73 lines
2.0 KiB
YAML
73 lines
2.0 KiB
YAML
---
|
|
apiVersion: source.toolkit.fluxcd.io/v1
|
|
kind: HelmRepository
|
|
metadata:
|
|
name: ingress-nginx
|
|
namespace: ingress-nginx
|
|
spec:
|
|
interval: 5m0s
|
|
url: https://kubernetes.github.io/ingress-nginx
|
|
|
|
---
|
|
apiVersion: helm.toolkit.fluxcd.io/v2
|
|
kind: HelmRelease
|
|
metadata:
|
|
name: ingress-nginx
|
|
namespace: ingress-nginx
|
|
spec:
|
|
interval: 5m
|
|
chart:
|
|
spec:
|
|
chart: ingress-nginx
|
|
version: ">=v4.12.0 <4.13.0"
|
|
sourceRef:
|
|
kind: HelmRepository
|
|
name: ingress-nginx
|
|
namespace: ingress-nginx
|
|
interval: 1m
|
|
values:
|
|
controller:
|
|
hostNetwork: true
|
|
hostPort:
|
|
enabled: true
|
|
kind: DaemonSet
|
|
service:
|
|
enabled: true
|
|
admissionWebhooks:
|
|
enabled: false
|
|
metrics:
|
|
enabled: true
|
|
serviceMonitor:
|
|
enabled: true
|
|
additionalLabels: {}
|
|
podAnnotations:
|
|
prometheus.io/scrape: "true"
|
|
prometheus.io/port: "10254"
|
|
ingressClassResource:
|
|
name: nginx
|
|
enabled: true
|
|
default: true
|
|
controllerValue: "k8s.io/ingress-nginx"
|
|
ingressClass: nginx
|
|
config:
|
|
use-forwarded-headers: "true"
|
|
compute-full-forwarded-for: "true"
|
|
use-proxy-protocol: "false"
|
|
ssl-redirect: "false"
|
|
force-ssl-redirect: "false"
|
|
# Cloudflare Real IP Configuration
|
|
# Trust CF-Connecting-IP header from Cloudflare IP ranges
|
|
proxy-real-ip-cidr: "103.21.244.0/22,103.22.200.0/22,103.31.4.0/22,104.16.0.0/12,108.162.192.0/18,131.0.72.0/22,141.101.64.0/18,162.158.0.0/15,172.64.0.0/13,173.245.48.0/20,188.114.96.0/20,190.93.240.0/20,197.234.240.0/22,198.41.128.0/17,199.27.128.0/21,2400:cb00::/32,2606:4700::/32,2803:f800::/32,2405:b500::/32,2405:8100::/32,2c0f:f248::/32,2a06:98c0::/29"
|
|
real-ip-header: "CF-Connecting-IP"
|
|
---
|
|
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
labels:
|
|
app: ingress-nginx
|
|
name: nginx-ingress-configuration
|
|
namespace: ingress-nginx
|
|
data:
|
|
ssl-redirect: "false"
|
|
hsts: "true"
|
|
server-tokens: "false" |