blob: 19f514f55d392dcd133a974498e51f0b4b36d801 [file] [log] [blame]
Lucjan Bryndzaa6b7f872019-09-25 11:51:08 +00001apiVersion: v1
2kind: Namespace
3metadata:
4 name: ingress-nginx
5 labels:
6 app.kubernetes.io/name: ingress-nginx
7 app.kubernetes.io/part-of: ingress-nginx
8
9---
10
11kind: ConfigMap
12apiVersion: v1
Lucjan Bryndza8bb52fd2020-02-04 16:11:04 +010013data:
Lucjan Bryndza0bc25522020-03-24 15:50:04 +010014 enable-underscores-in-headers: "true"
Lucjan Bryndzaa6b7f872019-09-25 11:51:08 +000015metadata:
16 name: nginx-configuration
17 namespace: ingress-nginx
18 labels:
19 app.kubernetes.io/name: ingress-nginx
20 app.kubernetes.io/part-of: ingress-nginx
21
22---
23kind: ConfigMap
24apiVersion: v1
25metadata:
26 name: tcp-services
27 namespace: ingress-nginx
28 labels:
29 app.kubernetes.io/name: ingress-nginx
30 app.kubernetes.io/part-of: ingress-nginx
31
32---
33kind: ConfigMap
34apiVersion: v1
35metadata:
36 name: udp-services
37 namespace: ingress-nginx
38 labels:
39 app.kubernetes.io/name: ingress-nginx
40 app.kubernetes.io/part-of: ingress-nginx
41
42---
43apiVersion: v1
44kind: ServiceAccount
45metadata:
46 name: nginx-ingress-serviceaccount
47 namespace: ingress-nginx
48 labels:
49 app.kubernetes.io/name: ingress-nginx
50 app.kubernetes.io/part-of: ingress-nginx
51
52---
53apiVersion: rbac.authorization.k8s.io/v1beta1
54kind: ClusterRole
55metadata:
56 name: nginx-ingress-clusterrole
57 labels:
58 app.kubernetes.io/name: ingress-nginx
59 app.kubernetes.io/part-of: ingress-nginx
60rules:
61 - apiGroups:
62 - ""
63 resources:
64 - configmaps
65 - endpoints
66 - nodes
67 - pods
68 - secrets
69 verbs:
70 - list
71 - watch
72 - apiGroups:
73 - ""
74 resources:
75 - nodes
76 verbs:
77 - get
78 - apiGroups:
79 - ""
80 resources:
81 - services
82 verbs:
83 - get
84 - list
85 - watch
86 - apiGroups:
87 - ""
88 resources:
89 - events
90 verbs:
91 - create
92 - patch
93 - apiGroups:
94 - "extensions"
95 - "networking.k8s.io"
96 resources:
97 - ingresses
98 verbs:
99 - get
100 - list
101 - watch
102 - apiGroups:
103 - "extensions"
104 - "networking.k8s.io"
105 resources:
106 - ingresses/status
107 verbs:
108 - update
109
110---
111apiVersion: rbac.authorization.k8s.io/v1beta1
112kind: Role
113metadata:
114 name: nginx-ingress-role
115 namespace: ingress-nginx
116 labels:
117 app.kubernetes.io/name: ingress-nginx
118 app.kubernetes.io/part-of: ingress-nginx
119rules:
120 - apiGroups:
121 - ""
122 resources:
123 - configmaps
124 - pods
125 - secrets
126 - namespaces
127 verbs:
128 - get
129 - apiGroups:
130 - ""
131 resources:
132 - configmaps
133 resourceNames:
134 # Defaults to "<election-id>-<ingress-class>"
135 # Here: "<ingress-controller-leader>-<nginx>"
136 # This has to be adapted if you change either parameter
137 # when launching the nginx-ingress-controller.
