lavenderguitar
3 years ago
3 changed files with 6192 additions and 0 deletions
@ -0,0 +1,32 @@ |
|||||
|
--- |
||||
|
apiVersion: cert-manager.io/v1 |
||||
|
kind: ClusterIssuer |
||||
|
metadata: |
||||
|
name: certmanager-production-issuer |
||||
|
spec: |
||||
|
acme: |
||||
|
server: https://acme-v02.api.letsencrypt.org/directory |
||||
|
email: admin@jameslavender.com |
||||
|
privateKeySecretRef: |
||||
|
name: le-secret-prod |
||||
|
solvers: |
||||
|
- selectors: |
||||
|
http01: |
||||
|
ingress: |
||||
|
class: nginx |
||||
|
--- |
||||
|
apiVersion: cert-manager.io/v1 |
||||
|
kind: ClusterIssuer |
||||
|
metadata: |
||||
|
name: certmanager-staging-issuer |
||||
|
spec: |
||||
|
acme: |
||||
|
server: https://acme-staging-v02.api.letsencrypt.org/directory |
||||
|
email: admin@jameslavender.com |
||||
|
privateKeySecretRef: |
||||
|
name: le-secret-staging |
||||
|
solvers: |
||||
|
- selector: |
||||
|
http01: |
||||
|
ingress: |
||||
|
class: nginx |
File diff suppressed because it is too large
@ -0,0 +1,697 @@ |
|||||
|
--- |
||||
|
# Source: ingress-nginx/templates/controller-serviceaccount.yaml |
||||
|
apiVersion: v1 |
||||
|
kind: ServiceAccount |
||||
|
metadata: |
||||
|
labels: |
||||
|
helm.sh/chart: ingress-nginx-4.0.19 |
||||
|
app.kubernetes.io/name: ingress-nginx |
||||
|
app.kubernetes.io/instance: ingress-nginx |
||||
|
app.kubernetes.io/version: "1.1.3" |
||||
|
app.kubernetes.io/part-of: ingress-nginx |
||||
|
app.kubernetes.io/managed-by: Helm |
||||
|
app.kubernetes.io/component: controller |
||||
|
name: ingress-nginx |
||||
|
namespace: default |
||||
|
automountServiceAccountToken: true |
||||
|
--- |
||||
|
# Source: ingress-nginx/templates/controller-configmap.yaml |
||||
|
apiVersion: v1 |
||||
|
kind: ConfigMap |
||||
|
metadata: |
||||
|
labels: |
||||
|
helm.sh/chart: ingress-nginx-4.0.19 |
||||
|
app.kubernetes.io/name: ingress-nginx |
||||
|
app.kubernetes.io/instance: ingress-nginx |
||||
|
app.kubernetes.io/version: "1.1.3" |
||||
|
app.kubernetes.io/part-of: ingress-nginx |
||||
|
app.kubernetes.io/managed-by: Helm |
||||
|
app.kubernetes.io/component: controller |
||||
|
name: ingress-nginx-controller |
||||
|
namespace: default |
||||
|
data: |
||||
|
allow-snippet-annotations: "true" |
||||
|
--- |
||||
|
# Source: ingress-nginx/templates/clusterrole.yaml |
||||
|
apiVersion: rbac.authorization.k8s.io/v1 |
||||
|
kind: ClusterRole |
||||
|
metadata: |
||||
|
labels: |
||||
|
helm.sh/chart: ingress-nginx-4.0.19 |
||||
|
app.kubernetes.io/name: ingress-nginx |
||||
|
app.kubernetes.io/instance: ingress-nginx |
||||
|
app.kubernetes.io/version: "1.1.3" |
||||
|
app.kubernetes.io/part-of: ingress-nginx |
||||
|
app.kubernetes.io/managed-by: Helm |
||||
|
name: ingress-nginx |
||||
|
rules: |
||||
|
- apiGroups: |
||||
|
- "" |
||||
|
resources: |
||||
|
- configmaps |
||||
|
- endpoints |
||||
|
- nodes |
||||
|
- pods |
||||
|
- secrets |
||||
|
- namespaces |
||||
|
verbs: |
||||
|
- list |
||||
|
- watch |
||||
|
- apiGroups: |
||||
|
- "" |
||||
|
resources: |
||||
|
- nodes |
||||
|
verbs: |
||||
|
- get |
||||
|
- apiGroups: |
||||
|
- "" |
||||
|
resources: |
||||
|
- services |
||||
|
verbs: |
||||
|
- get |
||||
|
- list |
||||
|
- watch |
||||
|
- apiGroups: |
||||
|
- networking.k8s.io |
||||
|
resources: |
||||
|
- ingresses |
||||
|
verbs: |
||||
|
- get |
||||
|
- list |
||||
|
- watch |
||||
|
- apiGroups: |
||||
|
- "" |
||||
|
resources: |
||||
|
- events |
||||
|
verbs: |
||||
|
- create |
||||
|
- patch |
||||
|
- apiGroups: |
||||
|
- networking.k8s.io |
||||
|
resources: |
||||
|
- ingresses/status |
||||
|
verbs: |
||||
|
- update |
||||
|
- apiGroups: |
||||
|
- networking.k8s.io |
||||
|
resources: |
||||
|
- ingressclasses |
||||
|
verbs: |
||||
|
- get |
||||
|
- list |
||||
|
- watch |
||||
|
--- |
||||
|
# Source: ingress-nginx/templates/clusterrolebinding.yaml |
||||
|
apiVersion: rbac.authorization.k8s.io/v1 |
||||
|
kind: ClusterRoleBinding |
||||
|
metadata: |
||||
|
labels: |
||||
|
helm.sh/chart: ingress-nginx-4.0.19 |
||||
|
app.kubernetes.io/name: ingress-nginx |
||||
|
app.kubernetes.io/instance: ingress-nginx |
||||
|
app.kubernetes.io/version: "1.1.3" |
||||
|
app.kubernetes.io/part-of: ingress-nginx |
||||
|
app.kubernetes.io/managed-by: Helm |
||||
|
name: ingress-nginx |
||||
|
roleRef: |
||||
|
apiGroup: rbac.authorization.k8s.io |
||||
|
kind: ClusterRole |
||||
|
name: ingress-nginx |
||||
|
subjects: |
||||
|
- kind: ServiceAccount |
||||
|
name: ingress-nginx |
||||
|
namespace: "default" |
||||
|
--- |
||||
|
# Source: ingress-nginx/templates/controller-role.yaml |
||||
|
apiVersion: rbac.authorization.k8s.io/v1 |
||||
|
kind: Role |
||||
|
metadata: |
||||
|
labels: |
||||
|
helm.sh/chart: ingress-nginx-4.0.19 |
||||
|
app.kubernetes.io/name: ingress-nginx |
||||
|
app.kubernetes.io/instance: ingress-nginx |
||||
|
app.kubernetes.io/version: "1.1.3" |
||||
|
app.kubernetes.io/part-of: ingress-nginx |
||||
|
app.kubernetes.io/managed-by: Helm |
||||
|
app.kubernetes.io/component: controller |
||||
|
name: ingress-nginx |
||||
|
namespace: default |
||||
|
rules: |
||||
|
- apiGroups: |
||||
|
- "" |
||||
|
resources: |
||||
|
- namespaces |
||||
|
verbs: |
||||
|
- get |
||||
|
- apiGroups: |
||||
|
- "" |
||||
|
resources: |
||||
|
- configmaps |
||||
|
- pods |
||||
|
- secrets |
||||
|
- endpoints |
||||
|
verbs: |
||||
|
- get |
||||
|
- list |
||||
|
- watch |
||||
|
- apiGroups: |
||||
|
- "" |
||||
|
resources: |
||||
|
- services |
||||
|
verbs: |
||||
|
- get |
||||
|
- list |
||||
|
- watch |
||||
|
- apiGroups: |
||||
|
- networking.k8s.io |
||||
|
resources: |
||||
|
- ingresses |
||||
|
verbs: |
||||
|
- get |
||||
|
- list |
||||
|
- watch |
||||
|
- apiGroups: |
||||
|
- networking.k8s.io |
||||
|
resources: |
||||
|
- ingresses/status |
||||
|
verbs: |
||||
|
- update |
||||
|
- apiGroups: |
||||
|
- networking.k8s.io |
||||
|
resources: |
||||
|
- ingressclasses |
||||
|
verbs: |
||||
|
- get |
||||
|
- list |
||||
|
- watch |
||||
|
- apiGroups: |
||||
|
- "" |
||||
|
resources: |
||||
|
- configmaps |
||||
|
resourceNames: |
||||
|
- ingress-controller-leader |
||||
|
verbs: |
||||
|
- get |
||||
|
- update |
||||
|
- apiGroups: |
||||
|
- "" |
||||
|
resources: |
||||
|
- configmaps |
||||
|
verbs: |
||||
|
- create |
||||
|
- apiGroups: |
||||
|
- "" |
||||
|
resources: |
||||
|
- events |
||||
|
verbs: |
||||
|
- create |
||||
|
- patch |
||||
|
--- |
||||
|
# Source: ingress-nginx/templates/controller-rolebinding.yaml |
||||
|
apiVersion: rbac.authorization.k8s.io/v1 |
||||
|
kind: RoleBinding |
||||
|
metadata: |
||||
|
labels: |
||||
|
helm.sh/chart: ingress-nginx-4.0.19 |
||||
|
app.kubernetes.io/name: ingress-nginx |
||||
|
app.kubernetes.io/instance: ingress-nginx |
||||
|
app.kubernetes.io/version: "1.1.3" |
||||
|
app.kubernetes.io/part-of: ingress-nginx |
||||
|
app.kubernetes.io/managed-by: Helm |
||||
|
app.kubernetes.io/component: controller |
||||
|
name: ingress-nginx |
||||
|
namespace: default |
||||
|
roleRef: |
||||
|
apiGroup: rbac.authorization.k8s.io |
||||
|
kind: Role |
||||
|
name: ingress-nginx |
||||
|
subjects: |
||||
|
- kind: ServiceAccount |
||||
|
name: ingress-nginx |
||||
|
namespace: "default" |
||||
|
--- |
||||
|
# Source: ingress-nginx/templates/controller-service-webhook.yaml |
||||
|
apiVersion: v1 |
||||
|
kind: Service |
||||
|
metadata: |
||||
|
labels: |
||||
|
helm.sh/chart: ingress-nginx-4.0.19 |
||||
|
app.kubernetes.io/name: ingress-nginx |
||||
|
app.kubernetes.io/instance: ingress-nginx |
||||
|
app.kubernetes.io/version: "1.1.3" |
||||
|
app.kubernetes.io/part-of: ingress-nginx |
||||
|
app.kubernetes.io/managed-by: Helm |
||||
|
app.kubernetes.io/component: controller |
||||
|
name: ingress-nginx-controller-admission |
||||
|
namespace: default |
||||
|
spec: |
||||
|
type: ClusterIP |
||||
|
ports: |
||||
|
- name: https-webhook |
||||
|
port: 443 |
||||
|
targetPort: webhook |
||||
|
appProtocol: https |
||||
|
selector: |
||||
|
app.kubernetes.io/name: ingress-nginx |
||||
|
app.kubernetes.io/instance: ingress-nginx |
||||
|
app.kubernetes.io/component: controller |
||||
|
--- |
||||
|
# Source: ingress-nginx/templates/controller-service.yaml |
||||
|
apiVersion: v1 |
||||
|
kind: Service |
||||
|
metadata: |
||||
|
annotations: |
||||
|
labels: |
||||
|
helm.sh/chart: ingress-nginx-4.0.19 |
||||
|
app.kubernetes.io/name: ingress-nginx |
||||
|
app.kubernetes.io/instance: ingress-nginx |
||||
|
app.kubernetes.io/version: "1.1.3" |
||||
|
app.kubernetes.io/part-of: ingress-nginx |
||||
|
app.kubernetes.io/managed-by: Helm |
||||
|
app.kubernetes.io/component: controller |
||||
|
name: ingress-nginx-controller |
||||
|
namespace: default |
||||
|
spec: |
||||
|
type: LoadBalancer |
||||
|
ipFamilyPolicy: SingleStack |
||||
|
ipFamilies: |
||||
|
- IPv4 |
||||
|
ports: |
||||
|
- name: http |
||||
|
port: 80 |
||||
|
protocol: TCP |
||||
|
targetPort: http |
||||
|
appProtocol: http |
||||
|
- name: https |
||||
|
port: 443 |
||||
|
protocol: TCP |
||||
|
targetPort: https |
||||
|
appProtocol: https |
||||
|
selector: |
||||
|
app.kubernetes.io/name: ingress-nginx |
||||
|
app.kubernetes.io/instance: ingress-nginx |
||||
|
app.kubernetes.io/component: controller |
||||
|
--- |
||||
|
# Source: ingress-nginx/templates/controller-deployment.yaml |
||||
|
apiVersion: apps/v1 |
||||
|
kind: Deployment |
||||
|
metadata: |
||||
|
labels: |
||||
|
helm.sh/chart: ingress-nginx-4.0.19 |
||||
|
app.kubernetes.io/name: ingress-nginx |
||||
|
app.kubernetes.io/instance: ingress-nginx |
||||
|
app.kubernetes.io/version: "1.1.3" |
||||
|
app.kubernetes.io/part-of: ingress-nginx |
||||
|
app.kubernetes.io/managed-by: Helm |
||||
|
app.kubernetes.io/component: controller |
||||
|
name: ingress-nginx-controller |
||||
|
namespace: default |
||||
|
spec: |
||||
|
selector: |
||||
|
matchLabels: |
||||
|
app.kubernetes.io/name: ingress-nginx |
||||
|
app.kubernetes.io/instance: ingress-nginx |
||||
|
app.kubernetes.io/component: controller |
||||
|
replicas: 1 |
||||
|
revisionHistoryLimit: 10 |
||||
|
minReadySeconds: 0 |
||||
|
template: |
||||
|
metadata: |
||||
|
labels: |
||||
|
app.kubernetes.io/name: ingress-nginx |
||||
|
app.kubernetes.io/instance: ingress-nginx |
||||
|
app.kubernetes.io/component: controller |
||||
|
spec: |
||||
|
dnsPolicy: ClusterFirst |
||||
|
containers: |
||||
|
- name: controller |
||||
|
image: "k8s.gcr.io/ingress-nginx/controller:v1.1.3@sha256:31f47c1e202b39fadecf822a9b76370bd4baed199a005b3e7d4d1455f4fd3fe2" |
||||
|
imagePullPolicy: IfNotPresent |
||||
|
lifecycle: |
||||
|
preStop: |
||||
|
exec: |
||||
|
command: |
||||
|
- /wait-shutdown |
||||
|
args: |
||||
|
- /nginx-ingress-controller |
||||
|
- --publish-service=$(POD_NAMESPACE)/ingress-nginx-controller |
||||
|
- --election-id=ingress-controller-leader |
||||
|
- --controller-class=k8s.io/ingress-nginx |
||||
|
- --ingress-class=nginx |
||||
|
- --configmap=$(POD_NAMESPACE)/ingress-nginx-controller |
||||
|
- --validating-webhook=:8443 |
||||
|
- --validating-webhook-certificate=/usr/local/certificates/cert |
||||
|
- --validating-webhook-key=/usr/local/certificates/key |
||||
|
securityContext: |
||||
|
capabilities: |
||||
|
drop: |
||||
|
- ALL |
||||
|
add: |
||||
|
- NET_BIND_SERVICE |
||||
|
runAsUser: 101 |
||||
|
allowPrivilegeEscalation: true |
||||
|
env: |
||||
|
- name: POD_NAME |
||||
|
valueFrom: |
||||
|
fieldRef: |
||||
|
fieldPath: metadata.name |
||||
|
- name: POD_NAMESPACE |
||||
|
valueFrom: |
||||
|
fieldRef: |
||||
|
fieldPath: metadata.namespace |
||||
|
- name: LD_PRELOAD |
||||
|
value: /usr/local/lib/libmimalloc.so |
||||
|
livenessProbe: |
||||
|
failureThreshold: 5 |
||||
|
httpGet: |
||||
|
path: /healthz |
||||
|
port: 10254 |
||||
|
scheme: HTTP |
||||
|
initialDelaySeconds: 10 |
||||
|
periodSeconds: 10 |
||||
|
successThreshold: 1 |
||||
|
timeoutSeconds: 1 |
||||
|
readinessProbe: |
||||
|
failureThreshold: 3 |
||||
|
httpGet: |
||||
|
path: /healthz |
||||
|
port: 10254 |
||||
|
scheme: HTTP |
||||
|
initialDelaySeconds: 10 |
||||
|
periodSeconds: 10 |
||||
|
successThreshold: 1 |
||||
|
timeoutSeconds: 1 |
||||
|
ports: |
||||
|
- name: http |
||||
|
containerPort: 80 |
||||
|
protocol: TCP |
||||
|
- name: https |
||||
|
containerPort: 443 |
||||
|
protocol: TCP |
||||
|
- name: webhook |
||||
|
containerPort: 8443 |
||||
|
protocol: TCP |
||||
|
volumeMounts: |
||||
|
- name: webhook-cert |
||||
|
mountPath: /usr/local/certificates/ |
||||
|
readOnly: true |
||||
|
resources: |
||||
|
requests: |
||||
|
cpu: 100m |
||||
|
memory: 90Mi |
||||
|
nodeSelector: |
||||
|
kubernetes.io/os: linux |
||||
|
serviceAccountName: ingress-nginx |
||||
|
terminationGracePeriodSeconds: 300 |
||||
|
volumes: |
||||
|
- name: webhook-cert |
||||
|
secret: |
||||
|
secretName: ingress-nginx-admission |
||||
|
--- |
||||
|
# Source: ingress-nginx/templates/controller-ingressclass.yaml |
||||
|
# We don't support namespaced ingressClass yet |
||||
|
# So a ClusterRole and a ClusterRoleBinding is required |
||||
|
apiVersion: networking.k8s.io/v1 |
||||
|
kind: IngressClass |
||||
|
metadata: |
||||
|
labels: |
||||
|
helm.sh/chart: ingress-nginx-4.0.19 |
||||
|
app.kubernetes.io/name: ingress-nginx |
||||
|
app.kubernetes.io/instance: ingress-nginx |
||||
|
app.kubernetes.io/version: "1.1.3" |
||||
|
app.kubernetes.io/part-of: ingress-nginx |
||||
|
app.kubernetes.io/managed-by: Helm |
||||
|
app.kubernetes.io/component: controller |
||||
|
name: nginx |
||||
|
spec: |
||||
|
controller: k8s.io/ingress-nginx |
||||
|
--- |
||||
|
# Source: ingress-nginx/templates/admission-webhooks/validating-webhook.yaml |
||||
|
# before changing this value, check the required kubernetes version |
||||
|
# https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#prerequisites |
||||
|
apiVersion: admissionregistration.k8s.io/v1 |
||||
|
kind: ValidatingWebhookConfiguration |
||||
|
metadata: |
||||
|
labels: |
||||
|
helm.sh/chart: ingress-nginx-4.0.19 |
||||
|
app.kubernetes.io/name: ingress-nginx |
||||
|
app.kubernetes.io/instance: ingress-nginx |
||||
|
app.kubernetes.io/version: "1.1.3" |
||||
|
app.kubernetes.io/part-of: ingress-nginx |
||||
|
app.kubernetes.io/managed-by: Helm |
||||
|
app.kubernetes.io/component: admission-webhook |
||||
|
name: ingress-nginx-admission |
||||
|
webhooks: |
||||
|
- name: validate.nginx.ingress.kubernetes.io |
||||
|
matchPolicy: Equivalent |
||||
|
rules: |
||||
|
- apiGroups: |
||||
|
- networking.k8s.io |
||||
|
apiVersions: |
||||
|
- v1 |
||||
|
operations: |
||||
|
- CREATE |
||||
|
- UPDATE |
||||
|
resources: |
||||
|
- ingresses |
||||
|
failurePolicy: Fail |
||||
|
sideEffects: None |
||||
|
admissionReviewVersions: |
||||
|
- v1 |
||||
|
clientConfig: |
||||
|
service: |
||||
|
namespace: "default" |
||||
|
name: ingress-nginx-controller-admission |
||||
|
path: /networking/v1/ingresses |
||||
|
--- |
||||
|
# Source: ingress-nginx/templates/admission-webhooks/job-patch/serviceaccount.yaml |
||||
|
apiVersion: v1 |
||||
|
kind: ServiceAccount |
||||
|
metadata: |
||||
|
name: ingress-nginx-admission |
||||
|
namespace: default |
||||
|
annotations: |
||||
|
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade |
||||
|
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded |
||||
|
labels: |
||||
|
helm.sh/chart: ingress-nginx-4.0.19 |
||||
|
app.kubernetes.io/name: ingress-nginx |
||||
|
app.kubernetes.io/instance: ingress-nginx |
||||
|
app.kubernetes.io/version: "1.1.3" |
||||
|
app.kubernetes.io/part-of: ingress-nginx |
||||
|
app.kubernetes.io/managed-by: Helm |
||||
|
app.kubernetes.io/component: admission-webhook |
||||
|
--- |
||||
|
# Source: ingress-nginx/templates/admission-webhooks/job-patch/clusterrole.yaml |
||||
|
apiVersion: rbac.authorization.k8s.io/v1 |
||||
|
kind: ClusterRole |
||||
|
metadata: |
||||
|
name: ingress-nginx-admission |
||||
|
annotations: |
||||
|
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade |
||||
|
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded |
||||
|
labels: |
||||
|
helm.sh/chart: ingress-nginx-4.0.19 |
||||
|
app.kubernetes.io/name: ingress-nginx |
||||
|
app.kubernetes.io/instance: ingress-nginx |
||||
|
app.kubernetes.io/version: "1.1.3" |
||||
|
app.kubernetes.io/part-of: ingress-nginx |
||||
|
app.kubernetes.io/managed-by: Helm |
||||
|
app.kubernetes.io/component: admission-webhook |
||||
|
rules: |
||||
|
- apiGroups: |
||||
|
- admissionregistration.k8s.io |
||||
|
resources: |
||||
|
- validatingwebhookconfigurations |
||||
|
verbs: |
||||
|
- get |
||||
|
- update |
||||
|
--- |
||||
|
# Source: ingress-nginx/templates/admission-webhooks/job-patch/clusterrolebinding.yaml |
||||
|
apiVersion: rbac.authorization.k8s.io/v1 |
||||
|
kind: ClusterRoleBinding |
||||
|
metadata: |
||||
|
name: ingress-nginx-admission |
||||
|
annotations: |
||||
|
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade |
||||
|
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded |
||||
|
labels: |
||||
|
helm.sh/chart: ingress-nginx-4.0.19 |
||||
|
app.kubernetes.io/name: ingress-nginx |
||||
|
app.kubernetes.io/instance: ingress-nginx |
||||
|
app.kubernetes.io/version: "1.1.3" |
||||
|
app.kubernetes.io/part-of: ingress-nginx |
||||
|
app.kubernetes.io/managed-by: Helm |
||||
|
app.kubernetes.io/component: admission-webhook |
||||
|
roleRef: |
||||
|
apiGroup: rbac.authorization.k8s.io |
||||
|
kind: ClusterRole |
||||
|
name: ingress-nginx-admission |
||||
|
subjects: |
||||
|
- kind: ServiceAccount |
||||
|
name: ingress-nginx-admission |
||||
|
namespace: "default" |
||||
|
--- |
||||
|
# Source: ingress-nginx/templates/admission-webhooks/job-patch/role.yaml |
||||
|
apiVersion: rbac.authorization.k8s.io/v1 |
||||
|
kind: Role |
||||
|
metadata: |
||||
|
name: ingress-nginx-admission |
||||
|
namespace: default |
||||
|
annotations: |
||||
|
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade |
||||
|
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded |
||||
|
labels: |
||||
|
helm.sh/chart: ingress-nginx-4.0.19 |
||||
|
app.kubernetes.io/name: ingress-nginx |
||||
|
app.kubernetes.io/instance: ingress-nginx |
||||
|
app.kubernetes.io/version: "1.1.3" |
||||
|
app.kubernetes.io/part-of: ingress-nginx |
||||
|
app.kubernetes.io/managed-by: Helm |
||||
|
app.kubernetes.io/component: admission-webhook |
||||
|
rules: |
||||
|
- apiGroups: |
||||
|
- "" |
||||
|
resources: |
||||
|
- secrets |
||||
|
verbs: |
||||
|
- get |
||||
|
- create |
||||
|
--- |
||||
|
# Source: ingress-nginx/templates/admission-webhooks/job-patch/rolebinding.yaml |
||||
|
apiVersion: rbac.authorization.k8s.io/v1 |
||||
|
kind: RoleBinding |
||||
|
metadata: |
||||
|
name: ingress-nginx-admission |
||||
|
namespace: default |
||||
|
annotations: |
||||
|
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade |
||||
|
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded |
||||
|
labels: |
||||
|
helm.sh/chart: ingress-nginx-4.0.19 |
||||
|
app.kubernetes.io/name: ingress-nginx |
||||
|
app.kubernetes.io/instance: ingress-nginx |
||||
|
app.kubernetes.io/version: "1.1.3" |
||||
|
app.kubernetes.io/part-of: ingress-nginx |
||||
|
app.kubernetes.io/managed-by: Helm |
||||
|
app.kubernetes.io/component: admission-webhook |
||||
|
roleRef: |
||||
|
apiGroup: rbac.authorization.k8s.io |
||||
|
kind: Role |
||||
|
name: ingress-nginx-admission |
||||
|
subjects: |
||||
|
- kind: ServiceAccount |
||||
|
name: ingress-nginx-admission |
||||
|
namespace: "default" |
||||
|
--- |
||||
|
# Source: ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml |
||||
|
apiVersion: batch/v1 |
||||
|
kind: Job |
||||
|
metadata: |
||||
|
name: ingress-nginx-admission-create |
||||
|
namespace: default |
||||
|
annotations: |
||||
|
"helm.sh/hook": pre-install,pre-upgrade |
||||
|
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded |
||||
|
labels: |
||||
|
helm.sh/chart: ingress-nginx-4.0.19 |
||||
|
app.kubernetes.io/name: ingress-nginx |
||||
|
app.kubernetes.io/instance: ingress-nginx |
||||
|
app.kubernetes.io/version: "1.1.3" |
||||
|
app.kubernetes.io/part-of: ingress-nginx |
||||
|
app.kubernetes.io/managed-by: Helm |
||||
|
app.kubernetes.io/component: admission-webhook |
||||
|
spec: |
||||
|
template: |
||||
|
metadata: |
||||
|
name: ingress-nginx-admission-create |
||||
|
labels: |
||||
|
helm.sh/chart: ingress-nginx-4.0.19 |
||||
|
app.kubernetes.io/name: ingress-nginx |
||||
|
app.kubernetes.io/instance: ingress-nginx |
||||
|
app.kubernetes.io/version: "1.1.3" |
||||
|
app.kubernetes.io/part-of: ingress-nginx |
||||
|
app.kubernetes.io/managed-by: Helm |
