Ingress nginx helm values yaml for EKS with NLB & ACM annotations

ingress-nginx-eks-nlb.values.yaml

controller:
  name: controller
  image:
    registry: registry.k8s.io
    image: ingress-nginx/controller

  containerPort:
    http: 80
    https: 443
    special: 8000
  config:
    server-tokens: "False"
    proxy-protocol: "True"
    real-ip-header: "proxy_protocol"
    X-Frame-Options: "DENY"
    Set-Cookie: "HttpOnly"
    X-XSS-Protection: "1"
    X-Content-Type-Options: "nosniff"
    proxy-buffer-size: "16k"
    underscores_in_headers: "on"
    ssl-redirect: "false" # we use `special` port to control ssl redirection
    server-snippet: |
      listen 8000;
      if ( $server_port = 80 ) {
         return 308 https://$host$request_uri;
      }
 
  ingressClass: nginx
  kind: Deployment
  replicaCount: 2

  affinity:
    podAntiAffinity:
      preferredDuringSchedulingIgnoredDuringExecution:
      - weight: 100
        podAffinityTerm:
          labelSelector:
            matchExpressions:
            - key: app
              operator: In
              values:
              - nginx-ingress
          topologyKey: kubernetes.io/hostname

  autoscaling:
    enabled: false
    minReplicas: 2
    maxReplicas: 4
    targetCPUUtilizationPercentage: 85
    targetMemoryUtilizationPercentage: 95

  service:
    enabled: true
    externalTrafficPolicy: "Local"
    targetPorts:
      http: http
      https: special
    annotations: 
      service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp
      service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: "true"
      service.beta.kubernetes.io/aws-load-balancer-type: nlb
      service.beta.kubernetes.io/aws-load-balancer-scheme: "internet-facing"
      service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:{region}:{accid}:certificate/{certid}