Created
May 23, 2017 21:10
-
-
Save mikejk8s/6104cac1711d1adadfb604e10ab5d6cb to your computer and use it in GitHub Desktop.
full nginx ingess + ssl
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: v1 | |
kind: Service | |
metadata: | |
name: nginx-ingress | |
spec: | |
loadBalancerIP: xxxxxxx | |
type: LoadBalancer | |
ports: | |
# - port: 80 | |
# name: http | |
- port: 443 | |
name: https | |
selector: | |
k8s-app: nginx-ingress-lb | |
--- | |
apiVersion: extensions/v1beta1 | |
kind: Deployment | |
metadata: | |
name: nginx-ingress-controller | |
spec: | |
replicas: 1 | |
template: | |
metadata: | |
labels: | |
k8s-app: nginx-ingress-lb | |
spec: | |
terminationGracePeriodSeconds: 60 | |
containers: | |
- name: nginx-ingress-controller | |
# From https://github.com/kubernetes/contrib/blob/master/ingress/controllers/nginx/rc.yaml | |
image: gcr.io/google_containers/nginx-ingress-controller:0.8.3 | |
imagePullPolicy: Always | |
args: | |
- /nginx-ingress-controller | |
# Ingress controller redirects to the given server for any unknown subdomain, can be any but: | |
# - Should serve a HTTP/404 on / | |
# - Must serve a HTTP/200 on /healthz | |
- --default-backend-service=default/default-http-backend | |
# Use downward API | |
env: | |
- name: POD_NAME | |
valueFrom: | |
fieldRef: | |
fieldPath: metadata.name | |
- name: POD_NAMESPACE | |
valueFrom: | |
fieldRef: | |
fieldPath: metadata.namespace | |
ports: | |
#- containerPort: 80 | |
- containerPort: 443 | |
# volumeMounts: # Optional | |
# - name: tls-dhparam-vol | |
# mountPath: /etc/nginx-ssl/dhparam | |
livenessProbe: # Optional | |
httpGet: | |
path: /healthz | |
port: 10254 | |
scheme: HTTP | |
initialDelaySeconds: 30 | |
timeoutSeconds: 5 | |
resources: # Optional | |
requests: | |
memory: "10Mi" | |
limits: | |
memory: "100Mi" | |
# volumes: # Optional | |
# - name: tls-dhparam-vol | |
# secret: | |
# secretName: tls-dhparam | |
--- | |
apiVersion: extensions/v1beta1 | |
kind: Ingress | |
metadata: | |
name: ingress | |
annotations: | |
# This tells to only use the Nginx Ingress Controller | |
# and avoids the creation on a Global LoadBalancer on GKE. | |
kubernetes.io/ingress.class: "nginx" | |
spec: | |
tls: | |
- secretName: wildcard-staging | |
# List of hosts supported by this certificate: | |
hosts: | |
- socket-1.staging.mynodeapp.com | |
- socket-2.staging.mynodeapp.com | |
rules: | |
- host: socket-1.staging.mynodeapp.com | |
http: | |
paths: | |
- path: / | |
backend: | |
serviceName: socket-1 | |
servicePort: 10001 | |
- host: socket-2.staging.mynodeapp.com | |
http: | |
paths: | |
- path: / | |
backend: | |
serviceName: socket-2 | |
servicePort: 10002 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment