apiVersion: v1 kind: Namespace metadata: name: kube-ingress labels: k8s-addon: ingress-nginx.addons.k8s.io --- apiVersion: v1 kind: ServiceAccount metadata: name: nginx-ingress-controller namespace: kube-ingress labels: k8s-addon: ingress-nginx.addons.k8s.io --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRole metadata: labels: k8s-addon: ingress-nginx.addons.k8s.io name: nginx-ingress-controller namespace: kube-ingress rules: - apiGroups: - "" resources: - configmaps - endpoints - nodes - pods - secrets verbs: - list - watch - apiGroups: - "" resources: - nodes verbs: - get - apiGroups: - "" resources: - services verbs: - get - list - watch - apiGroups: - "extensions" resources: - ingresses verbs: - get - list - watch - apiGroups: - "" resources: - events verbs: - create - patch - apiGroups: - "extensions" resources: - ingresses/status verbs: - update --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: Role metadata: labels: k8s-addon: ingress-nginx.addons.k8s.io name: nginx-ingress-controller namespace: kube-ingress rules: - apiGroups: - "" resources: - configmaps - pods - secrets verbs: - get - apiGroups: - "" resources: - configmaps resourceNames: # Defaults to "-" # Here: "-" # This has to be adapted if you change either parameter # when launching the nginx-ingress-controller. - "ingress-controller-leader-nginx" verbs: - get - update - apiGroups: - "" resources: - configmaps verbs: - create - apiGroups: - "" resources: - endpoints verbs: - get - create - update --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding metadata: labels: k8s-addon: ingress-nginx.addons.k8s.io name: nginx-ingress-controller namespace: kube-ingress roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: nginx-ingress-controller subjects: - apiGroup: rbac.authorization.k8s.io kind: User name: system:serviceaccount:kube-ingress:nginx-ingress-controller --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: RoleBinding metadata: labels: k8s-addon: ingress-nginx.addons.k8s.io name: nginx-ingress-controller namespace: kube-ingress roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: nginx-ingress-controller subjects: - kind: ServiceAccount name: nginx-ingress-controller namespace: kube-ingress --- kind: Service apiVersion: v1 metadata: name: nginx-default-backend namespace: kube-ingress labels: k8s-app: default-http-backend k8s-addon: ingress-nginx.addons.k8s.io spec: ports: - port: 80 targetPort: http selector: app: nginx-default-backend --- kind: Deployment apiVersion: apps/v1 metadata: name: nginx-default-backend namespace: kube-ingress labels: k8s-app: default-http-backend k8s-addon: ingress-nginx.addons.k8s.io spec: replicas: 1 revisionHistoryLimit: 10 selector: matchLabels: app: nginx-default-backend template: metadata: labels: k8s-app: default-http-backend k8s-addon: ingress-nginx.addons.k8s.io app: nginx-default-backend spec: terminationGracePeriodSeconds: 60 containers: - name: default-http-backend image: registry.k8s.io/defaultbackend:1.4 livenessProbe: httpGet: path: /healthz port: 8080 scheme: HTTP initialDelaySeconds: 30 timeoutSeconds: 5 resources: limits: cpu: 10m memory: 20Mi requests: cpu: 10m memory: 20Mi ports: - name: http containerPort: 8080 protocol: TCP --- kind: ConfigMap apiVersion: v1 metadata: name: ingress-nginx namespace: kube-ingress labels: k8s-addon: ingress-nginx.addons.k8s.io data: use-proxy-protocol: "true" --- kind: Service apiVersion: v1 metadata: name: ingress-nginx namespace: kube-ingress labels: k8s-addon: ingress-nginx.addons.k8s.io annotations: # Enable PROXY protocol service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: '*' # Increase the ELB idle timeout to avoid issues with WebSockets or Server-Sent Events. service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: '3600' spec: type: LoadBalancer selector: app: ingress-nginx ports: - name: http port: 80 targetPort: http - name: https port: 443 targetPort: https --- kind: Deployment apiVersion: apps/v1 metadata: name: ingress-nginx namespace: kube-ingress labels: k8s-app: nginx-ingress-controller k8s-addon: ingress-nginx.addons.k8s.io spec: replicas: 3 selector: matchLabels: app: ingress-nginx template: metadata: labels: app: ingress-nginx k8s-app: nginx-ingress-controller k8s-addon: ingress-nginx.addons.k8s.io annotations: prometheus.io/port: '10254' prometheus.io/scrape: 'true' spec: terminationGracePeriodSeconds: 60 serviceAccountName: nginx-ingress-controller containers: - image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.18.0 name: nginx-ingress-controller imagePullPolicy: Always ports: - name: http containerPort: 80 protocol: TCP - name: https containerPort: 443 protocol: TCP readinessProbe: httpGet: path: /healthz port: 10254 scheme: HTTP livenessProbe: httpGet: path: /healthz port: 10254 scheme: HTTP initialDelaySeconds: 30 timeoutSeconds: 5 env: - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace args: - /nginx-ingress-controller - --default-backend-service=$(POD_NAMESPACE)/nginx-default-backend - --configmap=$(POD_NAMESPACE)/ingress-nginx - --publish-service=$(POD_NAMESPACE)/ingress-nginx - --annotations-prefix=ingress.kubernetes.io