diff --git a/README.md b/README.md
index c2ef779984b35cc0236225a40e8ee0faf33dcf27..65f0af4958f437c9f30d27ff04dec6e841aa683b 100644
--- a/README.md
+++ b/README.md
@@ -169,7 +169,7 @@ Note: Upstart/SysV init based OS types are not supported.
- Application
- [cert-manager](https://github.com/jetstack/cert-manager) v1.11.0
- [coredns](https://github.com/coredns/coredns) v1.9.3
- - [ingress-nginx](https://github.com/kubernetes/ingress-nginx) v1.5.1
+ - [ingress-nginx](https://github.com/kubernetes/ingress-nginx) v1.6.4
- [krew](https://github.com/kubernetes-sigs/krew) v0.4.3
- [argocd](https://argoproj.github.io/) v2.5.10
- [helm](https://helm.sh/) v3.10.3
diff --git a/roles/download/defaults/main.yml b/roles/download/defaults/main.yml
index 698e92524317a74fb55fd65e40f09869fd5e8f7a..4dc06cddfca31c1ba106e7da25d8b02db5dca747 100644
--- a/roles/download/defaults/main.yml
+++ b/roles/download/defaults/main.yml
@@ -992,11 +992,11 @@ rbd_provisioner_image_tag: "{{ rbd_provisioner_version }}"
local_path_provisioner_version: "v0.0.22"
local_path_provisioner_image_repo: "{{ docker_image_repo }}/rancher/local-path-provisioner"
local_path_provisioner_image_tag: "{{ local_path_provisioner_version }}"
-ingress_nginx_version: "v1.5.1"
+ingress_nginx_version: "v1.6.4"
ingress_nginx_controller_image_repo: "{{ kube_image_repo }}/ingress-nginx/controller"
ingress_nginx_controller_image_tag: "{{ ingress_nginx_version }}"
-ingress_nginx_kube_webhook_certgen_imae_repo: "{{ kube_image_repo }}/ingress-nginx/kube-webhook-certgen"
-ingress_nginx_kube_webhook_certgen_imae_tag: "v1.3.0"
+ingress_nginx_kube_webhook_certgen_image_repo: "{{ kube_image_repo }}/ingress-nginx/kube-webhook-certgen"
+ingress_nginx_kube_webhook_certgen_image_tag: "v20220916-gd32f8c343"
alb_ingress_image_repo: "{{ docker_image_repo }}/amazon/aws-alb-ingress-controller"
alb_ingress_image_tag: "v1.1.9"
cert_manager_version: "v1.11.0"
diff --git a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/admission-webhook-job.yml.j2 b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/admission-webhook-job.yml.j2
index 03a84203cafd3ca57d1a38415b5a6c6540a96f16..258a7a166e060d7f40747c317badadb7e19b776f 100644
--- a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/admission-webhook-job.yml.j2
+++ b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/admission-webhook-job.yml.j2
@@ -26,7 +26,7 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- image: "{{ ingress_nginx_kube_webhook_certgen_imae_repo }}:{{ ingress_nginx_kube_webhook_certgen_imae_tag }}"
+ image: "{{ ingress_nginx_kube_webhook_certgen_image_repo }}:{{ ingress_nginx_kube_webhook_certgen_image_tag }}"
imagePullPolicy: {{ k8s_image_pull_policy }}
name: create
securityContext:
@@ -70,7 +70,7 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- image: "{{ ingress_nginx_kube_webhook_certgen_imae_repo }}:{{ ingress_nginx_kube_webhook_certgen_imae_tag }}"
+ image: "{{ ingress_nginx_kube_webhook_certgen_image_repo }}:{{ ingress_nginx_kube_webhook_certgen_image_tag }}"
imagePullPolicy: {{ k8s_image_pull_policy }}
name: patch
securityContext:
diff --git a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/clusterrole-ingress-nginx.yml.j2 b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/clusterrole-ingress-nginx.yml.j2
index 767502eae19784e3dbae4fca15c8a5ef991fd154..38118bf49f59d961ec8d81715e3933ef3e3a010e 100644
--- a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/clusterrole-ingress-nginx.yml.j2
+++ b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/clusterrole-ingress-nginx.yml.j2
@@ -8,7 +8,7 @@ metadata:
app.kubernetes.io/part-of: ingress-nginx
rules:
- apiGroups: [""]
- resources: ["configmaps", "endpoints", "nodes", "pods", "secrets"]
+ resources: ["configmaps", "endpoints", "nodes", "pods", "secrets", "namespaces"]
verbs: ["list", "watch"]
- apiGroups: [""]
resources: ["nodes"]
diff --git a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/role-ingress-nginx.yml.j2 b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/role-ingress-nginx.yml.j2
index 58c0488f8c0461015c6eaa01ab3461ab3e94c353..f08f82fc57b9a1800ecd433e38cf04275c6ad5ca 100644
--- a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/role-ingress-nginx.yml.j2
+++ b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/role-ingress-nginx.yml.j2
@@ -17,23 +17,15 @@ rules:
- apiGroups: [""]
resources: ["services"]
verbs: ["get", "list", "watch"]
- - apiGroups: ["extensions", "networking.k8s.io"]
- resources: ["ingresses", "ingressclasses"]
+ - apiGroups: ["networking.k8s.io"]
+ resources: ["ingresses"]
verbs: ["get", "list", "watch"]
- - apiGroups: ["extensions", "networking.k8s.io"]
+ - apiGroups: ["networking.k8s.io"]
resources: ["ingresses/status"]
verbs: ["update"]
- apiGroups: ["networking.k8s.io"]
resources: ["ingressclasses"]
verbs: ["get", "list", "watch"]
- - apiGroups: [""]
- resources: ["configmaps"]
- # Defaults to "<election-id>-<ingress-class>"
- # Here: "<ingress-controller-leader>-<nginx>"
- # This has to be adapted if you change either parameter
- # when launching the nginx-ingress-controller.
- resourceNames: [{% if ingress_class is defined %}"ingress-controller-leader-{{ ingress_nginx_class | default('nginx') }}"{% else %}"ingress-controller-leader"{% endif %}]
- verbs: ["get", "update"]
- apiGroups: ["coordination.k8s.io"]
resources: ["leases"]
# Defaults to "<election-id>-<ingress-class>"
@@ -42,16 +34,9 @@ rules:
# when launching the nginx-ingress-controller.
resourceNames: [{% if ingress_class is defined %}"ingress-controller-leader-{{ ingress_nginx_class | default('nginx') }}"{% else %}"ingress-controller-leader"{% endif %}]
verbs: ["get", "update"]
- - apiGroups: [""]
- resources: ["configmaps"]
- verbs: ["create", "update"]
- apiGroups: [""]
resources: ["events"]
verbs: ["create", "patch"]
- - apiGroups: ["policy"]
- resourceNames: ["ingress-nginx"]
- resources: ["podsecuritypolicies"]
- verbs: ["use"]
- apiGroups: ["coordination.k8s.io"]
resources: ["leases"]
# Defaults to "<election-id>-<ingress-class>"