1. apiVersion: v1
    2. kind: Namespace
    3. metadata:
    4.   name: ingress-nginx
    5.   labels:
    6.     app.kubernetes.io/name: ingress-nginx
    7.     app.kubernetes.io/instance: ingress-nginx
    9. ---
    10. # Source: ingress-nginx/templates/controller-serviceaccount.yaml
    11. apiVersion: v1
    12. kind: ServiceAccount
    13. metadata:
    14.   labels:
    15.     helm.sh/chart: ingress-nginx-4.0.10
    16.     app.kubernetes.io/name: ingress-nginx
    17.     app.kubernetes.io/instance: ingress-nginx
    18.     app.kubernetes.io/version: 1.1.0
    19.     app.kubernetes.io/managed-by: Helm
    20.     app.kubernetes.io/component: controller
    21.   name: ingress-nginx
    22.   namespace: ingress-nginx
    23. automountServiceAccountToken: true
    24. ---
    25. # Source: ingress-nginx/templates/controller-configmap.yaml
    26. apiVersion: v1
    27. kind: ConfigMap
    28. metadata:
    29.   labels:
    30.     helm.sh/chart: ingress-nginx-4.0.10
    31.     app.kubernetes.io/name: ingress-nginx
    32.     app.kubernetes.io/instance: ingress-nginx
    33.     app.kubernetes.io/version: 1.1.0
    34.     app.kubernetes.io/managed-by: Helm
    35.     app.kubernetes.io/component: controller
    36.   name: ingress-nginx-controller
    37.   namespace: ingress-nginx
    38. data:
    39.   allow-snippet-annotations: 'true'
    40. ---
    41. # Source: ingress-nginx/templates/clusterrole.yaml
    42. apiVersion: rbac.authorization.k8s.io/v1
    43. kind: ClusterRole
    44. metadata:
    45.   labels:
    46.     helm.sh/chart: ingress-nginx-4.0.10
    47.     app.kubernetes.io/name: ingress-nginx
    48.     app.kubernetes.io/instance: ingress-nginx
    49.     app.kubernetes.io/version: 1.1.0
    50.     app.kubernetes.io/managed-by: Helm
    51.   name: ingress-nginx
    52. rules:
    53.   - apiGroups:
    54.       - ''
    55.     resources:
    56.       - configmaps
    57.       - endpoints
    58.       - nodes
    59.       - pods
    60.       - secrets
    61.       - namespaces
    62.     verbs:
    63.       - list
    64.       - watch
    65.   - apiGroups:
    66.       - ''
    67.     resources:
    68.       - nodes
    69.     verbs:
    70.       - get
    71.   - apiGroups:
    72.       - ''
    73.     resources:
    74.       - services
    75.     verbs:
    76.       - get
    77.       - list
    78.       - watch
    79.   - apiGroups:
    80.       - networking.k8s.io
    81.     resources:
    82.       - ingresses
    83.     verbs:
    84.       - get
    85.       - list
    86.       - watch
    87.   - apiGroups:
    88.       - ''
    89.     resources:
    90.       - events
    91.     verbs:
    92.       - create
    93.       - patch
    94.   - apiGroups:
    95.       - networking.k8s.io
    96.     resources:
    97.       - ingresses/status
    98.     verbs:
    99.       - update
    100.   - apiGroups:
    101.       - networking.k8s.io
    102.     resources:
    103.       - ingressclasses
    104.     verbs:
    105.       - get
    106.       - list
    107.       - watch
    108. ---
    109. # Source: ingress-nginx/templates/clusterrolebinding.yaml
    110. apiVersion: rbac.authorization.k8s.io/v1
    111. kind: ClusterRoleBinding
    112. metadata:
    113.   labels:
    114.     helm.sh/chart: ingress-nginx-4.0.10
    115.     app.kubernetes.io/name: ingress-nginx
    116.     app.kubernetes.io/instance: ingress-nginx
    117.     app.kubernetes.io/version: 1.1.0
    118.     app.kubernetes.io/managed-by: Helm
    119.   name: ingress-nginx
    120. roleRef:
    121.   apiGroup: rbac.authorization.k8s.io
    122.   kind: ClusterRole
    123.   name: ingress-nginx
    124. subjects:
    125.   - kind: ServiceAccount
    126.     name: ingress-nginx
    127.     namespace: ingress-nginx
    128. ---
    129. # Source: ingress-nginx/templates/controller-role.yaml
    130. apiVersion: rbac.authorization.k8s.io/v1
    131. kind: Role
    132. metadata:
    133.   labels:
    134.     helm.sh/chart: ingress-nginx-4.0.10
    135.     app.kubernetes.io/name: ingress-nginx
    136.     app.kubernetes.io/instance: ingress-nginx
    137.     app.kubernetes.io/version: 1.1.0
    138.     app.kubernetes.io/managed-by: Helm
    139.     app.kubernetes.io/component: controller
    140.   name: ingress-nginx
    141.   namespace: ingress-nginx
    142. rules:
    143.   - apiGroups:
    144.       - ''
    145.     resources:
    146.       - namespaces
    147.     verbs:
    148.       - get
    149.   - apiGroups:
    150.       - ''
    151.     resources:
    152.       - configmaps
    153.       - pods
    154.       - secrets
    155.       - endpoints
    156.     verbs:
    157.       - get
    158.       - list
    159.       - watch
    160.   - apiGroups:
    161.       - ''
    162.     resources:
    163.       - services
    164.     verbs:
    165.       - get
    166.       - list
    167.       - watch
    168.   - apiGroups:
    169.       - networking.k8s.io
    170.     resources:
    171.       - ingresses
    172.     verbs:
    173.       - get
    174.       - list
    175.       - watch
    176.   - apiGroups:
    177.       - networking.k8s.io
    178.     resources:
    179.       - ingresses/status
    180.     verbs:
    181.       - update
    182.   - apiGroups:
    183.       - networking.k8s.io
    184.     resources:
    185.       - ingressclasses
    186.     verbs:
    187.       - get
    188.       - list
    189.       - watch
    190.   - apiGroups:
    191.       - ''
    192.     resources:
    193.       - configmaps
    194.     resourceNames:
    195.       - ingress-controller-leader
    196.     verbs:
    197.       - get
    198.       - update
    199.   - apiGroups:
    200.       - ''
    201.     resources:
    202.       - configmaps
    203.     verbs:
    204.       - create
    205.   - apiGroups:
    206.       - ''
    207.     resources:
    208.       - events
    209.     verbs:
    210.       - create
    211.       - patch
    212. ---
    213. # Source: ingress-nginx/templates/controller-rolebinding.yaml
    214. apiVersion: rbac.authorization.k8s.io/v1
    215. kind: RoleBinding
    216. metadata:
    217.   labels:
    218.     helm.sh/chart: ingress-nginx-4.0.10
    219.     app.kubernetes.io/name: ingress-nginx
    220.     app.kubernetes.io/instance: ingress-nginx
    221.     app.kubernetes.io/version: 1.1.0
    222.     app.kubernetes.io/managed-by: Helm
    223.     app.kubernetes.io/component: controller
    224.   name: ingress-nginx
    225.   namespace: ingress-nginx
    226. roleRef:
    227.   apiGroup: rbac.authorization.k8s.io
    228.   kind: Role
    229.   name: ingress-nginx
    230. subjects:
    231.   - kind: ServiceAccount
    232.     name: ingress-nginx
    233.     namespace: ingress-nginx
    234. ---
    235. # Source: ingress-nginx/templates/controller-service-webhook.yaml
    236. apiVersion: v1
    237. kind: Service
    238. metadata:
    239.   labels:
    240.     helm.sh/chart: ingress-nginx-4.0.10
    241.     app.kubernetes.io/name: ingress-nginx
    242.     app.kubernetes.io/instance: ingress-nginx
    243.     app.kubernetes.io/version: 1.1.0
    244.     app.kubernetes.io/managed-by: Helm
    245.     app.kubernetes.io/component: controller
    246.   name: ingress-nginx-controller-admission
    247.   namespace: ingress-nginx
    248. spec:
    249.   type: ClusterIP
    250.   ports:
    251.     - name: https-webhook
    252.       port: 443
    253.       targetPort: webhook
    254.       appProtocol: https
    255.   selector:
    256.     app.kubernetes.io/name: ingress-nginx
    257.     app.kubernetes.io/instance: ingress-nginx
    258.     app.kubernetes.io/component: controller
    259. ---
    260. # Source: ingress-nginx/templates/controller-service.yaml
    261. apiVersion: v1
    262. kind: Service
    263. metadata:
    264.   annotations:
    265.   labels:
    266.     helm.sh/chart: ingress-nginx-4.0.10
    267.     app.kubernetes.io/name: ingress-nginx
    268.     app.kubernetes.io/instance: ingress-nginx
    269.     app.kubernetes.io/version: 1.1.0
    270.     app.kubernetes.io/managed-by: Helm
    271.     app.kubernetes.io/component: controller
    272.   name: ingress-nginx-controller
    273.   namespace: ingress-nginx
    274. spec:
    275.   type: LoadBalancer
    276.   externalTrafficPolicy: Local
    277.   ipFamilyPolicy: SingleStack
    278.   ipFamilies:
    279.     - IPv4
    280.   ports:
    281.     - name: http
    282.       port: 80
    283.       protocol: TCP
    284.       targetPort: http
    285.       appProtocol: http
    286.     - name: https
    287.       port: 443
    288.       protocol: TCP
    289.       targetPort: https
    290.       appProtocol: https
    291.   selector:
    292.     app.kubernetes.io/name: ingress-nginx
    293.     app.kubernetes.io/instance: ingress-nginx
    294.     app.kubernetes.io/component: controller
    295. ---
    296. # Source: ingress-nginx/templates/controller-deployment.yaml
    297. apiVersion: apps/v1
    298. kind: Deployment
    299. metadata:
    300.   labels:
    301.     helm.sh/chart: ingress-nginx-4.0.10
    302.     app.kubernetes.io/name: ingress-nginx
    303.     app.kubernetes.io/instance: ingress-nginx
    304.     app.kubernetes.io/version: 1.1.0
    305.     app.kubernetes.io/managed-by: Helm
    306.     app.kubernetes.io/component: controller
    307.   name: ingress-nginx-controller
    308.   namespace: ingress-nginx
    309. spec:
    310.   selector:
    311.     matchLabels:
    312.       app.kubernetes.io/name: ingress-nginx
    313.       app.kubernetes.io/instance: ingress-nginx
    314.       app.kubernetes.io/component: controller
    315.   revisionHistoryLimit: 10
    316.   minReadySeconds: 0
    317.   template:
    318.     metadata:
    319.       labels:
    320.         app.kubernetes.io/name: ingress-nginx
    321.         app.kubernetes.io/instance: ingress-nginx
    322.         app.kubernetes.io/component: controller
    323.     spec:
    324.       # mark
    325.       automountServiceAccountToken: true
    326.       dnsPolicy: ClusterFirst
    327.       containers:
    328.         - name: controller
    329.           # image: k8s.gcr.io/ingress-nginx/controller:v1.1.0@sha256:f766669fdcf3dc26347ed273a55e754b427eb4411ee075a53f30718b4499076a
    330.           image: docker.io/liangjw/ingress-nginx-controller:v1.1.0
    331.           imagePullPolicy: IfNotPresent
    332.           lifecycle:
    333.             preStop:
    334.               exec:
    335.                 command:
    336.                   - /wait-shutdown
    337.           args:
    338.             - /nginx-ingress-controller
    339.             - --publish-service=$(POD_NAMESPACE)/ingress-nginx-controller
    340.             - --election-id=ingress-controller-leader
    341.             - --controller-class=k8s.io/ingress-nginx
    342.             - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller
    343.             - --validating-webhook=:8443
    344.             - --validating-webhook-certificate=/usr/local/certificates/cert
    345.             - --validating-webhook-key=/usr/local/certificates/key
    346.           securityContext:
    347.             capabilities:
    348.               drop:
    349.                 - ALL
    350.               add:
    351.                 - NET_BIND_SERVICE
    352.             runAsUser: 101
    353.             allowPrivilegeEscalation: true
    354.           env:
    355.             - name: POD_NAME
    356.               valueFrom:
    357.                 fieldRef:
    358.                   fieldPath: metadata.name
    359.             - name: POD_NAMESPACE
    360.               valueFrom:
    361.                 fieldRef:
    362.                   fieldPath: metadata.namespace
    363.             - name: LD_PRELOAD
    364.               value: /usr/local/lib/libmimalloc.so
    365.           livenessProbe:
    366.             failureThreshold: 5
    367.             httpGet:
    368.               path: /healthz
    369.               port: 10254
    370.               scheme: HTTP
    371.             initialDelaySeconds: 10
    372.             periodSeconds: 10
    373.             successThreshold: 1
    374.             timeoutSeconds: 1
    375.           readinessProbe:
    376.             failureThreshold: 3
    377.             httpGet:
    378.               path: /healthz
    379.               port: 10254
    380.               scheme: HTTP
    381.             initialDelaySeconds: 10
    382.             periodSeconds: 10
    383.             successThreshold: 1
    384.             timeoutSeconds: 1
    385.           ports:
    386.             - name: http
    387.               containerPort: 80
    388.               protocol: TCP
    389.             - name: https
    390.               containerPort: 443
    391.               protocol: TCP
    392.             - name: webhook
    393.               containerPort: 8443
    394.               protocol: TCP
    395.           volumeMounts:
    396.             - name: webhook-cert
    397.               mountPath: /usr/local/certificates/
    398.               readOnly: true
    399.           resources:
    400.             requests:
    401.               cpu: 100m
    402.               memory: 90Mi
    403.       nodeSelector:
    404.         kubernetes.io/os: linux
    405.       serviceAccountName: ingress-nginx
    406.       terminationGracePeriodSeconds: 300
    407.       volumes:
    408.         - name: webhook-cert
    409.           secret:
    410.             secretName: ingress-nginx-admission
    411. ---
    412. # Source: ingress-nginx/templates/controller-ingressclass.yaml
    413. # We don't support namespaced ingressClass yet
    414. # So a ClusterRole and a ClusterRoleBinding is required
    415. apiVersion: networking.k8s.io/v1
    416. kind: IngressClass
    417. metadata:
    418.   labels:
    419.     helm.sh/chart: ingress-nginx-4.0.10
    420.     app.kubernetes.io/name: ingress-nginx
    421.     app.kubernetes.io/instance: ingress-nginx
    422.     app.kubernetes.io/version: 1.1.0
    423.     app.kubernetes.io/managed-by: Helm
    424.     app.kubernetes.io/component: controller
    425.   name: nginx
    426.   namespace: ingress-nginx
    427. spec:
    428.   controller: k8s.io/ingress-nginx
    429. ---
    430. # Source: ingress-nginx/templates/admission-webhooks/validating-webhook.yaml
    431. # before changing this value, check the required kubernetes version
    432. # https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#prerequisites
    433. apiVersion: admissionregistration.k8s.io/v1
    434. kind: ValidatingWebhookConfiguration
    435. metadata:
    436.   labels:
    437.     helm.sh/chart: ingress-nginx-4.0.10
    438.     app.kubernetes.io/name: ingress-nginx
    439.     app.kubernetes.io/instance: ingress-nginx
    440.     app.kubernetes.io/version: 1.1.0
    441.     app.kubernetes.io/managed-by: Helm
    442.     app.kubernetes.io/component: admission-webhook
    443.   name: ingress-nginx-admission
    444. webhooks:
    445.   - name: validate.nginx.ingress.kubernetes.io
    446.     matchPolicy: Equivalent
    447.     rules:
    448.       - apiGroups:
    449.           - networking.k8s.io
    450.         apiVersions:
    451.           - v1
    452.         operations:
    453.           - CREATE
    454.           - UPDATE
    455.         resources:
    456.           - ingresses
    457.     failurePolicy: Fail
    458.     sideEffects: None
    459.     admissionReviewVersions:
    460.       - v1
    461.     clientConfig:
    462.       service:
    463.         namespace: ingress-nginx
    464.         name: ingress-nginx-controller-admission
    465.         path: /networking/v1/ingresses
    466. ---
    467. # Source: ingress-nginx/templates/admission-webhooks/job-patch/serviceaccount.yaml
    468. apiVersion: v1
    469. kind: ServiceAccount
    470. metadata:
    471.   name: ingress-nginx-admission
    472.   namespace: ingress-nginx
    473.   annotations:
    474.     helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
    475.     helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
    476.   labels:
    477.     helm.sh/chart: ingress-nginx-4.0.10
    478.     app.kubernetes.io/name: ingress-nginx
    479.     app.kubernetes.io/instance: ingress-nginx
    480.     app.kubernetes.io/version: 1.1.0
    481.     app.kubernetes.io/managed-by: Helm
    482.     app.kubernetes.io/component: admission-webhook
    483. ---
    484. # Source: ingress-nginx/templates/admission-webhooks/job-patch/clusterrole.yaml
    485. apiVersion: rbac.authorization.k8s.io/v1
    486. kind: ClusterRole
    487. metadata:
