apiVersion: apps/v1 kind: Deployment metadata: name: bunkerized-nginx-ingress-controller labels: app: bunkerized-nginx-autoconf spec: replicas: 1 selector: matchLabels: app: bunkerized-nginx-autoconf template: metadata: labels: app: bunkerized-nginx-autoconf spec: serviceAccountName: bunkerized-nginx-ingress-controller containers: - name: bunkerized-nginx-autoconf image: bunkerity/bunkerized-nginx-autoconf #imagePullPolicy: Always env: - name: KUBERNETES_MODE value: "yes" - name: API_URI value: "/ChangeMeToSomethingHardToGuess" volumeMounts: - name: confs mountPath: /etc/nginx - name: letsencrypt mountPath: /etc/letsencrypt - name: acme-challenge mountPath: /acme-challenge - name: cache mountPath: /cache - name: modsec-confs mountPath: /modsec-confs readOnly: true - name: modsec-crs-confs mountPath: /modsec-crs-confs readOnly: true volumes: - name: confs hostPath: path: /shared/confs type: Directory - name: letsencrypt hostPath: path: /shared/letsencrypt type: Directory - name: acme-challenge hostPath: path: /shared/acme-challenge type: Directory - name: cache hostPath: path: /shared/cache type: Directory - name: modsec-confs hostPath: path: /shared/modsec-confs type: Directory - name: modsec-crs-confs hostPath: path: /shared/modsec-crs-confs type: Directory --- apiVersion: apps/v1 kind: DaemonSet metadata: name: bunkerized-nginx labels: app: bunkerized-nginx spec: selector: matchLabels: name: bunkerized-nginx template: metadata: labels: name: bunkerized-nginx bunkerized-nginx: "yes" spec: containers: - name: bunkerized-nginx image: bunkerity/bunkerized-nginx #imagePullPolicy: Always ports: - containerPort: 8080 hostPort: 80 - containerPort: 8443 hostPort: 443 env: - name: KUBERNETES_MODE value: "yes" - name: USE_API value: "yes" - name: API_URI value: "/ChangeMeToSomethingHardToGuess" - name: SERVER_NAME value: "" - name: MULTISITE value: "yes" volumeMounts: - name: confs mountPath: /etc/nginx readOnly: true - name: letsencrypt mountPath: /etc/letsencrypt readOnly: true - name: acme-challenge mountPath: /acme-challenge readOnly: true - name: www mountPath: /www readOnly: true - name: http-confs mountPath: /http-confs readOnly: true - name: server-confs mountPath: /server-confs readOnly: true - name: modsec-confs mountPath: /modsec-confs readOnly: true - name: modsec-crs-confs mountPath: /modsec-crs-confs readOnly: true volumes: - name: confs hostPath: path: /shared/confs type: Directory - name: letsencrypt hostPath: path: /shared/letsencrypt type: Directory - name: acme-challenge hostPath: path: /shared/acme-challenge type: Directory - name: www hostPath: path: /shared/www type: Directory - name: http-confs hostPath: path: /shared/http-confs type: Directory - name: server-confs hostPath: path: /shared/server-confs type: Directory - name: modsec-confs hostPath: path: /shared/modsec-confs type: Directory - name: modsec-crs-confs hostPath: path: /shared/modsec-crs-confs type: Directory --- apiVersion: v1 kind: Service metadata: name: bunkerized-nginx-service labels: bunkerized-nginx: "yes" annotations: bunkerized-nginx.AUTOCONF: "yes" spec: clusterIP: None selector: name: bunkerized-nginx