content from a Git repository

512

513

enabled: false

514

## Iamguarded Git image version

515

## ref: https://hub.docker.com/r/iamguarded/git/tags/

516

## @param cloneStaticSiteFromGit.image.registry [default: REGISTRY_NAME] Git image registry

517

## @param cloneStaticSiteFromGit.image.repository [default: REPOSITORY_NAME/git] Git image repository

518

## @skip cloneStaticSiteFromGit.image.tag Git image tag (immutable tags are recommended)

519

## @param cloneStaticSiteFromGit.image.digest Git image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag

520

## @param cloneStaticSiteFromGit.image.pullPolicy Git image pull policy

521

## @param cloneStaticSiteFromGit.image.pullSecrets Specify docker-registry secret names as an array

522

523

image:

524

registry: cgr.dev

525

repository: chainguard-private/git-iamguarded

526

tag: 2.53.0

527

digest: ""

528

## Specify a imagePullPolicy

529

## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images

530

531

pullPolicy: IfNotPresent

532

## Optionally specify an array of imagePullSecrets.

533

## Secrets must be manually created in the namespace.

534

## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/

535

## e.g:

536

## pullSecrets:

537

## - myRegistryKeySecretName

538

539

pullSecrets: []

540

## @param cloneStaticSiteFromGit.repository Git Repository to clone static content from

541

542

repository: ""

543

## @param cloneStaticSiteFromGit.branch Git branch to checkout

544

545

branch: ""

546

## @param cloneStaticSiteFromGit.interval Interval for sidecar container pull from the Git repository

547

548

interval: 60

549

## Additional configuration for git-clone-repository initContainer

550

551

gitClone:

552

## @param cloneStaticSiteFromGit.gitClone.command Override default container command for git-clone-repository

553

554

command: []

555

## @param cloneStaticSiteFromGit.gitClone.args Override default container args for git-clone-repository

556

557

args: []

558

## Additional configuration for the git-repo-syncer container

559

560

gitSync:

561

## @param cloneStaticSiteFromGit.gitSync.command Override default container command for git-repo-syncer

562

563

command: []

564

## @param cloneStaticSiteFromGit.gitSync.args Override default container args for git-repo-syncer

565

566

args: []

567

## git-repo-syncer resource requests and limits

568

## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/

569

## @param cloneStaticSiteFromGit.gitSync.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if cloneStaticSiteFromGit.gitSync.resources is set (cloneStaticSiteFromGit.gitSync.resources is recommended for production).

570

## More information: https://github.com/iamguarded/charts/blob/main/iamguarded/common/templates/_resources.tpl#L15

571

572

resourcesPreset: "nano"

573

## @param cloneStaticSiteFromGit.gitSync.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)

574

## Example:

575

## resources:

576

## requests:

577

## cpu: 2

578

## memory: 512Mi

579

## limits:

580

## cpu: 3

581

## memory: 1024Mi

582

583

resources: {}

584

## @param cloneStaticSiteFromGit.extraEnvVars Additional environment variables to set for the in the containers that clone static site from git

585

## E.g:

586

## extraEnvVars:

587

## - name: FOO

588

## value: BAR

589

590

extraEnvVars: []

591

## @param cloneStaticSiteFromGit.extraEnvVarsSecret Secret with extra environment variables

592

593

extraEnvVarsSecret: ""

594

## @param cloneStaticSiteFromGit.extraVolumeMounts Add extra volume mounts for the Git containers

595

## Useful to mount keys to connect through ssh. (normally used with extraVolumes)

596

## E.g:

597

## extraVolumeMounts:

598

## - name: ssh-dir

599

## mountPath: /root/.ssh/

600

601

extraVolumeMounts: []

602

## @param serverBlock Custom server block to be added to NGINX configuration

603

## PHP-FPM example server block:

604

## serverBlock: |-

605

## server {

606

## listen 0.0.0.0:8080;

607

## root /app;

608

## location / {

609

## index index.html index.php;

610

## }

611

## location ~ \.php$ {

612

## fastcgi_pass phpfpm-server:9000;

613

## fastcgi_index index.php;

614

## include fastcgi.conf;

615

## }

616

## }

617

618

serverBlock: ""

