diff --git a/README.md b/README.md
index c330e9663afb80f6ee510cc6ded451c060febcfb..0d7d885f4a26901fe516fdac8661be8466e81fa8 100644
--- a/README.md
+++ b/README.md
@@ -105,7 +105,7 @@ Supported Components
- [cephfs-provisioner](https://github.com/kubernetes-incubator/external-storage) v2.1.0-k8s1.11
- [cert-manager](https://github.com/jetstack/cert-manager) v0.4.1
- [coredns](https://github.com/coredns/coredns) v1.2.2
- - [ingress-nginx](https://github.com/kubernetes/ingress-nginx) v0.18.0
+ - [ingress-nginx](https://github.com/kubernetes/ingress-nginx) v0.19.0
Note: kubernetes doesn't support newer docker versions. Among other things kubelet currently breaks on docker's non-standard version numbering (it no longer uses semantic versioning). To ensure auto-updates don't break your cluster look into e.g. yum versionlock plugin or apt pin).
diff --git a/roles/download/defaults/main.yml b/roles/download/defaults/main.yml
index 992209f5cf7d85ea7481c5859274d345a3047428..35f1a8dc4c1b36f178e27f415dc4af64a1bd96f2 100644
--- a/roles/download/defaults/main.yml
+++ b/roles/download/defaults/main.yml
@@ -151,7 +151,7 @@ local_volume_provisioner_image_tag: "v2.1.0"
cephfs_provisioner_image_repo: "quay.io/external_storage/cephfs-provisioner"
cephfs_provisioner_image_tag: "v2.1.0-k8s1.11"
ingress_nginx_controller_image_repo: "quay.io/kubernetes-ingress-controller/nginx-ingress-controller"
-ingress_nginx_controller_image_tag: "0.18.0"
+ingress_nginx_controller_image_tag: "0.19.0"
ingress_nginx_default_backend_image_repo: "gcr.io/google_containers/defaultbackend"
ingress_nginx_default_backend_image_tag: "1.4"
cert_manager_version: "v0.4.1"
diff --git a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/clusterrole-ingress-nginx.yml.j2 b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/clusterrole-ingress-nginx.yml.j2
index e6c36ef30695cd270c2b8aa045a9f313ade73e50..7cc6870e5c1be756043ce814b966bc2912b1f48e 100644
--- a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/clusterrole-ingress-nginx.yml.j2
+++ b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/clusterrole-ingress-nginx.yml.j2
@@ -3,7 +3,9 @@ apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: ingress-nginx
- namespace: {{ ingress_nginx_namespace }}
+ labels:
+ app.kubernetes.io/name: ingress-nginx
+ app.kubernetes.io/part-of: ingress-nginx
rules:
- apiGroups: [""]
resources: ["configmaps", "endpoints", "nodes", "pods", "secrets"]
diff --git a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/clusterrolebinding-ingress-nginx.yml.j2 b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/clusterrolebinding-ingress-nginx.yml.j2
index 8d14af4b7d7b6eeb38c6d86abdfae47814e69745..67aa97f8b90135879aae25aa7f0d3f8f8e4e80dd 100644
--- a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/clusterrolebinding-ingress-nginx.yml.j2
+++ b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/clusterrolebinding-ingress-nginx.yml.j2
@@ -4,11 +4,14 @@ kind: ClusterRoleBinding
metadata:
name: ingress-nginx
namespace: {{ ingress_nginx_namespace }}
+ labels:
+ app.kubernetes.io/name: ingress-nginx
+ app.kubernetes.io/part-of: ingress-nginx
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: ingress-nginx
subjects:
- kind: ServiceAccount
name: ingress-nginx
namespace: {{ ingress_nginx_namespace }}
-roleRef:
- kind: ClusterRole
- name: ingress-nginx
- apiGroup: rbac.authorization.k8s.io
diff --git a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/cm-ingress-nginx.yml.j2 b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/cm-ingress-nginx.yml.j2
index 00c44a97beed98a94d78b46acb08e7140dffe84d..9f1e3bb3672ea50b02f648ce8919c06ff9c17c09 100644
--- a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/cm-ingress-nginx.yml.j2
