2. apiVersion: v1
    3. kind: Namespace
    4. metadata:
    5.   name: ingress-nginx
    6.   labels:
    7.     app.kubernetes.io/name: ingress-nginx
    8.     app.kubernetes.io/instance: ingress-nginx
    10. ---
    11. # Source: ingress-nginx/templates/controller-serviceaccount.yaml
    12. apiVersion: v1
    13. kind: ServiceAccount
    14. metadata:
    15.   labels:
    16.     helm.sh/chart: ingress-nginx-4.0.10
    17.     app.kubernetes.io/name: ingress-nginx
    18.     app.kubernetes.io/instance: ingress-nginx
    19.     app.kubernetes.io/version: 1.1.0
    20.     app.kubernetes.io/managed-by: Helm
    21.     app.kubernetes.io/component: controller
    22.   name: ingress-nginx
    23.   namespace: ingress-nginx
    24. automountServiceAccountToken: true
    25. ---
    26. # Source: ingress-nginx/templates/controller-configmap.yaml
    27. apiVersion: v1
    28. kind: ConfigMap
    29. metadata:
    30.   labels:
    31.     helm.sh/chart: ingress-nginx-4.0.10
    32.     app.kubernetes.io/name: ingress-nginx
    33.     app.kubernetes.io/instance: ingress-nginx
    34.     app.kubernetes.io/version: 1.1.0
    35.     app.kubernetes.io/managed-by: Helm
    36.     app.kubernetes.io/component: controller
    37.   name: ingress-nginx-controller
    38.   namespace: ingress-nginx
    39. data:
    40.   allow-snippet-annotations: 'true'
    41. ---
    42. # Source: ingress-nginx/templates/clusterrole.yaml
    43. apiVersion: rbac.authorization.k8s.io/v1
    44. kind: ClusterRole
    45. metadata:
    46.   labels:
    47.     helm.sh/chart: ingress-nginx-4.0.10
    48.     app.kubernetes.io/name: ingress-nginx
    49.     app.kubernetes.io/instance: ingress-nginx
    50.     app.kubernetes.io/version: 1.1.0
    51.     app.kubernetes.io/managed-by: Helm
    52.   name: ingress-nginx
    53. rules:
    54.   - apiGroups:
    55.       - ''
    56.     resources:
    57.       - configmaps
    58.       - endpoints
    59.       - nodes
    60.       - pods
    61.       - secrets
    62.       - namespaces
    63.     verbs:
    64.       - list
    65.       - watch
    66.   - apiGroups:
    67.       - ''
    68.     resources:
    69.       - nodes
    70.     verbs:
    71.       - get
    72.   - apiGroups:
    73.       - ''
    74.     resources:
    75.       - services
    76.     verbs:
    77.       - get
    78.       - list
    79.       - watch
    80.   - apiGroups:
    81.       - networking.k8s.io
    82.     resources:
    83.       - ingresses
    84.     verbs:
    85.       - get
    86.       - list
    87.       - watch
    88.   - apiGroups:
    89.       - ''
    90.     resources:
    91.       - events
    92.     verbs:
    93.       - create
    94.       - patch
    95.   - apiGroups:
    96.       - networking.k8s.io
    97.     resources:
    98.       - ingresses/status
    99.     verbs:
    100.       - update
    101.   - apiGroups:
    102.       - networking.k8s.io
    103.     resources:
    104.       - ingressclasses
    105.     verbs:
    106.       - get
    107.       - list
    108.       - watch
    109. ---
    110. # Source: ingress-nginx/templates/clusterrolebinding.yaml
    111. apiVersion: rbac.authorization.k8s.io/v1
    112. kind: ClusterRoleBinding
    113. metadata:
    114.   labels:
    115.     helm.sh/chart: ingress-nginx-4.0.10
    116.     app.kubernetes.io/name: ingress-nginx
    117.     app.kubernetes.io/instance: ingress-nginx
    118.     app.kubernetes.io/version: 1.1.0
    119.     app.kubernetes.io/managed-by: Helm
    120.   name: ingress-nginx
    121. roleRef:
    122.   apiGroup: rbac.authorization.k8s.io
    123.   kind: ClusterRole
    124.   name: ingress-nginx
    125. subjects:
    126.   - kind: ServiceAccount
    127.     name: ingress-nginx
    128.     namespace: ingress-nginx
    129. ---
    130. # Source: ingress-nginx/templates/controller-role.yaml
    131. apiVersion: rbac.authorization.k8s.io/v1
    132. kind: Role
    133. metadata:
    134.   labels:
    135.     helm.sh/chart: ingress-nginx-4.0.10
    136.     app.kubernetes.io/name: ingress-nginx