619

## @param streamServerBlock Custom stream server block to be added to NGINX configuration

620

## streamServerBlock: |-

621

## server {

622

## listen 0.0.0.0:8080 udp;

623

## proxy_pass localhost:9000;

624

## }

625

626

streamServerBlock: ""

627

## @param existingServerBlockConfigmap ConfigMap with custom server block to be added to NGINX configuration

628

## NOTE: This will override serverBlock

629

630

existingServerBlockConfigmap: ""

631

## @param existingStreamServerBlockConfigmap ConfigMap with custom stream server block to be added to NGINX configuration

632

## NOTE: This will override streamServerBlock

633

634

existingStreamServerBlockConfigmap: ""

635

## Collection of NGINX context based includes

636

## e.g:

637

## contextIncludes:

638

## main: |

639

## load_module /opt/iamguarded/nginx/modules/ngx_http_dav_module.so;

640

641

contextIncludes:

642

## @param contextIncludes.main Custom configuration for the main context

643

644

main: ""

645

## @param contextIncludes.events Custom configuration for the events context

646

647

events: ""

648

## @param contextIncludes.http Custom configuration for the http context

649

650

http: ""

651

## @param existingContextMainConfigmaps List of existing ConfigMaps with custom main context configuration

652

## NOTE: These will be mounted alongside contextIncludes.main

653

## e.g:

654

## existingContextMainConfigmaps:

655

## - "my-modules-config"

656

## - "my-main-directives-config"

657

658

existingContextMainConfigmaps: []

659

## @param existingContextEventsConfigmaps List of existing ConfigMaps with custom events context configuration

660

## NOTE: These will be mounted alongside contextIncludes.events

661

662

existingContextEventsConfigmaps: []

663

## @param existingContextHttpConfigmaps List of existing ConfigMaps with custom http context configuration

664

## NOTE: These will be mounted alongside contextIncludes.http

665

666

existingContextHttpConfigmaps: []

667

## @param staticSiteConfigmap Name of existing ConfigMap with the server static site content

668

669

staticSiteConfigmap: ""

670

## @param staticSitePVC Name of existing PVC with the server static site content

671

## NOTE: This will override staticSiteConfigmap

672

673

staticSitePVC: ""

674

## @section Traffic Exposure parameters

675

676

## NGINX Service properties

677

678

service:

679

## @param service.type Service type

680

681

type: LoadBalancer

682

## @param service.ports.http Service HTTP port

683

## @param service.ports.https Service HTTPS port

684

685

ports:

686

http: 80

687

https: 443

688

689

## @param service.nodePorts [object] Specify the nodePort(s) value(s) for the LoadBalancer and NodePort service types.

690

## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport

691

692

nodePorts:

693

http: ""

694

https: ""

695

## @param service.targetPort [object] Target port reference value for the Loadbalancer service types can be specified explicitly.

696

## Listeners for the Loadbalancer can be custom mapped to the http or https service.

697

## Example: Mapping the https listener to targetPort http [http: https]

698

699

targetPort:

700

http: http

701

https: https

702

## @param service.clusterIP NGINX service Cluster IP

703

## e.g.:

704

## clusterIP: None

705

706

clusterIP: ""

707

## @param service.loadBalancerIP LoadBalancer service IP address

708

## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer

709

710

loadBalancerIP: ""

711

## @param service.loadBalancerSourceRanges NGINX service Load Balancer sources

712

## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service

713

## e.g:

714

## loadBalancerSourceRanges:

715

## - 10.10.10.0/24

716

717

loadBalancerSourceRanges: []

718

## @param service.loadBalancerClass service Load Balancer class if service type is `LoadBalancer` (optional, cloud specific)

719

## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer

720

721

loadBalancerClass: ""

722

## @param service.extraPorts Extra ports to expose (normally used with the `sidecar` value)

723

724

extraPorts: []

725

## @param service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"

726

## If "ClientIP", consecutive client requests will be directed to the same Pod

727

## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies

728

729

sessionAffinity: None

730

## @param service.sessionAffinityConfig Additional settings for the sessionAffinity

731

## sessionAffinityConfig:

732

## clientIP:

733

## timeoutSeconds: 300

734

735

sessionAffinityConfig: {}

736

## @param service.annotations Service annotations

737

## This can be used to set the LoadBalancer service type to internal only.

738

## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer

739

740

annotations: {}

741

## @param service.externalTrafficPolicy Enable client source IP preservation

742

## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip

743

744

externalTrafficPolicy: Cluster

745

## Network Policies

746

## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/

747

748

networkPolicy:

