From 9fc8f9a07d99a4864d718f92721888906be45ae4 Mon Sep 17 00:00:00 2001 From: Wong Hoi Sing Edison Date: Sun, 2 Sep 2018 12:19:38 +0800 Subject: [PATCH] ingress-nginx: Upgrade to 0.19.0 Upstream Changes: - ingress-nginx 0.19.0 (https://github.com/kubernetes/ingress-nginx/releases/tag/nginx-0.19.0) Our Changes: - Sync templates with upstream changes --- README.md | 2 +- roles/download/defaults/main.yml | 2 +- .../templates/clusterrole-ingress-nginx.yml.j2 | 4 +++- .../clusterrolebinding-ingress-nginx.yml.j2 | 11 +++++++---- .../templates/cm-ingress-nginx.yml.j2 | 3 ++- .../templates/cm-tcp-services.yml.j2 | 3 ++- .../templates/cm-udp-services.yml.j2 | 3 ++- .../templates/deploy-default-backend.yml.j2 | 12 ++++++------ .../templates/ds-ingress-nginx-controller.yml.j2 | 12 ++++++------ .../templates/role-ingress-nginx.yml.j2 | 15 +++++++-------- .../templates/rolebinding-ingress-nginx.yml.j2 | 11 +++++++---- .../templates/sa-ingress-nginx.yml.j2 | 3 +++ .../templates/svc-default-backend.yml.j2 | 5 +++-- 13 files changed, 50 insertions(+), 36 deletions(-) diff --git a/README.md b/README.md index c330e9663..0d7d885f4 100644 --- a/README.md +++ b/README.md @@ -105,7 +105,7 @@ Supported Components - [cephfs-provisioner](https://github.com/kubernetes-incubator/external-storage) v2.1.0-k8s1.11 - [cert-manager](https://github.com/jetstack/cert-manager) v0.4.1 - [coredns](https://github.com/coredns/coredns) v1.2.2 - - [ingress-nginx](https://github.com/kubernetes/ingress-nginx) v0.18.0 + - [ingress-nginx](https://github.com/kubernetes/ingress-nginx) v0.19.0 Note: kubernetes doesn't support newer docker versions. Among other things kubelet currently breaks on docker's non-standard version numbering (it no longer uses semantic versioning). To ensure auto-updates don't break your cluster look into e.g. yum versionlock plugin or apt pin). diff --git a/roles/download/defaults/main.yml b/roles/download/defaults/main.yml index 992209f5c..35f1a8dc4 100644 --- a/roles/download/defaults/main.yml +++ b/roles/download/defaults/main.yml @@ -151,7 +151,7 @@ local_volume_provisioner_image_tag: "v2.1.0" cephfs_provisioner_image_repo: "quay.io/external_storage/cephfs-provisioner" cephfs_provisioner_image_tag: "v2.1.0-k8s1.11" ingress_nginx_controller_image_repo: "quay.io/kubernetes-ingress-controller/nginx-ingress-controller" -ingress_nginx_controller_image_tag: "0.18.0" +ingress_nginx_controller_image_tag: "0.19.0" ingress_nginx_default_backend_image_repo: "gcr.io/google_containers/defaultbackend" ingress_nginx_default_backend_image_tag: "1.4" cert_manager_version: "v0.4.1" diff --git a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/clusterrole-ingress-nginx.yml.j2 b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/clusterrole-ingress-nginx.yml.j2 index e6c36ef30..7cc6870e5 100644 --- a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/clusterrole-ingress-nginx.yml.j2 +++ b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/clusterrole-ingress-nginx.yml.j2 @@ -3,7 +3,9 @@ apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRole metadata: name: ingress-nginx - namespace: {{ ingress_nginx_namespace }} + labels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx rules: - apiGroups: [""] resources: ["configmaps", "endpoints", "nodes", "pods", "secrets"] diff --git a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/clusterrolebinding-ingress-nginx.yml.j2 b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/clusterrolebinding-ingress-nginx.yml.j2 index 8d14af4b7..67aa97f8b 100644 --- a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/clusterrolebinding-ingress-nginx.yml.j2 +++ b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/clusterrolebinding-ingress-nginx.yml.j2 @@ -4,11 +4,14 @@ kind: ClusterRoleBinding metadata: name: ingress-nginx namespace: {{ ingress_nginx_namespace }} + labels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: ingress-nginx subjects: - kind: ServiceAccount name: ingress-nginx namespace: {{ ingress_nginx_namespace }} -roleRef: - kind: ClusterRole - name: ingress-nginx - apiGroup: rbac.authorization.k8s.io diff --git a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/cm-ingress-nginx.yml.j2 b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/cm-ingress-nginx.yml.j2 index 00c44a97b..9f1e3bb36 100644 --- a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/cm-ingress-nginx.yml.j2 +++ b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/cm-ingress-nginx.yml.j2 @@ -5,7 +5,8 @@ metadata: name: ingress-nginx namespace: {{ ingress_nginx_namespace }} labels: - k8s-app: ingress-nginx + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx {% if ingress_nginx_configmap %} data: {{ ingress_nginx_configmap | to_nice_yaml | indent(2) }} diff --git a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/cm-tcp-services.yml.j2 b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/cm-tcp-services.yml.j2 index d97c42d97..97520816c 100644 --- a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/cm-tcp-services.yml.j2 +++ b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/cm-tcp-services.yml.j2 @@ -5,7 +5,8 @@ metadata: name: tcp-services namespace: {{ ingress_nginx_namespace }} labels: - k8s-app: ingress-nginx + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx {% if ingress_nginx_configmap_tcp_services %} data: {{ ingress_nginx_configmap_tcp_services | to_nice_yaml | indent(2) }} diff --git a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/cm-udp-services.yml.j2 b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/cm-udp-services.yml.j2 index b343869b7..a3f6613a4 100644 --- a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/cm-udp-services.yml.j2 +++ b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/cm-udp-services.yml.j2 @@ -5,7 +5,8 @@ metadata: name: udp-services namespace: {{ ingress_nginx_namespace }} labels: - k8s-app: ingress-nginx + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx {% if ingress_nginx_configmap_udp_services %} data: {{ ingress_nginx_configmap_udp_services | to_nice_yaml | indent(2) }} diff --git a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/deploy-default-backend.yml.j2 b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/deploy-default-backend.yml.j2 index 76d71dd96..884b6d79b 100644 --- a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/deploy-default-backend.yml.j2 +++ b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/deploy-default-backend.yml.j2 @@ -5,19 +5,19 @@ metadata: name: default-backend namespace: {{ ingress_nginx_namespace }} labels: - k8s-app: default-backend - version: v{{ ingress_nginx_default_backend_image_tag }} + app.kubernetes.io/name: default-backend + app.kubernetes.io/part-of: ingress-nginx spec: replicas: 1 selector: matchLabels: - k8s-app: default-backend - version: v{{ ingress_nginx_default_backend_image_tag }} + app.kubernetes.io/name: default-backend + app.kubernetes.io/part-of: ingress-nginx template: metadata: labels: - k8s-app: default-backend - version: v{{ ingress_nginx_default_backend_image_tag }} + app.kubernetes.io/name: default-backend + app.kubernetes.io/part-of: ingress-nginx spec: terminationGracePeriodSeconds: 60 containers: diff --git a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/ds-ingress-nginx-controller.yml.j2 b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/ds-ingress-nginx-controller.yml.j2 index 490be52fb..1031798af 100644 --- a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/ds-ingress-nginx-controller.yml.j2 +++ b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/ds-ingress-nginx-controller.yml.j2 @@ -5,18 +5,18 @@ metadata: name: ingress-nginx-controller namespace: {{ ingress_nginx_namespace }} labels: - k8s-app: ingress-nginx - version: v{{ ingress_nginx_controller_image_tag }} + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx spec: selector: matchLabels: - k8s-app: ingress-nginx - version: v{{ ingress_nginx_controller_image_tag }} + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx template: metadata: labels: - k8s-app: ingress-nginx - version: v{{ ingress_nginx_controller_image_tag }} + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx annotations: prometheus.io/port: '10254' prometheus.io/scrape: 'true' diff --git a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/role-ingress-nginx.yml.j2 b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/role-ingress-nginx.yml.j2 index 1f436ba7d..3148002da 100644 --- a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/role-ingress-nginx.yml.j2 +++ b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/role-ingress-nginx.yml.j2 @@ -4,6 +4,9 @@ kind: Role metadata: name: ingress-nginx namespace: {{ ingress_nginx_namespace }} + labels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx rules: - apiGroups: [""] resources: ["configmaps", "pods", "secrets", "namespaces"] @@ -22,11 +25,7 @@ rules: - apiGroups: [""] resources: ["endpoints"] verbs: ["get"] - - apiGroups: - - policy - resourceNames: - - ingress-nginx - resources: - - podsecuritypolicies - verbs: - - use + - apiGroups: ["policy"] + resourceNames: ["ingress-nginx"] + resources: ["podsecuritypolicies"] + verbs: ["use"] diff --git a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/rolebinding-ingress-nginx.yml.j2 b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/rolebinding-ingress-nginx.yml.j2 index a6a8dec4b..4357a2d77 100644 --- a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/rolebinding-ingress-nginx.yml.j2 +++ b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/rolebinding-ingress-nginx.yml.j2 @@ -4,11 +4,14 @@ kind: RoleBinding metadata: name: ingress-nginx namespace: {{ ingress_nginx_namespace }} -subjects: - - kind: ServiceAccount - name: ingress-nginx - namespace: {{ ingress_nginx_namespace }} + labels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: ingress-nginx +subjects: + - kind: ServiceAccount + name: ingress-nginx + namespace: {{ ingress_nginx_namespace }} diff --git a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/sa-ingress-nginx.yml.j2 b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/sa-ingress-nginx.yml.j2 index 55d6d6518..305d553f0 100644 --- a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/sa-ingress-nginx.yml.j2 +++ b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/sa-ingress-nginx.yml.j2 @@ -4,3 +4,6 @@ kind: ServiceAccount metadata: name: ingress-nginx namespace: {{ ingress_nginx_namespace }} + labels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx diff --git a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/svc-default-backend.yml.j2 b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/svc-default-backend.yml.j2 index 326cc8843..8d4ad5991 100644 --- a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/svc-default-backend.yml.j2 +++ b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/svc-default-backend.yml.j2 @@ -5,10 +5,11 @@ metadata: name: default-backend namespace: {{ ingress_nginx_namespace }} labels: - k8s-app: default-backend + app.kubernetes.io/name: default-backend + app.kubernetes.io/part-of: ingress-nginx spec: ports: - port: 80 targetPort: 8080 selector: - k8s-app: default-backend + app.kubernetes.io/name: default-backend