apiVersion: v1
kind: Pod
metadata:
  name: nginx-proxy
  namespace: kube-system
  labels:
    k8s-app: kube-nginx
spec:
  hostNetwork: true
  nodeSelector:
    beta.kubernetes.io/os: linux
{% if kube_version is version('v1.11.1', '>=') %}
  priorityClassName: system-node-critical
{% endif %}
  containers:
  - name: nginx-proxy
    image: {{ nginx_image_repo }}:{{ nginx_image_tag }}
    imagePullPolicy: {{ k8s_image_pull_policy }}
    resources:
      limits:
        cpu: {{ nginx_cpu_limit }}
        memory: {{ nginx_memory_limit }}
      requests:
        cpu: {{ nginx_cpu_requests }}
        memory: {{ nginx_memory_requests }}
    securityContext:
      privileged: true
    {% if nginx_kube_apiserver_healthcheck_port is defined -%}
    livenessProbe:
      httpGet:
        path: /healthz
        port: {{ nginx_kube_apiserver_healthcheck_port }}
    {% endif -%}
    volumeMounts:
    - mountPath: /etc/nginx
      name: etc-nginx
      readOnly: true
  volumes:
  - name: etc-nginx
    hostPath:
      path: {{ nginx_config_dir }}