Nginx deploy example
Jump to navigation
Jump to search
Simple Example
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx
labels:
app: nginx
spec:
replicas: 2
selector:
matchLabels:
app: nginx
strategy:
type: Recreate # Ensures old pods are fully replaced
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
# image: nginx:latest
image: nginx:stable-alpine
imagePullPolicy: Always
ports:
- containerPort: 8080
args:
- "nginx"
- "-g"
- "daemon off;"
- "-c"
- "/etc/nginx/nginx.conf"
volumeMounts:
- name: nginx-config
mountPath: /etc/nginx
volumes:
- name: nginx-config
configMap:
name: nginx-config
---
apiVersion: v1
kind: ConfigMap
metadata:
name: nginx-config
data:
nginx.conf: |
events {}
http {
server {
listen 8080;
location / {
root /usr/share/nginx/html;
index index.html;
}
}
}
---
apiVersion: v1
kind: Service
metadata:
name: nginx
spec:
selector:
app: nginx
ports:
- protocol: TCP
port: 8080 # External service port
targetPort: 8080 # Matches the containerPort in the deployment
type: ClusterIP # Change to LoadBalancer or NodePort if needed
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nginx
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
ingressClassName: nginx
tls:
- hosts:
- insights-demo.dev.mktp.io
secretName: insights-demo-tls # Secret that will hold the TLS certificate
rules:
- host: insights-demo.dev.mktp.io
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: nginx
port:
number: 8080
Restart
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: maintenance
namespace: demo
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: cronjob-restart-role
namespace: demo
rules:
- apiGroups: ["apps"]
resources: ["deployments"]
verbs: ["get", "patch"] # Required for rollout restart
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: cronjob-restart-binding
namespace: demo
subjects:
- kind: ServiceAccount
name: maintenance
namespace: demo
roleRef:
kind: Role
name: cronjob-restart-role
apiGroup: rbac.authorization.k8s.io
---
# kubectl auth can-i patch deployment --as=system:serviceaccount:demo:maintenance -n demo
apiVersion: batch/v1
kind: CronJob
metadata:
name: restart-pods
namespace: demo
spec:
schedule: "0 6 * * *"
# schedule: "0 */1 * * *" # Every 1 hours
# schedule: "0 */6 * * *" # Every 6 hours
# schedule: "20 3 * * *" # Every 6 hours
successfulJobsHistoryLimit: 3
failedJobsHistoryLimit: 3
jobTemplate:
spec:
template:
spec:
serviceAccountName: maintenance
containers:
- name: kubectl
image: bitnami/kubectl
command: ["kubectl", "rollout", "restart", "deployment/nginx"]
restartPolicy: Never
Simple Main
#!/bin/bash set -eu . ../includes/main.sh if [ "$ENV_NAME" != "dev" ]; then echo "Skipping demo namespace deploy because not dev environment." exit 0 fi kubectl_apply "-f nginx.yaml" kubectl_apply "-f cron.yaml"