Skip to content

Instantly share code, notes, and snippets.

@prskr

prskr/clusterrole.yaml

Last active December 7, 2018 02:39
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save prskr/795aea4a1e71852b1f7ec86d8f19a602 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save prskr/795aea4a1e71852b1f7ec86d8f19a602 to your computer and use it in GitHub Desktop.
Download ZIP
Kube-AWS-Ingress-RBAC
Raw
clusterrole.yaml
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: aws-ingress-controller
rules:
- apiGroups: ["extensions"]
resources: ["ingresses", ]
verbs: ["get", "list"]
- apiGroups: ["extensions"]
resources: ["ingresses/status", ]
verbs: ["get", "list", "patch"]
- apiGroups: [""]
resources: ["namespaces", "services", "endpoints"]
verbs: ["get", "list"]
Raw
clusterrolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: aws-ingress-controller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: aws-ingress-controller
subjects:
- kind: ServiceAccount
name: aws-ingress-controller
namespace: kube-system
Raw
ingress-daemonset.yaml
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
name: skipper-ingress
namespace: kube-system
labels:
component: ingress
spec:
selector:
matchLabels:
component: ingress
updateStrategy:
type: RollingUpdate
template:
metadata:
name: skipper-ingress
labels:
component: ingress
application: skipper
spec:
hostNetwork: true
serviceAccountName: aws-ingress-controller
containers:
- name: skipper-ingress
image: registry.opensource.zalan.do/pathfinder/skipper:latest
ports:
- name: ingress-port
containerPort: 9999
hostPort: 9999
- name: metrics-port
containerPort: 9911
args:
- "skipper"
- "-kubernetes"
- "-kubernetes-in-cluster"
- "-address=:9999"
- "-proxy-preserve-host"
- "-serve-host-metrics"
- "-enable-ratelimits"
- "-experimental-upgrade"
- "-metrics-exp-decay-sample"
- "-kubernetes-https-redirect=true"
- "-application-log-level=INFO"
- "-enable-prometheus-metrics"
resources:
limits:
cpu: 200m
memory: 200Mi
readinessProbe:
httpGet:
path: /kube-system/healthz
port: 9999
initialDelaySeconds: 5
timeoutSeconds: 5
Raw
kube-aws-ingress-controller.yaml
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: kube-ingress-aws-controller
namespace: kube-system
labels:
application: kube-ingress-aws-controller
component: ingress
spec:
replicas: 1
selector:
matchLabels:
application: kube-ingress-aws-controller
component: ingress
template:
metadata:
annotations:
iam.amazonaws.com/role: <AWS ARN>
labels:
application: kube-ingress-aws-controller
component: ingress
spec:
serviceAccountName: aws-ingress-controller
containers:
- name: controller
image: registry.opensource.zalan.do/teapot/kube-ingress-aws-controller:latest
env:
- name: AWS_REGION
value: <REGION>
Raw
prometheus-operator-svc-monitor.yaml
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: kube-aws-ingress-metrics
namespace: monitoring
labels:
application: kube-ingress-aws-controller-metrics
prometheus: kube-prometheus
spec:
jobLabel: kube-ingress-aws-controller
selector:
matchLabels:
application: kube-ingress-aws-controller-metrics
component: ingress
namespaceSelector:
matchNames:
- kube-system
endpoints:
- port: skipper-metrics
path: /metrics
interval: 30s
Raw
skipper-metrics-svc.yaml
apiVersion: v1
kind: Service
metadata:
name: kube-aws-ingress-metrics
namespace: kube-system
labels:
application: kube-ingress-aws-controller-metrics
component: ingress
spec:
ports:
- name: skipper-metrics
port: 9911
targetPort: 9911
protocol: TCP
selector:
component: ingress
application: skipper
Raw
svc-account.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: aws-ingress-controller
namespace: kube-system
@rbudiharso
Copy link

rbudiharso commented Dec 7, 2018

Hi, thank you for the gist, but when I run this I got error error: unable to recognize "v1.1.0.yaml": no matches for kind "ServiceMonitor" in version "monitoring.coreos.com/v1"

Any hint would be appreciated :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment