apiVersion: apps/v1 kind: DaemonSet metadata: name: nginx-ingress-controller namespace: ingress spec: updateStrategy: type: RollingUpdate rollingUpdate: maxUnavailable: 1 selector: matchLabels: name: nginx-ingress-controller phase: prod template: metadata: labels: name: nginx-ingress-controller phase: prod annotations: seccomp.security.alpha.kubernetes.io/pod: 'docker/default' spec: containers: - name: nginx-ingress-controller image: k8s.gcr.io/ingress-nginx/controller:v0.35.0 args: - /nginx-ingress-controller - --ingress-class=public # use downward API env: - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace ports: - name: http containerPort: 80 hostPort: 80 - name: https containerPort: 443 hostPort: 443 - name: health containerPort: 10254 hostPort: 10254 livenessProbe: httpGet: path: /healthz port: 10254 scheme: HTTP initialDelaySeconds: 10 periodSeconds: 10 successThreshold: 1 failureThreshold: 3 timeoutSeconds: 5 readinessProbe: httpGet: path: /healthz port: 10254 scheme: HTTP periodSeconds: 10 successThreshold: 1 failureThreshold: 3 timeoutSeconds: 5 lifecycle: preStop: exec: command: - /wait-shutdown securityContext: capabilities: add: - NET_BIND_SERVICE drop: - ALL runAsUser: 101 # www-data restartPolicy: Always terminationGracePeriodSeconds: 300