    137.     app.kubernetes.io/instance: ingress-nginx
    138.     app.kubernetes.io/version: 1.1.0
    139.     app.kubernetes.io/managed-by: Helm
    140.     app.kubernetes.io/component: controller
    141.   name: ingress-nginx
    142.   namespace: ingress-nginx
    143. rules:
    144.   - apiGroups:
    145.       - ''
    146.     resources:
    147.       - namespaces
    148.     verbs:
    149.       - get
    150.   - apiGroups:
    151.       - ''
    152.     resources:
    153.       - configmaps
    154.       - pods
    155.       - secrets
    156.       - endpoints
    157.     verbs:
    158.       - get
    159.       - list
    160.       - watch
    161.   - apiGroups:
    162.       - ''
    163.     resources:
    164.       - services
    165.     verbs:
    166.       - get
    167.       - list
    168.       - watch
    169.   - apiGroups:
    170.       - networking.k8s.io
    171.     resources:
    172.       - ingresses
    173.     verbs:
    174.       - get
    175.       - list
    176.       - watch
    177.   - apiGroups:
    178.       - networking.k8s.io
    179.     resources:
    180.       - ingresses/status
    181.     verbs:
    182.       - update
    183.   - apiGroups:
    184.       - networking.k8s.io
    185.     resources:
    186.       - ingressclasses
    187.     verbs:
    188.       - get
    189.       - list
    190.       - watch
    191.   - apiGroups:
    192.       - ''
    193.     resources:
    194.       - configmaps
    195.     resourceNames:
    196.       - ingress-controller-leader
    197.     verbs:
    198.       - get
    199.       - update
    200.   - apiGroups:
    201.       - ''
    202.     resources:
    203.       - configmaps
    204.     verbs:
    205.       - create
    206.   - apiGroups:
    207.       - ''
    208.     resources:
    209.       - events
    210.     verbs:
    211.       - create
    212.       - patch
    213. ---
    214. # Source: ingress-nginx/templates/controller-rolebinding.yaml
    215. apiVersion: rbac.authorization.k8s.io/v1
    216. kind: RoleBinding
    217. metadata:
    218.   labels:
    219.     helm.sh/chart: ingress-nginx-4.0.10
    220.     app.kubernetes.io/name: ingress-nginx
    221.     app.kubernetes.io/instance: ingress-nginx
    222.     app.kubernetes.io/version: 1.1.0
    223.     app.kubernetes.io/managed-by: Helm
    224.     app.kubernetes.io/component: controller
    225.   name: ingress-nginx
    226.   namespace: ingress-nginx
    227. roleRef:
    228.   apiGroup: rbac.authorization.k8s.io
    229.   kind: Role
    230.   name: ingress-nginx
    231. subjects:
    232.   - kind: ServiceAccount
    233.     name: ingress-nginx
    234.     namespace: ingress-nginx
    235. ---
    236. # Source: ingress-nginx/templates/controller-service-webhook.yaml
    237. apiVersion: v1
    238. kind: Service
    239. metadata:
    240.   labels:
    241.     helm.sh/chart: ingress-nginx-4.0.10
    242.     app.kubernetes.io/name: ingress-nginx
    243.     app.kubernetes.io/instance: ingress-nginx
    244.     app.kubernetes.io/version: 1.1.0
    245.     app.kubernetes.io/managed-by: Helm
    246.     app.kubernetes.io/component: controller
    247.   name: ingress-nginx-controller-admission
    248.   namespace: ingress-nginx
    249. spec:
    250.   type: ClusterIP
    251.   ports:
    252.     - name: https-webhook
    253.       port: 443
    254.       targetPort: webhook
    255.       appProtocol: https
    256.   selector:
    257.     app.kubernetes.io/name: ingress-nginx
    258.     app.kubernetes.io/instance: ingress-nginx
    259.     app.kubernetes.io/component: controller
    260. ---
    261. # Source: ingress-nginx/templates/controller-service.yaml
    262. apiVersion: v1
    263. kind: Service
    264. metadata:
    265.   annotations:
    266.   labels:
    267.     helm.sh/chart: ingress-nginx-4.0.10
    268.     app.kubernetes.io/name: ingress-nginx
    269.     app.kubernetes.io/instance: ingress-nginx
    270.     app.kubernetes.io/version: 1.1.0
    271.     app.kubernetes.io/managed-by: Helm
    272.     app.kubernetes.io/component: controller
    273.   name: ingress-nginx-controller
    274.   namespace: ingress-nginx
    275. spec:
    276.   type: ClusterIP
    277.   ports:
    278.     - name: http
    279.       port: 80
    280.       protocol: TCP
    281.       targetPort: http
    282.       appProtocol: http
    283.     - name: https
    284.       port: 443
    285.       protocol: TCP
    286.       targetPort: https
    287.       appProtocol: https
    288.   selector:
    289.     app.kubernetes.io/name: ingress-nginx
    290.     app.kubernetes.io/instance: ingress-nginx
    291.     app.kubernetes.io/component: controller
    292. ---
    293. # Source: ingress-nginx/templates/controller-deployment.yaml
    294. apiVersion: apps/v1
    295. kind: Deployment
    296. metadata:
    297.   labels:
    298.     helm.sh/chart: ingress-nginx-4.0.10
    299.     app.kubernetes.io/name: ingress-nginx
    300.     app.kubernetes.io/instance: ingress-nginx
    301.     app.kubernetes.io/version: 1.1.0
    302.     app.kubernetes.io/managed-by: Helm
    303.     app.kubernetes.io/component: controller
    304.   name: ingress-nginx-controller
    305.   namespace: ingress-nginx
    306. spec:
    307.   selector:
    308.     matchLabels:
    309.       app.kubernetes.io/name: ingress-nginx
    310.       app.kubernetes.io/instance: ingress-nginx
    311.       app.kubernetes.io/component: controller
    312.   revisionHistoryLimit: 10
    313.   minReadySeconds: 0
    314.   template:
    315.     metadata:
    316.       labels:
    317.         app.kubernetes.io/name: ingress-nginx
    318.         app.kubernetes.io/instance: ingress-nginx
    319.         app.kubernetes.io/component: controller
    320.     spec:
    321.       dnsPolicy: ClusterFirst
    322.       containers:
    323.         - name: controller
    324.           image: willdockerhub/ingress-nginx-controller:v1.0.0
    325.           imagePullPolicy: IfNotPresent
    326.           lifecycle:
    327.             preStop:
    328.               exec:
    329.                 command:
    330.                   - /wait-shutdown
    331.           args:
    332.             - /nginx-ingress-controller
    333.             - --publish-service=$(POD_NAMESPACE)/ingress-nginx-controller
    334.             - --election-id=ingress-controller-leader
    335.             - --controller-class=k8s.io/ingress-nginx
    336.             - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller
    337.             - --validating-webhook=:8443
    338.             - --validating-webhook-certificate=/usr/local/certificates/cert
    339.             - --validating-webhook-key=/usr/local/certificates/key
    340.           securityContext:
    341.             capabilities:
    342.               drop:
    343.                 - ALL
    344.               add:
    345.                 - NET_BIND_SERVICE
    346.             runAsUser: 101
    347.             allowPrivilegeEscalation: true
    348.           env:
    349.             - name: POD_NAME
    350.               valueFrom:
    351.                 fieldRef:
    352.                   fieldPath: metadata.name
    353.             - name: POD_NAMESPACE
    354.               valueFrom:
    355.                 fieldRef:
    356.                   fieldPath: metadata.namespace
    357.             - name: LD_PRELOAD
    358.               value: /usr/local/lib/libmimalloc.so
    359.           livenessProbe:
    360.             failureThreshold: 5
    361.             httpGet:
    362.               path: /healthz
    363.               port: 10254
    364.               scheme: HTTP
    365.             initialDelaySeconds: 10
    366.             periodSeconds: 10
    367.             successThreshold: 1
    368.             timeoutSeconds: 1
    369.           readinessProbe:
    370.             failureThreshold: 3
    371.             httpGet:
    372.               path: /healthz
    373.               port: 10254
    374.               scheme: HTTP
    375.             initialDelaySeconds: 10
    376.             periodSeconds: 10
    377.             successThreshold: 1
    378.             timeoutSeconds: 1
    379.           ports:
    380.             - name: http
    381.               containerPort: 80
    382.               protocol: TCP
    383.             - name: https
    384.               containerPort: 443
    385.               protocol: TCP
    386.             - name: webhook
    387.               containerPort: 8443
    388.               protocol: TCP
    389.           volumeMounts:
    390.             - name: webhook-cert
    391.               mountPath: /usr/local/certificates/
    392.               readOnly: true
    393.           resources:
    394.             requests:
    395.               cpu: 100m
    396.               memory: 90Mi
    397.       tolerations:
    398.         - operator: "Exists"
    399.       nodeSelector:
    400.         kubernetes.io/hostname: master
    401.       hostNetwork: true
    402.       serviceAccountName: ingress-nginx
    403.       terminationGracePeriodSeconds: 300
    404.       volumes:
    405.         - name: webhook-cert
    406.           secret:
    407.             secretName: ingress-nginx-admission
    408. ---
    409. # Source: ingress-nginx/templates/controller-ingressclass.yaml
    410. # We don't support namespaced ingressClass yet
    411. # So a ClusterRole and a ClusterRoleBinding is required
    412. apiVersion: networking.k8s.io/v1
    413. kind: IngressClass
    414. metadata:
    415.   labels:
    416.     helm.sh/chart: ingress-nginx-4.0.10
    417.     app.kubernetes.io/name: ingress-nginx
    418.     app.kubernetes.io/instance: ingress-nginx
    419.     app.kubernetes.io/version: 1.1.0
    420.     app.kubernetes.io/managed-by: Helm
    421.     app.kubernetes.io/component: controller
    422.   name: nginx
    423.   namespace: ingress-nginx
    424. spec:
    425.   controller: k8s.io/ingress-nginx
    426. ---
    427. # Source: ingress-nginx/templates/admission-webhooks/validating-webhook.yaml
    428. # before changing this value, check the required kubernetes version
    429. # https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#prerequisites
    430. apiVersion: admissionregistration.k8s.io/v1
    431. kind: ValidatingWebhookConfiguration
    432. metadata:
    433.   labels:
    434.     helm.sh/chart: ingress-nginx-4.0.10
    435.     app.kubernetes.io/name: ingress-nginx
    436.     app.kubernetes.io/instance: ingress-nginx
    437.     app.kubernetes.io/version: 1.1.0
    438.     app.kubernetes.io/managed-by: Helm
    439.     app.kubernetes.io/component: admission-webhook
    440.   name: ingress-nginx-admission
    441. webhooks:
    442.   - name: validate.nginx.ingress.kubernetes.io
    443.     matchPolicy: Equivalent
    444.     rules:
    445.       - apiGroups:
    446.           - networking.k8s.io
    447.         apiVersions:
    448.           - v1
    449.         operations:
    450.           - CREATE
    451.           - UPDATE
    452.         resources:
    453.           - ingresses
    454.     failurePolicy: Fail
    455.     sideEffects: None
    456.     admissionReviewVersions:
    457.       - v1
    458.     clientConfig:
    459.       service:
    460.         namespace: ingress-nginx
    461.         name: ingress-nginx-controller-admission
    462.         path: /networking/v1/ingresses
    463. ---
    464. # Source: ingress-nginx/templates/admission-webhooks/job-patch/serviceaccount.yaml
    465. apiVersion: v1
    466. kind: ServiceAccount
    467. metadata:
    468.   name: ingress-nginx-admission
    469.   namespace: ingress-nginx
    470.   annotations:
    471.     helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
    472.     helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
    473.   labels:
    474.     helm.sh/chart: ingress-nginx-4.0.10
    475.     app.kubernetes.io/name: ingress-nginx
    476.     app.kubernetes.io/instance: ingress-nginx
    477.     app.kubernetes.io/version: 1.1.0
    478.     app.kubernetes.io/managed-by: Helm
    479.     app.kubernetes.io/component: admission-webhook
    480. ---
    481. # Source: ingress-nginx/templates/admission-webhooks/job-patch/clusterrole.yaml
    482. apiVersion: rbac.authorization.k8s.io/v1
    483. kind: ClusterRole
    484. metadata:
    485.   name: ingress-nginx-admission
    486.   annotations:
    487.     helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
    488.     helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
    489.   labels:
    490.     helm.sh/chart: ingress-nginx-4.0.10
    491.     app.kubernetes.io/name: ingress-nginx
    492.     app.kubernetes.io/instance: ingress-nginx
    493.     app.kubernetes.io/version: 1.1.0
    494.     app.kubernetes.io/managed-by: Helm
    495.     app.kubernetes.io/component: admission-webhook
    496. rules:
    497.   - apiGroups:
    498.       - admissionregistration.k8s.io
    499.     resources:
    500.       - validatingwebhookconfigurations
    501.     verbs:
    502.       - get
    503.       - update
    504. ---
    505. # Source: ingress-nginx/templates/admission-webhooks/job-patch/clusterrolebinding.yaml
    506. apiVersion: rbac.authorization.k8s.io/v1
    507. kind: ClusterRoleBinding
    508. metadata:
    509.   name: ingress-nginx-admission
    510.   annotations:
    511.     helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
    512.     helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
    513.   labels:
    514.     helm.sh/chart: ingress-nginx-4.0.10
    515.     app.kubernetes.io/name: ingress-nginx
    516.     app.kubernetes.io/instance: ingress-nginx
    517.     app.kubernetes.io/version: 1.1.0
    518.     app.kubernetes.io/managed-by: Helm
    519.     app.kubernetes.io/component: admission-webhook
    520. roleRef:
    521.   apiGroup: rbac.authorization.k8s.io
    522.   kind: ClusterRole
    523.   name: ingress-nginx-admission
    524. subjects:
    525.   - kind: ServiceAccount
    526.     name: ingress-nginx-admission
    527.     namespace: ingress-nginx
    528. ---
    529. # Source: ingress-nginx/templates/admission-webhooks/job-patch/role.yaml
    530. apiVersion: rbac.authorization.k8s.io/v1
    531. kind: Role
    532. metadata:
    533.   name: ingress-nginx-admission
    534.   namespace: ingress-nginx
    535.   annotations:
    536.     helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
    537.     helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
    538.   labels:
    539.     helm.sh/chart: ingress-nginx-4.0.10
    540.     app.kubernetes.io/name: ingress-nginx
    541.     app.kubernetes.io/instance: ingress-nginx
    542.     app.kubernetes.io/version: 1.1.0
    543.     app.kubernetes.io/managed-by: Helm
    544.     app.kubernetes.io/component: admission-webhook
    545. rules:
    546.   - apiGroups:
    547.       - ''
    548.     resources:
    549.       - secrets
    550.     verbs:
    551.       - get
    552.       - create
    553. ---
    554. # Source: ingress-nginx/templates/admission-webhooks/job-patch/rolebinding.yaml
    555. apiVersion: rbac.authorization.k8s.io/v1
    556. kind: RoleBinding
    557. metadata:
    558.   name: ingress-nginx-admission
    559.   namespace: ingress-nginx
    560.   annotations:
    561.     helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
    562.     helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
    563.   labels:
    564.     helm.sh/chart: ingress-nginx-4.0.10
    565.     app.kubernetes.io/name: ingress-nginx
    566.     app.kubernetes.io/instance: ingress-nginx
    567.     app.kubernetes.io/version: 1.1.0
    568.     app.kubernetes.io/managed-by: Helm
    569.     app.kubernetes.io/component: admission-webhook
    570. roleRef:
    571.   apiGroup: rbac.authorization.k8s.io
    572.   kind: Role
    573.   name: ingress-nginx-admission
    574. subjects:
    575.   - kind: ServiceAccount
    576.     name: ingress-nginx-admission
    577.     namespace: ingress-nginx
    578. ---
    579. # Source: ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml
    580. apiVersion: batch/v1
    581. kind: Job
    582. metadata:
    583.   name: ingress-nginx-admission-create
    584.   namespace: ingress-nginx
    585.   annotations:
