lavenderguitar
3 years ago
3 changed files with 6192 additions and 0 deletions
@ -0,0 +1,32 @@ |
|||
--- |
|||
apiVersion: cert-manager.io/v1 |
|||
kind: ClusterIssuer |
|||
metadata: |
|||
name: certmanager-production-issuer |
|||
spec: |
|||
acme: |
|||
server: https://acme-v02.api.letsencrypt.org/directory |
|||
email: admin@jameslavender.com |
|||
privateKeySecretRef: |
|||
name: le-secret-prod |
|||
solvers: |
|||
- selectors: |
|||
http01: |
|||
ingress: |
|||
class: nginx |
|||
--- |
|||
apiVersion: cert-manager.io/v1 |
|||
kind: ClusterIssuer |
|||
metadata: |
|||
name: certmanager-staging-issuer |
|||
spec: |
|||
acme: |
|||
server: https://acme-staging-v02.api.letsencrypt.org/directory |
|||
email: admin@jameslavender.com |
|||
privateKeySecretRef: |
|||
name: le-secret-staging |
|||
solvers: |
|||
- selector: |
|||
http01: |
|||
ingress: |
|||
class: nginx |
File diff suppressed because it is too large
@ -0,0 +1,697 @@ |
|||
--- |
|||
# Source: ingress-nginx/templates/controller-serviceaccount.yaml |
|||
apiVersion: v1 |
|||
kind: ServiceAccount |
|||
metadata: |
|||
labels: |
|||
helm.sh/chart: ingress-nginx-4.0.19 |
|||
app.kubernetes.io/name: ingress-nginx |
|||
app.kubernetes.io/instance: ingress-nginx |
|||
app.kubernetes.io/version: "1.1.3" |
|||
app.kubernetes.io/part-of: ingress-nginx |
|||
app.kubernetes.io/managed-by: Helm |
|||
app.kubernetes.io/component: controller |
|||
name: ingress-nginx |
|||
namespace: default |
|||
automountServiceAccountToken: true |
|||
--- |
|||
# Source: ingress-nginx/templates/controller-configmap.yaml |
|||
apiVersion: v1 |
|||
kind: ConfigMap |
|||
metadata: |
|||
labels: |
|||
helm.sh/chart: ingress-nginx-4.0.19 |
|||
app.kubernetes.io/name: ingress-nginx |
|||
app.kubernetes.io/instance: ingress-nginx |
|||
app.kubernetes.io/version: "1.1.3" |
|||
app.kubernetes.io/part-of: ingress-nginx |
|||
app.kubernetes.io/managed-by: Helm |
|||
app.kubernetes.io/component: controller |
|||
name: ingress-nginx-controller |
|||
namespace: default |
|||
data: |
|||
allow-snippet-annotations: "true" |
|||
--- |
|||
# Source: ingress-nginx/templates/clusterrole.yaml |
|||
apiVersion: rbac.authorization.k8s.io/v1 |
|||
kind: ClusterRole |
|||
metadata: |
|||
labels: |
|||
helm.sh/chart: ingress-nginx-4.0.19 |
|||
app.kubernetes.io/name: ingress-nginx |
|||
app.kubernetes.io/instance: ingress-nginx |
|||
app.kubernetes.io/version: "1.1.3" |
|||
app.kubernetes.io/part-of: ingress-nginx |
|||
app.kubernetes.io/managed-by: Helm |
|||
name: ingress-nginx |
|||
rules: |
|||
- apiGroups: |
|||
- "" |
|||
resources: |
|||
- configmaps |
|||
- endpoints |
|||
- nodes |
|||
- pods |
|||
- secrets |
|||
- namespaces |
|||
verbs: |
|||
- list |
|||
- watch |
|||
- apiGroups: |
|||
- "" |
|||
resources: |
|||
- nodes |
|||
verbs: |
|||
- get |
|||
- apiGroups: |
|||
- "" |
|||
resources: |
|||
- services |
|||
verbs: |
|||
- get |
|||
- list |
|||
- watch |
|||
- apiGroups: |
|||
- networking.k8s.io |
|||
resources: |
|||
- ingresses |
|||
verbs: |
|||
- get |
|||
- list |
|||
- watch |
|||
- apiGroups: |
|||
- "" |
|||
resources: |
|||
- events |
|||
verbs: |
|||
- create |
|||
- patch |
|||
- apiGroups: |
|||
- networking.k8s.io |
|||
resources: |
|||
- ingresses/status |
|||
verbs: |
|||
- update |
|||
- apiGroups: |
|||
- networking.k8s.io |
|||
resources: |
|||
- ingressclasses |
|||
verbs: |
|||
- get |
|||
- list |
|||
- watch |
|||
--- |
|||
# Source: ingress-nginx/templates/clusterrolebinding.yaml |
|||
apiVersion: rbac.authorization.k8s.io/v1 |
|||
kind: ClusterRoleBinding |
|||
metadata: |
|||
labels: |
|||
helm.sh/chart: ingress-nginx-4.0.19 |
|||
app.kubernetes.io/name: ingress-nginx |
|||
app.kubernetes.io/instance: ingress-nginx |
|||
app.kubernetes.io/version: "1.1.3" |
|||
app.kubernetes.io/part-of: ingress-nginx |
|||
app.kubernetes.io/managed-by: Helm |
|||
name: ingress-nginx |
|||
roleRef: |
|||
apiGroup: rbac.authorization.k8s.io |
|||
kind: ClusterRole |
|||
name: ingress-nginx |
|||
subjects: |
|||
- kind: ServiceAccount |
|||
name: ingress-nginx |
|||
namespace: "default" |
|||
--- |
|||
# Source: ingress-nginx/templates/controller-role.yaml |
|||
apiVersion: rbac.authorization.k8s.io/v1 |
|||
kind: Role |
|||
metadata: |
|||
labels: |
|||
helm.sh/chart: ingress-nginx-4.0.19 |
|||
app.kubernetes.io/name: ingress-nginx |
|||
app.kubernetes.io/instance: ingress-nginx |
|||
app.kubernetes.io/version: "1.1.3" |
|||
app.kubernetes.io/part-of: ingress-nginx |
|||
app.kubernetes.io/managed-by: Helm |
|||
app.kubernetes.io/component: controller |
|||
name: ingress-nginx |
|||
namespace: default |
|||
rules: |
|||
- apiGroups: |
|||
- "" |
|||
resources: |
|||
- namespaces |
|||
verbs: |
|||
- get |
|||
- apiGroups: |
|||
- "" |
|||
resources: |
|||
- configmaps |
|||
- pods |
|||
- secrets |
|||
- endpoints |
|||
verbs: |
|||
- get |
|||
- list |
|||
- watch |
|||
- apiGroups: |
|||
- "" |
|||
resources: |
|||
- services |
|||
verbs: |
|||
- get |
|||
- list |
|||
- watch |
|||
- apiGroups: |
|||
- networking.k8s.io |
|||
resources: |
|||
- ingresses |
|||
verbs: |
|||
- get |
|||
- list |
|||
- watch |
|||
- apiGroups: |
|||
- networking.k8s.io |
|||
resources: |
|||
- ingresses/status |
|||
verbs: |
|||
- update |
|||
- apiGroups: |
|||
- networking.k8s.io |
|||
resources: |
|||
- ingressclasses |
|||
verbs: |
|||
- get |
|||
- list |
|||
- watch |
|||
- apiGroups: |
|||
- "" |
|||
resources: |
|||
- configmaps |
|||
resourceNames: |
|||
- ingress-controller-leader |
|||
verbs: |
|||
- get |
|||
- update |
|||
- apiGroups: |
|||
- "" |
|||
resources: |
|||
- configmaps |
|||
verbs: |
|||
- create |
|||
- apiGroups: |
|||
- "" |
|||
resources: |
|||
- events |
|||
verbs: |
|||
- create |
|||
- patch |
|||
--- |
|||
# Source: ingress-nginx/templates/controller-rolebinding.yaml |
|||
apiVersion: rbac.authorization.k8s.io/v1 |
|||
kind: RoleBinding |
|||
metadata: |
|||
labels: |
|||
helm.sh/chart: ingress-nginx-4.0.19 |
|||
app.kubernetes.io/name: ingress-nginx |
|||
app.kubernetes.io/instance: ingress-nginx |
|||
app.kubernetes.io/version: "1.1.3" |
|||
app.kubernetes.io/part-of: ingress-nginx |
|||
app.kubernetes.io/managed-by: Helm |
|||
app.kubernetes.io/component: controller |
|||
name: ingress-nginx |
|||
namespace: default |
|||
roleRef: |
|||
apiGroup: rbac.authorization.k8s.io |
|||
kind: Role |
|||
name: ingress-nginx |
|||
subjects: |
|||
- kind: ServiceAccount |
|||
name: ingress-nginx |
|||
namespace: "default" |
|||
--- |
|||
# Source: ingress-nginx/templates/controller-service-webhook.yaml |
|||
apiVersion: v1 |
|||
kind: Service |
|||
metadata: |
|||
labels: |
|||
helm.sh/chart: ingress-nginx-4.0.19 |
|||
app.kubernetes.io/name: ingress-nginx |
|||
app.kubernetes.io/instance: ingress-nginx |
|||
app.kubernetes.io/version: "1.1.3" |
|||
app.kubernetes.io/part-of: ingress-nginx |
|||
app.kubernetes.io/managed-by: Helm |
|||
app.kubernetes.io/component: controller |
|||
name: ingress-nginx-controller-admission |
|||
namespace: default |
|||
spec: |
|||
type: ClusterIP |
|||
ports: |
|||
- name: https-webhook |
|||
port: 443 |
|||
targetPort: webhook |
|||
appProtocol: https |
|||
selector: |
|||
app.kubernetes.io/name: ingress-nginx |
|||
app.kubernetes.io/instance: ingress-nginx |
|||
app.kubernetes.io/component: controller |
|||
--- |
|||
# Source: ingress-nginx/templates/controller-service.yaml |
|||
apiVersion: v1 |
|||
kind: Service |
|||
metadata: |
|||
annotations: |
|||
labels: |
|||
helm.sh/chart: ingress-nginx-4.0.19 |
|||
app.kubernetes.io/name: ingress-nginx |
|||
app.kubernetes.io/instance: ingress-nginx |
|||
app.kubernetes.io/version: "1.1.3" |
|||
app.kubernetes.io/part-of: ingress-nginx |
|||
app.kubernetes.io/managed-by: Helm |
|||
app.kubernetes.io/component: controller |
|||
name: ingress-nginx-controller |
|||
namespace: default |
|||
spec: |
|||
type: LoadBalancer |
|||
ipFamilyPolicy: SingleStack |
|||
ipFamilies: |
|||
- IPv4 |
|||
ports: |
|||
- name: http |
|||
port: 80 |
|||
protocol: TCP |
|||
targetPort: http |
|||
appProtocol: http |
|||
- name: https |
|||
port: 443 |
|||
protocol: TCP |
|||
targetPort: https |
|||
appProtocol: https |
|||
selector: |
|||
app.kubernetes.io/name: ingress-nginx |
|||
app.kubernetes.io/instance: ingress-nginx |
|||
app.kubernetes.io/component: controller |
|||
--- |
|||
# Source: ingress-nginx/templates/controller-deployment.yaml |
|||
apiVersion: apps/v1 |
|||
kind: Deployment |
|||
metadata: |
|||
labels: |
|||
helm.sh/chart: ingress-nginx-4.0.19 |
|||
app.kubernetes.io/name: ingress-nginx |
|||
app.kubernetes.io/instance: ingress-nginx |
|||
app.kubernetes.io/version: "1.1.3" |
|||
app.kubernetes.io/part-of: ingress-nginx |
|||
app.kubernetes.io/managed-by: Helm |
|||
app.kubernetes.io/component: controller |
|||
name: ingress-nginx-controller |
|||
namespace: default |
|||
spec: |
|||
selector: |
|||
matchLabels: |
|||
app.kubernetes.io/name: ingress-nginx |
|||
app.kubernetes.io/instance: ingress-nginx |
|||
app.kubernetes.io/component: controller |
|||
replicas: 1 |
|||
revisionHistoryLimit: 10 |
|||
minReadySeconds: 0 |
|||
template: |
|||
metadata: |
|||
labels: |
|||
app.kubernetes.io/name: ingress-nginx |
|||
app.kubernetes.io/instance: ingress-nginx |
|||
app.kubernetes.io/component: controller |
|||
spec: |
|||
dnsPolicy: ClusterFirst |
|||
containers: |
|||
- name: controller |
|||
image: "k8s.gcr.io/ingress-nginx/controller:v1.1.3@sha256:31f47c1e202b39fadecf822a9b76370bd4baed199a005b3e7d4d1455f4fd3fe2" |
|||
imagePullPolicy: IfNotPresent |
|||
lifecycle: |
|||
preStop: |
|||
exec: |
|||
command: |
|||
- /wait-shutdown |
|||
args: |
|||
- /nginx-ingress-controller |
|||
- --publish-service=$(POD_NAMESPACE)/ingress-nginx-controller |
|||
- --election-id=ingress-controller-leader |
|||
- --controller-class=k8s.io/ingress-nginx |
|||
- --ingress-class=nginx |
|||
- --configmap=$(POD_NAMESPACE)/ingress-nginx-controller |
|||
- --validating-webhook=:8443 |
|||
- --validating-webhook-certificate=/usr/local/certificates/cert |
|||
- --validating-webhook-key=/usr/local/certificates/key |
|||
securityContext: |
|||
capabilities: |
|||
drop: |
|||
- ALL |
|||
add: |
|||
- NET_BIND_SERVICE |
|||
runAsUser: 101 |
|||
allowPrivilegeEscalation: true |
|||
env: |
|||
- name: POD_NAME |
|||
valueFrom: |
|||
fieldRef: |
|||
fieldPath: metadata.name |
|||
- name: POD_NAMESPACE |
|||
valueFrom: |
|||
fieldRef: |
|||
fieldPath: metadata.namespace |
|||
- name: LD_PRELOAD |
|||
value: /usr/local/lib/libmimalloc.so |
|||
livenessProbe: |
|||
failureThreshold: 5 |
|||
httpGet: |
|||
path: /healthz |
|||
port: 10254 |
|||
scheme: HTTP |
|||
initialDelaySeconds: 10 |
|||
periodSeconds: 10 |
|||
successThreshold: 1 |
|||
timeoutSeconds: 1 |
|||
readinessProbe: |
|||
failureThreshold: 3 |
|||
httpGet: |
|||
path: /healthz |
|||
port: 10254 |
|||
scheme: HTTP |
|||
initialDelaySeconds: 10 |
|||
periodSeconds: 10 |
|||
successThreshold: 1 |
|||
timeoutSeconds: 1 |
|||
ports: |
|||
- name: http |
|||
containerPort: 80 |
|||
protocol: TCP |
|||
- name: https |
|||
containerPort: 443 |
|||
protocol: TCP |
|||
- name: webhook |
|||
containerPort: 8443 |
|||
protocol: TCP |
|||
volumeMounts: |
|||
- name: webhook-cert |
|||
mountPath: /usr/local/certificates/ |
|||
readOnly: true |
|||
resources: |
|||
requests: |
|||
cpu: 100m |
|||
memory: 90Mi |
|||
nodeSelector: |
|||
kubernetes.io/os: linux |
|||
serviceAccountName: ingress-nginx |
|||
terminationGracePeriodSeconds: 300 |
|||
volumes: |
|||
- name: webhook-cert |
|||
secret: |
|||
secretName: ingress-nginx-admission |
|||
--- |
|||
# Source: ingress-nginx/templates/controller-ingressclass.yaml |
|||
# We don't support namespaced ingressClass yet |
|||
# So a ClusterRole and a ClusterRoleBinding is required |
|||
apiVersion: networking.k8s.io/v1 |
|||
kind: IngressClass |
|||
metadata: |
|||
labels: |
|||
helm.sh/chart: ingress-nginx-4.0.19 |
|||
app.kubernetes.io/name: ingress-nginx |
|||
app.kubernetes.io/instance: ingress-nginx |
|||
app.kubernetes.io/version: "1.1.3" |
|||
app.kubernetes.io/part-of: ingress-nginx |
|||
app.kubernetes.io/managed-by: Helm |
|||
app.kubernetes.io/component: controller |
|||
name: nginx |
|||
spec: |
|||
controller: k8s.io/ingress-nginx |
|||
--- |
