底座:centos8
kubernetes:1.18.6
ingress-nginx版本:2.11.2

ingress nginx NGINX: 0.34.1

https://github.com/kubernetes/ingress-nginx/releases/tag/controller-v0.34.1

  1. [root@liabio cloud]# pwd
  2. /data/k8s-install/ingress-nginx/ingress-nginx-ingress-nginx-2.11.2/deploy/static/provider/cloud
  3. [root@liabio cloud]# ll
  4. total 20
  5. -rw-rw-r-- 1 root root 18309 Jul 29 23:11 deploy.yaml
  6. [root@liabio cloud]# cat deploy.yaml 
  8. apiVersion: v1
  9. kind: Namespace
  10. metadata:
  11.   name: ingress-nginx
  12.   labels:
  13.     app.kubernetes.io/name: ingress-nginx
  14.     app.kubernetes.io/instance: ingress-nginx
  16. ---
  17. # Source: ingress-nginx/templates/controller-serviceaccount.yaml
  18. apiVersion: v1
  19. kind: ServiceAccount
  20. metadata:
  21.   labels:
  22.     helm.sh/chart: ingress-nginx-2.11.1
  23.     app.kubernetes.io/name: ingress-nginx
  24.     app.kubernetes.io/instance: ingress-nginx
  25.     app.kubernetes.io/version: 0.34.1
  26.     app.kubernetes.io/managed-by: Helm
  27.     app.kubernetes.io/component: controller
  28.   name: ingress-nginx
  29.   namespace: ingress-nginx
  30. ---
  31. # Source: ingress-nginx/templates/controller-configmap.yaml
  32. apiVersion: v1
  33. kind: ConfigMap
  34. metadata:
  35.   labels:
  36.     helm.sh/chart: ingress-nginx-2.11.1
  37.     app.kubernetes.io/name: ingress-nginx
  38.     app.kubernetes.io/instance: ingress-nginx
  39.     app.kubernetes.io/version: 0.34.1
  40.     app.kubernetes.io/managed-by: Helm
  41.     app.kubernetes.io/component: controller
  42.   name: ingress-nginx-controller
  43.   namespace: ingress-nginx
  44. data:
  45. ---
  46. # Source: ingress-nginx/templates/clusterrole.yaml
  47. apiVersion: rbac.authorization.k8s.io/v1
  48. kind: ClusterRole
  49. metadata:
  50.   labels:
  51.     helm.sh/chart: ingress-nginx-2.11.1
  52.     app.kubernetes.io/name: ingress-nginx
  53.     app.kubernetes.io/instance: ingress-nginx
  54.     app.kubernetes.io/version: 0.34.1
  55.     app.kubernetes.io/managed-by: Helm
  56.   name: ingress-nginx
  57. rules:
  58.   - apiGroups:
  59.       - ''
  60.     resources:
  61.       - configmaps
  62.       - endpoints
  63.       - nodes
  64.       - pods
  65.       - secrets
  66.     verbs:
  67.       - list
  68.       - watch
  69.   - apiGroups:
  70.       - ''
  71.     resources:
  72.       - nodes
  73.     verbs:
  74.       - get
  75.   - apiGroups:
  76.       - ''
  77.     resources:
  78.       - services
  79.     verbs:
  80.       - get
  81.       - list
  82.       - update
  83.       - watch
  84.   - apiGroups:
  85.       - extensions
  86.       - networking.k8s.io   # k8s 1.14+
  87.     resources:
  88.       - ingresses
  89.     verbs:
  90.       - get
  91.       - list
  92.       - watch
  93.   - apiGroups:
  94.       - ''
  95.     resources:
  96.       - events
  97.     verbs:
  98.       - create
  99.       - patch
  100.   - apiGroups:
  101.       - extensions
  102.       - networking.k8s.io   # k8s 1.14+
  103.     resources:
  104.       - ingresses/status
  105.     verbs:
  106.       - update
  107.   - apiGroups:
  108.       - networking.k8s.io   # k8s 1.14+
  109.     resources:
  110.       - ingressclasses
  111.     verbs:
  112.       - get
  113.       - list
  114.       - watch
  115. ---
  116. # Source: ingress-nginx/templates/clusterrolebinding.yaml
  117. apiVersion: rbac.authorization.k8s.io/v1
  118. kind: ClusterRoleBinding
  119. metadata:
  120.   labels:
  121.     helm.sh/chart: ingress-nginx-2.11.1
  122.     app.kubernetes.io/name: ingress-nginx
  123.     app.kubernetes.io/instance: ingress-nginx
  124.     app.kubernetes.io/version: 0.34.1
  125.     app.kubernetes.io/managed-by: Helm
  126.   name: ingress-nginx
  127. roleRef:
  128.   apiGroup: rbac.authorization.k8s.io
  129.   kind: ClusterRole
  130.   name: ingress-nginx
  131. subjects:
  132.   - kind: ServiceAccount
  133.     name: ingress-nginx
  134.     namespace: ingress-nginx
  135. ---
  136. # Source: ingress-nginx/templates/controller-role.yaml
  137. apiVersion: rbac.authorization.k8s.io/v1
  138. kind: Role
  139. metadata:
  140.   labels:
  141.     helm.sh/chart: ingress-nginx-2.11.1
  142.     app.kubernetes.io/name: ingress-nginx
  143.     app.kubernetes.io/instance: ingress-nginx
  144.     app.kubernetes.io/version: 0.34.1
  145.     app.kubernetes.io/managed-by: Helm
  146.     app.kubernetes.io/component: controller
  147.   name: ingress-nginx
  148.   namespace: ingress-nginx
  149. rules:
  150.   - apiGroups:
  151.       - ''
  152.     resources:
  153.       - namespaces
  154.     verbs:
  155.       - get
  156.   - apiGroups:
  157.       - ''
  158.     resources:
  159.       - configmaps
  160.       - pods
  161.       - secrets
  162.       - endpoints
  163.     verbs:
  164.       - get
  165.       - list
  166.       - watch
  167.   - apiGroups:
  168.       - ''
  169.     resources:
  170.       - services
  171.     verbs:
  172.       - get
  173.       - list
  174.       - update
  175.       - watch
  176.   - apiGroups:
  177.       - extensions
  178.       - networking.k8s.io   # k8s 1.14+
  179.     resources:
  180.       - ingresses
  181.     verbs:
  182.       - get
  183.       - list
  184.       - watch
  185.   - apiGroups:
  186.       - extensions
  187.       - networking.k8s.io   # k8s 1.14+
  188.     resources:
  189.       - ingresses/status
  190.     verbs:
  191.       - update
  192.   - apiGroups:
  193.       - networking.k8s.io   # k8s 1.14+
  194.     resources:
  195.       - ingressclasses
  196.     verbs:
  197.       - get
  198.       - list
  199.       - watch
  200.   - apiGroups:
  201.       - ''
  202.     resources:
  203.       - configmaps
  204.     resourceNames:
  205.       - ingress-controller-leader-nginx
  206.     verbs:
  207.       - get
  208.       - update
  209.   - apiGroups:
  210.       - ''
  211.     resources:
  212.       - configmaps
  213.     verbs:
  214.       - create
  215.   - apiGroups:
  216.       - ''
  217.     resources:
  218.       - endpoints
  219.     verbs:
  220.       - create
  221.       - get
  222.       - update
  223.   - apiGroups:
  224.       - ''
  225.     resources:
  226.       - events
  227.     verbs:
  228.       - create
  229.       - patch
  230. ---
  231. # Source: ingress-nginx/templates/controller-rolebinding.yaml
  232. apiVersion: rbac.authorization.k8s.io/v1
  233. kind: RoleBinding
  234. metadata:
  235.   labels:
  236.     helm.sh/chart: ingress-nginx-2.11.1
  237.     app.kubernetes.io/name: ingress-nginx
  238.     app.kubernetes.io/instance: ingress-nginx
  239.     app.kubernetes.io/version: 0.34.1
  240.     app.kubernetes.io/managed-by: Helm
  241.     app.kubernetes.io/component: controller
  242.   name: ingress-nginx
  243.   namespace: ingress-nginx
  244. roleRef:
  245.   apiGroup: rbac.authorization.k8s.io
  246.   kind: Role
  247.   name: ingress-nginx
  248. subjects:
  249.   - kind: ServiceAccount
  250.     name: ingress-nginx
  251.     namespace: ingress-nginx
  252. ---
  253. # Source: ingress-nginx/templates/controller-service-webhook.yaml
  254. apiVersion: v1
  255. kind: Service
  256. metadata:
  257.   labels:
  258.     helm.sh/chart: ingress-nginx-2.11.1
  259.     app.kubernetes.io/name: ingress-nginx
  260.     app.kubernetes.io/instance: ingress-nginx
  261.     app.kubernetes.io/version: 0.34.1
  262.     app.kubernetes.io/managed-by: Helm
  263.     app.kubernetes.io/component: controller
  264.   name: ingress-nginx-controller-admission
  265.   namespace: ingress-nginx
  266. spec:
  267.   type: ClusterIP
  268.   ports:
  269.     - name: https-webhook
  270.       port: 443
  271.       targetPort: webhook
  272.   selector:
  273.     app.kubernetes.io/name: ingress-nginx
  274.     app.kubernetes.io/instance: ingress-nginx
  275.     app.kubernetes.io/component: controller
  276. ---
  277. # Source: ingress-nginx/templates/controller-service.yaml
  278. apiVersion: v1
  279. kind: Service
  280. metadata:
  281.   labels:
  282.     helm.sh/chart: ingress-nginx-2.11.1
  283.     app.kubernetes.io/name: ingress-nginx
  284.     app.kubernetes.io/instance: ingress-nginx
  285.     app.kubernetes.io/version: 0.34.1
  286.     app.kubernetes.io/managed-by: Helm
  287.     app.kubernetes.io/component: controller
  288.   name: ingress-nginx-controller
  289.   namespace: ingress-nginx
  290. spec:
  291.   type: LoadBalancer
  292.   externalTrafficPolicy: Local
  293.   ports:
  294.     - name: http
  295.       port: 80
  296.       protocol: TCP
  297.       targetPort: http
  298.     - name: https
  299.       port: 443
  300.       protocol: TCP
  301.       targetPort: https
  302.   selector:
  303.     app.kubernetes.io/name: ingress-nginx
  304.     app.kubernetes.io/instance: ingress-nginx
  305.     app.kubernetes.io/component: controller
  306. ---
  307. # Source: ingress-nginx/templates/controller-deployment.yaml
  308. apiVersion: apps/v1
  309. kind: Deployment
  310. metadata:
  311.   labels:
  312.     helm.sh/chart: ingress-nginx-2.11.1
  313.     app.kubernetes.io/name: ingress-nginx
  314.     app.kubernetes.io/instance: ingress-nginx
  315.     app.kubernetes.io/version: 0.34.1
  316.     app.kubernetes.io/managed-by: Helm
  317.     app.kubernetes.io/component: controller
  318.   name: ingress-nginx-controller
  319.   namespace: ingress-nginx
  320. spec:
  321.   selector:
  322.     matchLabels:
  323.       app.kubernetes.io/name: ingress-nginx
  324.       app.kubernetes.io/instance: ingress-nginx
  325.       app.kubernetes.io/component: controller
  326.   revisionHistoryLimit: 10
  327.   minReadySeconds: 0
  328.   template:
  329.     metadata:
  330.       labels:
  331.         app.kubernetes.io/name: ingress-nginx
  332.         app.kubernetes.io/instance: ingress-nginx
  333.         app.kubernetes.io/component: controller
  334.     spec:
  335.       dnsPolicy: ClusterFirst
  336.       containers:
  337.         - name: controller
  338.           image: us.gcr.io/k8s-artifacts-prod/ingress-nginx/controller:v0.34.1@sha256:0e072dddd1f7f8fc8909a2ca6f65e76c5f0d2fcfb8be47935ae3457e8bbceb20
  339.           imagePullPolicy: IfNotPresent
  340.           lifecycle:
  341.             preStop:
  342.               exec:
  343.                 command:
  344.                   - /wait-shutdown
  345.           args:
  346.             - /nginx-ingress-controller
  347.             - --publish-service=$(POD_NAMESPACE)/ingress-nginx-controller
  348.             - --election-id=ingress-controller-leader
  349.             - --ingress-class=nginx
  350.             - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller
  351.             - --validating-webhook=:8443
  352.             - --validating-webhook-certificate=/usr/local/certificates/cert
  353.             - --validating-webhook-key=/usr/local/certificates/key
  354.           securityContext:
  355.             capabilities:
  356.               drop:
  357.                 - ALL
  358.               add:
  359.                 - NET_BIND_SERVICE
  360.             runAsUser: 101
  361.             allowPrivilegeEscalation: true
  362.           env:
  363.             - name: POD_NAME
  364.               valueFrom:
  365.                 fieldRef:
  366.                   fieldPath: metadata.name
  367.             - name: POD_NAMESPACE
  368.               valueFrom:
  369.                 fieldRef:
  370.                   fieldPath: metadata.namespace
  371.           livenessProbe:
  372.             httpGet:
  373.               path: /healthz
  374.               port: 10254
  375.               scheme: HTTP
  376.             initialDelaySeconds: 10
  377.             periodSeconds: 10
  378.             timeoutSeconds: 1
  379.             successThreshold: 1
  380.             failureThreshold: 5
  381.           readinessProbe:
  382.             httpGet:
  383.               path: /healthz
  384.               port: 10254
  385.               scheme: HTTP
  386.             initialDelaySeconds: 10
  387.             periodSeconds: 10
  388.             timeoutSeconds: 1
  389.             successThreshold: 1
  390.             failureThreshold: 3
  391.           ports:
  392.             - name: http
  393.               containerPort: 80
  394.               protocol: TCP
  395.             - name: https
  396.               containerPort: 443
  397.               protocol: TCP
  398.             - name: webhook
  399.               containerPort: 8443
  400.               protocol: TCP
  401.           volumeMounts:
  402.             - name: webhook-cert
  403.               mountPath: /usr/local/certificates/
  404.               readOnly: true
  405.           resources:
  406.             requests:
  407.               cpu: 100m
  408.               memory: 90Mi
  409.       serviceAccountName: ingress-nginx
  410.       terminationGracePeriodSeconds: 300
  411.       volumes:
  412.         - name: webhook-cert
  413.           secret:
  414.             secretName: ingress-nginx-admission
  415. ---
  416. # Source: ingress-nginx/templates/admission-webhooks/validating-webhook.yaml
  417. # before changing this value, check the required kubernetes version
  418. # https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#prerequisites
  419. apiVersion: admissionregistration.k8s.io/v1beta1
  420. kind: ValidatingWebhookConfiguration
  421. metadata:
  422.   labels:
  423.     helm.sh/chart: ingress-nginx-2.11.1
  424.     app.kubernetes.io/name: ingress-nginx
  425.     app.kubernetes.io/instance: ingress-nginx
  426.     app.kubernetes.io/version: 0.34.1
  427.     app.kubernetes.io/managed-by: Helm
  428.     app.kubernetes.io/component: admission-webhook
  429.   name: ingress-nginx-admission
  430. webhooks:
  431.   - name: validate.nginx.ingress.kubernetes.io
  432.     rules:
  433.       - apiGroups:
  434.           - extensions
  435.           - networking.k8s.io
  436.         apiVersions:
  437.           - v1beta1
  438.         operations:
  439.           - CREATE
  440.           - UPDATE
  441.         resources:
  442.           - ingresses
  443.     failurePolicy: Fail
  444.     sideEffects: None
  445.     admissionReviewVersions:
  446.       - v1
  447.       - v1beta1
  448.     clientConfig:
  449.       service:
  450.         namespace: ingress-nginx
  451.         name: ingress-nginx-controller-admission
  452.         path: /extensions/v1beta1/ingresses
  453. ---
  454. # Source: ingress-nginx/templates/admission-webhooks/job-patch/serviceaccount.yaml
  455. apiVersion: v1
  456. kind: ServiceAccount
  457. metadata:
  458.   name: ingress-nginx-admission
  459.   annotations:
  460.     helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
  461.     helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
  462.   labels:
  463.     helm.sh/chart: ingress-nginx-2.11.1
  464.     app.kubernetes.io/name: ingress-nginx
  465.     app.kubernetes.io/instance: ingress-nginx
  466.     app.kubernetes.io/version: 0.34.1
  467.     app.kubernetes.io/managed-by: Helm
  468.     app.kubernetes.io/component: admission-webhook
  469.   namespace: ingress-nginx
  470. ---
  471. # Source: ingress-nginx/templates/admission-webhooks/job-patch/clusterrole.yaml
  472. apiVersion: rbac.authorization.k8s.io/v1
  473. kind: ClusterRole
  474. metadata:
  475.   name: ingress-nginx-admission
  476.   annotations:
  477.     helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
  478.     helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
  479.   labels:
  480.     helm.sh/chart: ingress-nginx-2.11.1
  481.     app.kubernetes.io/name: ingress-nginx
  482.     app.kubernetes.io/instance: ingress-nginx
  483.     app.kubernetes.io/version: 0.34.1
  484.     app.kubernetes.io/managed-by: Helm
  485.     app.kubernetes.io/component: admission-webhook
  486. rules:
  487.   - apiGroups:
  488.       - admissionregistration.k8s.io
  489.     resources:
  490.       - validatingwebhookconfigurations
  491.     verbs:
  492.       - get
  493.       - update
  494. ---
  495. # Source: ingress-nginx/templates/admission-webhooks/job-patch/clusterrolebinding.yaml
  496. apiVersion: rbac.authorization.k8s.io/v1
  497. kind: ClusterRoleBinding
  498. metadata:
  499.   name: ingress-nginx-admission
  500.   annotations:
  501.     helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
  502.     helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
  503.   labels:
  504.     helm.sh/chart: ingress-nginx-2.11.1
  505.     app.kubernetes.io/name: ingress-nginx
  506.     app.kubernetes.io/instance: ingress-nginx
  507.     app.kubernetes.io/version: 0.34.1
  508.     app.kubernetes.io/managed-by: Helm
  509.     app.kubernetes.io/component: admission-webhook
  510. roleRef:
  511.   apiGroup: rbac.authorization.k8s.io
  512.   kind: ClusterRole
  513.   name: ingress-nginx-admission
  514. subjects:
  515.   - kind: ServiceAccount
  516.     name: ingress-nginx-admission
  517.     namespace: ingress-nginx
  518. ---
  519. # Source: ingress-nginx/templates/admission-webhooks/job-patch/role.yaml
  520. apiVersion: rbac.authorization.k8s.io/v1
  521. kind: Role
  522. metadata:
  523.   name: ingress-nginx-admission
  524.   annotations:
  525.     helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
  526.     helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
  527.   labels:
  528.     helm.sh/chart: ingress-nginx-2.11.1
  529.     app.kubernetes.io/name: ingress-nginx
  530.     app.kubernetes.io/instance: ingress-nginx
  531.     app.kubernetes.io/version: 0.34.1
  532.     app.kubernetes.io/managed-by: Helm
  533.     app.kubernetes.io/component: admission-webhook
  534.   namespace: ingress-nginx
  535. rules:
  536.   - apiGroups:
  537.       - ''
  538.     resources:
  539.       - secrets
  540.     verbs:
  541.       - get
  542.       - create
  543. ---
  544. # Source: ingress-nginx/templates/admission-webhooks/job-patch/rolebinding.yaml
  545. apiVersion: rbac.authorization.k8s.io/v1
  546. kind: RoleBinding
  547. metadata:
  548.   name: ingress-nginx-admission
  549.   annotations:
  550.     helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
  551.     helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
  552.   labels:
  553.     helm.sh/chart: ingress-nginx-2.11.1
  554.     app.kubernetes.io/name: ingress-nginx
  555.     app.kubernetes.io/instance: ingress-nginx
  556.     app.kubernetes.io/version: 0.34.1
  557.     app.kubernetes.io/managed-by: Helm
  558.     app.kubernetes.io/component: admission-webhook
  559.   namespace: ingress-nginx
  560. roleRef:
  561.   apiGroup: rbac.authorization.k8s.io
  562.   kind: Role
  563.   name: ingress-nginx-admission
  564. subjects:
  565.   - kind: ServiceAccount
  566.     name: ingress-nginx-admission
  567.     namespace: ingress-nginx
  568. ---
  569. # Source: ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml
  570. apiVersion: batch/v1
  571. kind: Job
  572. metadata:
  573.   name: ingress-nginx-admission-create
  574.   annotations:
  575.     helm.sh/hook: pre-install,pre-upgrade
  576.     helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
  577.   labels:
  578.     helm.sh/chart: ingress-nginx-2.11.1
  579.     app.kubernetes.io/name: ingress-nginx
  580.     app.kubernetes.io/instance: ingress-nginx
  581.     app.kubernetes.io/version: 0.34.1
  582.     app.kubernetes.io/managed-by: Helm
  583.     app.kubernetes.io/component: admission-webhook
  584.   namespace: ingress-nginx
  585. spec:
  586.   template:
  587.     metadata:
  588.       name: ingress-nginx-admission-create
  589.       labels:
  590.         helm.sh/chart: ingress-nginx-2.11.1
  591.         app.kubernetes.io/name: ingress-nginx
  592.         app.kubernetes.io/instance: ingress-nginx
  593.         app.kubernetes.io/version: 0.34.1
  594.         app.kubernetes.io/managed-by: Helm
  595.         app.kubernetes.io/component: admission-webhook
  596.     spec:
  597.       containers:
  598.         - name: create
  599.           image: docker.io/jettech/kube-webhook-certgen:v1.2.2
  600.           imagePullPolicy: IfNotPresent
  601.           args:
  602.             - create
  603.             - --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.$(POD_NAMESPACE).svc
  604.             - --namespace=$(POD_NAMESPACE)
  605.             - --secret-name=ingress-nginx-admission
  606.           env:
  607.             - name: POD_NAMESPACE
  608.               valueFrom:
  609.                 fieldRef:
  610.                   fieldPath: metadata.namespace
  611.       restartPolicy: OnFailure
  612.       serviceAccountName: ingress-nginx-admission
  613.       securityContext:
  614.         runAsNonRoot: true
  615.         runAsUser: 2000
  616. ---
  617. # Source: ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml
  618. apiVersion: batch/v1
  619. kind: Job
  620. metadata:
  621.   name: ingress-nginx-admission-patch
  622.   annotations:
  623.     helm.sh/hook: post-install,post-upgrade
  624.     helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
  625.   labels:
  626.     helm.sh/chart: ingress-nginx-2.11.1
  627.     app.kubernetes.io/name: ingress-nginx
  628.     app.kubernetes.io/instance: ingress-nginx
  629.     app.kubernetes.io/version: 0.34.1
  630.     app.kubernetes.io/managed-by: Helm
  631.     app.kubernetes.io/component: admission-webhook
  632.   namespace: ingress-nginx
  633. spec:
  634.   template:
  635.     metadata:
  636.       name: ingress-nginx-admission-patch
  637.       labels:
  638.         helm.sh/chart: ingress-nginx-2.11.1
  639.         app.kubernetes.io/name: ingress-nginx
  640.         app.kubernetes.io/instance: ingress-nginx
  641.         app.kubernetes.io/version: 0.34.1
  642.         app.kubernetes.io/managed-by: Helm
  643.         app.kubernetes.io/component: admission-webhook
  644.     spec:
  645.       containers:
  646.         - name: patch
  647.           image: docker.io/jettech/kube-webhook-certgen:v1.2.2
  648.           imagePullPolicy: IfNotPresent
  649.           args:
  650.             - patch
  651.             - --webhook-name=ingress-nginx-admission
  652.             - --namespace=$(POD_NAMESPACE)
  653.             - --patch-mutating=false
  654.             - --secret-name=ingress-nginx-admission
  655.             - --patch-failure-policy=Fail
  656.           env:
  657.             - name: POD_NAMESPACE
  658.               valueFrom:
  659.                 fieldRef:
  660.                   fieldPath: metadata.namespace
  661.       restartPolicy: OnFailure
  662.       serviceAccountName: ingress-nginx-admission
  663.       securityContext:
  664.         runAsNonRoot: true
  665.         runAsUser: 2000
  666. [root@liabio cloud]#