forked from public/stack
127 lines
3.3 KiB
YAML
127 lines
3.3 KiB
YAML
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: ingress-nginx-controller
|
|
spec:
|
|
minReadySeconds: 0
|
|
revisionHistoryLimit: 10
|
|
template:
|
|
spec:
|
|
containers:
|
|
- args:
|
|
- /nginx-ingress-controller
|
|
- --publish-service=$(POD_NAMESPACE)/ingress-nginx-controller
|
|
- --election-id=ingress-controller-leader
|
|
- --controller-class=k8s.io/ingress-nginx
|
|
- --ingress-class=nginx
|
|
- --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services
|
|
- --configmap=$(POD_NAMESPACE)/ingress-nginx-controller
|
|
- --validating-webhook=:8443
|
|
- --validating-webhook-certificate=/usr/local/certificates/tls.crt
|
|
- --validating-webhook-key=/usr/local/certificates/tls.key
|
|
env:
|
|
- name: POD_NAME
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: metadata.name
|
|
- name: POD_NAMESPACE
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: metadata.namespace
|
|
- name: LD_PRELOAD
|
|
value: /usr/local/lib/libmimalloc.so
|
|
image: registry.k8s.io/ingress-nginx/controller
|
|
imagePullPolicy: IfNotPresent
|
|
lifecycle:
|
|
preStop:
|
|
exec:
|
|
command:
|
|
- /wait-shutdown
|
|
livenessProbe:
|
|
failureThreshold: 5
|
|
httpGet:
|
|
path: /healthz
|
|
port: 10254
|
|
scheme: HTTP
|
|
initialDelaySeconds: 10
|
|
periodSeconds: 10
|
|
successThreshold: 1
|
|
timeoutSeconds: 1
|
|
name: controller
|
|
ports:
|
|
- containerPort: 80
|
|
name: http
|
|
protocol: TCP
|
|
- containerPort: 443
|
|
name: https
|
|
protocol: TCP
|
|
- containerPort: 22
|
|
name: ssh
|
|
protocol: TCP
|
|
- containerPort: 8443
|
|
name: webhook
|
|
protocol: TCP
|
|
readinessProbe:
|
|
failureThreshold: 3
|
|
httpGet:
|
|
path: /healthz
|
|
port: 10254
|
|
scheme: HTTP
|
|
initialDelaySeconds: 10
|
|
periodSeconds: 10
|
|
successThreshold: 1
|
|
timeoutSeconds: 1
|
|
resources:
|
|
requests:
|
|
cpu: 100m
|
|
memory: 90Mi
|
|
securityContext:
|
|
allowPrivilegeEscalation: true
|
|
capabilities:
|
|
add:
|
|
- NET_BIND_SERVICE
|
|
drop:
|
|
- ALL
|
|
runAsUser: 101
|
|
volumeMounts:
|
|
- mountPath: /usr/local/certificates/
|
|
name: webhook-cert
|
|
readOnly: true
|
|
dnsPolicy: ClusterFirst
|
|
nodeSelector:
|
|
kubernetes.io/os: linux
|
|
serviceAccountName: ingress-nginx
|
|
terminationGracePeriodSeconds: 300
|
|
volumes:
|
|
- name: webhook-cert
|
|
secret:
|
|
secretName: ingress-nginx-admission
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
annotations:
|
|
# NOTE: This is DigitalOcean specific and should be changed if using
|
|
# another cloud provider
|
|
# See: configmap.yaml
|
|
service.beta.kubernetes.io/do-loadbalancer-enable-proxy-protocol: "true"
|
|
name: ingress-nginx-controller
|
|
spec:
|
|
ports:
|
|
- appProtocol: http
|
|
name: http
|
|
port: 80
|
|
protocol: TCP
|
|
targetPort: http
|
|
- appProtocol: https
|
|
name: https
|
|
port: 443
|
|
protocol: TCP
|
|
targetPort: https
|
|
- appProtocol: ssh
|
|
name: ssh
|
|
port: 22
|
|
protocol: TCP
|
|
targetPort: ssh
|
|
type: LoadBalancer
|