How-to guides
Users can create the service by entering the required Data Flow information and selecting detailed options through the Samsung Cloud Platform Console.
Create Data Flow
You can create and use the Data Flow service in the Samsung Cloud Platform Console.
To create a Data Flow, follow these steps.
Click the All Services > Data Analytics > Data Flow menu. Navigate to the Service Home page of Data Flow.
On the Service Home page, click the Create Data Flow button. You will be taken to the Create Data Flow page.
On the Data Flow creation page, enter the information required to create the service and select detailed options.
- Version selection area, select the required information.
| Category | Required or optional | Detailed description |
|---|
| Data Flow version | Required | Select version of the selected image- Provide a list of versions for the provided server image
|
Table. Data Flow version selection item
- Enter or select the required information in the Cluster Selection area. To install Data Flow, you must first create nodes for the Kubernetes cluster and the working environment.
| Category | Required status | Detailed description |
|---|
| Cluster name | Required | Select the cluster to use |
| Ingress Controller | Required | Select the Ingress Controller installed in the cluster- In the Details tab of the installed Ingress Controller, add the following information to the ConfigMap entry.
- Key: allow-snippet-annotations
|
Table. Data Flow cluster selection options
- Enter or select the required information in the Service Information Input area.
| Category | Required | Detailed description |
|---|
| Data Flow name | Required | Enter Data Flow name- starting with a lowercase English letter and not ending with a special character (
-), using lowercase English letters, numbers, and special characters (-) to input 3 ~ 30 characters
|
| Storage Class | Required | Select the storage class used by the selected cluster |
| description | Select | Enter additional information or description about Data Flow within 150 characters. |
| Domain Settings | Required | Enter Data Flow domain- Start with a lowercase English letter and ensure it does not end with special characters (
-), using lowercase letters, numbers, and special characters (-) to enter 3 ~ 50 characters
- {Data Flow name}.{configured domain} becomes the Data Flow access URL.
|
| Node Selector | Required | To install on a specific node, enter a distinguishable label among the node’s labels- If you enter an incorrect node label, installation errors may occur, so verify the node label in advance
- Node labels can be found in the node’s yaml file
|
| account | Required | Enter Data Flow Manager account- ID: Enter a value between 6 and 30 characters, starting with a lowercase English letter and using lowercase letters and numbers
- Password: Enter 8 to 50 characters, including uppercase letters, lowercase letters, numbers, and special characters (! @ # $ % ^ & *)
- Confirm Password: Re-enter the password exactly the same
|
| Host Alias | Selection | Add host information to be linked with Data Flow (up to 20 total, including defaults)- Select Use, then click the + button
- Hostname: Enter a hostname or domain format using lowercase letters, numbers, and special characters (
-) with a length of 3 to 63 characters
- Click the X button to delete
- The added host information can be used only if the firewall between the cluster and the server is open
|
Table. Data Flow service information entry items
- In the Additional Information Input area, enter or select the required information.
| Category | Required status | Detailed description |
|---|
| tag | Selection | Add Tag- Add Tag Click the button to create and add a tag, or add an existing tag.
- You can add up to 50 tags.
- The newly added tags will be applied after the service creation is completed.
|
Table. Data Flow additional information input fields
Summary Check the detailed information and estimated billing amount generated in the panel, and click the Complete button.
- When creation is complete, check the created resource on the Data Flow List page.
Check detailed information of Data Flow
You can view and edit the full list of resources and detailed information of a Data Flow. The Data Flow Details page consists of Details, Tags, Activity Log tabs.
To view detailed information of the Data Flow, follow these steps.
- Click the All Services > Data Analytics > Data Flow menu. Navigate to the Service Home page of Data Flow.
- On the Service Home page, click the Data Flow menu. You will be taken to the Data Flow List page.
- On the Data Flow List page, click the resource to view detailed information. You will be taken to the Data Flow Detail page.
- Data Flow Details At the top of the page, status information and additional feature information are displayed.
| Category | Detailed description |
|---|
| Status indicator | Data Flow status- Running: Running, Data Flow Services can be created
- Updating: Updating settings
- Error: error occurred during creation or service abnormal state
|
| Hosts file configuration information | Button to view and copy the host file information for accessing Data Flow |
| Service termination | Cancel Service button |
Table. Data Flow status information and additional functions
On the Data Flow list page, you can view detailed information of the selected resource and edit the information if needed.
| Category | Detailed description |
|---|
| service | Service name |
| Resource Type | Resource Type |
| SRN | Unique resource ID in Samsung Cloud Platform |
| Resource name | resource name |
| Resource ID | Unique resource ID in the service |
| constructor | User who created the service |
| Creation date and time | Service creation date and time |
| editor | User who edited the service information |
| Modification date | Date and time the service information was modified |
| Cluster name | Cluster name of the configured servers |
| Storage Class | Storage class used by the selected cluster |
| Explanation | Additional information or explanation about Data Flow |
| Domain Settings | Data Flow domain name |
| Node Selector | Node Label |
| Web Url | Data Flow URL |
| account | Data Flow Manager account |
| Host Alias | Host information to be connected with Data Flow |
Table. Data Flow Detailed Information Tab Items
tag
Data Flow List page lets you view the tag information of the selected resource, and you can add, modify, or delete it.
| Category | Detailed description |
|---|
| Tag list | Tag list- You can view the Key, Value information of the tag
- Up to 50 tags can be added per resource
- When entering a tag, you can search and select from the list of previously created Keys and Values
|
Table. Data Flow Tag Tab Items
Job History
You can view the operation history of the selected resource on the Data Flow List page.
| Category | Detailed description |
|---|
| Task History List | Resource Change History- Operation Time, Resource ID, Resource Name, Operation Details, Event Topic, Operation Result, Check operator information
|
Table. Data Flow Job History Tab Detailed Information Items
Terminate Data Flow
You can cancel unused Data Flow to reduce operating costs. However, if you cancel a service, the running service may be terminated immediately, so you should thoroughly consider the impact of service interruption before proceeding with the cancellation.
To cancel the Data Flow, follow the steps below.
- Click the All Services > Data Analytics > Data Flow menu. Navigate to the Service Home page of Data Flow.
- On the Service Home page, click the Data Flow menu. You will be taken to the Data Flow List page.
- On the Data Flow List page, select the resource to cancel, and click the Cancel Service button.
- When termination is complete, check on the Data Flow List page whether the resource has been terminated.
Information
- Data Flow can be cancelled only after first deleting the associated Data Flow Services.
- If you cancel Data Flow, the created namespace will also be deleted.
1 - Data Flow Services
Users can create the service by entering the required information for Data Flow Services within the Data Flow service through the Samsung Cloud Platform Console and selecting detailed options.
Creating Data Flow Services
Users can add a service by selecting detailed options for Data Flow or by entering configuration values.
Information
When applying for Data Flow Services, the resource size must be secured to be at least the available capacity of the K8s cluster.
To create Data Flow Services, follow these steps.
Click the All Services > Data Analytics > Data Flow menu. You will be taken to the Data Flow Service Home page.
From the Service Home page, click Data Flow Servies. Navigate to the Data Flow Services list page.
On the Data Flow Services List page, click the Data Flow Services Create button. You will be taken to the Data Flow Services Create page.
Data Flow Services Creation page: enter the information required to create the service and select detailed options.
- Enter or select the required information in the Service Information Input area.
| Category | Required | Detailed description |
|---|
| Data Flow name | Required | Select Data Flow |
| Flow Service name | Required | Enter Data Flow Services name- Start with a lowercase English letter and ensure it does not end with a special character (
-), using lowercase letters, numbers, and special characters (-) to enter 3 to 30 characters
|
| Storage Class | Required | Select the storage class used by the selected cluster |
| description | Selection | Enter additional information or description about Data Flow Services within 150 characters. |
| Domain Settings | Required | Data Flow Services domain input- Start with a lowercase English letter and ensure it does not end with a special character (
-), using lowercase letters, numbers, and special characters (-) to enter 3 to 50 characters
- {Data Flow Services name}.{configured domain} becomes the Data Flow Services access URL.
|
| Node Selector | Required | To install on a specific node, enter a distinguishable label among the node’s Labels- If you enter an incorrect node label, installation errors may occur, so verify the node label in advance
- The node label can be found in the node’s yaml file
|
| Service Workload | Required | - Nifi: Module that provides Apache Nifi’s services and UI
- Nifi Registry: Module that configures and deploys Nifi templates
- Zookeeper: Module that supports proper distributed processing of Nifi across multiple nodes
|
| account | Required | Enter Nifi account- ID: Enter a value between 6 and 30 characters, starting with a lowercase English letter and using lowercase letters and numbers
- Password: Enter 8 to 50 characters, including uppercase letters, lowercase letters, numbers, and special characters(
!@#$%^&*)
- Confirm Password: Re-enter the password exactly the same
|
Table. Data Flow Services service information input items
- In the Additional Information Input area, enter or select the required information.
| Category | Required | Detailed description |
|---|
| Host Alias | Selection | Add host information to be linked with Data Flow (up to 20 total, including defaults)- Select Use, then click the + button
- Hostname: Enter a hostname or domain format using lowercase letters, numbers, and special characters (
-) with a length of 3 to 63 characters
- To delete, click the X button
- The added host information can be used only if the firewall between the cluster and the server is open
|
| tag | Selection | Add Tag- Add Tag Click the button to create and add a tag, or add an existing tag.
- You can add up to 50 tags.
- The newly added tags will be applied after the service creation is completed.
|
Table. Data Flow additional information input fields
Summary Verify the detailed information and estimated billing amount generated in the panel, then click the Complete button.
- Once creation is complete, check the created resources on the Data Flow Services List page.
Data Flow Services Check detailed information
You can view and edit the complete list of resources and detailed information for Data Flow Services. Data Flow Services Details page consists of Details, Tags, Operation History tabs.
To view detailed information about Data Flow Services, follow these steps.
- Click the All Services > Data Analytics > Data Flow menu. Navigate to the Service Home page of Data Flow.
- On the Service Home page, click the Data Flow Services menu. You will be taken to the Data Flow Services list page.
- On the Data Flow Services List page, click the resource to view detailed information. You will be taken to the Data Flow Services Details page.
- Data Flow Services Details At the top of the page, status information and additional feature information are displayed.
| Category | Detailed description |
|---|
| Status display | Data Flow Services status- Updating: Updating configuration
- Terminating: Terminating service
- Error: Creation failed or service unavailable
|
| Hosts file configuration information | Button to view and copy the host file information needed to access Data Flow Services |
| Delete Data Flow Services | Cancel Service button |
Table. Data Flow Services status information and additional functions
Data Flow Services List page lets you view detailed information of the selected resource and edit the information if needed.
| Category | Detailed description |
|---|
| service | Service name |
| Resource Type | Resource Type |
| SRN | Unique resource ID in Samsung Cloud Platform- refers to the cluster SRN
|
| Resource name | Resource name |
| Resource ID | Unique resource ID in the service |
| constructor | User who created the service |
| Creation date and time | Service creation date and time |
| editor | User who edited the service information |
| Modification date | Date and time the service information was modified |
| Data Flow name | Data Flow name |
| Storage Class | Storage class used by the selected cluster |
| description | Additional information or explanation about Data Flow Services |
| Domain Settings | Data Flow Services domain name |
| Node Selector | Node Label |
| Web Url | Data Flow Services URL |
| account | Airflow account |
| Host Alias | Host information to be connected to Data Flow Services |
Table. Data Flow Services detailed information tab items
tag
Data Flow Services List page allows you to view the tag information of the selected resource, and you can add, modify, or delete it.
| Category | Detailed description |
|---|
| Tag list | Tag list- You can view the Key, Value information of the tag
- Up to 50 tags can be added per resource
- When entering a tag, you can search and select from the list of previously created Keys and Values
|
Table. Data Flow Services Tag Tab Items
Job History
Data Flow Services List page lets you view the operation history of the selected resource.
| Category | Detailed description |
|---|
| Task History List | Resource Change History- Operation Time, Resource ID, Resource Name, Operation Details, Event Topic, Operation Result, Check Operator Information
|
Table. Data Flow Services Job History Tab Detailed Information Items
Terminate Data Flow Services
You can cancel unused Data Flow Services to reduce operating costs. However, if you cancel the service, the running service may be stopped immediately, so you should thoroughly consider the impact of service interruption before proceeding with the cancellation.
To cancel Data Flow or Data Flow Services, follow the steps below.
- Click the All Services > Data Analytics > Data Flow menu. You will be taken to the Service Home page of Data Flow.
- On the Service Home page, click the Data Flow Services menu. You will be taken to the Data Flow Services list page.
- On the Data Flow Services List page, select the resource to cancel, and click the Data Flow Services Delete button.
- When termination is complete, check on the Data Flow Services list page whether the resource has been terminated.
information
- If you cancel Data Flow Services, the created namespace will also be deleted.
2 - Install Ingress Controller
The user must install an Ingress Controller before creating a Data Flow service. Only one Ingress Controller should be installed in the Kubernetes cluster.
Installing Ingress Controller using Container Registry
Follow these steps to install the Ingress Controller using the Container Registry.
For detailed instructions on creating a Container Registry, see the
Container > Container Registry > How-to guides guide.
- After checking the service domain, download the corresponding Ingress Controller image file.
Table. Yaml file by domain
- Click the All Services > Container > Kubernetes Engine > Workloads > Pods menu. You will be taken to the Pod List page.
- Click the Create Object button. The Create Object popup window opens.
- After selecting the cluster where you will install Data Flow, copy and paste the contents of the Yaml file.
- Click the Confirm button to complete the installation. The installed Ingress Controller can be viewed in the list.
IngressController For Enterprise (KR-WEST1)
apiVersion: v1
kind: Namespace
metadata:
labels:
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
name: dss-ingress
---
apiVersion: v1
automountServiceAccountToken: true
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress
namespace: dss-ingress
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress
namespace: dss-ingress
rules:
- apiGroups:
-
resources:
- namespaces
verbs:
- get
- apiGroups:
-
resources:
- configmaps
- pods
- secrets
- endpoints
verbs:
- get
- list
- watch
- apiGroups:
-
resources:
- services
verbs:
- get
- list
- watch
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- networking.k8s.io
resources:
- ingresses/status
verbs:
- update
- apiGroups:
- networking.k8s.io
resources:
- ingressclasses
verbs:
- get
- list
- watch
- apiGroups:
- coordination.k8s.io
resourceNames:
- dss-ingress-nginx-leader
resources:
- leases
verbs:
- get
- update
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- create
- apiGroups:
-
resources:
- events
verbs:
- create
- patch
- apiGroups:
- discovery.k8s.io
resources:
- endpointslices
verbs:
- list
- watch
- get
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress
rules:
- apiGroups:
- ""
resources:
- configmaps
- endpoints
- nodes
- pods
- secrets
- namespaces
verbs:
- list
- watch
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- apiGroups:
- ""
resources:
- services
verbs:
- get
- list
- watch
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- networking.k8s.io
resources:
- ingresses/status
verbs:
- update
- apiGroups:
- networking.k8s.io
resources:
- ingressclasses
verbs:
- get
- list
- watch
- apiGroups:
- discovery.k8s.io
resources:
- endpointslices
verbs:
- list
- watch
- get
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress
namespace: dss-ingress
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: dss-ingress
subjects:
- kind: ServiceAccount
name: dss-ingress
namespace: dss-ingress
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: dss-ingress
subjects:
- kind: ServiceAccount
name: dss-ingress
namespace: dss-ingress
---
apiVersion: v1
data:
allow-snippet-annotations: "true"
annotations-risk-level: Critical
kind: ConfigMap
metadata:
labels:
app: ingress-controller
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress-controller
namespace: dss-ingress
---
apiVersion: v1
kind: Service
metadata:
labels:
app: ingress-controller
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress-controller
namespace: dss-ingress
spec:
externalTrafficPolicy: Cluster
ipFamilies:
- IPv4
ipFamilyPolicy: SingleStack
ports:
- appProtocol: http
name: http
nodePort: 30708
port: 80
protocol: TCP
targetPort: http
- appProtocol: https
name: https
nodePort: 31416
port: 443
protocol: TCP
targetPort: https
selector:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
type: NodePort
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: ingress-controller
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress-controller
namespace: dss-ingress
spec:
minReadySeconds: 0
revisionHistoryLimit: 10
selector:
matchLabels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
strategy:
rollingUpdate:
maxUnavailable: 1
type: RollingUpdate
template:
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
spec:
containers:
- args:
- /nginx-ingress-controller
- --publish-service=$(POD_NAMESPACE)/dss-ingress-controller
- --election-id=dss-ingress-nginx-leader
- --controller-class=k8s.io/dss-ingress-controller
- --ingress-class=dss-nginx
- --configmap=$(POD_NAMESPACE)/dss-ingress-controller
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: LD_PRELOAD
value: /usr/local/lib/libmimalloc.so
image: brightixscr.scr.private.kr-west1.e.samsungsdscloud.com/brightics-df/nginx-ingress-controller:v1.12.3
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
exec:
command:
- /wait-shutdown
livenessProbe:
failureThreshold: 5
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
name: controller
ports:
- containerPort: 80
name: http
protocol: TCP
- containerPort: 443
name: https
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
resources:
requests:
cpu: 100m
memory: 90Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
add:
- NET_BIND_SERVICE
drop:
- ALL
readOnlyRootFilesystem: false
runAsGroup: 82
runAsNonRoot: true
runAsUser: 101
seccompProfile:
type: RuntimeDefault
dnsPolicy: ClusterFirst
nodeSelector:
kubernetes.io/os: linux
serviceAccountName: dss-ingress
terminationGracePeriodSeconds: 300
---
apiVersion: networking.k8s.io/v1
kind: IngressClass
metadata:
annotations:
ingressclass.kubernetes.io/is-default-class: "true"
labels:
app: ingress-controller
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-nginx
spec:
controller: k8s.io/dss-ingress-controller
apiVersion: v1
kind: Namespace
metadata:
labels:
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
name: dss-ingress
---
apiVersion: v1
automountServiceAccountToken: true
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress
namespace: dss-ingress
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress
namespace: dss-ingress
rules:
- apiGroups:
-
resources:
- namespaces
verbs:
- get
- apiGroups:
-
resources:
- configmaps
- pods
- secrets
- endpoints
verbs:
- get
- list
- watch
- apiGroups:
-
resources:
- services
verbs:
- get
- list
- watch
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- networking.k8s.io
resources:
- ingresses/status
verbs:
- update
- apiGroups:
- networking.k8s.io
resources:
- ingressclasses
verbs:
- get
- list
- watch
- apiGroups:
- coordination.k8s.io
resourceNames:
- dss-ingress-nginx-leader
resources:
- leases
verbs:
- get
- update
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- create
- apiGroups:
-
resources:
- events
verbs:
- create
- patch
- apiGroups:
- discovery.k8s.io
resources:
- endpointslices
verbs:
- list
- watch
- get
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress
rules:
- apiGroups:
- ""
resources:
- configmaps
- endpoints
- nodes
- pods
- secrets
- namespaces
verbs:
- list
- watch
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- apiGroups:
- ""
resources:
- services
verbs:
- get
- list
- watch
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- networking.k8s.io
resources:
- ingresses/status
verbs:
- update
- apiGroups:
- networking.k8s.io
resources:
- ingressclasses
verbs:
- get
- list
- watch
- apiGroups:
- discovery.k8s.io
resources:
- endpointslices
verbs:
- list
- watch
- get
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress
namespace: dss-ingress
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: dss-ingress
subjects:
- kind: ServiceAccount
name: dss-ingress
namespace: dss-ingress
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: dss-ingress
subjects:
- kind: ServiceAccount
name: dss-ingress
namespace: dss-ingress
---
apiVersion: v1
data:
allow-snippet-annotations: "true"
annotations-risk-level: Critical
kind: ConfigMap
metadata:
labels:
app: ingress-controller
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress-controller
namespace: dss-ingress
---
apiVersion: v1
kind: Service
metadata:
labels:
app: ingress-controller
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress-controller
namespace: dss-ingress
spec:
externalTrafficPolicy: Cluster
ipFamilies:
- IPv4
ipFamilyPolicy: SingleStack
ports:
- appProtocol: http
name: http
nodePort: 30708
port: 80
protocol: TCP
targetPort: http
- appProtocol: https
name: https
nodePort: 31416
port: 443
protocol: TCP
targetPort: https
selector:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
type: NodePort
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: ingress-controller
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress-controller
namespace: dss-ingress
spec:
minReadySeconds: 0
revisionHistoryLimit: 10
selector:
matchLabels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
strategy:
rollingUpdate:
maxUnavailable: 1
type: RollingUpdate
template:
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
spec:
containers:
- args:
- /nginx-ingress-controller
- --publish-service=$(POD_NAMESPACE)/dss-ingress-controller
- --election-id=dss-ingress-nginx-leader
- --controller-class=k8s.io/dss-ingress-controller
- --ingress-class=dss-nginx
- --configmap=$(POD_NAMESPACE)/dss-ingress-controller
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: LD_PRELOAD
value: /usr/local/lib/libmimalloc.so
image: brightixscr.scr.private.kr-west1.e.samsungsdscloud.com/brightics-df/nginx-ingress-controller:v1.12.3
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
exec:
command:
- /wait-shutdown
livenessProbe:
failureThreshold: 5
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
name: controller
ports:
- containerPort: 80
name: http
protocol: TCP
- containerPort: 443
name: https
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
resources:
requests:
cpu: 100m
memory: 90Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
add:
- NET_BIND_SERVICE
drop:
- ALL
readOnlyRootFilesystem: false
runAsGroup: 82
runAsNonRoot: true
runAsUser: 101
seccompProfile:
type: RuntimeDefault
dnsPolicy: ClusterFirst
nodeSelector:
kubernetes.io/os: linux
serviceAccountName: dss-ingress
terminationGracePeriodSeconds: 300
---
apiVersion: networking.k8s.io/v1
kind: IngressClass
metadata:
annotations:
ingressclass.kubernetes.io/is-default-class: "true"
labels:
app: ingress-controller
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-nginx
spec:
controller: k8s.io/dss-ingress-controller
IngressController For Enterprise (KR-EAST1)
apiVersion: v1
kind: Namespace
metadata:
labels:
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
name: dss-ingress
---
apiVersion: v1
automountServiceAccountToken: true
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress
namespace: dss-ingress
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress
namespace: dss-ingress
rules:
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- apiGroups:
- ""
resources:
- configmaps
- pods
- secrets
- endpoints
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- services
verbs:
- get
- list
- watch
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- networking.k8s.io
resources:
- ingresses/status
verbs:
- update
- apiGroups:
- networking.k8s.io
resources:
- ingressclasses
verbs:
- get
- list
- watch
- apiGroups:
- coordination.k8s.io
resourceNames:
- dss-ingress-nginx-leader
resources:
- leases
verbs:
- get
- update
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- create
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- discovery.k8s.io
resources:
- endpointslices
verbs:
- list
- watch
- get
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress
rules:
- apiGroups:
-
resources:
- configmaps
- endpoints
- nodes
- pods
- secrets
- namespaces
verbs:
- list
- watch
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- list
- watch
- apiGroups:
-
resources:
- nodes
verbs:
- get
- apiGroups:
-
resources:
- services
verbs:
- get
- list
- watch
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
-
resources:
- events
verbs:
- create
- patch
- apiGroups:
- networking.k8s.io
resources:
- ingresses/status
verbs:
- update
- apiGroups:
- networking.k8s.io
resources:
- ingressclasses
verbs:
- get
- list
- watch
- apiGroups:
- discovery.k8s.io
resources:
- endpointslices
verbs:
- list
- watch
- get
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress
namespace: dss-ingress
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: dss-ingress
subjects:
- kind: ServiceAccount
name: dss-ingress
namespace: dss-ingress
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: dss-ingress
subjects:
- kind: ServiceAccount
name: dss-ingress
namespace: dss-ingress
---
apiVersion: v1
data:
allow-snippet-annotations: "true"
annotations-risk-level: Critical
kind: ConfigMap
metadata:
labels:
app: ingress-controller
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress-controller
namespace: dss-ingress
---
apiVersion: v1
kind: Service
metadata:
labels:
app: ingress-controller
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress-controller
namespace: dss-ingress
spec:
externalTrafficPolicy: Cluster
ipFamilies:
- IPv4
ipFamilyPolicy: SingleStack
ports:
- appProtocol: http
name: http
nodePort: 30708
port: 80
protocol: TCP
targetPort: http
- appProtocol: https
name: https
nodePort: 31416
port: 443
protocol: TCP
targetPort: https
selector:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
type: NodePort
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: ingress-controller
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress-controller
namespace: dss-ingress
spec:
minReadySeconds: 0
revisionHistoryLimit: 10
selector:
matchLabels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
strategy:
rollingUpdate:
maxUnavailable: 1
type: RollingUpdate
template:
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
spec:
containers:
- args:
- /nginx-ingress-controller
- --publish-service=$(POD_NAMESPACE)/dss-ingress-controller
- --election-id=dss-ingress-nginx-leader
- --controller-class=k8s.io/dss-ingress-controller
- --ingress-class=dss-nginx
- --configmap=$(POD_NAMESPACE)/dss-ingress-controller
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: LD_PRELOAD
value: /usr/local/lib/libmimalloc.so
image: brightixscr.scr.private.kr-east1.e.samsungsdscloud.com/brightics-df/nginx-ingress-controller:v1.12.3
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
exec:
command:
- /wait-shutdown
livenessProbe:
failureThreshold: 5
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
name: controller
ports:
- containerPort: 80
name: http
protocol: TCP
- containerPort: 443
name: https
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
resources:
requests:
cpu: 100m
memory: 90Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
add:
- NET_BIND_SERVICE
drop:
- ALL
readOnlyRootFilesystem: false
runAsGroup: 82
runAsNonRoot: true
runAsUser: 101
seccompProfile:
type: RuntimeDefault
dnsPolicy: ClusterFirst
nodeSelector:
kubernetes.io/os: linux
serviceAccountName: dss-ingress
terminationGracePeriodSeconds: 300
---
apiVersion: networking.k8s.io/v1
kind: IngressClass
metadata:
annotations:
ingressclass.kubernetes.io/is-default-class: "true"
labels:
app: ingress-controller
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-nginx
spec:
controller: k8s.io/dss-ingress-controller
apiVersion: v1
kind: Namespace
metadata:
labels:
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
name: dss-ingress
---
apiVersion: v1
automountServiceAccountToken: true
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress
namespace: dss-ingress
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress
namespace: dss-ingress
rules:
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- apiGroups:
- ""
resources:
- configmaps
- pods
- secrets
- endpoints
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- services
verbs:
- get
- list
- watch
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- networking.k8s.io
resources:
- ingresses/status
verbs:
- update
- apiGroups:
- networking.k8s.io
resources:
- ingressclasses
verbs:
- get
- list
- watch
- apiGroups:
- coordination.k8s.io
resourceNames:
- dss-ingress-nginx-leader
resources:
- leases
verbs:
- get
- update
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- create
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- discovery.k8s.io
resources:
- endpointslices
verbs:
- list
- watch
- get
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress
rules:
- apiGroups:
-
resources:
- configmaps
- endpoints
- nodes
- pods
- secrets
- namespaces
verbs:
- list
- watch
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- list
- watch
- apiGroups:
-
resources:
- nodes
verbs:
- get
- apiGroups:
-
resources:
- services
verbs:
- get
- list
- watch
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
-
resources:
- events
verbs:
- create
- patch
- apiGroups:
- networking.k8s.io
resources:
- ingresses/status
verbs:
- update
- apiGroups:
- networking.k8s.io
resources:
- ingressclasses
verbs:
- get
- list
- watch
- apiGroups:
- discovery.k8s.io
resources:
- endpointslices
verbs:
- list
- watch
- get
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress
namespace: dss-ingress
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: dss-ingress
subjects:
- kind: ServiceAccount
name: dss-ingress
namespace: dss-ingress
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: dss-ingress
subjects:
- kind: ServiceAccount
name: dss-ingress
namespace: dss-ingress
---
apiVersion: v1
data:
allow-snippet-annotations: "true"
annotations-risk-level: Critical
kind: ConfigMap
metadata:
labels:
app: ingress-controller
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress-controller
namespace: dss-ingress
---
apiVersion: v1
kind: Service
metadata:
labels:
app: ingress-controller
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress-controller
namespace: dss-ingress
spec:
externalTrafficPolicy: Cluster
ipFamilies:
- IPv4
ipFamilyPolicy: SingleStack
ports:
- appProtocol: http
name: http
nodePort: 30708
port: 80
protocol: TCP
targetPort: http
- appProtocol: https
name: https
nodePort: 31416
port: 443
protocol: TCP
targetPort: https
selector:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
type: NodePort
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: ingress-controller
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress-controller
namespace: dss-ingress
spec:
minReadySeconds: 0
revisionHistoryLimit: 10
selector:
matchLabels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
strategy:
rollingUpdate:
maxUnavailable: 1
type: RollingUpdate
template:
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
spec:
containers:
- args:
- /nginx-ingress-controller
- --publish-service=$(POD_NAMESPACE)/dss-ingress-controller
- --election-id=dss-ingress-nginx-leader
- --controller-class=k8s.io/dss-ingress-controller
- --ingress-class=dss-nginx
- --configmap=$(POD_NAMESPACE)/dss-ingress-controller
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: LD_PRELOAD
value: /usr/local/lib/libmimalloc.so
image: brightixscr.scr.private.kr-east1.e.samsungsdscloud.com/brightics-df/nginx-ingress-controller:v1.12.3
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
exec:
command:
- /wait-shutdown
livenessProbe:
failureThreshold: 5
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
