Skip to content

Instantly share code, notes, and snippets.

@ruo91

ruo91/ocp4-nginx-ingress-controller-operator.yaml

Last active February 28, 2025 10:11
Show Gist options
  • Save ruo91/3a272284a5cb67cd982a8e44d0836c76 to your computer and use it in GitHub Desktop.
Save ruo91/3a272284a5cb67cd982a8e44d0836c76 to your computer and use it in GitHub Desktop.
Download ZIP
OpenShift 4x - Example: Nginx Ingress Controller
Raw
ocp4-nginx-ingress-controller-operator.yaml
kind: Secret
apiVersion: v1
metadata:
name: default-tls
namespace: nginx-ingress
data:
tls.crt: base64-encode
tls.key: base64-encode
type: kubernetes.io/tls
---
apiVersion: charts.nginx.org/v1alpha1
kind: NginxIngress
metadata:
name: nginxingress
spec:
# Default values copied from <project_dir>/deployments/helm-chart/values.yaml
controller:
name: controller
kind: deployment
selectorLabels: {}
annotations: {}
nginxplus: false
mgmt:
licenseTokenSecretName: license-token
nginxReloadTimeout: 60000
appprotect:
enable: false
# logLevel: fatal
appprotectdos:
enable: false
debug: false
maxWorkers: 0
maxDaemons: 0
memory: 0
hostNetwork: false
hostPort:
enable: false
http: 80
https: 443
containerPort:
http: 80
https: 443
dnsPolicy: ClusterFirst
nginxDebug: false
shareProcessNamespace: false
logLevel: info
logFormat: glog
customPorts: []
image:
repository: quay.io/nginx/nginx-ingress
tag: "4.0.1-ubi"
#digest: "sha256:5b0dce1d8c89e58bb88b2b4c2e225a1250a8aeda828bfaa6425edadb392b22f8"
pullPolicy: IfNotPresent
lifecycle: {}
customConfigMap: ""
config:
name: nginx-config
annotations: {}
entries: {}
defaultTLS:
#cert: ""
#key: ""
secret: "nginx-ingress/default-tls"
wildcardTLS:
#cert: ""
#key: ""
secret: "nginx-ingress/default-tls"
#nodeSelector: {}
terminationGracePeriodSeconds: 30
autoscaling:
enabled: false
annotations: {}
minReplicas: 1
maxReplicas: 3
targetCPUUtilizationPercentage: 50
targetMemoryUtilizationPercentage: 50
behavior: {}
resources:
requests:
cpu: 100m
memory: 128Mi
# limits:
# cpu: 1
# memory: 1Gi
initContainerResources:
requests:
cpu: 100m
memory: 128Mi
# limits:
# cpu: 1
# memory: 1Gi
tolerations:
- effect: NoSchedule
key: node-role.kubernetes.io/infra
operator: Exists
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: node-role.kubernetes.io/infra
operator: Exists
topologySpreadConstraints: []
#- maxSkew: 2
# topologyKey: node-role.kubernetes.io/infra
# whenUnsatisfiable: DoNotSchedule
# labelSelector:
# matchLabels:
# app.kubernetes.io/name: alertmanager
# #env: []
# - name: MY_VAR
# value: myvalue
volumes: []
# - name: extra-conf
# configMap:
# name: extra-conf
volumeMounts: []
# - name: extra-conf
# mountPath: /etc/nginx/conf.d/extra.conf
# subPath: extra.conf
initContainers: []
# - name: init-container
# image: busybox:1.34
# command: ['sh', '-c', 'echo this is initial setup!']
minReadySeconds: 0
podDisruptionBudget:
enabled: false
annotations: {}
# minAvailable: 1
# maxUnavailable: 1
strategy: {}
extraContainers: []
# - name: container
# image: busybox:1.34
# command: ['sh', '-c', 'echo this is a sidecar!']
replicaCount: 2
ingressClass:
name: nginx
create: true
setAsDefaultIngress: false
watchNamespace: ""
watchNamespaceLabel: ""
watchSecretNamespace: ""
enableCustomResources: true
enableOIDC: false
enableTLSPassthrough: true
tlsPassthroughPort: 443
enableCertManager: false
enableExternalDNS: false
globalConfiguration:
create: false
spec: {}
# listeners:
# - name: dns-udp
# port: 5353
# protocol: UDP
# - name: dns-tcp
# port: 5353
# protocol: TCP
enableSnippets: false
healthStatus: false
healthStatusURI: "/nginx-health"
nginxStatus:
enable: true
port: 8080
allowCidrs: "127.0.0.1"
service:
create: true
#type: LoadBalancer
type: NodePort
externalTrafficPolicy: Local
annotations: {}
extraLabels: {}
loadBalancerIP: ""
clusterIP: ""
externalIPs: []
loadBalancerSourceRanges: []
# allocateLoadBalancerNodePorts: false
# ipFamilyPolicy: SingleStack
# ipFamilies:
# - IPv6
httpPort:
enable: true
#port: 80
nodePort: 30080
targetPort: 80
httpsPort:
enable: true
#port: 443
nodePort: 30443
targetPort: 443
customPorts: []
serviceAccount:
annotations: {}
name: nginx-ingress
imagePullSecretName: ""
imagePullSecretsNames: []
reportIngressStatus:
enable: true
# externalService: nginx-ingress
ingressLink: ""
enableLeaderElection: true
leaderElectionLockName: "nginx-ingress-leader"
annotations: {}
pod:
annotations: {}
extraLabels: {}
# priorityClassName: ""
readyStatus:
enable: true
port: 8081
initialDelaySeconds: 0
enableLatencyMetrics: false
disableIPV6: false
defaultHTTPListenerPort: 80
defaultHTTPSListenerPort: 443
readOnlyRootFilesystem: false
enableSSLDynamicReload: true
rbac:
create: true
prometheus:
create: true
port: 9113
secret: ""
scheme: http
service:
create: false
labels:
service: "nginx-ingress-prometheus-service"
serviceMonitor:
create: false
labels: {}
selectorMatchLabels:
service: "nginx-ingress-prometheus-service"
endpoints:
- port: prometheus
serviceInsight:
create: false
port: 9114
secret: ""
scheme: http
nginxServiceMesh:
enable: false
enableEgress: false
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nginx-http
namespace: sample
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
ingressClassName: nginx
rules:
- host: nginx-http.apps.ocp4.local
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: nginx
port:
number: 80
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nginx-https
namespace: sample
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
ingressClassName: nginx
tls:
- hosts:
- nginx-https.apps.ocp4.local
secretName: nginx-tls
rules:
- host: nginx-https.apps.ocp4.local
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: nginx
port:
number: 80
---
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment