DevFW-CICD/ingress-nginx-helm
14
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge pull request #3197 from aledbf/remove-tcp-udp

Browse source 
Remove support for TCP and UDP services
This commit is contained in:
k8s-ci-robot 2018-10-08 07:19:39 -07:00 committed by GitHub
commit 3cf00b2fd8
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
10 changed files with 27 additions and 308 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
cmd/nginx/flags.go
View file

@ -65,19 +65,6 @@ Takes the form "namespace/name". When used together with update-status, the
controller mirrors the address of this service's endpoints to the load-balancer controller mirrors the address of this service's endpoints to the load-balancer
status of all Ingress objects it satisfies.`) status of all Ingress objects it satisfies.`)
tcpConfigMapName = flags.String("tcp-services-configmap", "",
`Name of the ConfigMap containing the definition of the TCP services to expose.
The key in the map indicates the external port to be used. The value is a
reference to a Service in the form "namespace/name:port", where "port" can
either be a port number or name. TCP ports 80 and 443 are reserved by the
controller for servicing HTTP traffic.`)
udpConfigMapName = flags.String("udp-services-configmap", "",
`Name of the ConfigMap containing the definition of the UDP services to expose.
The key in the map indicates the external port to be used. The value is a
reference to a Service in the form "namespace/name:port", where "port" can
either be a port name or number.`)
resyncPeriod = flags.Duration("sync-period", 0, resyncPeriod = flags.Duration("sync-period", 0,
`Period at which the controller forces the repopulation of its local object stores. Disabled by default.`) `Period at which the controller forces the repopulation of its local object stores. Disabled by default.`)
@ -240,8 +227,6 @@ dynamic certificates functionality is enabled. Please check the flags --enable-s
DefaultService: *defaultSvc, DefaultService: *defaultSvc,
Namespace: *watchNamespace, Namespace: *watchNamespace,
ConfigMapName: *configMap, ConfigMapName: *configMap,
TCPConfigMapName: *tcpConfigMapName,
UDPConfigMapName: *udpConfigMapName,
DefaultSSLCertificate: *defSSLCertificate, DefaultSSLCertificate: *defSSLCertificate,
DefaultHealthzURL: *defHealthzURL, DefaultHealthzURL: *defHealthzURL,
PublishService: *publishSvc, PublishService: *publishSvc,

2
internal/ingress/controller/config/config.go
View file

@ -692,8 +692,6 @@ type TemplateConfig struct {
Backends []*ingress.Backend Backends []*ingress.Backend
PassthroughBackends []*ingress.SSLPassthroughBackend PassthroughBackends []*ingress.SSLPassthroughBackend
Servers []*ingress.Server Servers []*ingress.Server
TCPBackends []ingress.L4Service
UDPBackends []ingress.L4Service
HealthzURI string HealthzURI string
CustomErrors bool CustomErrors bool
Cfg Configuration Cfg Configuration

138
internal/ingress/controller/controller.go
View file

@ -21,7 +21,6 @@ import (
"math/rand" "math/rand"
"sort" "sort"
"strconv" "strconv"
"strings"
"time" "time"
"github.com/golang/glog" "github.com/golang/glog"
@ -61,11 +60,6 @@ type Configuration struct {
ForceNamespaceIsolation bool ForceNamespaceIsolation bool
// +optional
TCPConfigMapName string
// +optional
UDPConfigMapName string
DefaultHealthzURL string DefaultHealthzURL string
DefaultSSLCertificate string DefaultSSLCertificate string
@ -160,8 +154,6 @@ func (n *NGINXController) syncIngress(interface{}) error {
pcfg := &ingress.Configuration{ pcfg := &ingress.Configuration{
Backends: upstreams, Backends: upstreams,
Servers: servers, Servers: servers,
TCPEndpoints: n.getStreamServices(n.cfg.TCPConfigMapName, apiv1.ProtocolTCP),
UDPEndpoints: n.getStreamServices(n.cfg.UDPConfigMapName, apiv1.ProtocolUDP),
PassthroughBackends: passUpstreams, PassthroughBackends: passUpstreams,
BackendConfigChecksum: n.store.GetBackendConfiguration().Checksum, BackendConfigChecksum: n.store.GetBackendConfiguration().Checksum,
} }
@ -225,136 +217,6 @@ func (n *NGINXController) syncIngress(interface{}) error {
return nil return nil
} }
func (n *NGINXController) getStreamServices(configmapName string, proto apiv1.Protocol) []ingress.L4Service {
if configmapName == "" {
return []ingress.L4Service{}
}
glog.V(3).Infof("Obtaining information about %v stream services from ConfigMap %q", proto, configmapName)
_, _, err := k8s.ParseNameNS(configmapName)
if err != nil {
glog.Errorf("Error parsing ConfigMap reference %q: %v", configmapName, err)
return []ingress.L4Service{}
}
configmap, err := n.store.GetConfigMap(configmapName)
if err != nil {
glog.Errorf("Error getting ConfigMap %q: %v", configmapName, err)
return []ingress.L4Service{}
}
var svcs []ingress.L4Service
var svcProxyProtocol ingress.ProxyProtocol
rp := []int{
n.cfg.ListenPorts.HTTP,
n.cfg.ListenPorts.HTTPS,
n.cfg.ListenPorts.SSLProxy,
n.cfg.ListenPorts.Status,
n.cfg.ListenPorts.Health,
n.cfg.ListenPorts.Default,
}
reserverdPorts := sets.NewInt(rp...)
// svcRef format: <(str)namespace>/<(str)service>:<(intstr)port>[:<("PROXY")decode>:<("PROXY")encode>]
for port, svcRef := range configmap.Data {
externalPort, err := strconv.Atoi(port)
if err != nil {
glog.Warningf("%q is not a valid %v port number", port, proto)
continue
}
if reserverdPorts.Has(externalPort) {
glog.Warningf("Port %d cannot be used for %v stream services. It is reserved for the Ingress controller.", externalPort, proto)
continue
}
nsSvcPort := strings.Split(svcRef, ":")
if len(nsSvcPort) < 2 {
glog.Warningf("Invalid Service reference %q for %v port %d", svcRef, proto, externalPort)
continue
}
nsName := nsSvcPort[0]
svcPort := nsSvcPort[1]
svcProxyProtocol.Decode = false
svcProxyProtocol.Encode = false
// Proxy Protocol is only compatible with TCP Services
if len(nsSvcPort) >= 3 && proto == apiv1.ProtocolTCP {
if len(nsSvcPort) >= 3 && strings.ToUpper(nsSvcPort[2]) == "PROXY" {
svcProxyProtocol.Decode = true
}
if len(nsSvcPort) == 4 && strings.ToUpper(nsSvcPort[3]) == "PROXY" {
svcProxyProtocol.Encode = true
}
}
svcNs, svcName, err := k8s.ParseNameNS(nsName)
if err != nil {
glog.Warningf("%v", err)
continue
}
svc, err := n.store.GetService(nsName)
if err != nil {
glog.Warningf("Error getting Service %q: %v", nsName, err)
continue
}
var endps []ingress.Endpoint
targetPort, err := strconv.Atoi(svcPort)
if err != nil {
// not a port number, fall back to using port name
glog.V(3).Infof("Searching Endpoints with %v port name %q for Service %q", proto, svcPort, nsName)
for _, sp := range svc.Spec.Ports {
if sp.Name == svcPort {
if sp.Protocol == proto {
endps = getEndpoints(svc, &sp, proto, &healthcheck.Config{}, n.store.GetServiceEndpoints)
break
}
}
}
} else {
glog.V(3).Infof("Searching Endpoints with %v port number %d for Service %q", proto, targetPort, nsName)
for _, sp := range svc.Spec.Ports {
if sp.Port == int32(targetPort) {
if sp.Protocol == proto {
endps = getEndpoints(svc, &sp, proto, &healthcheck.Config{}, n.store.GetServiceEndpoints)
break
}
}
}
}
// stream services cannot contain empty upstreams and there is
// no default backend equivalent
if len(endps) == 0 {
glog.Warningf("Service %q does not have any active Endpoint for %v port %v", nsName, proto, svcPort)
continue
}
svcs = append(svcs, ingress.L4Service{
Port: externalPort,
Backend: ingress.L4Backend{
Name: svcName,
Namespace: svcNs,
Port: intstr.FromString(svcPort),
Protocol: proto,
ProxyProtocol: svcProxyProtocol,
},
Endpoints: endps,
})
}
// Keep upstream order sorted to reduce unnecessary nginx config reloads.
sort.SliceStable(svcs, func(i, j int) bool {
return svcs[i].Port < svcs[j].Port
})
return svcs
}
// getDefaultUpstream returns the upstream associated with the default backend. // getDefaultUpstream returns the upstream associated with the default backend.
// Configures the upstream to return HTTP code 503 in case of error. // Configures the upstream to return HTTP code 503 in case of error.
func (n *NGINXController) getDefaultUpstream() *ingress.Backend { func (n *NGINXController) getDefaultUpstream() *ingress.Backend {

