diff --git a/README.md b/README.md index c2ef77998..65f0af495 100644 --- a/README.md +++ b/README.md @@ -169,7 +169,7 @@ Note: Upstart/SysV init based OS types are not supported. - Application - [cert-manager](https://github.com/jetstack/cert-manager) v1.11.0 - [coredns](https://github.com/coredns/coredns) v1.9.3 - - [ingress-nginx](https://github.com/kubernetes/ingress-nginx) v1.5.1 + - [ingress-nginx](https://github.com/kubernetes/ingress-nginx) v1.6.4 - [krew](https://github.com/kubernetes-sigs/krew) v0.4.3 - [argocd](https://argoproj.github.io/) v2.5.10 - [helm](https://helm.sh/) v3.10.3 diff --git a/roles/download/defaults/main.yml b/roles/download/defaults/main.yml index 698e92524..4dc06cddf 100644 --- a/roles/download/defaults/main.yml +++ b/roles/download/defaults/main.yml @@ -992,11 +992,11 @@ rbd_provisioner_image_tag: "{{ rbd_provisioner_version }}" local_path_provisioner_version: "v0.0.22" local_path_provisioner_image_repo: "{{ docker_image_repo }}/rancher/local-path-provisioner" local_path_provisioner_image_tag: "{{ local_path_provisioner_version }}" -ingress_nginx_version: "v1.5.1" +ingress_nginx_version: "v1.6.4" ingress_nginx_controller_image_repo: "{{ kube_image_repo }}/ingress-nginx/controller" ingress_nginx_controller_image_tag: "{{ ingress_nginx_version }}" -ingress_nginx_kube_webhook_certgen_imae_repo: "{{ kube_image_repo }}/ingress-nginx/kube-webhook-certgen" -ingress_nginx_kube_webhook_certgen_imae_tag: "v1.3.0" +ingress_nginx_kube_webhook_certgen_image_repo: "{{ kube_image_repo }}/ingress-nginx/kube-webhook-certgen" +ingress_nginx_kube_webhook_certgen_image_tag: "v20220916-gd32f8c343" alb_ingress_image_repo: "{{ docker_image_repo }}/amazon/aws-alb-ingress-controller" alb_ingress_image_tag: "v1.1.9" cert_manager_version: "v1.11.0" diff --git a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/admission-webhook-job.yml.j2 b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/admission-webhook-job.yml.j2 index 03a84203c..258a7a166 100644 --- a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/admission-webhook-job.yml.j2 +++ b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/admission-webhook-job.yml.j2 @@ -26,7 +26,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: "{{ ingress_nginx_kube_webhook_certgen_imae_repo }}:{{ ingress_nginx_kube_webhook_certgen_imae_tag }}" + image: "{{ ingress_nginx_kube_webhook_certgen_image_repo }}:{{ ingress_nginx_kube_webhook_certgen_image_tag }}" imagePullPolicy: {{ k8s_image_pull_policy }} name: create securityContext: @@ -70,7 +70,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: "{{ ingress_nginx_kube_webhook_certgen_imae_repo }}:{{ ingress_nginx_kube_webhook_certgen_imae_tag }}" + image: "{{ ingress_nginx_kube_webhook_certgen_image_repo }}:{{ ingress_nginx_kube_webhook_certgen_image_tag }}" imagePullPolicy: {{ k8s_image_pull_policy }} name: patch securityContext: diff --git a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/clusterrole-ingress-nginx.yml.j2 b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/clusterrole-ingress-nginx.yml.j2 index 767502eae..38118bf49 100644 --- a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/clusterrole-ingress-nginx.yml.j2 +++ b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/clusterrole-ingress-nginx.yml.j2 @@ -8,7 +8,7 @@ metadata: app.kubernetes.io/part-of: ingress-nginx rules: - apiGroups: [""] - resources: ["configmaps", "endpoints", "nodes", "pods", "secrets"] + resources: ["configmaps", "endpoints", "nodes", "pods", "secrets", "namespaces"] verbs: ["list", "watch"] - apiGroups: [""] resources: ["nodes"] diff --git a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/role-ingress-nginx.yml.j2 b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/role-ingress-nginx.yml.j2 index 58c0488f8..f08f82fc5 100644 --- a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/role-ingress-nginx.yml.j2 +++ b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/role-ingress-nginx.yml.j2 @@ -17,23 +17,15 @@ rules: - apiGroups: [""] resources: ["services"] verbs: ["get", "list", "watch"] - - apiGroups: ["extensions", "networking.k8s.io"] - resources: ["ingresses", "ingressclasses"] + - apiGroups: ["networking.k8s.io"] + resources: ["ingresses"] verbs: ["get", "list", "watch"] - - apiGroups: ["extensions", "networking.k8s.io"] + - apiGroups: ["networking.k8s.io"] resources: ["ingresses/status"] verbs: ["update"] - apiGroups: ["networking.k8s.io"] resources: ["ingressclasses"] verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["configmaps"] - # Defaults to "-" - # Here: "-" - # This has to be adapted if you change either parameter - # when launching the nginx-ingress-controller. - resourceNames: [{% if ingress_class is defined %}"ingress-controller-leader-{{ ingress_nginx_class | default('nginx') }}"{% else %}"ingress-controller-leader"{% endif %}] - verbs: ["get", "update"] - apiGroups: ["coordination.k8s.io"] resources: ["leases"] # Defaults to "-" @@ -42,16 +34,9 @@ rules: # when launching the nginx-ingress-controller. resourceNames: [{% if ingress_class is defined %}"ingress-controller-leader-{{ ingress_nginx_class | default('nginx') }}"{% else %}"ingress-controller-leader"{% endif %}] verbs: ["get", "update"] - - apiGroups: [""] - resources: ["configmaps"] - verbs: ["create", "update"] - apiGroups: [""] resources: ["events"] verbs: ["create", "patch"] - - apiGroups: ["policy"] - resourceNames: ["ingress-nginx"] - resources: ["podsecuritypolicies"] - verbs: ["use"] - apiGroups: ["coordination.k8s.io"] resources: ["leases"] # Defaults to "-"