Skip to content

Latest commit

 

History

History
258 lines (140 loc) · 9.54 KB

command-line-arguments.md

File metadata and controls

258 lines (140 loc) · 9.54 KB
Raw
title description weight doctypes toc
Command-line Arguments
1700
true

The Ingress Controller supports several command-line arguments. Setting the arguments depends on how you install the Ingress Controller:

  • If you're using Kubernetes manifests (Deployment or DaemonSet) to install the Ingress Controller, to set the command-line arguments, modify those manifests accordingly. See the Installation with Manifests doc.
  • If you're using Helm to install the Ingress Controller, modify the parameters of the Helm chart that correspond to the command-line arguments. See the Installation with Helm doc.

Below we describe the available command-line arguments:

-enable-snippets

		Enable custom NGINX configuration snippets in VirtualServer, VirtualServerRoute and TransportServer resources. (default false)

-default-server-tls-secret <string>

		Secret with a TLS certificate and key for TLS termination of the default server.

		- If not set, certificate and key in the file "/etc/nginx/secrets/default" are used.
		- If "/etc/nginx/secrets/default" doesn't exist, the Ingress Controller will configure NGINX to reject TLS connections to the default server.
		- If a secret is set, but the Ingress controller is not able to fetch it from Kubernetes API, or it is not set and the Ingress Controller fails to read the file "/etc/nginx/secrets/default", the Ingress controller will fail to start.

		Format: ``<namespace>/<name>``

-wildcard-tls-secret <string>

		A Secret with a TLS certificate and key for TLS termination of every Ingress host for which TLS termination is enabled but the Secret is not specified.

		- If the argument is not set, for such Ingress hosts NGINX will break any attempt to establish a TLS connection.

		- If the argument is set, but the Ingress controller is not able to fetch the Secret from Kubernetes API, the Ingress controller will fail to start.

		Format: ``<namespace>/<name>``

-enable-custom-resources

		Enables custom resources. (default true)

-enable-preview-policies

		Enables preview policies. (default false)

-enable-leader-election

		Enables Leader election to avoid multiple replicas of the controller reporting the status of Ingress, VirtualServer and VirtualServerRoute resources -- only one replica will report status. (default true)

		See -report-ingress-status flag.

-enable-tls-passthrough

		Enable TLS Passthrough on port 443.

		Requires -enable-custom-resources.

-external-service <string>

		Specifies the name of the service with the type LoadBalancer through which the Ingress controller pods are exposed externally. The external address of the service is used when reporting the status of Ingress, VirtualServer and VirtualServerRoute resources.

		For Ingress resources only: Requires -report-ingress-status.

-ingresslink <string>

		Specifies the name of the IngressLink resource, which exposes the Ingress Controller pods via a BIG-IP system. The IP of the BIG-IP system is used when reporting the status of Ingress, VirtualServer and VirtualServerRoute resources.

		For Ingress resources only: Requires -report-ingress-status.

-global-configuration <string>

		A GlobalConfiguration resource for global configuration of the Ingress Controller.

		Format: ``<namespace>/<name>``

		Requires -enable-custom-resources.

-health-status

		Adds a location "/nginx-health" to the default server. The location responds with the 200 status code for any request.
		Useful for external health-checking of the Ingress controller.

-health-status-uri <string>

		Sets the URI of health status location in the default server. Requires -health-status. (default "/nginx-health")

-ingress-class <string>

		A class of the Ingress controller.

		For Kubernetes >= 1.18, a corresponding IngressClass resource with the name equal to the class must be deployed. Otherwise, the Ingress Controller will fail to start.
		The Ingress controller only processes resources that belong to its class - i.e. have the "ingressClassName" field resource equal to the class.

		For Kubernetes < 1.18, the Ingress Controller only processes resources that belong to its class - i.e have the annotation "kubernetes.io/ingress.class" (for Ingress resources) or field "ingressClassName" equal to the class.
		Additionally, the Ingress Controller processes resources that do not have the class set, which can be disabled by setting the "-use-ingress-class-only" flag.

		The Ingress Controller processes all the resources that do not have the "ingressClassName" field.

		(default "nginx")

-ingress-template-path <string>

		Path to the ingress NGINX configuration template for an ingress resource. Default for NGINX is "nginx.ingress.tmpl"; default for NGINX Plus is "nginx-plus.ingress.tmpl".

-leader-election-lock-name <string>

		Specifies the name of the ConfigMap, within the same namespace as the controller, used as the lock for leader election. Requires -enable-leader-election.

