This repository was archived by the owner on May 24, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 29
/
Copy pathnginx-ingress-operator.clusterserviceversion.yaml
456 lines (456 loc) · 17.6 KB
/
nginx-ingress-operator.clusterserviceversion.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
apiVersion: operators.coreos.com/v1alpha1
kind: ClusterServiceVersion
metadata:
annotations:
alm-examples: |-
[
{
"apiVersion": "k8s.nginx.org/v1alpha1",
"kind": "NginxIngressController",
"metadata": {
"name": "my-nginx-ingress-controller"
},
"spec": {
"image": {
"pullPolicy": "Always",
"repository": "docker.io/nginx/nginx-ingress",
"tag": "1.12.0-ubi"
},
"ingressClass": "nginx",
"nginxPlus": false,
"serviceType": "NodePort",
"type": "deployment"
}
}
]
capabilities: Basic Install
operators.operatorframework.io/builder: operator-sdk-v1.8.0
operators.operatorframework.io/project_layout: go.kubebuilder.io/v3
name: nginx-ingress-operator.v0.3.0
namespace: placeholder
spec:
apiservicedefinitions: {}
customresourcedefinitions:
owned:
- description: NginxIngressController is the Schema for the nginxingresscontrollers
API
displayName: Nginx Ingress Controller
kind: NginxIngressController
name: nginxingresscontrollers.k8s.nginx.org
resources:
- kind: Deployment
name: nic-deployment
version: v1
- kind: ReplicaSet
name: nic-replicaset
version: v1beta2
- kind: Pod
name: nic-runner
version: v1
specDescriptors:
- description: App Protect support configuration. Requires enableCRDs set to
true.
displayName: App Protect
path: appProtect
- description: Initial values of the Ingress Controller ConfigMap. Check https://docs.nginx.com/nginx-ingress-controller/configuration/global-configuration/configmap-resource/
for more information about possible values.
displayName: Config Map Data
path: configMapData
- description: The TLS Secret for TLS termination of the default server. The
format is namespace/name. The secret must be of the type kubernetes.io/tls.
If not specified, the operator will generate and deploy a TLS Secret with
a self-signed certificate and key.
displayName: Default Secret
path: defaultSecret
- description: Enables the use of NGINX Ingress Resource Definitions (VirtualServer
and VirtualServerRoute). Default is true.
displayName: Enable CRDs
path: enableCRDs
- description: Bucketed response times from when NGINX establishes a connection
to an upstream server to when the last byte of the response body is received
by NGINX. **Note** The metric for the upstream isn't available until traffic
is sent to the upstream.
displayName: Enable Latency Metrics
path: enableLatencyMetrics
- description: Enables Leader election to avoid multiple replicas of the controller
reporting the status of Ingress resources – only one replica will report
status. Default is true.
displayName: Enable Leader Election
path: enableLeaderElection
- description: Enables preview policies. Requires enableCRDs set to true.
displayName: Enable Preview Policies
path: enablePreviewPolicies
- description: Enable custom NGINX configuration snippets in VirtualServer,
VirtualServerRoute and TransportServer resources. Requires enableCRDs set
to true.
displayName: Enable Snippets
path: enableSnippets
- description: Enable TLS Passthrough on port 443. Requires enableCRDs set to
true.
displayName: Enable TLSPassthrough
path: enableTLSPassthrough
- description: The GlobalConfiguration resource for global configuration of
the Ingress Controller. Format is namespace/name. Requires enableCRDs set
to true.
displayName: Global Configuration
path: globalConfiguration
- description: Adds a new location to the default server. The location responds
with the 200 status code for any request. Useful for external health-checking
of the Ingress controller.
displayName: Health Status
path: healthStatus
- description: The image of the Ingress Controller.
displayName: Image
path: image
- description: A class of the Ingress controller. The Ingress controller only
processes Ingress resources that belong to its class (in other words, have
the annotation “kubernetes.io/ingress.class”). Additionally, the Ingress
controller processes Ingress resources that do not have that annotation,
which can be disabled by setting UseIngressClassOnly to true. Default is
`nginx`.
displayName: Ingress Class
path: ingressClass
- description: Log level for V logs. Format is 0 - 3
displayName: Log Level
path: logLevel
- description: 'Enable debugging for NGINX. Uses the nginx-debug binary. Requires
‘error-log-level: debug’ in the ConfigMapData.'
displayName: Nginx Debug
path: nginxDebug
- description: Deploys the Ingress Controller for NGINX Plus. The default is
false meaning the Ingress Controller will be deployed for NGINX OSS.
displayName: Nginx Plus
path: nginxPlus
- description: Timeout in milliseconds which the Ingress Controller will wait
for a successful NGINX reload after a change or at the initial start.
displayName: Nginx Reload Timeout
path: nginxReloadTimeout
- description: NGINX stub_status, or the NGINX Plus API.
displayName: Nginx Status
path: nginxStatus
- description: NGINX or NGINX Plus metrics in the Prometheus format.
displayName: Prometheus
path: prometheus
- description: The number of replicas of the Ingress Controller pod. The default
is 1. Only applies if the type is set to deployment.
displayName: Replicas
path: replicas
- description: Update the address field in the status of Ingresses resources.
displayName: Report Ingress Status
path: reportIngressStatus
- description: 'Specifies the name of the IngressLink resource, which exposes
the Ingress Controller pods via a BIG-IP system. The IP of the BIG-IP system
is used when reporting the status of Ingress, VirtualServer and VirtualServerRoute
resources. Requires reportIngressStatus.enable set to true. Note: If serviceType
is LoadBalancer or reportIngressStatus.externalService is set, the value
of this field will be ignored.'
displayName: Ingress Link
path: reportIngressStatus.ingressLink
- description: The service of the Ingress controller.
displayName: Service
path: service
- description: 'The type of the Service for the Ingress Controller. Valid Service
types are: NodePort and LoadBalancer.'
displayName: Service Type
path: serviceType
- description: The type of the Ingress Controller installation - deployment
or daemonset.
displayName: Type
path: type
- description: Ignore Ingress resources without the “kubernetes.io/ingress.class”
annotation.
displayName: Use Ingress Class Only
path: useIngressClassOnly
- description: Namespace to watch for Ingress resources. By default the Ingress
controller watches all namespaces.
displayName: Watch Namespace
path: watchNamespace
- description: A Secret with a TLS certificate and key for TLS termination of
every Ingress host for which TLS termination is enabled but the Secret is
not specified. The secret must be of the type kubernetes.io/tls. If the
argument is not set, for such Ingress hosts NGINX will break any attempt
to establish a TLS connection. If the argument is set, but the Ingress controller
is not able to fetch the Secret from Kubernetes API, the Ingress Controller
will fail to start. Format is namespace/name.
displayName: Wildcard TLS
path: wildcardTLS
statusDescriptors:
- description: Deployed is true if the Operator has finished the deployment
of the NginxIngressController.
displayName: Deployed
path: deployed
version: v1alpha1
description: The NGINX Ingress Operator is a Kubernetes/OpenShift component which
deploys and manages one or more NGINX/NGINX Plus Ingress Controllers
displayName: Nginx Ingress Operator
icon:
- base64data: PHN2ZyBpZD0iTGF5ZXJfMSIgZGF0YS1uYW1lPSJMYXllciAxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHZpZXdCb3g9IjAgMCA2My4zNiA3My40NCI+PGRlZnM+PHN0eWxlPi5jbHMtMXtmaWxsOiMwMDk2Mzk7fS5jbHMtMntmaWxsOiNmZmY7fS5jbHMtM3tmaWxsOiM5OTk7fTwvc3R5bGU+PC9kZWZzPjx0aXRsZT5OR0lOWC1oZXgtc291cmNlLVJHQi0wMjwvdGl0bGU+PHBhdGggY2xhc3M9ImNscy0xIiBkPSJNLjUwMjcyLDU0LjcyMWEzLjYzNywzLjYzNywwLDAsMCwxLjM2NjQxLDEuMzU1OTNMMjkuODIxOTIsNzIuMjE1NDlsLjAwMDg3LS4wMDA4N2EzLjY2NzkzLDMuNjY3OTMsMCwwLDAsMy43MTUyOSwwTDYxLjQ5MTc1LDU2LjA3NjA2YTMuNjY1NjgsMy42NjU2OCwwLDAsMCwxLjg1Njc3LTMuMjE2MTlWMjAuNTgyNzVsLS4wMDA4Ny0uMDAwODdBMy42NjY4NSwzLjY2Njg1LDAsMCwwLDYxLjQ5LDE3LjM2NDgxTDMzLjUzNjM0LDEuMjI2MjVWMS4yMjUzOGEzLjY2MzEzLDMuNjYzMTMsMCwwLDAtMy43MTI2OCwwdi4wMDA4N0wxLjg3MDg3LDE3LjM2NDgxQTMuNjY1MywzLjY2NTMsMCwwLDAsLjAxMjM1LDIwLjU4MTg4bC0uMDAwODcuMDAwODdWNTIuODU5ODdBMy42NDQyNiwzLjY0NDI2LDAsMCwwLC41MDE4NSw1NC43MjEiLz48cGF0aCBjbGFzcz0iY2xzLTIiIGQ9Ik0yMi43MzAxNSw0OS4wMDhhMy41OTQ4OCwzLjU5NDg4LDAsMCwxLTcuMTg5NzYsMGwuMDAwODguMDAwODguMDAzNDktMjQuNjc3MjdjMC0xLjkxMTc0LDEuNjg5MjQtMy40OTI3OSw0LjA4MTc1LTMuNDkyNzlhNi4zOTI4Miw2LjM5MjgyLDAsMCwxLDQuOTAwMjEsMi4xOTFMMjUuNjEzLDI0LjMyOTg5LDQwLjYzMTI0LDQyLjMwMjUzVjI0LjQzMkg0MC42Mjk1YTMuNTk0ODgsMy41OTQ4OCwwLDAsMSw3LjE4OTc1LDBoLS4wMDA4N2wtLjAwMzQ5LDI0LjY3NTUyYzAsMS45MTE3NS0xLjY5MDExLDMuNDkyNzktNC4wODE3NSwzLjQ5Mjc5YTYuMzg4NTcsNi4zODg1NywwLDAsMS00LjkwMDIxLTIuMTkxTDIyLjcyODQsMzEuMTM2NTlWNDkuMDA4OVoiLz48cGF0aCBjbGFzcz0iY2xzLTMiIGQ9Ik01OS45NzQ3OCw2Ni4wMzQxaC40NTkzNFY2NS4wMTFoLjM2MzM1YTEuMDM2NzQsMS4wMzY3NCwwLDAsMSwuNTEwMzcuMDg1MjIuNjM5MTcuNjM5MTcsMCwwLDEsLjI0MjU1LjU5NTEzdi4yMDk3NmwuMDEwMjkuMDc4MmEuMTU3ODEuMTU3ODEsMCwwLDEsLjAwNy4wMzI3OGMuMDAyMzQuMDEyNjQuMDAzMjguMDE2MzguMDEwMy4wMjJoLjQyNTYzbC0uMDE1NDYtLjAyOWEuMjk4NjMuMjk4NjMsMCwwLDEtLjAyMDYtLjEzM2MtLjAwNjA5LS4wNzM1MS0uMDA2MDktLjEzNjI1LS4wMDYwOS0uMTk0MzF2LS4xOTM4NWEuNzQxOTQuNzQxOTQsMCwwLDAtLjE0MjM0LS40MDU0OS42NjEyOS42NjEyOSwwLDAsMC0uNDUzMjUtLjI1NDcyLDEuMTE4ODQsMS4xMTg4NCwwLDAsMCwuMzc3ODctLjEyMjY4LjU2NjczLjU2NjczLDAsMCwwLC4yNTM3OC0uNTE1MDUuNjQwMDguNjQwMDgsMCwwLDAtLjQwMTc0LS42NjA2OCwxLjk5OTA2LDEuOTk5MDYsMCwwLDAtLjcxMjE5LS4wOTMxOGgtLjkwODg0Wm0xLjMwNjM3LTEuNDAyODJhMS4xODgyLDEuMTg4MiwwLDAsMS0uNDM2ODYuMDU4MDZoLS40MTAxN1Y2My43NDIxaC4zOTE0NGExLjE1NTUsMS4xNTU1LDAsMCwxLC41NTIuMTAxNjEuMzk0MTMuMzk0MTMsMCwwLDEsLjE3Mjc4LjM3OTc0LjQwMDg3LjQwMDg3LDAsMCwxLS4yNjkyNC40MDc4M20xLjMzNC0xLjU2MzlhMi4zMDc5MiwyLjMwNzkyLDAsMCwwLTEuNjg3LS42ODk3MSwyLjM3MywyLjM3MywwLDAsMCwwLDQuNzQ2LDIuMzc3MjQsMi4zNzcyNCwwLDAsMCwxLjY4Ny00LjA1NjNtLS4yNDExNC4yMzU1MmExLjk0MzU5LDEuOTQzNTksMCwwLDEsLjU5NTU5LDEuNDQzNTYsMi4wMzkyMiwyLjAzOTIyLDAsMCwxLTMuNDg1NTIsMS40NTA1OSwyLjAxMzExLDIuMDEzMTEsMCwwLDEtLjU5Mjc5LTEuNDUwNTlBMi4wNDYyNywyLjA0NjI3LDAsMCwxLDYwLjkyODEsNjIuNjk3YTEuOTQ2LDEuOTQ2LDAsMCwxLDEuNDQ1OTEuNjA1ODkiLz48L3N2Zz4=
mediatype: image/svg+xml
install:
spec:
clusterPermissions:
- rules:
- apiGroups:
- ""
resources:
- configmaps
- endpoints
- events
- namespaces
- persistentvolumeclaims
- pods
- secrets
- serviceaccounts
- services
- services/finalizers
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- create
- delete
- get
- update
- apiGroups:
- appprotect.f5.com
- k8s.nginx.org
resources:
- '*'
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- apps
resources:
- daemonsets
- deployments
- replicasets
- statefulsets
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- k8s.nginx.org
resources:
- nginxingresscontrollers
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- k8s.nginx.org
resources:
- nginxingresscontrollers/finalizers
verbs:
- update
- apiGroups:
- k8s.nginx.org
resources:
- nginxingresscontrollers/status
verbs:
- get
- patch
- update
- apiGroups:
- networking.k8s.io
resources:
- ingressclasses
verbs:
- create
- delete
- get
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- networking.k8s.io
resources:
- ingresses/status
verbs:
- update
- apiGroups:
- rbac.authorization.k8s.io
resources:
- clusterrolebindings
- clusterroles
- rolebindings
- roles
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- security.openshift.io
resources:
- securitycontextconstraints
verbs:
- create
- get
- list
- update
- watch
- apiGroups:
- authentication.k8s.io
resources:
- tokenreviews
verbs:
- create
- apiGroups:
- authorization.k8s.io
resources:
- subjectaccessreviews
verbs:
- create
serviceAccountName: nginx-ingress-operator-controller-manager
deployments:
- name: nginx-ingress-operator-controller-manager
spec:
replicas: 1
selector:
matchLabels:
control-plane: controller-manager
strategy: {}
template:
metadata:
labels:
control-plane: controller-manager
spec:
containers:
- args:
- --secure-listen-address=0.0.0.0:8443
- --upstream=http://127.0.0.1:8080/
- --logtostderr=true
- --v=10
image: registry.redhat.io/openshift4/ose-kube-rbac-proxy:v4.7
name: kube-rbac-proxy
ports:
- containerPort: 8443
name: https
resources: {}
- args:
- --health-probe-bind-address=:8081
- --metrics-bind-address=127.0.0.1:8080
- --leader-elect
command:
- /manager
image: registry.connect.redhat.com/nginx/nginx-ingress-operator:0.3.0
livenessProbe:
httpGet:
path: /healthz
port: 8081
initialDelaySeconds: 15
periodSeconds: 20
name: manager
readinessProbe:
httpGet:
path: /readyz
port: 8081
initialDelaySeconds: 5
periodSeconds: 10
resources:
limits:
cpu: 500m
memory: 128Mi
requests:
cpu: 250m
memory: 64Mi
securityContext:
allowPrivilegeEscalation: false
securityContext:
runAsNonRoot: true
serviceAccountName: nginx-ingress-operator-controller-manager
terminationGracePeriodSeconds: 10
permissions:
- rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
serviceAccountName: nginx-ingress-operator-controller-manager
strategy: deployment
installModes:
- supported: false
type: OwnNamespace
- supported: false
type: SingleNamespace
- supported: false
type: MultiNamespace
- supported: true
type: AllNamespaces
keywords:
- nginx
- ingress-controller
- ingress
- controller
- kubernetes
- openshift
links:
- name: Nginx Ingress Operator
url: https://github.com/nginxinc/nginx-ingress-operator
maintainers:
- email: [email protected]
name: NGINX Inc
maturity: alpha
provider:
name: NGINX Inc
replaces: nginx-ingress-operator.v0.2.0
version: 0.3.0