mirror of
https://github.com/auricom/home-cluster.git
synced 2025-09-17 18:24:14 +02:00
7a0b55315c
| datasource | package | from | to | | ---------- | ------------- | ------ | ------ | | helm | ingress-nginx | 4.12.3 | 4.13.0 |
101 lines
3.6 KiB
YAML
101 lines
3.6 KiB
YAML
---
|
|
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json
|
|
apiVersion: helm.toolkit.fluxcd.io/v2
|
|
kind: HelmRelease
|
|
metadata:
|
|
name: nginx-external
|
|
spec:
|
|
interval: 30m
|
|
chart:
|
|
spec:
|
|
chart: ingress-nginx
|
|
version: 4.13.0
|
|
sourceRef:
|
|
kind: HelmRepository
|
|
name: ingress-nginx
|
|
install:
|
|
remediation:
|
|
retries: 3
|
|
upgrade:
|
|
cleanupOnFail: true
|
|
remediation:
|
|
retries: 3
|
|
values:
|
|
fullnameOverride: nginx-external
|
|
controller:
|
|
service:
|
|
annotations:
|
|
external-dns.alpha.kubernetes.io/hostname: &hostname "external.${SECRET_EXTERNAL_DOMAIN}"
|
|
lbipam.cilium.io/ips: ${CLUSTER_LB_NGINX_EXTERNAL}
|
|
externalTrafficPolicy: Local
|
|
ingressClassResource:
|
|
name: external
|
|
default: false
|
|
controllerValue: k8s.io/external
|
|
admissionWebhooks:
|
|
objectSelector:
|
|
matchExpressions:
|
|
- key: ingress-class
|
|
operator: In
|
|
values: [external]
|
|
config:
|
|
# allow-snippet-annotations: true
|
|
annotations-risk-level: Critical
|
|
block-user-agents: AdsBot-Google,Amazonbot,anthropic-ai,Applebot-Extended,Bytespider,CCBot,ChatGPT-User,ClaudeBot,Claude-Web,cohere-ai,Diffbot,FacebookBot,FriendlyCrawler,Google-Extended,GoogleOther,GPTBot,img2dataset,omgili,omgilibot,peer39_crawler,peer39_crawler/1.0,PerplexityBot,YouBot, # taken from https://github.com/ai-robots-txt/ai.robots.txt
|
|
client-body-buffer-size: 100M
|
|
client-body-timeout: 120
|
|
client-header-timeout: 120
|
|
custom-http-errors: 400,403,404,500,501,502,503,504
|
|
enable-brotli: "true"
|
|
enable-ocsp: "true"
|
|
enable-real-ip: "true"
|
|
force-ssl-redirect: "true"
|
|
hide-headers: Server,X-Powered-By
|
|
hsts-max-age: 31449600
|
|
keep-alive-requests: 10000
|
|
keep-alive: 120
|
|
log-format-escape-json: "true"
|
|
log-format-upstream: >
|
|
{"time": "$time_iso8601", "remote_addr": "$proxy_protocol_addr", "x_forwarded_for": "$proxy_add_x_forwarded_for",
|
|
"request_id": "$req_id", "remote_user": "$remote_user", "bytes_sent": $bytes_sent, "request_time": $request_time,
|
|
"status": $status, "vhost": "$host", "request_proto": "$server_protocol", "path": "$uri", "request_query": "$args",
|
|
"request_length": $request_length, "duration": $request_time, "method": "$request_method", "http_referrer": "$http_referer",
|
|
"http_user_agent": "$http_user_agent"}
|
|
proxy-body-size: 0
|
|
proxy-buffer-size: 16k
|
|
ssl-protocols: TLSv1.3 TLSv1.2
|
|
use-forwarded-headers: "true"
|
|
metrics:
|
|
enabled: true
|
|
serviceMonitor:
|
|
enabled: true
|
|
namespaceSelector:
|
|
any: true
|
|
extraArgs:
|
|
default-ssl-certificate: |-
|
|
network/${SECRET_EXTERNAL_DOMAIN//./-}-tls
|
|
publish-status-address: *hostname
|
|
terminationGracePeriodSeconds: 120
|
|
publishService:
|
|
enabled: false
|
|
resources:
|
|
requests:
|
|
cpu: 100m
|
|
limits:
|
|
memory: 500Mi
|
|
defaultBackend:
|
|
enabled: true
|
|
image:
|
|
repository: ghcr.io/tarampampam/error-pages
|
|
tag: 3.3.2@sha256:e7133e4faf97675c00ad9150c98ec1a867ae91ece5131a7eb218b868ce5a628d
|
|
pullPolicy: IfNotPresent
|
|
extraEnvs:
|
|
- name: TEMPLATE_NAME
|
|
value: connection
|
|
- name: SHOW_DETAILS
|
|
value: "true"
|
|
- name: READ_BUFFER_SIZE
|
|
value: "8192"
|
|
- name: SEND_SAME_HTTP_CODE
|
|
value: "true"
|