apiVersion: apps/v1 kind: Deployment metadata: name: ks-router spec: replicas: 1 selector: matchLabels: app: kubesphere component: ks-router tier: backend template: metadata: labels: app: kubesphere component: ks-router tier: backend annotations: prometheus.io/port: '10254' prometheus.io/scrape: 'true' spec: serviceAccountName: kubesphere-router-serviceaccount containers: - name: nginx-ingress-controller image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.24.1 args: - /nginx-ingress-controller - --default-backend-service=$(POD_NAMESPACE)/default-http-backend - --annotations-prefix=nginx.ingress.kubernetes.io - --force-namespace-isolation - --update-status - --update-status-on-shutdown securityContext: allowPrivilegeEscalation: true capabilities: drop: - ALL add: - NET_BIND_SERVICE # www-data -> 33 runAsUser: 33 env: - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace ports: - name: http containerPort: 80 - name: https containerPort: 443 livenessProbe: failureThreshold: 3 httpGet: path: /healthz port: 10254 scheme: HTTP initialDelaySeconds: 10 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 10 readinessProbe: failureThreshold: 3 httpGet: path: /healthz port: 10254 scheme: HTTP periodSeconds: 10 successThreshold: 1 timeoutSeconds: 10