From 002e88967e28d7f03567aae9399118270986219d Mon Sep 17 00:00:00 2001 From: Todd Punderson Date: Thu, 6 Jun 2024 10:46:41 -0400 Subject: [PATCH] feat(nginx): Update config --- .../network/ingress-nginx/external/helmrelease.yaml | 11 +++++------ .../network/ingress-nginx/internal/helmrelease.yaml | 11 +++++------ 2 files changed, 10 insertions(+), 12 deletions(-) diff --git a/kubernetes/main/apps/network/ingress-nginx/external/helmrelease.yaml b/kubernetes/main/apps/network/ingress-nginx/external/helmrelease.yaml index bf3099276..97503da83 100644 --- a/kubernetes/main/apps/network/ingress-nginx/external/helmrelease.yaml +++ b/kubernetes/main/apps/network/ingress-nginx/external/helmrelease.yaml @@ -19,7 +19,7 @@ spec: fullnameOverride: nginx-external controller: - replicaCount: 3 + replicaCount: 2 updateStrategy: type: RollingUpdate @@ -33,7 +33,6 @@ spec: annotations: external-dns.alpha.kubernetes.io/hostname: "ingress-ext.greyrock.casa" io.cilium/lb-ipam-ips: "10.1.1.132" - externalTrafficPolicy: Cluster publishService: enabled: true @@ -53,15 +52,15 @@ spec: config: block-user-agents: "GPTBot,~*GPTBot*,ChatGPT-User,~*ChatGPT-User*,Google-Extended,~*Google-Extended*,CCBot,~*CCBot*,Omgilibot,~*Omgilibot*,FacebookBot,~*FacebookBot*" # taken from https://github.com/superseriousbusiness/gotosocial/blob/main/internal/web/robots.go - client-header-timeout: 120 - client-body-buffer-size: "100M" + client-body-buffer-size: 100M client-body-timeout: 120 + client-header-timeout: 120 enable-brotli: "true" enable-ocsp: "true" enable-real-ip: "true" force-ssl-redirect: "true" hide-headers: Server,X-Powered-By - hsts-max-age: "31449600" + hsts-max-age: 31449600 keep-alive: 120 keep-alive-requests: 10000 log-format-escape-json: "true" @@ -90,7 +89,7 @@ spec: default-ssl-certificate: "network/greyrock-casa-tls" topologySpreadConstraints: - - maxSkew: 2 + - maxSkew: 1 topologyKey: kubernetes.io/hostname whenUnsatisfiable: DoNotSchedule labelSelector: diff --git a/kubernetes/main/apps/network/ingress-nginx/internal/helmrelease.yaml b/kubernetes/main/apps/network/ingress-nginx/internal/helmrelease.yaml index be38897b6..c0889155e 100644 --- a/kubernetes/main/apps/network/ingress-nginx/internal/helmrelease.yaml +++ b/kubernetes/main/apps/network/ingress-nginx/internal/helmrelease.yaml @@ -19,7 +19,7 @@ spec: fullnameOverride: nginx-internal controller: - replicaCount: 3 + replicaCount: 2 updateStrategy: type: RollingUpdate @@ -33,7 +33,6 @@ spec: annotations: external-dns.alpha.kubernetes.io/hostname: "ingress-int.greyrock.casa" io.cilium/lb-ipam-ips: "10.1.1.131" - externalTrafficPolicy: Cluster publishService: enabled: true @@ -53,15 +52,15 @@ spec: config: block-user-agents: "GPTBot,~*GPTBot*,ChatGPT-User,~*ChatGPT-User*,Google-Extended,~*Google-Extended*,CCBot,~*CCBot*,Omgilibot,~*Omgilibot*,FacebookBot,~*FacebookBot*" # taken from https://github.com/superseriousbusiness/gotosocial/blob/main/internal/web/robots.go - client-header-timeout: 120 - client-body-buffer-size: "100M" + client-body-buffer-size: 100M client-body-timeout: 120 + client-header-timeout: 120 enable-brotli: "true" enable-ocsp: "true" enable-real-ip: "true" force-ssl-redirect: "true" hide-headers: Server,X-Powered-By - hsts-max-age: "31449600" + hsts-max-age: 31449600 keep-alive: 120 keep-alive-requests: 10000 log-format-escape-json: "true" @@ -90,7 +89,7 @@ spec: default-ssl-certificate: "network/greyrock-casa-tls" topologySpreadConstraints: - - maxSkew: 2 + - maxSkew: 1 topologyKey: kubernetes.io/hostname whenUnsatisfiable: DoNotSchedule labelSelector: