github.com/zppinho/prow@v0.0.0-20240510014325-1738badeb017/test/integration/config/nginx.yaml (about) 1 apiVersion: v1 2 kind: Namespace 3 metadata: 4 labels: 5 app.kubernetes.io/instance: ingress-nginx 6 app.kubernetes.io/name: ingress-nginx 7 name: ingress-nginx 8 --- 9 apiVersion: v1 10 automountServiceAccountToken: true 11 kind: ServiceAccount 12 metadata: 13 labels: 14 app.kubernetes.io/component: controller 15 app.kubernetes.io/instance: ingress-nginx 16 app.kubernetes.io/name: ingress-nginx 17 app.kubernetes.io/part-of: ingress-nginx 18 app.kubernetes.io/version: 1.7.1 19 name: ingress-nginx 20 namespace: ingress-nginx 21 --- 22 apiVersion: v1 23 kind: ServiceAccount 24 metadata: 25 labels: 26 app.kubernetes.io/component: admission-webhook 27 app.kubernetes.io/instance: ingress-nginx 28 app.kubernetes.io/name: ingress-nginx 29 app.kubernetes.io/part-of: ingress-nginx 30 app.kubernetes.io/version: 1.7.1 31 name: ingress-nginx-admission 32 namespace: ingress-nginx 33 --- 34 apiVersion: rbac.authorization.k8s.io/v1 35 kind: Role 36 metadata: 37 labels: 38 app.kubernetes.io/component: controller 39 app.kubernetes.io/instance: ingress-nginx 40 app.kubernetes.io/name: ingress-nginx 41 app.kubernetes.io/part-of: ingress-nginx 42 app.kubernetes.io/version: 1.7.1 43 name: ingress-nginx 44 namespace: ingress-nginx 45 rules: 46 - apiGroups: 47 - "" 48 resources: 49 - namespaces 50 verbs: 51 - get 52 - apiGroups: 53 - "" 54 resources: 55 - configmaps 56 - pods 57 - secrets 58 - endpoints 59 verbs: 60 - get 61 - list 62 - watch 63 - apiGroups: 64 - "" 65 resources: 66 - services 67 verbs: 68 - get 69 - list 70 - watch 71 - apiGroups: 72 - networking.k8s.io 73 resources: 74 - ingresses 75 verbs: 76 - get 77 - list 78 - watch 79 - apiGroups: 80 - networking.k8s.io 81 resources: 82 - ingresses/status 83 verbs: 84 - update 85 - apiGroups: 86 - networking.k8s.io 87 resources: 88 - ingressclasses 89 verbs: 90 - get 91 - list 92 - watch 93 - apiGroups: 94 - coordination.k8s.io 95 resourceNames: 96 - ingress-nginx-leader 97 resources: 98 - leases 99 verbs: 100 - get 101 - update 102 - apiGroups: 103 - coordination.k8s.io 104 resources: 105 - leases 106 verbs: 107 - create 108 - apiGroups: 109 - "" 110 resources: 111 - events 112 verbs: 113 - create 114 - patch 115 - apiGroups: 116 - discovery.k8s.io 117 resources: 118 - endpointslices 119 verbs: 120 - list 121 - watch 122 - get 123 --- 124 apiVersion: rbac.authorization.k8s.io/v1 125 kind: Role 126 metadata: 127 labels: 128 app.kubernetes.io/component: admission-webhook 129 app.kubernetes.io/instance: ingress-nginx 130 app.kubernetes.io/name: ingress-nginx 131 app.kubernetes.io/part-of: ingress-nginx 132 app.kubernetes.io/version: 1.7.1 133 name: ingress-nginx-admission 134 namespace: ingress-nginx 135 rules: 136 - apiGroups: 137 - "" 138 resources: 139 - secrets 140 verbs: 141 - get 142 - create 143 --- 144 apiVersion: rbac.authorization.k8s.io/v1 145 kind: ClusterRole 146 metadata: 147 labels: 148 app.kubernetes.io/instance: ingress-nginx 149 app.kubernetes.io/name: ingress-nginx 150 app.kubernetes.io/part-of: ingress-nginx 151 app.kubernetes.io/version: 1.7.1 152 name: ingress-nginx 153 rules: 154 - apiGroups: 155 - "" 156 resources: 157 - configmaps 158 - endpoints 159 - nodes 160 - pods 161 - secrets 162 - namespaces 163 verbs: 164 - list 165 - watch 166 - apiGroups: 167 - coordination.k8s.io 168 resources: 169 - leases 170 verbs: 171 - list 172 - watch 173 - apiGroups: 174 - "" 175 resources: 176 - nodes 177 verbs: 178 - get 179 - apiGroups: 180 - "" 181 resources: 182 - services 183 verbs: 184 - get 185 - list 186 - watch 187 - apiGroups: 188 - networking.k8s.io 189 resources: 190 - ingresses 191 verbs: 192 - get 193 - list 194 - watch 195 - apiGroups: 196 - "" 197 resources: 198 - events 199 verbs: 200 - create 201 - patch 202 - apiGroups: 203 - networking.k8s.io 204 resources: 205 - ingresses/status 206 verbs: 207 - update 208 - apiGroups: 209 - networking.k8s.io 210 resources: 211 - ingressclasses 212 verbs: 213 - get 214 - list 215 - watch 216 - apiGroups: 217 - discovery.k8s.io 218 resources: 219 - endpointslices 220 verbs: 221 - list 222 - watch 223 - get 224 --- 225 apiVersion: rbac.authorization.k8s.io/v1 226 kind: ClusterRole 227 metadata: 228 labels: 229 app.kubernetes.io/component: admission-webhook 230 app.kubernetes.io/instance: ingress-nginx 231 app.kubernetes.io/name: ingress-nginx 232 app.kubernetes.io/part-of: ingress-nginx 233 app.kubernetes.io/version: 1.7.1 234 name: ingress-nginx-admission 235 rules: 236 - apiGroups: 237 - admissionregistration.k8s.io 238 resources: 239 - validatingwebhookconfigurations 240 verbs: 241 - get 242 - update 243 --- 244 apiVersion: rbac.authorization.k8s.io/v1 245 kind: RoleBinding 246 metadata: 247 labels: 248 app.kubernetes.io/component: controller 249 app.kubernetes.io/instance: ingress-nginx 250 app.kubernetes.io/name: ingress-nginx 251 app.kubernetes.io/part-of: ingress-nginx 252 app.kubernetes.io/version: 1.7.1 253 name: ingress-nginx 254 namespace: ingress-nginx 255 roleRef: 256 apiGroup: rbac.authorization.k8s.io 257 kind: Role 258 name: ingress-nginx 259 subjects: 260 - kind: ServiceAccount 261 name: ingress-nginx 262 namespace: ingress-nginx 263 --- 264 apiVersion: rbac.authorization.k8s.io/v1 265 kind: RoleBinding 266 metadata: 267 labels: 268 app.kubernetes.io/component: admission-webhook 269 app.kubernetes.io/instance: ingress-nginx 270 app.kubernetes.io/name: ingress-nginx 271 app.kubernetes.io/part-of: ingress-nginx 272 app.kubernetes.io/version: 1.7.1 273 name: ingress-nginx-admission 274 namespace: ingress-nginx 275 roleRef: 276 apiGroup: rbac.authorization.k8s.io 277 kind: Role 278 name: ingress-nginx-admission 279 subjects: 280 - kind: ServiceAccount 281 name: ingress-nginx-admission 282 namespace: ingress-nginx 283 --- 284 apiVersion: rbac.authorization.k8s.io/v1 285 kind: ClusterRoleBinding 286 metadata: 287 labels: 288 app.kubernetes.io/instance: ingress-nginx 289 app.kubernetes.io/name: ingress-nginx 290 app.kubernetes.io/part-of: ingress-nginx 291 app.kubernetes.io/version: 1.7.1 292 name: ingress-nginx 293 roleRef: 294 apiGroup: rbac.authorization.k8s.io 295 kind: ClusterRole 296 name: ingress-nginx 297 subjects: 298 - kind: ServiceAccount 299 name: ingress-nginx 300 namespace: ingress-nginx 301 --- 302 apiVersion: rbac.authorization.k8s.io/v1 303 kind: ClusterRoleBinding 304 metadata: 305 labels: 306 app.kubernetes.io/component: admission-webhook 307 app.kubernetes.io/instance: ingress-nginx 308 app.kubernetes.io/name: ingress-nginx 309 app.kubernetes.io/part-of: ingress-nginx 310 app.kubernetes.io/version: 1.7.1 311 name: ingress-nginx-admission 312 roleRef: 313 apiGroup: rbac.authorization.k8s.io 314 kind: ClusterRole 315 name: ingress-nginx-admission 316 subjects: 317 - kind: ServiceAccount 318 name: ingress-nginx-admission 319 namespace: ingress-nginx 320 --- 321 apiVersion: v1 322 data: 323 allow-snippet-annotations: "true" 324 kind: ConfigMap 325 metadata: 326 labels: 327 app.kubernetes.io/component: controller 328 app.kubernetes.io/instance: ingress-nginx 329 app.kubernetes.io/name: ingress-nginx 330 app.kubernetes.io/part-of: ingress-nginx 331 app.kubernetes.io/version: 1.7.1 332 name: ingress-nginx-controller 333 namespace: ingress-nginx 334 --- 335 apiVersion: v1 336 kind: Service 337 metadata: 338 labels: 339 app.kubernetes.io/component: controller 340 app.kubernetes.io/instance: ingress-nginx 341 app.kubernetes.io/name: ingress-nginx 342 app.kubernetes.io/part-of: ingress-nginx 343 app.kubernetes.io/version: 1.7.1 344 name: ingress-nginx-controller 345 namespace: ingress-nginx 346 spec: 347 ipFamilies: 348 - IPv4 349 ipFamilyPolicy: SingleStack 350 ports: 351 - appProtocol: http 352 name: http 353 port: 80 354 protocol: TCP 355 targetPort: http 356 - appProtocol: https 357 name: https 358 port: 443 359 protocol: TCP 360 targetPort: https 361 selector: 362 app.kubernetes.io/component: controller 363 app.kubernetes.io/instance: ingress-nginx 364 app.kubernetes.io/name: ingress-nginx 365 type: NodePort 366 --- 367 apiVersion: v1 368 kind: Service 369 metadata: 370 labels: 371 app.kubernetes.io/component: controller 372 app.kubernetes.io/instance: ingress-nginx 373 app.kubernetes.io/name: ingress-nginx 374 app.kubernetes.io/part-of: ingress-nginx 375 app.kubernetes.io/version: 1.7.1 376 name: ingress-nginx-controller-admission 377 namespace: ingress-nginx 378 spec: 379 ports: 380 - appProtocol: https 381 name: https-webhook 382 port: 443 383 targetPort: webhook 384 selector: 385 app.kubernetes.io/component: controller 386 app.kubernetes.io/instance: ingress-nginx 387 app.kubernetes.io/name: ingress-nginx 388 type: ClusterIP 389 --- 390 apiVersion: apps/v1 391 kind: Deployment 392 metadata: 393 labels: 394 app.kubernetes.io/component: controller 395 app.kubernetes.io/instance: ingress-nginx 396 app.kubernetes.io/name: ingress-nginx 397 app.kubernetes.io/part-of: ingress-nginx 398 app.kubernetes.io/version: 1.7.1 399 name: ingress-nginx-controller 400 namespace: ingress-nginx 401 spec: 402 minReadySeconds: 0 403 revisionHistoryLimit: 10 404 selector: 405 matchLabels: 406 app.kubernetes.io/component: controller 407 app.kubernetes.io/instance: ingress-nginx 408 app.kubernetes.io/name: ingress-nginx 409 strategy: 410 rollingUpdate: 411 maxUnavailable: 1 412 type: RollingUpdate 413 template: 414 metadata: 415 labels: 416 app.kubernetes.io/component: controller 417 app.kubernetes.io/instance: ingress-nginx 418 app.kubernetes.io/name: ingress-nginx 419 app.kubernetes.io/part-of: ingress-nginx 420 app.kubernetes.io/version: 1.7.1 421 spec: 422 containers: 423 - args: 424 - /nginx-ingress-controller 425 - --election-id=ingress-nginx-leader 426 - --controller-class=k8s.io/ingress-nginx 427 - --ingress-class=nginx 428 - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller 429 - --validating-webhook=:8443 430 - --validating-webhook-certificate=/usr/local/certificates/cert 431 - --validating-webhook-key=/usr/local/certificates/key 432 - --watch-ingress-without-class=true 433 - --publish-status-address=localhost 434 env: 435 - name: POD_NAME 436 valueFrom: 437 fieldRef: 438 fieldPath: metadata.name 439 - name: POD_NAMESPACE 440 valueFrom: 441 fieldRef: 442 fieldPath: metadata.namespace 443 - name: LD_PRELOAD 444 value: /usr/local/lib/libmimalloc.so 445 image: registry.k8s.io/ingress-nginx/controller:v1.7.1@sha256:7244b95ea47bddcb8267c1e625fb163fc183ef55448855e3ac52a7b260a60407 446 imagePullPolicy: IfNotPresent 447 lifecycle: 448 preStop: 449 exec: 450 command: 451 - /wait-shutdown 452 livenessProbe: 453 failureThreshold: 5 454 httpGet: 455 path: /healthz 456 port: 10254 457 scheme: HTTP 458 initialDelaySeconds: 10 459 periodSeconds: 10 460 successThreshold: 1 461 timeoutSeconds: 1 462 name: controller 463 ports: 464 - containerPort: 80 465 hostPort: 80 466 name: http 467 protocol: TCP 468 - containerPort: 443 469 hostPort: 443 470 name: https 471 protocol: TCP 472 - containerPort: 8443 473 name: webhook 474 protocol: TCP 475 readinessProbe: 476 failureThreshold: 3 477 httpGet: 478 path: /healthz 479 port: 10254 480 scheme: HTTP 481 initialDelaySeconds: 10 482 periodSeconds: 10 483 successThreshold: 1 484 timeoutSeconds: 1 485 resources: 486 requests: 487 cpu: 100m 488 memory: 90Mi 489 securityContext: 490 allowPrivilegeEscalation: true 491 capabilities: 492 add: 493 - NET_BIND_SERVICE 494 drop: 495 - ALL 496 runAsUser: 101 497 volumeMounts: 498 - mountPath: /usr/local/certificates/ 499 name: webhook-cert 500 readOnly: true 501 dnsPolicy: ClusterFirst 502 nodeSelector: 503 ingress-ready: "true" 504 kubernetes.io/os: linux 505 serviceAccountName: ingress-nginx 506 terminationGracePeriodSeconds: 0 507 tolerations: 508 - effect: NoSchedule 509 key: node-role.kubernetes.io/master 510 operator: Equal 511 - effect: NoSchedule 512 key: node-role.kubernetes.io/control-plane 513 operator: Equal 514 volumes: 515 - name: webhook-cert 516 secret: 517 secretName: ingress-nginx-admission 518 --- 519 apiVersion: batch/v1 520 kind: Job 521 metadata: 522 labels: 523 app.kubernetes.io/component: admission-webhook 524 app.kubernetes.io/instance: ingress-nginx 525 app.kubernetes.io/name: ingress-nginx 526 app.kubernetes.io/part-of: ingress-nginx 527 app.kubernetes.io/version: 1.7.1 528 name: ingress-nginx-admission-create 529 namespace: ingress-nginx 530 spec: 531 template: 532 metadata: 533 labels: 534 app.kubernetes.io/component: admission-webhook 535 app.kubernetes.io/instance: ingress-nginx 536 app.kubernetes.io/name: ingress-nginx 537 app.kubernetes.io/part-of: ingress-nginx 538 app.kubernetes.io/version: 1.7.1 539 name: ingress-nginx-admission-create 540 spec: 541 containers: 542 - args: 543 - create 544 - --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.$(POD_NAMESPACE).svc 545 - --namespace=$(POD_NAMESPACE) 546 - --secret-name=ingress-nginx-admission 547 env: 548 - name: POD_NAMESPACE 549 valueFrom: 550 fieldRef: 551 fieldPath: metadata.namespace 552 image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20230312-helm-chart-4.5.2-28-g66a760794@sha256:01d181618f270f2a96c04006f33b2699ad3ccb02da48d0f89b22abce084b292f 553 imagePullPolicy: IfNotPresent 554 name: create 555 securityContext: 556 allowPrivilegeEscalation: false 557 nodeSelector: 558 kubernetes.io/os: linux 559 restartPolicy: OnFailure 560 securityContext: 561 fsGroup: 2000 562 runAsNonRoot: true 563 runAsUser: 2000 564 serviceAccountName: ingress-nginx-admission 565 --- 566 apiVersion: batch/v1 567 kind: Job 568 metadata: 569 labels: 570 app.kubernetes.io/component: admission-webhook 571 app.kubernetes.io/instance: ingress-nginx 572 app.kubernetes.io/name: ingress-nginx 573 app.kubernetes.io/part-of: ingress-nginx 574 app.kubernetes.io/version: 1.7.1 575 name: ingress-nginx-admission-patch 576 namespace: ingress-nginx 577 spec: 578 template: 579 metadata: 580 labels: 581 app.kubernetes.io/component: admission-webhook 582 app.kubernetes.io/instance: ingress-nginx 583 app.kubernetes.io/name: ingress-nginx 584 app.kubernetes.io/part-of: ingress-nginx 585 app.kubernetes.io/version: 1.7.1 586 name: ingress-nginx-admission-patch 587 spec: 588 containers: 589 - args: 590 - patch 591 - --webhook-name=ingress-nginx-admission 592 - --namespace=$(POD_NAMESPACE) 593 - --patch-mutating=false 594 - --secret-name=ingress-nginx-admission 595 - --patch-failure-policy=Fail 596 env: 597 - name: POD_NAMESPACE 598 valueFrom: 599 fieldRef: 600 fieldPath: metadata.namespace 601 image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20230312-helm-chart-4.5.2-28-g66a760794@sha256:01d181618f270f2a96c04006f33b2699ad3ccb02da48d0f89b22abce084b292f 602 imagePullPolicy: IfNotPresent 603 name: patch 604 securityContext: 605 allowPrivilegeEscalation: false 606 nodeSelector: 607 kubernetes.io/os: linux 608 restartPolicy: OnFailure 609 securityContext: 610 fsGroup: 2000 611 runAsNonRoot: true 612 runAsUser: 2000 613 serviceAccountName: ingress-nginx-admission 614 --- 615 apiVersion: networking.k8s.io/v1 616 kind: IngressClass 617 metadata: 618 labels: 619 app.kubernetes.io/component: controller 620 app.kubernetes.io/instance: ingress-nginx 621 app.kubernetes.io/name: ingress-nginx 622 app.kubernetes.io/part-of: ingress-nginx 623 app.kubernetes.io/version: 1.7.1 624 name: nginx 625 spec: 626 controller: k8s.io/ingress-nginx