|||
# Source: ingress-nginx/templates/admission-webhooks/validating-webhook.yaml |
|||
# before changing this value, check the required kubernetes version |
|||
# https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#prerequisites |
|||
apiVersion: admissionregistration.k8s.io/v1 |
|||
kind: ValidatingWebhookConfiguration |
|||
metadata: |
|||
labels: |
|||
helm.sh/chart: ingress-nginx-4.0.19 |
|||
app.kubernetes.io/name: ingress-nginx |
|||
app.kubernetes.io/instance: ingress-nginx |
|||
app.kubernetes.io/version: "1.1.3" |
|||
app.kubernetes.io/part-of: ingress-nginx |
|||
app.kubernetes.io/managed-by: Helm |
|||
app.kubernetes.io/component: admission-webhook |
|||
name: ingress-nginx-admission |
|||
webhooks: |
|||
- name: validate.nginx.ingress.kubernetes.io |
|||
matchPolicy: Equivalent |
|||
rules: |
|||
- apiGroups: |
|||
- networking.k8s.io |
|||
apiVersions: |
|||
- v1 |
|||
operations: |
|||
- CREATE |
|||
- UPDATE |
|||
resources: |
|||
- ingresses |
|||
failurePolicy: Fail |
|||
sideEffects: None |
|||
admissionReviewVersions: |
|||
- v1 |
|||
clientConfig: |
|||
service: |
|||
namespace: "default" |
|||
name: ingress-nginx-controller-admission |
|||
path: /networking/v1/ingresses |
|||
--- |
|||
# Source: ingress-nginx/templates/admission-webhooks/job-patch/serviceaccount.yaml |
|||
apiVersion: v1 |
|||
kind: ServiceAccount |
|||
metadata: |
|||
name: ingress-nginx-admission |
|||
namespace: default |
|||
annotations: |
|||
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade |
|||
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded |
|||
labels: |
|||
helm.sh/chart: ingress-nginx-4.0.19 |
|||
app.kubernetes.io/name: ingress-nginx |
|||
app.kubernetes.io/instance: ingress-nginx |
|||
app.kubernetes.io/version: "1.1.3" |
|||
app.kubernetes.io/part-of: ingress-nginx |
|||
app.kubernetes.io/managed-by: Helm |
|||
app.kubernetes.io/component: admission-webhook |
|||
--- |
|||
# Source: ingress-nginx/templates/admission-webhooks/job-patch/clusterrole.yaml |
|||
apiVersion: rbac.authorization.k8s.io/v1 |
|||
kind: ClusterRole |
|||
metadata: |
|||
name: ingress-nginx-admission |
|||
annotations: |
|||
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade |
|||
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded |
|||
labels: |
|||
helm.sh/chart: ingress-nginx-4.0.19 |
|||
app.kubernetes.io/name: ingress-nginx |
|||
app.kubernetes.io/instance: ingress-nginx |
|||
app.kubernetes.io/version: "1.1.3" |
|||
app.kubernetes.io/part-of: ingress-nginx |
|||
app.kubernetes.io/managed-by: Helm |
|||
app.kubernetes.io/component: admission-webhook |
|||
rules: |
|||
- apiGroups: |
|||
- admissionregistration.k8s.io |
|||
resources: |
|||
- validatingwebhookconfigurations |
|||
verbs: |
|||
- get |
|||
- update |
|||
--- |
|||
# Source: ingress-nginx/templates/admission-webhooks/job-patch/clusterrolebinding.yaml |
|||
apiVersion: rbac.authorization.k8s.io/v1 |
|||
kind: ClusterRoleBinding |
|||
metadata: |
|||
name: ingress-nginx-admission |
|||
annotations: |
|||
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade |
|||
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded |
|||
labels: |
|||
helm.sh/chart: ingress-nginx-4.0.19 |
|||
app.kubernetes.io/name: ingress-nginx |
|||
app.kubernetes.io/instance: ingress-nginx |
|||
app.kubernetes.io/version: "1.1.3" |
|||
app.kubernetes.io/part-of: ingress-nginx |
|||
app.kubernetes.io/managed-by: Helm |
|||
app.kubernetes.io/component: admission-webhook |
|||
roleRef: |
|||
apiGroup: rbac.authorization.k8s.io |
|||
kind: ClusterRole |
|||
name: ingress-nginx-admission |
|||
subjects: |
|||
- kind: ServiceAccount |
|||
name: ingress-nginx-admission |
|||
namespace: "default" |
|||
--- |
|||
# Source: ingress-nginx/templates/admission-webhooks/job-patch/role.yaml |
|||
apiVersion: rbac.authorization.k8s.io/v1 |
|||
kind: Role |
|||
metadata: |
|||
name: ingress-nginx-admission |
|||
namespace: default |
|||
annotations: |
|||
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade |
|||
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded |
|||
labels: |
|||
helm.sh/chart: ingress-nginx-4.0.19 |
|||
app.kubernetes.io/name: ingress-nginx |
|||
app.kubernetes.io/instance: ingress-nginx |
|||
app.kubernetes.io/version: "1.1.3" |
|||
app.kubernetes.io/part-of: ingress-nginx |
|||
app.kubernetes.io/managed-by: Helm |
|||
app.kubernetes.io/component: admission-webhook |
|||
rules: |
|||
- apiGroups: |
|||
- "" |
|||
resources: |
|||
- secrets |
|||
verbs: |
|||
- get |
|||
- create |
|||
--- |
|||
# Source: ingress-nginx/templates/admission-webhooks/job-patch/rolebinding.yaml |
|||
apiVersion: rbac.authorization.k8s.io/v1 |
|||
kind: RoleBinding |
|||
metadata: |
|||
name: ingress-nginx-admission |
|||
namespace: default |
|||
annotations: |
|||
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade |
|||
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded |
|||
labels: |
|||
helm.sh/chart: ingress-nginx-4.0.19 |
|||
app.kubernetes.io/name: ingress-nginx |
|||
app.kubernetes.io/instance: ingress-nginx |
|||
app.kubernetes.io/version: "1.1.3" |
|||
app.kubernetes.io/part-of: ingress-nginx |
|||
app.kubernetes.io/managed-by: Helm |
|||
app.kubernetes.io/component: admission-webhook |
|||
roleRef: |
|||
apiGroup: rbac.authorization.k8s.io |
|||
kind: Role |
|||
name: ingress-nginx-admission |
|||
subjects: |
|||
- kind: ServiceAccount |
|||
name: ingress-nginx-admission |
|||
namespace: "default" |
|||
--- |
|||
# Source: ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml |
|||
apiVersion: batch/v1 |
|||
kind: Job |
|||
metadata: |
|||
name: ingress-nginx-admission-create |
|||
namespace: default |
|||
annotations: |
|||
"helm.sh/hook": pre-install,pre-upgrade |
|||
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded |
|||
labels: |
|||
helm.sh/chart: ingress-nginx-4.0.19 |
|||
app.kubernetes.io/name: ingress-nginx |
|||
app.kubernetes.io/instance: ingress-nginx |
|||
app.kubernetes.io/version: "1.1.3" |
|||
app.kubernetes.io/part-of: ingress-nginx |
|||
app.kubernetes.io/managed-by: Helm |
|||
app.kubernetes.io/component: admission-webhook |
|||
spec: |
|||
template: |
|||
metadata: |
|||
name: ingress-nginx-admission-create |
|||
labels: |
|||
helm.sh/chart: ingress-nginx-4.0.19 |
|||
app.kubernetes.io/name: ingress-nginx |
|||
app.kubernetes.io/instance: ingress-nginx |
|||
app.kubernetes.io/version: "1.1.3" |
|||
app.kubernetes.io/part-of: ingress-nginx |
|||
app.kubernetes.io/managed-by: Helm |
|||
app.kubernetes.io/component: admission-webhook |
|||
spec: |
|||
containers: |
|||
- name: create |
|||
image: "k8s.gcr.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660" |
|||
imagePullPolicy: IfNotPresent |
|||
args: |
|||
- create |
|||
- --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.$(POD_NAMESPACE).svc |
|||
- --namespace=$(POD_NAMESPACE) |
|||
- --secret-name=ingress-nginx-admission |
|||
env: |
|||
- name: POD_NAMESPACE |
|||
valueFrom: |
|||
fieldRef: |
|||
fieldPath: metadata.namespace |
|||
securityContext: |
|||
allowPrivilegeEscalation: false |
|||
restartPolicy: OnFailure |
|||
serviceAccountName: ingress-nginx-admission |
|||
nodeSelector: |
|||
kubernetes.io/os: linux |
|||
securityContext: |
|||
runAsNonRoot: true |
|||
runAsUser: 2000 |
|||
fsGroup: 2000 |
|||
--- |
|||
# Source: ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml |
|||
apiVersion: batch/v1 |
|||
kind: Job |
|||
metadata: |
|||
name: ingress-nginx-admission-patch |
|||
namespace: default |
|||
annotations: |
|||
"helm.sh/hook": post-install,post-upgrade |
|||
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded |
|||
labels: |
|||
helm.sh/chart: ingress-nginx-4.0.19 |
|||
app.kubernetes.io/name: ingress-nginx |
|||
app.kubernetes.io/instance: ingress-nginx |
|||
app.kubernetes.io/version: "1.1.3" |
|||
app.kubernetes.io/part-of: ingress-nginx |
|||
app.kubernetes.io/managed-by: Helm |
|||
app.kubernetes.io/component: admission-webhook |
|||
spec: |
|||
template: |
|||
metadata: |
|||
name: ingress-nginx-admission-patch |
|||
labels: |
|||
helm.sh/chart: ingress-nginx-4.0.19 |
|||
app.kubernetes.io/name: ingress-nginx |
|||
app.kubernetes.io/instance: ingress-nginx |
|||
app.kubernetes.io/version: "1.1.3" |
|||
app.kubernetes.io/part-of: ingress-nginx |
|||
app.kubernetes.io/managed-by: Helm |
|||
app.kubernetes.io/component: admission-webhook |
|||
spec: |
|||
containers: |
|||
- name: patch |
|||
image: "k8s.gcr.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660" |
|||
imagePullPolicy: IfNotPresent |
|||
args: |
|||
- patch |
|||
- --webhook-name=ingress-nginx-admission |
|||
- --namespace=$(POD_NAMESPACE) |
|||
- --patch-mutating=false |
|||
- --secret-name=ingress-nginx-admission |
|||
- --patch-failure-policy=Fail |
|||
env: |
|||
- name: POD_NAMESPACE |
|||
valueFrom: |
|||
fieldRef: |
|||
fieldPath: metadata.namespace |
|||
securityContext: |
|||
allowPrivilegeEscalation: false |
|||
restartPolicy: OnFailure |
|||
serviceAccountName: ingress-nginx-admission |
|||
nodeSelector: |
|||
kubernetes.io/os: linux |
|||
securityContext: |
|||
runAsNonRoot: true |
|||
runAsUser: 2000 |
|||
fsGroup: 2000 |
Loading…
Reference in new issue