diff --git a/pkg/manifests/fixtures/nginx/full-with-replicas.json b/pkg/manifests/fixtures/nginx/full-with-replicas.json index 30d4dc81..94269f8a 100644 --- a/pkg/manifests/fixtures/nginx/full-with-replicas.json +++ b/pkg/manifests/fixtures/nginx/full-with-replicas.json @@ -468,18 +468,16 @@ "--election-id=nginx", "--publish-service=$(POD_NAMESPACE)/nginx", "--configmap=$(POD_NAMESPACE)/nginx", - "--enable-annotation-validation=true", - "--http-port=8080", - "--https-port=8443" + "--enable-annotation-validation=true" ], "ports": [ { "name": "http", - "containerPort": 8080 + "containerPort": 80 }, { "name": "https", - "containerPort": 8443 + "containerPort": 443 }, { "name": "prometheus", diff --git a/pkg/manifests/fixtures/nginx/full-with-target-cpu.json b/pkg/manifests/fixtures/nginx/full-with-target-cpu.json index 2d2236f9..5b0e0070 100644 --- a/pkg/manifests/fixtures/nginx/full-with-target-cpu.json +++ b/pkg/manifests/fixtures/nginx/full-with-target-cpu.json @@ -468,18 +468,16 @@ "--election-id=nginx", "--publish-service=$(POD_NAMESPACE)/nginx", "--configmap=$(POD_NAMESPACE)/nginx", - "--enable-annotation-validation=true", - "--http-port=8080", - "--https-port=8443" + "--enable-annotation-validation=true" ], "ports": [ { "name": "http", - "containerPort": 8080 + "containerPort": 80 }, { "name": "https", - "containerPort": 8443 + "containerPort": 443 }, { "name": "prometheus", diff --git a/pkg/manifests/fixtures/nginx/full.json b/pkg/manifests/fixtures/nginx/full.json index 3b54338e..915cab49 100644 --- a/pkg/manifests/fixtures/nginx/full.json +++ b/pkg/manifests/fixtures/nginx/full.json @@ -468,18 +468,16 @@ "--election-id=nginx", "--publish-service=$(POD_NAMESPACE)/nginx", "--configmap=$(POD_NAMESPACE)/nginx", - "--enable-annotation-validation=true", - "--http-port=8080", - "--https-port=8443" + "--enable-annotation-validation=true" ], "ports": [ { "name": "http", - "containerPort": 8080 + "containerPort": 80 }, { "name": "https", - "containerPort": 8443 + "containerPort": 443 }, { "name": "prometheus", diff --git a/pkg/manifests/fixtures/nginx/internal-with-nil-ssl-cert-and-force-ssl.json b/pkg/manifests/fixtures/nginx/internal-with-nil-ssl-cert-and-force-ssl.json index 2eb4126b..b1697fb7 100644 --- a/pkg/manifests/fixtures/nginx/internal-with-nil-ssl-cert-and-force-ssl.json +++ b/pkg/manifests/fixtures/nginx/internal-with-nil-ssl-cert-and-force-ssl.json @@ -1,701 +1,699 @@ [ - { - "kind": "Namespace", - "apiVersion": "v1", - "metadata": { - "name": "test-namespace", - "creationTimestamp": null, - "labels": { - "openservicemesh.io/monitored-by": "osm" - } - }, - "spec": {}, - "status": {} - }, - { - "kind": "IngressClass", - "apiVersion": "networking.k8s.io/v1", - "metadata": { - "name": "nginx-private", - "creationTimestamp": null, - "labels": { - "app.kubernetes.io/managed-by": "aks-app-routing-operator", - "app.kubernetes.io/name": "nginx" - } - }, - "spec": { - "controller": "test-controller-class" - } - }, - { - "kind": "ServiceAccount", - "apiVersion": "v1", - "metadata": { - "name": "nginx", - "namespace": "test-namespace", - "creationTimestamp": null, - "labels": { - "app.kubernetes.io/component": "ingress-controller", - "app.kubernetes.io/managed-by": "aks-app-routing-operator", - "app.kubernetes.io/name": "nginx" - } - } - }, - { - "kind": "ClusterRole", - "apiVersion": "rbac.authorization.k8s.io/v1", - "metadata": { - "name": "nginx", - "creationTimestamp": null, - "labels": { - "app.kubernetes.io/component": "ingress-controller", - "app.kubernetes.io/managed-by": "aks-app-routing-operator", - "app.kubernetes.io/name": "nginx" - } - }, - "rules": [ - { - "verbs": [ - "list", - "watch" - ], - "apiGroups": [ - "" - ], - "resources": [ - "configmaps", - "endpoints", - "nodes", - "pods", - "secrets", - "namespaces" - ] - }, - { - "verbs": [ - "list", - "watch" - ], - "apiGroups": [ - "coordination.k8s.io" - ], - "resources": [ - "leases" - ] - }, - { - "verbs": [ - "get" - ], - "apiGroups": [ - "" - ], - "resources": [ - "nodes" - ] - }, - { - "verbs": [ - "get", - "list", - "watch" - ], - "apiGroups": [ - "" - ], - "resources": [ - "services" - ] - }, - { - "verbs": [ - "get", - "watch", - "list" - ], - "apiGroups": [ - "networking.k8s.io" - ], - "resources": [ - "ingresses" - ] - }, - { - "verbs": [ - "create", - "patch" - ], - "apiGroups": [ - "" - ], - "resources": [ - "events" - ] - }, - { - "verbs": [ - "update" - ], - "apiGroups": [ - "networking.k8s.io" - ], - "resources": [ - "ingresses/status" - ] - }, - { - "verbs": [ - "get", - "list", - "watch" - ], - "apiGroups": [ - "networking.k8s.io" - ], - "resources": [ - "ingressclasses" - ] + { + "kind": "Namespace", + "apiVersion": "v1", + "metadata": { + "name": "test-namespace", + "creationTimestamp": null, + "labels": { + "openservicemesh.io/monitored-by": "osm" + } }, - { - "verbs": [ - "list", - "watch", - "get" - ], - "apiGroups": [ - "discovery.k8s.io" - ], - "resources": [ - "endpointslices" - ] - } - ] - }, - { - "kind": "Role", - "apiVersion": "rbac.authorization.k8s.io/v1", - "metadata": { - "name": "nginx", - "namespace": "test-namespace", - "creationTimestamp": null, - "labels": { - "app.kubernetes.io/component": "ingress-controller", - "app.kubernetes.io/managed-by": "aks-app-routing-operator", - "app.kubernetes.io/name": "nginx" - } + "spec": {}, + "status": {} }, - "rules": [ - { - "verbs": [ - "get" - ], - "apiGroups": [ - "" - ], - "resources": [ - "namespaces" - ] - }, - { - "verbs": [ - "update" - ], - "apiGroups": [ - "" - ], - "resources": [ - "configmaps" - ] - }, - { - "verbs": [ - "get", - "list", - "watch" - ], - "apiGroups": [ - "" - ], - "resources": [ - "configmaps", - "pods", - "secrets", - "endpoints" - ] - }, - { - "verbs": [ - "get", - "list", - "watch" - ], - "apiGroups": [ - "" - ], - "resources": [ - "services" - ] - }, - { - "verbs": [ - "get", - "list", - "watch" - ], - "apiGroups": [ - "networking.k8s.io" - ], - "resources": [ - "ingresses" - ] - }, - { - "verbs": [ - "update" - ], - "apiGroups": [ - "networking.k8s.io" - ], - "resources": [ - "ingresses/status" - ] - }, - { - "verbs": [ - "get", - "list", - "watch" - ], - "apiGroups": [ - "networking.k8s.io" - ], - "resources": [ - "ingressclasses" - ] - }, - { - "verbs": [ - "get", - "update" - ], - "apiGroups": [ - "coordination.k8s.io" - ], - "resources": [ - "leases" - ], - "resourceNames": [ - "nginx" - ] - }, - { - "verbs": [ - "create" - ], - "apiGroups": [ - "coordination.k8s.io" - ], - "resources": [ - "leases" - ] - }, - { - "verbs": [ - "create", - "patch" - ], - "apiGroups": [ - "" - ], - "resources": [ - "events" - ] + { + "kind": "IngressClass", + "apiVersion": "networking.k8s.io/v1", + "metadata": { + "name": "nginx-private", + "creationTimestamp": null, + "labels": { + "app.kubernetes.io/managed-by": "aks-app-routing-operator", + "app.kubernetes.io/name": "nginx" + } }, - { - "verbs": [ - "list", - "watch", - "get" - ], - "apiGroups": [ - "discovery.k8s.io" - ], - "resources": [ - "endpointslices" - ] - } - ] - }, - { - "kind": "ClusterRoleBinding", - "apiVersion": "rbac.authorization.k8s.io/v1", - "metadata": { - "name": "nginx", - "creationTimestamp": null, - "labels": { - "app.kubernetes.io/component": "ingress-controller", - "app.kubernetes.io/managed-by": "aks-app-routing-operator", - "app.kubernetes.io/name": "nginx" + "spec": { + "controller": "test-controller-class" } }, - "subjects": [ - { - "kind": "ServiceAccount", + { + "kind": "ServiceAccount", + "apiVersion": "v1", + "metadata": { "name": "nginx", - "namespace": "test-namespace" - } - ], - "roleRef": { - "apiGroup": "rbac.authorization.k8s.io", - "kind": "ClusterRole", - "name": "nginx" - } - }, - { - "kind": "RoleBinding", - "apiVersion": "rbac.authorization.k8s.io/v1", - "metadata": { - "name": "nginx", - "namespace": "test-namespace", - "creationTimestamp": null, - "labels": { - "app.kubernetes.io/component": "ingress-controller", - "app.kubernetes.io/managed-by": "aks-app-routing-operator", - "app.kubernetes.io/name": "nginx" + "namespace": "test-namespace", + "creationTimestamp": null, + "labels": { + "app.kubernetes.io/component": "ingress-controller", + "app.kubernetes.io/managed-by": "aks-app-routing-operator", + "app.kubernetes.io/name": "nginx" + } } }, - "subjects": [ - { - "kind": "ServiceAccount", + { + "kind": "ClusterRole", + "apiVersion": "rbac.authorization.k8s.io/v1", + "metadata": { "name": "nginx", - "namespace": "test-namespace" - } - ], - "roleRef": { - "apiGroup": "rbac.authorization.k8s.io", - "kind": "Role", - "name": "nginx" - } - }, - { - "kind": "Service", - "apiVersion": "v1", - "metadata": { - "name": "nginx", - "namespace": "test-namespace", - "creationTimestamp": null, - "labels": { - "app.kubernetes.io/component": "ingress-controller", - "app.kubernetes.io/managed-by": "aks-app-routing-operator", - "app.kubernetes.io/name": "nginx" + "creationTimestamp": null, + "labels": { + "app.kubernetes.io/component": "ingress-controller", + "app.kubernetes.io/managed-by": "aks-app-routing-operator", + "app.kubernetes.io/name": "nginx" + } }, - "annotations": { - "prometheus.io/port": "10254", - "prometheus.io/scrape": "true" - } + "rules": [ + { + "verbs": [ + "list", + "watch" + ], + "apiGroups": [ + "" + ], + "resources": [ + "configmaps", + "endpoints", + "nodes", + "pods", + "secrets", + "namespaces" + ] + }, + { + "verbs": [ + "list", + "watch" + ], + "apiGroups": [ + "coordination.k8s.io" + ], + "resources": [ + "leases" + ] + }, + { + "verbs": [ + "get" + ], + "apiGroups": [ + "" + ], + "resources": [ + "nodes" + ] + }, + { + "verbs": [ + "get", + "list", + "watch" + ], + "apiGroups": [ + "" + ], + "resources": [ + "services" + ] + }, + { + "verbs": [ + "get", + "watch", + "list" + ], + "apiGroups": [ + "networking.k8s.io" + ], + "resources": [ + "ingresses" + ] + }, + { + "verbs": [ + "create", + "patch" + ], + "apiGroups": [ + "" + ], + "resources": [ + "events" + ] + }, + { + "verbs": [ + "update" + ], + "apiGroups": [ + "networking.k8s.io" + ], + "resources": [ + "ingresses/status" + ] + }, + { + "verbs": [ + "get", + "list", + "watch" + ], + "apiGroups": [ + "networking.k8s.io" + ], + "resources": [ + "ingressclasses" + ] + }, + { + "verbs": [ + "list", + "watch", + "get" + ], + "apiGroups": [ + "discovery.k8s.io" + ], + "resources": [ + "endpointslices" + ] + } + ] }, - "spec": { - "ports": [ + { + "kind": "Role", + "apiVersion": "rbac.authorization.k8s.io/v1", + "metadata": { + "name": "nginx", + "namespace": "test-namespace", + "creationTimestamp": null, + "labels": { + "app.kubernetes.io/component": "ingress-controller", + "app.kubernetes.io/managed-by": "aks-app-routing-operator", + "app.kubernetes.io/name": "nginx" + } + }, + "rules": [ + { + "verbs": [ + "get" + ], + "apiGroups": [ + "" + ], + "resources": [ + "namespaces" + ] + }, { - "name": "http", - "port": 80, - "targetPort": "http" + "verbs": [ + "update" + ], + "apiGroups": [ + "" + ], + "resources": [ + "configmaps" + ] + }, + { + "verbs": [ + "get", + "list", + "watch" + ], + "apiGroups": [ + "" + ], + "resources": [ + "configmaps", + "pods", + "secrets", + "endpoints" + ] + }, + { + "verbs": [ + "get", + "list", + "watch" + ], + "apiGroups": [ + "" + ], + "resources": [ + "services" + ] + }, + { + "verbs": [ + "get", + "list", + "watch" + ], + "apiGroups": [ + "networking.k8s.io" + ], + "resources": [ + "ingresses" + ] + }, + { + "verbs": [ + "update" + ], + "apiGroups": [ + "networking.k8s.io" + ], + "resources": [ + "ingresses/status" + ] + }, + { + "verbs": [ + "get", + "list", + "watch" + ], + "apiGroups": [ + "networking.k8s.io" + ], + "resources": [ + "ingressclasses" + ] + }, + { + "verbs": [ + "get", + "update" + ], + "apiGroups": [ + "coordination.k8s.io" + ], + "resources": [ + "leases" + ], + "resourceNames": [ + "nginx" + ] }, { - "name": "https", - "port": 443, - "targetPort": "https" + "verbs": [ + "create" + ], + "apiGroups": [ + "coordination.k8s.io" + ], + "resources": [ + "leases" + ] }, { - "name": "prometheus", - "port": 10254, - "targetPort": "prometheus" + "verbs": [ + "create", + "patch" + ], + "apiGroups": [ + "" + ], + "resources": [ + "events" + ] + }, + { + "verbs": [ + "list", + "watch", + "get" + ], + "apiGroups": [ + "discovery.k8s.io" + ], + "resources": [ + "endpointslices" + ] + } + ] + }, + { + "kind": "ClusterRoleBinding", + "apiVersion": "rbac.authorization.k8s.io/v1", + "metadata": { + "name": "nginx", + "creationTimestamp": null, + "labels": { + "app.kubernetes.io/component": "ingress-controller", + "app.kubernetes.io/managed-by": "aks-app-routing-operator", + "app.kubernetes.io/name": "nginx" } - ], - "selector": { - "app": "nginx" }, - "type": "LoadBalancer", - "externalTrafficPolicy": "Local" + "subjects": [ + { + "kind": "ServiceAccount", + "name": "nginx", + "namespace": "test-namespace" + } + ], + "roleRef": { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "ClusterRole", + "name": "nginx" + } }, - "status": { - "loadBalancer": {} - } - }, - { - "kind": "Deployment", - "apiVersion": "apps/v1", - "metadata": { - "name": "nginx", - "namespace": "test-namespace", - "creationTimestamp": null, - "labels": { - "app.kubernetes.io/component": "ingress-controller", - "app.kubernetes.io/managed-by": "aks-app-routing-operator", - "app.kubernetes.io/name": "nginx" + { + "kind": "RoleBinding", + "apiVersion": "rbac.authorization.k8s.io/v1", + "metadata": { + "name": "nginx", + "namespace": "test-namespace", + "creationTimestamp": null, + "labels": { + "app.kubernetes.io/component": "ingress-controller", + "app.kubernetes.io/managed-by": "aks-app-routing-operator", + "app.kubernetes.io/name": "nginx" + } + }, + "subjects": [ + { + "kind": "ServiceAccount", + "name": "nginx", + "namespace": "test-namespace" + } + ], + "roleRef": { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "Role", + "name": "nginx" } }, - "spec": { - "selector": { - "matchLabels": { - "app": "nginx" + { + "kind": "Service", + "apiVersion": "v1", + "metadata": { + "name": "nginx", + "namespace": "test-namespace", + "creationTimestamp": null, + "labels": { + "app.kubernetes.io/component": "ingress-controller", + "app.kubernetes.io/managed-by": "aks-app-routing-operator", + "app.kubernetes.io/name": "nginx" + }, + "annotations": { + "prometheus.io/port": "10254", + "prometheus.io/scrape": "true" } }, - "template": { - "metadata": { - "creationTimestamp": null, - "labels": { - "app": "nginx", - "app.kubernetes.io/component": "ingress-controller", - "app.kubernetes.io/managed-by": "aks-app-routing-operator" + "spec": { + "ports": [ + { + "name": "http", + "port": 80, + "targetPort": "http" + }, + { + "name": "https", + "port": 443, + "targetPort": "https" }, - "annotations": { - "openservicemesh.io/sidecar-injection": "disabled", - "prometheus.io/port": "10254", - "prometheus.io/scrape": "true" + { + "name": "prometheus", + "port": 10254, + "targetPort": "prometheus" } + ], + "selector": { + "app": "nginx" }, - "spec": { - "containers": [ - { - "name": "controller", - "image": "test-registry/oss/kubernetes/ingress/nginx-ingress-controller:v1.10.0", - "args": [ - "/nginx-ingress-controller", - "--ingress-class=nginx-private", - "--controller-class=test-controller-class", - "--election-id=nginx", - "--publish-service=$(POD_NAMESPACE)/nginx", - "--configmap=$(POD_NAMESPACE)/nginx", - "--enable-annotation-validation=true", - "--http-port=8080", - "--https-port=8443" - ], - "ports": [ - { - "name": "http", - "containerPort": 8080 - }, - { - "name": "https", - "containerPort": 8443 - }, - { - "name": "prometheus", - "containerPort": 10254 - } - ], - "env": [ - { - "name": "POD_NAME", - "valueFrom": { - "fieldRef": { - "fieldPath": "metadata.name" - } + "type": "LoadBalancer", + "externalTrafficPolicy": "Local" + }, + "status": { + "loadBalancer": {} + } + }, + { + "kind": "Deployment", + "apiVersion": "apps/v1", + "metadata": { + "name": "nginx", + "namespace": "test-namespace", + "creationTimestamp": null, + "labels": { + "app.kubernetes.io/component": "ingress-controller", + "app.kubernetes.io/managed-by": "aks-app-routing-operator", + "app.kubernetes.io/name": "nginx" + } + }, + "spec": { + "selector": { + "matchLabels": { + "app": "nginx" + } + }, + "template": { + "metadata": { + "creationTimestamp": null, + "labels": { + "app": "nginx", + "app.kubernetes.io/component": "ingress-controller", + "app.kubernetes.io/managed-by": "aks-app-routing-operator" + }, + "annotations": { + "openservicemesh.io/sidecar-injection": "disabled", + "prometheus.io/port": "10254", + "prometheus.io/scrape": "true" + } + }, + "spec": { + "containers": [ + { + "name": "controller", + "image": "test-registry/oss/kubernetes/ingress/nginx-ingress-controller:v1.10.0", + "args": [ + "/nginx-ingress-controller", + "--ingress-class=nginx-private", + "--controller-class=test-controller-class", + "--election-id=nginx", + "--publish-service=$(POD_NAMESPACE)/nginx", + "--configmap=$(POD_NAMESPACE)/nginx", + "--enable-annotation-validation=true" + ], + "ports": [ + { + "name": "http", + "containerPort": 80 + }, + { + "name": "https", + "containerPort": 443 + }, + { + "name": "prometheus", + "containerPort": 10254 } - }, - { - "name": "POD_NAMESPACE", - "valueFrom": { - "fieldRef": { - "fieldPath": "metadata.namespace" + ], + "env": [ + { + "name": "POD_NAME", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.name" + } + } + }, + { + "name": "POD_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } } } - } - ], - "resources": { - "requests": { - "cpu": "500m", - "memory": "127Mi" - } - }, - "livenessProbe": { - "httpGet": { - "path": "/healthz", - "port": 10254, - "scheme": "HTTP" + ], + "resources": { + "requests": { + "cpu": "500m", + "memory": "127Mi" + } }, - "initialDelaySeconds": 10, - "timeoutSeconds": 1, - "periodSeconds": 5, - "successThreshold": 1, - "failureThreshold": 6 - }, - "readinessProbe": { - "httpGet": { - "path": "/healthz", - "port": 10254, - "scheme": "HTTP" + "livenessProbe": { + "httpGet": { + "path": "/healthz", + "port": 10254, + "scheme": "HTTP" + }, + "initialDelaySeconds": 10, + "timeoutSeconds": 1, + "periodSeconds": 5, + "successThreshold": 1, + "failureThreshold": 6 }, - "initialDelaySeconds": 10, - "timeoutSeconds": 1, - "periodSeconds": 5, - "successThreshold": 1, - "failureThreshold": 3 - }, - "securityContext": { - "capabilities": { - "add": [ - "NET_BIND_SERVICE" - ], - "drop": [ - "ALL" - ] + "readinessProbe": { + "httpGet": { + "path": "/healthz", + "port": 10254, + "scheme": "HTTP" + }, + "initialDelaySeconds": 10, + "timeoutSeconds": 1, + "periodSeconds": 5, + "successThreshold": 1, + "failureThreshold": 3 }, - "runAsUser": 101, - "runAsNonRoot": true, - "allowPrivilegeEscalation": false, - "seccompProfile": { - "type": "RuntimeDefault" + "securityContext": { + "capabilities": { + "add": [ + "NET_BIND_SERVICE" + ], + "drop": [ + "ALL" + ] + }, + "runAsUser": 101, + "runAsNonRoot": true, + "allowPrivilegeEscalation": false, + "seccompProfile": { + "type": "RuntimeDefault" + } } } - } - ], - "serviceAccountName": "nginx", - "affinity": { - "nodeAffinity": { - "requiredDuringSchedulingIgnoredDuringExecution": { - "nodeSelectorTerms": [ + ], + "serviceAccountName": "nginx", + "affinity": { + "nodeAffinity": { + "requiredDuringSchedulingIgnoredDuringExecution": { + "nodeSelectorTerms": [ + { + "matchExpressions": [ + { + "key": "kubernetes.azure.com/cluster", + "operator": "Exists" + }, + { + "key": "type", + "operator": "NotIn", + "values": [ + "virtual-kubelet" + ] + }, + { + "key": "kubernetes.io/os", + "operator": "In", + "values": [ + "linux" + ] + } + ] + } + ] + }, + "preferredDuringSchedulingIgnoredDuringExecution": [ { - "matchExpressions": [ - { - "key": "kubernetes.azure.com/cluster", - "operator": "Exists" - }, - { - "key": "type", - "operator": "NotIn", - "values": [ - "virtual-kubelet" - ] - }, - { - "key": "kubernetes.io/os", - "operator": "In", - "values": [ - "linux" - ] - } - ] + "weight": 100, + "preference": { + "matchExpressions": [ + { + "key": "kubernetes.azure.com/mode", + "operator": "In", + "values": [ + "system" + ] + } + ] + } } ] - }, - "preferredDuringSchedulingIgnoredDuringExecution": [ - { - "weight": 100, - "preference": { - "matchExpressions": [ - { - "key": "kubernetes.azure.com/mode", - "operator": "In", - "values": [ - "system" - ] - } - ] + } + }, + "tolerations": [ + { + "key": "CriticalAddonsOnly", + "operator": "Exists" + } + ], + "priorityClassName": "system-cluster-critical", + "topologySpreadConstraints": [ + { + "maxSkew": 1, + "topologyKey": "kubernetes.io/hostname", + "whenUnsatisfiable": "ScheduleAnyway", + "labelSelector": { + "matchLabels": { + "app": "nginx" } } - ] - } - }, - "tolerations": [ - { - "key": "CriticalAddonsOnly", - "operator": "Exists" - } - ], - "priorityClassName": "system-cluster-critical", - "topologySpreadConstraints": [ - { - "maxSkew": 1, - "topologyKey": "kubernetes.io/hostname", - "whenUnsatisfiable": "ScheduleAnyway", - "labelSelector": { - "matchLabels": { - "app": "nginx" - } } - } - ] - } + ] + } + }, + "strategy": {}, + "revisionHistoryLimit": 2 }, - "strategy": {}, - "revisionHistoryLimit": 2 - }, - "status": {} - }, - { - "kind": "ConfigMap", - "apiVersion": "v1", - "metadata": { - "name": "nginx", - "namespace": "test-namespace", - "creationTimestamp": null, - "labels": { - "app.kubernetes.io/component": "ingress-controller", - "app.kubernetes.io/managed-by": "aks-app-routing-operator", - "app.kubernetes.io/name": "nginx" - } + "status": {} }, - "data": { - "allow-snippet-annotations": "true", - "annotation-value-word-blocklist": "load_module,lua_package,_by_lua,location,root,proxy_pass,serviceaccount,{,},'" - } - }, - { - "kind": "HorizontalPodAutoscaler", - "apiVersion": "autoscaling/v1", - "metadata": { - "name": "nginx", - "namespace": "test-namespace", - "creationTimestamp": null, - "labels": { - "app.kubernetes.io/component": "ingress-controller", - "app.kubernetes.io/managed-by": "aks-app-routing-operator", - "app.kubernetes.io/name": "nginx" + { + "kind": "ConfigMap", + "apiVersion": "v1", + "metadata": { + "name": "nginx", + "namespace": "test-namespace", + "creationTimestamp": null, + "labels": { + "app.kubernetes.io/component": "ingress-controller", + "app.kubernetes.io/managed-by": "aks-app-routing-operator", + "app.kubernetes.io/name": "nginx" + } + }, + "data": { + "allow-snippet-annotations": "true", + "annotation-value-word-blocklist": "load_module,lua_package,_by_lua,location,root,proxy_pass,serviceaccount,{,},'" } }, - "spec": { - "scaleTargetRef": { - "kind": "Deployment", + { + "kind": "HorizontalPodAutoscaler", + "apiVersion": "autoscaling/v1", + "metadata": { "name": "nginx", - "apiVersion": "apps/v1" + "namespace": "test-namespace", + "creationTimestamp": null, + "labels": { + "app.kubernetes.io/component": "ingress-controller", + "app.kubernetes.io/managed-by": "aks-app-routing-operator", + "app.kubernetes.io/name": "nginx" + } }, - "minReplicas": 2, - "maxReplicas": 100, - "targetCPUUtilizationPercentage": 80 - }, - "status": { - "currentReplicas": 0, - "desiredReplicas": 0 - } - }, - { - "kind": "PodDisruptionBudget", - "apiVersion": "policy/v1", - "metadata": { - "name": "nginx", - "namespace": "test-namespace", - "creationTimestamp": null, - "labels": { - "app.kubernetes.io/component": "ingress-controller", - "app.kubernetes.io/managed-by": "aks-app-routing-operator", - "app.kubernetes.io/name": "nginx" + "spec": { + "scaleTargetRef": { + "kind": "Deployment", + "name": "nginx", + "apiVersion": "apps/v1" + }, + "minReplicas": 2, + "maxReplicas": 100, + "targetCPUUtilizationPercentage": 80 + }, + "status": { + "currentReplicas": 0, + "desiredReplicas": 0 } }, - "spec": { - "selector": { - "matchLabels": { - "app": "nginx" + { + "kind": "PodDisruptionBudget", + "apiVersion": "policy/v1", + "metadata": { + "name": "nginx", + "namespace": "test-namespace", + "creationTimestamp": null, + "labels": { + "app.kubernetes.io/component": "ingress-controller", + "app.kubernetes.io/managed-by": "aks-app-routing-operator", + "app.kubernetes.io/name": "nginx" } }, - "maxUnavailable": 1 - }, - "status": { - "disruptionsAllowed": 0, - "currentHealthy": 0, - "desiredHealthy": 0, - "expectedPods": 0 + "spec": { + "selector": { + "matchLabels": { + "app": "nginx" + } + }, + "maxUnavailable": 1 + }, + "status": { + "disruptionsAllowed": 0, + "currentHealthy": 0, + "desiredHealthy": 0, + "expectedPods": 0 + } } - } -] \ No newline at end of file + ] \ No newline at end of file diff --git a/pkg/manifests/fixtures/nginx/internal-with-ssl-cert-and-force-ssl.json b/pkg/manifests/fixtures/nginx/internal-with-ssl-cert-and-force-ssl.json index db28c84f..de3f4fee 100644 --- a/pkg/manifests/fixtures/nginx/internal-with-ssl-cert-and-force-ssl.json +++ b/pkg/manifests/fixtures/nginx/internal-with-ssl-cert-and-force-ssl.json @@ -1,703 +1,701 @@ [ - { - "kind": "Namespace", - "apiVersion": "v1", - "metadata": { - "name": "test-namespace", - "creationTimestamp": null, - "labels": { - "openservicemesh.io/monitored-by": "osm" - } - }, - "spec": {}, - "status": {} - }, - { - "kind": "IngressClass", - "apiVersion": "networking.k8s.io/v1", - "metadata": { - "name": "nginx-private", - "creationTimestamp": null, - "labels": { - "app.kubernetes.io/managed-by": "aks-app-routing-operator", - "app.kubernetes.io/name": "nginx" - } - }, - "spec": { - "controller": "test-controller-class" - } - }, - { - "kind": "ServiceAccount", - "apiVersion": "v1", - "metadata": { - "name": "nginx", - "namespace": "test-namespace", - "creationTimestamp": null, - "labels": { - "app.kubernetes.io/component": "ingress-controller", - "app.kubernetes.io/managed-by": "aks-app-routing-operator", - "app.kubernetes.io/name": "nginx" - } - } - }, - { - "kind": "ClusterRole", - "apiVersion": "rbac.authorization.k8s.io/v1", - "metadata": { - "name": "nginx", - "creationTimestamp": null, - "labels": { - "app.kubernetes.io/component": "ingress-controller", - "app.kubernetes.io/managed-by": "aks-app-routing-operator", - "app.kubernetes.io/name": "nginx" - } - }, - "rules": [ - { - "verbs": [ - "list", - "watch" - ], - "apiGroups": [ - "" - ], - "resources": [ - "configmaps", - "endpoints", - "nodes", - "pods", - "secrets", - "namespaces" - ] - }, - { - "verbs": [ - "list", - "watch" - ], - "apiGroups": [ - "coordination.k8s.io" - ], - "resources": [ - "leases" - ] - }, - { - "verbs": [ - "get" - ], - "apiGroups": [ - "" - ], - "resources": [ - "nodes" - ] - }, - { - "verbs": [ - "get", - "list", - "watch" - ], - "apiGroups": [ - "" - ], - "resources": [ - "services" - ] - }, - { - "verbs": [ - "get", - "watch", - "list" - ], - "apiGroups": [ - "networking.k8s.io" - ], - "resources": [ - "ingresses" - ] - }, - { - "verbs": [ - "create", - "patch" - ], - "apiGroups": [ - "" - ], - "resources": [ - "events" - ] - }, - { - "verbs": [ - "update" - ], - "apiGroups": [ - "networking.k8s.io" - ], - "resources": [ - "ingresses/status" - ] - }, - { - "verbs": [ - "get", - "list", - "watch" - ], - "apiGroups": [ - "networking.k8s.io" - ], - "resources": [ - "ingressclasses" - ] + { + "kind": "Namespace", + "apiVersion": "v1", + "metadata": { + "name": "test-namespace", + "creationTimestamp": null, + "labels": { + "openservicemesh.io/monitored-by": "osm" + } }, - { - "verbs": [ - "list", - "watch", - "get" - ], - "apiGroups": [ - "discovery.k8s.io" - ], - "resources": [ - "endpointslices" - ] - } - ] - }, - { - "kind": "Role", - "apiVersion": "rbac.authorization.k8s.io/v1", - "metadata": { - "name": "nginx", - "namespace": "test-namespace", - "creationTimestamp": null, - "labels": { - "app.kubernetes.io/component": "ingress-controller", - "app.kubernetes.io/managed-by": "aks-app-routing-operator", - "app.kubernetes.io/name": "nginx" - } + "spec": {}, + "status": {} }, - "rules": [ - { - "verbs": [ - "get" - ], - "apiGroups": [ - "" - ], - "resources": [ - "namespaces" - ] - }, - { - "verbs": [ - "update" - ], - "apiGroups": [ - "" - ], - "resources": [ - "configmaps" - ] - }, - { - "verbs": [ - "get", - "list", - "watch" - ], - "apiGroups": [ - "" - ], - "resources": [ - "configmaps", - "pods", - "secrets", - "endpoints" - ] - }, - { - "verbs": [ - "get", - "list", - "watch" - ], - "apiGroups": [ - "" - ], - "resources": [ - "services" - ] - }, - { - "verbs": [ - "get", - "list", - "watch" - ], - "apiGroups": [ - "networking.k8s.io" - ], - "resources": [ - "ingresses" - ] - }, - { - "verbs": [ - "update" - ], - "apiGroups": [ - "networking.k8s.io" - ], - "resources": [ - "ingresses/status" - ] - }, - { - "verbs": [ - "get", - "list", - "watch" - ], - "apiGroups": [ - "networking.k8s.io" - ], - "resources": [ - "ingressclasses" - ] - }, - { - "verbs": [ - "get", - "update" - ], - "apiGroups": [ - "coordination.k8s.io" - ], - "resources": [ - "leases" - ], - "resourceNames": [ - "nginx" - ] - }, - { - "verbs": [ - "create" - ], - "apiGroups": [ - "coordination.k8s.io" - ], - "resources": [ - "leases" - ] - }, - { - "verbs": [ - "create", - "patch" - ], - "apiGroups": [ - "" - ], - "resources": [ - "events" - ] + { + "kind": "IngressClass", + "apiVersion": "networking.k8s.io/v1", + "metadata": { + "name": "nginx-private", + "creationTimestamp": null, + "labels": { + "app.kubernetes.io/managed-by": "aks-app-routing-operator", + "app.kubernetes.io/name": "nginx" + } }, - { - "verbs": [ - "list", - "watch", - "get" - ], - "apiGroups": [ - "discovery.k8s.io" - ], - "resources": [ - "endpointslices" - ] - } - ] - }, - { - "kind": "ClusterRoleBinding", - "apiVersion": "rbac.authorization.k8s.io/v1", - "metadata": { - "name": "nginx", - "creationTimestamp": null, - "labels": { - "app.kubernetes.io/component": "ingress-controller", - "app.kubernetes.io/managed-by": "aks-app-routing-operator", - "app.kubernetes.io/name": "nginx" + "spec": { + "controller": "test-controller-class" } }, - "subjects": [ - { - "kind": "ServiceAccount", + { + "kind": "ServiceAccount", + "apiVersion": "v1", + "metadata": { "name": "nginx", - "namespace": "test-namespace" - } - ], - "roleRef": { - "apiGroup": "rbac.authorization.k8s.io", - "kind": "ClusterRole", - "name": "nginx" - } - }, - { - "kind": "RoleBinding", - "apiVersion": "rbac.authorization.k8s.io/v1", - "metadata": { - "name": "nginx", - "namespace": "test-namespace", - "creationTimestamp": null, - "labels": { - "app.kubernetes.io/component": "ingress-controller", - "app.kubernetes.io/managed-by": "aks-app-routing-operator", - "app.kubernetes.io/name": "nginx" + "namespace": "test-namespace", + "creationTimestamp": null, + "labels": { + "app.kubernetes.io/component": "ingress-controller", + "app.kubernetes.io/managed-by": "aks-app-routing-operator", + "app.kubernetes.io/name": "nginx" + } } }, - "subjects": [ - { - "kind": "ServiceAccount", + { + "kind": "ClusterRole", + "apiVersion": "rbac.authorization.k8s.io/v1", + "metadata": { "name": "nginx", - "namespace": "test-namespace" - } - ], - "roleRef": { - "apiGroup": "rbac.authorization.k8s.io", - "kind": "Role", - "name": "nginx" - } - }, - { - "kind": "Service", - "apiVersion": "v1", - "metadata": { - "name": "nginx", - "namespace": "test-namespace", - "creationTimestamp": null, - "labels": { - "app.kubernetes.io/component": "ingress-controller", - "app.kubernetes.io/managed-by": "aks-app-routing-operator", - "app.kubernetes.io/name": "nginx" + "creationTimestamp": null, + "labels": { + "app.kubernetes.io/component": "ingress-controller", + "app.kubernetes.io/managed-by": "aks-app-routing-operator", + "app.kubernetes.io/name": "nginx" + } }, - "annotations": { - "prometheus.io/port": "10254", - "prometheus.io/scrape": "true" - } + "rules": [ + { + "verbs": [ + "list", + "watch" + ], + "apiGroups": [ + "" + ], + "resources": [ + "configmaps", + "endpoints", + "nodes", + "pods", + "secrets", + "namespaces" + ] + }, + { + "verbs": [ + "list", + "watch" + ], + "apiGroups": [ + "coordination.k8s.io" + ], + "resources": [ + "leases" + ] + }, + { + "verbs": [ + "get" + ], + "apiGroups": [ + "" + ], + "resources": [ + "nodes" + ] + }, + { + "verbs": [ + "get", + "list", + "watch" + ], + "apiGroups": [ + "" + ], + "resources": [ + "services" + ] + }, + { + "verbs": [ + "get", + "watch", + "list" + ], + "apiGroups": [ + "networking.k8s.io" + ], + "resources": [ + "ingresses" + ] + }, + { + "verbs": [ + "create", + "patch" + ], + "apiGroups": [ + "" + ], + "resources": [ + "events" + ] + }, + { + "verbs": [ + "update" + ], + "apiGroups": [ + "networking.k8s.io" + ], + "resources": [ + "ingresses/status" + ] + }, + { + "verbs": [ + "get", + "list", + "watch" + ], + "apiGroups": [ + "networking.k8s.io" + ], + "resources": [ + "ingressclasses" + ] + }, + { + "verbs": [ + "list", + "watch", + "get" + ], + "apiGroups": [ + "discovery.k8s.io" + ], + "resources": [ + "endpointslices" + ] + } + ] }, - "spec": { - "ports": [ + { + "kind": "Role", + "apiVersion": "rbac.authorization.k8s.io/v1", + "metadata": { + "name": "nginx", + "namespace": "test-namespace", + "creationTimestamp": null, + "labels": { + "app.kubernetes.io/component": "ingress-controller", + "app.kubernetes.io/managed-by": "aks-app-routing-operator", + "app.kubernetes.io/name": "nginx" + } + }, + "rules": [ + { + "verbs": [ + "get" + ], + "apiGroups": [ + "" + ], + "resources": [ + "namespaces" + ] + }, { - "name": "http", - "port": 80, - "targetPort": "http" + "verbs": [ + "update" + ], + "apiGroups": [ + "" + ], + "resources": [ + "configmaps" + ] + }, + { + "verbs": [ + "get", + "list", + "watch" + ], + "apiGroups": [ + "" + ], + "resources": [ + "configmaps", + "pods", + "secrets", + "endpoints" + ] + }, + { + "verbs": [ + "get", + "list", + "watch" + ], + "apiGroups": [ + "" + ], + "resources": [ + "services" + ] + }, + { + "verbs": [ + "get", + "list", + "watch" + ], + "apiGroups": [ + "networking.k8s.io" + ], + "resources": [ + "ingresses" + ] + }, + { + "verbs": [ + "update" + ], + "apiGroups": [ + "networking.k8s.io" + ], + "resources": [ + "ingresses/status" + ] + }, + { + "verbs": [ + "get", + "list", + "watch" + ], + "apiGroups": [ + "networking.k8s.io" + ], + "resources": [ + "ingressclasses" + ] + }, + { + "verbs": [ + "get", + "update" + ], + "apiGroups": [ + "coordination.k8s.io" + ], + "resources": [ + "leases" + ], + "resourceNames": [ + "nginx" + ] }, { - "name": "https", - "port": 443, - "targetPort": "https" + "verbs": [ + "create" + ], + "apiGroups": [ + "coordination.k8s.io" + ], + "resources": [ + "leases" + ] }, { - "name": "prometheus", - "port": 10254, - "targetPort": "prometheus" + "verbs": [ + "create", + "patch" + ], + "apiGroups": [ + "" + ], + "resources": [ + "events" + ] + }, + { + "verbs": [ + "list", + "watch", + "get" + ], + "apiGroups": [ + "discovery.k8s.io" + ], + "resources": [ + "endpointslices" + ] + } + ] + }, + { + "kind": "ClusterRoleBinding", + "apiVersion": "rbac.authorization.k8s.io/v1", + "metadata": { + "name": "nginx", + "creationTimestamp": null, + "labels": { + "app.kubernetes.io/component": "ingress-controller", + "app.kubernetes.io/managed-by": "aks-app-routing-operator", + "app.kubernetes.io/name": "nginx" } - ], - "selector": { - "app": "nginx" }, - "type": "LoadBalancer", - "externalTrafficPolicy": "Local" + "subjects": [ + { + "kind": "ServiceAccount", + "name": "nginx", + "namespace": "test-namespace" + } + ], + "roleRef": { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "ClusterRole", + "name": "nginx" + } }, - "status": { - "loadBalancer": {} - } - }, - { - "kind": "Deployment", - "apiVersion": "apps/v1", - "metadata": { - "name": "nginx", - "namespace": "test-namespace", - "creationTimestamp": null, - "labels": { - "app.kubernetes.io/component": "ingress-controller", - "app.kubernetes.io/managed-by": "aks-app-routing-operator", - "app.kubernetes.io/name": "nginx" + { + "kind": "RoleBinding", + "apiVersion": "rbac.authorization.k8s.io/v1", + "metadata": { + "name": "nginx", + "namespace": "test-namespace", + "creationTimestamp": null, + "labels": { + "app.kubernetes.io/component": "ingress-controller", + "app.kubernetes.io/managed-by": "aks-app-routing-operator", + "app.kubernetes.io/name": "nginx" + } + }, + "subjects": [ + { + "kind": "ServiceAccount", + "name": "nginx", + "namespace": "test-namespace" + } + ], + "roleRef": { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "Role", + "name": "nginx" } }, - "spec": { - "selector": { - "matchLabels": { - "app": "nginx" + { + "kind": "Service", + "apiVersion": "v1", + "metadata": { + "name": "nginx", + "namespace": "test-namespace", + "creationTimestamp": null, + "labels": { + "app.kubernetes.io/component": "ingress-controller", + "app.kubernetes.io/managed-by": "aks-app-routing-operator", + "app.kubernetes.io/name": "nginx" + }, + "annotations": { + "prometheus.io/port": "10254", + "prometheus.io/scrape": "true" } }, - "template": { - "metadata": { - "creationTimestamp": null, - "labels": { - "app": "nginx", - "app.kubernetes.io/component": "ingress-controller", - "app.kubernetes.io/managed-by": "aks-app-routing-operator" + "spec": { + "ports": [ + { + "name": "http", + "port": 80, + "targetPort": "http" + }, + { + "name": "https", + "port": 443, + "targetPort": "https" }, - "annotations": { - "openservicemesh.io/sidecar-injection": "disabled", - "prometheus.io/port": "10254", - "prometheus.io/scrape": "true" + { + "name": "prometheus", + "port": 10254, + "targetPort": "prometheus" } + ], + "selector": { + "app": "nginx" }, - "spec": { - "containers": [ - { - "name": "controller", - "image": "test-registry/oss/kubernetes/ingress/nginx-ingress-controller:v1.10.0", - "args": [ - "/nginx-ingress-controller", - "--ingress-class=nginx-private", - "--controller-class=test-controller-class", - "--election-id=nginx", - "--publish-service=$(POD_NAMESPACE)/nginx", - "--configmap=$(POD_NAMESPACE)/nginx", - "--enable-annotation-validation=true", - "--http-port=8080", - "--https-port=8443", - "--default-ssl-certificate=fakenamespace/fakename" - ], - "ports": [ - { - "name": "http", - "containerPort": 8080 - }, - { - "name": "https", - "containerPort": 8443 - }, - { - "name": "prometheus", - "containerPort": 10254 - } - ], - "env": [ - { - "name": "POD_NAME", - "valueFrom": { - "fieldRef": { - "fieldPath": "metadata.name" - } + "type": "LoadBalancer", + "externalTrafficPolicy": "Local" + }, + "status": { + "loadBalancer": {} + } + }, + { + "kind": "Deployment", + "apiVersion": "apps/v1", + "metadata": { + "name": "nginx", + "namespace": "test-namespace", + "creationTimestamp": null, + "labels": { + "app.kubernetes.io/component": "ingress-controller", + "app.kubernetes.io/managed-by": "aks-app-routing-operator", + "app.kubernetes.io/name": "nginx" + } + }, + "spec": { + "selector": { + "matchLabels": { + "app": "nginx" + } + }, + "template": { + "metadata": { + "creationTimestamp": null, + "labels": { + "app": "nginx", + "app.kubernetes.io/component": "ingress-controller", + "app.kubernetes.io/managed-by": "aks-app-routing-operator" + }, + "annotations": { + "openservicemesh.io/sidecar-injection": "disabled", + "prometheus.io/port": "10254", + "prometheus.io/scrape": "true" + } + }, + "spec": { + "containers": [ + { + "name": "controller", + "image": "test-registry/oss/kubernetes/ingress/nginx-ingress-controller:v1.10.0", + "args": [ + "/nginx-ingress-controller", + "--ingress-class=nginx-private", + "--controller-class=test-controller-class", + "--election-id=nginx", + "--publish-service=$(POD_NAMESPACE)/nginx", + "--configmap=$(POD_NAMESPACE)/nginx", + "--enable-annotation-validation=true", + "--default-ssl-certificate=fakenamespace/fakename" + ], + "ports": [ + { + "name": "http", + "containerPort": 80 + }, + { + "name": "https", + "containerPort": 443 + }, + { + "name": "prometheus", + "containerPort": 10254 } - }, - { - "name": "POD_NAMESPACE", - "valueFrom": { - "fieldRef": { - "fieldPath": "metadata.namespace" + ], + "env": [ + { + "name": "POD_NAME", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.name" + } + } + }, + { + "name": "POD_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } } } - } - ], - "resources": { - "requests": { - "cpu": "500m", - "memory": "127Mi" - } - }, - "livenessProbe": { - "httpGet": { - "path": "/healthz", - "port": 10254, - "scheme": "HTTP" + ], + "resources": { + "requests": { + "cpu": "500m", + "memory": "127Mi" + } }, - "initialDelaySeconds": 10, - "timeoutSeconds": 1, - "periodSeconds": 5, - "successThreshold": 1, - "failureThreshold": 6 - }, - "readinessProbe": { - "httpGet": { - "path": "/healthz", - "port": 10254, - "scheme": "HTTP" + "livenessProbe": { + "httpGet": { + "path": "/healthz", + "port": 10254, + "scheme": "HTTP" + }, + "initialDelaySeconds": 10, + "timeoutSeconds": 1, + "periodSeconds": 5, + "successThreshold": 1, + "failureThreshold": 6 }, - "initialDelaySeconds": 10, - "timeoutSeconds": 1, - "periodSeconds": 5, - "successThreshold": 1, - "failureThreshold": 3 - }, - "securityContext": { - "capabilities": { - "add": [ - "NET_BIND_SERVICE" - ], - "drop": [ - "ALL" - ] + "readinessProbe": { + "httpGet": { + "path": "/healthz", + "port": 10254, + "scheme": "HTTP" + }, + "initialDelaySeconds": 10, + "timeoutSeconds": 1, + "periodSeconds": 5, + "successThreshold": 1, + "failureThreshold": 3 }, - "runAsUser": 101, - "runAsNonRoot": true, - "allowPrivilegeEscalation": false, - "seccompProfile": { - "type": "RuntimeDefault" + "securityContext": { + "capabilities": { + "add": [ + "NET_BIND_SERVICE" + ], + "drop": [ + "ALL" + ] + }, + "runAsUser": 101, + "runAsNonRoot": true, + "allowPrivilegeEscalation": false, + "seccompProfile": { + "type": "RuntimeDefault" + } } } - } - ], - "serviceAccountName": "nginx", - "affinity": { - "nodeAffinity": { - "requiredDuringSchedulingIgnoredDuringExecution": { - "nodeSelectorTerms": [ + ], + "serviceAccountName": "nginx", + "affinity": { + "nodeAffinity": { + "requiredDuringSchedulingIgnoredDuringExecution": { + "nodeSelectorTerms": [ + { + "matchExpressions": [ + { + "key": "kubernetes.azure.com/cluster", + "operator": "Exists" + }, + { + "key": "type", + "operator": "NotIn", + "values": [ + "virtual-kubelet" + ] + }, + { + "key": "kubernetes.io/os", + "operator": "In", + "values": [ + "linux" + ] + } + ] + } + ] + }, + "preferredDuringSchedulingIgnoredDuringExecution": [ { - "matchExpressions": [ - { - "key": "kubernetes.azure.com/cluster", - "operator": "Exists" - }, - { - "key": "type", - "operator": "NotIn", - "values": [ - "virtual-kubelet" - ] - }, - { - "key": "kubernetes.io/os", - "operator": "In", - "values": [ - "linux" - ] - } - ] + "weight": 100, + "preference": { + "matchExpressions": [ + { + "key": "kubernetes.azure.com/mode", + "operator": "In", + "values": [ + "system" + ] + } + ] + } } ] - }, - "preferredDuringSchedulingIgnoredDuringExecution": [ - { - "weight": 100, - "preference": { - "matchExpressions": [ - { - "key": "kubernetes.azure.com/mode", - "operator": "In", - "values": [ - "system" - ] - } - ] + } + }, + "tolerations": [ + { + "key": "CriticalAddonsOnly", + "operator": "Exists" + } + ], + "priorityClassName": "system-cluster-critical", + "topologySpreadConstraints": [ + { + "maxSkew": 1, + "topologyKey": "kubernetes.io/hostname", + "whenUnsatisfiable": "ScheduleAnyway", + "labelSelector": { + "matchLabels": { + "app": "nginx" } } - ] - } - }, - "tolerations": [ - { - "key": "CriticalAddonsOnly", - "operator": "Exists" - } - ], - "priorityClassName": "system-cluster-critical", - "topologySpreadConstraints": [ - { - "maxSkew": 1, - "topologyKey": "kubernetes.io/hostname", - "whenUnsatisfiable": "ScheduleAnyway", - "labelSelector": { - "matchLabels": { - "app": "nginx" - } } - } - ] - } + ] + } + }, + "strategy": {}, + "revisionHistoryLimit": 2 }, - "strategy": {}, - "revisionHistoryLimit": 2 - }, - "status": {} - }, - { - "kind": "ConfigMap", - "apiVersion": "v1", - "metadata": { - "name": "nginx", - "namespace": "test-namespace", - "creationTimestamp": null, - "labels": { - "app.kubernetes.io/component": "ingress-controller", - "app.kubernetes.io/managed-by": "aks-app-routing-operator", - "app.kubernetes.io/name": "nginx" - } + "status": {} }, - "data": { - "allow-snippet-annotations": "true", - "annotation-value-word-blocklist": "load_module,lua_package,_by_lua,location,root,proxy_pass,serviceaccount,{,},'", - "force-ssl-redirect": "true" - } - }, - { - "kind": "HorizontalPodAutoscaler", - "apiVersion": "autoscaling/v1", - "metadata": { - "name": "nginx", - "namespace": "test-namespace", - "creationTimestamp": null, - "labels": { - "app.kubernetes.io/component": "ingress-controller", - "app.kubernetes.io/managed-by": "aks-app-routing-operator", - "app.kubernetes.io/name": "nginx" + { + "kind": "ConfigMap", + "apiVersion": "v1", + "metadata": { + "name": "nginx", + "namespace": "test-namespace", + "creationTimestamp": null, + "labels": { + "app.kubernetes.io/component": "ingress-controller", + "app.kubernetes.io/managed-by": "aks-app-routing-operator", + "app.kubernetes.io/name": "nginx" + } + }, + "data": { + "allow-snippet-annotations": "true", + "annotation-value-word-blocklist": "load_module,lua_package,_by_lua,location,root,proxy_pass,serviceaccount,{,},'", + "force-ssl-redirect": "true" } }, - "spec": { - "scaleTargetRef": { - "kind": "Deployment", + { + "kind": "HorizontalPodAutoscaler", + "apiVersion": "autoscaling/v1", + "metadata": { "name": "nginx", - "apiVersion": "apps/v1" + "namespace": "test-namespace", + "creationTimestamp": null, + "labels": { + "app.kubernetes.io/component": "ingress-controller", + "app.kubernetes.io/managed-by": "aks-app-routing-operator", + "app.kubernetes.io/name": "nginx" + } }, - "minReplicas": 