Skip to content

Instantly share code, notes, and snippets.

@jaimegag

jaimegag/ingress-rbac-allinone.yml

Last active January 29, 2018 06:31
Show Gist options
  • Save jaimegag/f3c8bd383cc16a2bcbc0663339b53a4f to your computer and use it in GitHub Desktop.
Save jaimegag/f3c8bd383cc16a2bcbc0663339b53a4f to your computer and use it in GitHub Desktop.
Download ZIP
All In One NGINX Ingress Controller with RBAC and sample service
Raw
ingress-rbac-allinone.yml
---
apiVersion: v1
kind: Namespace
metadata:
name: ingress-nginx
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: nginx-ingress-serviceaccount
namespace: ingress-nginx
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: nginx-ingress-serviceaccount
subjects:
- kind: ServiceAccount
name: nginx-ingress-serviceaccount
namespace: ingress-nginx
roleRef:
kind: ClusterRole
name: cluster-admin
apiGroup: rbac.authorization.k8s.io
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: default-http-backend
labels:
k8s-app: default-http-backend
namespace: ingress-nginx
spec:
replicas: 1
template:
metadata:
labels:
k8s-app: default-http-backend
spec:
terminationGracePeriodSeconds: 60
containers:
- name: default-http-backend
image: gcr.io/google_containers/defaultbackend:1.0
livenessProbe:
httpGet:
path: /healthz
port: 8080
scheme: HTTP
initialDelaySeconds: 30
timeoutSeconds: 5
ports:
- containerPort: 8080
resources:
limits:
cpu: 10m
memory: 20Mi
requests:
cpu: 10m
memory: 20Mi
---
apiVersion: v1
kind: Service
metadata:
name: default-http-backend
labels:
k8s-app: default-http-backend
namespace: ingress-nginx
spec:
ports:
- port: 80
targetPort: 8080
selector:
k8s-app: default-http-backend
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: nginx-ingress-controller
labels:
k8s-app: nginx-ingress-controller
namespace: ingress-nginx
spec:
replicas: 3
template:
metadata:
labels:
k8s-app: nginx-ingress-controller
spec:
serviceAccountName: nginx-ingress-serviceaccount
terminationGracePeriodSeconds: 60
containers:
- image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.10
name: nginx-ingress-controller
readinessProbe:
httpGet:
path: /healthz
port: 10254
scheme: HTTP
livenessProbe:
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 10
timeoutSeconds: 1
ports:
- containerPort: 80
hostPort: 80
- containerPort: 443
hostPort: 443
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
args:
- /nginx-ingress-controller
- --default-backend-service=$(POD_NAMESPACE)/default-http-backend
- --default-ssl-certificate=$(POD_NAMESPACE)/tls-kubernetes
---
apiVersion: v1
kind: Service
metadata:
labels:
name: nginx-ingress-controller
name: nginx-ingress-controller
namespace: ingress-nginx
spec:
ports:
- port: 80
targetPort: 80
selector:
k8s-app: nginx-ingress-controller
type: NodePort
---
apiVersion: v1
kind: Service
metadata:
labels:
name: simple-http-server
name: simple-http-server
namespace: ingress-nginx
spec:
ports:
- port: 82
targetPort: 8080
selector:
app: simple-http-server
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: simple-http-server
namespace: ingress-nginx
spec:
replicas: 3
template:
metadata:
labels:
app: simple-http-server
spec:
containers:
- name: simple-http-server
image: trinitronx/python-simplehttpserver
ports:
- containerPort: 8080
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress
annotations:
kubernetes.io/ingress.class: nginx
ingress.kubernetes.io/rewrite-target: /
ingress.kubernetes.io/ssl-redirect: "false"
namespace: ingress-nginx
spec:
tls:
- secretName: tls-kubernetes
rules:
- http:
paths:
- path: /simple-http-server
backend:
serviceName: simple-http-server
servicePort: 82
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment