summaryrefslogtreecommitdiff
path: root/contrib/k8s-emc/ingress.yml
diff options
context:
space:
mode:
Diffstat (limited to 'contrib/k8s-emc/ingress.yml')
-rw-r--r--contrib/k8s-emc/ingress.yml294
1 files changed, 4 insertions, 290 deletions
diff --git a/contrib/k8s-emc/ingress.yml b/contrib/k8s-emc/ingress.yml
index f53f5c1..d6fd08f 100644
--- a/contrib/k8s-emc/ingress.yml
+++ b/contrib/k8s-emc/ingress.yml
@@ -19,18 +19,6 @@ metadata:
name: ingress-nginx
namespace: ingress-nginx
---
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- labels:
- app.kubernetes.io/component: admission-webhook
- app.kubernetes.io/instance: ingress-nginx
- app.kubernetes.io/name: ingress-nginx
- app.kubernetes.io/part-of: ingress-nginx
- app.kubernetes.io/version: 1.2.1
- name: ingress-nginx-admission
- namespace: ingress-nginx
----
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
@@ -114,26 +102,6 @@ rules:
- patch
---
apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
- labels:
- app.kubernetes.io/component: admission-webhook
- app.kubernetes.io/instance: ingress-nginx
- app.kubernetes.io/name: ingress-nginx
- app.kubernetes.io/part-of: ingress-nginx
- app.kubernetes.io/version: 1.2.1
- name: ingress-nginx-admission
- namespace: ingress-nginx
-rules:
-- apiGroups:
- - ""
- resources:
- - secrets
- verbs:
- - get
- - create
----
-apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
@@ -200,25 +168,6 @@ rules:
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
- labels:
- app.kubernetes.io/component: admission-webhook
- app.kubernetes.io/instance: ingress-nginx
- app.kubernetes.io/name: ingress-nginx
- app.kubernetes.io/part-of: ingress-nginx
- app.kubernetes.io/version: 1.2.1
- name: ingress-nginx-admission
-rules:
-- apiGroups:
- - admissionregistration.k8s.io
- resources:
- - validatingwebhookconfigurations
- verbs:
- - get
- - update
----
-apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
@@ -239,26 +188,6 @@ subjects:
namespace: ingress-nginx
---
apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
- labels:
- app.kubernetes.io/component: admission-webhook
- app.kubernetes.io/instance: ingress-nginx
- app.kubernetes.io/name: ingress-nginx
- app.kubernetes.io/part-of: ingress-nginx
- app.kubernetes.io/version: 1.2.1
- name: ingress-nginx-admission
- namespace: ingress-nginx
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: Role
- name: ingress-nginx-admission
-subjects:
-- kind: ServiceAccount
- name: ingress-nginx-admission
- namespace: ingress-nginx
----
-apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
@@ -276,25 +205,6 @@ subjects:
name: ingress-nginx
namespace: ingress-nginx
---
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
- labels:
- app.kubernetes.io/component: admission-webhook
- app.kubernetes.io/instance: ingress-nginx
- app.kubernetes.io/name: ingress-nginx
- app.kubernetes.io/part-of: ingress-nginx
- app.kubernetes.io/version: 1.2.1
- name: ingress-nginx-admission
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: ingress-nginx-admission
-subjects:
-- kind: ServiceAccount
- name: ingress-nginx-admission
- namespace: ingress-nginx
----
apiVersion: v1
data:
allow-snippet-annotations: "true"
@@ -309,60 +219,8 @@ metadata:
name: ingress-nginx-controller
namespace: ingress-nginx
---
-apiVersion: v1
-kind: Service
-metadata:
- labels:
- app.kubernetes.io/component: controller
- app.kubernetes.io/instance: ingress-nginx
- app.kubernetes.io/name: ingress-nginx
- app.kubernetes.io/part-of: ingress-nginx
- app.kubernetes.io/version: 1.2.1
- name: ingress-nginx-controller
- namespace: ingress-nginx
-spec:
- ports:
- - appProtocol: http
- name: http
- port: 80
- protocol: TCP
- targetPort: http
- - appProtocol: https
- name: https
- port: 443
- protocol: TCP
- targetPort: https
- selector:
- app.kubernetes.io/component: controller
- app.kubernetes.io/instance: ingress-nginx
- app.kubernetes.io/name: ingress-nginx
- type: NodePort
----
-apiVersion: v1
-kind: Service
-metadata:
- labels:
- app.kubernetes.io/component: controller
- app.kubernetes.io/instance: ingress-nginx
- app.kubernetes.io/name: ingress-nginx
- app.kubernetes.io/part-of: ingress-nginx
- app.kubernetes.io/version: 1.2.1
- name: ingress-nginx-controller-admission
- namespace: ingress-nginx
-spec:
- ports:
- - appProtocol: https
- name: https-webhook
- port: 443
- targetPort: webhook
- selector:
- app.kubernetes.io/component: controller
- app.kubernetes.io/instance: ingress-nginx
- app.kubernetes.io/name: ingress-nginx
- type: ClusterIP
----
apiVersion: apps/v1
-kind: Deployment
+kind: DaemonSet
metadata:
labels:
app.kubernetes.io/component: controller
@@ -373,8 +231,6 @@ metadata:
name: ingress-nginx-controller
namespace: ingress-nginx
spec:
- minReadySeconds: 0
- revisionHistoryLimit: 10
selector:
matchLabels:
app.kubernetes.io/component: controller
@@ -394,9 +250,6 @@ spec:
- --controller-class=k8s.io/ingress-nginx
- --ingress-class=nginx
- --configmap=$(POD_NAMESPACE)/ingress-nginx-controller
- - --validating-webhook=:8443
- - --validating-webhook-certificate=/usr/local/certificates/cert
- - --validating-webhook-key=/usr/local/certificates/key
env:
- name: POD_NAME
valueFrom:
@@ -433,9 +286,6 @@ spec:
- containerPort: 443
name: https
protocol: TCP
- - containerPort: 8443
- name: webhook
- protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
@@ -458,115 +308,12 @@ spec:
drop:
- ALL
runAsUser: 101
- volumeMounts:
- - mountPath: /usr/local/certificates/
- name: webhook-cert
- readOnly: true
- dnsPolicy: ClusterFirst
+ hostNetwork: true
+ dnsPolicy: ClusterFirstWithHostNet
nodeSelector:
- kubernetes.io/os: linux
+ streaming.spreadspace.org/zone: dist-lb
serviceAccountName: ingress-nginx
terminationGracePeriodSeconds: 300
- volumes:
- - name: webhook-cert
- secret:
- secretName: ingress-nginx-admission
----
-apiVersion: batch/v1
-kind: Job
-metadata:
- labels:
- app.kubernetes.io/component: admission-webhook
- app.kubernetes.io/instance: ingress-nginx
- app.kubernetes.io/name: ingress-nginx
- app.kubernetes.io/part-of: ingress-nginx
- app.kubernetes.io/version: 1.2.1
- name: ingress-nginx-admission-create
- namespace: ingress-nginx
-spec:
- template:
- metadata:
- labels:
- app.kubernetes.io/component: admission-webhook
- app.kubernetes.io/instance: ingress-nginx
- app.kubernetes.io/name: ingress-nginx
- app.kubernetes.io/part-of: ingress-nginx
- app.kubernetes.io/version: 1.2.1
- name: ingress-nginx-admission-create
- spec:
- containers:
- - args:
- - create
- - --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.$(POD_NAMESPACE).svc
- - --namespace=$(POD_NAMESPACE)
- - --secret-name=ingress-nginx-admission
- env:
- - name: POD_NAMESPACE
- valueFrom:
- fieldRef:
- fieldPath: metadata.namespace
- image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660
- imagePullPolicy: IfNotPresent
- name: create
- securityContext:
- allowPrivilegeEscalation: false
- nodeSelector:
- kubernetes.io/os: linux
- restartPolicy: OnFailure
- securityContext:
- fsGroup: 2000
- runAsNonRoot: true
- runAsUser: 2000
- serviceAccountName: ingress-nginx-admission
----
-apiVersion: batch/v1
-kind: Job
-metadata:
- labels:
- app.kubernetes.io/component: admission-webhook
- app.kubernetes.io/instance: ingress-nginx
- app.kubernetes.io/name: ingress-nginx
- app.kubernetes.io/part-of: ingress-nginx
- app.kubernetes.io/version: 1.2.1
- name: ingress-nginx-admission-patch
- namespace: ingress-nginx
-spec:
- template:
- metadata:
- labels:
- app.kubernetes.io/component: admission-webhook
- app.kubernetes.io/instance: ingress-nginx
- app.kubernetes.io/name: ingress-nginx
- app.kubernetes.io/part-of: ingress-nginx
- app.kubernetes.io/version: 1.2.1
- name: ingress-nginx-admission-patch
- spec:
- containers:
- - args:
- - patch
- - --webhook-name=ingress-nginx-admission
- - --namespace=$(POD_NAMESPACE)
- - --patch-mutating=false
- - --secret-name=ingress-nginx-admission
- - --patch-failure-policy=Fail
- env:
- - name: POD_NAMESPACE
- valueFrom:
- fieldRef:
- fieldPath: metadata.namespace
- image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660
- imagePullPolicy: IfNotPresent
- name: patch
- securityContext:
- allowPrivilegeEscalation: false
- nodeSelector:
- kubernetes.io/os: linux
- restartPolicy: OnFailure
- securityContext:
- fsGroup: 2000
- runAsNonRoot: true
- runAsUser: 2000
- serviceAccountName: ingress-nginx-admission
---
apiVersion: networking.k8s.io/v1
kind: IngressClass
@@ -580,36 +327,3 @@ metadata:
name: nginx
spec:
controller: k8s.io/ingress-nginx
----
-apiVersion: admissionregistration.k8s.io/v1
-kind: ValidatingWebhookConfiguration
-metadata:
- labels:
- app.kubernetes.io/component: admission-webhook
- app.kubernetes.io/instance: ingress-nginx
- app.kubernetes.io/name: ingress-nginx
- app.kubernetes.io/part-of: ingress-nginx
- app.kubernetes.io/version: 1.2.1
- name: ingress-nginx-admission
-webhooks:
-- admissionReviewVersions:
- - v1
- clientConfig:
- service:
- name: ingress-nginx-controller-admission
- namespace: ingress-nginx
- path: /networking/v1/ingresses
- failurePolicy: Fail
- matchPolicy: Equivalent
- name: validate.nginx.ingress.kubernetes.io
- rules:
- - apiGroups:
- - networking.k8s.io
- apiVersions:
- - v1
- operations:
- - CREATE
- - UPDATE
- resources:
- - ingresses
- sideEffects: None
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-19 17:51:26 +0000