4
internal/ingress/controller/nginx.go
View file

@ -112,8 +112,6 @@ func NewNGINXController(config *Configuration, mc metric.Collector, fs file.File
config.EnableSSLChainCompletion, config.EnableSSLChainCompletion,
config.Namespace, config.Namespace,
config.ConfigMapName, config.ConfigMapName,
config.TCPConfigMapName,
config.UDPConfigMapName,
config.DefaultSSLCertificate, config.DefaultSSLCertificate,
config.ResyncPeriod, config.ResyncPeriod,
config.Client, config.Client,
@ -580,8 +578,6 @@ func (n *NGINXController) OnUpdate(ingressCfg ingress.Configuration) error {
Backends: ingressCfg.Backends, Backends: ingressCfg.Backends,
PassthroughBackends: ingressCfg.PassthroughBackends, PassthroughBackends: ingressCfg.PassthroughBackends,
Servers: ingressCfg.Servers, Servers: ingressCfg.Servers,
TCPBackends: ingressCfg.TCPEndpoints,
UDPBackends: ingressCfg.UDPEndpoints,
HealthzURI: ngxHealthPath, HealthzURI: ngxHealthPath,
CustomErrors: len(cfg.CustomHTTPErrors) > 0, CustomErrors: len(cfg.CustomHTTPErrors) > 0,
Cfg: cfg, Cfg: cfg,

6
internal/ingress/controller/store/store.go
View file

@ -218,7 +218,7 @@ type k8sStore struct {
// New creates a new object store to be used in the ingress controller // New creates a new object store to be used in the ingress controller
func New(checkOCSP bool, func New(checkOCSP bool,
namespace, configmap, tcp, udp, defaultSSLCertificate string, namespace, configmap, defaultSSLCertificate string,
resyncPeriod time.Duration, resyncPeriod time.Duration,
client clientset.Interface, client clientset.Interface,
fs file.Filesystem, fs file.Filesystem,
@ -473,7 +473,7 @@ func New(checkOCSP bool,
cm := obj.(*corev1.ConfigMap) cm := obj.(*corev1.ConfigMap)
key := k8s.MetaNamespaceKey(cm) key := k8s.MetaNamespaceKey(cm)
// updates to configuration configmaps can trigger an update // updates to configuration configmaps can trigger an update
if key == configmap || key == tcp || key == udp { if key == configmap {
recorder.Eventf(cm, corev1.EventTypeNormal, "CREATE", fmt.Sprintf("ConfigMap %v", key)) recorder.Eventf(cm, corev1.EventTypeNormal, "CREATE", fmt.Sprintf("ConfigMap %v", key))
if key == configmap { if key == configmap {
store.setConfig(cm) store.setConfig(cm)
@ -489,7 +489,7 @@ func New(checkOCSP bool,
cm := cur.(*corev1.ConfigMap) cm := cur.(*corev1.ConfigMap)
key := k8s.MetaNamespaceKey(cm) key := k8s.MetaNamespaceKey(cm)
// updates to configuration configmaps can trigger an update // updates to configuration configmaps can trigger an update
if key == configmap || key == tcp || key == udp { if key == configmap {
recorder.Eventf(cm, corev1.EventTypeNormal, "UPDATE", fmt.Sprintf("ConfigMap %v", key)) recorder.Eventf(cm, corev1.EventTypeNormal, "UPDATE", fmt.Sprintf("ConfigMap %v", key))
if key == configmap { if key == configmap {
store.setConfig(cm) store.setConfig(cm)

11
internal/ingress/controller/store/store_test.go
View file

@ -32,6 +32,7 @@ import (
"encoding/base64" "encoding/base64"
"io/ioutil" "io/ioutil"
"k8s.io/api/core/v1" "k8s.io/api/core/v1"
"k8s.io/client-go/kubernetes" "k8s.io/client-go/kubernetes"
"k8s.io/client-go/kubernetes/fake" "k8s.io/client-go/kubernetes/fake"
@ -62,8 +63,6 @@ func TestStore(t *testing.T) {
storer := New(true, storer := New(true,
ns, ns,
fmt.Sprintf("%v/config", ns), fmt.Sprintf("%v/config", ns),
fmt.Sprintf("%v/tcp", ns),
fmt.Sprintf("%v/udp", ns),
"", "",
10*time.Minute, 10*time.Minute,
clientSet, clientSet,
@ -150,8 +149,6 @@ func TestStore(t *testing.T) {
storer := New(true, storer := New(true,
ns, ns,
fmt.Sprintf("%v/config", ns), fmt.Sprintf("%v/config", ns),
fmt.Sprintf("%v/tcp", ns),
fmt.Sprintf("%v/udp", ns),
"", "",
10*time.Minute, 10*time.Minute,
clientSet, clientSet,
@ -298,8 +295,6 @@ func TestStore(t *testing.T) {
storer := New(true, storer := New(true,
ns, ns,
fmt.Sprintf("%v/config", ns), fmt.Sprintf("%v/config", ns),
fmt.Sprintf("%v/tcp", ns),
fmt.Sprintf("%v/udp", ns),
"", "",
10*time.Minute, 10*time.Minute,
clientSet, clientSet,
@ -387,8 +382,6 @@ func TestStore(t *testing.T) {
storer := New(true, storer := New(true,
ns, ns,
fmt.Sprintf("%v/config", ns), fmt.Sprintf("%v/config", ns),
fmt.Sprintf("%v/tcp", ns),
fmt.Sprintf("%v/udp", ns),
"", "",
10*time.Minute, 10*time.Minute,
clientSet, clientSet,
@ -499,8 +492,6 @@ func TestStore(t *testing.T) {
storer := New(true, storer := New(true,
ns, ns,
fmt.Sprintf("%v/config", ns), fmt.Sprintf("%v/config", ns),
fmt.Sprintf("%v/tcp", ns),
fmt.Sprintf("%v/udp", ns),
"", "",
10*time.Minute, 10*time.Minute,
clientSet, clientSet,

6
internal/ingress/types.go
View file

@ -53,12 +53,6 @@ type Configuration struct {
Backends []*Backend `json:"backends,omitempty"` Backends []*Backend `json:"backends,omitempty"`
// Servers // Servers
Servers []*Server `json:"servers,omitempty"` Servers []*Server `json:"servers,omitempty"`
// TCPEndpoints contain endpoints for tcp streams handled by this backend
// +optional
TCPEndpoints []L4Service `json:"tcpEndpoints,omitempty"`
// UDPEndpoints contain endpoints for udp streams handled by this backend
// +optional
UDPEndpoints []L4Service `json:"udpEndpoints,omitempty"`
// PassthroughBackend contains the backends used for SSL passthrough. // PassthroughBackend contains the backends used for SSL passthrough.
// It contains information about the associated Server Name Indication (SNI). // It contains information about the associated Server Name Indication (SNI).
// +optional // +optional

38
internal/ingress/types_equals.go
View file

@ -53,44 +53,6 @@ func (c1 *Configuration) Equal(c2 *Configuration) bool {
} }
} }
if len(c1.TCPEndpoints) != len(c2.TCPEndpoints) {
return false
}
for _, tcp1 := range c1.TCPEndpoints {
found := false
for _, tcp2 := range c2.TCPEndpoints {
if (&tcp1).Equal(&tcp2) {
found = true
break
}
}
if !found {
return false
}
}
if len(c1.UDPEndpoints) != len(c2.UDPEndpoints) {
return false
}
for _, udp1 := range c1.UDPEndpoints {
found := false
for _, udp2 := range c2.UDPEndpoints {
if (&udp1).Equal(&udp2) {
found = true
break
}
}
if !found {
return false
}
}
if len(c1.PassthroughBackends) != len(c2.PassthroughBackends) {
return false
}
for _, ptb1 := range c1.PassthroughBackends { for _, ptb1 := range c1.PassthroughBackends {
found := false found := false
for _, ptb2 := range c2.PassthroughBackends { for _, ptb2 := range c2.PassthroughBackends {

57
rootfs/etc/nginx/template/nginx.tmpl
View file

@ -697,63 +697,6 @@ stream {
{{ end }} {{ end }}
error_log {{ $cfg.ErrorLogPath }}; error_log {{ $cfg.ErrorLogPath }};
# TCP services
{{ range $tcpServer := .TCPBackends }}
upstream tcp-{{ $tcpServer.Port }}-{{ $tcpServer.Backend.Namespace }}-{{ $tcpServer.Backend.Name }}-{{ $tcpServer.Backend.Port }} {
{{ range $endpoint := $tcpServer.Endpoints }}
server {{ $endpoint.Address | formatIP }}:{{ $endpoint.Port }};
{{ end }}
}
server {
{{ range $address := $all.Cfg.BindAddressIpv4 }}
listen {{ $address }}:{{ $tcpServer.Port }}{{ if $tcpServer.Backend.ProxyProtocol.Decode }} proxy_protocol{{ end }};
{{ else }}
listen {{ $tcpServer.Port }}{{ if $tcpServer.Backend.ProxyProtocol.Decode }} proxy_protocol{{ end }};
{{ end }}
{{ if $IsIPV6Enabled }}
{{ range $address := $all.Cfg.BindAddressIpv6 }}
listen {{ $address }}:{{ $tcpServer.Port }}{{ if $tcpServer.Backend.ProxyProtocol.Decode }} proxy_protocol{{ end }};
{{ else }}
listen [::]:{{ $tcpServer.Port }}{{ if $tcpServer.Backend.ProxyProtocol.Decode }} proxy_protocol{{ end }};
{{ end }}
{{ end }}
proxy_timeout {{ $cfg.ProxyStreamTimeout }};
proxy_pass tcp-{{ $tcpServer.Port }}-{{ $tcpServer.Backend.Namespace }}-{{ $tcpServer.Backend.Name }}-{{ $tcpServer.Backend.Port }};
{{ if $tcpServer.Backend.ProxyProtocol.Encode }}
proxy_protocol on;
{{ end }}
}
{{ end }}
# UDP services
{{ range $udpServer := .UDPBackends }}
upstream udp-{{ $udpServer.Port }}-{{ $udpServer.Backend.Namespace }}-{{ $udpServer.Backend.Name }}-{{ $udpServer.Backend.Port }} {
{{ range $endpoint := $udpServer.Endpoints }}
server {{ $endpoint.Address | formatIP }}:{{ $endpoint.Port }};
{{ end }}
}
server {
{{ range $address := $all.Cfg.BindAddressIpv4 }}
listen {{ $address }}:{{ $udpServer.Port }} udp;
{{ else }}
listen {{ $udpServer.Port }} udp;
{{ end }}
{{ if $IsIPV6Enabled }}
{{ range $address := $all.Cfg.BindAddressIpv6 }}
listen {{ $address }}:{{ $udpServer.Port }} udp;
{{ else }}
listen [::]:{{ $udpServer.Port }} udp;
{{ end }}
{{ end }}
proxy_responses {{ $cfg.ProxyStreamResponses }};
proxy_timeout {{ $cfg.ProxyStreamTimeout }};
proxy_pass udp-{{ $udpServer.Port }}-{{ $udpServer.Backend.Namespace }}-{{ $udpServer.Backend.Name }}-{{ $udpServer.Backend.Port }};
}
{{ end }}
} }
{{/* definition of templates to avoid repetitions */}} {{/* definition of templates to avoid repetitions */}}

