apiVersion: v1 kind: Namespace metadata: name: nginx-gateway --- # Source: nginx-gateway-fabric/templates/rbac.yaml apiVersion: v1 kind: ServiceAccount metadata: name: nginx-gateway namespace: nginx-gateway labels: app.kubernetes.io/name: nginx-gateway app.kubernetes.io/instance: nginx-gateway app.kubernetes.io/version: "1.1.0" annotations: {} --- # Source: nginx-gateway-fabric/templates/rbac.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: nginx-gateway labels: app.kubernetes.io/name: nginx-gateway app.kubernetes.io/instance: nginx-gateway app.kubernetes.io/version: "1.1.0" rules: - apiGroups: - "" resources: - namespaces - services - secrets verbs: - list - watch - apiGroups: - "" resources: - events verbs: - create - patch - apiGroups: - discovery.k8s.io resources: - endpointslices verbs: - list - watch - apiGroups: - gateway.networking.k8s.io resources: - gatewayclasses - gateways - httproutes - referencegrants verbs: - list - watch - apiGroups: - gateway.networking.k8s.io resources: - httproutes/status - gateways/status - gatewayclasses/status verbs: - update - apiGroups: - gateway.nginx.org resources: - nginxgateways verbs: - get - list - watch - apiGroups: - gateway.nginx.org resources: - nginxgateways/status verbs: - update - apiGroups: - coordination.k8s.io resources: - leases verbs: - create - get - update - apiGroups: - apiextensions.k8s.io resources: - customresourcedefinitions verbs: - list - watch --- # Source: nginx-gateway-fabric/templates/rbac.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: nginx-gateway labels: app.kubernetes.io/name: nginx-gateway app.kubernetes.io/instance: nginx-gateway app.kubernetes.io/version: "1.1.0" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: nginx-gateway subjects: - kind: ServiceAccount name: nginx-gateway namespace: nginx-gateway --- # Source: nginx-gateway-fabric/templates/deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: name: nginx-gateway namespace: nginx-gateway labels: app.kubernetes.io/name: nginx-gateway app.kubernetes.io/instance: nginx-gateway app.kubernetes.io/version: "1.1.0" spec: replicas: 1 selector: matchLabels: app.kubernetes.io/name: nginx-gateway app.kubernetes.io/instance: nginx-gateway template: metadata: labels: app.kubernetes.io/name: nginx-gateway app.kubernetes.io/instance: nginx-gateway annotations: prometheus.io/scrape: "true" prometheus.io/port: "9113" spec: containers: - args: - static-mode - --gateway-ctlr-name=gateway.nginx.org/nginx-gateway-controller - --gatewayclass=nginx - --config=nginx-gateway-config - --service=nginx-gateway - --metrics-port=9113 - --health-port=8081 - --leader-election-lock-name=nginx-gateway-leader-election env: - name: POD_IP valueFrom: fieldRef: fieldPath: status.podIP - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name image: ghcr.io/nginxinc/nginx-gateway-fabric:1.1.0 imagePullPolicy: IfNotPresent name: nginx-gateway ports: - name: metrics containerPort: 9113 - name: health containerPort: 8081 readinessProbe: httpGet: path: /readyz port: health initialDelaySeconds: 3 periodSeconds: 1 securityContext: allowPrivilegeEscalation: false capabilities: add: - KILL drop: - ALL readOnlyRootFilesystem: true runAsUser: 102 runAsGroup: 1001 volumeMounts: - name: nginx-conf mountPath: /etc/nginx/conf.d - name: nginx-secrets mountPath: /etc/nginx/secrets - name: nginx-run mountPath: /var/run/nginx - image: ghcr.io/nginxinc/nginx-gateway-fabric/nginx:1.1.0 imagePullPolicy: IfNotPresent name: nginx ports: - containerPort: 80 name: http - containerPort: 443 name: https securityContext: capabilities: add: - NET_BIND_SERVICE drop: - ALL readOnlyRootFilesystem: true runAsUser: 101 runAsGroup: 1001 volumeMounts: - name: nginx-conf mountPath: /etc/nginx/conf.d - name: nginx-secrets mountPath: /etc/nginx/secrets - name: nginx-run mountPath: /var/run/nginx - name: nginx-cache mountPath: /var/cache/nginx - name: nginx-lib mountPath: /var/lib/nginx terminationGracePeriodSeconds: 30 serviceAccountName: nginx-gateway shareProcessNamespace: true securityContext: fsGroup: 1001 runAsNonRoot: true volumes: - name: nginx-conf emptyDir: {} - name: nginx-secrets emptyDir: {} - name: nginx-run emptyDir: {} - name: nginx-cache emptyDir: {} - name: nginx-lib emptyDir: {} --- # Source: nginx-gateway-fabric/templates/gatewayclass.yaml apiVersion: gateway.networking.k8s.io/v1 kind: GatewayClass metadata: name: nginx labels: app.kubernetes.io/name: nginx-gateway app.kubernetes.io/instance: nginx-gateway app.kubernetes.io/version: "1.1.0" spec: controllerName: gateway.nginx.org/nginx-gateway-controller --- # Source: nginx-gateway-fabric/templates/nginxgateway.yaml apiVersion: gateway.nginx.org/v1alpha1 kind: NginxGateway metadata: name: nginx-gateway-config namespace: nginx-gateway labels: app.kubernetes.io/name: nginx-gateway app.kubernetes.io/instance: nginx-gateway app.kubernetes.io/version: "1.1.0" spec: logging: level: info