Mohamed Omar Zaian
3 months ago
committed by
GitHub
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
5 changed files with
14 additions and
10 deletions
-
README.md
-
docs/ingress/ingress_nginx.md
-
roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/admission-webhook-configuration.yml.j2
-
roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/ds-ingress-nginx-controller.yml.j2
-
roles/kubespray-defaults/defaults/main/download.yml
|
|
|
@ -112,7 +112,7 @@ Note: Upstart/SysV init based OS types are not supported. |
|
|
|
- Application |
|
|
|
- [cert-manager](https://github.com/jetstack/cert-manager) v1.15.3 |
|
|
|
- [coredns](https://github.com/coredns/coredns) v1.11.3 |
|
|
|
- [ingress-nginx](https://github.com/kubernetes/ingress-nginx) v1.11.2 |
|
|
|
- [ingress-nginx](https://github.com/kubernetes/ingress-nginx) v1.12.0 |
|
|
|
- [krew](https://github.com/kubernetes-sigs/krew) v0.4.4 |
|
|
|
- [argocd](https://argoproj.github.io/) v2.11.0 |
|
|
|
- [helm](https://helm.sh/) v3.16.4 |
|
|
|
|
|
|
|
@ -35,7 +35,7 @@ kubectl create clusterrolebinding cluster-admin-binding \ |
|
|
|
The following **Mandatory Command** is required for all deployments except for AWS. See below for the AWS version. |
|
|
|
|
|
|
|
```console |
|
|
|
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.11.2/deploy/static/provider/cloud/deploy.yaml |
|
|
|
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.12.0/deploy/static/provider/cloud/deploy.yaml |
|
|
|
``` |
|
|
|
|
|
|
|
### Provider Specific Steps |
|
|
|
|
|
|
|
@ -13,6 +13,7 @@ webhooks: |
|
|
|
name: ingress-nginx-controller-admission |
|
|
|
namespace: {{ ingress_nginx_namespace }} |
|
|
|
path: /networking/v1/ingresses |
|
|
|
port: 443 |
|
|
|
failurePolicy: Fail |
|
|
|
matchPolicy: Equivalent |
|
|
|
name: validate.nginx.ingress.kubernetes.io |
|
|
|
|
|
|
|
@ -30,15 +30,18 @@ spec: |
|
|
|
- /init_module |
|
|
|
image: {{ ingress_nginx_opentelemetry_image_repo }}:{{ ingress_nginx_opentelemetry_image_tag }} |
|
|
|
securityContext: |
|
|
|
runAsNonRoot: true |
|
|
|
runAsUser: 65532 |
|
|
|
allowPrivilegeEscalation: false |
|
|
|
seccompProfile: |
|
|
|
type: RuntimeDefault |
|
|
|
capabilities: |
|
|
|
add: |
|
|
|
- NET_BIND_SERVICE |
|
|
|
drop: |
|
|
|
- ALL |
|
|
|
readOnlyRootFilesystem: true |
|
|
|
- ALL |
|
|
|
readOnlyRootFilesystem: false |
|
|
|
runAsGroup: 82 |
|
|
|
runAsNonRoot: true |
|
|
|
runAsUser: 101 |
|
|
|
seccompProfile: |
|
|
|
type: RuntimeDefault |
|
|
|
volumeMounts: |
|
|
|
- mountPath: /modules_mount |
|
|
|
name: modules |
|
|
|
|
|
|
|
@ -329,13 +329,13 @@ rbd_provisioner_image_tag: "{{ rbd_provisioner_version }}" |
|
|
|
local_path_provisioner_version: "v0.0.24" |
|
|
|
local_path_provisioner_image_repo: "{{ docker_image_repo }}/rancher/local-path-provisioner" |
|
|
|
local_path_provisioner_image_tag: "{{ local_path_provisioner_version }}" |
|
|
|
ingress_nginx_version: "v1.11.2" |
|
|
|
ingress_nginx_version: "v1.12.0" |
|
|
|
ingress_nginx_controller_image_repo: "{{ kube_image_repo }}/ingress-nginx/controller" |
|
|
|
ingress_nginx_opentelemetry_image_repo: "{{ kube_image_repo }}/ingress-nginx/opentelemetry" |
|
|
|
ingress_nginx_controller_image_tag: "{{ ingress_nginx_version }}" |
|
|
|
ingress_nginx_opentelemetry_image_tag: "v20230721-3e2062ee5" |
|
|
|
ingress_nginx_kube_webhook_certgen_image_repo: "{{ kube_image_repo }}/ingress-nginx/kube-webhook-certgen" |
|
|
|
ingress_nginx_kube_webhook_certgen_image_tag: "v1.4.3" |
|
|
|
ingress_nginx_kube_webhook_certgen_image_tag: "v1.5.0" |
|
|
|
alb_ingress_image_repo: "{{ docker_image_repo }}/amazon/aws-alb-ingress-controller" |
|
|
|
alb_ingress_image_tag: "v1.1.9" |
|
|
|
cert_manager_version: "v1.15.3" |
|
|
|
|