    488.   name: ingress-nginx-admission
    489.   annotations:
    490.     helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
    491.     helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
    492.   labels:
    493.     helm.sh/chart: ingress-nginx-4.0.10
    494.     app.kubernetes.io/name: ingress-nginx
    495.     app.kubernetes.io/instance: ingress-nginx
    496.     app.kubernetes.io/version: 1.1.0
    497.     app.kubernetes.io/managed-by: Helm
    498.     app.kubernetes.io/component: admission-webhook
    499. rules:
    500.   - apiGroups:
    501.       - admissionregistration.k8s.io
    502.     resources:
    503.       - validatingwebhookconfigurations
    504.     verbs:
    505.       - get
    506.       - update
    507. ---
    508. # Source: ingress-nginx/templates/admission-webhooks/job-patch/clusterrolebinding.yaml
    509. apiVersion: rbac.authorization.k8s.io/v1
    510. kind: ClusterRoleBinding
    511. metadata:
    512.   name: ingress-nginx-admission
    513.   annotations:
    514.     helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
    515.     helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
    516.   labels:
    517.     helm.sh/chart: ingress-nginx-4.0.10
    518.     app.kubernetes.io/name: ingress-nginx
    519.     app.kubernetes.io/instance: ingress-nginx
    520.     app.kubernetes.io/version: 1.1.0
    521.     app.kubernetes.io/managed-by: Helm
    522.     app.kubernetes.io/component: admission-webhook
    523. roleRef:
    524.   apiGroup: rbac.authorization.k8s.io
    525.   kind: ClusterRole
    526.   name: ingress-nginx-admission
    527. subjects:
    528.   - kind: ServiceAccount
    529.     name: ingress-nginx-admission
    530.     namespace: ingress-nginx
    531. ---
    532. # Source: ingress-nginx/templates/admission-webhooks/job-patch/role.yaml
    533. apiVersion: rbac.authorization.k8s.io/v1
    534. kind: Role
    535. metadata:
    536.   name: ingress-nginx-admission
    537.   namespace: ingress-nginx
    538.   annotations:
    539.     helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
    540.     helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
    541.   labels:
    542.     helm.sh/chart: ingress-nginx-4.0.10
    543.     app.kubernetes.io/name: ingress-nginx
    544.     app.kubernetes.io/instance: ingress-nginx
    545.     app.kubernetes.io/version: 1.1.0
    546.     app.kubernetes.io/managed-by: Helm
    547.     app.kubernetes.io/component: admission-webhook
    548. rules:
    549.   - apiGroups:
    550.       - ''
    551.     resources:
    552.       - secrets
    553.     verbs:
    554.       - get
    555.       - create
    556. ---
    557. # Source: ingress-nginx/templates/admission-webhooks/job-patch/rolebinding.yaml
    558. apiVersion: rbac.authorization.k8s.io/v1
    559. kind: RoleBinding
    560. metadata:
    561.   name: ingress-nginx-admission
    562.   namespace: ingress-nginx
    563.   annotations:
    564.     helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
    565.     helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
    566.   labels:
    567.     helm.sh/chart: ingress-nginx-4.0.10
    568.     app.kubernetes.io/name: ingress-nginx
    569.     app.kubernetes.io/instance: ingress-nginx
    570.     app.kubernetes.io/version: 1.1.0
    571.     app.kubernetes.io/managed-by: Helm
    572.     app.kubernetes.io/component: admission-webhook
    573. roleRef:
    574.   apiGroup: rbac.authorization.k8s.io
    575.   kind: Role
    576.   name: ingress-nginx-admission
    577. subjects:
    578.   - kind: ServiceAccount
    579.     name: ingress-nginx-admission
    580.     namespace: ingress-nginx
    581. ---
    582. # Source: ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml
    583. apiVersion: batch/v1
    584. kind: Job
    585. metadata:
    586.   name: ingress-nginx-admission-create
    587.   namespace: ingress-nginx
    588.   annotations:
    589.     helm.sh/hook: pre-install,pre-upgrade
    590.     helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
    591.   labels:
    592.     helm.sh/chart: ingress-nginx-4.0.10
    593.     app.kubernetes.io/name: ingress-nginx
    594.     app.kubernetes.io/instance: ingress-nginx
