diff --git a/manifests/nginx-lb/nginx-lb.yaml b/manifests/nginx-lb/nginx-lb.yaml index a4d15f3..398a607 100644 --- a/manifests/nginx-lb/nginx-lb.yaml +++ b/manifests/nginx-lb/nginx-lb.yaml @@ -1,54 +1,11 @@ apiVersion: v1 -kind: ConfigMap +kind: Namespace metadata: - annotations: - meta.helm.sh/release-name: kapsule-ingress - meta.helm.sh/release-namespace: kube-system labels: - app.kubernetes.io/managed-by: Helm + app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - k8s.scw.cloud/ingress: nginx - k8s.scw.cloud/object: ConfigMap - k8s.scw.cloud/system: ingress - name: ingress-nginx-configuration - namespace: kube-system -data: - log-format-upstream: '{"time": "$time_iso8601", "request_id": "$req_id", "remote_user": "$remote_user", "bytes_sent": $bytes_sent, "request_time": $request_time, "status": $status, "host": "$host", "request_proto": "$server_protocol", "path": "$uri", "request_query": "$args", "request_length": $request_length, "duration": $request_time,"method": "$request_method", "http_referrer": "$http_referer", "http_user_agent": "$http_user_agent", "redirect_location": "$redirect_location" }' - plugins: "redirect_location" - location-snippet: | - set $redirect_location ''; - + name: ingress-nginx --- -apiVersion: v1 -kind: ConfigMap -metadata: - annotations: - meta.helm.sh/release-name: kapsule-ingress - meta.helm.sh/release-namespace: kube-system - labels: - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - k8s.scw.cloud/ingress: nginx - k8s.scw.cloud/object: ConfigMap - k8s.scw.cloud/system: ingress - name: ingress-nginx-plugin-redirect-location - namespace: kube-system -data: - main.lua: | - local ngx = ngx - local _M = {} - function _M.header_filter() - ngx.var.redirect_location = ngx.resp.get_headers()["Location"] - end - return _M - - - ---- - - apiVersion: v1 automountServiceAccountToken: true kind: ServiceAccount @@ -58,9 +15,9 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.6.4 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx - namespace: kube-system + namespace: ingress-nginx --- apiVersion: v1 kind: ServiceAccount @@ -70,9 +27,9 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.6.4 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission - namespace: kube-system + namespace: ingress-nginx --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role @@ -82,9 +39,9 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.6.4 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx - namespace: kube-system + namespace: ingress-nginx rules: - apiGroups: - "" @@ -133,6 +90,21 @@ rules: - get - list - watch +- apiGroups: + - "" + resourceNames: + - ingress-nginx-leader + resources: + - configmaps + verbs: + - get + - update +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create - apiGroups: - coordination.k8s.io resourceNames: @@ -172,9 +144,9 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.6.4 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission - namespace: kube-system + namespace: ingress-nginx rules: - apiGroups: - "" @@ -191,7 +163,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.6.4 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx rules: - apiGroups: @@ -273,7 +245,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.6.4 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission rules: - apiGroups: @@ -292,9 +264,9 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.6.4 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx - namespace: kube-system + namespace: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io kind: Role @@ -302,7 +274,7 @@ roleRef: subjects: - kind: ServiceAccount name: ingress-nginx - namespace: kube-system + namespace: ingress-nginx --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding @@ -312,9 +284,9 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.6.4 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission - namespace: kube-system + namespace: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io kind: Role @@ -322,7 +294,7 @@ roleRef: subjects: - kind: ServiceAccount name: ingress-nginx-admission - namespace: kube-system + namespace: ingress-nginx --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -331,7 +303,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.6.4 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -340,7 +312,7 @@ roleRef: subjects: - kind: ServiceAccount name: ingress-nginx - namespace: kube-system + namespace: ingress-nginx --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -350,7 +322,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.6.4 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -359,7 +331,50 @@ roleRef: subjects: - kind: ServiceAccount name: ingress-nginx-admission + namespace: ingress-nginx +--- +apiVersion: v1 +data: + allow-snippet-annotations: "true" + use-proxy-protocol: "true" + log-format-upstream: '{"time": "$time_iso8601", "request_id": "$req_id", "remote_user": "$remote_user", "bytes_sent": $bytes_sent, "request_time": $request_time, "status": $status, "host": "$host", "request_proto": "$server_protocol", "path": "$uri", "request_query": "$args", "request_length": $request_length, "duration": $request_time,"method": "$request_method", "http_referrer": "$http_referer", "http_user_agent": "$http_user_agent", "redirect_location": "$redirect_location" }' + plugins: "redirect_location" + location-snippet: | + set $redirect_location ''; +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.5.1 + name: ingress-nginx-controller + namespace: ingress-nginx +--- +apiVersion: v1 +kind: ConfigMap +metadata: + annotations: + meta.helm.sh/release-name: kapsule-ingress + meta.helm.sh/release-namespace: kube-system + labels: + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + k8s.scw.cloud/ingress: nginx + k8s.scw.cloud/object: ConfigMap + k8s.scw.cloud/system: ingress + name: ingress-nginx-plugin-redirect-location namespace: kube-system +data: + main.lua: | + local ngx = ngx + local _M = {} + function _M.header_filter() + ngx.var.redirect_location = ngx.resp.get_headers()["Location"] + end + return _M --- apiVersion: v1 kind: Service @@ -371,9 +386,9 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.6.4 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller - namespace: kube-system + namespace: ingress-nginx spec: externalTrafficPolicy: Local ipFamilies: @@ -404,9 +419,9 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.6.4 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller-admission - namespace: kube-system + namespace: ingress-nginx spec: ports: - appProtocol: https @@ -427,12 +442,13 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.6.4 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller - namespace: kube-system + namespace: ingress-nginx spec: minReadySeconds: 0 revisionHistoryLimit: 10 + replicas: 2 selector: matchLabels: app.kubernetes.io/component: controller @@ -452,10 +468,15 @@ spec: - --election-id=ingress-nginx-leader - --controller-class=k8s.io/ingress-nginx - --ingress-class=nginx - - --configmap=$(POD_NAMESPACE)/ingress-nginx-configuration + - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller - --validating-webhook=:8443 - --validating-webhook-certificate=/usr/local/certificates/cert - --validating-webhook-key=/usr/local/certificates/key + - --annotations-prefix=nginx.ingress.kubernetes.io + - --watch-ingress-without-class + - --enable-metrics + - --tcp-services-configmap=$(POD_NAMESPACE)/ingress-nginx-tcp-services + - --udp-services-configmap=$(POD_NAMESPACE)/ingress-nginx-udp-services env: - name: POD_NAME valueFrom: @@ -467,7 +488,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.5.1 + image: registry.k8s.io/ingress-nginx/controller:v1.5.1@sha256:4ba73c697770664c1e00e9f968de14e08f606ff961c76e5d7033a4a9c593c629 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -535,8 +556,6 @@ spec: - name: plugins configMap: name: ingress-nginx-plugin-redirect-location - - --- apiVersion: batch/v1 kind: Job @@ -546,9 +565,9 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.6.4 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-create - namespace: kube-system + namespace: ingress-nginx spec: template: metadata: @@ -557,7 +576,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.6.4 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-create spec: containers: @@ -593,9 +612,9 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.6.4 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-patch - namespace: kube-system + namespace: ingress-nginx spec: template: metadata: @@ -604,7 +623,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.6.4 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-patch spec: containers: @@ -642,7 +661,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.6.4 + app.kubernetes.io/version: 1.5.1 name: nginx spec: controller: k8s.io/ingress-nginx @@ -655,7 +674,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.6.4 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission webhooks: - admissionReviewVersions: @@ -663,7 +682,7 @@ webhooks: clientConfig: service: name: ingress-nginx-controller-admission - namespace: kube-system + namespace: ingress-nginx path: /networking/v1/ingresses failurePolicy: Fail matchPolicy: Equivalent