Code Review / oom.git / blob
? search:
summary | shortlog | log | commit | commitdiff | review | tree
history | raw | HEAD
Merge "[UUI] Service Mesh Compliance for UUI"
[oom.git] / kubernetes / contrib / ingress-nginx-post-inst / nginx_ingress_cluster_config.yaml
1 apiVersion: v1
2 kind: Namespace
3 metadata:
4   name: ingress-nginx
5   labels:
6     app.kubernetes.io/name: ingress-nginx
7     app.kubernetes.io/part-of: ingress-nginx
8
9 ---
10
11 kind: ConfigMap
12 apiVersion: v1
13 data:
14   enable-underscores-in-headers: "true"
15 metadata:
16   name: nginx-configuration
17   namespace: ingress-nginx
18   labels:
19     app.kubernetes.io/name: ingress-nginx
20     app.kubernetes.io/part-of: ingress-nginx
21
22 ---
23 kind: ConfigMap
24 apiVersion: v1
25 metadata:
26   name: tcp-services
27   namespace: ingress-nginx
28   labels:
29     app.kubernetes.io/name: ingress-nginx
30     app.kubernetes.io/part-of: ingress-nginx
31
32 ---
33 kind: ConfigMap
34 apiVersion: v1
35 metadata:
36   name: udp-services
37   namespace: ingress-nginx
38   labels:
39     app.kubernetes.io/name: ingress-nginx
40     app.kubernetes.io/part-of: ingress-nginx
41
42 ---
43 apiVersion: v1
44 kind: ServiceAccount
45 metadata:
46   name: nginx-ingress-serviceaccount
47   namespace: ingress-nginx
48   labels:
49     app.kubernetes.io/name: ingress-nginx
50     app.kubernetes.io/part-of: ingress-nginx
51
52 ---
53 apiVersion: rbac.authorization.k8s.io/v1beta1
54 kind: ClusterRole
55 metadata:
56   name: nginx-ingress-clusterrole
57   labels:
58     app.kubernetes.io/name: ingress-nginx
59     app.kubernetes.io/part-of: ingress-nginx
60 rules:
61   - apiGroups:
62       - ""
63     resources:
64       - configmaps
65       - endpoints
66       - nodes
67       - pods
68       - secrets
69     verbs:
70       - list
71       - watch
72   - apiGroups:
73       - ""
74     resources:
75       - nodes
76     verbs:
77       - get
78   - apiGroups:
79       - ""
80     resources:
81       - services
82     verbs:
83       - get
84       - list
85       - watch
86   - apiGroups:
87       - ""
88     resources:
89       - events
90     verbs:
91       - create
92       - patch
93   - apiGroups:
94       - "extensions"
95       - "networking.k8s.io"
96     resources:
97       - ingresses
98     verbs:
99       - get
100       - list
101       - watch
102   - apiGroups:
103       - "extensions"
104       - "networking.k8s.io"
105     resources:
106       - ingresses/status
107     verbs:
108       - update
109
110 ---
111 apiVersion: rbac.authorization.k8s.io/v1beta1
112 kind: Role
113 metadata:
114   name: nginx-ingress-role
115   namespace: ingress-nginx
116   labels:
117     app.kubernetes.io/name: ingress-nginx
118     app.kubernetes.io/part-of: ingress-nginx
119 rules:
120   - apiGroups:
121       - ""
122     resources:
123       - configmaps
124       - pods
125       - secrets
126       - namespaces
127     verbs:
128       - get
129   - apiGroups:
130       - ""
131     resources:
132       - configmaps
133     resourceNames:
134       # Defaults to "<election-id>-<ingress-class>"
135       # Here: "<ingress-controller-leader>-<nginx>"
136       # This has to be adapted if you change either parameter
137       # when launching the nginx-ingress-controller.
