hetzner-ansible/roles/kubernetes/ingress_controller/defaults/main.yml

---

k8s_prometheus_helm__name: "prometheus"
k8s_ingress_helm__release_namespace: "ingress"

k8s_ingress_helm__release_values:
  controller:
    affinity:
      podAntiAffinity:
        requiredDuringSchedulingIgnoredDuringExecution:
        - labelSelector:
            matchExpressions:
            - key: app.kubernetes.io/name
              operator: In
              values:
              - ingress-nginx
          topologyKey: app.kubernetes.io/name
    replicaCount: 3
    config:
      # see https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap
      compute-full-forwarded-for: "true"
      ssl-ciphers: "EECDH+AESGCM:EDH+AESGCM"
      ssl-protocols: "TLSv1.3"
      ssl-redirect: false
      use-forwarded-headers: "true"
      use-proxy-protocol: "true"
      large-client-header-buffers: "4 16k"
      whitelist-source-range: "{{ ( ip_whitelist ) | join(',') }}"
    service:
      externalTrafficPolicy: Local
      healthCheckNodePort: &healthchecknodeport 31066
      nodePorts:
        http: &httpnodeport 30473
        https: 30474
      annotations:
        # see https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations
        load-balancer.hetzner.cloud/type: "lb11"
        load-balancer.hetzner.cloud/location: nbg1
        load-balancer.hetzner.cloud/name: "{{ stage }}-ingress"
        load-balancer.hetzner.cloud/hostname: "{{ stage }}-ingress"
        load-balancer.hetzner.cloud/disable-public-network: false
        load-balancer.hetzner.cloud/disable-private-ingress: true
        load-balancer.hetzner.cloud/use-private-ip: true
        load-balancer.hetzner.cloud/uses-proxyprotocol: true
        load-balancer.hetzner.cloud/health-check-interval: "3s"
        load-balancer.hetzner.cloud/health-check-timeout: "1s"
        load-balancer.hetzner.cloud/health-check-retries: 3
        load-balancer.hetzner.cloud/health-check-protocol: "tcp"
        load-balancer.hetzner.cloud/health-check-port: *httpnodeport
    metrics:
      enabled: true
      serviceMonitor:
        enabled: true
        namespace: "{{ k8s_ingress_helm__release_namespace }}"
        additionalLabels:
          release: "{{ k8s_prometheus_helm__name }}"
  defaultBackend:
    enabled: true

# TODO automate installation of nginx ingress grafana dashboard 9614