apiVersion: apps/v1 kind: Deployment metadata: name: nginx-ingress-controller namespace: ingress spec: replicas: 2 strategy: rollingUpdate: maxUnavailable: 1 selector: matchLabels: name: nginx-ingress-controller phase: prod template: metadata: labels: name: nginx-ingress-controller phase: prod annotations: seccomp.security.alpha.kubernetes.io/pod: 'docker/default' spec: nodeSelector: node-role.kubernetes.io/node: "" containers: - name: nginx-ingress-controller image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.22.0 args: - /nginx-ingress-controller - --default-backend-service=$(POD_NAMESPACE)/default-backend - --ingress-class=public # use downward API env: - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace ports: - name: http containerPort: 80 hostPort: 80 - name: https containerPort: 443 hostPort: 443 - name: health containerPort: 10254 hostPort: 10254 livenessProbe: failureThreshold: 3 httpGet: path: /healthz port: 10254 scheme: HTTP initialDelaySeconds: 10 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 readinessProbe: failureThreshold: 3 httpGet: path: /healthz port: 10254 scheme: HTTP periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 securityContext: capabilities: add: - NET_BIND_SERVICE drop: - ALL runAsUser: 33 # www-data restartPolicy: Always terminationGracePeriodSeconds: 60