||||
|
app.kubernetes.io/component: admission-webhook |
||||
|
spec: |
||||
|
containers: |
||||
|
- name: create |
||||
|
image: "k8s.gcr.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660" |
||||
|
imagePullPolicy: IfNotPresent |
||||
|
args: |
||||
|
- create |
||||
|
- --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.$(POD_NAMESPACE).svc |
||||
|
- --namespace=$(POD_NAMESPACE) |
||||
|
- --secret-name=ingress-nginx-admission |
||||
|
env: |
||||
|
- name: POD_NAMESPACE |
||||
|
valueFrom: |
||||
|
fieldRef: |
||||
|
fieldPath: metadata.namespace |
||||
|
securityContext: |
||||
|
allowPrivilegeEscalation: false |
||||
|
restartPolicy: OnFailure |
||||
|
serviceAccountName: ingress-nginx-admission |
||||
|
nodeSelector: |
||||
|
kubernetes.io/os: linux |
||||
|
securityContext: |
||||
|
runAsNonRoot: true |
||||
|
runAsUser: 2000 |
||||
|
fsGroup: 2000 |
||||
|
--- |
||||
|
# Source: ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml |
||||
|
apiVersion: batch/v1 |
||||
|
kind: Job |
||||
|
metadata: |
||||
|
name: ingress-nginx-admission-patch |
||||
|
namespace: default |
||||
|
annotations: |
||||
|
"helm.sh/hook": post-install,post-upgrade |
||||
|
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded |
||||
|
labels: |
||||
|
helm.sh/chart: ingress-nginx-4.0.19 |
||||
|
app.kubernetes.io/name: ingress-nginx |
||||
|
app.kubernetes.io/instance: ingress-nginx |
||||
|
app.kubernetes.io/version: "1.1.3" |
||||
|
app.kubernetes.io/part-of: ingress-nginx |
||||
|
app.kubernetes.io/managed-by: Helm |
||||
|
app.kubernetes.io/component: admission-webhook |
||||
|
spec: |
||||
|
template: |
||||
|
metadata: |
||||
|
name: ingress-nginx-admission-patch |
||||
|
labels: |
||||
|
helm.sh/chart: ingress-nginx-4.0.19 |
||||
|
app.kubernetes.io/name: ingress-nginx |
||||
|
app.kubernetes.io/instance: ingress-nginx |
||||
|
app.kubernetes.io/version: "1.1.3" |
||||
|
app.kubernetes.io/part-of: ingress-nginx |
||||
|
app.kubernetes.io/managed-by: Helm |
||||
|
app.kubernetes.io/component: admission-webhook |
||||
|
spec: |
||||
|
containers: |
||||
|
- name: patch |
||||
|
image: "k8s.gcr.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660" |
||||
|
imagePullPolicy: IfNotPresent |
||||
|
args: |
||||
|
- patch |
||||
|
- --webhook-name=ingress-nginx-admission |
||||
|
- --namespace=$(POD_NAMESPACE) |
||||
|
- --patch-mutating=false |
||||
|
- --secret-name=ingress-nginx-admission |
||||
|
- --patch-failure-policy=Fail |
||||
|
env: |
||||
|
- name: POD_NAMESPACE |
||||
|
valueFrom: |
||||
|
fieldRef: |
||||
|
fieldPath: metadata.namespace |
||||
|
securityContext: |
||||
|
allowPrivilegeEscalation: false |
||||
|
restartPolicy: OnFailure |
||||
|
serviceAccountName: ingress-nginx-admission |
||||
|
nodeSelector: |
||||
|
kubernetes.io/os: linux |
||||
|
securityContext: |
||||
|
runAsNonRoot: true |
||||
|
runAsUser: 2000 |
||||
|
fsGroup: 2000 |
Loading…
Reference in new issue