5b918e2d95
kubectl apply --server-side currently doesn't work with Port specs that are missing protocol: https://github.com/kubernetes-sigs/structured-merge-diff/issues/130 so we should always specify it.
74 lines
2.3 KiB
YAML
74 lines
2.3 KiB
YAML
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: nginx-ingress-controller
|
|
spec:
|
|
replicas: 1
|
|
template:
|
|
metadata:
|
|
annotations:
|
|
prometheus.io/port: "10254"
|
|
prometheus.io/scrape: "true"
|
|
spec:
|
|
# wait up to five minutes for the drain of connections
|
|
terminationGracePeriodSeconds: 300
|
|
serviceAccountName: nginx-ingress-serviceaccount
|
|
containers:
|
|
- name: nginx-ingress-controller
|
|
image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.26.1
|
|
args:
|
|
- /nginx-ingress-controller
|
|
- --configmap=$(POD_NAMESPACE)/$(NGINX_CONFIGMAP_NAME)
|
|
- --tcp-services-configmap=$(POD_NAMESPACE)/$(TCP_CONFIGMAP_NAME)
|
|
- --udp-services-configmap=$(POD_NAMESPACE)/$(UDP_CONFIGMAP_NAME)
|
|
- --publish-service=$(POD_NAMESPACE)/$(SERVICE_NAME)
|
|
- --annotations-prefix=nginx.ingress.kubernetes.io
|
|
securityContext:
|
|
allowPrivilegeEscalation: true
|
|
capabilities:
|
|
drop:
|
|
- ALL
|
|
add:
|
|
- NET_BIND_SERVICE
|
|
# www-data -> 33
|
|
runAsUser: 33
|
|
env:
|
|
- name: POD_NAME
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: metadata.name
|
|
- name: POD_NAMESPACE
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: metadata.namespace
|
|
ports:
|
|
- name: http
|
|
containerPort: 80
|
|
protocol: TCP
|
|
- name: https
|
|
containerPort: 443
|
|
protocol: TCP
|
|
livenessProbe:
|
|
failureThreshold: 3
|
|
httpGet:
|
|
path: /healthz
|
|
port: 10254
|
|
scheme: HTTP
|
|
initialDelaySeconds: 10
|
|
periodSeconds: 10
|
|
successThreshold: 1
|
|
timeoutSeconds: 10
|
|
readinessProbe:
|
|
failureThreshold: 3
|
|
httpGet:
|
|
path: /healthz
|
|
port: 10254
|
|
scheme: HTTP
|
|
periodSeconds: 10
|
|
successThreshold: 1
|
|
timeoutSeconds: 10
|
|
lifecycle:
|
|
preStop:
|
|
exec:
|
|
command:
|
|
- /wait-shutdown
|