apiVersion: apps/v1 kind: Deployment metadata: name: ingress-controller-public namespace: ingress spec: replicas: 2 strategy: rollingUpdate: maxUnavailable: 1 selector: matchLabels: name: ingress-controller-public phase: prod template: metadata: labels: name: ingress-controller-public phase: prod annotations: seccomp.security.alpha.kubernetes.io/pod: 'docker/default' spec: containers: - name: nginx-ingress-controller image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.21.0 args: - /nginx-ingress-controller - --default-backend-service=$(POD_NAMESPACE)/default-backend - --ingress-class=public # use downward API env: - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace ports: - name: http containerPort: 80 - name: https containerPort: 443 - name: health containerPort: 10254 livenessProbe: httpGet: path: /healthz port: 10254 scheme: HTTP initialDelaySeconds: 10 periodSeconds: 10 successThreshold: 1 failureThreshold: 3 timeoutSeconds: 1 readinessProbe: httpGet: path: /healthz port: 10254 scheme: HTTP periodSeconds: 10 successThreshold: 1 failureThreshold: 3 timeoutSeconds: 1 securityContext: capabilities: add: - NET_BIND_SERVICE drop: - ALL runAsUser: 33 # www-data restartPolicy: Always terminationGracePeriodSeconds: 60