Last active
February 12, 2020 01:27
-
-
Save warroyo/7e74dceeaa1803454f2d7c44cb59bfab to your computer and use it in GitHub Desktop.
citrix ingress yaml
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| kind: ClusterRole | |
| apiVersion: rbac.authorization.k8s.io/v1beta1 | |
| metadata: | |
| name: cic-k8s-role | |
| rules: | |
| - apiGroups: [""] | |
| resources: ["endpoints", "ingresses", "pods", "secrets", "nodes", "routes", "namespaces"] | |
| verbs: ["get", "list", "watch"] | |
| # services/status is needed to update the loadbalancer IP in service status for integrating | |
| # service of type LoadBalancer with external-dns | |
| - apiGroups: [""] | |
| resources: ["services/status"] | |
| verbs: ["patch"] | |
| - apiGroups: [""] | |
| resources: ["services"] | |
| verbs: ["get", "list", "watch", "patch"] | |
| - apiGroups: ["extensions"] | |
| resources: ["ingresses", "ingresses/status"] | |
| verbs: ["get", "list", "watch"] | |
| - apiGroups: ["apiextensions.k8s.io"] | |
| resources: ["customresourcedefinitions"] | |
| verbs: ["get", "list", "watch"] | |
| - apiGroups: ["apps"] | |
| resources: ["deployments"] | |
| verbs: ["get", "list", "watch"] | |
| - apiGroups: ["citrix.com"] | |
| resources: ["rewritepolicies", "canarycrds", "authpolicies", "ratelimits"] | |
| verbs: ["get", "list", "watch"] | |
| - apiGroups: ["citrix.com"] | |
| resources: ["rewritepolicies/status", "canarycrds/status", "authpolicies/status", "ratelimits/status"] | |
| verbs: ["get", "list", "patch"] | |
| - apiGroups: ["citrix.com"] | |
| resources: ["vips"] | |
| verbs: ["get", "list", "watch", "create", "delete"] | |
| - apiGroups: ["route.openshift.io"] | |
| resources: ["routes"] | |
| verbs: ["get", "list", "watch"] | |
| --- | |
| kind: ClusterRoleBinding | |
| apiVersion: rbac.authorization.k8s.io/v1beta1 | |
| metadata: | |
| name: cic-k8s-role | |
| roleRef: | |
| apiGroup: rbac.authorization.k8s.io | |
| kind: ClusterRole | |
| name: cic-k8s-role | |
| subjects: | |
| - kind: ServiceAccount | |
| name: cic-k8s-role | |
| namespace: default | |
| --- | |
| apiVersion: v1 | |
| kind: ServiceAccount | |
| metadata: | |
| name: cic-k8s-role | |
| namespace: default | |
| --- | |
| apiVersion: apps/v1 | |
| kind: Deployment | |
| metadata: | |
| name: cic-k8s-ingress-controller | |
| spec: | |
| selector: | |
| matchLabels: | |
| app: cic-k8s-ingress-controller | |
| replicas: 1 | |
| template: | |
| metadata: | |
| name: cic-k8s-ingress-controller | |
| labels: | |
| app: cic-k8s-ingress-controller | |
| annotations: | |
| spec: | |
| serviceAccountName: cic-k8s-role | |
| containers: | |
| - name: cic-k8s-ingress-controller | |
| image: "quay.io/citrix/citrix-k8s-ingress-controller:1.7.6" | |
| env: | |
| # Set NetScaler NSIP/SNIP, SNIP in case of HA (mgmt has to be enabled) | |
| - name: "NS_IP" | |
| value: "10.20.4.2" | |
| # Set username for Nitro | |
| - name: "NS_USER" | |
| valueFrom: | |
| secretKeyRef: | |
| name: nslogin | |
| key: username | |
| # Set user password for Nitro | |
| - name: "NS_PASSWORD" | |
| valueFrom: | |
| secretKeyRef: | |
| name: nslogin | |
| key: password | |
| # Set log level | |
| - name: "EULA" | |
| value: "yes" | |
| args: | |
| - --ingress-classes | |
| citrix | |
| - --feature-node-watch | |
| false | |
| imagePullPolicy: Always |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| apiVersion: v1 | |
| kind: ServiceAccount | |
| metadata: | |
| name: citrix-ipam-controller | |
| namespace: kube-system | |
| --- | |
| kind: ClusterRole | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| metadata: | |
| name: citrix-ipam-controller | |
| rules: | |
| - apiGroups: | |
| - citrix.com | |
| resources: | |
| - vips | |
| verbs: | |
| - '*' | |
| - apiGroups: | |
| - apiextensions.k8s.io | |
| resources: | |
| - customresourcedefinitions | |
| verbs: | |
| - '*' | |
| --- | |
| kind: ClusterRoleBinding | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| metadata: | |
| name: citrix-ipam-controller | |
| subjects: | |
| - kind: ServiceAccount | |
| name: citrix-ipam-controller | |
| namespace: kube-system | |
| roleRef: | |
| kind: ClusterRole | |
| apiGroup: rbac.authorization.k8s.io | |
| name: citrix-ipam-controller | |
| --- | |
| apiVersion: extensions/v1beta1 | |
| kind: Deployment | |
| metadata: | |
| name: citrix-ipam-controller | |
| namespace: kube-system | |
| spec: | |
| replicas: 1 | |
| template: | |
| metadata: | |
| labels: | |
| app: citrix-ipam-controller | |
| spec: | |
| serviceAccountName: citrix-ipam-controller | |
| containers: | |
| - name: citrix-ipam-controller | |
| image: quay.io/citrix/citrix-ipam-controller:latest | |
| env: | |
| # This IPAM controller takes environment variable VIP_RANGE. IPs in this range are used to assign values for IP range | |
| - name: "VIP_RANGE" | |
| value: '["10.20.4.20-10.20.4.30"]' | |
| # The IPAM controller can also be configured with name spaces for which it would work through the environment variable | |
| # VIP_NAMESPACES, This expects a set of namespaces passed as space separated string |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment