Last active
March 14, 2020 18:45
-
-
Save pathcl/f37c3ee3fdeeb80340385b13d3a1e530 to your computer and use it in GitHub Desktop.
nginx ingress
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
apiVersion: rbac.authorization.k8s.io/v1beta1 | |
kind: ClusterRole | |
metadata: | |
name: ingress-nginx | |
labels: | |
app.kubernetes.io/name: ingress-nginx | |
app.kubernetes.io/part-of: ingress-nginx | |
rules: | |
- apiGroups: [""] | |
resources: ["configmaps", "endpoints", "nodes", "pods", "secrets"] | |
verbs: ["list", "watch"] | |
- apiGroups: [""] | |
resources: ["nodes"] | |
verbs: ["get"] | |
- apiGroups: [""] | |
resources: ["services"] | |
verbs: ["get", "list", "watch"] | |
- apiGroups: ["extensions","networking.k8s.io"] | |
resources: ["ingresses"] | |
verbs: ["get", "list", "watch"] | |
- apiGroups: [""] | |
resources: ["events"] | |
verbs: ["create", "patch"] | |
- apiGroups: ["extensions","networking.k8s.io"] | |
resources: ["ingresses/status"] | |
verbs: ["update"] | |
--- | |
apiVersion: rbac.authorization.k8s.io/v1beta1 | |
kind: ClusterRoleBinding | |
metadata: | |
name: ingress-nginx | |
namespace: ingress-nginx | |
labels: | |
app.kubernetes.io/name: ingress-nginx | |
app.kubernetes.io/part-of: ingress-nginx | |
roleRef: | |
apiGroup: rbac.authorization.k8s.io | |
kind: ClusterRole | |
name: ingress-nginx | |
subjects: | |
- kind: ServiceAccount | |
name: ingress-nginx | |
namespace: ingress-nginx | |
--- | |
apiVersion: v1 | |
items: | |
- apiVersion: v1 | |
kind: ConfigMap | |
metadata: | |
name: ingress-controller-leader-nginx | |
namespace: ingress-nginx | |
- apiVersion: v1 | |
data: | |
proxy-hide-headers: Server | |
server-tokens: "False" | |
kind: ConfigMap | |
metadata: | |
labels: | |
app.kubernetes.io/name: ingress-nginx | |
app.kubernetes.io/part-of: ingress-nginx | |
name: ingress-nginx | |
namespace: ingress-nginx | |
- apiVersion: v1 | |
kind: ConfigMap | |
metadata: | |
labels: | |
app.kubernetes.io/name: ingress-nginx | |
app.kubernetes.io/part-of: ingress-nginx | |
name: tcp-services | |
namespace: ingress-nginx | |
- apiVersion: v1 | |
kind: ConfigMap | |
metadata: | |
labels: | |
app.kubernetes.io/name: ingress-nginx | |
app.kubernetes.io/part-of: ingress-nginx | |
name: udp-services | |
namespace: ingress-nginx | |
kind: List | |
metadata: | |
resourceVersion: "" | |
selfLink: "" | |
--- | |
apiVersion: apps/v1 | |
kind: DaemonSet | |
metadata: | |
name: ingress-nginx-controller | |
namespace: ingress-nginx | |
labels: | |
app.kubernetes.io/name: ingress-nginx | |
app.kubernetes.io/part-of: ingress-nginx | |
spec: | |
selector: | |
matchLabels: | |
app.kubernetes.io/name: ingress-nginx | |
app.kubernetes.io/part-of: ingress-nginx | |
template: | |
metadata: | |
labels: | |
app.kubernetes.io/name: ingress-nginx | |
app.kubernetes.io/part-of: ingress-nginx | |
annotations: | |
prometheus.io/port: "10254" | |
prometheus.io/scrape: "true" | |
spec: | |
serviceAccountName: ingress-nginx | |
hostNetwork: true | |
dnsPolicy: ClusterFirstWithHostNet | |
containers: | |
- name: ingress-nginx-controller | |
image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.21.0 | |
imagePullPolicy: Always | |
args: | |
- /nginx-ingress-controller | |
- --configmap=$(POD_NAMESPACE)/ingress-nginx | |
- --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services | |
- --udp-services-configmap=$(POD_NAMESPACE)/udp-services | |
- --annotations-prefix=nginx.ingress.kubernetes.io | |
- --report-node-internal-ip-address | |
securityContext: | |
capabilities: | |
drop: | |
- ALL | |
add: | |
- NET_BIND_SERVICE | |
runAsUser: 33 | |
env: | |
- name: POD_NAME | |
valueFrom: | |
fieldRef: | |
fieldPath: metadata.name | |
- name: POD_NAMESPACE | |
valueFrom: | |
fieldRef: | |
fieldPath: metadata.namespace | |
ports: | |
- name: http | |
containerPort: 80 | |
hostPort: 80 | |
- name: https | |
containerPort: 443 | |
hostPort: 443 | |
livenessProbe: | |
failureThreshold: 3 | |
httpGet: | |
path: /healthz | |
port: 10254 | |
scheme: HTTP | |
initialDelaySeconds: 5 | |
timeoutSeconds: 5 | |
successThreshold: 1 | |
failureThreshold: 10 | |
readinessProbe: | |
failureThreshold: 3 | |
httpGet: | |
path: /healthz | |
port: 10254 | |
scheme: HTTP | |
timeoutSeconds: 5 | |
successThreshold: 1 | |
failureThreshold: 10 | |
--- | |
apiVersion: v1 | |
items: | |
- apiVersion: rbac.authorization.k8s.io/v1 | |
kind: Role | |
metadata: | |
labels: | |
app.kubernetes.io/name: ingress-nginx | |
app.kubernetes.io/part-of: ingress-nginx | |
name: ingress-nginx | |
namespace: ingress-nginx | |
rules: | |
- apiGroups: | |
- "" | |
resources: | |
- configmaps | |
- pods | |
- secrets | |
- namespaces | |
verbs: | |
- get | |
- apiGroups: | |
- "" | |
resourceNames: | |
- ingress-controller-leader-nginx | |
resources: | |
- configmaps | |
verbs: | |
- get | |
- update | |
- apiGroups: | |
- "" | |
resources: | |
- configmaps | |
verbs: | |
- create | |
- apiGroups: | |
- "" | |
resources: | |
- endpoints | |
verbs: | |
- get | |
- apiGroups: | |
- policy | |
resourceNames: | |
- ingress-nginx | |
resources: | |
- podsecuritypolicies | |
verbs: | |
- use | |
kind: List | |
metadata: | |
resourceVersion: "" | |
selfLink: "" | |
--- | |
apiVersion: rbac.authorization.k8s.io/v1beta1 | |
kind: RoleBinding | |
metadata: | |
name: ingress-nginx | |
namespace: ingress-nginx | |
labels: | |
app.kubernetes.io/name: ingress-nginx | |
app.kubernetes.io/part-of: ingress-nginx | |
roleRef: | |
apiGroup: rbac.authorization.k8s.io | |
kind: Role | |
name: ingress-nginx | |
subjects: | |
- kind: ServiceAccount | |
name: ingress-nginx | |
namespace: ingress-nginx | |
--- | |
apiVersion: v1 | |
kind: ServiceAccount | |
metadata: | |
name: ingress-nginx | |
namespace: ingress-nginx | |
labels: | |
app.kubernetes.io/name: ingress-nginx | |
app.kubernetes.io/part-of: ingress-nginx |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment