ingress-nginx-helm/hack/manifest-templates/provider/aws/nlb-with-tls-termination/values.yaml

# AWS NLB with TLS termination
controller:
  service:
    type: LoadBalancer
    externalTrafficPolicy: Local

    annotations:
      # This example is for legacy in-tree service load balancer controller for AWS NLB,
      # that has been phased out from Kubernetes mainline.
      service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: "true"
      service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https"
      service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-west-2:XXXXXXXX:certificate/XXXXXX-XXXXXXX-XXXXXXX-XXXXXXXX"
      service.beta.kubernetes.io/aws-load-balancer-type: nlb
      # Ensure the ELB idle timeout is less than nginx keep-alive timeout. By default,
      # NGINX keep-alive is set to 75s. If using WebSockets, the value will need to be
      # increased to '3600' to avoid any potential issues.
      service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "60"

    targetPorts:
      http: tohttps
      https: http

  # Configures the ports the nginx-controller listens on
  containerPort:
    http: 80
    https: 80
    tohttps: 2443

  config:
    proxy-real-ip-cidr: XXX.XXX.XXX/XX
    use-forwarded-headers: "true"
    http-snippet: |
      server {
        listen 2443;
        return 308 https://$host$request_uri;
      }
Static manifest generation uses kustomize instead of python (#8099) * regenerate at 4.0.12 * bash for loop and static values files * add .tool-versions * fixup static manifests with kustomize instead of python * remove spec.replicas where set * generate manifests for all supported versions * update docs * remove all versions except default (1.20) for now * update to 1.1.1/4.0.15 2022-01-17 23:28:56 +00:00			`# AWS NLB with TLS termination`
			`controller:`
			`service:`
			`type: LoadBalancer`
			`externalTrafficPolicy: Local`

			`annotations:`
			`# This example is for legacy in-tree service load balancer controller for AWS NLB,`
			`# that has been phased out from Kubernetes mainline.`
			`service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: "true"`
			`service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https"`
			`service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-west-2:XXXXXXXX:certificate/XXXXXX-XXXXXXX-XXXXXXX-XXXXXXXX"`
			`service.beta.kubernetes.io/aws-load-balancer-type: nlb`
			`# Ensure the ELB idle timeout is less than nginx keep-alive timeout. By default,`
			`# NGINX keep-alive is set to 75s. If using WebSockets, the value will need to be`
			`# increased to '3600' to avoid any potential issues.`
			`service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "60"`

			`targetPorts:`
			`http: tohttps`
			`https: http`

			`# Configures the ports the nginx-controller listens on`
			`containerPort:`
			`http: 80`
			`https: 80`
			`tohttps: 2443`

			`config:`
			`proxy-real-ip-cidr: XXX.XXX.XXX/XX`
			`use-forwarded-headers: "true"`
			`http-snippet: \|`
			`server {`
			`listen 2443;`
			`return 308 https://$host$request_uri;`
			`}`