58
test/manifests/ingress-controller/mandatory.yaml
View file

@ -1,5 +1,3 @@
---
kind: ConfigMap kind: ConfigMap
apiVersion: v1 apiVersion: v1
metadata: metadata:
@ -8,7 +6,6 @@ metadata:
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
--- ---
kind: ConfigMap kind: ConfigMap
apiVersion: v1 apiVersion: v1
metadata: metadata:
@ -17,7 +14,6 @@ metadata:
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
--- ---
kind: ConfigMap kind: ConfigMap
apiVersion: v1 apiVersion: v1
metadata: metadata:
@ -26,7 +22,6 @@ metadata:
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
--- ---
apiVersion: v1 apiVersion: v1
kind: ServiceAccount kind: ServiceAccount
metadata: metadata:
@ -35,7 +30,6 @@ metadata:
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
--- ---
apiVersion: rbac.authorization.k8s.io/v1beta1 apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole kind: ClusterRole
metadata: metadata:
@ -80,10 +74,10 @@ rules:
- apiGroups: - apiGroups:
- "" - ""
resources: resources:
- events - events
verbs: verbs:
- create - create
- patch - patch
- apiGroups: - apiGroups:
- "extensions" - "extensions"
resources: resources:
@ -92,7 +86,6 @@ rules:
- update - update
--- ---
apiVersion: rbac.authorization.k8s.io/v1beta1 apiVersion: rbac.authorization.k8s.io/v1beta1
kind: Role kind: Role
metadata: metadata:
@ -137,7 +130,6 @@ rules:
- get - get
--- ---
apiVersion: rbac.authorization.k8s.io/v1beta1 apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding kind: RoleBinding
metadata: metadata:
@ -155,7 +147,6 @@ subjects:
namespace: ${NAMESPACE} namespace: ${NAMESPACE}
--- ---
apiVersion: rbac.authorization.k8s.io/v1beta1 apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding kind: ClusterRoleBinding
metadata: metadata:
@ -171,9 +162,8 @@ subjects:
- kind: ServiceAccount - kind: ServiceAccount
name: nginx-ingress-serviceaccount name: nginx-ingress-serviceaccount
namespace: ${NAMESPACE} namespace: ${NAMESPACE}
---
---
apiVersion: extensions/v1beta1 apiVersion: extensions/v1beta1
kind: Deployment kind: Deployment
metadata: metadata:
@ -193,39 +183,37 @@ spec:
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
annotations: annotations:
prometheus.io/port: '10254' prometheus.io/port: "10254"
prometheus.io/scrape: 'true' prometheus.io/scrape: "true"
spec: spec:
terminationGracePeriodSeconds: 0 terminationGracePeriodSeconds: 0
serviceAccountName: nginx-ingress-serviceaccount serviceAccountName: nginx-ingress-serviceaccount
initContainers: initContainers:
- name: enable-coredump - name: enable-coredump
image: busybox image: busybox
command: command:
- /bin/sh - /bin/sh
- -c - -c
- | - |
ulimit -c unlimited ulimit -c unlimited
echo "/tmp/core.%e.%p" > /proc/sys/kernel/core_pattern echo "/tmp/core.%e.%p" > /proc/sys/kernel/core_pattern
sysctl -w fs.suid_dumpable=2 sysctl -w fs.suid_dumpable=2
securityContext: securityContext:
privileged: true privileged: true
containers: containers:
- name: nginx-ingress-controller - name: nginx-ingress-controller
image: ingress-controller/nginx-ingress-controller:dev image: ingress-controller/nginx-ingress-controller:dev
args: args:
- /nginx-ingress-controller - /nginx-ingress-controller
- --configmap=$(POD_NAMESPACE)/nginx-configuration - --configmap=$(POD_NAMESPACE)/nginx-configuration
- --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services
- --udp-services-configmap=$(POD_NAMESPACE)/udp-services
- --publish-service=$(POD_NAMESPACE)/ingress-nginx - --publish-service=$(POD_NAMESPACE)/ingress-nginx
- --annotations-prefix=nginx.ingress.kubernetes.io - --annotations-prefix=nginx.ingress.kubernetes.io
- --watch-namespace=${NAMESPACE} - --watch-namespace=${NAMESPACE}
securityContext: securityContext:
capabilities: capabilities:
drop: drop:
- ALL - ALL
add: add:
- NET_BIND_SERVICE - NET_BIND_SERVICE
# www-data -> 33 # www-data -> 33
runAsUser: 33 runAsUser: 33
@ -239,10 +227,10 @@ spec:
fieldRef: fieldRef:
fieldPath: metadata.namespace fieldPath: metadata.namespace
ports: ports:
- name: http - name: http
containerPort: 80 containerPort: 80
- name: https - name: https
containerPort: 443 containerPort: 443
livenessProbe: livenessProbe:
failureThreshold: 3 failureThreshold: 3
httpGet: httpGet: