# Application Load Balancer (ALB) Ingress Controller Deployment Manifest.
# This manifest details sensible defaults for deploying an ALB Ingress Controller.
# GitHub: https://github.com/coreos/alb-ingress-controller
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: alb-ingress-controller
  labels:
    k8s-app: alb-ingress-controller
  # Namespace the ALB Ingress Controller should run in. Does not impact which
  # namespaces it's able to resolve ingress resource for. For limiting ingress
  # namespace scope, see --watch-namespace.
  namespace: {{ alb_ingress_controller_namespace }}
spec:
  replicas: 1
  selector:
    matchLabels:
      k8s-app: alb-ingress-controller
  strategy:
    rollingUpdate:
      maxSurge: 1
      maxUnavailable: 1
    type: RollingUpdate
  template:
    metadata:
      creationTimestamp: null
      labels:
        k8s-app: alb-ingress-controller
    spec:
      containers:
      - args:
        # Limit the namespace where this ALB Ingress Controller deployment will
        # resolve ingress resources. If left commented, all namespaces are used.
        #- --watch-namespace=your-k8s-namespace

        # Setting the ingress-class flag below will ensure that only ingress resources with the
        # annotation kubernetes.io/ingress.class: "alb" are respected by the controller. You may
        # choose any class you'd like for this controller to respect.
        - --ingress-class=alb
        # Name of your cluster. Used when naming resources created
        # by the ALB Ingress Controller, providing distinction between
        # clusters.
        - --cluster-name={{ cluster_name }}

        # Enables logging on all outbound requests sent to the AWS API.
        # If logging is desired, set to true.
        # - ---aws-api-debug
{% if alb_ingress_aws_debug %}
        - --aws-api-debug
{% endif %}
        # Maximum number of times to retry the aws calls.
        # defaults to 10.
        # - --aws-max-retries=10

        # AWS region this ingress controller will operate in.
        # If unspecified, it will be discovered from ec2metadata.
        # List of regions: http://docs.aws.amazon.com/general/latest/gr/rande.html#vpc_region
{% if alb_ingress_aws_region is defined %}
        - --aws-region={{ alb_ingress_aws_region }}
{% endif %}

        image: "{{ alb_ingress_image_repo }}:{{ alb_ingress_image_tag }}"
        imagePullPolicy: {{ k8s_image_pull_policy }}
        name: server
        resources: {}
        terminationMessagePath: /dev/termination-log
      dnsPolicy: ClusterFirst
      restartPolicy: Always
      securityContext: {}
      terminationGracePeriodSeconds: 30
{% if rbac_enabled %}
      serviceAccountName: alb-ingress
{% endif %}