    586.     helm.sh/hook: pre-install,pre-upgrade
    587.     helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
    588.   labels:
    589.     helm.sh/chart: ingress-nginx-4.0.10
    590.     app.kubernetes.io/name: ingress-nginx
    591.     app.kubernetes.io/instance: ingress-nginx
    592.     app.kubernetes.io/version: 1.1.0
    593.     app.kubernetes.io/managed-by: Helm
    594.     app.kubernetes.io/component: admission-webhook
    595. spec:
    596.   template:
    597.     metadata:
    598.       name: ingress-nginx-admission-create
    599.       labels:
    600.         helm.sh/chart: ingress-nginx-4.0.10
    601.         app.kubernetes.io/name: ingress-nginx
    602.         app.kubernetes.io/instance: ingress-nginx
    603.         app.kubernetes.io/version: 1.1.0
    604.         app.kubernetes.io/managed-by: Helm
    605.         app.kubernetes.io/component: admission-webhook
    606.     spec:
    607.       containers:
    608.         - name: create
    609.           image: liangjw/kube-webhook-certgen:v1.1.1
    610.           imagePullPolicy: IfNotPresent
    611.           args:
    612.             - create
    613.             - --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.$(POD_NAMESPACE).svc
    614.             - --namespace=$(POD_NAMESPACE)
    615.             - --secret-name=ingress-nginx-admission
    616.           env:
    617.             - name: POD_NAMESPACE
    618.               valueFrom:
    619.                 fieldRef:
    620.                   fieldPath: metadata.namespace
    621.           securityContext:
    622.             allowPrivilegeEscalation: false
    623.       restartPolicy: OnFailure
    624.       serviceAccountName: ingress-nginx-admission
    625.       nodeSelector:
    626.         kubernetes.io/os: linux
    627.       securityContext:
    628.         runAsNonRoot: true
    629.         runAsUser: 2000
    630. ---
    631. # Source: ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml
    632. apiVersion: batch/v1
    633. kind: Job
    634. metadata:
    635.   name: ingress-nginx-admission-patch
    636.   namespace: ingress-nginx
    637.   annotations:
    638.     helm.sh/hook: post-install,post-upgrade
    639.     helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
    640.   labels:
    641.     helm.sh/chart: ingress-nginx-4.0.10
    642.     app.kubernetes.io/name: ingress-nginx
    643.     app.kubernetes.io/instance: ingress-nginx
    644.     app.kubernetes.io/version: 1.1.0
    645.     app.kubernetes.io/managed-by: Helm
    646.     app.kubernetes.io/component: admission-webhook
    647. spec:
    648.   template:
    649.     metadata:
    650.       name: ingress-nginx-admission-patch
    651.       labels:
    652.         helm.sh/chart: ingress-nginx-4.0.10
    653.         app.kubernetes.io/name: ingress-nginx
    654.         app.kubernetes.io/instance: ingress-nginx
    655.         app.kubernetes.io/version: 1.1.0
    656.         app.kubernetes.io/managed-by: Helm
    657.         app.kubernetes.io/component: admission-webhook
    658.     spec:
    659.       containers:
    660.         - name: patch
    661.           image: liangjw/kube-webhook-certgen:v1.1.1
    662.           imagePullPolicy: IfNotPresent
    663.           args:
    664.             - patch
    665.             - --webhook-name=ingress-nginx-admission
    666.             - --namespace=$(POD_NAMESPACE)
    667.             - --patch-mutating=false
    668.             - --secret-name=ingress-nginx-admission
    669.             - --patch-failure-policy=Fail
    670.           env:
    671.             - name: POD_NAMESPACE
    672.               valueFrom:
    673.                 fieldRef:
    674.                   fieldPath: metadata.namespace
    675.           securityContext:
    676.             allowPrivilegeEscalation: false
    677.       restartPolicy: OnFailure
    678.       serviceAccountName: ingress-nginx-admission
    679.       nodeSelector:
    680.         kubernetes.io/os: linux
    681.       securityContext:
    682.         runAsNonRoot: true
    683.         runAsUser: 2000