Management ConfigMap resource
When using F5 NGINX Ingress Controller with NGINX Plus, it is required to pass a command line argument to NGINX Ingress Controller, --mgmt-configmap=<namespace/name> which specifies the ConfigMap to use. The minimal required ConfigMap must have a license-token-secret-name key. Helm users will not need to create this map or pass the argument, it will be created with a Helm install.
-
Create a ConfigMap file with the name nginx-config-mgmt.yaml and set the values that make sense for your setup:
apiVersion: v1 kind: ConfigMap metadata: name: nginx-config-mgmt namespace: nginx-ingress data: license-token-secret-name: "license-token" -
Create a new (or update the existing) ConfigMap resource:
kubectl apply -f nginx-config-mgmt.yamlThe NGINX Management block configuration will be updated.
Management ConfigMap keys
| ConfigMap Key | Description | Default |
|---|---|---|
| license-token-secret-name | Configures the secret used in the license_token directive. This key assumes the secret is in the Namespace that NGINX Ingress Controller is deployed in. The secret must be of type nginx.com/license with the base64 encoded JWT in the license.jwt key. |
N/A |
| ssl-verify | Configures the ssl_verify directive, which enables or disables verification of the usage reporting endpoint certificate. | true |
| enforce-initial-report | Configures the enforce_initial_report directive, which enables or disables the 180-day grace period for sending the initial usage report. | false |
| usage-report-endpoint | Configures the endpoint of the usage_report directive. This is used to configure the endpoint NGINX uses to send usage reports to NIM. | product.connect.nginx.com |
| usage-report-interval | Configures the interval of the usage_report directive. This specifies the frequency that usage reports are sent. This field takes an NGINX time. | 1h |
| ssl-trusted-certificate-secret-name | Configures the secret used to create the file(s) referenced the in ssl_trusted_certifcate, and ssl_crl directives. This key assumes the secret is in the Namespace that NGINX Ingress Controller is deployed in. The secret must be of type nginx.org/ca, where the ca.crt key contains a base64 encoded trusted cert, and the optional ca.crl key can contain a base64 encoded CRL. If the optional ca.crl key is supplied, it will configure the NGINX ssl_crl directive. |
N/A |
| ssl-certificate-secret-name | Configures the secret used to create the ssl_certificate and ssl_certificate_key directives. This key assumes the secret is in the Namespace that NGINX Ingress Controller is deployed in. The secret must be of type kubernetes.io/tls |
N/A |
| resolver-addresses | Configures addresses used in the mgmt block resolver directive. This field takes a comma separated list of addresses. | N/A |
| resolver-ipv6 | Configures whether the mgmt block resolver directive will look up IPv6 addresses. | true |
| resolver-valid | Configures an NGINX time that the mgmt block resolver directive will override the TTL value of responses from nameservers with. | N/A |
Last modified December 6, 2024