Skip to content

Instantly share code, notes, and snippets.

@BasLijten
Created September 14, 2023 21:18
Show Gist options
  • Save BasLijten/5edb4ec8b8aa806289431d954ea0b991 to your computer and use it in GitHub Desktop.
Save BasLijten/5edb4ec8b8aa806289431d954ea0b991 to your computer and use it in GitHub Desktop.
yarp-controller.yaml for kind
kind: Namespace
apiVersion: v1
metadata:
name: yarp
---
apiVersion: v1
kind: ConfigMap
metadata:
name: yarp-config
namespace: yarp
data:
yarp.json: |
{
"Yarp": {
"ControllerClass": "microsoft.com/ingress-yarp",
"ServerCertificates": false,
"DefaultSslCertificate": "yarp/yarp-ingress-tls",
"ControllerServiceName": "ingress-yarp-controller",
"ControllerServiceNamespace": "yarp"
}
}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: yarp-serviceaccount
namespace: yarp
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: yarp-ingress-clusterrole
namespace: yarp
rules:
- apiGroups:
- ""
resources:
- endpoints
- nodes
- pods
- secrets
- namespaces
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- apiGroups:
- ""
resources:
- services
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- services/status
verbs:
- get
- apiGroups:
- networking.k8s.io
- extensions
- networking.internal.knative.dev
resources:
- ingresses
- ingressclasses
verbs:
- get
- list
- watch
- apiGroups:
- networking.k8s.io
resources:
- events
verbs:
- create
- patch
- apiGroups:
- networking.k8s.io
- extensions
- networking.internal.knative.dev
resources:
- ingresses/status
verbs:
- get
- update
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: yarp-ingress-clusterrole-nisa-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: yarp-ingress-clusterrole
subjects:
- kind: ServiceAccount
name: yarp-serviceaccount
namespace: yarp
---
apiVersion: networking.k8s.io/v1
kind: IngressClass
metadata:
name: yarp
annotations:
#ingressclass.kubernetes.io/is-default-class: "true"
spec:
controller: microsoft.com/ingress-yarp
---
apiVersion: v1
kind: Service
metadata:
name: ingress-yarp-controller
namespace: yarp
spec:
ports:
- name: proxy
port: 80
protocol: TCP
targetPort: 8000
- name: proxy-ssl
port: 443
protocol: TCP
targetPort: 8443
selector:
app: ingress-yarp-controller
type: NodePort
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: ingress-yarp-controller
name: ingress-yarp
namespace: yarp
spec:
replicas: 1
selector:
matchLabels:
app: ingress-yarp-controller
template:
metadata:
labels:
app: ingress-yarp-controller
spec:
containers:
- name: yarp-controller
imagePullPolicy: IfNotPresent
image: xxx.azurecr.io/yarp-combined:latest
ports:
- containerPort: 8000
hostPort: 80
name: proxy
protocol: TCP
- containerPort: 8443
hostPort: 443
name: proxy-ssl
protocol: TCP
env:
- name: ASPNETCORE_URLS
value: http://*:8000;https://*:8443
volumeMounts:
- name: config
readOnly: true
mountPath: /app/config
volumes:
- name: config
configMap:
name: yarp-config
serviceAccountName: yarp-serviceaccount
imagePullSecrets:
- name: acr-secret-token
nodeSelector:
ingress-ready: "true"
tolerations:
- effect: NoSchedule
key: node-role.kubernetes.io/master
operator: Equal
- effect: NoSchedule
key: node-role.kubernetes.io/control-plane
operator: Equal
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment