Created
July 21, 2020 15:01
-
-
Save movii/7a1b14e4a4dbe4f6059e40e9a33e17c5 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: v1 | |
| kind: Namespace | |
| metadata: | |
| name: ingress-nginx | |
| labels: | |
| app.kubernetes.io/name: ingress-nginx | |
| app.kubernetes.io/instance: ingress-nginx | |
| --- | |
| # Source: ingress-nginx/templates/controller-serviceaccount.yaml | |
| apiVersion: v1 | |
| kind: ServiceAccount | |
| metadata: | |
| labels: | |
| helm.sh/chart: ingress-nginx-2.1.0 | |
| app.kubernetes.io/name: ingress-nginx | |
| app.kubernetes.io/instance: ingress-nginx | |
| app.kubernetes.io/version: 0.32.0 | |
| app.kubernetes.io/managed-by: Helm | |
| app.kubernetes.io/component: controller | |
| name: ingress-nginx | |
| namespace: ingress-nginx | |
| --- | |
| # Source: ingress-nginx/templates/controller-configmap.yaml | |
| apiVersion: v1 | |
| kind: ConfigMap | |
| metadata: | |
| labels: | |
| helm.sh/chart: ingress-nginx-2.1.0 | |
| app.kubernetes.io/name: ingress-nginx | |
| app.kubernetes.io/instance: ingress-nginx | |
| app.kubernetes.io/version: 0.32.0 | |
| app.kubernetes.io/managed-by: Helm | |
| app.kubernetes.io/component: controller | |
| name: ingress-nginx-controller | |
| namespace: ingress-nginx | |
| data: | |
| allow-backend-server-header: "true" | |
| client-body-buffer-size: 1024k | |
| enable-underscores-in-headers: "true" | |
| generate-request-id: "true" | |
| ignore-invalid-headers: "true" | |
| large-client-header-buffers: 4 128k | |
| log-format-upstream: $remote_addr - [$remote_addr] - $remote_user [$time_local] | |
| "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $request_length | |
| "$http_x_forwarded_for" $remote_addr $request_time [$proxy_upstream_name] $upstream_addr | |
| $upstream_response_length $upstream_response_time $upstream_status $req_id $host | |
| max-worker-connections: "65536" | |
| proxy-body-size: 8192m | |
| proxy-buffer-size: 64k | |
| proxy-connect-timeout: "300" | |
| proxy-next-upstream-timeout: "10" | |
| proxy-read-timeout: "300" | |
| proxy-send-timeout: "300" | |
| reuse-port: "true" | |
| server-tokens: "false" | |
| ssl-redirect: "false" | |
| upstream-keepalive-connections: "10000" | |
| upstream-keepalive-requests: "1000" | |
| upstream-keepalive-timeout: "300" | |
| worker-cpu-affinity: auto | |
| --- | |
| apiVersion: v1 | |
| kind: ConfigMap | |
| metadata: | |
| labels: | |
| helm.sh/chart: ingress-nginx-2.1.0 | |
| app.kubernetes.io/name: ingress-nginx | |
| app.kubernetes.io/instance: ingress-nginx | |
| app.kubernetes.io/version: 0.32.0 | |
| app.kubernetes.io/managed-by: Helm | |
| app.kubernetes.io/component: controller | |
| name: tcp-services | |
| namespace: ingress-nginx | |
| data: | |
| --- | |
| apiVersion: v1 | |
| kind: ConfigMap | |
| metadata: | |
| labels: | |
| helm.sh/chart: ingress-nginx-2.1.0 | |
| app.kubernetes.io/name: ingress-nginx | |
| app.kubernetes.io/instance: ingress-nginx | |
| app.kubernetes.io/version: 0.32.0 | |
| app.kubernetes.io/managed-by: Helm | |
| app.kubernetes.io/component: controller | |
| name: udp-services | |
| namespace: ingress-nginx | |
| data: | |
| --- | |
| # Source: ingress-nginx/templates/clusterrole.yaml | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| kind: ClusterRole | |
| metadata: | |
| labels: | |
| helm.sh/chart: ingress-nginx-2.1.0 | |
| app.kubernetes.io/name: ingress-nginx | |
| app.kubernetes.io/instance: ingress-nginx | |
| app.kubernetes.io/version: 0.32.0 | |
| app.kubernetes.io/managed-by: Helm | |
| name: ingress-nginx | |
| namespace: ingress-nginx | |
| rules: | |
| - apiGroups: | |
| - '' | |
| resources: | |
| - configmaps | |
| - endpoints | |
| - nodes | |
| - pods | |
| - secrets | |
| verbs: | |
| - list | |
| - watch | |
| - apiGroups: | |
| - '' | |
| resources: | |
| - nodes | |
| verbs: | |
| - get | |
| - apiGroups: | |
| - '' | |
| resources: | |
| - services | |
| verbs: | |
| - get | |
| - list | |
| - update | |
| - watch | |
| - apiGroups: | |
| - extensions | |
| - networking.k8s.io # k8s 1.14+ | |
| resources: | |
| - ingresses | |
| verbs: | |
| - get | |
| - list | |
| - watch | |
| - apiGroups: | |
| - '' | |
| resources: | |
| - events | |
| verbs: | |
| - create | |
| - patch | |
| - apiGroups: | |
| - extensions | |
| - networking.k8s.io # k8s 1.14+ | |
| resources: | |
| - ingresses/status | |
| verbs: | |
| - update | |
| - apiGroups: | |
| - networking.k8s.io # k8s 1.14+ | |
| resources: | |
| - ingressclasses | |
| verbs: | |
| - get | |
| - list | |
| - watch | |
| --- | |
| # Source: ingress-nginx/templates/clusterrolebinding.yaml | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| kind: ClusterRoleBinding | |
| metadata: | |
| labels: | |
| helm.sh/chart: ingress-nginx-2.1.0 | |
| app.kubernetes.io/name: ingress-nginx | |
| app.kubernetes.io/instance: ingress-nginx | |
| app.kubernetes.io/version: 0.32.0 | |
| app.kubernetes.io/managed-by: Helm | |
| name: ingress-nginx | |
| namespace: ingress-nginx | |
| roleRef: | |
| apiGroup: rbac.authorization.k8s.io | |
| kind: ClusterRole | |
| name: ingress-nginx | |
| subjects: | |
| - kind: ServiceAccount | |
| name: ingress-nginx | |
| namespace: ingress-nginx | |
| --- | |
| # Source: ingress-nginx/templates/controller-role.yaml | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| kind: Role | |
| metadata: | |
| labels: | |
| helm.sh/chart: ingress-nginx-2.1.0 | |
| app.kubernetes.io/name: ingress-nginx | |
| app.kubernetes.io/instance: ingress-nginx | |
| app.kubernetes.io/version: 0.32.0 | |
| app.kubernetes.io/managed-by: Helm | |
| app.kubernetes.io/component: controller | |
| name: ingress-nginx | |
| namespace: ingress-nginx | |
| rules: | |
| - apiGroups: | |
| - '' | |
| resources: | |
| - namespaces | |
| verbs: | |
| - get | |
| - apiGroups: | |
| - '' | |
| resources: | |
| - configmaps | |
| - pods | |
| - secrets | |
| - endpoints | |
| verbs: | |
| - get | |
| - list | |
| - watch | |
| - apiGroups: | |
| - '' | |
| resources: | |
| - services | |
| verbs: | |
| - get | |
| - list | |
| - update | |
| - watch | |
| - apiGroups: | |
| - extensions | |
| - networking.k8s.io # k8s 1.14+ | |
| resources: | |
| - ingresses | |
| verbs: | |
| - get | |
| - list | |
| - watch | |
| - apiGroups: | |
| - extensions | |
| - networking.k8s.io # k8s 1.14+ | |
| resources: | |
| - ingresses/status | |
| verbs: | |
| - update | |
| - apiGroups: | |
| - networking.k8s.io # k8s 1.14+ | |
| resources: | |
| - ingressclasses | |
| verbs: | |
| - get | |
| - list | |
| - watch | |
| - apiGroups: | |
| - '' | |
| resources: | |
| - configmaps | |
| resourceNames: | |
| - ingress-controller-leader-nginx | |
| verbs: | |
| - get | |
| - update | |
| - apiGroups: | |
| - '' | |
| resources: | |
| - configmaps | |
| verbs: | |
| - create | |
| - apiGroups: | |
| - '' | |
| resources: | |
| - endpoints | |
| verbs: | |
| - create | |
| - get | |
| - update | |
| - apiGroups: | |
| - '' | |
| resources: | |
| - events | |
| verbs: | |
| - create | |
| - patch | |
| --- | |
| # Source: ingress-nginx/templates/controller-rolebinding.yaml | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| kind: RoleBinding | |
| metadata: | |
| labels: | |
| helm.sh/chart: ingress-nginx-2.1.0 | |
| app.kubernetes.io/name: ingress-nginx | |
| app.kubernetes.io/instance: ingress-nginx | |
| app.kubernetes.io/version: 0.32.0 | |
| app.kubernetes.io/managed-by: Helm | |
| app.kubernetes.io/component: controller | |
| name: ingress-nginx | |
| namespace: ingress-nginx | |
| roleRef: | |
| apiGroup: rbac.authorization.k8s.io | |
| kind: Role | |
| name: ingress-nginx | |
| subjects: | |
| - kind: ServiceAccount | |
| name: ingress-nginx | |
| namespace: ingress-nginx | |
| --- | |
| # Source: ingress-nginx/templates/controller-service-webhook.yaml | |
| apiVersion: v1 | |
| kind: Service | |
| metadata: | |
| labels: | |
| helm.sh/chart: ingress-nginx-2.1.0 | |
| app.kubernetes.io/name: ingress-nginx | |
| app.kubernetes.io/instance: ingress-nginx | |
| app.kubernetes.io/version: 0.32.0 | |
| app.kubernetes.io/managed-by: Helm | |
| app.kubernetes.io/component: controller | |
| name: ingress-nginx-controller-admission | |
| namespace: ingress-nginx | |
| spec: | |
| type: ClusterIP | |
| ipFamily: IPv6 # ipv4 可以不添加 | |
| ports: | |
| - name: https-webhook | |
| port: 443 | |
| targetPort: webhook | |
| selector: | |
| app.kubernetes.io/name: ingress-nginx | |
| app.kubernetes.io/instance: ingress-nginx | |
| app.kubernetes.io/component: controller | |
| --- | |
| # Source: ingress-nginx/templates/controller-service.yaml | |
| apiVersion: v1 | |
| kind: Service | |
| metadata: | |
| labels: | |
| helm.sh/chart: ingress-nginx-2.1.0 | |
| app.kubernetes.io/name: ingress-nginx | |
| app.kubernetes.io/instance: ingress-nginx | |
| app.kubernetes.io/version: 0.32.0 | |
| app.kubernetes.io/managed-by: Helm | |
| app.kubernetes.io/component: controller | |
| name: ingress-nginx-controller | |
| namespace: ingress-nginx | |
| spec: | |
| type: ClusterIP | |
| ipFamily: IPv6 # ipv4 可以不添加 | |
| ports: | |
| - name: http | |
| port: 80 | |
| protocol: TCP | |
| targetPort: http | |
| - name: https | |
| port: 443 | |
| protocol: TCP | |
| targetPort: https | |
| selector: | |
| app.kubernetes.io/name: ingress-nginx | |
| app.kubernetes.io/instance: ingress-nginx | |
| app.kubernetes.io/component: controller | |
| --- | |
| # Source: ingress-nginx/templates/controller-deployment.yaml | |
| apiVersion: apps/v1 | |
| kind: DaemonSet | |
| metadata: | |
| labels: | |
| helm.sh/chart: ingress-nginx-2.1.0 | |
| app.kubernetes.io/name: ingress-nginx | |
| app.kubernetes.io/instance: ingress-nginx | |
| app.kubernetes.io/version: 0.32.0 | |
| app.kubernetes.io/managed-by: Helm | |
| app.kubernetes.io/component: controller | |
| name: ingress-nginx-controller | |
| namespace: ingress-nginx | |
| spec: | |
| selector: | |
| matchLabels: | |
| app.kubernetes.io/name: ingress-nginx | |
| app.kubernetes.io/instance: ingress-nginx | |
| app.kubernetes.io/component: controller | |
| revisionHistoryLimit: 10 | |
| minReadySeconds: 0 | |
| template: | |
| metadata: | |
| labels: | |
| app.kubernetes.io/name: ingress-nginx | |
| app.kubernetes.io/instance: ingress-nginx | |
| app.kubernetes.io/component: controller | |
| annotations: | |
| prometheus.io/port: "10254" | |
| prometheus.io/scrape: "true" | |
| spec: | |
| hostNetwork: true | |
| dnsPolicy: ClusterFirstWithHostNet | |
| containers: | |
| - name: controller | |
| image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.32.0 | |
| imagePullPolicy: IfNotPresent | |
| lifecycle: | |
| preStop: | |
| exec: | |
| command: | |
| - /wait-shutdown | |
| args: | |
| - /nginx-ingress-controller | |
| - --election-id=ingress-controller-leader | |
| - --ingress-class=nginx | |
| - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller | |
| - --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services | |
| - --udp-services-configmap=$(POD_NAMESPACE)/udp-services | |
| - --annotations-prefix=nginx.ingress.kubernetes.io | |
| - --v=2 | |
| - --validating-webhook=:8443 | |
| - --validating-webhook-certificate=/usr/local/certificates/cert | |
| - --validating-webhook-key=/usr/local/certificates/key | |
| securityContext: | |
| capabilities: | |
| drop: | |
| - ALL | |
| add: | |
| - NET_BIND_SERVICE | |
| runAsUser: 101 | |
| allowPrivilegeEscalation: true | |
| env: | |
| - name: POD_NAME | |
| valueFrom: | |
| fieldRef: | |
| fieldPath: metadata.name | |
| - name: POD_NAMESPACE | |
| valueFrom: | |
| fieldRef: | |
| fieldPath: metadata.namespace | |
| livenessProbe: | |
| httpGet: | |
| path: /healthz | |
| port: 10254 | |
| scheme: HTTP | |
| initialDelaySeconds: 10 | |
| periodSeconds: 10 | |
| timeoutSeconds: 1 | |
| successThreshold: 1 | |
| failureThreshold: 3 | |
| readinessProbe: | |
| httpGet: | |
| path: /healthz | |
| port: 10254 | |
| scheme: HTTP | |
| initialDelaySeconds: 10 | |
| periodSeconds: 10 | |
| timeoutSeconds: 1 | |
| successThreshold: 1 | |
| failureThreshold: 3 | |
| ports: | |
| - name: http | |
| containerPort: 80 | |
| hostPort: 80 | |
| protocol: TCP | |
| - name: https | |
| containerPort: 443 | |
| hostPort: 443 | |
| protocol: TCP | |
| - name: webhook | |
| containerPort: 8443 | |
| hostPort: 8443 | |
| protocol: TCP | |
| volumeMounts: | |
| - name: webhook-cert | |
| mountPath: /usr/local/certificates/ | |
| readOnly: true | |
| - name: localtime | |
| mountPath: /etc/localtime | |
| readOnly: true | |
| resources: | |
| requests: | |
| cpu: 100m | |
| memory: 90Mi | |
| serviceAccountName: ingress-nginx | |
| terminationGracePeriodSeconds: 300 | |
| volumes: | |
| - name: webhook-cert | |
| secret: | |
| secretName: ingress-nginx-admission | |
| - name: localtime | |
| hostPath: | |
| path: /etc/localtime | |
| type: File | |
| updateStrategy: | |
| type: RollingUpdate | |
| rollingUpdate: | |
| maxUnavailable: 1 | |
| --- | |
| # Source: ingress-nginx/templates/admission-webhooks/validating-webhook.yaml | |
| apiVersion: admissionregistration.k8s.io/v1beta1 | |
| kind: ValidatingWebhookConfiguration | |
| metadata: | |
| labels: | |
| helm.sh/chart: ingress-nginx-2.1.0 | |
| app.kubernetes.io/name: ingress-nginx | |
| app.kubernetes.io/instance: ingress-nginx | |
| app.kubernetes.io/version: 0.32.0 | |
| app.kubernetes.io/managed-by: Helm | |
| app.kubernetes.io/component: admission-webhook | |
| name: ingress-nginx-admission | |
| namespace: ingress-nginx | |
| webhooks: | |
| - name: validate.nginx.ingress.kubernetes.io | |
| rules: | |
| - apiGroups: | |
| - extensions | |
| - networking.k8s.io | |
| apiVersions: | |
| - v1beta1 | |
| operations: | |
| - CREATE | |
| - UPDATE | |
| resources: | |
| - ingresses | |
| failurePolicy: Fail | |
| clientConfig: | |
| service: | |
| namespace: ingress-nginx | |
| name: ingress-nginx-controller-admission | |
| path: /extensions/v1beta1/ingresses | |
| --- | |
| # Source: ingress-nginx/templates/admission-webhooks/job-patch/clusterrole.yaml | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| kind: ClusterRole | |
| metadata: | |
| name: ingress-nginx-admission | |
| annotations: | |
| helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade | |
| helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded | |
| labels: | |
| helm.sh/chart: ingress-nginx-2.1.0 | |
| app.kubernetes.io/name: ingress-nginx | |
| app.kubernetes.io/instance: ingress-nginx | |
| app.kubernetes.io/version: 0.32.0 | |
| app.kubernetes.io/managed-by: Helm | |
| app.kubernetes.io/component: admission-webhook | |
| namespace: ingress-nginx | |
| rules: | |
| - apiGroups: | |
| - admissionregistration.k8s.io | |
| resources: | |
| - validatingwebhookconfigurations | |
| verbs: | |
| - get | |
| - update | |
| --- | |
| # Source: ingress-nginx/templates/admission-webhooks/job-patch/clusterrolebinding.yaml | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| kind: ClusterRoleBinding | |
| metadata: | |
| name: ingress-nginx-admission | |
| annotations: | |
| helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade | |
| helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded | |
| labels: | |
| helm.sh/chart: ingress-nginx-2.1.0 | |
| app.kubernetes.io/name: ingress-nginx | |
| app.kubernetes.io/instance: ingress-nginx | |
| app.kubernetes.io/version: 0.32.0 | |
| app.kubernetes.io/managed-by: Helm | |
| app.kubernetes.io/component: admission-webhook | |
| namespace: ingress-nginx | |
| roleRef: | |
| apiGroup: rbac.authorization.k8s.io | |
| kind: ClusterRole | |
| name: ingress-nginx-admission | |
| subjects: | |
| - kind: ServiceAccount | |
| name: ingress-nginx-admission | |
| namespace: ingress-nginx | |
| --- | |
| # Source: ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml | |
| apiVersion: batch/v1 | |
| kind: Job | |
| metadata: | |
| name: ingress-nginx-admission-create | |
| annotations: | |
| helm.sh/hook: pre-install,pre-upgrade | |
| helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded | |
| labels: | |
| helm.sh/chart: ingress-nginx-2.1.0 | |
| app.kubernetes.io/name: ingress-nginx | |
| app.kubernetes.io/instance: ingress-nginx | |
| app.kubernetes.io/version: 0.32.0 | |
| app.kubernetes.io/managed-by: Helm | |
| app.kubernetes.io/component: admission-webhook | |
| namespace: ingress-nginx | |
| spec: | |
| template: | |
| metadata: | |
| name: ingress-nginx-admission-create | |
| labels: | |
| helm.sh/chart: ingress-nginx-2.1.0 | |
| app.kubernetes.io/name: ingress-nginx | |
| app.kubernetes.io/instance: ingress-nginx | |
| app.kubernetes.io/version: 0.32.0 | |
| app.kubernetes.io/managed-by: Helm | |
| app.kubernetes.io/component: admission-webhook | |
| spec: | |
| containers: | |
| - name: create | |
| image: jettech/kube-webhook-certgen:v1.2.0 | |
| imagePullPolicy: IfNotPresent | |
| args: | |
| - create | |
| - --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.ingress-nginx.svc | |
| - --namespace=ingress-nginx | |
| - --secret-name=ingress-nginx-admission | |
| restartPolicy: OnFailure | |
| serviceAccountName: ingress-nginx-admission | |
| securityContext: | |
| runAsNonRoot: true | |
| runAsUser: 2000 | |
| --- | |
| # Source: ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml | |
| apiVersion: batch/v1 | |
| kind: Job | |
| metadata: | |
| name: ingress-nginx-admission-patch | |
| annotations: | |
| helm.sh/hook: post-install,post-upgrade | |
| helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded | |
| labels: | |
| helm.sh/chart: ingress-nginx-2.1.0 | |
| app.kubernetes.io/name: ingress-nginx | |
| app.kubernetes.io/instance: ingress-nginx | |
| app.kubernetes.io/version: 0.32.0 | |
| app.kubernetes.io/managed-by: Helm | |
| app.kubernetes.io/component: admission-webhook | |
| namespace: ingress-nginx | |
| spec: | |
| template: | |
| metadata: | |
| name: ingress-nginx-admission-patch | |
| labels: | |
| helm.sh/chart: ingress-nginx-2.1.0 | |
| app.kubernetes.io/name: ingress-nginx | |
| app.kubernetes.io/instance: ingress-nginx | |
| app.kubernetes.io/version: 0.32.0 | |
| app.kubernetes.io/managed-by: Helm | |
| app.kubernetes.io/component: admission-webhook | |
| spec: | |
| containers: | |
| - name: patch | |
| image: jettech/kube-webhook-certgen:v1.2.0 | |
| imagePullPolicy: IfNotPresent | |
| args: | |
| - patch | |
| - --webhook-name=ingress-nginx-admission | |
| - --namespace=ingress-nginx | |
| - --patch-mutating=false | |
| - --secret-name=ingress-nginx-admission | |
| - --patch-failure-policy=Fail | |
| restartPolicy: OnFailure | |
| serviceAccountName: ingress-nginx-admission | |
| securityContext: | |
| runAsNonRoot: true | |
| runAsUser: 2000 | |
| --- | |
| # Source: ingress-nginx/templates/admission-webhooks/job-patch/role.yaml | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| kind: Role | |
| metadata: | |
| name: ingress-nginx-admission | |
| annotations: | |
| helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade | |
| helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded | |
| labels: | |
| helm.sh/chart: ingress-nginx-2.1.0 | |
| app.kubernetes.io/name: ingress-nginx | |
| app.kubernetes.io/instance: ingress-nginx | |
| app.kubernetes.io/version: 0.32.0 | |
| app.kubernetes.io/managed-by: Helm | |
| app.kubernetes.io/component: admission-webhook | |
| namespace: ingress-nginx | |
| rules: | |
| - apiGroups: | |
| - '' | |
| resources: | |
| - secrets | |
| verbs: | |
| - get | |
| - create | |
| --- | |
| # Source: ingress-nginx/templates/admission-webhooks/job-patch/rolebinding.yaml | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| kind: RoleBinding | |
| metadata: | |
| name: ingress-nginx-admission | |
| annotations: | |
| helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade | |
| helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded | |
| labels: | |
| helm.sh/chart: ingress-nginx-2.1.0 | |
| app.kubernetes.io/name: ingress-nginx | |
| app.kubernetes.io/instance: ingress-nginx | |
| app.kubernetes.io/version: 0.32.0 | |
| app.kubernetes.io/managed-by: Helm | |
| app.kubernetes.io/component: admission-webhook | |
| namespace: ingress-nginx | |
| roleRef: | |
| apiGroup: rbac.authorization.k8s.io | |
| kind: Role | |
| name: ingress-nginx-admission | |
| subjects: | |
| - kind: ServiceAccount | |
| name: ingress-nginx-admission | |
| namespace: ingress-nginx | |
| --- | |
| # Source: ingress-nginx/templates/admission-webhooks/job-patch/serviceaccount.yaml | |
| apiVersion: v1 | |
| kind: ServiceAccount | |
| metadata: | |
| name: ingress-nginx-admission | |
| annotations: | |
| helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade | |
| helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded | |
| labels: | |
| helm.sh/chart: ingress-nginx-2.1.0 | |
| app.kubernetes.io/name: ingress-nginx | |
| app.kubernetes.io/instance: ingress-nginx | |
| app.kubernetes.io/version: 0.32.0 | |
| app.kubernetes.io/managed-by: Helm | |
| app.kubernetes.io/component: admission-webhook | |
| namespace: ingress-nginx | |
| 部署 ingress-nginx | |
| root@Qist:/mnt/g/work/ipv6/1# kubectl apply -f deploy.yaml | |
| namespace/ingress-nginx created | |
| serviceaccount/ingress-nginx created | |
| configmap/ingress-nginx-controller created | |
| configmap/tcp-services created | |
| configmap/udp-services created | |
| clusterrole.rbac.authorization.k8s.io/ingress-nginx created | |
| clusterrolebinding.rbac.authorization.k8s.io/ingress-nginx created | |
| role.rbac.authorization.k8s.io/ingress-nginx created | |
| rolebinding.rbac.authorization.k8s.io/ingress-nginx created | |
| service/ingress-nginx-controller-admission created | |
| service/ingress-nginx-controller created | |
| daemonset.apps/ingress-nginx-controller created | |
| validatingwebhookconfiguration.admissionregistration.k8s.io/ingress-nginx-admission created | |
| clusterrole.rbac.authorization.k8s.io/ingress-nginx-admission created | |
| clusterrolebinding.rbac.authorization.k8s.io/ingress-nginx-admission created | |
| job.batch/ingress-nginx-admission-create created | |
| job.batch/ingress-nginx-admission-patch created | |
| role.rbac.authorization.k8s.io/ingress-nginx-admission created | |
| rolebinding.rbac.authorization.k8s.io/ingress-nginx-admission created | |
| serviceaccount/ingress-nginx-admission created | |
| root@Qist:/mnt/g/work/ipv6/1# kubectl get pod | |
| NAME READY STATUS RESTARTS AGE | |
| ingress-nginx-admission-create-f8hv4 0/1 Completed 0 43m | |
| ingress-nginx-admission-patch-6gnrp 0/1 Completed 0 43m | |
| ingress-nginx-controller-4rlp6 1/1 Running 7 28m | |
| ingress-nginx-controller-bsr9s 1/1 Running 7 28m | |
| ingress-nginx-controller-gvgpw 1/1 Running 7 28m | |
| ingress-nginx-controller-h8mm2 1/1 Running 4 19m | |
| ingress-nginx-controller-v8vhl 0/1 ContainerCreating 0 7m26s | |
| # 等待pod runing | |
| # 查看endpoints 是否有数据如果kubelet 参数node-ip 为ipv6地址 | |
| # service 没添加 ipFamily: IPv6 | |
| root@Qist:/mnt/g/work/ipv6/1# kubectl describe endpoints ingress-nginx-controller | |
| Name: ingress-nginx-controller | |
| Namespace: ingress-nginx | |
| Labels: app.kubernetes.io/component=controller | |
| app.kubernetes.io/instance=ingress-nginx | |
| app.kubernetes.io/managed-by=Helm | |
| app.kubernetes.io/name=ingress-nginx | |
| app.kubernetes.io/version=0.32.0 | |
| helm.sh/chart=ingress-nginx-2.1.0 | |
| service.kubernetes.io/headless= | |
| Annotations: endpoints.kubernetes.io/last-change-trigger-time: 2020-05-08T17:28:42+08:00 | |
| Subsets: | |
| Events: <none> | |
| root@Qist:/mnt/g/work/ipv6/1# kubectl describe endpoints ingress-nginx-controller | |
| Name: ingress-nginx-controller | |
| Namespace: ingress-nginx | |
| Labels: app.kubernetes.io/component=controller | |
| app.kubernetes.io/instance=ingress-nginx | |
| app.kubernetes.io/managed-by=Helm | |
| app.kubernetes.io/name=ingress-nginx | |
| app.kubernetes.io/version=0.32.0 | |
| helm.sh/chart=ingress-nginx-2.1.0 | |
| service.kubernetes.io/headless= | |
| Annotations: endpoints.kubernetes.io/last-change-trigger-time: 2020-05-08T17:28:42+08:00 | |
| Subsets: | |
| Events: <none> | |
| # endpoints 为空 webhook 报错 service 添加ipFamily: IPv6 | |
| root@Qist:/mnt/g/work/ipv6/1# kubectl -n ingress-nginx get endpoints | |
| NAME ENDPOINTS AGE | |
| ingress-nginx-controller [fc00:bd4:efa8:1001:5054:ff:fe47:357b]:443,[fc00:bd4:efa8:1001:5054:ff:fe49:9888]:443,[fc00:bd4:efa8:1001:5054:ff:fe7f:7551]:443 + 7 more... 35m | |
| ingress-nginx-controller-admission [fc00:bd4:efa8:1001:5054:ff:fe47:357b]:8443,[fc00:bd4:efa8:1001:5054:ff:fe49:9888]:8443,[fc00:bd4:efa8:1001:5054:ff:fe7f:7551]:8443 + 2 more... 35m | |
| # 能正常获取pod 端口及IP |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment