apiVersion: apps/v1 kind: Deployment metadata: name: nginx-deployment namespace: hsv2 spec: replicas: 2 selector: matchLabels: app: nginx template: metadata: labels: app: nginx spec: topologySpreadConstraints: - maxSkew: 1 topologyKey: kubernetes.io/hostname whenUnsatisfiable: ScheduleAnyway labelSelector: matchLabels: app: nginx containers: - name: nginx image: hub.yizhisec.com/external/nginx:1.29.1-alpine3.22 imagePullPolicy: IfNotPresent volumeMounts: - name: nginx-main mountPath: /etc/nginx/nginx.conf subPath: nginx.conf readOnly: true - name: nginx-user mountPath: /etc/nginx/sites-enabled/user.conf subPath: user.conf readOnly: true - name: nginx-gateway mountPath: /etc/nginx/sites-enabled/gateway.conf subPath: gateway.conf readOnly: true - name: nginx-web mountPath: /etc/nginx/sites-enabled/web.conf subPath: web.conf readOnly: true - name: nginx-client mountPath: /etc/nginx/sites-enabled/client.conf subPath: client.conf readOnly: true - name: nginx-common mountPath: /etc/nginx/common/common.conf subPath: common.conf readOnly: true - name: ssl-ffdhe2048 mountPath: /etc/nginx/ssl/ffdhe2048.txt subPath: ffdhe2048.txt readOnly: true - name: ssl-ca-crt mountPath: /yizhisec/ssl/ca.crt subPath: ca.crt readOnly: true - name: ssl-server-crt mountPath: /yizhisec/ssl/server.crt subPath: server.crt readOnly: true - name: ssl-server-key mountPath: /yizhisec/ssl/server.key subPath: server.key readOnly: true - name: ssl-mqtt-crt mountPath: /etc/nginx/ssl/mqtt.server.crt subPath: mqtt.server.crt readOnly: true - name: ssl-mqtt-key mountPath: /etc/nginx/ssl/mqtt.server.key subPath: mqtt.server.key readOnly: true - name: ssl-client-server-crt mountPath: /etc/nginx/ssl/client.server.crt subPath: client.server.crt readOnly: true - name: ssl-client-server-key mountPath: /etc/nginx/ssl/client.server.key subPath: client.server.key readOnly: true - name: ssl-web-server-crt mountPath: /etc/nginx/ssl/web.server.crt subPath: web.server.crt readOnly: true - name: ssl-web-server-key mountPath: /etc/nginx/ssl/web.server.key subPath: web.server.key readOnly: true volumes: - name: nginx-main configMap: name: nginx-main items: - key: nginx.conf path: nginx.conf - name: nginx-user configMap: name: nginx-user items: - key: user.conf path: user.conf - name: nginx-gateway configMap: name: nginx-gateway items: - key: gateway.conf path: gateway.conf - name: nginx-web configMap: name: nginx-web items: - key: web.conf path: web.conf - name: nginx-client configMap: name: nginx-client items: - key: client.conf path: client.conf - name: nginx-common configMap: name: nginx-common items: - key: common.conf path: common.conf - name: ssl-ffdhe2048 configMap: name: ssl-ffdhe2048 items: - key: ffdhe2048.txt path: ffdhe2048.txt - name: ssl-ca-crt configMap: name: ssl-ca-crt items: - key: ca.crt path: ca.crt - name: ssl-server-crt configMap: name: ssl-server-crt items: - key: server.crt path: server.crt - name: ssl-server-key configMap: name: ssl-server-key items: - key: server.key path: server.key - name: ssl-mqtt-crt configMap: name: ssl-mqtt-crt items: - key: mqtt.server.crt path: mqtt.server.crt - name: ssl-mqtt-key configMap: name: ssl-mqtt-key items: - key: mqtt.server.key path: mqtt.server.key - name: ssl-client-server-crt configMap: name: ssl-client-server-crt items: - key: client.server.crt path: client.server.crt - name: ssl-client-server-key configMap: name: ssl-client-server-key items: - key: client.server.key path: client.server.key - name: ssl-web-server-crt configMap: name: ssl-web-server-crt items: - key: web.server.crt path: web.server.crt - name: ssl-web-server-key configMap: name: ssl-web-server-key items: - key: web.server.key path: web.server.key --- apiVersion: v1 kind: Service metadata: name: nginx-service namespace: hsv2 spec: selector: app: nginx ports: - protocol: TCP name: o-443 port: 443 targetPort: 23443 nodePort: 31443 - protocol: TCP name: o-8443 port: 8443 targetPort: 8443 nodePort: 32443 type: NodePort