Oracle Cloud Infrastructure Documentation

Skip to main content

OCI Native Ingress Controller

When you enable the OCI native ingress controller cluster add-on, you can pass the following key/value pairs as arguments.

Configuration Arguments Common to all Cluster Add-ons


Key (API and CLI)	Key's Display Name (Console)	Description	Required/Optional	Default Value	Example Value
`affinity`	affinity	A group of affinity scheduling rules. JSON format in plain text or Base64 encoded.	Optional	null	null
`nodeSelectors`	node selectors	You can use node selectors and node labels to control the worker nodes on which add-on pods run. For a pod to run on a node, the pod's node selector must have the same key/value as the node's label. Set `nodeSelectors` to a key/value pair that matches both the pod's node selector, and the worker node's label. JSON format in plain text or Base64 encoded.	Optional	null	`{"foo":"bar", "foo2": "bar2"}` The pod will only run on nodes that have the `foo=bar` or `foo2=bar2` label.
`numOfReplicas`	numOfReplicas	The number of replicas of the add-on deployment. (For CoreDNS, use `nodesPerReplica` instead.)	Required	`1` Creates one replica of the add-on deployment per cluster.	`2` Creates two replicas of the add-on deployment per cluster.
`rollingUpdate`	rollingUpdate	Controls the desired behavior of rolling update by maxSurge and maxUnavailable. JSON format in plain text or Base64 encoded.	Optional	null	null
`tolerations`	tolerations	You can use taints and tolerations to control the worker nodes on which add-on pods run. For a pod to run on a node that has a taint, the pod must have a corresponding toleration. Set `tolerations` to a key/value pair that matches both the pod's toleration, and the worker node's taint. JSON format in plain text or Base64 encoded.	Optional	null	`[{"key":"tolerationKeyFoo", "value":"tolerationValBar", "effect":"noSchedule", "operator":"exists"}]` Only pods that have this toleration can run on worker nodes that have the `tolerationKeyFoo=tolerationValBar:noSchedule` taint.
`topologySpreadConstraints`	topologySpreadConstraints	How to spread matching pods among the given topology. JSON format in plain text or Base64 encoded.	Optional	null	null

Configuration Arguments Specific to this Cluster Add-on


Key (API and CLI)	Key's Display Name (Console)	Description	Required/Optional	Default Value	Example Value
`authSecretName`	authSecretName	The name of the Kubernetes secret to use for user authentication when `authType` is set to `user`.	Optional	`""`	`oci-config`
`authType`	authType	The authentication type that the OCI native ingress controller uses while making requests, as one of: `instance` specifies instance principal (managed nodes only) `user` specifies user principal (managed and virtual nodes) `workloadIdentity` specifies workload identity (managed and virtual nodes)	Optional	`instance`	`workloadIdentity`
`certDeletionGracePeriodInDays`	certDeletionGracePeriodInDays	The number of days that the OCI native ingress controller waits before deleting unused OCI Certificates service resources. Applies when the OCI Native Ingress Controller obtains a certificate from the Certificates service using a Kubernetes secret. Must be an integer value. If the value is less than or equal to zero, the OCI native ingress controller does not delete unused OCI Certificates service resources.	Optional	`0`	`1`
`compartmentId`	compartmentId	The OCID of the compartment in which the OCI native ingress controller is to create the OCI load balancer (and certificate, if the `useLbCompartmentForCertificates` add-on argument is set to `false`).	Required	`""`	`ocid1.compartment.oc1..aaaaaaaa______ddq`
`controllerClass`	controllerClass	The name of the controller specified in your ingressClass that is to be managed by the oci-native-ingress-controller.	Optional	`oci.oraclecloud.com/native-ingress-controller`	`oci.oraclecloud.com/native-ingress-controller`
`emitEvents`	emitEvents	Whether to emit Kubernetes events for Ingress and IngressClass errors observed during reconciliation. If set to `true`, events are emitted.	Optional	`false`	`false`
`leaseLockName`	leaseLockName	The name of the lease to use for leader election.	Optional	`oci-native-ingress-controller`	`oci-native-ingress-controller`
`leaseLockNamespace`	leaseLockNamespace	The namespace of the lease.	Optional	`native-ingress-controller-system`	`native-ingress-controller-system`
`loadBalancerSubnetId`	loadBalancerSubnetId	The OCID of the load balancer's subnet.	Required	`""`	`ocid1.subnet.oc1.iad.aaaaaaaa______dba`
`logVerbosity`	logVerbosity	The number for the verbosity of logging.	Optional	`4`	`2`
`metricsBackend`	metricsBackend	The name of the metrics backend.	Optional	`prometheus`	`prometheus`
`metricsPort`	metricsPort	The metrics port.	Optional	`2223`	`2223`
`oci-native-ingress-controller.ContainerResources`	native-ingress-controller container resources	You can specify the resource quantities that the add-on containers request, and set resource usage limits that the add-on containers cannot exceed. JSON format in plain text or Base64 encoded.	Optional	null	`{"limits": {"cpu": "500m", "memory": "200Mi" }, "requests": {"cpu": "100m", "memory": "100Mi"}}` Create add-on containers that request 100 milllicores of CPU, and 100 mebibytes of memory. Limit add-on containers to 500 milllicores of CPU, and 200 mebibytes of memory.
`useLbCompartmentForCertificates`	useLbCompartmentForCertificates	Whether to use the compartment specified for the OCI load balancer (in the related IngressClassParameters resource) to manage OCI Certificates service resources when using a Kubernetes secret to obtain a certificate and a CA bundle. See Option 1: OCI Native Ingress Controller obtains certificate from the Certificates service using a Kubernetes secret. If set to `false`, the compartment specified by the `compartmentId` add-on argument is used.	Optional	`false`	`false`