diff --git a/deploy/configmap.yaml b/deploy/configmap.yaml index fbcf18ec0..6e882c664 100644 --- a/deploy/configmap.yaml +++ b/deploy/configmap.yaml @@ -1,5 +1,3 @@ ---- - kind: ConfigMap apiVersion: v1 metadata: @@ -7,3 +5,7 @@ metadata: namespace: ingress-nginx labels: app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + +--- + diff --git a/deploy/default-backend.yaml b/deploy/default-backend.yaml index de14a9f8d..3ca806550 100644 --- a/deploy/default-backend.yaml +++ b/deploy/default-backend.yaml @@ -1,5 +1,3 @@ ---- - apiVersion: extensions/v1beta1 kind: Deployment metadata: @@ -22,29 +20,29 @@ spec: spec: terminationGracePeriodSeconds: 60 containers: - - name: default-http-backend - # Any image is permissible as long as: - # 1. It serves a 404 page at / - # 2. It serves 200 on a /healthz endpoint - image: gcr.io/google_containers/defaultbackend:1.4 - livenessProbe: - httpGet: - path: /healthz - port: 8080 - scheme: HTTP - initialDelaySeconds: 30 - timeoutSeconds: 5 - ports: - - containerPort: 8080 - resources: - limits: - cpu: 10m - memory: 20Mi - requests: - cpu: 10m - memory: 20Mi ---- + - name: default-http-backend + # Any image is permissible as long as: + # 1. It serves a 404 page at / + # 2. It serves 200 on a /healthz endpoint + image: gcr.io/google_containers/defaultbackend:1.4 + livenessProbe: + httpGet: + path: /healthz + port: 8080 + scheme: HTTP + initialDelaySeconds: 30 + timeoutSeconds: 5 + ports: + - containerPort: 8080 + resources: + limits: + cpu: 10m + memory: 20Mi + requests: + cpu: 10m + memory: 20Mi +--- apiVersion: v1 kind: Service metadata: @@ -55,8 +53,11 @@ metadata: app.kubernetes.io/part-of: ingress-nginx spec: ports: - - port: 80 - targetPort: 8080 + - port: 80 + targetPort: 8080 selector: app.kubernetes.io/name: default-http-backend app.kubernetes.io/part-of: ingress-nginx + +--- + diff --git a/deploy/mandatory.yaml b/deploy/mandatory.yaml index daaa0fe6f..250a46496 100644 --- a/deploy/mandatory.yaml +++ b/deploy/mandatory.yaml @@ -1,11 +1,72 @@ ---- - apiVersion: v1 kind: Namespace metadata: name: ingress-nginx + --- +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: default-http-backend + labels: + app.kubernetes.io/name: default-http-backend + app.kubernetes.io/part-of: ingress-nginx + namespace: ingress-nginx +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: default-http-backend + app.kubernetes.io/part-of: ingress-nginx + template: + metadata: + labels: + app.kubernetes.io/name: default-http-backend + app.kubernetes.io/part-of: ingress-nginx + spec: + terminationGracePeriodSeconds: 60 + containers: + - name: default-http-backend + # Any image is permissible as long as: + # 1. It serves a 404 page at / + # 2. It serves 200 on a /healthz endpoint + image: gcr.io/google_containers/defaultbackend:1.4 + livenessProbe: + httpGet: + path: /healthz + port: 8080 + scheme: HTTP + initialDelaySeconds: 30 + timeoutSeconds: 5 + ports: + - containerPort: 8080 + resources: + limits: + cpu: 10m + memory: 20Mi + requests: + cpu: 10m + memory: 20Mi + +--- +apiVersion: v1 +kind: Service +metadata: + name: default-http-backend + namespace: ingress-nginx + labels: + app.kubernetes.io/name: default-http-backend + app.kubernetes.io/part-of: ingress-nginx +spec: + ports: + - port: 80 + targetPort: 8080 + selector: + app.kubernetes.io/name: default-http-backend + app.kubernetes.io/part-of: ingress-nginx + +--- kind: ConfigMap apiVersion: v1 @@ -15,6 +76,7 @@ metadata: labels: app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx + --- kind: ConfigMap @@ -25,6 +87,7 @@ metadata: labels: app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx + --- kind: ConfigMap @@ -35,6 +98,7 @@ metadata: labels: app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx + --- apiVersion: v1 @@ -47,7 +111,6 @@ metadata: app.kubernetes.io/part-of: ingress-nginx --- - apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRole metadata: @@ -92,10 +155,10 @@ rules: - apiGroups: - "" resources: - - events + - events verbs: - - create - - patch + - create + - patch - apiGroups: - "extensions" resources: @@ -104,7 +167,6 @@ rules: - update --- - apiVersion: rbac.authorization.k8s.io/v1beta1 kind: Role metadata: @@ -150,7 +212,6 @@ rules: - get --- - apiVersion: rbac.authorization.k8s.io/v1beta1 kind: RoleBinding metadata: @@ -169,7 +230,6 @@ subjects: namespace: ingress-nginx --- - apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding metadata: @@ -185,6 +245,7 @@ subjects: - kind: ServiceAccount name: nginx-ingress-serviceaccount namespace: ingress-nginx + --- apiVersion: extensions/v1beta1 @@ -207,8 +268,8 @@ spec: app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx annotations: - prometheus.io/port: '10254' - prometheus.io/scrape: 'true' + prometheus.io/port: "10254" + prometheus.io/scrape: "true" spec: serviceAccountName: nginx-ingress-serviceaccount containers: @@ -216,6 +277,7 @@ spec: image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.19.0 args: - /nginx-ingress-controller + - --default-backend-service=$(POD_NAMESPACE)/default-http-backend - --configmap=$(POD_NAMESPACE)/nginx-configuration - --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services - --udp-services-configmap=$(POD_NAMESPACE)/udp-services @@ -223,9 +285,9 @@ spec: - --annotations-prefix=nginx.ingress.kubernetes.io securityContext: capabilities: - drop: + drop: - ALL - add: + add: - NET_BIND_SERVICE # www-data -> 33 runAsUser: 33 @@ -239,10 +301,10 @@ spec: fieldRef: fieldPath: metadata.namespace ports: - - name: http - containerPort: 80 - - name: https - containerPort: 443 + - name: http + containerPort: 80 + - name: https + containerPort: 443 livenessProbe: failureThreshold: 3 httpGet: @@ -262,3 +324,5 @@ spec: periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 + +--- diff --git a/deploy/monitoring/configuration.yaml b/deploy/monitoring/configuration.yaml index 2221a3336..36b9d1773 100644 --- a/deploy/monitoring/configuration.yaml +++ b/deploy/monitoring/configuration.yaml @@ -40,3 +40,6 @@ data: - source_labels: [__meta_kubernetes_service_name] regex: prometheus-server action: drop + +--- + diff --git a/deploy/monitoring/grafana.yaml b/deploy/monitoring/grafana.yaml index df1d43dc9..6875390a7 100644 --- a/deploy/monitoring/grafana.yaml +++ b/deploy/monitoring/grafana.yaml @@ -24,28 +24,27 @@ spec: app.kubernetes.io/part-of: ingress-nginx spec: containers: - - image: grafana/grafana - name: grafana - ports: - - containerPort: 3000 - protocol: TCP - resources: - limits: - cpu: 500m - memory: 2500Mi - requests: - cpu: 100m - memory: 100Mi - volumeMounts: - - mountPath: /var/lib/grafana - name: data + - image: grafana/grafana + name: grafana + ports: + - containerPort: 3000 + protocol: TCP + resources: + limits: + cpu: 500m + memory: 2500Mi + requests: + cpu: 100m + memory: 100Mi + volumeMounts: + - mountPath: /var/lib/grafana + name: data restartPolicy: Always volumes: - - emptyDir: {} - name: data + - emptyDir: {} + name: data --- - apiVersion: v1 kind: Service metadata: @@ -57,10 +56,13 @@ metadata: spec: ports: - - port: 3000 - protocol: TCP - targetPort: 3000 + - port: 3000 + protocol: TCP + targetPort: 3000 selector: app.kubernetes.io/name: grafana app.kubernetes.io/part-of: ingress-nginx type: NodePort + +--- + diff --git a/deploy/monitoring/prometheus.yaml b/deploy/monitoring/prometheus.yaml index b24a0e85f..aee13d286 100644 --- a/deploy/monitoring/prometheus.yaml +++ b/deploy/monitoring/prometheus.yaml @@ -7,15 +7,14 @@ metadata: app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: ingress-nginx rules: -- apiGroups: [""] - resources: - - services - - endpoints - - pods - verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: + - services + - endpoints + - pods + verbs: ["get", "list", "watch"] --- - apiVersion: v1 kind: ServiceAccount metadata: @@ -26,7 +25,6 @@ metadata: app.kubernetes.io/part-of: ingress-nginx --- - apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: @@ -41,12 +39,11 @@ roleRef: kind: Role name: prometheus-server subjects: -- kind: ServiceAccount - name: prometheus-server - namespace: ingress-nginx + - kind: ServiceAccount + name: prometheus-server + namespace: ingress-nginx --- - apiVersion: apps/v1 kind: Deployment metadata: @@ -90,7 +87,6 @@ spec: emptyDir: {} --- - apiVersion: v1 kind: Service metadata: @@ -108,3 +104,6 @@ spec: ports: - port: 9090 targetPort: 9090 + +--- + diff --git a/deploy/namespace.yaml b/deploy/namespace.yaml index 022845631..79cf1e85f 100644 --- a/deploy/namespace.yaml +++ b/deploy/namespace.yaml @@ -1,6 +1,7 @@ ---- - apiVersion: v1 kind: Namespace metadata: name: ingress-nginx + +--- + diff --git a/deploy/provider/aws/patch-configmap-l7.yaml b/deploy/provider/aws/patch-configmap-l7.yaml index 45d359edc..c71eaab0a 100644 --- a/deploy/provider/aws/patch-configmap-l7.yaml +++ b/deploy/provider/aws/patch-configmap-l7.yaml @@ -8,3 +8,6 @@ metadata: app.kubernetes.io/part-of: ingress-nginx data: use-proxy-protocol: "false" + +--- + diff --git a/deploy/provider/aws/service-l4.yaml b/deploy/provider/aws/service-l4.yaml index f28e3ed77..893b5a03d 100644 --- a/deploy/provider/aws/service-l4.yaml +++ b/deploy/provider/aws/service-l4.yaml @@ -8,20 +8,23 @@ metadata: app.kubernetes.io/part-of: ingress-nginx annotations: # Enable PROXY protocol - service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: '*' + service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*" # Ensure the ELB idle timeout is less than nginx keep-alive timeout. By default, # NGINX keep-alive is set to 75s. If using WebSockets, the value will need to be # increased to '3600' to avoid any potential issues. - service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: '60' + service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "60" spec: type: LoadBalancer selector: app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx ports: - - name: http - port: 80 - targetPort: http - - name: https - port: 443 - targetPort: https + - name: http + port: 80 + targetPort: http + - name: https + port: 443 + targetPort: https + +--- + diff --git a/deploy/provider/aws/service-l7.yaml b/deploy/provider/aws/service-l7.yaml index aed9723fb..6616108a2 100644 --- a/deploy/provider/aws/service-l7.yaml +++ b/deploy/provider/aws/service-l7.yaml @@ -16,16 +16,19 @@ metadata: # Ensure the ELB idle timeout is less than nginx keep-alive timeout. By default, # NGINX keep-alive is set to 75s. If using WebSockets, the value will need to be # increased to '3600' to avoid any potential issues. - service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: '60' + service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "60" spec: type: LoadBalancer selector: app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx ports: - - name: http - port: 80 - targetPort: http - - name: https - port: 443 - targetPort: http + - name: http + port: 80 + targetPort: http + - name: https + port: 443 + targetPort: http + +--- + diff --git a/deploy/provider/aws/service-nlb.yaml b/deploy/provider/aws/service-nlb.yaml index 49c6e3cf6..c4e13e472 100644 --- a/deploy/provider/aws/service-nlb.yaml +++ b/deploy/provider/aws/service-nlb.yaml @@ -17,9 +17,12 @@ spec: app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx ports: - - name: http - port: 80 - targetPort: http - - name: https - port: 443 - targetPort: https + - name: http + port: 80 + targetPort: http + - name: https + port: 443 + targetPort: https + +--- + diff --git a/deploy/provider/baremetal/service-nodeport.yaml b/deploy/provider/baremetal/service-nodeport.yaml index a8d0336be..24e302818 100644 --- a/deploy/provider/baremetal/service-nodeport.yaml +++ b/deploy/provider/baremetal/service-nodeport.yaml @@ -9,14 +9,17 @@ metadata: spec: type: NodePort ports: - - name: http - port: 80 - targetPort: 80 - protocol: TCP - - name: https - port: 443 - targetPort: 443 - protocol: TCP + - name: http + port: 80 + targetPort: 80 + protocol: TCP + - name: https + port: 443 + targetPort: 443 + protocol: TCP selector: app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx + +--- + diff --git a/deploy/provider/cloud-generic.yaml b/deploy/provider/cloud-generic.yaml index 9261d49a2..8bbac569b 100644 --- a/deploy/provider/cloud-generic.yaml +++ b/deploy/provider/cloud-generic.yaml @@ -13,9 +13,12 @@ spec: app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx ports: - - name: http - port: 80 - targetPort: http - - name: https - port: 443 - targetPort: https + - name: http + port: 80 + targetPort: http + - name: https + port: 443 + targetPort: https + +--- + diff --git a/deploy/rbac.yaml b/deploy/rbac.yaml index 81d922c99..103bd98cc 100644 --- a/deploy/rbac.yaml +++ b/deploy/rbac.yaml @@ -1,17 +1,20 @@ ---- - apiVersion: v1 kind: ServiceAccount metadata: name: nginx-ingress-serviceaccount namespace: ingress-nginx + labels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx --- - apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRole metadata: name: nginx-ingress-clusterrole + labels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx rules: - apiGroups: - "" @@ -49,10 +52,10 @@ rules: - apiGroups: - "" resources: - - events + - events verbs: - - create - - patch + - create + - patch - apiGroups: - "extensions" resources: @@ -61,12 +64,14 @@ rules: - update --- - apiVersion: rbac.authorization.k8s.io/v1beta1 kind: Role metadata: name: nginx-ingress-role namespace: ingress-nginx + labels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx rules: - apiGroups: - "" @@ -104,12 +109,14 @@ rules: - get --- - apiVersion: rbac.authorization.k8s.io/v1beta1 kind: RoleBinding metadata: name: nginx-ingress-role-nisa-binding namespace: ingress-nginx + labels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io kind: Role @@ -120,11 +127,13 @@ subjects: namespace: ingress-nginx --- - apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding metadata: name: nginx-ingress-clusterrole-nisa-binding + labels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -133,3 +142,6 @@ subjects: - kind: ServiceAccount name: nginx-ingress-serviceaccount namespace: ingress-nginx + +--- + diff --git a/deploy/tcp-services-configmap.yaml b/deploy/tcp-services-configmap.yaml index 4623d095c..464fba1cd 100644 --- a/deploy/tcp-services-configmap.yaml +++ b/deploy/tcp-services-configmap.yaml @@ -1,5 +1,3 @@ ---- - kind: ConfigMap apiVersion: v1 metadata: @@ -8,3 +6,6 @@ metadata: labels: app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx + +--- + diff --git a/deploy/udp-services-configmap.yaml b/deploy/udp-services-configmap.yaml index 8d858b4b9..3337910b0 100644 --- a/deploy/udp-services-configmap.yaml +++ b/deploy/udp-services-configmap.yaml @@ -1,5 +1,3 @@ ---- - kind: ConfigMap apiVersion: v1 metadata: @@ -8,3 +6,6 @@ metadata: labels: app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx + +--- + diff --git a/deploy/with-rbac.yaml b/deploy/with-rbac.yaml index 0f76ae9d3..ceb467f44 100644 --- a/deploy/with-rbac.yaml +++ b/deploy/with-rbac.yaml @@ -1,5 +1,3 @@ ---- - apiVersion: extensions/v1beta1 kind: Deployment metadata: @@ -20,8 +18,8 @@ spec: app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx annotations: - prometheus.io/port: '10254' - prometheus.io/scrape: 'true' + prometheus.io/port: "10254" + prometheus.io/scrape: "true" spec: serviceAccountName: nginx-ingress-serviceaccount containers: @@ -37,9 +35,9 @@ spec: - --annotations-prefix=nginx.ingress.kubernetes.io securityContext: capabilities: - drop: + drop: - ALL - add: + add: - NET_BIND_SERVICE # www-data -> 33 runAsUser: 33 @@ -53,10 +51,10 @@ spec: fieldRef: fieldPath: metadata.namespace ports: - - name: http - containerPort: 80 - - name: https - containerPort: 443 + - name: http + containerPort: 80 + - name: https + containerPort: 443 livenessProbe: failureThreshold: 3 httpGet: @@ -76,3 +74,6 @@ spec: periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 + +--- +