self-hosting/roles/ingress/templates/nginx-ingress-controller.yml.j2

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: nginx-ingress-controller
  labels:
    k8s-app: nginx-ingress-controller
  namespace: kube-system
spec:
  # on replica per proxy
  replicas: {{ groups['k8s_proxy'] | length }}
  template:
    metadata:
      labels:
        k8s-app: nginx-ingress-controller
      annotations:
        prometheus.io/port: '10254'
        prometheus.io/scrape: 'true'
    spec:
      # hostNetwork makes it possible to use ipv6 and to preserve the source IP correctly regardless of docker configuration
      # however, it is not a hard dependency of the nginx-ingress-controller itself and it may cause issues if port 10254 already is taken on the host
      # that said, since hostPort is broken on CNI (https://github.com/kubernetes/kubernetes/issues/31307) we have to use hostNetwork where CNI is used
      # like with kubeadm
      # hostNetwork: true
      serviceAccountName: ingress
      terminationGracePeriodSeconds: 60
      #https://github.com/kubernetes/contrib/issues/2135
      # CNI and hostPort does not work using hostNetwork
      hostNetwork: true
      containers:
      - image: {{ nginx_ingress_controller_image }}:{{ nginx_ingress_controller_version }}
        name: nginx-ingress-controller
        readinessProbe:
          httpGet:
            path: /healthz
            port: 10254
            scheme: HTTP
        livenessProbe:
          httpGet:
            path: /healthz
            port: 10254
            scheme: HTTP
          initialDelaySeconds: 10
          timeoutSeconds: 1
        ports:
        - containerPort: 80
          #hostPort: 80
        - containerPort: 443
          #hostPort: 443
        - containerPort: 18080
        env:
          - name: POD_NAME
            valueFrom:
              fieldRef:
                fieldPath: metadata.name
          - name: POD_NAMESPACE
            valueFrom:
              fieldRef:
                fieldPath: metadata.namespace
        args:
        - /nginx-ingress-controller
        - --default-backend-service=$(POD_NAMESPACE)/default-http-backend
        - --configmap=$(POD_NAMESPACE)/nginx-ingress-cfg
      nodeSelector:
        # node must be labelled with roles=ingress-controller
        role: ingress-controller
Deploy ingress, lego and dashboard 2018-09-26 04:40:24 +02:00			`apiVersion: extensions/v1beta1`
			`kind: Deployment`
			`metadata:`
			`name: nginx-ingress-controller`
			`labels:`
			`k8s-app: nginx-ingress-controller`
			`namespace: kube-system`
			`spec:`
			`# on replica per proxy`
			`replicas: {{ groups['k8s_proxy'] \| length }}`
			`template:`
			`metadata:`
			`labels:`
			`k8s-app: nginx-ingress-controller`
			`annotations:`
			`prometheus.io/port: '10254'`
			`prometheus.io/scrape: 'true'`
			`spec:`
			`# hostNetwork makes it possible to use ipv6 and to preserve the source IP correctly regardless of docker configuration`
			`# however, it is not a hard dependency of the nginx-ingress-controller itself and it may cause issues if port 10254 already is taken on the host`
			`# that said, since hostPort is broken on CNI (https://github.com/kubernetes/kubernetes/issues/31307) we have to use hostNetwork where CNI is used`
			`# like with kubeadm`
			`# hostNetwork: true`
			`serviceAccountName: ingress`
			`terminationGracePeriodSeconds: 60`
			`#https://github.com/kubernetes/contrib/issues/2135`
			`# CNI and hostPort does not work using hostNetwork`
			`hostNetwork: true`
			`containers:`
			`- image: {{ nginx_ingress_controller_image }}:{{ nginx_ingress_controller_version }}`
			`name: nginx-ingress-controller`
			`readinessProbe:`
			`httpGet:`
			`path: /healthz`
			`port: 10254`
			`scheme: HTTP`
			`livenessProbe:`
			`httpGet:`
			`path: /healthz`
			`port: 10254`
			`scheme: HTTP`
			`initialDelaySeconds: 10`
			`timeoutSeconds: 1`
			`ports:`
			`- containerPort: 80`
			`#hostPort: 80`
			`- containerPort: 443`
			`#hostPort: 443`
			`- containerPort: 18080`
			`env:`
			`- name: POD_NAME`
			`valueFrom:`
			`fieldRef:`
			`fieldPath: metadata.name`
			`- name: POD_NAMESPACE`
			`valueFrom:`
			`fieldRef:`
			`fieldPath: metadata.namespace`
			`args:`
			`- /nginx-ingress-controller`
			`- --default-backend-service=$(POD_NAMESPACE)/default-http-backend`
			`- --configmap=$(POD_NAMESPACE)/nginx-ingress-cfg`
			`nodeSelector:`
			`# node must be labelled with roles=ingress-controller`
			`role: ingress-controller`