shpaq/auricom-home-cluster
1
0
Fork 0
mirror of https://github.com/auricom/home-cluster.git synced 2025-09-17 18:24:14 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
65eaf836da23985ebff3a49cae3e2ae81ea4a24d
auricom-home-cluster/.archive/kubernetes/nginx/internal/helmrelease.yaml
auricom c0dde8be0a feat: envoy-gateway
2025-08-19 03:16:10 +02:00

111 lines
3.9 KiB
YAML
Raw Blame History

---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: ingress-nginx
spec:
interval: 2h
url: https://kubernetes.github.io/ingress-nginx
timeout: 3m
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: nginx-internal
spec:
interval: 30m
chart:
spec:
chart: ingress-nginx
version: 4.13.0
sourceRef:
kind: HelmRepository
name: ingress-nginx
install:
remediation:
retries: 3
upgrade:
cleanupOnFail: true
remediation:
retries: 3
values:
fullnameOverride: nginx-internal
controller:
service:
annotations:
external-dns.alpha.kubernetes.io/hostname: &hostname "internal.${SECRET_EXTERNAL_DOMAIN}"
lbipam.cilium.io/ips: ${CLUSTER_LB_NGINX_INTERNAL}
externalTrafficPolicy: Local
ingressClassResource:
name: internal
default: false
controllerValue: k8s.io/internal
admissionWebhooks:
objectSelector:
matchExpressions:
- key: ingress-class
operator: In
values: [internal]
config:
# allow-snippet-annotations: true
annotations-risk-level: Critical
block-user-agents: AdsBot-Google,Amazonbot,anthropic-ai,Applebot-Extended,Bytespider,CCBot,ChatGPT-User,ClaudeBot,Claude-Web,cohere-ai,Diffbot,FacebookBot,FriendlyCrawler,Google-Extended,GoogleOther,GPTBot,img2dataset,omgili,omgilibot,peer39_crawler,peer39_crawler/1.0,PerplexityBot,YouBot, # taken from https://github.com/ai-robots-txt/ai.robots.txt
client-body-buffer-size: 100M
client-body-timeout: 120
client-header-timeout: 120
custom-http-errors: 400,403,404,500,501,502,503,504
enable-brotli: "true"
enable-ocsp: "true"
enable-real-ip: "true"
force-ssl-redirect: "true"
hide-headers: Server,X-Powered-By
hsts-max-age: 31449600
keep-alive-requests: 10000
keep-alive: 120
log-format-escape-json: "true"
log-format-upstream: >
{"time": "$time_iso8601", "remote_addr": "$proxy_protocol_addr", "x_forwarded_for": "$proxy_add_x_forwarded_for",
"request_id": "$req_id", "remote_user": "$remote_user", "bytes_sent": $bytes_sent, "request_time": $request_time,
"status": $status, "vhost": "$host", "request_proto": "$server_protocol", "path": "$uri", "request_query": "$args",
"request_length": $request_length, "duration": $request_time, "method": "$request_method", "http_referrer": "$http_referer",
"http_user_agent": "$http_user_agent"}
proxy-body-size: 0
proxy-buffer-size: 16k
proxy-busy-buffers-size: 16k
ssl-protocols: TLSv1.3 TLSv1.2
metrics:
enabled: true
serviceMonitor:
enabled: true
namespaceSelector:
any: true
extraArgs:
default-ssl-certificate: |-
network/${SECRET_EXTERNAL_DOMAIN//./-}-tls
publish-status-address: *hostname
terminationGracePeriodSeconds: 120
publishService:
enabled: false
resources:
requests:
cpu: 100m
limits:
memory: 500Mi
defaultBackend:
enabled: true
image:
repository: ghcr.io/tarampampam/error-pages
tag: 3.3.3@sha256:df7d8d24740316f3918b8c280eff61c30c4055daeef2041d3f557bb54187133d
pullPolicy: IfNotPresent
extraEnvs:
- name: TEMPLATE_NAME
value: connection
- name: SHOW_DETAILS
value: "true"
- name: READ_BUFFER_SIZE
value: "8192"
- name: SEND_SAME_HTTP_CODE
value: "true"
Reference in New Issue View Git Blame Copy Permalink