Ingress Controller 설치하기
사용자는 Data Flow 서비스를 생성하기 전에 Ingress Controller를 설치해야 합니다. Kubernetes 클러스터에는 1개의 Ingress Controller만 설치해야 합니다.
Container Registry를 이용하여 Ingress Controller 설치하기
Container Registry를 이용하여 Ingress Controller를 설치하려면 다음 절차를 따르세요.
자세한 Container Registry 생성 방법은 Container > Container Registry > How-to guides 가이드를 참고하세요.
- 서비스 도메인을 확인한 후, 해당하는 Ingress Controller 이미지 파일을 다운로드하세요.표. 도메인에 따른 Yaml 파일
- 모든 서비스 > Container > Kubernetes Engine > 워크로드 > 파드 메뉴를 클릭하세요. 파드 목록 페이지로 이동합니다.
- 오브젝트 생성 버튼을 클릭하세요. 오브젝트 생성 팝업창이 열립니다.
- Data Flow를 설치할 클러스터를 선택한 후, Yaml 파일의 내용을 복사하여 붙여넣으세요.
- 확인 버튼을 클릭하면 설치가 완료됩니다. 설치된 Ingress Controller는 목록에서 확인할 수 있습니다.
참고
자세한 오브젝트 생성 방법은 Container > Kubernetes Engine > 디플로이먼트 생성하기 를 참고하세요.
IngressController For Enterprise (KR-WEST1)
배경색 변경
apiVersion: v1
kind: Namespace
metadata:
labels:
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
name: dss-ingress
---
apiVersion: v1
automountServiceAccountToken: true
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress
namespace: dss-ingress
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress
namespace: dss-ingress
rules:
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- apiGroups:
- ""
resources:
- configmaps
- pods
- secrets
- endpoints
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- services
verbs:
- get
- list
- watch
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- networking.k8s.io
resources:
- ingresses/status
verbs:
- update
- apiGroups:
- networking.k8s.io
resources:
- ingressclasses
verbs:
- get
- list
- watch
- apiGroups:
- coordination.k8s.io
resourceNames:
- dss-ingress-nginx-leader
resources:
- leases
verbs:
- get
- update
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- create
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- discovery.k8s.io
resources:
- endpointslices
verbs:
- list
- watch
- get
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress
rules:
- apiGroups:
- ""
resources:
- configmaps
- endpoints
- nodes
- pods
- secrets
- namespaces
verbs:
- list
- watch
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- apiGroups:
- ""
resources:
- services
verbs:
- get
- list
- watch
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- networking.k8s.io
resources:
- ingresses/status
verbs:
- update
- apiGroups:
- networking.k8s.io
resources:
- ingressclasses
verbs:
- get
- list
- watch
- apiGroups:
- discovery.k8s.io
resources:
- endpointslices
verbs:
- list
- watch
- get
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress
namespace: dss-ingress
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: dss-ingress
subjects:
- kind: ServiceAccount
name: dss-ingress
namespace: dss-ingress
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: dss-ingress
subjects:
- kind: ServiceAccount
name: dss-ingress
namespace: dss-ingress
---
apiVersion: v1
data:
allow-snippet-annotations: "true"
annotations-risk-level: Critical
kind: ConfigMap
metadata:
labels:
app: ingress-controller
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress-controller
namespace: dss-ingress
---
apiVersion: v1
kind: Service
metadata:
labels:
app: ingress-controller
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress-controller
namespace: dss-ingress
spec:
externalTrafficPolicy: Cluster
ipFamilies:
- IPv4
ipFamilyPolicy: SingleStack
ports:
- appProtocol: http
name: http
nodePort: 30708
port: 80
protocol: TCP
targetPort: http
- appProtocol: https
name: https
nodePort: 31416
port: 443
protocol: TCP
targetPort: https
selector:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
type: NodePort
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: ingress-controller
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress-controller
namespace: dss-ingress
spec:
minReadySeconds: 0
revisionHistoryLimit: 10
selector:
matchLabels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
strategy:
rollingUpdate:
maxUnavailable: 1
type: RollingUpdate
template:
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
spec:
containers:
- args:
- /nginx-ingress-controller
- --publish-service=$(POD_NAMESPACE)/dss-ingress-controller
- --election-id=dss-ingress-nginx-leader
- --controller-class=k8s.io/dss-ingress-controller
- --ingress-class=dss-nginx
- --configmap=$(POD_NAMESPACE)/dss-ingress-controller
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: LD_PRELOAD
value: /usr/local/lib/libmimalloc.so
image: brightixscr.scr.private.kr-west1.e.samsungsdscloud.com/brightics-df/nginx-ingress-controller:v1.12.3
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
exec:
command:
- /wait-shutdown
livenessProbe:
failureThreshold: 5
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
name: controller
ports:
- containerPort: 80
name: http
protocol: TCP
- containerPort: 443
name: https
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