name: controller
ports:
- containerPort: 80
name: http
protocol: TCP
- containerPort: 443
name: https
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
resources:
requests:
cpu: 100m
memory: 90Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
add:
- NET_BIND_SERVICE
drop:
- ALL
readOnlyRootFilesystem: false
runAsGroup: 82
runAsNonRoot: true
runAsUser: 101
seccompProfile:
type: RuntimeDefault
dnsPolicy: ClusterFirst
nodeSelector:
kubernetes.io/os: linux
serviceAccountName: dss-ingress
terminationGracePeriodSeconds: 300
---
apiVersion: networking.k8s.io/v1
kind: IngressClass
metadata:
annotations:
ingressclass.kubernetes.io/is-default-class: "true"
labels:
app: ingress-controller
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-nginx
spec:
controller: k8s.io/dss-ingress-controller
IngressController For Samsung (KR-WESTT1)
apiVersion: v1
kind: Namespace
metadata:
labels:
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
name: dss-ingress
---
apiVersion: v1
automountServiceAccountToken: true
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress
namespace: dss-ingress
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress
namespace: dss-ingress
rules:
- apiGroups:
-
resources:
- namespaces
verbs:
- get
- apiGroups:
-
resources:
- configmaps
- pods
- secrets
- endpoints
verbs:
- get
- list
- watch
- apiGroups:
-
resources:
- services
verbs:
- get
- list
- watch
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- networking.k8s.io
resources:
- ingresses/status
verbs:
- update
- apiGroups:
- networking.k8s.io
resources:
- ingressclasses
verbs:
- get
- list
- watch
- apiGroups:
- coordination.k8s.io
resourceNames:
- dss-ingress-nginx-leader
resources:
- leases
verbs:
- get
- update
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- create
- apiGroups:
-
resources:
- events
verbs:
- create
- patch
- apiGroups:
- discovery.k8s.io
resources:
- endpointslices
verbs:
- list
- watch
- get
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress
rules:
- apiGroups:
- ""
resources:
- configmaps
- endpoints
- nodes
- pods
- secrets
- namespaces
verbs:
- list
- watch
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- apiGroups:
- ""
resources:
- services
verbs:
- get
- list
- watch
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- networking.k8s.io
resources:
- ingresses/status
verbs:
- update
- apiGroups:
- networking.k8s.io
resources:
- ingressclasses
verbs:
- get
- list
- watch
- apiGroups:
- discovery.k8s.io
resources:
- endpointslices
verbs:
- list
- watch
- get
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress
namespace: dss-ingress
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: dss-ingress
subjects:
- kind: ServiceAccount
name: dss-ingress
namespace: dss-ingress
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: dss-ingress
subjects:
- kind: ServiceAccount
name: dss-ingress
namespace: dss-ingress
---
apiVersion: v1
data:
allow-snippet-annotations: "true"
annotations-risk-level: Critical
kind: ConfigMap
metadata:
labels:
app: ingress-controller
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress-controller
namespace: dss-ingress
---
apiVersion: v1
kind: Service
metadata:
labels:
app: ingress-controller
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress-controller
namespace: dss-ingress
spec:
externalTrafficPolicy: Cluster
ipFamilies:
- IPv4
ipFamilyPolicy: SingleStack
ports:
- appProtocol: http
name: http
nodePort: 30708
port: 80
protocol: TCP
targetPort: http
- appProtocol: https
name: https
nodePort: 31416
port: 443
protocol: TCP
targetPort: https
selector:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
type: NodePort
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: ingress-controller
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress-controller
namespace: dss-ingress
spec:
minReadySeconds: 0
revisionHistoryLimit: 10
selector:
matchLabels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
strategy:
rollingUpdate:
maxUnavailable: 1
type: RollingUpdate
template:
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
spec:
containers:
- args:
- /nginx-ingress-controller
- --publish-service=$(POD_NAMESPACE)/dss-ingress-controller
- --election-id=dss-ingress-nginx-leader
- --controller-class=k8s.io/dss-ingress-controller
- --ingress-class=dss-nginx
- --configmap=$(POD_NAMESPACE)/dss-ingress-controller
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: LD_PRELOAD
value: /usr/local/lib/libmimalloc.so
image: brightixscr.scr.private.kr-west1.s.samsungsdscloud.com/brightics-df/nginx-ingress-controller:v1.12.3
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
exec:
command:
- /wait-shutdown
livenessProbe:
failureThreshold: 5
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
name: controller
ports:
- containerPort: 80
name: http
protocol: TCP
- containerPort: 443
name: https
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
resources:
requests:
cpu: 100m
memory: 90Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
add:
- NET_BIND_SERVICE
drop:
- ALL
readOnlyRootFilesystem: false
runAsGroup: 82
runAsNonRoot: true
runAsUser: 101
seccompProfile:
type: RuntimeDefault
dnsPolicy: ClusterFirst
nodeSelector:
kubernetes.io/os: linux
serviceAccountName: dss-ingress
terminationGracePeriodSeconds: 300
---
apiVersion: networking.k8s.io/v1
kind: IngressClass
metadata:
annotations:
ingressclass.kubernetes.io/is-default-class: "true"
labels:
app: ingress-controller
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-nginx
spec:
controller: k8s.io/dss-ingress-controller
apiVersion: v1
kind: Namespace
metadata:
labels:
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
name: dss-ingress
---
apiVersion: v1
automountServiceAccountToken: true
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress
namespace: dss-ingress
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress
namespace: dss-ingress
rules:
- apiGroups:
-
resources:
- namespaces
verbs:
- get
- apiGroups:
-
resources:
- configmaps
- pods
- secrets
- endpoints
verbs:
- get
- list
- watch
- apiGroups:
-
resources:
- services
verbs:
- get
- list
- watch
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- networking.k8s.io
resources:
- ingresses/status
verbs:
- update
- apiGroups:
- networking.k8s.io
resources:
- ingressclasses
verbs:
- get
- list
- watch
- apiGroups:
- coordination.k8s.io
resourceNames:
- dss-ingress-nginx-leader
resources:
- leases
verbs:
- get
- update
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- create
- apiGroups:
-
resources:
- events
verbs:
- create
- patch
- apiGroups:
- discovery.k8s.io
resources:
- endpointslices
verbs:
- list
