From 6852f821a5ad12a6ef11a70bc679440e117f1f14 Mon Sep 17 00:00:00 2001 From: Florian Ruynat Date: Tue, 9 Jun 2020 11:45:18 +0200 Subject: [PATCH] Update nginx ingress to 0.32.0 (#6063) --- README.md | 2 +- roles/download/defaults/main.yml | 2 +- .../ingress_nginx/templates/clusterrole-ingress-nginx.yml.j2 | 3 +++ .../ingress_nginx/templates/ds-ingress-nginx-controller.yml.j2 | 1 + .../ingress_nginx/templates/role-ingress-nginx.yml.j2 | 3 +++ 5 files changed, 9 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index ee90fa45f..36e34450e 100644 --- a/README.md +++ b/README.md @@ -135,7 +135,7 @@ Note: Upstart/SysV init based OS types are not supported. - [rbd-provisioner](https://github.com/kubernetes-incubator/external-storage) v2.1.1-k8s1.11 - [cert-manager](https://github.com/jetstack/cert-manager) v0.11.1 - [coredns](https://github.com/coredns/coredns) v1.6.7 - - [ingress-nginx](https://github.com/kubernetes/ingress-nginx) v0.30.0 + - [ingress-nginx](https://github.com/kubernetes/ingress-nginx) v0.32.0 Note: The list of validated [docker versions](https://kubernetes.io/docs/setup/production-environment/container-runtimes/#docker) is 1.13.1, 17.03, 17.06, 17.09, 18.06, 18.09 and 19.03. The recommended docker version is 19.03. The kubelet might break on docker's non-standard version numbering (it no longer uses semantic versioning). To ensure auto-updates don't break your cluster look into e.g. yum versionlock plugin or apt pin). diff --git a/roles/download/defaults/main.yml b/roles/download/defaults/main.yml index 2890ffe86..334953b21 100644 --- a/roles/download/defaults/main.yml +++ b/roles/download/defaults/main.yml @@ -459,7 +459,7 @@ rbd_provisioner_image_tag: "v2.1.1-k8s1.11" local_path_provisioner_image_repo: "{{ docker_image_repo }}/rancher/local-path-provisioner" local_path_provisioner_image_tag: "v0.0.12" ingress_nginx_controller_image_repo: "{{ quay_image_repo }}/kubernetes-ingress-controller/nginx-ingress-controller" -ingress_nginx_controller_image_tag: "0.30.0" +ingress_nginx_controller_image_tag: "0.32.0" alb_ingress_image_repo: "{{ docker_image_repo }}/amazon/aws-alb-ingress-controller" alb_ingress_image_tag: "v1.1.7" cert_manager_version: "v0.11.1" diff --git a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/clusterrole-ingress-nginx.yml.j2 b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/clusterrole-ingress-nginx.yml.j2 index 1df91ccd6..f0a4bf7e5 100644 --- a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/clusterrole-ingress-nginx.yml.j2 +++ b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/clusterrole-ingress-nginx.yml.j2 @@ -25,3 +25,6 @@ rules: - apiGroups: ["extensions","networking.k8s.io"] resources: ["ingresses/status"] verbs: ["update"] + - apiGroups: [networking.k8s.io"] + resources: ["ingressclasses"] + verbs: ["get", "list", "watch"] diff --git a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/ds-ingress-nginx-controller.yml.j2 b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/ds-ingress-nginx-controller.yml.j2 index 47f2f1e33..6b35a290e 100644 --- a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/ds-ingress-nginx-controller.yml.j2 +++ b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/ds-ingress-nginx-controller.yml.j2 @@ -67,6 +67,7 @@ spec: - NET_BIND_SERVICE # www-data -> 101 runAsUser: 101 + allowPrivilegeEscalation: true env: - name: POD_NAME valueFrom: diff --git a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/role-ingress-nginx.yml.j2 b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/role-ingress-nginx.yml.j2 index 218b23747..74ea10322 100644 --- a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/role-ingress-nginx.yml.j2 +++ b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/role-ingress-nginx.yml.j2 @@ -23,6 +23,9 @@ rules: - apiGroups: ["extensions", "networking.k8s.io"] resources: ["ingresses/status"] verbs: ["update"] + - apiGroups: ["networking.k8s.io"] + resources: ["ingressclasses"] + verbs: ["get", "list", "watch"] - apiGroups: [""] resources: ["configmaps"] # Defaults to "-"