    595.     app.kubernetes.io/version: 1.1.0
    596.     app.kubernetes.io/managed-by: Helm
    597.     app.kubernetes.io/component: admission-webhook
    598. spec:
    599.   template:
    600.     metadata:
    601.       name: ingress-nginx-admission-create
    602.       labels:
    603.         helm.sh/chart: ingress-nginx-4.0.10
    604.         app.kubernetes.io/name: ingress-nginx
    605.         app.kubernetes.io/instance: ingress-nginx
    606.         app.kubernetes.io/version: 1.1.0
    607.         app.kubernetes.io/managed-by: Helm
    608.         app.kubernetes.io/component: admission-webhook
    609.     spec:
    610.       # mark
    611.       automountServiceAccountToken: true
    612.       containers:
    613.         - name: create
    614.           # image: k8s.gcr.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660
    615.           image: docker.io/liangjw/kube-webhook-certgen:v1.1.1
    616.           imagePullPolicy: IfNotPresent
    617.           args:
    618.             - create
    619.             - --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.$(POD_NAMESPACE).svc
    620.             - --namespace=$(POD_NAMESPACE)
    621.             - --secret-name=ingress-nginx-admission
    622.           env:
    623.             - name: POD_NAMESPACE
    624.               valueFrom:
    625.                 fieldRef:
    626.                   fieldPath: metadata.namespace
    627.           securityContext:
    628.             allowPrivilegeEscalation: true
    629.       restartPolicy: OnFailure
    630.       serviceAccountName: ingress-nginx-admission
    631.       nodeSelector:
    632.         kubernetes.io/os: linux
    633.       securityContext:
    634.         runAsNonRoot: true
    635.         runAsUser: 2000
    636. ---
    637. # Source: ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml
    638. apiVersion: batch/v1
    639. kind: Job
    640. metadata:
    641.   name: ingress-nginx-admission-patch
    642.   namespace: ingress-nginx
    643.   annotations:
    644.     helm.sh/hook: post-install,post-upgrade
    645.     helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
    646.   labels:
    647.     helm.sh/chart: ingress-nginx-4.0.10
    648.     app.kubernetes.io/name: ingress-nginx
    649.     app.kubernetes.io/instance: ingress-nginx
    650.     app.kubernetes.io/version: 1.1.0
    651.     app.kubernetes.io/managed-by: Helm
    652.     app.kubernetes.io/component: admission-webhook
    653. spec:
    654.   template:
    655.     metadata:
    656.       name: ingress-nginx-admission-patch
    657.       labels:
    658.         helm.sh/chart: ingress-nginx-4.0.10
    659.         app.kubernetes.io/name: ingress-nginx
    660.         app.kubernetes.io/instance: ingress-nginx
    661.         app.kubernetes.io/version: 1.1.0
    662.         app.kubernetes.io/managed-by: Helm
    663.         app.kubernetes.io/component: admission-webhook
    664.     spec:
    665.       # mark
    666.       automountServiceAccountToken: true
    667.       containers:
    668.         - name: patch
    669.           # image: k8s.gcr.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660
    670.           image: docker.io/liangjw/kube-webhook-certgen:v1.1.1
    671.           imagePullPolicy: IfNotPresent
    672.           args:
    673.             - patch
    674.             - --webhook-name=ingress-nginx-admission
    675.             - --namespace=$(POD_NAMESPACE)
    676.             - --patch-mutating=false
    677.             - --secret-name=ingress-nginx-admission
    678.             - --patch-failure-policy=Fail
    679.           env:
    680.             - name: POD_NAMESPACE
    681.               valueFrom:
    682.                 fieldRef:
    683.                   fieldPath: metadata.namespace
    684.           securityContext:
    685.             allowPrivilegeEscalation: false
    686.       restartPolicy: OnFailure
    687.       serviceAccountName: ingress-nginx-admission
    688.       nodeSelector:
    689.         kubernetes.io/os: linux
    690.       securityContext:
    691.         runAsNonRoot: true
    692.         runAsUser: 2000