apiVersion: v1
kind: Service
metadata:
  # keep it under 24 chars
  name: ingress-lb
  namespace: kube-ingress
  labels:
    k8s-app: ingress-lb
    component: ingress-controller
spec:
  type: ClusterIP
  selector:
    k8s-app: ingress-lb
    component: ingress-controller
  ports:
    - name: http
      protocol: TCP
      port: 80
      targetPort: 80
    - name: https
      protocol: TCP
      port: 443
      targetPort: 443
---
kind: ConfigMap
apiVersion: v1
metadata:
  name: udp-services
  namespace: kube-ingress

---
kind: ConfigMap
apiVersion: v1
metadata:
  name: tcp-services
  namespace: kube-ingress
data:

---
apiVersion: v1
data:
  enable-vts-status: "true"
kind: ConfigMap
metadata:
  name: nginx-ingress-lb-conf
  namespace: kube-ingress
---
apiVersion: apps/v1beta2
kind: DaemonSet
metadata:
  name: ingress-controller
  namespace: kube-ingress
  annotations:
    prometheus.io/port: "10254"
    prometheus.io/scrape: "true"
  labels:
    k8s-app: ingress-lb
    component: ingress-controller
    type: nginx
spec:
  updateStrategy:
    rollingUpdate:
      maxUnavailable: 1
    type: RollingUpdate
  selector:
    matchLabels:
      k8s-app: ingress-lb
      component: ingress-controller
      type: nginx
  template:
    metadata:
      labels:
        k8s-app: ingress-lb
        component: ingress-controller
        type: nginx
    spec:
      serviceAccount: kube-nginx-ingress
      affinity:
        nodeAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            nodeSelectorTerms:
            - matchExpressions:
              - key: node-role.kubernetes.io/master
                operator: DoesNotExist
      containers:
        - name: nginx-ingress-lb
          image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.16.2
          args:
          - /nginx-ingress-controller
          - --default-backend-service=$(POD_NAMESPACE)/default-http-backend
          - --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services
          - --udp-services-configmap=$(POD_NAMESPACE)/udp-services
          - --annotations-prefix=ingress.kubernetes.io
          - --enable-ssl-passthrough
          # use downward API
          env:
            - name: POD_NAME
              valueFrom:
                fieldRef:
                  fieldPath: metadata.name
            - name: POD_NAMESPACE
              valueFrom:
                fieldRef:
                  fieldPath: metadata.namespace
          ports:
            - name: http
              containerPort: 80
            - name: https
              containerPort: 443
          readinessProbe:
            httpGet:
              path: /healthz
              port: 10254
              scheme: HTTP
          livenessProbe:
            initialDelaySeconds: 10
            timeoutSeconds: 1
            httpGet:
              path: /healthz
              port: 10254
              scheme: HTTP
      hostNetwork: true
      nodeSelector:
        node-role.kubernetes.io/node: ""
      dnsPolicy: ClusterFirstWithHostNet
      restartPolicy: Always
      terminationGracePeriodSeconds: 60