From 9f245dd9b2a68142c5f6ceca4e7db9abd6d6511d Mon Sep 17 00:00:00 2001 From: Wong Hoi Sing Edison Date: Thu, 7 Jun 2018 16:58:31 +0800 Subject: [PATCH] ingress-nginx: Upgrade to 0.15.0 --- README.md | 30 +++++++++++-------- roles/download/defaults/main.yml | 2 +- .../ingress-nginx-controller-ds.yml.j2 | 2 ++ 3 files changed, 20 insertions(+), 14 deletions(-) diff --git a/README.md b/README.md index 428a0aa78..0846f1f3e 100644 --- a/README.md +++ b/README.md @@ -86,19 +86,23 @@ Supported Linux Distributions Note: Upstart/SysV init based OS types are not supported. -Versions of supported components --------------------------------- - -- [kubernetes](https://github.com/kubernetes/kubernetes/releases) v1.10.4 -- [etcd](https://github.com/coreos/etcd/releases) v3.2.18 -- [flanneld](https://github.com/coreos/flannel/releases) v0.10.0 -- [calico](https://docs.projectcalico.org/v2.6/releases/) v2.6.8 -- [canal](https://github.com/projectcalico/canal) (given calico/flannel versions) -- [cilium](https://github.com/cilium/cilium) v1.0.0-rc8 -- [contiv](https://github.com/contiv/install/releases) v1.1.7 -- [weave](http://weave.works/) v2.3.0 -- [docker](https://www.docker.com/) v17.03 (see note) -- [rkt](https://coreos.com/rkt/docs/latest/) v1.21.0 (see Note 2) +Supported Components +-------------------- + +- Core + - [kubernetes](https://github.com/kubernetes/kubernetes) v1.10.4 + - [etcd](https://github.com/coreos/etcd) v3.2.18 + - [docker](https://www.docker.com/) v17.03 (see note) + - [rkt](https://github.com/rkt/rkt) v1.21.0 (see Note 2) +- Network Plugin + - [calico](https://github.com/projectcalico/calico) v2.6.8 + - [canal](https://github.com/projectcalico/canal) (given calico/flannel versions) + - [cilium](https://github.com/cilium/cilium) v1.0.0-rc8 + - [contiv](https://github.com/contiv/install) v1.1.7 + - [flanneld](https://github.com/coreos/flannel) v0.10.0 + - [weave](https://github.com/weaveworks/weave) v2.3.0 +- Application + - [ingress-nginx](https://github.com/kubernetes/ingress-nginx) v0.15.0 Note: kubernetes doesn't support newer docker versions. Among other things kubelet currently breaks on docker's non-standard version numbering (it no longer uses semantic versioning). To ensure auto-updates don't break your cluster look into e.g. yum versionlock plugin or apt pin). diff --git a/roles/download/defaults/main.yml b/roles/download/defaults/main.yml index e999db535..f07d40483 100644 --- a/roles/download/defaults/main.yml +++ b/roles/download/defaults/main.yml @@ -157,7 +157,7 @@ local_volume_provisioner_image_tag: "v2.0.0" cephfs_provisioner_image_repo: "quay.io/kubespray/cephfs-provisioner" cephfs_provisioner_image_tag: "a71a49d4" ingress_nginx_controller_image_repo: "quay.io/kubernetes-ingress-controller/nginx-ingress-controller" -ingress_nginx_controller_image_tag: "0.14.0" +ingress_nginx_controller_image_tag: "0.15.0" ingress_nginx_default_backend_image_repo: "gcr.io/google_containers/defaultbackend" ingress_nginx_default_backend_image_tag: "1.4" cert_manager_version: "v0.2.4" diff --git a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/ingress-nginx-controller-ds.yml.j2 b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/ingress-nginx-controller-ds.yml.j2 index 52501a4c7..40e1d4715 100644 --- a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/ingress-nginx-controller-ds.yml.j2 +++ b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/ingress-nginx-controller-ds.yml.j2 @@ -76,6 +76,8 @@ spec: periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 + securityContext: + runAsNonRoot: false {% if rbac_enabled %} serviceAccountName: ingress-nginx {% endif %}