2, - "maxReplicas": 100, - "targetCPUUtilizationPercentage": 80 - }, - "status": { - "currentReplicas": 0, - "desiredReplicas": 0 - } - }, - { - "kind": "PodDisruptionBudget", - "apiVersion": "policy/v1", - "metadata": { - "name": "nginx", - "namespace": "test-namespace", - "creationTimestamp": null, - "labels": { - "app.kubernetes.io/component": "ingress-controller", - "app.kubernetes.io/managed-by": "aks-app-routing-operator", - "app.kubernetes.io/name": "nginx" + "spec": { + "scaleTargetRef": { + "kind": "Deployment", + "name": "nginx", + "apiVersion": "apps/v1" + }, + "minReplicas": 2, + "maxReplicas": 100, + "targetCPUUtilizationPercentage": 80 + }, + "status": { + "currentReplicas": 0, + "desiredReplicas": 0 } }, - "spec": { - "selector": { - "matchLabels": { - "app": "nginx" + { + "kind": "PodDisruptionBudget", + "apiVersion": "policy/v1", + "metadata": { + "name": "nginx", + "namespace": "test-namespace", + "creationTimestamp": null, + "labels": { + "app.kubernetes.io/component": "ingress-controller", + "app.kubernetes.io/managed-by": "aks-app-routing-operator", + "app.kubernetes.io/name": "nginx" } }, - "maxUnavailable": 1 - }, - "status": { - "disruptionsAllowed": 0, - "currentHealthy": 0, - "desiredHealthy": 0, - "expectedPods": 0 + "spec": { + "selector": { + "matchLabels": { + "app": "nginx" + } + }, + "maxUnavailable": 1 + }, + "status": { + "disruptionsAllowed": 0, + "currentHealthy": 0, + "desiredHealthy": 0, + "expectedPods": 0 + } } - } -] \ No newline at end of file + ] \ No newline at end of file diff --git a/pkg/manifests/fixtures/nginx/internal-with-ssl-cert.json b/pkg/manifests/fixtures/nginx/internal-with-ssl-cert.json index 5326838b..d18998a0 100644 --- a/pkg/manifests/fixtures/nginx/internal-with-ssl-cert.json +++ b/pkg/manifests/fixtures/nginx/internal-with-ssl-cert.json @@ -468,18 +468,16 @@ "--publish-service=$(POD_NAMESPACE)/nginx", "--configmap=$(POD_NAMESPACE)/nginx", "--enable-annotation-validation=true", - "--http-port=8080", - "--https-port=8443", "--default-ssl-certificate=fakenamespace/fakename" ], "ports": [ { "name": "http", - "containerPort": 8080 + "containerPort": 80 }, { "name": "https", - "containerPort": 8443 + "containerPort": 443 }, { "name": "prometheus", diff --git a/pkg/manifests/fixtures/nginx/internal.json b/pkg/manifests/fixtures/nginx/internal.json index 528e805e..b1697fb7 100644 --- a/pkg/manifests/fixtures/nginx/internal.json +++ b/pkg/manifests/fixtures/nginx/internal.json @@ -467,18 +467,16 @@ "--election-id=nginx", "--publish-service=$(POD_NAMESPACE)/nginx", "--configmap=$(POD_NAMESPACE)/nginx", - "--enable-annotation-validation=true", - "--http-port=8080", - "--https-port=8443" + "--enable-annotation-validation=true" ], "ports": [ { "name": "http", - "containerPort": 8080 + "containerPort": 80 }, { "name": "https", - "containerPort": 8443 + "containerPort": 443 }, { "name": "prometheus", diff --git a/pkg/manifests/fixtures/nginx/kube-system.json b/pkg/manifests/fixtures/nginx/kube-system.json index eef1c8be..10869cd4 100644 --- a/pkg/manifests/fixtures/nginx/kube-system.json +++ b/pkg/manifests/fixtures/nginx/kube-system.json @@ -455,18 +455,16 @@ "--election-id=nginx", "--publish-service=$(POD_NAMESPACE)/nginx", "--configmap=$(POD_NAMESPACE)/nginx", - "--enable-annotation-validation=true", - "--http-port=8080", - "--https-port=8443" + "--enable-annotation-validation=true" ], "ports": [ { "name": "http", - "containerPort": 8080 + "containerPort": 80 }, { "name": "https", - "containerPort": 8443 + "containerPort": 443 }, { "name": "prometheus", diff --git a/pkg/manifests/fixtures/nginx/no-ownership.json b/pkg/manifests/fixtures/nginx/no-ownership.json index 3b54338e..915cab49 100644 --- a/pkg/manifests/fixtures/nginx/no-ownership.json +++ b/pkg/manifests/fixtures/nginx/no-ownership.json @@ -468,18 +468,16 @@ "--election-id=nginx", "--publish-service=$(POD_NAMESPACE)/nginx", "--configmap=$(POD_NAMESPACE)/nginx", - "--enable-annotation-validation=true", - "--http-port=8080", - "--https-port=8443" + "--enable-annotation-validation=true" ], "ports": [ { "name": "http", - "containerPort": 8080 + "containerPort": 80 }, { "name": "https", - "containerPort": 8443 + "containerPort": 443 }, { "name": "prometheus", diff --git a/pkg/manifests/fixtures/nginx/optional-features-disabled.json b/pkg/manifests/fixtures/nginx/optional-features-disabled.json index e00bb5e1..248764f7 100644 --- a/pkg/manifests/fixtures/nginx/optional-features-disabled.json +++ b/pkg/manifests/fixtures/nginx/optional-features-disabled.json @@ -464,18 +464,16 @@ "--election-id=nginx", "--publish-service=$(POD_NAMESPACE)/nginx", "--configmap=$(POD_NAMESPACE)/nginx", - "--enable-annotation-validation=true", - "--http-port=8080", - "--https-port=8443" + "--enable-annotation-validation=true" ], "ports": [ { "name": "http", - "containerPort": 8080 + "containerPort": 80 }, { "name": "https", - "containerPort": 8443 + "containerPort": 443 }, { "name": "prometheus", diff --git a/pkg/manifests/nginx.go b/pkg/manifests/nginx.go index 83a15e11..9fe97770 100644 --- a/pkg/manifests/nginx.go +++ b/pkg/manifests/nginx.go @@ -440,8 +440,6 @@ func newNginxIngressControllerDeployment(conf *config.Config, ingressConfig *Ngi "--publish-service=$(POD_NAMESPACE)/" + ingressConfig.ResourceName, "--configmap=$(POD_NAMESPACE)/" + ingressConfig.ResourceName, "--enable-annotation-validation=true", - "--http-port=8080", - "--https-port=8443", } if ingressConfig.DefaultSSLCertificate != "" { @@ -495,11 +493,11 @@ func newNginxIngressControllerDeployment(conf *config.Config, ingressConfig *Ngi Ports: []corev1.ContainerPort{ { Name: "http", - ContainerPort: 8080, + ContainerPort: 80, }, { Name: "https", - ContainerPort: 8443, + ContainerPort: 443, }, promPodPort, },