apiVersion: apps/v1 kind: Deployment metadata: name: nginx-ingress namespace: nginx-ingress spec: replicas: 3 selector: matchLabels: app: nginx-ingress template: metadata: labels: app: nginx-ingress #annotations: #prometheus.io/scrape: "true" #prometheus.io/port: "9113" #prometheus.io/scheme: http spec: serviceAccountName: nginx-ingress containers: - image: nginx/nginx-ingress:2.4.0 imagePullPolicy: IfNotPresent name: nginx-ingress ports: - name: http containerPort: 80 - name: https containerPort: 443 - name: readiness-port containerPort: 8081 - name: prometheus containerPort: 9113 #- name: prometheus #containerPort: 9113 readinessProbe: httpGet: path: /nginx-ready port: readiness-port periodSeconds: 1 securityContext: allowPrivilegeEscalation: true runAsUser: 101 #nginx capabilities: drop: - ALL add: - NET_BIND_SERVICE env: - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name args: - -nginx-configmaps=$(POD_NAMESPACE)/nginx-config - -default-server-tls-secret=$(POD_NAMESPACE)/default-server-secret - -wildcard-tls-secret=$(POD_NAMESPACE)/default-server-secret ## Below are required but cause PKS smoke test to fail. - -report-ingress-status - -external-service=nginx-ingress - -ingress-class=nginx - -enable-custom-resources=true - -enable-tls-passthrough=true - -enable-snippets=true - -enable-prometheus-metrics - -disable-ipv6=true - -v=3 resources: limits: memory: 300Mi cpu: 25m requests: memory: 275Mi cpu: 25m strategy: rollingUpdate: maxSurge: 25% maxUnavailable: 1 type: RollingUpdate