-log_backtrace_at <value>

		When logging hits line ``file:N``, emit a stack trace

-main-template-path <string>

		Path to the main NGINX configuration template.

		- Default for NGINX is "nginx.ingress.tmpl"
		- Default for NGINX Plus is "nginx-plus.ingress.tmpl".

-nginx-configmaps <string>

		A ConfigMap resource for customizing NGINX configuration. If a ConfigMap is set, but the Ingress controller is not able to fetch it from Kubernetes API, the Ingress controller will fail to start.

		Format: ``<namespace>/<name>``

-nginx-debug

		Enable debugging for NGINX. Uses the nginx-debug binary. Requires 'error-log-level: debug' in the ConfigMap.

-nginx-plus

		Enable support for NGINX Plus

-nginx-reload-timeout <value>

    Timeout in milliseconds which the Ingress Controller will wait for a successful NGINX reload after a change or at the initial start. (default is 4000. Default is 20000 instead if `enable-app-protect` is true)

-nginx-status

		Enable the NGINX stub_status, or the NGINX Plus API. (default true)

-nginx-status-allow-cidrs <string>

		Add IPv4 IP/CIDR blocks to the allow list for NGINX stub_status or the NGINX Plus API.
		Separate multiple IP/CIDR by commas. (default "127.0.0.1")

-nginx-status-port [int]

		Set the port where the NGINX stub_status or the NGINX Plus API is exposed.

		Format: ``[1024 - 65535]`` (default 8080)

-proxy <string>

		Use a proxy server to connect to Kubernetes API started by "kubectl proxy" command. **For testing purposes only**.
		The Ingress controller does not start NGINX and does not write any generated NGINX configuration files to disk.

-report-ingress-status

		Updates the address field in the status of Ingress resources.
		Requires the -external-service or -ingresslink flag, or the ``external-status-address`` key in the ConfigMap.

-transportserver-template-path <string>

		Path to the TransportServer NGINX configuration template for a TransportServer resource.

		- Default for NGINX is "nginx.transportserver.tmpl"
		- Default for NGINX Plus is "nginx-plus.transportserver.tmpl".

-use-ingress-class-only

		For kubernetes versions >= 1.18 this flag will be IGNORED.

		Ignore Ingress resources without the "kubernetes.io/ingress.class" annotation.

-v <value>

		Log level for V logs

-version

		Print the version, git-commit hash and build date and exit

-virtualserver-template-path <string>

		Path to the VirtualServer NGINX configuration template for a VirtualServer resource.

		- Default for NGINX is "nginx.ingress.tmpl"
		- Default for NGINX Plus is "nginx-plus.ingress.tmpl".

-vmodule <value>

		A comma-separated list of pattern=N settings for file-filtered logging.

-watch-namespace <string>

		Namespace to watch for Ingress resources. By default the Ingress controller watches all namespaces.

-enable-prometheus-metrics

		Enables exposing NGINX or NGINX Plus metrics in the Prometheus format.

-prometheus-metrics-listen-port <int>

		Sets the port where the Prometheus metrics are exposed.

		Format: ``[1024 - 65535]`` (default 9113)

-prometheus-tls-secret <string>

		A Secret with a TLS certificate and key for TLS termination of the Prometheus metrics endpoint.

		- If the argument is not set, the prometheus endpoint will not use a TLS connection.

		- If the argument is set, but the Ingress controller is not able to fetch the Secret from Kubernetes API, the Ingress controller will fail to start.

		Format: ``<namespace>/<name>``

-spire-agent-address <string>

		Specifies the address of a running Spire agent. **For use with NGINX Service Mesh only**.
    Requires -nginx-plus.

		- If the argument is set, but the Ingress Controller is unable to connect to the Spire Agent, the Ingress Controller will fail to start.

-enable-internal-routes

		Enable support for internal routes with NGINX Service Mesh. **For use with NGINX Service Mesh only**.
    Requires -nginx-plus and -spire-agent-address.

    - If the argument is set, but `nginx-plus` is set to false, or the `spire-agent-address` is not provided, the Ingress Controller will fail to start.

-enable-latency-metrics

		Enable collection of latency metrics for upstreams.
    Requires -enable-prometheus-metrics.

-enable-app-protect

	  Enables support for App Protect.

   	Requires -nginx-plus

	 	- If the argument is set, but `nginx-plus` is set to false, the Ingress Controller will fail to start.

-ready-status

		Enables the readiness endpoint "/nginx-ready". The endpoint returns a success code when NGINX has loaded all the config after the startup. (default true)

-ready-status-port

		The HTTP port for the readiness endpoint.

		Format: ``[1024 - 65535]`` (default 8081)