github.com/nginxinc/kubernetes-ingress@v1.12.5/deployments/helm-chart/templates/controller-deployment.yaml (about) 1 {{- if eq .Values.controller.kind "deployment" }} 2 apiVersion: apps/v1 3 kind: Deployment 4 metadata: 5 name: {{ default (include "nginx-ingress.name" .) .Values.controller.name }} 6 namespace: {{ .Release.Namespace }} 7 labels: 8 {{- include "nginx-ingress.labels" . | nindent 4 }} 9 spec: 10 replicas: {{ .Values.controller.replicaCount }} 11 selector: 12 matchLabels: 13 app: {{ include "nginx-ingress.appName" . }} 14 template: 15 metadata: 16 labels: 17 app: {{ include "nginx-ingress.appName" . }} 18 {{- if or (.Values.prometheus.create) (.Values.controller.pod.annotations) }} 19 annotations: 20 {{- if .Values.prometheus.create }} 21 prometheus.io/scrape: "true" 22 prometheus.io/port: "{{ .Values.prometheus.port }}" 23 prometheus.io/scheme: "{{ .Values.prometheus.scheme }}" 24 {{- end }} 25 {{- if .Values.controller.pod.annotations }} 26 {{ toYaml .Values.controller.pod.annotations | indent 8 }} 27 {{- end }} 28 {{- end }} 29 spec: 30 {{- if .Values.controller.nodeSelector }} 31 nodeSelector: 32 {{ toYaml .Values.controller.nodeSelector | indent 8 }} 33 {{- end }} 34 {{- if .Values.controller.tolerations }} 35 tolerations: 36 {{ toYaml .Values.controller.tolerations | indent 6 }} 37 {{- end }} 38 {{- if .Values.controller.affinity }} 39 affinity: 40 {{ toYaml .Values.controller.affinity | indent 8 }} 41 {{- end }} 42 {{- if .Values.controller.volumes }} 43 volumes: 44 {{ toYaml .Values.controller.volumes | indent 6 }} 45 {{- end }} 46 {{- if .Values.controller.priorityClassName }} 47 priorityClassName: {{ .Values.controller.priorityClassName }} 48 {{- end }} 49 serviceAccountName: {{ include "nginx-ingress.serviceAccountName" . }} 50 hostNetwork: {{ .Values.controller.hostNetwork }} 51 containers: 52 - image: "{{ .Values.controller.image.repository }}:{{ .Values.controller.image.tag }}" 53 name: {{ include "nginx-ingress.name" . }} 54 imagePullPolicy: "{{ .Values.controller.image.pullPolicy }}" 55 ports: 56 - name: http 57 containerPort: 80 58 - name: https 59 containerPort: 443 60 {{ if .Values.controller.customPorts }} 61 {{ toYaml .Values.controller.customPorts | indent 8 }} 62 {{ end }} 63 {{- if .Values.prometheus.create }} 64 - name: prometheus 65 containerPort: {{ .Values.prometheus.port }} 66 {{- end }} 67 {{- if .Values.controller.readyStatus.enable }} 68 - name: readiness-port 69 containerPort: {{ .Values.controller.readyStatus.port}} 70 readinessProbe: 71 httpGet: 72 path: /nginx-ready 73 port: readiness-port 74 periodSeconds: 1 75 {{- end }} 76 resources: 77 {{ toYaml .Values.controller.resources | indent 10 }} 78 securityContext: 79 allowPrivilegeEscalation: true 80 runAsUser: 101 #nginx 81 capabilities: 82 drop: 83 - ALL 84 add: 85 - NET_BIND_SERVICE 86 {{- if .Values.controller.volumeMounts }} 87 volumeMounts: 88 {{ toYaml .Values.controller.volumeMounts | indent 8 }} 89 {{- end }} 90 env: 91 - name: POD_NAMESPACE 92 valueFrom: 93 fieldRef: 94 fieldPath: metadata.namespace 95 - name: POD_NAME 96 valueFrom: 97 fieldRef: 98 fieldPath: metadata.name 99 args: 100 - -nginx-plus={{ .Values.controller.nginxplus }} 101 - -nginx-reload-timeout={{ .Values.controller.nginxReloadTimeout }} 102 - -enable-app-protect={{ .Values.controller.appprotect.enable }} 103 - -nginx-configmaps=$(POD_NAMESPACE)/{{ include "nginx-ingress.configName" . }} 104 {{- if .Values.controller.defaultTLS.secret }} 105 - -default-server-tls-secret={{ .Values.controller.defaultTLS.secret }} 106 {{ else }} 107 - -default-server-tls-secret=$(POD_NAMESPACE)/{{ include "nginx-ingress.defaultTLSName" . }} 108 {{- end }} 109 - -ingress-class={{ .Values.controller.ingressClass }} 110 {{- if semverCompare "<1.18.0" .Capabilities.KubeVersion.GitVersion }} 111 - -use-ingress-class-only={{ .Values.controller.useIngressClassOnly }} 112 {{- end }} 113 {{- if .Values.controller.watchNamespace }} 114 - -watch-namespace={{ .Values.controller.watchNamespace }} 115 {{- end }} 116 - -health-status={{ .Values.controller.healthStatus }} 117 - -health-status-uri={{ .Values.controller.healthStatusURI }} 118 - -nginx-debug={{ .Values.controller.nginxDebug }} 119 - -v={{ .Values.controller.logLevel }} 120 - -nginx-status={{ .Values.controller.nginxStatus.enable }} 121 {{- if .Values.controller.nginxStatus.enable }} 122 - -nginx-status-port={{ .Values.controller.nginxStatus.port }} 123 - -nginx-status-allow-cidrs={{ .Values.controller.nginxStatus.allowCidrs }} 124 {{- end }} 125 {{- if .Values.controller.reportIngressStatus.enable }} 126 - -report-ingress-status 127 {{- if .Values.controller.reportIngressStatus.ingressLink }} 128 - -ingresslink={{ .Values.controller.reportIngressStatus.ingressLink }} 129 {{- else if .Values.controller.reportIngressStatus.externalService }} 130 - -external-service={{ .Values.controller.reportIngressStatus.externalService }} 131 {{- else if and (.Values.controller.service.create) (eq .Values.controller.service.type "LoadBalancer") }} 132 - -external-service={{ include "nginx-ingress.serviceName" . }} 133 {{- end }} 134 - -enable-leader-election={{ .Values.controller.reportIngressStatus.enableLeaderElection }} 135 - -leader-election-lock-name={{ include "nginx-ingress.leaderElectionName" . }} 136 {{- end }} 137 {{- if .Values.controller.wildcardTLS.secret }} 138 - -wildcard-tls-secret={{ .Values.controller.wildcardTLS.secret }} 139 {{- else if and .Values.controller.wildcardTLS.cert .Values.controller.wildcardTLS.key }} 140 - -wildcard-tls-secret=$(POD_NAMESPACE)/{{ include "nginx-ingress.wildcardTLSName" . }} 141 {{- end }} 142 - -enable-prometheus-metrics={{ .Values.prometheus.create }} 143 - -prometheus-metrics-listen-port={{ .Values.prometheus.port }} 144 - -prometheus-tls-secret={{ .Values.prometheus.secret }} 145 - -enable-custom-resources={{ .Values.controller.enableCustomResources }} 146 {{- if .Values.controller.enableCustomResources }} 147 - -enable-tls-passthrough={{ .Values.controller.enableTLSPassthrough }} 148 - -enable-snippets={{ .Values.controller.enableSnippets }} 149 - -enable-preview-policies={{ .Values.controller.enablePreviewPolicies }} 150 {{- if .Values.controller.globalConfiguration.create }} 151 - -global-configuration=$(POD_NAMESPACE)/{{ include "nginx-ingress.name" . }} 152 {{- end }} 153 {{- end }} 154 - -ready-status={{ .Values.controller.readyStatus.enable }} 155 - -ready-status-port={{ .Values.controller.readyStatus.port }} 156 - -enable-latency-metrics={{ .Values.controller.enableLatencyMetrics }} 157 {{- end }}