auricom-home-cluster/kubernetes/apps/networking/ingress-nginx/app/helmrelease.yaml

---
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2beta1.json
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
  name: ingress-nginx
  namespace: networking
spec:
  interval: 30m
  chart:
    spec:
      chart: ingress-nginx
      version: 4.7.2
      sourceRef:
        kind: HelmRepository
        name: ingress-nginx
        namespace: flux-system
  maxHistory: 2
  install:
    createNamespace: true
    remediation:
      retries: 3
  upgrade:
    cleanupOnFail: true
    remediation:
      retries: 3
  uninstall:
    keepHistory: false
  values:
    controller:
      replicaCount: 2
      service:
        type: LoadBalancer
        loadBalancerIP: "${CLUSTER_LB_NGINX}"
        externalTrafficPolicy: Local
      publishService:
        enabled: true
      ingressClassResource:
        default: true
      config:
        client-body-buffer-size: "100M"
        client-body-timeout: 120
        client-header-timeout: 120
        custom-http-errors: 400,401,403,404,500,502,503,504
        enable-brotli: "true"
        enable-real-ip: "true"
        hsts-max-age: "31449600"
        keep-alive-requests: 10000
        keep-alive: 120
        proxy-body-size: "100M"
        proxy-buffering: "off"
        proxy-read-timeout: "6000"
        proxy-send-timeout: "6000"
        # proxy-buffer-size: "16k"
        ssl-protocols: "TLSv1.3 TLSv1.2"
        use-forwarded-headers: "true"
        # crowdsec bouncer
        # plugins: "crowdsec"
        # lua-shared-dicts: "crowdsec_cache: 50m"
      metrics:
        enabled: true
        serviceMonitor:
          enabled: true
          namespace: default
          namespaceSelector:
            any: true
      extraArgs:
        default-ssl-certificate: |-
          networking/${SECRET_CLUSTER_DOMAIN/./-}-tls
      topologySpreadConstraints:
        - maxSkew: 1
          topologyKey: kubernetes.io/hostname
          whenUnsatisfiable: DoNotSchedule
          labelSelector:
            matchLabels:
              app.kubernetes.io/name: ingress-nginx
              app.kubernetes.io/component: controller
      # crowdsec bouncer
      # extraVolumes:
      # - name: crowdsec-bouncer-plugin
      #   emptyDir: {}
      # extraInitContainers:
      # - name: init-clone-crowdsec-bouncer
      #   image: crowdsecurity/lua-bouncer-plugin
      #   tag: v0.1.11
      #   imagePullPolicy: IfNotPresent
      #   env:
      #     - name: API_URL
      #       value: "http://crowdsec-service.crowdsec.svc.cluster.local:8080"
      #     - name: API_KEY
      #       value: "${SECRET_CROWDSEC_NGINX_BOUNCER_API_KEY}"
      #     - name: DISABLE_RUN
      #       value: "true"
      #     - name: BOUNCER_CONFIG
      #       value: "/crowdsec/crowdsec-bouncer.conf"
      #   command:
      #     - "/bin/sh"
      #     - "-c"
      #     - |
      #       #!/bin/sh

      #       sh /docker_start.sh
      #       mkdir -p /lua_plugins/crowdsec/
      #       cp -pr /crowdsec/* /lua_plugins/crowdsec/
      #   volumeMounts:
      #   - name: crowdsec-bouncer-plugin
      #     mountPath: /lua_plugins
      # extraVolumeMounts:
      # - name: crowdsec-bouncer-plugin
      #   mountPath: /etc/nginx/lua/plugins/crowdsec
      #   subPath: crowdsec
      # resources:
      #   requests:
      #     memory: 400Mi
      #     cpu: 25m
      #   limits:
      #     memory: 1Gi
    defaultBackend:
      enabled: true
      image:
        repository: ghcr.io/tarampampam/error-pages
        tag: 2.25.0
      extraEnvs:
        - name: TEMPLATE_NAME
          value: l7-light
        - name: SHOW_DETAILS
          value: "true"
      affinity:
        podAntiAffinity:
          preferredDuringSchedulingIgnoredDuringExecution:
            - weight: 100
              podAffinityTerm:
                labelSelector:
                  matchExpressions:
                    - key: app.kubernetes.io/name
                      operator: In
                      values: ["ingress-nginx"]
                    - key: app.kubernetes.io/component
                      operator: In
                      values: ["default-backend"]
                topologyKey: kubernetes.io/hostname