apiVersion: apps/v1 kind: DaemonSet metadata: name: nginx-ingress-controller namespace: ingress spec: updateStrategy: type: RollingUpdate rollingUpdate: maxUnavailable: 1 selector: matchLabels: name: nginx-ingress-controller phase: prod template: metadata: labels: name: nginx-ingress-controller phase: prod annotations: seccomp.security.alpha.kubernetes.io/pod: 'docker/default' spec: containers: - name: nginx-ingress-controller image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.33.0 args: - /nginx-ingress-controller - --ingress-class=public # use downward API env: - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace ports: - name: http containerPort: 80 hostPort: 80 - name: https containerPort: 443 hostPort: 443 - name: health containerPort: 10254 hostPort: 10254 livenessProbe: failureThreshold: 3 httpGet: path: /healthz port: 10254 scheme: HTTP initialDelaySeconds: 10 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 readinessProbe: failureThreshold: 3 httpGet: path: /healthz port: 10254 scheme: HTTP periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 lifecycle: preStop: exec: command: - /wait-shutdown securityContext: capabilities: add: - NET_BIND_SERVICE drop: - ALL runAsUser: 101 # www-data restartPolicy: Always terminationGracePeriodSeconds: 300