- watch
- get
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress
rules:
- apiGroups:
- ""
resources:
- configmaps
- endpoints
- nodes
- pods
- secrets
- namespaces
verbs:
- list
- watch
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- apiGroups:
- ""
resources:
- services
verbs:
- get
- list
- watch
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- networking.k8s.io
resources:
- ingresses/status
verbs:
- update
- apiGroups:
- networking.k8s.io
resources:
- ingressclasses
verbs:
- get
- list
- watch
- apiGroups:
- discovery.k8s.io
resources:
- endpointslices
verbs:
- list
- watch
- get
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress
namespace: dss-ingress
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: dss-ingress
subjects:
- kind: ServiceAccount
name: dss-ingress
namespace: dss-ingress
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: dss-ingress
subjects:
- kind: ServiceAccount
name: dss-ingress
namespace: dss-ingress
---
apiVersion: v1
data:
allow-snippet-annotations: "true"
annotations-risk-level: Critical
kind: ConfigMap
metadata:
labels:
app: ingress-controller
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress-controller
namespace: dss-ingress
---
apiVersion: v1
kind: Service
metadata:
labels:
app: ingress-controller
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress-controller
namespace: dss-ingress
spec:
externalTrafficPolicy: Cluster
ipFamilies:
- IPv4
ipFamilyPolicy: SingleStack
ports:
- appProtocol: http
name: http
nodePort: 30708
port: 80
protocol: TCP
targetPort: http
- appProtocol: https
name: https
nodePort: 31416
port: 443
protocol: TCP
targetPort: https
selector:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
type: NodePort
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: ingress-controller
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress-controller
namespace: dss-ingress
spec:
minReadySeconds: 0
revisionHistoryLimit: 10
selector:
matchLabels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
strategy:
rollingUpdate:
maxUnavailable: 1
type: RollingUpdate
template:
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
spec:
containers:
- args:
- /nginx-ingress-controller
- --publish-service=$(POD_NAMESPACE)/dss-ingress-controller
- --election-id=dss-ingress-nginx-leader
- --controller-class=k8s.io/dss-ingress-controller
- --ingress-class=dss-nginx
- --configmap=$(POD_NAMESPACE)/dss-ingress-controller
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: LD_PRELOAD
value: /usr/local/lib/libmimalloc.so
image: brightixscr.scr.private.kr-west1.s.samsungsdscloud.com/brightics-df/nginx-ingress-controller:v1.12.3
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
exec:
command:
- /wait-shutdown
livenessProbe:
failureThreshold: 5
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
name: controller
ports:
- containerPort: 80
name: http
protocol: TCP
- containerPort: 443
name: https
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
resources:
requests:
cpu: 100m
memory: 90Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
add:
- NET_BIND_SERVICE
drop:
- ALL
readOnlyRootFilesystem: false
runAsGroup: 82
runAsNonRoot: true
runAsUser: 101
seccompProfile:
type: RuntimeDefault
dnsPolicy: ClusterFirst
nodeSelector:
kubernetes.io/os: linux
serviceAccountName: dss-ingress
terminationGracePeriodSeconds: 300
---
apiVersion: networking.k8s.io/v1
kind: IngressClass
metadata:
annotations:
ingressclass.kubernetes.io/is-default-class: "true"
labels:
app: ingress-controller
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-nginx
spec:
controller: k8s.io/dss-ingress-controller
IngressController For Samsung (KR-EAST1)
apiVersion: v1
kind: Namespace
metadata:
labels:
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
name: dss-ingress
---
apiVersion: v1
automountServiceAccountToken: true
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress
namespace: dss-ingress
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress
namespace: dss-ingress
rules:
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- apiGroups:
- ""
resources:
- configmaps
- pods
- secrets
- endpoints
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- services
verbs:
- get
- list
- watch
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- networking.k8s.io
resources:
- ingresses/status
verbs:
- update
- apiGroups:
- networking.k8s.io
resources:
- ingressclasses
verbs:
- get
- list
- watch
- apiGroups:
- coordination.k8s.io
resourceNames:
- dss-ingress-nginx-leader
resources:
- leases
verbs:
- get
- update
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- create
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- discovery.k8s.io
resources:
- endpointslices
verbs:
- list
- watch
- get
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress
rules:
- apiGroups:
-
resources:
- configmaps
- endpoints
- nodes
- pods
- secrets
- namespaces
verbs:
- list
- watch
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- list
- watch
- apiGroups:
-
resources:
- nodes
verbs:
- get
- apiGroups:
-
resources:
- services
verbs:
- get
- list
- watch
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
-
resources:
- events
verbs:
- create
- patch
- apiGroups:
- networking.k8s.io
resources:
- ingresses/status
verbs:
- update
- apiGroups:
- networking.k8s.io
resources:
- ingressclasses
verbs:
- get
- list
- watch
- apiGroups:
- discovery.k8s.io
resources:
- endpointslices
verbs:
- list
- watch
- get
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress
namespace: dss-ingress
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: dss-ingress
subjects:
- kind: ServiceAccount
name: dss-ingress
namespace: dss-ingress
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: dss-ingress
subjects:
- kind: ServiceAccount
name: dss-ingress
namespace: dss-ingress
---
apiVersion: v1
data:
allow-snippet-annotations: "true"
annotations-risk-level: Critical
kind: ConfigMap
metadata:
labels:
app: ingress-controller
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress-controller
namespace: dss-ingress
---
apiVersion: v1
kind: Service
metadata:
labels:
app: ingress-controller
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress-controller
namespace: dss-ingress
spec:
externalTrafficPolicy: Cluster
ipFamilies:
- IPv4
ipFamilyPolicy: SingleStack
ports:
- appProtocol: http
name: http
nodePort: 30708
port: 80
protocol: TCP
targetPort: http
- appProtocol: https
name: https
nodePort: 31416
port: 443
protocol: TCP
targetPort: https
selector:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
type: NodePort
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: ingress-controller
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress-controller
namespace: dss-ingress
spec:
minReadySeconds: 0
revisionHistoryLimit: 10
selector:
matchLabels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
strategy:
rollingUpdate:
maxUnavailable: 1
type: RollingUpdate
template:
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
spec:
containers:
- args:
- /nginx-ingress-controller
- --publish-service=$(POD_NAMESPACE)/dss-ingress-controller
- --election-id=dss-ingress-nginx-leader
- --controller-class=k8s.io/dss-ingress-controller
- --ingress-class=dss-nginx
- --configmap=$(POD_NAMESPACE)/dss-ingress-controller
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: LD_PRELOAD
value: /usr/local/lib/libmimalloc.so
image: brightixscr.scr.private.kr-east1.s.samsungsdscloud.com/brightics-df/nginx-ingress-controller:v1.12.3
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
exec:
command:
- /wait-shutdown
livenessProbe:
failureThreshold: 5
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
name: controller
ports:
- containerPort: 80
name: http
protocol: TCP
- containerPort: 443
name: https
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
resources:
requests:
cpu: 100m
memory: 90Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
add:
- NET_BIND_SERVICE
drop:
- ALL
readOnlyRootFilesystem: false
runAsGroup: 82
runAsNonRoot: true
runAsUser: 101
seccompProfile:
type: RuntimeDefault
dnsPolicy: ClusterFirst
nodeSelector:
kubernetes.io/os: linux
serviceAccountName: dss-ingress
terminationGracePeriodSeconds: 300
---
apiVersion: networking.k8s.io/v1
kind: IngressClass
metadata:
annotations:
ingressclass.kubernetes.io/is-default-class: "true"
labels:
app: ingress-controller
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-nginx
spec:
controller: k8s.io/dss-ingress-controller
apiVersion: v1
kind: Namespace
metadata:
labels:
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
name: dss-ingress
---
apiVersion: v1
automountServiceAccountToken: true
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress
namespace: dss-ingress
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress
namespace: dss-ingress
rules:
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- apiGroups:
- ""
resources:
- configmaps
- pods
- secrets
- endpoints
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- services
verbs:
- get
- list
- watch
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- networking.k8s.io
resources:
- ingresses/status
verbs:
- update
- apiGroups:
- networking.k8s.io
resources:
- ingressclasses
verbs:
- get
- list
- watch
- apiGroups:
- coordination.k8s.io
resourceNames:
- dss-ingress-nginx-leader
resources:
- leases
verbs:
- get
- update
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- create
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- discovery.k8s.io
resources:
- endpointslices
verbs:
- list
- watch
- get
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress
rules:
- apiGroups:
-
resources:
- configmaps
- endpoints
- nodes
- pods
- secrets
- namespaces
verbs:
- list
- watch
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- list
- watch
- apiGroups:
-
resources:
- nodes
verbs:
- get
- apiGroups:
-
resources:
- services
verbs:
- get
- list
- watch
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
-
resources:
- events
verbs:
- create
- patch
- apiGroups:
- networking.k8s.io
resources:
- ingresses/status
verbs:
- update
- apiGroups:
- networking.k8s.io
resources:
- ingressclasses
verbs:
- get
- list
- watch
- apiGroups:
- discovery.k8s.io
resources:
- endpointslices
verbs:
- list
- watch
- get
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress
namespace: dss-ingress
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: dss-ingress
subjects:
- kind: ServiceAccount
name: dss-ingress
namespace: dss-ingress
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: dss-ingress
subjects:
- kind: ServiceAccount
name: dss-ingress
namespace: dss-ingress
---
apiVersion: v1
data:
allow-snippet-annotations: "true"
annotations-risk-level: Critical
kind: ConfigMap
metadata:
labels:
app: ingress-controller
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress-controller
namespace: dss-ingress
---
apiVersion: v1
kind: Service
metadata:
labels:
app: ingress-controller
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress-controller
namespace: dss-ingress
spec:
externalTrafficPolicy: Cluster
ipFamilies:
- IPv4
ipFamilyPolicy: SingleStack
ports:
- appProtocol: http
name: http
nodePort: 30708
port: 80
protocol: TCP
targetPort: http
- appProtocol: https
name: https
nodePort: 31416
port: 443
protocol: TCP
targetPort: https
selector:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
type: NodePort
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: ingress-controller
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress-controller
namespace: dss-ingress
spec:
minReadySeconds: 0
revisionHistoryLimit: 10
selector:
matchLabels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
strategy:
rollingUpdate:
maxUnavailable: 1
type: RollingUpdate
template:
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
spec:
containers:
- args:
- /nginx-ingress-controller
- --publish-service=$(POD_NAMESPACE)/dss-ingress-controller
- --election-id=dss-ingress-nginx-leader
- --controller-class=k8s.io/dss-ingress-controller
- --ingress-class=dss-nginx
- --configmap=$(POD_NAMESPACE)/dss-ingress-controller
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: LD_PRELOAD
value: /usr/local/lib/libmimalloc.so
image: brightixscr.scr.private.kr-east1.s.samsungsdscloud.com/brightics-df/nginx-ingress-controller:v1.12.3
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
exec:
command:
- /wait-shutdown
livenessProbe:
failureThreshold: 5
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
name: controller
ports:
- containerPort: 80
name: http
protocol: TCP
- containerPort: 443
name: https
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
resources:
requests:
cpu: 100m
memory: 90Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
add:
- NET_BIND_SERVICE
drop:
- ALL
readOnlyRootFilesystem: false
runAsGroup: 82
runAsNonRoot: true
runAsUser: 101
seccompProfile:
type: RuntimeDefault
dnsPolicy: ClusterFirst
nodeSelector:
kubernetes.io/os: linux
serviceAccountName: dss-ingress
terminationGracePeriodSeconds: 300
---
apiVersion: networking.k8s.io/v1
kind: IngressClass
metadata:
annotations:
ingressclass.kubernetes.io/is-default-class: "true"
labels:
app: ingress-controller
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-nginx
spec:
controller: k8s.io/dss-ingress-controller