deploy nginx-ingress-controller to kube-system
This commit is contained in:
parent
7aa58298e1
commit
acc1a074ed
9
Makefile
9
Makefile
|
@ -1,4 +1,4 @@
|
|||
KUSTOMIZE = docker run -v $(HOME)/.aws:/root/.aws:ro -v $(PWD):/host:ro -w /host badjware/kustomize-plugins:latest
|
||||
KUSTOMIZE = docker run -v $(HOME)/.aws:/root/.aws:ro -v $(PWD):/host -w /host badjware/kustomize-plugins:latest
|
||||
KUSTOMIZEFLAGS = --enable_alpha_plugins
|
||||
|
||||
KUBECTL = kubectl
|
||||
|
@ -35,15 +35,18 @@ endif
|
|||
|
||||
.PHONY: all info auto-deploy clean diff apply
|
||||
|
||||
all: info auto-deploy $(KUSTOMIZEOUT)
|
||||
all: info $(KUSTOMIZEOUTALL) $(KUSTOMIZEOUT)
|
||||
|
||||
info:
|
||||
@echo "Building for" $(environment)
|
||||
$(KUSTOMIZE) version
|
||||
|
||||
clean:
|
||||
rm -r $(OUTDIR)
|
||||
|
||||
auto-deploy: $(SRC)
|
||||
auto-deploy: $(KUSTOMIZEOUTALL)
|
||||
|
||||
$(KUSTOMIZEOUTALL): $(SRC)
|
||||
@mkdir -p $(dir $(KUSTOMIZEOUTALL))
|
||||
$(KUSTOMIZE) build $(KUSTOMIZEFLAGS) $(KUSTOMIZEDIRALL) >$(KUSTOMIZEOUTALL) || (rm $(KUSTOMIZEOUTALL); exit 1)
|
||||
|
||||
|
|
|
@ -0,0 +1,149 @@
|
|||
--- a 2020-08-03 08:32:44.463589161 -0400
|
||||
+++ b 2020-08-03 08:34:06.230277210 -0400
|
||||
@@ -19,7 +19,7 @@
|
||||
metadata:
|
||||
name: certificaterequests.cert-manager.io
|
||||
annotations:
|
||||
- cert-manager.io/inject-ca-from-secret: 'cert-manager/cert-manager-webhook-ca'
|
||||
+ cert-manager.io/inject-ca-from-secret: 'kube-system/cert-manager-webhook-ca'
|
||||
labels:
|
||||
app: 'cert-manager'
|
||||
app.kubernetes.io/name: 'cert-manager'
|
||||
@@ -54,7 +54,7 @@
|
||||
# webhookClientConfig is required when strategy is `Webhook` and it configures the webhook endpoint to be called by API server.
|
||||
webhookClientConfig:
|
||||
service:
|
||||
- namespace: 'cert-manager'
|
||||
+ namespace: kube-system
|
||||
name: 'cert-manager-webhook'
|
||||
path: /convert
|
||||
names:
|
||||
@@ -585,7 +585,7 @@
|
||||
metadata:
|
||||
name: certificates.cert-manager.io
|
||||
annotations:
|
||||
- cert-manager.io/inject-ca-from-secret: 'cert-manager/cert-manager-webhook-ca'
|
||||
+ cert-manager.io/inject-ca-from-secret: 'kube-system/cert-manager-webhook-ca'
|
||||
labels:
|
||||
app: 'cert-manager'
|
||||
app.kubernetes.io/name: 'cert-manager'
|
||||
@@ -623,7 +623,7 @@
|
||||
# webhookClientConfig is required when strategy is `Webhook` and it configures the webhook endpoint to be called by API server.
|
||||
webhookClientConfig:
|
||||
service:
|
||||
- namespace: 'cert-manager'
|
||||
+ namespace: kube-system
|
||||
name: 'cert-manager-webhook'
|
||||
path: /convert
|
||||
names:
|
||||
@@ -1797,7 +1797,7 @@
|
||||
metadata:
|
||||
name: challenges.acme.cert-manager.io
|
||||
annotations:
|
||||
- cert-manager.io/inject-ca-from-secret: 'cert-manager/cert-manager-webhook-ca'
|
||||
+ cert-manager.io/inject-ca-from-secret: 'kube-system/cert-manager-webhook-ca'
|
||||
labels:
|
||||
app: 'cert-manager'
|
||||
app.kubernetes.io/name: 'cert-manager'
|
||||
@@ -1831,7 +1831,7 @@
|
||||
# webhookClientConfig is required when strategy is `Webhook` and it configures the webhook endpoint to be called by API server.
|
||||
webhookClientConfig:
|
||||
service:
|
||||
- namespace: 'cert-manager'
|
||||
+ namespace: kube-system
|
||||
name: 'cert-manager-webhook'
|
||||
path: /convert
|
||||
names:
|
||||
@@ -6260,7 +6260,7 @@
|
||||
metadata:
|
||||
name: clusterissuers.cert-manager.io
|
||||
annotations:
|
||||
- cert-manager.io/inject-ca-from-secret: 'cert-manager/cert-manager-webhook-ca'
|
||||
+ cert-manager.io/inject-ca-from-secret: 'kube-system/cert-manager-webhook-ca'
|
||||
labels:
|
||||
app: 'cert-manager'
|
||||
app.kubernetes.io/name: 'cert-manager'
|
||||
@@ -6291,7 +6291,7 @@
|
||||
# webhookClientConfig is required when strategy is `Webhook` and it configures the webhook endpoint to be called by API server.
|
||||
webhookClientConfig:
|
||||
service:
|
||||
- namespace: 'cert-manager'
|
||||
+ namespace: kube-system
|
||||
name: 'cert-manager-webhook'
|
||||
path: /convert
|
||||
names:
|
||||
@@ -12084,7 +12084,7 @@
|
||||
metadata:
|
||||
name: issuers.cert-manager.io
|
||||
annotations:
|
||||
- cert-manager.io/inject-ca-from-secret: 'cert-manager/cert-manager-webhook-ca'
|
||||
+ cert-manager.io/inject-ca-from-secret: 'kube-system/cert-manager-webhook-ca'
|
||||
labels:
|
||||
app: 'cert-manager'
|
||||
app.kubernetes.io/name: 'cert-manager'
|
||||
@@ -12115,7 +12115,7 @@
|
||||
# webhookClientConfig is required when strategy is `Webhook` and it configures the webhook endpoint to be called by API server.
|
||||
webhookClientConfig:
|
||||
service:
|
||||
- namespace: 'cert-manager'
|
||||
+ namespace: kube-system
|
||||
name: 'cert-manager-webhook'
|
||||
path: /convert
|
||||
names:
|
||||
@@ -17905,7 +17905,7 @@
|
||||
metadata:
|
||||
name: orders.acme.cert-manager.io
|
||||
annotations:
|
||||
- cert-manager.io/inject-ca-from-secret: 'cert-manager/cert-manager-webhook-ca'
|
||||
+ cert-manager.io/inject-ca-from-secret: 'kube-system/cert-manager-webhook-ca'
|
||||
labels:
|
||||
app: 'cert-manager'
|
||||
app.kubernetes.io/name: 'cert-manager'
|
||||
@@ -17940,7 +17940,7 @@
|
||||
# webhookClientConfig is required when strategy is `Webhook` and it configures the webhook endpoint to be called by API server.
|
||||
webhookClientConfig:
|
||||
service:
|
||||
- namespace: 'cert-manager'
|
||||
+ namespace: kube-system
|
||||
name: 'cert-manager-webhook'
|
||||
path: /convert
|
||||
names:
|
||||
@@ -18515,11 +18515,6 @@
|
||||
after it is initially set.
|
||||
type: string
|
||||
---
|
||||
-apiVersion: v1
|
||||
-kind: Namespace
|
||||
-metadata:
|
||||
- name: cert-manager
|
||||
----
|
||||
# Source: cert-manager/templates/cainjector-serviceaccount.yaml
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
@@ -19100,7 +19095,7 @@
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: cert-manager-cainjector
|
||||
- namespace: cert-manager
|
||||
+ namespace: kube-system
|
||||
---
|
||||
# Source: cert-manager/templates/rbac.yaml
|
||||
# grant cert-manager permission to manage the leaderelection configmap in the
|
||||
@@ -19125,7 +19120,7 @@
|
||||
- apiGroup: ""
|
||||
kind: ServiceAccount
|
||||
name: cert-manager
|
||||
- namespace: cert-manager
|
||||
+ namespace: kube-system
|
||||
---
|
||||
# Source: cert-manager/templates/webhook-rbac.yaml
|
||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||
@@ -19148,7 +19143,7 @@
|
||||
- apiGroup: ""
|
||||
kind: ServiceAccount
|
||||
name: cert-manager-webhook
|
||||
- namespace: cert-manager
|
||||
+ namespace: kube-system
|
||||
---
|
||||
# Source: cert-manager/templates/service.yaml
|
||||
apiVersion: v1
|
|
@ -4,4 +4,6 @@ metadata:
|
|||
name: cert-manager
|
||||
resources:
|
||||
- url: https://github.com/jetstack/cert-manager/releases/download/v0.16.0/cert-manager.yaml
|
||||
sha256: 5770f5f01c10a902355b3522b8ce44508ebb6ec88955efde9a443afe5b3969d7
|
||||
sha256: 5770f5f01c10a902355b3522b8ce44508ebb6ec88955efde9a443afe5b3969d7
|
||||
patches:
|
||||
- cert-manager-namespace.patch
|
|
@ -1,2 +1,5 @@
|
|||
generators:
|
||||
- nginx-ingress-controller.yaml
|
||||
|
||||
patchesStrategicMerge:
|
||||
- nginx-ingress-controller-daemonset-patch.yaml
|
|
@ -0,0 +1,9 @@
|
|||
apiVersion: apps/v1
|
||||
kind: DaemonSet
|
||||
metadata:
|
||||
name: ingress-nginx-controller
|
||||
namespace: kube-system
|
||||
spec:
|
||||
template:
|
||||
spec:
|
||||
hostNetwork: true
|
|
@ -0,0 +1,11 @@
|
|||
--- a 2020-08-02 10:51:40.867697750 -0400
|
||||
+++ b 2020-08-02 10:54:35.864444036 -0400
|
||||
@@ -301,7 +291,7 @@
|
||||
---
|
||||
# Source: ingress-nginx/templates/controller-deployment.yaml
|
||||
apiVersion: apps/v1
|
||||
-kind: Deployment
|
||||
+kind: DaemonSet
|
||||
metadata:
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-2.0.3
|
|
@ -0,0 +1,345 @@
|
|||
--- a 2020-08-03 08:27:39.420706235 -0400
|
||||
+++ b 2020-08-03 08:29:09.257135444 -0400
|
||||
@@ -1,14 +1,4 @@
|
||||
-
|
||||
-apiVersion: v1
|
||||
-kind: Namespace
|
||||
-metadata:
|
||||
- name: ingress-nginx
|
||||
- labels:
|
||||
- app.kubernetes.io/name: ingress-nginx
|
||||
- app.kubernetes.io/instance: ingress-nginx
|
||||
-
|
||||
----
|
||||
-# Source: ingress-nginx/templates/controller-serviceaccount.yaml
|
||||
+# Source: kube-system/templates/controller-serviceaccount.yaml
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
@@ -20,9 +10,9 @@
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: controller
|
||||
name: ingress-nginx
|
||||
- namespace: ingress-nginx
|
||||
+ namespace: kube-system
|
||||
---
|
||||
-# Source: ingress-nginx/templates/controller-configmap.yaml
|
||||
+# Source: kube-system/templates/controller-configmap.yaml
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
@@ -34,10 +24,10 @@
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: controller
|
||||
name: ingress-nginx-controller
|
||||
- namespace: ingress-nginx
|
||||
+ namespace: kube-system
|
||||
data:
|
||||
---
|
||||
-# Source: ingress-nginx/templates/clusterrole.yaml
|
||||
+# Source: kube-system/templates/clusterrole.yaml
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
@@ -48,7 +38,7 @@
|
||||
app.kubernetes.io/version: 0.32.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
name: ingress-nginx
|
||||
- namespace: ingress-nginx
|
||||
+ namespace: kube-system
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ''
|
||||
@@ -108,7 +98,7 @@
|
||||
- list
|
||||
- watch
|
||||
---
|
||||
-# Source: ingress-nginx/templates/clusterrolebinding.yaml
|
||||
+# Source: kube-system/templates/clusterrolebinding.yaml
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
@@ -119,7 +109,7 @@
|
||||
app.kubernetes.io/version: 0.32.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
name: ingress-nginx
|
||||
- namespace: ingress-nginx
|
||||
+ namespace: kube-system
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
@@ -127,9 +117,9 @@
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: ingress-nginx
|
||||
- namespace: ingress-nginx
|
||||
+ namespace: kube-system
|
||||
---
|
||||
-# Source: ingress-nginx/templates/controller-role.yaml
|
||||
+# Source: kube-system/templates/controller-role.yaml
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
metadata:
|
||||
@@ -141,7 +131,7 @@
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: controller
|
||||
name: ingress-nginx
|
||||
- namespace: ingress-nginx
|
||||
+ namespace: kube-system
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ''
|
||||
@@ -224,7 +214,7 @@
|
||||
- create
|
||||
- patch
|
||||
---
|
||||
-# Source: ingress-nginx/templates/controller-rolebinding.yaml
|
||||
+# Source: kube-system/templates/controller-rolebinding.yaml
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
@@ -236,7 +226,7 @@
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: controller
|
||||
name: ingress-nginx
|
||||
- namespace: ingress-nginx
|
||||
+ namespace: kube-system
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
@@ -244,9 +234,9 @@
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: ingress-nginx
|
||||
- namespace: ingress-nginx
|
||||
+ namespace: kube-system
|
||||
---
|
||||
-# Source: ingress-nginx/templates/controller-service-webhook.yaml
|
||||
+# Source: kube-system/templates/controller-service-webhook.yaml
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
@@ -258,7 +248,7 @@
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: controller
|
||||
name: ingress-nginx-controller-admission
|
||||
- namespace: ingress-nginx
|
||||
+ namespace: kube-system
|
||||
spec:
|
||||
type: ClusterIP
|
||||
ports:
|
||||
@@ -270,7 +260,7 @@
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/component: controller
|
||||
---
|
||||
-# Source: ingress-nginx/templates/controller-service.yaml
|
||||
+# Source: kube-system/templates/controller-service.yaml
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
@@ -282,7 +272,7 @@
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: controller
|
||||
name: ingress-nginx-controller
|
||||
- namespace: ingress-nginx
|
||||
+ namespace: kube-system
|
||||
spec:
|
||||
type: NodePort
|
||||
ports:
|
||||
@@ -299,7 +289,7 @@
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/component: controller
|
||||
---
|
||||
-# Source: ingress-nginx/templates/controller-deployment.yaml
|
||||
+# Source: kube-system/templates/controller-deployment.yaml
|
||||
apiVersion: apps/v1
|
||||
kind: DaemonSet
|
||||
metadata:
|
||||
@@ -311,7 +301,7 @@
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: controller
|
||||
name: ingress-nginx-controller
|
||||
- namespace: ingress-nginx
|
||||
+ namespace: kube-system
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
@@ -341,7 +331,7 @@
|
||||
- /nginx-ingress-controller
|
||||
- --election-id=ingress-controller-leader
|
||||
- --ingress-class=nginx
|
||||
- - --configmap=ingress-nginx/ingress-nginx-controller
|
||||
+ - --configmap=kube-system/ingress-nginx-controller
|
||||
- --validating-webhook=:8443
|
||||
- --validating-webhook-certificate=/usr/local/certificates/cert
|
||||
- --validating-webhook-key=/usr/local/certificates/key
|
||||
@@ -407,7 +397,7 @@
|
||||
secret:
|
||||
secretName: ingress-nginx-admission
|
||||
---
|
||||
-# Source: ingress-nginx/templates/admission-webhooks/validating-webhook.yaml
|
||||
+# Source: kube-system/templates/admission-webhooks/validating-webhook.yaml
|
||||
apiVersion: admissionregistration.k8s.io/v1beta1
|
||||
kind: ValidatingWebhookConfiguration
|
||||
metadata:
|
||||
@@ -419,7 +409,7 @@
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
name: ingress-nginx-admission
|
||||
- namespace: ingress-nginx
|
||||
+ namespace: kube-system
|
||||
webhooks:
|
||||
- name: validate.nginx.ingress.kubernetes.io
|
||||
rules:
|
||||
@@ -436,11 +426,11 @@
|
||||
failurePolicy: Fail
|
||||
clientConfig:
|
||||
service:
|
||||
- namespace: ingress-nginx
|
||||
+ namespace: kube-system
|
||||
name: ingress-nginx-controller-admission
|
||||
path: /extensions/v1beta1/ingresses
|
||||
---
|
||||
-# Source: ingress-nginx/templates/admission-webhooks/job-patch/clusterrole.yaml
|
||||
+# Source: kube-system/templates/admission-webhooks/job-patch/clusterrole.yaml
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
@@ -455,7 +445,7 @@
|
||||
app.kubernetes.io/version: 0.32.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
- namespace: ingress-nginx
|
||||
+ namespace: kube-system
|
||||
rules:
|
||||
- apiGroups:
|
||||
- admissionregistration.k8s.io
|
||||
@@ -465,7 +455,7 @@
|
||||
- get
|
||||
- update
|
||||
---
|
||||
-# Source: ingress-nginx/templates/admission-webhooks/job-patch/clusterrolebinding.yaml
|
||||
+# Source: kube-system/templates/admission-webhooks/job-patch/clusterrolebinding.yaml
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
@@ -480,7 +470,7 @@
|
||||
app.kubernetes.io/version: 0.32.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
- namespace: ingress-nginx
|
||||
+ namespace: kube-system
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
@@ -488,9 +478,9 @@
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: ingress-nginx-admission
|
||||
- namespace: ingress-nginx
|
||||
+ namespace: kube-system
|
||||
---
|
||||
-# Source: ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml
|
||||
+# Source: kube-system/templates/admission-webhooks/job-patch/job-createSecret.yaml
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
@@ -505,7 +495,7 @@
|
||||
app.kubernetes.io/version: 0.32.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
- namespace: ingress-nginx
|
||||
+ namespace: kube-system
|
||||
spec:
|
||||
template:
|
||||
metadata:
|
||||
@@ -525,7 +515,7 @@
|
||||
args:
|
||||
- create
|
||||
- --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.ingress-nginx.svc
|
||||
- - --namespace=ingress-nginx
|
||||
+ - --namespace=kube-system
|
||||
- --secret-name=ingress-nginx-admission
|
||||
restartPolicy: OnFailure
|
||||
serviceAccountName: ingress-nginx-admission
|
||||
@@ -533,7 +523,7 @@
|
||||
runAsNonRoot: true
|
||||
runAsUser: 2000
|
||||
---
|
||||
-# Source: ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml
|
||||
+# Source: kube-system/templates/admission-webhooks/job-patch/job-patchWebhook.yaml
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
@@ -548,7 +538,7 @@
|
||||
app.kubernetes.io/version: 0.32.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
- namespace: ingress-nginx
|
||||
+ namespace: kube-system
|
||||
spec:
|
||||
template:
|
||||
metadata:
|
||||
@@ -568,7 +558,7 @@
|
||||
args:
|
||||
- patch
|
||||
- --webhook-name=ingress-nginx-admission
|
||||
- - --namespace=ingress-nginx
|
||||
+ - --namespace=kube-system
|
||||
- --patch-mutating=false
|
||||
- --secret-name=ingress-nginx-admission
|
||||
- --patch-failure-policy=Fail
|
||||
@@ -578,7 +568,7 @@
|
||||
runAsNonRoot: true
|
||||
runAsUser: 2000
|
||||
---
|
||||
-# Source: ingress-nginx/templates/admission-webhooks/job-patch/role.yaml
|
||||
+# Source: kube-system/templates/admission-webhooks/job-patch/role.yaml
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
metadata:
|
||||
@@ -593,7 +583,7 @@
|
||||
app.kubernetes.io/version: 0.32.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
- namespace: ingress-nginx
|
||||
+ namespace: kube-system
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ''
|
||||
@@ -603,7 +593,7 @@
|
||||
- get
|
||||
- create
|
||||
---
|
||||
-# Source: ingress-nginx/templates/admission-webhooks/job-patch/rolebinding.yaml
|
||||
+# Source: kube-system/templates/admission-webhooks/job-patch/rolebinding.yaml
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
@@ -618,7 +608,7 @@
|
||||
app.kubernetes.io/version: 0.32.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
- namespace: ingress-nginx
|
||||
+ namespace: kube-system
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
@@ -626,9 +616,9 @@
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: ingress-nginx-admission
|
||||
- namespace: ingress-nginx
|
||||
+ namespace: kube-system
|
||||
---
|
||||
-# Source: ingress-nginx/templates/admission-webhooks/job-patch/serviceaccount.yaml
|
||||
+# Source: kube-system/templates/admission-webhooks/job-patch/serviceaccount.yaml
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
@@ -643,4 +633,4 @@
|
||||
app.kubernetes.io/version: 0.32.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
- namespace: ingress-nginx
|
||||
+ namespace: kube-system
|
|
@ -4,4 +4,7 @@ metadata:
|
|||
name: nginx-ingress-controller
|
||||
resources:
|
||||
- url: https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-0.32.0/deploy/static/provider/baremetal/deploy.yaml
|
||||
sha256: b51736bb5cf846902ef5870d7d34e5627050ad8452850fdae0ab59fab54e69b6
|
||||
sha256: b51736bb5cf846902ef5870d7d34e5627050ad8452850fdae0ab59fab54e69b6
|
||||
patches:
|
||||
- nginx-ingress-controller-daemonset.patch
|
||||
- nginx-ingress-controller-namespace.patch
|
|
@ -1,4 +0,0 @@
|
|||
bases:
|
||||
- ../../bases/cert-manager
|
||||
|
||||
# namespace: cert-manager
|
|
@ -1,4 +0,0 @@
|
|||
bases:
|
||||
- ../../bases/ingress-nginx
|
||||
|
||||
# namespace: ingress-nginx
|
|
@ -0,0 +1,5 @@
|
|||
bases:
|
||||
- ../../bases/ingress-nginx
|
||||
- ../../bases/cert-manager
|
||||
|
||||
namespace: kube-system
|
|
@ -1,6 +1,5 @@
|
|||
bases:
|
||||
- ../../namespaces/cert-manager
|
||||
- ../../namespaces/ingress-nginx
|
||||
- ../../namespaces/kube-system
|
||||
|
||||
# allow "kubectl apply -l managed-by=auto-deploy --prune ..."
|
||||
commonlabels:
|
||||
|
|
Loading…
Reference in New Issue