imfreedom/k8s-cluster
Clone
Summary
Browse
Changes
Graph
Remove the old ingress-nginx
2020-02-11, Gary Kramlich
9b71c5a1ade0
Parents
3f14de05e1a0
Children
585a58194c6e
Remove the old ingress-nginx
1 files changed, 0 insertions(+), 309 deletions(-)
+0
-309
90-ingress.yaml
--- a/90-ingress.yaml Tue Feb 11 03:33:21 2020 -0600
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,309 +0,0 @@
-# This cluster uses a single ingress for everything. This means we only use
-# 1 ip address and thus 1 load balancer which keeps costs down.
-#
-# This ingress controller is a little bit more convoluted than your typical
-# one as it's also handling not http tcp services.
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: ingress-custom-headers
- namespace: kube-public
-data:
- X-Frame-Options: sameorigin
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: ingress-tcp-services
- namespace: kube-public
- labels:
- app: ingress
- role: controller
-data:
- 22: imfreedom/keep:22222
- 5222: imfreedom/prosody:5222
- 5269: imfreedom/prosody:5269
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: ingress-configuration
- namespace: kube-public
- labels:
- app: ingress
- role: controller
-data:
- proxy-set-headers: "kube-public/ingress-custom-headers"
- use-forwarded-headers: "true"
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- name: ingress-serviceaccount
- namespace: kube-public
- labels:
- app: ingress
- role: controller
----
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: ClusterRole
-metadata:
- name: ingress-clusterrole
- labels:
- app: ingress
- role: controller
-rules:
- - apiGroups:
- - ""
- resources:
- - configmaps
- - endpoints
- - nodes
- - pods
- - secrets
- verbs:
- - list
- - watch
- - apiGroups:
- - ""
- resources:
- - nodes
- verbs:
- - get
- - apiGroups:
- - ""
- resources:
- - services
- verbs:
- - get
- - list
- - watch
- - apiGroups:
- - "extensions"
- resources:
- - ingresses
- verbs:
- - get
- - list
- - watch
- - apiGroups:
- - ""
- resources:
- - events
- verbs:
- - create
- - patch
- - apiGroups:
- - "extensions"
- resources:
- - ingresses/status
- verbs:
- - update
----
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: ClusterRoleBinding
-metadata:
- name: ingress-clusterrole-nisa-binding
- labels:
- app: ingress
- role: controller
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: ingress-clusterrole
-subjects:
- - kind: ServiceAccount
- name: ingress-serviceaccount
- namespace: kube-public
----
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: Role
-metadata:
- name: ingress-role
- namespace: kube-public
- labels:
- app: ingress
- role: controller
-rules:
- - apiGroups:
- - ""
- resources:
- - configmaps
- - pods
- - secrets
- - namespaces
- verbs:
- - get
- - apiGroups:
- - ""
- resources:
- - configmaps
- resourceNames:
- # Defaults to "<election-id>-<ingress-class>"
- # Here: "<ingress-controller-leader>-<nginx>"
- # This has to be adapted if you change either parameter
- # when launching the nginx-ingress-controller.
- - "ingress-controller-leader-nginx"
- verbs:
- - get
- - update
- - apiGroups:
- - ""
- resources:
- - configmaps
- verbs:
- - create
- - apiGroups:
- - ""
- resources:
- - endpoints
- verbs:
- - get
----
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: RoleBinding
-metadata:
- name: ingress-role-nisa-binding
- namespace: kube-public
- labels:
- app: ingress
- role: controller
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: Role
- name: ingress-role
-subjects:
- - kind: ServiceAccount
- name: ingress-serviceaccount
- namespace: kube-public
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: ingress-controller
- namespace: kube-public
- labels:
- app: ingress
- role: public
-spec:
- replicas: 2
- selector:
- matchLabels:
- app: ingress
- role: controller
- template:
- metadata:
- annotations:
- fluentbit.io/parser: ingress-nginx
- labels:
- app: ingress
- role: controller
- spec:
- affinity:
- podAntiAffinity:
- preferredDuringSchedulingIgnoredDuringExecution:
- - podAffinityTerm:
- labelSelector:
- matchExpressions:
- - key: app
- operator: In
- values:
- - ingress
- - key: role
- operator: In
- values:
- - controller
- topologyKey: failure-domain.beta.kubernetes.io/region
- weight: 100
- serviceAccountName: ingress-serviceaccount
- containers:
- - name: nginx-ingress-controller
- image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.24.1
- args:
- - /nginx-ingress-controller
- - --configmap=$(POD_NAMESPACE)/ingress-configuration
- - --publish-service=$(POD_NAMESPACE)/ingress
- - --annotations-prefix=nginx.ingress.kubernetes.io
- - --tcp-services-configmap=$(POD_NAMESPACE)/ingress-tcp-services
- securityContext:
- capabilities:
- drop:
- - ALL
- add:
- - NET_BIND_SERVICE
- # www-data -> 33
- runAsUser: 33
- env:
- - name: POD_NAME
- valueFrom:
- fieldRef:
- fieldPath: metadata.name
- - name: POD_NAMESPACE
- valueFrom:
- fieldRef:
- fieldPath: metadata.namespace
- ports:
- - name: keep-ssh
- containerPort: 22
- - name: http
- containerPort: 80
- - name: https
- containerPort: 443
- - name: xmpp-c2s
- containerPort: 5222
- - name: xmpp-s2s
- containerPort: 5269
- livenessProbe:
- failureThreshold: 3
- httpGet:
- path: /healthz
- port: 10254
- scheme: HTTP
- initialDelaySeconds: 10
- periodSeconds: 10
- successThreshold: 1
- timeoutSeconds: 1
- readinessProbe:
- failureThreshold: 3
- httpGet:
- path: /healthz
- port: 10254
- scheme: HTTP
- periodSeconds: 10
- successThreshold: 1
- timeoutSeconds: 1
----
-apiVersion: v1
-kind: Service
-metadata:
- name: ingress
- namespace: kube-public
- labels:
- app: ingress
- role: controller
-# annotations:
-# service.beta.kubernetes.io/do-loadbalancer-enable-proxy-protocol: "true"
-spec:
- selector:
- app: ingress
- role: controller
- type: LoadBalancer
- externalTrafficPolicy: Cluster
- ports:
- - name: hgkeeper
- port: 22
- targetPort: keep-ssh
- - name: http
- port: 80
- targetPort: http
- - name: https
- port: 443
- targetPort: https
- - name: xmpp-c2s
- port: 5222
- targetPort: xmpp-c2s
- - name: xmpp-s2s
- port: 5269
- targetPort: xmpp-s2s
----
