From f07eebee3f15e7e8ad5f7fceb6c6381296aa406a Mon Sep 17 00:00:00 2001 From: Justin Santa Barbara Date: Tue, 2 May 2017 15:26:40 -0400 Subject: [PATCH] Add ingress nginx addons We aren't wiring them into addons.yaml (not that I think anyone is using that anyway yet), until a non-beta release is done, and likely until we have a way to choose between AWS and GCE configurations. --- addons/ingress-nginx/v1.6.0-gce.yaml | 246 ++++++++++++++++++++++++++ addons/ingress-nginx/v1.6.0.yaml | 248 +++++++++++++++++++++++++++ 2 files changed, 494 insertions(+) create mode 100644 addons/ingress-nginx/v1.6.0-gce.yaml create mode 100644 addons/ingress-nginx/v1.6.0.yaml diff --git a/addons/ingress-nginx/v1.6.0-gce.yaml b/addons/ingress-nginx/v1.6.0-gce.yaml new file mode 100644 index 0000000000..0efbb652fe --- /dev/null +++ b/addons/ingress-nginx/v1.6.0-gce.yaml @@ -0,0 +1,246 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: kube-ingress + labels: + k8s-addon: ingress-nginx.addons.k8s.io + +--- + +kind: Service +apiVersion: v1 +metadata: + name: nginx-default-backend + namespace: kube-ingress + labels: + k8s-app: default-http-backend + k8s-addon: ingress-nginx.addons.k8s.io +spec: + ports: + - port: 80 + targetPort: http + selector: + app: nginx-default-backend + +--- + +kind: Deployment +apiVersion: extensions/v1beta1 +metadata: + name: nginx-default-backend + namespace: kube-ingress + labels: + k8s-app: default-http-backend + k8s-addon: ingress-nginx.addons.k8s.io +spec: + replicas: 1 + revisionHistoryLimit: 10 + template: + metadata: + labels: + k8s-app: default-http-backend + k8s-addon: ingress-nginx.addons.k8s.io + app: nginx-default-backend + spec: + terminationGracePeriodSeconds: 60 + containers: + - name: default-http-backend + image: gcr.io/google_containers/defaultbackend:1.0 + livenessProbe: + httpGet: + path: /healthz + port: 8080 + scheme: HTTP + initialDelaySeconds: 30 + timeoutSeconds: 5 + resources: + limits: + cpu: 10m + memory: 20Mi + requests: + cpu: 10m + memory: 20Mi + ports: + - name: http + containerPort: 8080 + protocol: TCP + +--- + +kind: ConfigMap +apiVersion: v1 +metadata: + name: ingress-nginx + namespace: kube-ingress + labels: + k8s-addon: ingress-nginx.addons.k8s.io +data: + use-proxy-protocol: "false" + +--- + +kind: Service +apiVersion: v1 +metadata: + name: ingress-nginx + namespace: kube-ingress + labels: + k8s-addon: ingress-nginx.addons.k8s.io +spec: + type: LoadBalancer + selector: + app: ingress-nginx + ports: + - name: http + port: 80 + targetPort: http + - name: https + port: 443 + targetPort: https + +--- + +kind: Deployment +apiVersion: extensions/v1beta1 +metadata: + name: ingress-nginx + namespace: kube-ingress + labels: + k8s-app: nginx-ingress-controller + k8s-addon: ingress-nginx.addons.k8s.io +spec: + replicas: 1 + template: + metadata: + labels: + app: ingress-nginx + k8s-app: nginx-ingress-controller + k8s-addon: ingress-nginx.addons.k8s.io + annotations: + prometheus.io/port: '10254' + prometheus.io/scrape: 'true' + spec: + terminationGracePeriodSeconds: 60 + serviceAccountName: nginx-ingress-controller + containers: + - image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.5 + name: nginx-ingress-controller + imagePullPolicy: Always + ports: + - name: http + containerPort: 80 + protocol: TCP + - name: https + containerPort: 443 + protocol: TCP + readinessProbe: + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + livenessProbe: + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + initialDelaySeconds: 30 + timeoutSeconds: 5 + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + args: + - /nginx-ingress-controller + - --default-backend-service=$(POD_NAMESPACE)/nginx-default-backend + - --configmap=$(POD_NAMESPACE)/ingress-nginx + - --publish-service=$(POD_NAMESPACE)/ingress-nginx + +--- + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: nginx-ingress-controller + namespace: kube-ingress + labels: + k8s-addon: ingress-nginx.addons.k8s.io + +--- + +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + labels: + k8s-addon: ingress-nginx.addons.k8s.io + name: nginx-ingress-controller + namespace: kube-ingress +rules: +- apiGroups: + - "" + resources: + - nodes + - pods + - endpoints + - services + - secrets + - configmaps + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create +- apiGroups: + - "" + resources: + - endpoints + verbs: + - create + - update +- apiGroups: + - "" + resources: + - services + verbs: + - update +- apiGroups: + - "extensions" + resources: + - ingresses + verbs: + - get + - list + - watch +- apiGroups: + - "extensions" + resources: + - ingresses/status + verbs: + - update + +--- + +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + labels: + k8s-addon: ingress-nginx.addons.k8s.io + name: nginx-ingress-controller + namespace: kube-ingress +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: nginx-ingress-controller +subjects: +- apiGroup: rbac.authorization.k8s.io + kind: User + name: system:serviceaccount:kube-ingress:nginx-ingress-controller diff --git a/addons/ingress-nginx/v1.6.0.yaml b/addons/ingress-nginx/v1.6.0.yaml new file mode 100644 index 0000000000..65f03c3160 --- /dev/null +++ b/addons/ingress-nginx/v1.6.0.yaml @@ -0,0 +1,248 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: kube-ingress + labels: + k8s-addon: ingress-nginx.addons.k8s.io + +--- + +kind: Service +apiVersion: v1 +metadata: + name: nginx-default-backend + namespace: kube-ingress + labels: + k8s-app: default-http-backend + k8s-addon: ingress-nginx.addons.k8s.io +spec: + ports: + - port: 80 + targetPort: http + selector: + app: nginx-default-backend + +--- + +kind: Deployment +apiVersion: extensions/v1beta1 +metadata: + name: nginx-default-backend + namespace: kube-ingress + labels: + k8s-app: default-http-backend + k8s-addon: ingress-nginx.addons.k8s.io +spec: + replicas: 1 + revisionHistoryLimit: 10 + template: + metadata: + labels: + k8s-app: default-http-backend + k8s-addon: ingress-nginx.addons.k8s.io + app: nginx-default-backend + spec: + terminationGracePeriodSeconds: 60 + containers: + - name: default-http-backend + image: gcr.io/google_containers/defaultbackend:1.0 + livenessProbe: + httpGet: + path: /healthz + port: 8080 + scheme: HTTP + initialDelaySeconds: 30 + timeoutSeconds: 5 + resources: + limits: + cpu: 10m + memory: 20Mi + requests: + cpu: 10m + memory: 20Mi + ports: + - name: http + containerPort: 8080 + protocol: TCP + +--- + +kind: ConfigMap +apiVersion: v1 +metadata: + name: ingress-nginx + namespace: kube-ingress + labels: + k8s-addon: ingress-nginx.addons.k8s.io +data: + use-proxy-protocol: "true" + +--- + +kind: Service +apiVersion: v1 +metadata: + name: ingress-nginx + namespace: kube-ingress + labels: + k8s-addon: ingress-nginx.addons.k8s.io + annotations: + service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: '*' +spec: + type: LoadBalancer + selector: + app: ingress-nginx + ports: + - name: http + port: 80 + targetPort: http + - name: https + port: 443 + targetPort: https + +--- + +kind: Deployment +apiVersion: extensions/v1beta1 +metadata: + name: ingress-nginx + namespace: kube-ingress + labels: + k8s-app: nginx-ingress-controller + k8s-addon: ingress-nginx.addons.k8s.io +spec: + replicas: 1 + template: + metadata: + labels: + app: ingress-nginx + k8s-app: nginx-ingress-controller + k8s-addon: ingress-nginx.addons.k8s.io + annotations: + prometheus.io/port: '10254' + prometheus.io/scrape: 'true' + spec: + terminationGracePeriodSeconds: 60 + serviceAccountName: nginx-ingress-controller + containers: + - image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.5 + name: nginx-ingress-controller + imagePullPolicy: Always + ports: + - name: http + containerPort: 80 + protocol: TCP + - name: https + containerPort: 443 + protocol: TCP + readinessProbe: + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + livenessProbe: + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + initialDelaySeconds: 30 + timeoutSeconds: 5 + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + args: + - /nginx-ingress-controller + - --default-backend-service=$(POD_NAMESPACE)/nginx-default-backend + - --configmap=$(POD_NAMESPACE)/ingress-nginx + - --publish-service=$(POD_NAMESPACE)/ingress-nginx + +--- + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: nginx-ingress-controller + namespace: kube-ingress + labels: + k8s-addon: ingress-nginx.addons.k8s.io + +--- + +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + labels: + k8s-addon: ingress-nginx.addons.k8s.io + name: nginx-ingress-controller + namespace: kube-ingress +rules: +- apiGroups: + - "" + resources: + - nodes + - pods + - endpoints + - services + - secrets + - configmaps + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create +- apiGroups: + - "" + resources: + - endpoints + verbs: + - create + - update +- apiGroups: + - "" + resources: + - services + verbs: + - update +- apiGroups: + - "extensions" + resources: + - ingresses + verbs: + - get + - list + - watch +- apiGroups: + - "extensions" + resources: + - ingresses/status + verbs: + - update + +--- + +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + labels: + k8s-addon: ingress-nginx.addons.k8s.io + name: nginx-ingress-controller + namespace: kube-ingress +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: nginx-ingress-controller +subjects: +- apiGroup: rbac.authorization.k8s.io + kind: User + name: system:serviceaccount:kube-ingress:nginx-ingress-controller