kops/addons/ingress-citrix/v1.1.1.yaml

kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: cpx-ingress-k8s-role
rules:
  - apiGroups: [""]
    resources: ["services", "endpoints", "ingresses", "pods", "secrets", "routes", "routes/status", "nodes", "namespaces"]
    verbs: ["*"]
  - apiGroups: ["extensions"]
    resources: ["ingresses", "ingresses/status"]
    verbs: ["*"]
  - apiGroups: ["citrix.com"]
    resources: ["rewritepolicies", "vips"]
    verbs: ["*"]
  - apiGroups: ["apps"]
    resources: ["deployments"]
    verbs: ["*"]
  - apiGroups: ["apiextensions.k8s.io"]
    resources: ["customresourcedefinitions"]
    verbs: ["get", "list", "watch"]

---

kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: cpx-ingress-k8s-role
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cpx-ingress-k8s-role
subjects:
- kind: ServiceAccount
  name: cpx-ingress-k8s-role
  namespace: default
apiVersion: rbac.authorization.k8s.io/v1

---

apiVersion: v1
kind: ServiceAccount
metadata:
  name: cpx-ingress-k8s-role
  namespace: default

---

apiVersion: apps/v1
kind: Deployment
metadata:
  name: cpx-ingress
spec:
  replicas: 1
  selector:
    matchLabels:
      app: cpx-ingress
  template:
    metadata:
      name: cpx-ingress
      labels:
        app: cpx-ingress
      annotations:
    spec:
      serviceAccountName: cpx-ingress-k8s-role
      containers:
        - name: cpx-ingress
          image: "quay.io/citrix/citrix-k8s-cpx-ingress:13.0-36.29"
          securityContext:
             privileged: true
          env:
          - name: "EULA"
            value: "yes"
          - name: "KUBERNETES_TASK_ID"
            value: ""
          #This is required for Health check to succeed
          readinessProbe:
            tcpSocket:
              port: 9080
            initialDelaySeconds: 60
            periodSeconds: 5
            failureThreshold: 5
            successThreshold: 1
          imagePullPolicy: Always
        # Add cic as a sidecar
        - name: cic
          image: "quay.io/citrix/citrix-k8s-ingress-controller:1.2.0"
          env:
          - name: "EULA"
            value: "yes"
          - name: "NS_IP"
            value: "127.0.0.1"
          - name: "NS_PROTOCOL"
            value: "HTTP"
          - name: "NS_PORT"
            value: "80"
          - name: "NS_DEPLOYMENT_MODE"
            value: "SIDECAR"
          - name: "NS_ENABLE_MONITORING"
            value: "YES"
          - name: POD_NAME
            valueFrom:
              fieldRef:
                apiVersion: v1
                fieldPath: metadata.name
          - name: POD_NAMESPACE
            valueFrom:
              fieldRef:
                apiVersion: v1
                fieldPath: metadata.namespace
          args:
          imagePullPolicy: Always

---
apiVersion: v1
kind: Service
metadata:
  name: cpx-service
  labels:
    app: cpx-service
spec:
  externalTrafficPolicy: Local
  type: LoadBalancer
  ports:
  - port: 80
    protocol: TCP
    name: http
  - port: 443
    protocol: TCP
    name: https
  selector:
    app: cpx-ingress