theshire/kubernetes/apps/network/ingress-nginx/internal/helmrelease.yaml

---
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2beta2.json
apiVersion: helm.toolkit.fluxcd.io/v2beta2
kind: HelmRelease
metadata:
  name: nginx-internal
  namespace: network
spec:
  interval: 30m
  chart:
    spec:
      chart: ingress-nginx
      version: 4.10.0
      sourceRef:
        kind: HelmRepository
        name: ingress-nginx
        namespace: flux-system
      interval: 30m
  values:
    fullnameOverride: nginx-internal

    controller:
      replicaCount: 3

      updateStrategy:
        type: RollingUpdate

      allowSnippetAnnotations: true
      enableAnnotationValidations: true

      service:
        enabled: true
        type: LoadBalancer
        annotations:
          external-dns.alpha.kubernetes.io/hostname: "internal.jahanson.tech"
          io.cilium/lb-ipam-ips: "10.45.0.3"
        externalTrafficPolicy: Cluster

      publishService:
        enabled: true

      ingressClassResource:
        name: internal-nginx
        default: true
        controllerValue: k8s.io/ingress-nginx-internal

      admissionWebhooks:
        objectSelector:
          matchExpressions:
            - key: ingress-class
              operator: In
              values:
                - internal-nginx

      config:
        block-user-agents: "GPTBot,~*GPTBot*,ChatGPT-User,~*ChatGPT-User*,Google-Extended,~*Google-Extended*,CCBot,~*CCBot*,Omgilibot,~*Omgilibot*,FacebookBot,~*FacebookBot*" # taken from https://github.com/superseriousbusiness/gotosocial/blob/main/internal/web/robots.go
        client-header-timeout: 120
        client-body-buffer-size: "100M"
        client-body-timeout: 120
        enable-brotli: "true"
        enable-ocsp: "true"
        enable-real-ip: "true"
        hide-headers: Server,X-Powered-By
        hsts-max-age: "31449600"
        keep-alive: 120
        keep-alive-requests: 10000
        log-format-escape-json: "true"
        log-format-upstream: >
          {"time": "$time_iso8601", "remote_addr": "$proxy_protocol_addr",
          "x_forwarded_for": "$proxy_add_x_forwarded_for", "request_id": "$req_id",
          "remote_user": "$remote_user", "bytes_sent": $bytes_sent, "request_time": $request_time,
          "status": $status, "vhost": "$host", "request_proto": "$server_protocol",
          "path": "$uri", "request_query": "$args", "request_length": $request_length,
          "duration": $request_time,"method": "$request_method", "http_referrer": "$http_referer",
          "http_user_agent": "$http_user_agent"}
        proxy-body-size: 0
        proxy-buffer-size: "16k"
        ssl-protocols: "TLSv1.3 TLSv1.2"
        use-forwarded-headers: "true"

      metrics:
        enabled: true
        serviceMonitor:
          enabled: true
          namespace: network
          namespaceSelector:
            any: true

      extraArgs:
        default-ssl-certificate: "network/jahanson-tech-tls"

      topologySpreadConstraints:
        - maxSkew: 2
          topologyKey: kubernetes.io/hostname
          whenUnsatisfiable: DoNotSchedule
          labelSelector:
            matchLabels:
              app.kubernetes.io/instance: nginx-internal
              app.kubernetes.io/component: controller

      resources:
        requests:
          cpu: 99m
          memory: 768Mi
        limits:
          memory: 768Mi

    defaultBackend:
      enabled: false
Adding internal nginx. 2024-01-14 22:34:59 -06:00			`---`
			`# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2beta2.json`
			`apiVersion: helm.toolkit.fluxcd.io/v2beta2`
			`kind: HelmRelease`
			`metadata:`
			`name: nginx-internal`
Update target namespaces. 2024-01-17 00:59:17 -06:00			`namespace: network`
Adding internal nginx. 2024-01-14 22:34:59 -06:00			`spec:`
			`interval: 30m`
			`chart:`
			`spec:`
			`chart: ingress-nginx`
Update Helm release ingress-nginx to v4.10.0 2024-02-28 19:01:51 -06:00			`version: 4.10.0`
Adding internal nginx. 2024-01-14 22:34:59 -06:00			`sourceRef:`
			`kind: HelmRepository`
			`name: ingress-nginx`
			`namespace: flux-system`
			`interval: 30m`
			`values:`
			`fullnameOverride: nginx-internal`

			`controller:`
			`replicaCount: 3`

			`updateStrategy:`
			`type: RollingUpdate`

			`allowSnippetAnnotations: true`
			`enableAnnotationValidations: true`

			`service:`
			`enabled: true`
			`type: LoadBalancer`
			`annotations:`
			`external-dns.alpha.kubernetes.io/hostname: "internal.jahanson.tech"`
			`io.cilium/lb-ipam-ips: "10.45.0.3"`
			`externalTrafficPolicy: Cluster`

			`publishService:`
			`enabled: true`

			`ingressClassResource:`
			`name: internal-nginx`
			`default: true`
			`controllerValue: k8s.io/ingress-nginx-internal`

			`admissionWebhooks:`
			`objectSelector:`
			`matchExpressions:`
			`- key: ingress-class`
			`operator: In`
			`values:`
			`- internal-nginx`

			`config:`
			`block-user-agents: "GPTBot,~GPTBot,ChatGPT-User,~ChatGPT-User,Google-Extended,~Google-Extended,CCBot,~CCBot,Omgilibot,~Omgilibot,FacebookBot,~FacebookBot" # taken from https://github.com/superseriousbusiness/gotosocial/blob/main/internal/web/robots.go`
			`client-header-timeout: 120`
			`client-body-buffer-size: "100M"`
			`client-body-timeout: 120`
			`enable-brotli: "true"`
			`enable-ocsp: "true"`
			`enable-real-ip: "true"`
			`hide-headers: Server,X-Powered-By`
			`hsts-max-age: "31449600"`
			`keep-alive: 120`
			`keep-alive-requests: 10000`
			`log-format-escape-json: "true"`
			`log-format-upstream: >`
			`{"time": "$time_iso8601", "remote_addr": "$proxy_protocol_addr",`
			`"x_forwarded_for": "$proxy_add_x_forwarded_for", "request_id": "$req_id",`
			`"remote_user": "$remote_user", "bytes_sent": $bytes_sent, "request_time": $request_time,`
			`"status": $status, "vhost": "$host", "request_proto": "$server_protocol",`
			`"path": "$uri", "request_query": "$args", "request_length": $request_length,`
			`"duration": $request_time,"method": "$request_method", "http_referrer": "$http_referer",`
			`"http_user_agent": "$http_user_agent"}`
			`proxy-body-size: 0`
			`proxy-buffer-size: "16k"`
			`ssl-protocols: "TLSv1.3 TLSv1.2"`
			`use-forwarded-headers: "true"`

			`metrics:`
			`enabled: true`
			`serviceMonitor:`
			`enabled: true`
			`namespace: network`
			`namespaceSelector:`
			`any: true`

			`extraArgs:`
			`default-ssl-certificate: "network/jahanson-tech-tls"`

			`topologySpreadConstraints:`
			`- maxSkew: 2`
			`topologyKey: kubernetes.io/hostname`
			`whenUnsatisfiable: DoNotSchedule`
			`labelSelector:`
			`matchLabels:`
			`app.kubernetes.io/instance: nginx-internal`
			`app.kubernetes.io/component: controller`

			`resources:`
			`requests:`
			`cpu: 99m`
			`memory: 768Mi`
			`limits:`
			`memory: 768Mi`

			`defaultBackend:`
			`enabled: false`