apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app: alb1
release: v1
name: alb-service-account
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
labels:
app: alb1
release: v1
name: alb-sa-clusterrole
rules:
- apiGroups:
- ""
- extensions
resources:
- configmaps
- endpoints
- events
- ingresses
- ingresses/status
- services
verbs:
- create
- get
- list
- update
- watch
- patch
- apiGroups:
- ""
- extensions
resources:
- nodes
- pods
- secrets
- services
- namespaces
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
labels:
app: alb1
release: v1
name: alb-sa-clusterrolebind
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: alb-sa-clusterrole
subjects:
- kind: ServiceAccount
name: alb-service-account
namespace: kube-system
# Application Load Balancer (ALB) Ingress Controller Deployment Manifest.
# This manifest details sensible defaults for deploying an ALB Ingress Controller.
# GitHub: https://github.com/coreos/alb-ingress-controller
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
labels:
app: alb-ingress-controller
name: alb-ingress-controller
# Namespace the ALB Ingress Controller should run in. Does not impact which
# namespaces it's able to resolve ingress resource for. For limiting ingress
# namespace scope, see --watch-namespace.
namespace: kube-system
spec:
replicas: 1
selector:
matchLabels:
app: alb-ingress-controller
strategy:
rollingUpdate:
maxSurge: 1
maxUnavailable: 1
type: RollingUpdate
template:
metadata:
creationTimestamp: null
labels:
app: alb-ingress-controller
spec:
containers:
- args:
- /server
# Ingress controllers must have a default backend deployment where
# all unknown locations can be routed to. Often this is a 404 page. The
# default backend is not particularly helpful to the ALB Ingress Controller
# but is still required. The default backend and its respective service
# must be running Kubernetes for this controller to start.
- --default-backend-service=kube-system/default-http-backend
# Limit the namespace where this ALB Ingress Controller deployment will
# resolve ingress resources. If left commented, all namespaces are used.
#- --watch-namespace=your-k8s-namespace
# Setting the ingress-class flag below will ensure that only ingress resources with the
# annotation kubernetes.io/ingress.class: "alb" are respected by the controller. You may
# choose any class you'd like for this controller to respect.
#- --ingress-class=alb
env:
# AWS region this ingress controller will operate in.
# List of regions:
# http://docs.aws.amazon.com/general/latest/gr/rande.html#vpc_region
- name: AWS_REGION
value: us-west-1
# Name of your cluster. Used when naming resources created
# by the ALB Ingress Controller, providing distinction between
# clusters.
- name: CLUSTER_NAME
value: devCluster
# AWS key id for authenticating with the AWS API.
# This is only here for examples. It's recommended you instead use
# a project like kube2iam for granting access.
#- name: AWS_ACCESS_KEY_ID
#value: KEYVALUE
# AWS key secret for authenticating with the AWS API.
# This is only here for examples. It's recommended you instead use
# a project like kube2iam for granting access.
#- name: AWS_SECRET_ACCESS_KEY
#value: SECRETVALUE
# Enables logging on all outbound requests sent to the AWS API.
# If logging is desired, set to true.
- name: AWS_DEBUG
value: "false"
# Maximum number of times to retry the aws calls.
# defaults to 20.
- name: AWS_MAX_RETRIES
value: "20"
- name: POD_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
# Repository location of the ALB Ingress Controller.
image: quay.io/coreos/alb-ingress-controller:1.0-alpha.3
imagePullPolicy: Always
name: server
resources: {}
terminationMessagePath: /dev/termination-log
dnsPolicy: ClusterFirst
restartPolicy: Always
serviceAccountName: alb-service-account
terminationGracePeriodSeconds: 30