Code Review / oom.git / blob
? search:
summary | shortlog | log | commit | commitdiff | review | tree
history | raw | HEAD
Merge changes I69ea7e5d,I75f7e823,I2ae6b0f2,I6f1591a6,I30c2e0de, ...
[oom.git] / kubernetes / contrib / ingress-nginx-post-inst / nginx_ingress_cluster_config.yaml
1 apiVersion: v1
2 kind: Namespace
3 metadata:
4   name: ingress-nginx
5   labels:
6     app.kubernetes.io/name: ingress-nginx
7     app.kubernetes.io/part-of: ingress-nginx
8
9 ---
10
11 kind: ConfigMap
12 apiVersion: v1
13 metadata:
14   name: nginx-configuration
15   namespace: ingress-nginx
16   labels:
17     app.kubernetes.io/name: ingress-nginx
18     app.kubernetes.io/part-of: ingress-nginx
19
20 ---
21 kind: ConfigMap
22 apiVersion: v1
23 metadata:
24   name: tcp-services
25   namespace: ingress-nginx
26   labels:
27     app.kubernetes.io/name: ingress-nginx
28     app.kubernetes.io/part-of: ingress-nginx
29
30 ---
31 kind: ConfigMap
32 apiVersion: v1
33 metadata:
34   name: udp-services
35   namespace: ingress-nginx
36   labels:
37     app.kubernetes.io/name: ingress-nginx
38     app.kubernetes.io/part-of: ingress-nginx
39
40 ---
41 apiVersion: v1
42 kind: ServiceAccount
43 metadata:
44   name: nginx-ingress-serviceaccount
45   namespace: ingress-nginx
46   labels:
47     app.kubernetes.io/name: ingress-nginx
48     app.kubernetes.io/part-of: ingress-nginx
49
50 ---
51 apiVersion: rbac.authorization.k8s.io/v1beta1
52 kind: ClusterRole
53 metadata:
54   name: nginx-ingress-clusterrole
55   labels:
56     app.kubernetes.io/name: ingress-nginx
57     app.kubernetes.io/part-of: ingress-nginx
58 rules:
59   - apiGroups:
60       - ""
61     resources:
62       - configmaps
63       - endpoints
64       - nodes
65       - pods
66       - secrets
67     verbs:
68       - list
69       - watch
70   - apiGroups:
71       - ""
72     resources:
73       - nodes
74     verbs:
75       - get
76   - apiGroups:
77       - ""
78     resources:
79       - services
80     verbs:
81       - get
82       - list
83       - watch
84   - apiGroups:
85       - ""
86     resources:
87       - events
88     verbs:
89       - create
90       - patch
91   - apiGroups:
92       - "extensions"
93       - "networking.k8s.io"
94     resources:
95       - ingresses
96     verbs:
97       - get
98       - list
99       - watch
100   - apiGroups:
101       - "extensions"
102       - "networking.k8s.io"
103     resources:
104       - ingresses/status
105     verbs:
106       - update
107
108 ---
109 apiVersion: rbac.authorization.k8s.io/v1beta1
110 kind: Role
111 metadata:
112   name: nginx-ingress-role
113   namespace: ingress-nginx
114   labels:
115     app.kubernetes.io/name: ingress-nginx
116     app.kubernetes.io/part-of: ingress-nginx
117 rules:
118   - apiGroups:
119       - ""
120     resources:
121       - configmaps
122       - pods
123       - secrets
124       - namespaces
125     verbs:
126       - get
127   - apiGroups:
128       - ""
129     resources:
130       - configmaps
131     resourceNames:
132       # Defaults to "<election-id>-<ingress-class>"
133       # Here: "<ingress-controller-leader>-<nginx>"
134       # This has to be adapted if you change either parameter
135       # when launching the nginx-ingress-controller.
136       - "ingress-controller-leader-nginx"
137     verbs:
138       - get
139       - update
140   - apiGroups:
141       - ""
142     resources:
143       - configmaps
144     verbs:
145       - create
146   - apiGroups:
147       - ""
148     resources:
149       - endpoints
150     verbs:
151       - get
152
153 ---
154 apiVersion: rbac.authorization.k8s.io/v1beta1
155 kind: RoleBinding
156 metadata:
157   name: nginx-ingress-role-nisa-binding
158   namespace: ingress-nginx
159   labels:
160     app.kubernetes.io/name: ingress-nginx
161     app.kubernetes.io/part-of: ingress-nginx
162 roleRef:
163   apiGroup: rbac.authorization.k8s.io
164   kind: Role
165   name: nginx-ingress-role
166 subjects:
167   - kind: ServiceAccount
168     name: nginx-ingress-serviceaccount
169     namespace: ingress-nginx
170
171 ---
172 apiVersion: rbac.authorization.k8s.io/v1beta1
173 kind: ClusterRoleBinding
174 metadata:
175   name: nginx-ingress-clusterrole-nisa-binding
176   labels:
177     app.kubernetes.io/name: ingress-nginx
178     app.kubernetes.io/part-of: ingress-nginx
179 roleRef:
180   apiGroup: rbac.authorization.k8s.io
181   kind: ClusterRole
182   name: nginx-ingress-clusterrole
183 subjects:
184   - kind: ServiceAccount
185     name: nginx-ingress-serviceaccount
186     namespace: ingress-nginx
187
188 ---
189
190 apiVersion: apps/v1
191 kind: Deployment
192 metadata:
193   name: nginx-ingress-controller
194   namespace: ingress-nginx
195   labels:
196     app.kubernetes.io/name: ingress-nginx
197     app.kubernetes.io/part-of: ingress-nginx
198 spec:
199   replicas: 1
200   selector:
201     matchLabels:
202       app.kubernetes.io/name: ingress-nginx
203       app.kubernetes.io/part-of: ingress-nginx
204   template:
205     metadata:
206       labels:
207         app.kubernetes.io/name: ingress-nginx
208         app.kubernetes.io/part-of: ingress-nginx
209       annotations:
210         prometheus.io/port: "10254"
211         prometheus.io/scrape: "true"
212     spec:
213       serviceAccountName: nginx-ingress-serviceaccount
214       containers:
215         - name: nginx-ingress-controller
216           image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.25.1
217           args:
218             - /nginx-ingress-controller
219             - --configmap=$(POD_NAMESPACE)/nginx-configuration
220             - --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services
221             - --udp-services-configmap=$(POD_NAMESPACE)/udp-services
222             - --publish-service=$(POD_NAMESPACE)/ingress-nginx
223             - --annotations-prefix=nginx.ingress.kubernetes.io
224             - --enable-ssl-passthrough=true
225           securityContext:
226             allowPrivilegeEscalation: true
227             capabilities:
228               drop:
229                 - ALL
230               add:
231                 - NET_BIND_SERVICE
232             # www-data -> 33
233             runAsUser: 33
234           env:
235             - name: POD_NAME
236               valueFrom:
237                 fieldRef:
238                   fieldPath: metadata.name
239             - name: POD_NAMESPACE
240               valueFrom:
241                 fieldRef:
242                   fieldPath: metadata.namespace
243           ports:
244             - name: http
245               containerPort: 80
246             - name: https
247               containerPort: 443
248           livenessProbe:
249             failureThreshold: 3
250             httpGet:
251               path: /healthz
252               port: 10254
253               scheme: HTTP
254             initialDelaySeconds: 10
255             periodSeconds: 10
256             successThreshold: 1
257             timeoutSeconds: 10
258           readinessProbe:
259             failureThreshold: 3
260             httpGet:
261               path: /healthz
262               port: 10254
263               scheme: HTTP
264             periodSeconds: 10
265             successThreshold: 1
266             timeoutSeconds: 10
267
268 ---
269 kind: Service
270 apiVersion: v1
271 metadata:
272   name: ingress-nginx
273   namespace: ingress-nginx
274   labels:
275     app.kubernetes.io/name: ingress-nginx
276     app.kubernetes.io/part-of: ingress-nginx
277 spec:
278   externalTrafficPolicy: Local
279   type: LoadBalancer
280   selector:
281     app.kubernetes.io/name: ingress-nginx
282     app.kubernetes.io/part-of: ingress-nginx
283   ports:
284     - name: http
285       port: 80
286       targetPort: http
287     - name: https
288       port: 443
289       targetPort: https
290
291 ---
292
293 apiVersion: v1
294 kind: Service
295 metadata:
296   name: ingress-nginx
297   namespace: ingress-nginx
298   labels:
299     app.kubernetes.io/name: ingress-nginx
300     app.kubernetes.io/part-of: ingress-nginx
301 spec:
302   type: NodePort
303   ports:
304     - name: http
305       port: 80
306       targetPort: 80
307       protocol: TCP
308     - name: https
309       port: 443
310       targetPort: 443
311       protocol: TCP
312   selector:
313     app.kubernetes.io/name: ingress-nginx
314     app.kubernetes.io/part-of: ingress-nginx
315
316 ---
317
Introduces the ONAP Platform OOM (ONAP Operations Manager) to efficiently Deploy, Manage, Operate the ONAP platform and its components (e.g. MSO, DCAE, SDC, etc.) and infrastructure (VMs, Containers).