749

## @param networkPolicy.enabled Specifies whether a NetworkPolicy should be created

750

751

enabled: true

752

## @param networkPolicy.allowExternal Don't require server label for connections

753

## The Policy model to apply. When set to false, only pods with the correct

754

## server label will have network access to the ports server is listening

755

## on. When true, server will accept connections from any source

756

## (with the correct destination port).

757

758

allowExternal: true

759

## @param networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.

760

761

allowExternalEgress: true

762

## @param networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy

763

## e.g:

764

## extraIngress:

765

## - ports:

766

## - port: 1234

767

## from:

768

## - podSelector:

769

## - matchLabels:

770

## - role: frontend

771

## - podSelector:

772

## - matchExpressions:

773

## - key: role

774

## operator: In

775

## values:

776

## - frontend

777

extraIngress: []

778

## @param networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy (ignored if allowExternalEgress=true)

779

## e.g:

780

## extraEgress:

781

## - ports:

782

## - port: 1234

783

## to:

784

## - podSelector:

785

## - matchLabels:

786

## - role: frontend

787

## - podSelector:

788

## - matchExpressions:

789

## - key: role

790

## operator: In

791

## values:

792

## - frontend

793

794

extraEgress: []

795

## @param networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces

796

## @param networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces

797

798

ingressNSMatchLabels: {}

799

ingressNSPodMatchLabels: {}

800

## Configure the ingress resource that allows you to access the

801

## Nginx installation. Set up the URL

802

## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/

803

804

ingress:

805

## @param ingress.enabled Set to true to enable ingress record generation

806

807

enabled: false

808

## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm

809

810

selfSigned: false

811

## @param ingress.pathType Ingress path type

812

813

pathType: ImplementationSpecific

814

## @param ingress.apiVersion Force Ingress API version (automatically detected if not set)

815

816

apiVersion: ""

817

## @param ingress.hostname Default host for the ingress resource

818

819

hostname: nginx.local

820

## @param ingress.path The Path to Nginx. You may need to set this to '/*' in order to use this with ALB ingress controllers.

821

822

path: /

823

## @param ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations.

824

## For a full list of possible ingress annotations, please see

825

## ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md

826

## Use this parameter to set the required annotations for cert-manager, see

827

## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations

828

829

## e.g:

830

## annotations:

831

## kubernetes.io/ingress.class: nginx

832

## cert-manager.io/cluster-issuer: cluster-issuer-name

833

834

annotations: {}

835

## @param ingress.ingressClassName Set the ingerssClassName on the ingress record for k8s 1.18+

836

## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster .

837

## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/

838

839

ingressClassName: ""

840

## @param ingress.tls Create TLS Secret

841

## TLS certificates will be retrieved from a TLS secret with name: {{- printf "%s-tls" .Values.ingress.hostname }}

842

## You can use the ingress.secrets parameter to create this TLS secret or relay on cert-manager to create it

843

844

tls: false

845

## @param ingress.tlsWwwPrefix Adds www subdomain to default cert

846

## Creates tls host with ingress.hostname: {{ print "www.%s" .Values.ingress.hostname }}

847

## Is enabled if "nginx.ingress.kubernetes.io/from-to-www-redirect" is "true"

848

tlsWwwPrefix: false

849

## @param ingress.extraHosts The list of additional hostnames to be covered with this ingress record.

850

## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array

851

## extraHosts:

852

## - name: nginx.local

853

## path: /

854

855

extraHosts: []

856

## @param ingress.extraPaths Any additional arbitrary paths that may need to be added to the ingress under the main host.

857

## For example: The ALB ingress controller requires a special rule for handling SSL redirection.

858

## extraPaths:

859

## - path: /*

860

## backend:

861

## serviceName: ssl-redirect

862

## servicePort: use-annotation

863

864

extraPaths: []

865

## @param ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record.

866

## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls

867

## extraTls:

868

## - hosts:

869

## - nginx.local

870

## secretName: nginx.local-tls

871

872

extraTls: []

873

## @param ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets

874

## key and certificate should start with -----BEGIN CERTIFICATE----- or

875

## -----BEGIN RSA PRIVATE KEY-----

876

877

## name should line up with a tlsSecret set further up

878

## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set

879

880

## It is also possible to create and manage the certificates outside of this helm chart

881

## Please see README.md for more information

882

## e.g:

883

## - name: nginx.local-tls

884

## key:

885

## certificate:

886

887

secrets: []

888

## @param ingress.extraRules The list of additional rules to be added to this ingress record. Evaluated as a template

889

## Useful when looking for additional customization, such as using different backend

890

891

extraRules: []

892

## Health Ingress parameters

893

894

healthIngress:

895

## @param healthIngress.enabled Set to true to enable health ingress record generation

896

897

enabled: false

898

## @param healthIngress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm

899

900

selfSigned: false

901

## @param healthIngress.pathType Ingress path type

902

903

pathType: ImplementationSpecific

904

## @param healthIngress.hostname When the health ingress is enabled, a host pointing to this will be created

905

906

hostname: example.local

907

## @param healthIngress.path Default path for the ingress record

908

## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers

909

910

path: /

911

## @param healthIngress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations.

912

## For a full list of possible ingress annotations, please see

913

## ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md

914

## Use this parameter to set the required annotations for cert-manager, see

915

## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations

916

917

## e.g:

918

## annotations:

919

## kubernetes.io/ingress.class: nginx

920

## cert-manager.io/cluster-issuer: cluster-issuer-name

921

922

annotations: {}

923

## @param healthIngress.tls Enable TLS configuration for the hostname defined at `healthIngress.hostname` parameter

924

## TLS certificates will be retrieved from a TLS secret with name: {{- printf "%s-tls" .Values.healthIngress.hostname }}

925

## You can use the healthIngress.secrets parameter to create this TLS secret, relay on cert-manager to create it, or

926

## let the chart create self-signed certificates for you

927

928

tls: false

929

## @param healthIngress.extraHosts An array with additional hostname(s) to be covered with the ingress record

930

## e.g:

931

## extraHosts:

932

## - name: example.local

933

## path: /

934

935

extraHosts: []

936

## @param healthIngress.extraPaths An array with additional arbitrary paths that may need to be added to the ingress under the main host

937

## e.g:

938

## extraPaths:

939

## - path: /*

940

## backend:

941

## serviceName: ssl-redirect

942

## servicePort: use-annotation

943

944

extraPaths: []

945

## @param healthIngress.extraTls TLS configuration for additional hostnames to be covered

946

## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls

947

## E.g.

948

## extraTls:

949

## - hosts:

950

## - example.local

951

## secretName: example.local-tls

952

953

extraTls: []

954

## @param healthIngress.secrets TLS Secret configuration

955

## If you're providing your own certificates, please use this to add the certificates as secrets

956

## key and certificate should start with -----BEGIN CERTIFICATE----- or -----BEGIN RSA PRIVATE KEY-----

957

## name should line up with a secretName set further up

958

## If it is not set and you're using cert-manager, this is unneeded, as it will create the secret for you

959

## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created

960

## It is also possible to create and manage the certificates outside of this helm chart

961

## Please see README.md for more information

962

963

## E.g.

964

## secrets:

965

## - name: example.local-tls

966

## key:

967

## certificate:

968

969

secrets: []

970

## @param healthIngress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+)

971

## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster .

972

## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/

973

974

ingressClassName: ""

975

## @param healthIngress.extraRules The list of additional rules to be added to this ingress record. Evaluated as a template

976

## Useful when looking for additional customization, such as using different backend

977

978

extraRules: []

979

## @section Metrics parameters

980

981

## Prometheus Exporter / Metrics

982

983

metrics:

984

## @param metrics.enabled Start a Prometheus exporter sidecar container

985

986

enabled: false

987

## Iamguarded NGINX Prometheus Exporter image

988

## ref: https://hub.docker.com/r/iamguarded/nginx-exporter/tags/

989

## @param metrics.image.registry [default: REGISTRY_NAME] NGINX Prometheus exporter image registry

990

## @param metrics.image.repository [default: REPOSITORY_NAME/nginx-exporter] NGINX Prometheus exporter image repository

991

## @skip metrics.image.tag NGINX Prometheus exporter image tag (immutable tags are recommended)

992

## @param metrics.image.digest NGINX Prometheus exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag

993

## @param metrics.image.pullPolicy NGINX Prometheus exporter image pull policy

994

## @param metrics.image.pullSecrets Specify docker-registry secret names as an array

995

996

image:

997

registry: cgr.dev

998

repository: chainguard-private/nginx-prometheus-exporter-iamguarded

999

tag: 1.5.1

1000

digest: ""

1001

pullPolicy: IfNotPresent

1002

## Optionally specify an array of imagePullSecrets.

1003

## Secrets must be manually created in the namespace.

1004

## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/

1005

## e.g:

1006

## pullSecrets:

1007

## - myRegistryKeySecretName

1008

1009

pullSecrets: []

1010

## @param metrics.port NGINX Container Status Port scraped by Prometheus Exporter

1011

## Defaults to specified http port

1012

1013

port: ""

1014

## @param metrics.extraArgs Extra arguments for Prometheus exporter

1015

## e.g:

1016

## extraArgs:

1017

## - --nginx.timeout

1018

## - 5s

1019

1020

extraArgs: []

1021

## @param metrics.containerPorts.metrics Prometheus exporter container port

1022

1023

containerPorts:

1024

metrics: 9113

1025

## @param metrics.podAnnotations Additional annotations for NGINX Prometheus exporter pod(s)

1026

## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/

1027

1028

podAnnotations: {}

1029

## Container Security Context

1030

## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/

1031

## @param metrics.securityContext.enabled Enabled NGINX Exporter containers' Security Context

1032

## @param metrics.securityContext.seLinuxOptions [object,nullable] Set SELinux options in container

1033

## @param metrics.securityContext.runAsUser Set NGINX Exporter container's Security Context runAsUser

1034

1035

securityContext:

1036

enabled: false

1037

seLinuxOptions: {}

1038

runAsUser: 1001

1039

## Prometheus exporter service parameters

1040

1041

service:

1042

## @param metrics.service.port NGINX Prometheus exporter service port

1043

1044

port: 9113

1045

## @param metrics.service.annotations [object] Annotations for the Prometheus exporter service

1046

1047

annotations:

1048

prometheus.io/scrape: "true"

1049

prometheus.io/port: "{{ .Values.metrics.service.port }}"

1050

## NGINX Prometheus exporter resource requests and limits

1051

## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/

1052

## We usually recommend not to specify default resources and to leave this as a conscious

1053

## choice for the user. This also increases chances charts run on environments with little

1054

## resources, such as Minikube. If you do want to specify resources, uncomment the following

1055

## lines, adjust them as necessary, and remove the curly braces after 'resources:'.

1056

## @param metrics.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if metrics.resources is set (metrics.resources is recommended for production).

1057

## More information: https://github.com/iamguarded/charts/blob/main/iamguarded/common/templates/_resources.tpl#L15

1058

1059

resourcesPreset: "nano"

1060

## @param metrics.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)

1061

## Example:

1062

## resources:

1063

## requests:

1064

## cpu: 2

1065

## memory: 512Mi

1066

## limits:

1067

## cpu: 3

1068

## memory: 1024Mi

1069

1070

resources: {}

1071

## Prometheus Operator ServiceMonitor configuration

1072

1073

serviceMonitor:

1074

## @param metrics.serviceMonitor.enabled Creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`)

1075

1076

enabled: false

1077

## @param metrics.serviceMonitor.namespace Namespace in which Prometheus is running

1078

1079

namespace: ""

1080

## @param metrics.serviceMonitor.tlsConfig [object] TLS configuration used for scrape endpoints used by Prometheus

1081

1082

tlsConfig: {}

1083

## @param metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus.

1084

1085

jobLabel: ""

1086

## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped.

1087

## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint

1088

## e.g:

1089

## interval: 10s

1090

1091

interval: ""

1092

## @param metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended

1093

## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint

1094

## e.g:

1095

## scrapeTimeout: 10s

1096

1097

scrapeTimeout: ""

1098

## @param metrics.serviceMonitor.selector Prometheus instance selector labels

1099

## ref: https://github.com/iamguarded/charts/tree/main/iamguarded/prometheus-operator#prometheus-configuration

1100

1101

## selector:

1102

## prometheus: my-prometheus

1103

1104

selector: {}

1105

## @param metrics.serviceMonitor.labels Additional labels that can be used so PodMonitor will be discovered by Prometheus