138       - "ingress-controller-leader-nginx"
139     verbs:
140       - get
141       - update
142   - apiGroups:
143       - ""
144     resources:
145       - configmaps
146     verbs:
147       - create
148   - apiGroups:
149       - ""
150     resources:
151       - endpoints
152     verbs:
153       - get
154
155 ---
156 apiVersion: rbac.authorization.k8s.io/v1beta1
157 kind: RoleBinding
158 metadata:
159   name: nginx-ingress-role-nisa-binding
160   namespace: ingress-nginx
161   labels:
162     app.kubernetes.io/name: ingress-nginx
163     app.kubernetes.io/part-of: ingress-nginx
164 roleRef:
165   apiGroup: rbac.authorization.k8s.io
166   kind: Role
167   name: nginx-ingress-role
168 subjects:
169   - kind: ServiceAccount
170     name: nginx-ingress-serviceaccount
171     namespace: ingress-nginx
172
173 ---
174 apiVersion: rbac.authorization.k8s.io/v1beta1
175 kind: ClusterRoleBinding
176 metadata:
177   name: nginx-ingress-clusterrole-nisa-binding
178   labels:
179     app.kubernetes.io/name: ingress-nginx
180     app.kubernetes.io/part-of: ingress-nginx
181 roleRef:
182   apiGroup: rbac.authorization.k8s.io
183   kind: ClusterRole
184   name: nginx-ingress-clusterrole
185 subjects:
186   - kind: ServiceAccount
187     name: nginx-ingress-serviceaccount
188     namespace: ingress-nginx
189
190 ---
191
192 apiVersion: apps/v1
193 kind: Deployment
194 metadata:
195   name: nginx-ingress-controller
196   namespace: ingress-nginx
197   labels:
198     app.kubernetes.io/name: ingress-nginx
199     app.kubernetes.io/part-of: ingress-nginx
200 spec:
201   replicas: 1
202   selector:
203     matchLabels:
204       app.kubernetes.io/name: ingress-nginx
205       app.kubernetes.io/part-of: ingress-nginx
206   template:
207     metadata:
208       labels:
209         app.kubernetes.io/name: ingress-nginx
210         app.kubernetes.io/part-of: ingress-nginx
211       annotations:
212         prometheus.io/port: "10254"
213         prometheus.io/scrape: "true"
214     spec:
215       serviceAccountName: nginx-ingress-serviceaccount
216       containers:
217         - name: nginx-ingress-controller
218           image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.25.1
219           args:
220             - /nginx-ingress-controller
221             - --configmap=$(POD_NAMESPACE)/nginx-configuration
222             - --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services
223             - --udp-services-configmap=$(POD_NAMESPACE)/udp-services
224             - --publish-service=$(POD_NAMESPACE)/ingress-nginx
225             - --annotations-prefix=nginx.ingress.kubernetes.io
226             - --enable-ssl-passthrough=true
227           securityContext:
228             allowPrivilegeEscalation: true
229             capabilities:
230               drop:
231                 - ALL
232               add:
233                 - NET_BIND_SERVICE
234             # www-data -> 33
235             runAsUser: 33
236           env:
237             - name: POD_NAME
238               valueFrom:
239                 fieldRef:
240                   fieldPath: metadata.name
241             - name: POD_NAMESPACE
242               valueFrom:
243                 fieldRef:
244                   fieldPath: metadata.namespace
245           ports:
246             - name: http
247               containerPort: 80
248             - name: https
249               containerPort: 443
250           livenessProbe:
251             failureThreshold: 3
252             httpGet:
253               path: /healthz
254               port: 10254
255               scheme: HTTP
256             initialDelaySeconds: 10
257             periodSeconds: 10
258             successThreshold: 1
259             timeoutSeconds: 10
260           readinessProbe:
261             failureThreshold: 3
262             httpGet:
263               path: /healthz
264               port: 10254
265               scheme: HTTP
266             periodSeconds: 10
267             successThreshold: 1
268             timeoutSeconds: 10
269
270 ---
271
272 apiVersion: v1
273 kind: Service
274 metadata:
275   name: ingress-nginx
276   namespace: ingress-nginx
277   labels:
278     app.kubernetes.io/name: ingress-nginx
279     app.kubernetes.io/part-of: ingress-nginx
280 spec:
281   type: NodePort
282   ports:
283     - name: http
284       port: 80
285       targetPort: 80
286       protocol: TCP
287     - name: https
288       port: 443
289       targetPort: 443
290       protocol: TCP
291   selector:
292     app.kubernetes.io/name: ingress-nginx
293     app.kubernetes.io/part-of: ingress-nginx
294
295 ---
296
Introduces the ONAP Platform OOM (ONAP Operations Manager) to efficiently Deploy, Manage, Operate the ONAP platform and its components (e.g. MSO, DCAE, SDC, etc.) and infrastructure (VMs, Containers).