github.com/qsunny/k8s@v0.0.0-20220101153623-e6dca256d5bf/ingress/mandatory.yaml (about) 1 apiVersion: v1 2 kind: Namespace 3 metadata: 4 name: ingress-nginx 5 6 --- 7 8 apiVersion: extensions/v1beta1 9 kind: Deployment 10 metadata: 11 name: default-http-backend 12 labels: 13 app.kubernetes.io/name: default-http-backend 14 app.kubernetes.io/part-of: ingress-nginx 15 namespace: ingress-nginx 16 spec: 17 replicas: 1 18 selector: 19 matchLabels: 20 app.kubernetes.io/name: default-http-backend 21 app.kubernetes.io/part-of: ingress-nginx 22 template: 23 metadata: 24 labels: 25 app.kubernetes.io/name: default-http-backend 26 app.kubernetes.io/part-of: ingress-nginx 27 spec: 28 terminationGracePeriodSeconds: 60 29 containers: 30 - name: default-http-backend 31 # Any image is permissible as long as: 32 # 1. It serves a 404 page at / 33 # 2. It serves 200 on a /healthz endpoint 34 image: registry.cn-hangzhou.aliyuncs.com/google_containers/defaultbackend:1.4 35 livenessProbe: 36 httpGet: 37 path: /healthz 38 port: 8080 39 scheme: HTTP 40 initialDelaySeconds: 30 41 timeoutSeconds: 5 42 ports: 43 - containerPort: 8080 44 resources: 45 limits: 46 cpu: 10m 47 memory: 20Mi 48 requests: 49 cpu: 10m 50 memory: 20Mi 51 52 --- 53 apiVersion: v1 54 kind: Service 55 metadata: 56 name: default-http-backend 57 namespace: ingress-nginx 58 labels: 59 app.kubernetes.io/name: default-http-backend 60 app.kubernetes.io/part-of: ingress-nginx 61 spec: 62 ports: 63 - port: 80 64 targetPort: 8080 65 selector: 66 app.kubernetes.io/name: default-http-backend 67 app.kubernetes.io/part-of: ingress-nginx 68 69 --- 70 71 kind: ConfigMap 72 apiVersion: v1 73 metadata: 74 name: nginx-configuration 75 namespace: ingress-nginx 76 labels: 77 app.kubernetes.io/name: ingress-nginx 78 app.kubernetes.io/part-of: ingress-nginx 79 80 --- 81 82 kind: ConfigMap 83 apiVersion: v1 84 metadata: 85 name: tcp-services 86 namespace: ingress-nginx 87 labels: 88 app.kubernetes.io/name: ingress-nginx 89 app.kubernetes.io/part-of: ingress-nginx 90 91 --- 92 93 kind: ConfigMap 94 apiVersion: v1 95 metadata: 96 name: udp-services 97 namespace: ingress-nginx 98 labels: 99 app.kubernetes.io/name: ingress-nginx 100 app.kubernetes.io/part-of: ingress-nginx 101 102 --- 103 104 apiVersion: v1 105 kind: ServiceAccount 106 metadata: 107 name: nginx-ingress-serviceaccount 108 namespace: ingress-nginx 109 labels: 110 app.kubernetes.io/name: ingress-nginx 111 app.kubernetes.io/part-of: ingress-nginx 112 113 --- 114 apiVersion: rbac.authorization.k8s.io/v1beta1 115 kind: ClusterRole 116 metadata: 117 name: nginx-ingress-clusterrole 118 labels: 119 app.kubernetes.io/name: ingress-nginx 120 app.kubernetes.io/part-of: ingress-nginx 121 rules: 122 - apiGroups: 123 - "" 124 resources: 125 - configmaps 126 - endpoints 127 - nodes 128 - pods 129 - secrets 130 verbs: 131 - list 132 - watch 133 - apiGroups: 134 - "" 135 resources: 136 - nodes 137 verbs: 138 - get 139 - apiGroups: 140 - "" 141 resources: 142 - services 143 verbs: 144 - get 145 - list 146 - watch 147 - apiGroups: 148 - "extensions" 149 resources: 150 - ingresses 151 verbs: 152 - get 153 - list 154 - watch 155 - apiGroups: 156 - "" 157 resources: 158 - events 159 verbs: 160 - create 161 - patch 162 - apiGroups: 163 - "extensions" 164 resources: 165 - ingresses/status 166 verbs: 167 - update 168 169 --- 170 apiVersion: rbac.authorization.k8s.io/v1beta1 171 kind: Role 172 metadata: 173 name: nginx-ingress-role 174 namespace: ingress-nginx 175 labels: 176 app.kubernetes.io/name: ingress-nginx 177 app.kubernetes.io/part-of: ingress-nginx 178 rules: 179 - apiGroups: 180 - "" 181 resources: 182 - configmaps 183 - pods 184 - secrets 185 - namespaces 186 verbs: 187 - get 188 - apiGroups: 189 - "" 190 resources: 191 - configmaps 192 resourceNames: 193 # Defaults to "<election-id>-<ingress-class>" 194 # Here: "<ingress-controller-leader>-<nginx>" 195 # This has to be adapted if you change either parameter 196 # when launching the nginx-ingress-controller. 197 - "ingress-controller-leader-nginx" 198 verbs: 199 - get 200 - update 201 - apiGroups: 202 - "" 203 resources: 204 - configmaps 205 verbs: 206 - create 207 - apiGroups: 208 - "" 209 resources: 210 - endpoints 211 verbs: 212 - get 213 214 --- 215 apiVersion: rbac.authorization.k8s.io/v1beta1 216 kind: RoleBinding 217 metadata: 218 name: nginx-ingress-role-nisa-binding 219 namespace: ingress-nginx 220 labels: 221 app.kubernetes.io/name: ingress-nginx 222 app.kubernetes.io/part-of: ingress-nginx 223 roleRef: 224 apiGroup: rbac.authorization.k8s.io 225 kind: Role 226 name: nginx-ingress-role 227 subjects: 228 - kind: ServiceAccount 229 name: nginx-ingress-serviceaccount 230 namespace: ingress-nginx 231 232 --- 233 apiVersion: rbac.authorization.k8s.io/v1beta1 234 kind: ClusterRoleBinding 235 metadata: 236 name: nginx-ingress-clusterrole-nisa-binding 237 labels: 238 app.kubernetes.io/name: ingress-nginx 239 app.kubernetes.io/part-of: ingress-nginx 240 roleRef: 241 apiGroup: rbac.authorization.k8s.io 242 kind: ClusterRole 243 name: nginx-ingress-clusterrole 244 subjects: 245 - kind: ServiceAccount 246 name: nginx-ingress-serviceaccount 247 namespace: ingress-nginx 248 249 --- 250 251 apiVersion: extensions/v1beta1 252 kind: Deployment 253 metadata: 254 name: nginx-ingress-controller 255 namespace: ingress-nginx 256 labels: 257 app.kubernetes.io/name: ingress-nginx 258 app.kubernetes.io/part-of: ingress-nginx 259 spec: 260 replicas: 1 261 selector: 262 matchLabels: 263 app.kubernetes.io/name: ingress-nginx 264 app.kubernetes.io/part-of: ingress-nginx 265 template: 266 metadata: 267 labels: 268 app.kubernetes.io/name: ingress-nginx 269 app.kubernetes.io/part-of: ingress-nginx 270 annotations: 271 prometheus.io/port: "10254" 272 prometheus.io/scrape: "true" 273 spec: 274 serviceAccountName: nginx-ingress-serviceaccount 275 containers: 276 - name: nginx-ingress-controller 277 image: registry.cn-hangzhou.aliyuncs.com/google_containers/nginx-ingress-controller:0.23.0 278 args: 279 - /nginx-ingress-controller 280 - --default-backend-service=$(POD_NAMESPACE)/default-http-backend 281 - --configmap=$(POD_NAMESPACE)/nginx-configuration 282 - --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services 283 - --udp-services-configmap=$(POD_NAMESPACE)/udp-services 284 - --publish-service=$(POD_NAMESPACE)/ingress-nginx 285 - --annotations-prefix=nginx.ingress.kubernetes.io 286 securityContext: 287 capabilities: 288 drop: 289 - ALL 290 add: 291 - NET_BIND_SERVICE 292 # www-data -> 33 293 runAsUser: 33 294 env: 295 - name: POD_NAME 296 valueFrom: 297 fieldRef: 298 fieldPath: metadata.name 299 - name: POD_NAMESPACE 300 valueFrom: 301 fieldRef: 302 fieldPath: metadata.namespace 303 ports: 304 - name: http 305 containerPort: 80 306 - name: https 307 containerPort: 443 308 livenessProbe: 309 failureThreshold: 3 310 httpGet: 311 path: /healthz 312 port: 10254 313 scheme: HTTP 314 initialDelaySeconds: 10 315 periodSeconds: 10 316 successThreshold: 1 317 timeoutSeconds: 1 318 readinessProbe: 319 failureThreshold: 3 320 httpGet: 321 path: /healthz 322 port: 10254 323 scheme: HTTP 324 periodSeconds: 10 325 successThreshold: 1 326 timeoutSeconds: 1 327 328 ---