87 lines
2.6 KiB
Plaintext
87 lines
2.6 KiB
Plaintext
|
---
|
||
|
apiVersion: batch/v1
|
||
|
kind: Job
|
||
|
metadata:
|
||
|
labels:
|
||
|
app.kubernetes.io/name: ingress-nginx
|
||
|
app.kubernetes.io/part-of: ingress-nginx
|
||
|
name: ingress-nginx-admission-create
|
||
|
namespace: {{ ingress_nginx_namespace }}
|
||
|
spec:
|
||
|
template:
|
||
|
metadata:
|
||
|
labels:
|
||
|
app.kubernetes.io/name: ingress-nginx
|
||
|
app.kubernetes.io/part-of: ingress-nginx
|
||
|
name: ingress-nginx-admission-create
|
||
|
spec:
|
||
|
containers:
|
||
|
- args:
|
||
|
- create
|
||
|
- --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.$(POD_NAMESPACE).svc
|
||
|
- --namespace=$(POD_NAMESPACE)
|
||
|
- --secret-name=ingress-nginx-admission
|
||
|
env:
|
||
|
- name: POD_NAMESPACE
|
||
|
valueFrom:
|
||
|
fieldRef:
|
||
|
fieldPath: metadata.namespace
|
||
|
image: "{{ ingress_nginx_kube_webhook_certgen_imae_repo }}:{{ ingress_nginx_kube_webhook_certgen_imae_tag }}"
|
||
|
imagePullPolicy: {{ k8s_image_pull_policy }}
|
||
|
name: create
|
||
|
securityContext:
|
||
|
allowPrivilegeEscalation: false
|
||
|
nodeSelector:
|
||
|
kubernetes.io/os: linux
|
||
|
restartPolicy: OnFailure
|
||
|
securityContext:
|
||
|
fsGroup: 2000
|
||
|
runAsNonRoot: true
|
||
|
runAsUser: 2000
|
||
|
serviceAccountName: ingress-nginx-admission
|
||
|
ttlSecondsAfterFinished: {{ ingress_nginx_webhook_job_ttl }}
|
||
|
---
|
||
|
apiVersion: batch/v1
|
||
|
kind: Job
|
||
|
metadata:
|
||
|
labels:
|
||
|
app.kubernetes.io/name: ingress-nginx
|
||
|
app.kubernetes.io/part-of: ingress-nginx
|
||
|
name: ingress-nginx-admission-patch
|
||
|
namespace: {{ ingress_nginx_namespace }}
|
||
|
spec:
|
||
|
template:
|
||
|
metadata:
|
||
|
labels:
|
||
|
app.kubernetes.io/name: ingress-nginx
|
||
|
app.kubernetes.io/part-of: ingress-nginx
|
||
|
name: ingress-nginx-admission-patch
|
||
|
spec:
|
||
|
containers:
|
||
|
- args:
|
||
|
- patch
|
||
|
- --webhook-name=ingress-nginx-admission
|
||
|
- --namespace=$(POD_NAMESPACE)
|
||
|
- --patch-mutating=false
|
||
|
- --secret-name=ingress-nginx-admission
|
||
|
- --patch-failure-policy=Fail
|
||
|
env:
|
||
|
- name: POD_NAMESPACE
|
||
|
valueFrom:
|
||
|
fieldRef:
|
||
|
fieldPath: metadata.namespace
|
||
|
image: "{{ ingress_nginx_kube_webhook_certgen_imae_repo }}:{{ ingress_nginx_kube_webhook_certgen_imae_tag }}"
|
||
|
imagePullPolicy: {{ k8s_image_pull_policy }}
|
||
|
name: patch
|
||
|
securityContext:
|
||
|
allowPrivilegeEscalation: false
|
||
|
nodeSelector:
|
||
|
kubernetes.io/os: linux
|
||
|
restartPolicy: OnFailure
|
||
|
securityContext:
|
||
|
fsGroup: 2000
|
||
|
runAsNonRoot: true
|
||
|
runAsUser: 2000
|
||
|
serviceAccountName: ingress-nginx-admission
|
||
|
ttlSecondsAfterFinished: {{ ingress_nginx_webhook_job_ttl }}
|