diff --git a/deploy/base/kustomization.yaml b/deploy/base/kustomization.yaml index 444e24b..b8654b7 100644 --- a/deploy/base/kustomization.yaml +++ b/deploy/base/kustomization.yaml @@ -1,26 +1,6 @@ --- resources: - ../minimal-base -# ingress-nginx -- inflated/ingress-nginx/templates/controller-deployment.yaml -- inflated/ingress-nginx/templates/controller-serviceaccount.yaml -- inflated/ingress-nginx/templates/controller-rolebinding.yaml -- inflated/ingress-nginx/templates/controller-ingressclass.yaml -- inflated/ingress-nginx/templates/controller-service-metrics.yaml -- inflated/ingress-nginx/templates/clusterrole.yaml -- inflated/ingress-nginx/templates/controller-service.yaml -- inflated/ingress-nginx/templates/controller-service-webhook.yaml -- inflated/ingress-nginx/templates/controller-role.yaml -- inflated/ingress-nginx/templates/controller-configmap.yaml -- inflated/ingress-nginx/templates/admission-webhooks/job-patch/serviceaccount.yaml -- inflated/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml -- inflated/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml -- inflated/ingress-nginx/templates/admission-webhooks/job-patch/rolebinding.yaml -- inflated/ingress-nginx/templates/admission-webhooks/job-patch/role.yaml -- inflated/ingress-nginx/templates/admission-webhooks/job-patch/clusterrole.yaml -- inflated/ingress-nginx/templates/admission-webhooks/job-patch/clusterrolebinding.yaml -- inflated/ingress-nginx/templates/admission-webhooks/validating-webhook.yaml -- inflated/ingress-nginx/templates/clusterrolebinding.yaml # Prometheus - inflated/prometheus/charts/prometheus-node-exporter/templates/daemonset.yaml - inflated/prometheus/charts/prometheus-node-exporter/templates/serviceaccount.yaml diff --git a/deploy/base/inflated/ingress-nginx/templates/admission-webhooks/job-patch/clusterrole.yaml b/deploy/minimal-base/inflated/ingress-nginx/templates/admission-webhooks/job-patch/clusterrole.yaml similarity index 100% rename from deploy/base/inflated/ingress-nginx/templates/admission-webhooks/job-patch/clusterrole.yaml rename to deploy/minimal-base/inflated/ingress-nginx/templates/admission-webhooks/job-patch/clusterrole.yaml diff --git a/deploy/base/inflated/ingress-nginx/templates/admission-webhooks/job-patch/clusterrolebinding.yaml b/deploy/minimal-base/inflated/ingress-nginx/templates/admission-webhooks/job-patch/clusterrolebinding.yaml similarity index 100% rename from deploy/base/inflated/ingress-nginx/templates/admission-webhooks/job-patch/clusterrolebinding.yaml rename to deploy/minimal-base/inflated/ingress-nginx/templates/admission-webhooks/job-patch/clusterrolebinding.yaml diff --git a/deploy/base/inflated/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml b/deploy/minimal-base/inflated/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml similarity index 100% rename from deploy/base/inflated/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml rename to deploy/minimal-base/inflated/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml diff --git a/deploy/base/inflated/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml b/deploy/minimal-base/inflated/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml similarity index 100% rename from deploy/base/inflated/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml rename to deploy/minimal-base/inflated/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml diff --git a/deploy/base/inflated/ingress-nginx/templates/admission-webhooks/job-patch/role.yaml b/deploy/minimal-base/inflated/ingress-nginx/templates/admission-webhooks/job-patch/role.yaml similarity index 100% rename from deploy/base/inflated/ingress-nginx/templates/admission-webhooks/job-patch/role.yaml rename to deploy/minimal-base/inflated/ingress-nginx/templates/admission-webhooks/job-patch/role.yaml diff --git a/deploy/base/inflated/ingress-nginx/templates/admission-webhooks/job-patch/rolebinding.yaml b/deploy/minimal-base/inflated/ingress-nginx/templates/admission-webhooks/job-patch/rolebinding.yaml similarity index 100% rename from deploy/base/inflated/ingress-nginx/templates/admission-webhooks/job-patch/rolebinding.yaml rename to deploy/minimal-base/inflated/ingress-nginx/templates/admission-webhooks/job-patch/rolebinding.yaml diff --git a/deploy/base/inflated/ingress-nginx/templates/admission-webhooks/job-patch/serviceaccount.yaml b/deploy/minimal-base/inflated/ingress-nginx/templates/admission-webhooks/job-patch/serviceaccount.yaml similarity index 100% rename from deploy/base/inflated/ingress-nginx/templates/admission-webhooks/job-patch/serviceaccount.yaml rename to deploy/minimal-base/inflated/ingress-nginx/templates/admission-webhooks/job-patch/serviceaccount.yaml diff --git a/deploy/base/inflated/ingress-nginx/templates/admission-webhooks/validating-webhook.yaml b/deploy/minimal-base/inflated/ingress-nginx/templates/admission-webhooks/validating-webhook.yaml similarity index 100% rename from deploy/base/inflated/ingress-nginx/templates/admission-webhooks/validating-webhook.yaml rename to deploy/minimal-base/inflated/ingress-nginx/templates/admission-webhooks/validating-webhook.yaml diff --git a/deploy/base/inflated/ingress-nginx/templates/clusterrole.yaml b/deploy/minimal-base/inflated/ingress-nginx/templates/clusterrole.yaml similarity index 100% rename from deploy/base/inflated/ingress-nginx/templates/clusterrole.yaml rename to deploy/minimal-base/inflated/ingress-nginx/templates/clusterrole.yaml diff --git a/deploy/base/inflated/ingress-nginx/templates/clusterrolebinding.yaml b/deploy/minimal-base/inflated/ingress-nginx/templates/clusterrolebinding.yaml similarity index 100% rename from deploy/base/inflated/ingress-nginx/templates/clusterrolebinding.yaml rename to deploy/minimal-base/inflated/ingress-nginx/templates/clusterrolebinding.yaml diff --git a/deploy/base/inflated/ingress-nginx/templates/controller-configmap.yaml b/deploy/minimal-base/inflated/ingress-nginx/templates/controller-configmap.yaml similarity index 100% rename from deploy/base/inflated/ingress-nginx/templates/controller-configmap.yaml rename to deploy/minimal-base/inflated/ingress-nginx/templates/controller-configmap.yaml diff --git a/deploy/base/inflated/ingress-nginx/templates/controller-deployment.yaml b/deploy/minimal-base/inflated/ingress-nginx/templates/controller-deployment.yaml similarity index 100% rename from deploy/base/inflated/ingress-nginx/templates/controller-deployment.yaml rename to deploy/minimal-base/inflated/ingress-nginx/templates/controller-deployment.yaml diff --git a/deploy/base/inflated/ingress-nginx/templates/controller-ingressclass.yaml b/deploy/minimal-base/inflated/ingress-nginx/templates/controller-ingressclass.yaml similarity index 100% rename from deploy/base/inflated/ingress-nginx/templates/controller-ingressclass.yaml rename to deploy/minimal-base/inflated/ingress-nginx/templates/controller-ingressclass.yaml diff --git a/deploy/base/inflated/ingress-nginx/templates/controller-poddisruptionbudget.yaml b/deploy/minimal-base/inflated/ingress-nginx/templates/controller-poddisruptionbudget.yaml similarity index 100% rename from deploy/base/inflated/ingress-nginx/templates/controller-poddisruptionbudget.yaml rename to deploy/minimal-base/inflated/ingress-nginx/templates/controller-poddisruptionbudget.yaml diff --git a/deploy/base/inflated/ingress-nginx/templates/controller-role.yaml b/deploy/minimal-base/inflated/ingress-nginx/templates/controller-role.yaml similarity index 100% rename from deploy/base/inflated/ingress-nginx/templates/controller-role.yaml rename to deploy/minimal-base/inflated/ingress-nginx/templates/controller-role.yaml diff --git a/deploy/base/inflated/ingress-nginx/templates/controller-rolebinding.yaml b/deploy/minimal-base/inflated/ingress-nginx/templates/controller-rolebinding.yaml similarity index 100% rename from deploy/base/inflated/ingress-nginx/templates/controller-rolebinding.yaml rename to deploy/minimal-base/inflated/ingress-nginx/templates/controller-rolebinding.yaml diff --git a/deploy/base/inflated/ingress-nginx/templates/controller-service-metrics.yaml b/deploy/minimal-base/inflated/ingress-nginx/templates/controller-service-metrics.yaml similarity index 100% rename from deploy/base/inflated/ingress-nginx/templates/controller-service-metrics.yaml rename to deploy/minimal-base/inflated/ingress-nginx/templates/controller-service-metrics.yaml diff --git a/deploy/base/inflated/ingress-nginx/templates/controller-service-webhook.yaml b/deploy/minimal-base/inflated/ingress-nginx/templates/controller-service-webhook.yaml similarity index 100% rename from deploy/base/inflated/ingress-nginx/templates/controller-service-webhook.yaml rename to deploy/minimal-base/inflated/ingress-nginx/templates/controller-service-webhook.yaml diff --git a/deploy/base/inflated/ingress-nginx/templates/controller-service.yaml b/deploy/minimal-base/inflated/ingress-nginx/templates/controller-service.yaml similarity index 100% rename from deploy/base/inflated/ingress-nginx/templates/controller-service.yaml rename to deploy/minimal-base/inflated/ingress-nginx/templates/controller-service.yaml diff --git a/deploy/base/inflated/ingress-nginx/templates/controller-serviceaccount.yaml b/deploy/minimal-base/inflated/ingress-nginx/templates/controller-serviceaccount.yaml similarity index 100% rename from deploy/base/inflated/ingress-nginx/templates/controller-serviceaccount.yaml rename to deploy/minimal-base/inflated/ingress-nginx/templates/controller-serviceaccount.yaml diff --git a/deploy/minimal-base/kustomization.yaml b/deploy/minimal-base/kustomization.yaml index 29c1ee0..481113e 100644 --- a/deploy/minimal-base/kustomization.yaml +++ b/deploy/minimal-base/kustomization.yaml @@ -11,3 +11,23 @@ resources: - inflated/metrics-server/templates/service.yaml - inflated/metrics-server/templates/clusterrole.yaml - inflated/metrics-server/templates/clusterrolebinding.yaml +# ingress-nginx +- inflated/ingress-nginx/templates/controller-deployment.yaml +- inflated/ingress-nginx/templates/controller-serviceaccount.yaml +- inflated/ingress-nginx/templates/controller-rolebinding.yaml +- inflated/ingress-nginx/templates/controller-ingressclass.yaml +- inflated/ingress-nginx/templates/controller-service-metrics.yaml +- inflated/ingress-nginx/templates/clusterrole.yaml +- inflated/ingress-nginx/templates/controller-service.yaml +- inflated/ingress-nginx/templates/controller-service-webhook.yaml +- inflated/ingress-nginx/templates/controller-role.yaml +- inflated/ingress-nginx/templates/controller-configmap.yaml +- inflated/ingress-nginx/templates/admission-webhooks/job-patch/serviceaccount.yaml +- inflated/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml +- inflated/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml +- inflated/ingress-nginx/templates/admission-webhooks/job-patch/rolebinding.yaml +- inflated/ingress-nginx/templates/admission-webhooks/job-patch/role.yaml +- inflated/ingress-nginx/templates/admission-webhooks/job-patch/clusterrole.yaml +- inflated/ingress-nginx/templates/admission-webhooks/job-patch/clusterrolebinding.yaml +- inflated/ingress-nginx/templates/admission-webhooks/validating-webhook.yaml +- inflated/ingress-nginx/templates/clusterrolebinding.yaml diff --git a/deploy/prod-ovh/deploy-ingress-nginx.yaml b/deploy/prod-ovh/deploy-ingress-nginx.yaml new file mode 100644 index 0000000..b853815 --- /dev/null +++ b/deploy/prod-ovh/deploy-ingress-nginx.yaml @@ -0,0 +1,16 @@ +--- +- op: replace + path: /spec/template/spec/containers/0/args/1 + value: "--publish-service=$(POD_NAMESPACE)/prod-ingress-nginx-controller" +- op: replace + path: /spec/template/spec/containers/0/args/5 + value: "--configmap=$(POD_NAMESPACE)/prod-ingress-nginx-controller" +- op: add + path: /spec/template/spec/containers/0/args/- + value: "--tcp-services-configmap=$(POD_NAMESPACE)/prod-ingress-nginx-tcp-services" +- op: add + path: /spec/template/spec/containers/0/args/- + value: "--default-ssl-certificate=$(POD_NAMESPACE)/prod-ingress-tls" +- op: replace + path: /spec/template/spec/volumes/0/secret/secretName + value: prod-ingress-nginx-admission diff --git a/deploy/prod-ovh/job-ingress-nginx-admission-create.yaml b/deploy/prod-ovh/job-ingress-nginx-admission-create.yaml new file mode 100644 index 0000000..1b92709 --- /dev/null +++ b/deploy/prod-ovh/job-ingress-nginx-admission-create.yaml @@ -0,0 +1,7 @@ +--- +- op: replace + path: /spec/template/spec/containers/0/args/1 + value: "--host=prod-ingress-nginx-controller-admission,prod-ingress-nginx-controller-admission.$(POD_NAMESPACE).svc" +- op: replace + path: /spec/template/spec/containers/0/args/3 + value: "--secret-name=prod-ingress-nginx-admission" diff --git a/deploy/prod-ovh/job-ingress-nginx-admission-patch.yaml b/deploy/prod-ovh/job-ingress-nginx-admission-patch.yaml new file mode 100644 index 0000000..23eef8b --- /dev/null +++ b/deploy/prod-ovh/job-ingress-nginx-admission-patch.yaml @@ -0,0 +1,7 @@ +--- +- op: replace + path: /spec/template/spec/containers/0/args/1 + value: "--webhook-name=prod-ingress-nginx-admission" +- op: replace + path: /spec/template/spec/containers/0/args/4 + value: "--secret-name=prod-ingress-nginx-admission" diff --git a/deploy/prod-ovh/kustomization.yaml b/deploy/prod-ovh/kustomization.yaml index 10627c9..d636e58 100644 --- a/deploy/prod-ovh/kustomization.yaml +++ b/deploy/prod-ovh/kustomization.yaml @@ -2,3 +2,25 @@ namePrefix: prod- resources: - ../minimal-base + +patches: +# Patch the ingress-nginx deployment to allow it to use a service with a +# namePrefix. See https://github.com/kubernetes/ingress-nginx/issues/2599#issuecomment-601170289. +- target: + kind: Deployment + name: ingress-nginx-controller + path: deploy-ingress-nginx.yaml + +# Patch the ingress-nginx-admission-create job to reference its webhook with a +# namePrefix. +- target: + kind: Job + name: ingress-nginx-admission-create + path: job-ingress-nginx-admission-create.yaml + +# Patch the ingress-nginx-admission-patch job to reference its webhook with a +# namePrefix. +- target: + kind: Job + name: ingress-nginx-admission-patch + path: job-ingress-nginx-admission-patch.yaml