config-nginx-ingress.j2

apiVersion: helm.cattle.io/v1
kind: HelmChartConfig
metadata:
  name: rke2-ingress-nginx
  namespace: kube-system
spec:
  valuesContent: |-
    defaultBackend:
      enabled: {{ item.value.defaultBackend | bool | string | lower }}
      image:
        repository: k8s.gcr.io/defaultbackend-amd64
        tag: "1.5"
    podSecurityPolicy:
      enabled: true
    controller:
      hostNetwork: {{ item.value.hostNetwork | bool | string | lower }}
      reportNodeInternalIp: {{ item.value.reportNodeInternalIp | bool | string | lower }}
      tolerations:
      - key: node-role.kubernetes.io/master
        value: "true"
        effect: NoSchedule
      - key: node-role.kubernetes.io/control-plane
        value: "true"
        effect: NoSchedule
      - key: CriticalAddonsOnly
        value: "true"
        effect: NoExecute
      config:
        use-forwarded-headers: "true"
        enable-underscores-in-headers: "true"
        allow-snippet-annotations: "true"
{% if item.value.useProxy is defined and item.value.useProxy == true and (item.value.loadBalancerIP is defined and item.value.loadBalancerIP | length > 0) %}
        # see: https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#use-proxy-protocol
        use-proxy-protocol: "true"
        proxy-add-original-uri-header: "true"
        compute-full-forwarded-for: "true"
{% endif %}
      ingressClassResource:
        enabled: true
        default: true
      publishService:
        enabled: true
      hostPort:
        enabled: false
      service:
        enabled: true
        externalTrafficPolicy: {{ item.value.externalTrafficPolicy }}
        admissionWebhooks:
          enabled: {{ item.value.enableAdmissionWebhooks | bool | string | lower }}
{% if item.value.loadBalancerIP is defined and item.value.loadBalancerIP | length > 0 %}
        type: LoadBalancer
        loadBalancerIP: {{ item.value.loadBalancerIP }}
{%  if item.value.loadBalancerSourceRanges is defined and item.value.loadBalancerSourceRanges | length > 0 %}
        loadBalancerSourceRanges:
{%    for sourceRange in item.value.loadBalancerSourceRanges %}
          - {{ sourceRange }}
{%    endfor %}
{%  endif %}
{%  if item.value.LoadBalancerID_OpenStack is defined and item.value.LoadBalancerID_OpenStack | length > 0 %}
        annotations:
          loadbalancer.openstack.org/load-balancer-id: {{ item.value.LoadBalancerID_OpenStack }}
{%    if item.value.useProxy is defined and item.value.useProxy == true %}
          loadbalancer.openstack.org/proxy-protocol: "true"
{%    endif %}
{%    if item.value.useHealthMonitor is defined and item.value.useHealthMonitor == true %}
          loadbalancer.openstack.org/enable-health-monitor: "true"
          # these settings are not implemented by ccm:
          #loadbalancer.openstack.org/health-monitor-delay: "10"
          #loadbalancer.openstack.org/health-monitor-timeout: "30"
          #loadbalancer.openstack.org/health-monitor-max-retries: "5"
{%    endif %}
{%    if item.value.maxTimeOut is defined %}
          loadbalancer.openstack.org/timeout-client-data: {{ item.value.maxTimeOut | string | tojson }}
          loadbalancer.openstack.org/timeout-member-data: {{ item.value.maxTimeOut | string | tojson }}
{%    endif %}
{%  elif item.value.metallbAddressPool is defined and item.value.metallbAddressPool | length > 0 %}
        annotations:
          metallb.universe.tf/address-pool: {{ item.value.metallbAddressPool }}
{%  endif %}
{% elif item.value.NodePorts is defined and item.value.NodePorts | length > 0%}
        type: NodePort
        nodePorts:
          http: {{ item.value.NodePorts.http }}
          https: {{ item.value.NodePorts.https }}
          tcp:
            8080: {{ item.value.NodePorts.tcp }}
{% else %}
        type: ClusterIP
{%  if item.value.externalIPs is defined and item.value.externalIPs | length > 0 %}
        externalIPs:
{%    for externalIP in item.value.externalIPs %}
          - {{ externalIP }}
{%    endfor %}
{%  endif %}
      hostPort:
        enabled: false
{% endif %}