138 - "ingress-controller-leader-nginx"
139 verbs:
140 - get
141 - update
142 - apiGroups:
143 - ""
144 resources:
145 - configmaps
146 verbs:
147 - create
148 - apiGroups:
149 - ""
150 resources:
151 - endpoints
152 verbs:
153 - get
154
155---
156apiVersion: rbac.authorization.k8s.io/v1beta1
157kind: RoleBinding
158metadata:
159 name: nginx-ingress-role-nisa-binding
160 namespace: ingress-nginx
161 labels:
162 app.kubernetes.io/name: ingress-nginx
163 app.kubernetes.io/part-of: ingress-nginx
164roleRef:
165 apiGroup: rbac.authorization.k8s.io
166 kind: Role
167 name: nginx-ingress-role
168subjects:
169 - kind: ServiceAccount
170 name: nginx-ingress-serviceaccount
171 namespace: ingress-nginx
172
173---
174apiVersion: rbac.authorization.k8s.io/v1beta1
175kind: ClusterRoleBinding
176metadata:
177 name: nginx-ingress-clusterrole-nisa-binding
178 labels:
179 app.kubernetes.io/name: ingress-nginx
180 app.kubernetes.io/part-of: ingress-nginx
181roleRef:
182 apiGroup: rbac.authorization.k8s.io
183 kind: ClusterRole
184 name: nginx-ingress-clusterrole
185subjects:
186 - kind: ServiceAccount
187 name: nginx-ingress-serviceaccount
188 namespace: ingress-nginx
189
190---
191
192apiVersion: apps/v1
193kind: Deployment
194metadata:
195 name: nginx-ingress-controller
196 namespace: ingress-nginx
197 labels:
198 app.kubernetes.io/name: ingress-nginx
199 app.kubernetes.io/part-of: ingress-nginx
200spec:
201 replicas: 1
202 selector:
203 matchLabels:
204 app.kubernetes.io/name: ingress-nginx
205 app.kubernetes.io/part-of: ingress-nginx
206 template:
207 metadata:
208 labels:
209 app.kubernetes.io/name: ingress-nginx
210 app.kubernetes.io/part-of: ingress-nginx
211 annotations:
212 prometheus.io/port: "10254"
213 prometheus.io/scrape: "true"
214 spec:
215 serviceAccountName: nginx-ingress-serviceaccount
216 containers:
217 - name: nginx-ingress-controller
218 image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.25.1
219 args:
220 - /nginx-ingress-controller
221 - --configmap=$(POD_NAMESPACE)/nginx-configuration
222 - --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services
223 - --udp-services-configmap=$(POD_NAMESPACE)/udp-services
224 - --publish-service=$(POD_NAMESPACE)/ingress-nginx
225 - --annotations-prefix=nginx.ingress.kubernetes.io
226 - --enable-ssl-passthrough=true
227 securityContext:
228 allowPrivilegeEscalation: true
229 capabilities:
230 drop:
231 - ALL
232 add:
233 - NET_BIND_SERVICE
234 # www-data -> 33
235 runAsUser: 33
236 env:
237 - name: POD_NAME
238 valueFrom:
239 fieldRef:
240 fieldPath: metadata.name
241 - name: POD_NAMESPACE
242 valueFrom:
243 fieldRef:
244 fieldPath: metadata.namespace
245 ports:
246 - name: http
247 containerPort: 80
248 - name: https
249 containerPort: 443
250 livenessProbe:
251 failureThreshold: 3
252 httpGet:
253 path: /healthz
254 port: 10254
255 scheme: HTTP
256 initialDelaySeconds: 10
257 periodSeconds: 10
258 successThreshold: 1
259 timeoutSeconds: 10
260 readinessProbe:
261 failureThreshold: 3
262 httpGet:
263 path: /healthz
264 port: 10254
265 scheme: HTTP
266 periodSeconds: 10
267 successThreshold: 1
268 timeoutSeconds: 10
269
270---
271kind: Service
272apiVersion: v1
273metadata:
274 name: ingress-nginx
275 namespace: ingress-nginx
276 labels:
277 app.kubernetes.io/name: ingress-nginx
278 app.kubernetes.io/part-of: ingress-nginx
279spec:
280 externalTrafficPolicy: Local
281 type: LoadBalancer
282 selector:
283 app.kubernetes.io/name: ingress-nginx
284 app.kubernetes.io/part-of: ingress-nginx
285 ports:
286 - name: http
287 port: 80
288 targetPort: http
289 - name: https
290 port: 443
291 targetPort: https
292
293---
294
295apiVersion: v1
296kind: Service
297metadata:
298 name: ingress-nginx
299 namespace: ingress-nginx
300 labels:
301 app.kubernetes.io/name: ingress-nginx
302 app.kubernetes.io/part-of: ingress-nginx
303spec:
304 type: NodePort
305 ports:
306 - name: http
307 port: 80
308 targetPort: 80
309 protocol: TCP
310 - name: https
311 port: 443
312 targetPort: 443
313 protocol: TCP
314 selector:
315 app.kubernetes.io/name: ingress-nginx
316 app.kubernetes.io/part-of: ingress-nginx
317
318---
319