-
Notifications
You must be signed in to change notification settings - Fork 27
/
config.yaml
93 lines (89 loc) · 3.72 KB
/
config.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
options:
ingress:
type: boolean
default: true
description: |
Deploy the default http backend and ingress controller to handle
ingress requests.
Set to false if deploying an alternate ingress controller, and note
that you may need to manually open ports 80 and 443 on the nodes:
juju run --application kubernetes-worker -- open-port 80 && open-port 443
channel:
type: string
default: "1.23/edge"
description: |
Snap channel to install Kubernetes worker services from
require-manual-upgrade:
type: boolean
default: true
description: |
When true, worker services will not be upgraded until the user triggers
it manually by running the upgrade action.
ingress-default-ssl-certificate:
type: string
default: ""
description: |
SSL certificate to be used by the default HTTPS server. If one of the
flag ingress-default-ssl-certificate or ingress-default-ssl-key is not
provided ingress will use a self-signed certificate. This parameter is
specific to nginx-ingress-controller.
ingress-default-ssl-key:
type: string
default: ""
description: |
Private key to be used by the default HTTPS server. If one of the flag
ingress-default-ssl-certificate or ingress-default-ssl-key is not
provided ingress will use a self-signed certificate. This parameter is
specific to nginx-ingress-controller.
ingress-ssl-passthrough:
type: boolean
default: false
description: |
Enable ssl passthrough on ingress server. This allows passing the ssl
connection through to the workloads and not terminating it at the ingress
controller.
ingress-ssl-chain-completion:
type: boolean
default: false
description: |
Enable chain completion for TLS certificates used by the nginx ingress
controller. Set this to true if you would like the ingress controller
to attempt auto-retrieval of intermediate certificates. The default
(false) is recommended for all production kubernetes installations, and
any environment which does not have outbound Internet access.
ingress-use-forwarded-headers:
type: boolean
default: false
description: |
If true, NGINX passes the incoming X-Forwarded-* headers to upstreams. Use this
option when NGINX is behind another L7 proxy / load balancer that is setting
these headers.
If false, NGINX ignores incoming X-Forwarded-* headers, filling them with the
request information it sees. Use this option if NGINX is exposed directly to
the internet, or it's behind a L3/packet-based load balancer that doesn't alter
the source IP in the packets.
Reference: https://github.com/kubernetes/ingress-nginx/blob/a9c706be12a8be418c49ab1f60a02f52f9b14e55/
docs/user-guide/nginx-configuration/configmap.md#use-forwarded-headers.
nginx-image:
type: string
default: "auto"
description: |
Docker image to use for the nginx ingress controller. Using "auto" will select
an image based on architecture.
Example:
quay.io/kubernetes-ingress-controller/nginx-ingress-controller-amd64:0.32.0
default-backend-image:
type: string
default: "auto"
description: |
Docker image to use for the default backend. Auto will select an image
based on architecture.
snapd_refresh:
default: "max"
type: string
description: |
How often snapd handles updates for installed snaps. Setting an empty
string will check 4x per day. Set to "max" to delay the refresh as long
as possible. You may also set a custom string as described in the
'refresh.timer' section here:
https://forum.snapcraft.io/t/system-options/87