2024-01-11 15:03:54 -06:00
---
2024-12-21 16:07:39 -06:00
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2.json
2024-05-28 10:02:09 -05:00
apiVersion : helm.toolkit.fluxcd.io/v2
2024-01-11 15:03:54 -06:00
kind : HelmRelease
metadata :
2024-01-12 15:24:22 -06:00
name : ingress-nginx
2024-01-11 15:03:54 -06:00
spec :
interval : 30m
chart :
spec :
chart : ingress-nginx
2024-10-10 06:01:05 -05:00
version : 4.11 .3
2024-01-11 15:03:54 -06:00
sourceRef :
kind : HelmRepository
name : ingress-nginx
namespace : flux-system
interval : 30m
2024-01-11 17:50:28 -06:00
valuesFrom :
- targetPath : controller.maxmindLicenseKey
kind : Secret
name : nginx-external-maxmind-secret
valuesKey : MAXMIND_LICENSE_KEY
2024-01-11 15:03:54 -06:00
values :
controller :
2024-09-04 13:35:14 -05:00
replicaCount : 2
2024-01-11 15:03:54 -06:00
updateStrategy :
type : RollingUpdate
allowSnippetAnnotations : true
enableAnnotationValidations : true
service :
enabled : true
type : LoadBalancer
annotations :
2024-01-11 17:50:28 -06:00
external-dns.alpha.kubernetes.io/hostname : external.hsn.dev
2024-05-08 15:11:54 -05:00
io.cilium/lb-ipam-ips : 10.1 .1 .30
2024-01-11 15:03:54 -06:00
publishService :
enabled : true
metrics :
enabled : true
serviceMonitor :
enabled : true
namespace : network
namespaceSelector :
any : true
ingressClassResource :
2024-01-12 18:46:37 -06:00
name : external-nginx
2024-02-26 20:18:44 -06:00
default : false
2024-01-11 15:03:54 -06:00
config :
block-user-agents : "GPTBot,~*GPTBot*,ChatGPT-User,~*ChatGPT-User*,Google-Extended,~*Google-Extended*,CCBot,~*CCBot*,Omgilibot,~*Omgilibot*,FacebookBot,~*FacebookBot*" # taken from https://github.com/superseriousbusiness/gotosocial/blob/main/internal/web/robots.go
2024-01-11 17:50:28 -06:00
client-body-buffer-size : 100M
2024-01-11 15:03:54 -06:00
client-body-timeout : 120
2024-01-11 17:50:28 -06:00
client-header-timeout : 120
2024-01-11 15:03:54 -06:00
enable-brotli : "true"
enable-ocsp : "true"
enable-real-ip : "true"
hide-headers : Server,X-Powered-By
2024-01-11 17:50:28 -06:00
hsts-max-age : 31449600
2024-01-11 15:03:54 -06:00
keep-alive-requests : 10000
2024-01-11 17:50:28 -06:00
keep-alive : 120
log-format-escape-json : "true"
log-format-upstream : >
{"time": "$time_iso8601", "remote_addr": "$proxy_protocol_addr", "x_forwarded_for": "$proxy_add_x_forwarded_for" ,
"request_id": "$req_id", "remote_user": "$remote_user", "bytes_sent": $bytes_sent, "request_time": $request_time,
"status": $status, "vhost": "$host", "request_proto": "$server_protocol", "path": "$uri", "request_query": "$args" ,
"request_length": $request_length, "duration": $request_time, "method": "$request_method", "http_referrer": "$http_referer" ,
"http_user_agent": "$http_user_agent", "country_code": "$geoip2_city_country_code", "country_name": "$geoip2_city_country_name" }
2024-01-11 15:03:54 -06:00
proxy-body-size : 0
2024-01-11 17:50:28 -06:00
proxy-buffer-size : 16k
ssl-protocols : TLSv1.3 TLSv1.2
use-geoip2 : true
2024-01-11 15:03:54 -06:00
use-forwarded-headers : "true"
extraArgs :
default-ssl-certificate : "network/hsn-dev-tls"
topologySpreadConstraints :
- maxSkew : 2
topologyKey : kubernetes.io/hostname
whenUnsatisfiable : DoNotSchedule
labelSelector :
matchLabels :
app.kubernetes.io/instance : ingress-nginx-hsn
app.kubernetes.io/component : controller
resources :
requests :
2024-01-11 17:50:28 -06:00
cpu : 100m
2024-01-11 15:03:54 -06:00
memory : 381M
defaultBackend :
enabled : false