From 33797b562e85b218e46d7e7500c66cb2abef9a0d Mon Sep 17 00:00:00 2001 From: Mike Shoup Date: Sat, 1 Feb 2020 08:31:38 -0700 Subject: [PATCH] Use haproxy-ingress controller --- namespaces/ingress-controller.yml | 4 + workloads/ingress/haproxy-ingress.yml | 186 ++++++++++++++++++++++++++ 2 files changed, 190 insertions(+) create mode 100644 namespaces/ingress-controller.yml create mode 100644 workloads/ingress/haproxy-ingress.yml diff --git a/namespaces/ingress-controller.yml b/namespaces/ingress-controller.yml new file mode 100644 index 0000000..e62cf91 --- /dev/null +++ b/namespaces/ingress-controller.yml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: ingress-controller diff --git a/workloads/ingress/haproxy-ingress.yml b/workloads/ingress/haproxy-ingress.yml new file mode 100644 index 0000000..9176bac --- /dev/null +++ b/workloads/ingress/haproxy-ingress.yml @@ -0,0 +1,186 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: ingress-controller + namespace: ingress-controller +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + name: ingress-controller +rules: + - apiGroups: + - "" + resources: + - configmaps + - endpoints + - nodes + - pods + - secrets + verbs: + - list + - watch + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + - apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch + - apiGroups: + - "extensions" + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - "extensions" + resources: + - ingresses/status + verbs: + - update +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: Role +metadata: + name: ingress-controller + namespace: ingress-controller +rules: + - apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + - namespaces + verbs: + - get + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - update + - apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - apiGroups: + - "" + resources: + - endpoints + verbs: + - get + - create + - update +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: ingress-controller +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: ingress-controller +subjects: + - kind: ServiceAccount + name: ingress-controller + namespace: ingress-controller + - apiGroup: rbac.authorization.k8s.io + kind: User + name: ingress-controller +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: RoleBinding +metadata: + name: ingress-controller + namespace: ingress-controller +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ingress-controller +subjects: + - kind: ServiceAccount + name: ingress-controller + namespace: ingress-controller + - apiGroup: rbac.authorization.k8s.io + kind: User + name: ingress-controller +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: haproxy-ingress + namespace: ingress-controller +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + labels: + run: haproxy-ingress + name: haproxy-ingress + namespace: ingress-controller +spec: + updateStrategy: + type: RollingUpdate + selector: + matchLabels: + run: haproxy-ingress + template: + metadata: + labels: + run: haproxy-ingress + spec: + hostNetwork: true + nodeSelector: + role: ingress-controller + serviceAccountName: ingress-controller + containers: + - name: haproxy-ingress + image: quay.io/jcmoraisjr/haproxy-ingress + imagePullPolicy: IfNotPresent + args: + - --configmap=ingress-controller/haproxy-ingress:v0.8 + ports: + - name: http + containerPort: 80 + - name: https + containerPort: 443 + - name: stat + containerPort: 1936 + - name: ingress-stats + containerPort: 10254 + livenessProbe: + httpGet: + path: /healthz + port: 10253 + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + tolerations: + - operator: Exists