diff --git a/README.md b/README.md
index ee90fa45f8aaf774c918cddd4502c72c7272b547..36e34450e829596f25a8e985a3a5a74d81dbaaf9 100644
--- a/README.md
+++ b/README.md
@@ -135,7 +135,7 @@ Note: Upstart/SysV init based OS types are not supported.
- [rbd-provisioner](https://github.com/kubernetes-incubator/external-storage) v2.1.1-k8s1.11
- [cert-manager](https://github.com/jetstack/cert-manager) v0.11.1
- [coredns](https://github.com/coredns/coredns) v1.6.7
- - [ingress-nginx](https://github.com/kubernetes/ingress-nginx) v0.30.0
+ - [ingress-nginx](https://github.com/kubernetes/ingress-nginx) v0.32.0
Note: The list of validated [docker versions](https://kubernetes.io/docs/setup/production-environment/container-runtimes/#docker) is 1.13.1, 17.03, 17.06, 17.09, 18.06, 18.09 and 19.03. The recommended docker version is 19.03. The kubelet might break on docker's non-standard version numbering (it no longer uses semantic versioning). To ensure auto-updates don't break your cluster look into e.g. yum versionlock plugin or apt pin).
diff --git a/roles/download/defaults/main.yml b/roles/download/defaults/main.yml
index 2890ffe86900742b4ed71276994f5f21cccfebde..334953b211c050c83c81d43c9b41e900cf78d698 100644
--- a/roles/download/defaults/main.yml
+++ b/roles/download/defaults/main.yml
@@ -459,7 +459,7 @@ rbd_provisioner_image_tag: "v2.1.1-k8s1.11"
local_path_provisioner_image_repo: "{{ docker_image_repo }}/rancher/local-path-provisioner"
local_path_provisioner_image_tag: "v0.0.12"
ingress_nginx_controller_image_repo: "{{ quay_image_repo }}/kubernetes-ingress-controller/nginx-ingress-controller"
-ingress_nginx_controller_image_tag: "0.30.0"
+ingress_nginx_controller_image_tag: "0.32.0"
alb_ingress_image_repo: "{{ docker_image_repo }}/amazon/aws-alb-ingress-controller"
alb_ingress_image_tag: "v1.1.7"
cert_manager_version: "v0.11.1"
diff --git a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/clusterrole-ingress-nginx.yml.j2 b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/clusterrole-ingress-nginx.yml.j2
index 1df91ccd6e80131e20231fbd58b15bcebf62c591..f0a4bf7e513fa5df0cbba5f8de1e6013facc7761 100644
--- a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/clusterrole-ingress-nginx.yml.j2
+++ b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/clusterrole-ingress-nginx.yml.j2
@@ -25,3 +25,6 @@ rules:
- apiGroups: ["extensions","networking.k8s.io"]
resources: ["ingresses/status"]
verbs: ["update"]
+ - apiGroups: [networking.k8s.io"]
+ resources: ["ingressclasses"]
+ verbs: ["get", "list", "watch"]
diff --git a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/ds-ingress-nginx-controller.yml.j2 b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/ds-ingress-nginx-controller.yml.j2
index 47f2f1e336f9a828c838257d8ff05e3a39bdd167..6b35a290ed060b8a19ea0586cf25a18018734636 100644
--- a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/ds-ingress-nginx-controller.yml.j2
+++ b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/ds-ingress-nginx-controller.yml.j2
@@ -67,6 +67,7 @@ spec:
- NET_BIND_SERVICE
# www-data -> 101
runAsUser: 101
+ allowPrivilegeEscalation: true
env:
- name: POD_NAME
valueFrom:
diff --git a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/role-ingress-nginx.yml.j2 b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/role-ingress-nginx.yml.j2
index 218b23747a80025a0809159f03fa2b347c9547d1..74ea10322428eb0ef529584b668897231635c2ce 100644
--- a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/role-ingress-nginx.yml.j2
+++ b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/role-ingress-nginx.yml.j2
@@ -23,6 +23,9 @@ rules:
- apiGroups: ["extensions", "networking.k8s.io"]
resources: ["ingresses/status"]
verbs: ["update"]
+ - apiGroups: ["networking.k8s.io"]
+ resources: ["ingressclasses"]
+ verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["configmaps"]
# Defaults to "<election-id>-<ingress-class>"