1106

1107

labels: {}

1108

## @param metrics.serviceMonitor.relabelings RelabelConfigs to apply to samples before scraping

1109

1110

relabelings: []

1111

## @param metrics.serviceMonitor.metricRelabelings MetricRelabelConfigs to apply to samples before ingestion

1112

1113

metricRelabelings: []

1114

## @param metrics.serviceMonitor.honorLabels honorLabels chooses the metric's labels on collisions with target labels

1115

1116

honorLabels: false

1117

## Prometheus Operator PrometheusRule configuration

1118

1119

prometheusRule:

1120

## @param metrics.prometheusRule.enabled if `true`, creates a Prometheus Operator PrometheusRule (also requires `metrics.enabled` to be `true` and `metrics.prometheusRule.rules`)

1121

1122

enabled: false

1123

## @param metrics.prometheusRule.namespace Namespace for the PrometheusRule Resource (defaults to the Release Namespace)

1124

1125

namespace: ""

1126

## @param metrics.prometheusRule.additionalLabels Additional labels that can be used so PrometheusRule will be discovered by Prometheus

1127

1128

additionalLabels: {}

1129

## @param metrics.prometheusRule.rules Prometheus Rule definitions

1130

## - alert: LowInstance

1131

## expr: up{service="{{ template "common.names.fullname" . }}"} < 1

1132

## for: 1m

1133

## labels:

1134

## severity: critical

1135

## annotations:

1136

## description: Service {{ template "common.names.fullname" . }} Tomcat is down since 1m.

1137

## summary: Tomcat instance is down.

1138

1139

rules: []

1140

## @param metrics.customLivenessProbe Override default metrics liveness probe

1141

1142

customLivenessProbe: {}

1143

## NGINX metrics containers' liveness probe.

1144

## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes

1145

## @param metrics.livenessProbe.enabled Enable livenessProbe

1146

## @param metrics.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe

1147

## @param metrics.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe

1148

## @param metrics.livenessProbe.periodSeconds Period seconds for livenessProbe

1149

## @param metrics.livenessProbe.failureThreshold Failure threshold for livenessProbe

1150

## @param metrics.livenessProbe.successThreshold Success threshold for livenessProbe

1151

1152

livenessProbe:

1153

enabled: true

1154

initialDelaySeconds: 30

1155

timeoutSeconds: 5

1156

periodSeconds: 10

1157

failureThreshold: 2

1158

successThreshold: 1

1159

## @param metrics.customReadinessProbe Override default metrics readiness probe

1160

1161

customReadinessProbe: {}

1162

## NGINX metrics containers' readiness probe.

1163

## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes

1164

## @param metrics.readinessProbe.enabled Enable readinessProbe

1165

## @param metrics.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe

1166

## @param metrics.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe

1167

## @param metrics.readinessProbe.periodSeconds Period seconds for readinessProbe

1168

## @param metrics.readinessProbe.failureThreshold Failure threshold for readinessProbe

1169

## @param metrics.readinessProbe.successThreshold Success threshold for readinessProbe

1170

1171

1172

readinessProbe:

1173

enabled: true

1174

initialDelaySeconds: 5

1175

timeoutSeconds: 3

1176

periodSeconds: 30

1177

failureThreshold: 2

1178

successThreshold: 1

1179

## @param metrics.customStartupProbe Override default metrics startup probe

1180

1181

customStartupProbe: {}

1182

## NGINX metrics containers' startup probe.

1183

## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes

1184

## @param metrics.startupProbe.enabled Enable startupProbe

1185

## @param metrics.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe

1186

## @param metrics.startupProbe.timeoutSeconds Timeout seconds for startupProbe

1187

## @param metrics.startupProbe.periodSeconds Period seconds for startupProbe

1188

## @param metrics.startupProbe.failureThreshold Failure threshold for startupProbe

1189

## @param metrics.startupProbe.successThreshold Success threshold for startupProbe

1190

1191

1192

startupProbe:

1193

enabled: false

1194

initialDelaySeconds: 5

1195

timeoutSeconds: 3

1196

periodSeconds: 5

1197

failureThreshold: 10

1198

successThreshold: 1

1199

The trusted source for open source

Talk to an expert

Privacy

Terms

nginx

The trusted source for open source

Product

Solutions

Customers

Resources

Company