resources:
requests:
cpu: 100m
memory: 90Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
add:
- NET_BIND_SERVICE
drop:
- ALL
readOnlyRootFilesystem: false
runAsGroup: 82
runAsNonRoot: true
runAsUser: 101
seccompProfile:
type: RuntimeDefault
dnsPolicy: ClusterFirst
nodeSelector:
kubernetes.io/os: linux
serviceAccountName: dss-ingress
terminationGracePeriodSeconds: 300
---
apiVersion: networking.k8s.io/v1
kind: IngressClass
metadata:
annotations:
ingressclass.kubernetes.io/is-default-class: "true"
labels:
app: ingress-controller
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-nginx
spec:
controller: k8s.io/dss-ingress-controllerapiVersion: v1
kind: Namespace
metadata:
labels:
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
name: dss-ingress
---
apiVersion: v1
automountServiceAccountToken: true
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress
namespace: dss-ingress
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress
namespace: dss-ingress
rules:
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- apiGroups:
- ""
resources:
- configmaps
- pods
- secrets
- endpoints
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- services
verbs:
- get
- list
- watch
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- networking.k8s.io
resources:
- ingresses/status
verbs:
- update
- apiGroups:
- networking.k8s.io
resources:
- ingressclasses
verbs:
- get
- list
- watch
- apiGroups:
- coordination.k8s.io
resourceNames:
- dss-ingress-nginx-leader
resources:
- leases
verbs:
- get
- update
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- create
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- discovery.k8s.io
resources:
- endpointslices
verbs:
- list
- watch
- get
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress
rules:
- apiGroups:
- ""
resources:
- configmaps
- endpoints
- nodes
- pods
- secrets
- namespaces
verbs:
- list
- watch
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- apiGroups:
- ""
resources:
- services
verbs:
- get
- list
- watch
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- networking.k8s.io
resources:
- ingresses/status
verbs:
- update
- apiGroups:
- networking.k8s.io
resources:
- ingressclasses
verbs:
- get
- list
- watch
- apiGroups:
- discovery.k8s.io
resources:
- endpointslices
verbs:
- list
- watch
- get
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress
namespace: dss-ingress
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: dss-ingress
subjects:
- kind: ServiceAccount
name: dss-ingress
namespace: dss-ingress
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: dss-ingress
subjects:
- kind: ServiceAccount
name: dss-ingress
namespace: dss-ingress
---
apiVersion: v1
data:
allow-snippet-annotations: "true"
annotations-risk-level: Critical
kind: ConfigMap
metadata:
labels:
app: ingress-controller
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress-controller
namespace: dss-ingress
---
apiVersion: v1
kind: Service
metadata:
labels:
app: ingress-controller
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress-controller
namespace: dss-ingress
spec:
externalTrafficPolicy: Cluster
ipFamilies:
- IPv4
ipFamilyPolicy: SingleStack
ports:
- appProtocol: http
name: http
nodePort: 30708
port: 80
protocol: TCP
targetPort: http
- appProtocol: https
name: https
nodePort: 31416
port: 443
protocol: TCP
targetPort: https
selector:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
type: NodePort
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: ingress-controller
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress-controller
namespace: dss-ingress
spec:
minReadySeconds: 0
revisionHistoryLimit: 10
selector:
matchLabels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
strategy:
rollingUpdate:
maxUnavailable: 1
type: RollingUpdate
template:
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
spec:
containers:
- args:
- /nginx-ingress-controller
- --publish-service=$(POD_NAMESPACE)/dss-ingress-controller
- --election-id=dss-ingress-nginx-leader
- --controller-class=k8s.io/dss-ingress-controller
- --ingress-class=dss-nginx
- --configmap=$(POD_NAMESPACE)/dss-ingress-controller
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: LD_PRELOAD
value: /usr/local/lib/libmimalloc.so
image: brightixscr.scr.private.kr-west1.e.samsungsdscloud.com/brightics-df/nginx-ingress-controller:v1.12.3
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
exec:
command:
- /wait-shutdown
livenessProbe:
failureThreshold: 5
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
name: controller
ports:
- containerPort: 80
name: http
protocol: TCP
- containerPort: 443
name: https
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
resources:
requests:
cpu: 100m
memory: 90Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
add:
- NET_BIND_SERVICE
drop:
- ALL
readOnlyRootFilesystem: false
runAsGroup: 82
runAsNonRoot: true
runAsUser: 101
seccompProfile:
type: RuntimeDefault
dnsPolicy: ClusterFirst
nodeSelector:
kubernetes.io/os: linux
serviceAccountName: dss-ingress
terminationGracePeriodSeconds: 300
---
apiVersion: networking.k8s.io/v1
kind: IngressClass
metadata:
annotations:
ingressclass.kubernetes.io/is-default-class: "true"
labels:
app: ingress-controller
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-nginx
spec:
controller: k8s.io/dss-ingress-controllerIngressController For Enterprise (KR-EAST1)
배경색 변경
apiVersion: v1
kind: Namespace
metadata:
labels:
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
name: dss-ingress
---
apiVersion: v1
automountServiceAccountToken: true
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress
namespace: dss-ingress
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress
namespace: dss-ingress
rules:
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- apiGroups:
- ""
resources:
- configmaps
- pods
- secrets
- endpoints
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- services
verbs:
- get
- list
- watch
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- networking.k8s.io
resources:
- ingresses/status
verbs:
- update
- apiGroups:
- networking.k8s.io
resources:
- ingressclasses
verbs:
- get
- list
- watch
- apiGroups:
- coordination.k8s.io
resourceNames:
- dss-ingress-nginx-leader
resources:
- leases
verbs:
- get
- update
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- create
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- discovery.k8s.io
resources:
- endpointslices
verbs:
- list
- watch
- get
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress
rules:
- apiGroups:
- ""
resources:
- configmaps
- endpoints
- nodes
- pods
- secrets
- namespaces
verbs:
- list
- watch
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- apiGroups:
- ""
resources:
- services
verbs:
- get
- list
- watch
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- networking.k8s.io
resources:
- ingresses/status
verbs:
- update
- apiGroups:
- networking.k8s.io
resources:
- ingressclasses
verbs:
- get
- list
- watch
- apiGroups:
- discovery.k8s.io
resources:
- endpointslices
verbs:
- list
- watch
- get
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress
namespace: dss-ingress
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: dss-ingress
subjects:
- kind: ServiceAccount
name: dss-ingress
namespace: dss-ingress
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: dss-ingress
subjects:
- kind: ServiceAccount
name: dss-ingress
namespace: dss-ingress
---
apiVersion: v1
data:
allow-snippet-annotations: "true"
annotations-risk-level: Critical
kind: ConfigMap
metadata:
labels:
app: ingress-controller
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress-controller
namespace: dss-ingress
---
apiVersion: v1
kind: Service
metadata:
labels:
app: ingress-controller
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress-controller
namespace: dss-ingress
spec:
externalTrafficPolicy: Cluster
ipFamilies:
- IPv4
ipFamilyPolicy: SingleStack
ports:
- appProtocol: http
name: http
nodePort: 30708
port: 80
protocol: TCP
targetPort: http
- appProtocol: https
name: https
nodePort: 31416
port: 443
protocol: TCP
targetPort: https
selector:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
type: NodePort
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: ingress-controller
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress-controller
namespace: dss-ingress
spec:
minReadySeconds: 0
revisionHistoryLimit: 10
selector:
matchLabels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
strategy:
rollingUpdate:
maxUnavailable: 1
type: RollingUpdate
template:
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
spec:
containers:
- args:
- /nginx-ingress-controller
- --publish-service=$(POD_NAMESPACE)/dss-ingress-controller
- --election-id=dss-ingress-nginx-leader
- --controller-class=k8s.io/dss-ingress-controller
- --ingress-class=dss-nginx
- --configmap=$(POD_NAMESPACE)/dss-ingress-controller
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: LD_PRELOAD
value: /usr/local/lib/libmimalloc.so
image: brightixscr.scr.private.kr-east1.e.samsungsdscloud.com/brightics-df/nginx-ingress-controller:v1.12.3
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
exec:
command:
- /wait-shutdown
livenessProbe:
failureThreshold: 5
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
name: controller
ports:
- containerPort: 80
name: http
protocol: TCP
- containerPort: 443
name: https
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
resources:
requests:
cpu: 100m
memory: 90Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
add:
- NET_BIND_SERVICE
drop:
- ALL
readOnlyRootFilesystem: false
runAsGroup: 82
runAsNonRoot: true
runAsUser: 101
seccompProfile:
type: RuntimeDefault
dnsPolicy: ClusterFirst
nodeSelector:
kubernetes.io/os: linux
serviceAccountName: dss-ingress
terminationGracePeriodSeconds: 300
---
apiVersion: networking.k8s.io/v1
kind: IngressClass
metadata:
annotations:
ingressclass.kubernetes.io/is-default-class: "true"
labels:
app: ingress-controller
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-nginx
spec:
controller: k8s.io/dss-ingress-controllerapiVersion: v1
kind: Namespace
metadata:
labels:
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
name: dss-ingress
---
apiVersion: v1
automountServiceAccountToken: true
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress
namespace: dss-ingress
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress
namespace: dss-ingress
rules:
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- apiGroups:
- ""
resources:
- configmaps
- pods
- secrets
- endpoints
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- services
verbs:
- get
- list
- watch
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- networking.k8s.io
resources:
- ingresses/status
verbs:
- update
- apiGroups:
- networking.k8s.io
resources:
- ingressclasses
verbs:
- get
- list
- watch
- apiGroups:
- coordination.k8s.io
resourceNames:
- dss-ingress-nginx-leader
resources:
- leases
verbs:
- get
- update
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- create
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- discovery.k8s.io
resources:
- endpointslices
verbs:
- list
- watch
- get
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress
rules:
- apiGroups:
- ""
resources:
- configmaps
- endpoints
- nodes
- pods
- secrets
- namespaces
verbs:
- list
- watch
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- apiGroups:
- ""
resources:
- services
verbs:
- get
- list
- watch
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- networking.k8s.io
resources:
- ingresses/status
verbs:
- update
- apiGroups:
- networking.k8s.io
resources:
- ingressclasses
verbs:
- get
- list
- watch
- apiGroups:
- discovery.k8s.io
resources:
- endpointslices
verbs:
- list
- watch
- get
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress
namespace: dss-ingress
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: dss-ingress
subjects:
- kind: ServiceAccount
name: dss-ingress
namespace: dss-ingress
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: dss-ingress
subjects:
- kind: ServiceAccount
name: dss-ingress
namespace: dss-ingress
---
apiVersion: v1
data:
allow-snippet-annotations: "true"
annotations-risk-level: Critical
kind: ConfigMap
metadata:
labels:
app: ingress-controller
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress-controller
namespace: dss-ingress
---
apiVersion: v1
kind: Service
metadata:
labels:
app: ingress-controller
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress-controller
namespace: dss-ingress
spec:
externalTrafficPolicy: Cluster
ipFamilies:
- IPv4
ipFamilyPolicy: SingleStack
ports:
- appProtocol: http
name: http
nodePort: 30708
port: 80
protocol: TCP
targetPort: http
- appProtocol: https
name: https
nodePort: 31416
port: 443
protocol: TCP
targetPort: https
selector:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
type: NodePort
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: ingress-controller
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress-controller
namespace: dss-ingress
spec:
minReadySeconds: 0
revisionHistoryLimit: 10
selector:
matchLabels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
strategy:
rollingUpdate:
maxUnavailable: 1
type: RollingUpdate
template:
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
spec:
containers:
- args:
- /nginx-ingress-controller
- --publish-service=$(POD_NAMESPACE)/dss-ingress-controller
- --election-id=dss-ingress-nginx-leader
- --controller-class=k8s.io/dss-ingress-controller
- --ingress-class=dss-nginx
- --configmap=$(POD_NAMESPACE)/dss-ingress-controller
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: LD_PRELOAD
value: /usr/local/lib/libmimalloc.so
image: brightixscr.scr.private.kr-east1.e.samsungsdscloud.com/brightics-df/nginx-ingress-controller:v1.12.3
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
exec:
command:
- /wait-shutdown
livenessProbe:
failureThreshold: 5
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
name: controller
ports:
- containerPort: 80
name: http
protocol: TCP
- containerPort: 443
name: https
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
resources:
requests:
cpu: 100m
memory: 90Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
add:
- NET_BIND_SERVICE
drop:
- ALL
readOnlyRootFilesystem: false
runAsGroup: 82
runAsNonRoot: true
runAsUser: 101
seccompProfile:
type: RuntimeDefault
dnsPolicy: ClusterFirst
nodeSelector:
kubernetes.io/os: linux
serviceAccountName: dss-ingress
terminationGracePeriodSeconds: 300
---
apiVersion: networking.k8s.io/v1
kind: IngressClass
metadata:
annotations:
ingressclass.kubernetes.io/is-default-class: "true"
labels:
app: ingress-controller
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-nginx
spec:
controller: k8s.io/dss-ingress-controllerIngressController For Samsung (KR-WESTT1)
배경색 변경
apiVersion: v1
kind: Namespace
metadata:
labels:
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
name: dss-ingress
---
apiVersion: v1
automountServiceAccountToken: true
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress
namespace: dss-ingress
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress
namespace: dss-ingress
rules:
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- apiGroups:
- ""
resources:
- configmaps
- pods
- secrets
- endpoints
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- services
verbs:
- get
- list
- watch
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- networking.k8s.io
resources:
- ingresses/status
verbs:
- update
- apiGroups:
- networking.k8s.io
resources:
- ingressclasses
verbs:
- get
- list
- watch
- apiGroups:
- coordination.k8s.io
resourceNames:
- dss-ingress-nginx-leader
resources:
- leases
verbs:
- get
- update
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- create
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- discovery.k8s.io
resources:
- endpointslices
verbs:
- list
- watch
- get
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress
rules:
- apiGroups:
- ""
resources:
- configmaps
- endpoints
- nodes
- pods
- secrets
- namespaces
verbs:
- list
- watch
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- apiGroups:
- ""
resources:
- services
verbs:
- get
- list
- watch
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- networking.k8s.io
resources:
- ingresses/status
verbs:
- update
- apiGroups:
- networking.k8s.io
resources:
- ingressclasses
verbs:
- get
- list
- watch
- apiGroups:
- discovery.k8s.io
resources:
- endpointslices
verbs:
- list
- watch
- get
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress
namespace: dss-ingress
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: dss-ingress
subjects:
- kind: ServiceAccount
name: dss-ingress
namespace: dss-ingress
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: dss-ingress
subjects:
- kind: ServiceAccount
name: dss-ingress
namespace: dss-ingress
---
apiVersion: v1
data:
allow-snippet-annotations: "true"
annotations-risk-level: Critical
kind: ConfigMap
metadata:
labels:
app: ingress-controller
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress-controller
namespace: dss-ingress
---
apiVersion: v1
kind: Service
metadata:
labels:
app: ingress-controller
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress-controller
namespace: dss-ingress
spec:
externalTrafficPolicy: Cluster
ipFamilies:
- IPv4
ipFamilyPolicy: SingleStack
ports:
- appProtocol: http
name: http
nodePort: 30708
port: 80
protocol: TCP
targetPort: http
- appProtocol: https
name: https
nodePort: 31416
port: 443
protocol: TCP
targetPort: https
selector:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
type: NodePort
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: ingress-controller
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress-controller
namespace: dss-ingress
spec:
minReadySeconds: 0
revisionHistoryLimit: 10
selector:
matchLabels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
strategy:
rollingUpdate:
maxUnavailable: 1
type: RollingUpdate
template:
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
spec:
containers:
- args:
- /nginx-ingress-controller
- --publish-service=$(POD_NAMESPACE)/dss-ingress-controller
- --election-id=dss-ingress-nginx-leader
- --controller-class=k8s.io/dss-ingress-controller
- --ingress-class=dss-nginx
- --configmap=$(POD_NAMESPACE)/dss-ingress-controller
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: LD_PRELOAD
value: /usr/local/lib/libmimalloc.so
image: brightixscr.scr.private.kr-west1.s.samsungsdscloud.com/brightics-df/nginx-ingress-controller:v1.12.3
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
exec:
command:
- /wait-shutdown
livenessProbe:
failureThreshold: 5
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
name: controller
ports:
- containerPort: 80
name: http
protocol: TCP
- containerPort: 443
name: https
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
resources:
requests:
cpu: 100m
memory: 90Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
add:
- NET_BIND_SERVICE
drop:
- ALL
readOnlyRootFilesystem: false
runAsGroup: 82
runAsNonRoot: true
runAsUser: 101
seccompProfile:
type: RuntimeDefault
dnsPolicy: ClusterFirst
nodeSelector:
kubernetes.io/os: linux
serviceAccountName: dss-ingress
terminationGracePeriodSeconds: 300
---
apiVersion: networking.k8s.io/v1
kind: IngressClass
metadata:
annotations:
ingressclass.kubernetes.io/is-default-class: "true"
labels:
app: ingress-controller
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-nginx
spec:
controller: k8s.io/dss-ingress-controllerapiVersion: v1
kind: Namespace
metadata:
labels:
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
name: dss-ingress
---
apiVersion: v1
automountServiceAccountToken: true
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress
namespace: dss-ingress
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress
namespace: dss-ingress
rules:
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- apiGroups:
- ""
resources:
- configmaps
- pods
- secrets
- endpoints
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- services
verbs:
- get
- list
- watch
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- networking.k8s.io
resources:
- ingresses/status
verbs:
- update
- apiGroups:
- networking.k8s.io
resources:
- ingressclasses
verbs:
- get
- list
- watch
- apiGroups:
- coordination.k8s.io
resourceNames:
- dss-ingress-nginx-leader
resources:
- leases
verbs:
- get
- update
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- create
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- discovery.k8s.io
resources:
- endpointslices
verbs:
- list
- watch
- get
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress
rules:
- apiGroups:
- ""
resources:
- configmaps
- endpoints
- nodes
- pods
- secrets
- namespaces
verbs:
- list
- watch
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- apiGroups:
- ""
resources:
- services
verbs:
- get
- list
- watch
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- networking.k8s.io
resources:
- ingresses/status
verbs:
- update
- apiGroups:
- networking.k8s.io
resources:
- ingressclasses
verbs:
- get
- list
- watch
- apiGroups:
- discovery.k8s.io
resources:
- endpointslices
verbs:
- list
- watch
- get
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress
namespace: dss-ingress
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: dss-ingress
subjects:
- kind: ServiceAccount
name: dss-ingress
namespace: dss-ingress
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: dss-ingress
subjects:
- kind: ServiceAccount
name: dss-ingress
namespace: dss-ingress
---
apiVersion: v1
data:
allow-snippet-annotations: "true"
annotations-risk-level: Critical
kind: ConfigMap
metadata:
labels:
app: ingress-controller
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress-controller
namespace: dss-ingress
---
apiVersion: v1
kind: Service
metadata:
labels:
app: ingress-controller
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress-controller
namespace: dss-ingress
spec:
externalTrafficPolicy: Cluster
ipFamilies:
- IPv4
ipFamilyPolicy: SingleStack
ports:
- appProtocol: http
name: http
nodePort: 30708
port: 80
protocol: TCP
targetPort: http
- appProtocol: https
name: https
nodePort: 31416
port: 443
protocol: TCP
targetPort: https
selector:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
type: NodePort
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: ingress-controller
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress-controller
namespace: dss-ingress
spec:
minReadySeconds: 0
revisionHistoryLimit: 10
selector:
matchLabels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
strategy:
rollingUpdate:
maxUnavailable: 1
type: RollingUpdate
template:
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
spec:
containers:
- args:
- /nginx-ingress-controller
- --publish-service=$(POD_NAMESPACE)/dss-ingress-controller
- --election-id=dss-ingress-nginx-leader
- --controller-class=k8s.io/dss-ingress-controller
- --ingress-class=dss-nginx
- --configmap=$(POD_NAMESPACE)/dss-ingress-controller
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: LD_PRELOAD
value: /usr/local/lib/libmimalloc.so
image: brightixscr.scr.private.kr-west1.s.samsungsdscloud.com/brightics-df/nginx-ingress-controller:v1.12.3
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
exec:
command:
- /wait-shutdown
livenessProbe:
failureThreshold: 5
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
name: controller
ports:
- containerPort: 80
name: http
protocol: TCP
- containerPort: 443
name: https
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
resources:
requests:
cpu: 100m
memory: 90Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
add:
- NET_BIND_SERVICE
drop:
- ALL
readOnlyRootFilesystem: false
runAsGroup: 82
runAsNonRoot: true
runAsUser: 101
seccompProfile:
type: RuntimeDefault
dnsPolicy: ClusterFirst
nodeSelector:
kubernetes.io/os: linux
serviceAccountName: dss-ingress
terminationGracePeriodSeconds: 300
---
apiVersion: networking.k8s.io/v1
kind: IngressClass
metadata:
annotations:
ingressclass.kubernetes.io/is-default-class: "true"
labels:
app: ingress-controller
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-nginx
spec:
controller: k8s.io/dss-ingress-controllerIngressController For Samsung (KR-EAST1)
배경색 변경
apiVersion: v1
kind: Namespace
metadata:
labels:
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
name: dss-ingress
---
apiVersion: v1
automountServiceAccountToken: true
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress
namespace: dss-ingress
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress
namespace: dss-ingress
rules:
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- apiGroups:
- ""
resources:
- configmaps
- pods
- secrets
- endpoints
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- services
verbs:
- get
- list
- watch
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- networking.k8s.io
resources:
- ingresses/status
verbs:
- update
- apiGroups:
- networking.k8s.io
resources:
- ingressclasses
verbs:
- get
- list
- watch
- apiGroups:
- coordination.k8s.io
resourceNames:
- dss-ingress-nginx-leader
resources:
- leases
verbs:
- get
- update
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- create
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- discovery.k8s.io
resources:
- endpointslices
verbs:
- list
- watch
- get
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress
rules:
- apiGroups:
- ""
resources:
- configmaps
- endpoints
- nodes
- pods
- secrets
- namespaces
verbs:
- list
- watch
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- apiGroups:
- ""
resources:
- services
verbs:
- get
- list
- watch
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- networking.k8s.io
resources:
- ingresses/status
verbs:
- update
- apiGroups:
- networking.k8s.io
resources:
- ingressclasses
verbs:
- get
- list
- watch
- apiGroups:
- discovery.k8s.io
resources:
- endpointslices
verbs:
- list
- watch
- get
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress
namespace: dss-ingress
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: dss-ingress
subjects:
- kind: ServiceAccount
name: dss-ingress
namespace: dss-ingress
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: dss-ingress
subjects:
- kind: ServiceAccount
name: dss-ingress
namespace: dss-ingress
---
apiVersion: v1
data:
allow-snippet-annotations: "true"
annotations-risk-level: Critical
kind: ConfigMap
metadata:
labels:
app: ingress-controller
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress-controller
namespace: dss-ingress
---
apiVersion: v1
kind: Service
metadata:
labels:
app: ingress-controller
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress-controller
namespace: dss-ingress
spec:
externalTrafficPolicy: Cluster
ipFamilies:
- IPv4
ipFamilyPolicy: SingleStack
ports:
- appProtocol: http
name: http
nodePort: 30708
port: 80
protocol: TCP
targetPort: http
- appProtocol: https
name: https
nodePort: 31416
port: 443
protocol: TCP
targetPort: https
selector:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
type: NodePort
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: ingress-controller
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress-controller
namespace: dss-ingress
spec:
minReadySeconds: 0
revisionHistoryLimit: 10
selector:
matchLabels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
strategy:
rollingUpdate:
maxUnavailable: 1
type: RollingUpdate
template:
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
spec:
containers:
- args:
- /nginx-ingress-controller
- --publish-service=$(POD_NAMESPACE)/dss-ingress-controller
- --election-id=dss-ingress-nginx-leader
- --controller-class=k8s.io/dss-ingress-controller
- --ingress-class=dss-nginx
- --configmap=$(POD_NAMESPACE)/dss-ingress-controller
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: LD_PRELOAD
value: /usr/local/lib/libmimalloc.so
image: brightixscr.scr.private.kr-east1.s.samsungsdscloud.com/brightics-df/nginx-ingress-controller:v1.12.3
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
exec:
command:
- /wait-shutdown
livenessProbe:
failureThreshold: 5
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
name: controller
ports:
- containerPort: 80
name: http
protocol: TCP
- containerPort: 443
name: https
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
resources:
requests:
cpu: 100m
memory: 90Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
add:
- NET_BIND_SERVICE
drop:
- ALL
readOnlyRootFilesystem: false
runAsGroup: 82
runAsNonRoot: true
runAsUser: 101
seccompProfile:
type: RuntimeDefault
dnsPolicy: ClusterFirst
nodeSelector:
kubernetes.io/os: linux
serviceAccountName: dss-ingress
terminationGracePeriodSeconds: 300
---
apiVersion: networking.k8s.io/v1
kind: IngressClass
metadata:
annotations:
ingressclass.kubernetes.io/is-default-class: "true"
labels:
app: ingress-controller
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-nginx
spec:
controller: k8s.io/dss-ingress-controllerapiVersion: v1
kind: Namespace
metadata:
labels:
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
name: dss-ingress
---
apiVersion: v1
automountServiceAccountToken: true
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress
namespace: dss-ingress
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress
namespace: dss-ingress
rules:
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- apiGroups:
- ""
resources:
- configmaps
- pods
- secrets
- endpoints
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- services
verbs:
- get
- list
- watch
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- networking.k8s.io
resources:
- ingresses/status
verbs:
- update
- apiGroups:
- networking.k8s.io
resources:
- ingressclasses
verbs:
- get
- list
- watch
- apiGroups:
- coordination.k8s.io
resourceNames:
- dss-ingress-nginx-leader
resources:
- leases
verbs:
- get
- update
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- create
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- discovery.k8s.io
resources:
- endpointslices
verbs:
- list
- watch
- get
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress
rules:
- apiGroups:
- ""
resources:
- configmaps
- endpoints
- nodes
- pods
- secrets
- namespaces
verbs:
- list
- watch
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- apiGroups:
- ""
resources:
- services
verbs:
- get
- list
- watch
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- networking.k8s.io
resources:
- ingresses/status
verbs:
- update
- apiGroups:
- networking.k8s.io
resources:
- ingressclasses
verbs:
- get
- list
- watch
- apiGroups:
- discovery.k8s.io
resources:
- endpointslices
verbs:
- list
- watch
- get
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress
namespace: dss-ingress
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: dss-ingress
subjects:
- kind: ServiceAccount
name: dss-ingress
namespace: dss-ingress
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: dss-ingress
subjects:
- kind: ServiceAccount
name: dss-ingress
namespace: dss-ingress
---
apiVersion: v1
data:
allow-snippet-annotations: "true"
annotations-risk-level: Critical
kind: ConfigMap
metadata:
labels:
app: ingress-controller
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress-controller
namespace: dss-ingress
---
apiVersion: v1
kind: Service
metadata:
labels:
app: ingress-controller
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress-controller
namespace: dss-ingress
spec:
externalTrafficPolicy: Cluster
ipFamilies:
- IPv4
ipFamilyPolicy: SingleStack
ports:
- appProtocol: http
name: http
nodePort: 30708
port: 80
protocol: TCP
targetPort: http
- appProtocol: https
name: https
nodePort: 31416
port: 443
protocol: TCP
targetPort: https
selector:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
type: NodePort
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: ingress-controller
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-ingress-controller
namespace: dss-ingress
spec:
minReadySeconds: 0
revisionHistoryLimit: 10
selector:
matchLabels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
strategy:
rollingUpdate:
maxUnavailable: 1
type: RollingUpdate
template:
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
spec:
containers:
- args:
- /nginx-ingress-controller
- --publish-service=$(POD_NAMESPACE)/dss-ingress-controller
- --election-id=dss-ingress-nginx-leader
- --controller-class=k8s.io/dss-ingress-controller
- --ingress-class=dss-nginx
- --configmap=$(POD_NAMESPACE)/dss-ingress-controller
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: LD_PRELOAD
value: /usr/local/lib/libmimalloc.so
image: brightixscr.scr.private.kr-east1.s.samsungsdscloud.com/brightics-df/nginx-ingress-controller:v1.12.3
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
exec:
command:
- /wait-shutdown
livenessProbe:
failureThreshold: 5
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
name: controller
ports:
- containerPort: 80
name: http
protocol: TCP
- containerPort: 443
name: https
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
resources:
requests:
cpu: 100m
memory: 90Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
add:
- NET_BIND_SERVICE
drop:
- ALL
readOnlyRootFilesystem: false
runAsGroup: 82
runAsNonRoot: true
runAsUser: 101
seccompProfile:
type: RuntimeDefault
dnsPolicy: ClusterFirst
nodeSelector:
kubernetes.io/os: linux
serviceAccountName: dss-ingress
terminationGracePeriodSeconds: 300
---
apiVersion: networking.k8s.io/v1
kind: IngressClass
metadata:
annotations:
ingressclass.kubernetes.io/is-default-class: "true"
labels:
app: ingress-controller
app.kubernetes.io/component: controller
app.kubernetes.io/instance: dss-ingress
app.kubernetes.io/name: dss-ingress
app.kubernetes.io/part-of: dss-ingress
app.kubernetes.io/version: 1.12.3
name: dss-nginx
spec:
controller: k8s.io/dss-ingress-controller