+++ b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/cm-ingress-nginx.yml.j2
@@ -5,7 +5,8 @@ metadata:
name: ingress-nginx
namespace: {{ ingress_nginx_namespace }}
labels:
- k8s-app: ingress-nginx
+ app.kubernetes.io/name: ingress-nginx
+ app.kubernetes.io/part-of: ingress-nginx
{% if ingress_nginx_configmap %}
data:
{{ ingress_nginx_configmap | to_nice_yaml | indent(2) }}
diff --git a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/cm-tcp-services.yml.j2 b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/cm-tcp-services.yml.j2
index d97c42d97dee243466870716d8927c2f2e454483..97520816c466725be4e32eeabec36473d9dd29be 100644
--- a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/cm-tcp-services.yml.j2
+++ b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/cm-tcp-services.yml.j2
@@ -5,7 +5,8 @@ metadata:
name: tcp-services
namespace: {{ ingress_nginx_namespace }}
labels:
- k8s-app: ingress-nginx
+ app.kubernetes.io/name: ingress-nginx
+ app.kubernetes.io/part-of: ingress-nginx
{% if ingress_nginx_configmap_tcp_services %}
data:
{{ ingress_nginx_configmap_tcp_services | to_nice_yaml | indent(2) }}
diff --git a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/cm-udp-services.yml.j2 b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/cm-udp-services.yml.j2
index b343869b7941736ea6f99185877766e3def78aca..a3f6613a4ffa4a82f7e639479bdf3b89bcc2b5ff 100644
--- a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/cm-udp-services.yml.j2
+++ b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/cm-udp-services.yml.j2
@@ -5,7 +5,8 @@ metadata:
name: udp-services
namespace: {{ ingress_nginx_namespace }}
labels:
- k8s-app: ingress-nginx
+ app.kubernetes.io/name: ingress-nginx
+ app.kubernetes.io/part-of: ingress-nginx
{% if ingress_nginx_configmap_udp_services %}
data:
{{ ingress_nginx_configmap_udp_services | to_nice_yaml | indent(2) }}
diff --git a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/deploy-default-backend.yml.j2 b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/deploy-default-backend.yml.j2
index 76d71dd964549872bbdc759577e16d33e062da37..884b6d79b827ab79df7786cb0a3e3c0c4723af29 100644
--- a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/deploy-default-backend.yml.j2
+++ b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/deploy-default-backend.yml.j2
@@ -5,19 +5,19 @@ metadata:
name: default-backend
namespace: {{ ingress_nginx_namespace }}
labels:
- k8s-app: default-backend
- version: v{{ ingress_nginx_default_backend_image_tag }}
+ app.kubernetes.io/name: default-backend
+ app.kubernetes.io/part-of: ingress-nginx
spec:
replicas: 1
selector:
matchLabels:
- k8s-app: default-backend
- version: v{{ ingress_nginx_default_backend_image_tag }}
+ app.kubernetes.io/name: default-backend
+ app.kubernetes.io/part-of: ingress-nginx
template:
metadata:
labels:
- k8s-app: default-backend
- version: v{{ ingress_nginx_default_backend_image_tag }}
+ app.kubernetes.io/name: default-backend
+ app.kubernetes.io/part-of: ingress-nginx
spec:
terminationGracePeriodSeconds: 60
containers:
diff --git a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/ds-ingress-nginx-controller.yml.j2 b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/ds-ingress-nginx-controller.yml.j2
index 490be52fbcfb80d58c057b4c9173128ef873fa6f..1031798af5caa1c9fc387c08f5202285b64c55d4 100644
--- a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/ds-ingress-nginx-controller.yml.j2
+++ b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/ds-ingress-nginx-controller.yml.j2
@@ -5,18 +5,18 @@ metadata:
name: ingress-nginx-controller
namespace: {{ ingress_nginx_namespace }}
labels:
- k8s-app: ingress-nginx
- version: v{{ ingress_nginx_controller_image_tag }}
+ app.kubernetes.io/name: ingress-nginx
+ app.kubernetes.io/part-of: ingress-nginx
spec:
selector:
matchLabels:
- k8s-app: ingress-nginx
- version: v{{ ingress_nginx_controller_image_tag }}
+ app.kubernetes.io/name: ingress-nginx
+ app.kubernetes.io/part-of: ingress-nginx
template:
metadata:
labels:
- k8s-app: ingress-nginx
- version: v{{ ingress_nginx_controller_image_tag }}
+ app.kubernetes.io/name: ingress-nginx
+ app.kubernetes.io/part-of: ingress-nginx
annotations:
prometheus.io/port: '10254'
prometheus.io/scrape: 'true'
diff --git a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/role-ingress-nginx.yml.j2 b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/role-ingress-nginx.yml.j2
index 1f436ba7d28a7cc14d70ee4d7528a00f41b345a8..3148002da7eda15c6fae8da3dd8e80274f2a55c0 100644
--- a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/role-ingress-nginx.yml.j2
+++ b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/role-ingress-nginx.yml.j2
@@ -4,6 +4,9 @@ kind: Role
metadata:
name: ingress-nginx
namespace: {{ ingress_nginx_namespace }}
+ labels:
+ app.kubernetes.io/name: ingress-nginx
+ app.kubernetes.io/part-of: ingress-nginx
rules:
- apiGroups: [""]
resources: ["configmaps", "pods", "secrets", "namespaces"]
@@ -22,11 +25,7 @@ rules:
- apiGroups: [""]
resources: ["endpoints"]
verbs: ["get"]
- - apiGroups:
- - policy
- resourceNames:
- - ingress-nginx
- resources:
- - podsecuritypolicies
- verbs:
- - use
+ - apiGroups: ["policy"]
+ resourceNames: ["ingress-nginx"]
+ resources: ["podsecuritypolicies"]
+ verbs: ["use"]
diff --git a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/rolebinding-ingress-nginx.yml.j2 b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/rolebinding-ingress-nginx.yml.j2
index a6a8dec4ba4a11fcb81c7d49750c4112eb0964dc..4357a2d7742a9d8bd109d988a58661a5522881c9 100644
--- a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/rolebinding-ingress-nginx.yml.j2
+++ b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/rolebinding-ingress-nginx.yml.j2
@@ -4,11 +4,14 @@ kind: RoleBinding
metadata:
name: ingress-nginx
namespace: {{ ingress_nginx_namespace }}
-subjects:
- - kind: ServiceAccount
- name: ingress-nginx
- namespace: {{ ingress_nginx_namespace }}
+ labels:
+ app.kubernetes.io/name: ingress-nginx
+ app.kubernetes.io/part-of: ingress-nginx
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: ingress-nginx
+subjects:
+ - kind: ServiceAccount
+ name: ingress-nginx
+ namespace: {{ ingress_nginx_namespace }}
diff --git a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/sa-ingress-nginx.yml.j2 b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/sa-ingress-nginx.yml.j2
index 55d6d65181f4c0a2b4eef3718e3d4bfdf01bd462..305d553f0403118345eda9be0d846c08208083c3 100644
--- a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/sa-ingress-nginx.yml.j2
+++ b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/sa-ingress-nginx.yml.j2
@@ -4,3 +4,6 @@ kind: ServiceAccount
metadata:
name: ingress-nginx
namespace: {{ ingress_nginx_namespace }}
+ labels:
+ app.kubernetes.io/name: ingress-nginx
+ app.kubernetes.io/part-of: ingress-nginx
diff --git a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/svc-default-backend.yml.j2 b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/svc-default-backend.yml.j2
index 326cc884397c2c75d45e10edb4042abac2761542..8d4ad59916aede33d423980acd8ed9d3e5faa0d9 100644
--- a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/svc-default-backend.yml.j2
+++ b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/svc-default-backend.yml.j2
@@ -5,10 +5,11 @@ metadata:
name: default-backend
namespace: {{ ingress_nginx_namespace }}
labels:
- k8s-app: default-backend
+ app.kubernetes.io/name: default-backend
+ app.kubernetes.io/part-of: ingress-nginx
spec:
ports:
- port: 80
targetPort: 8080
selector:
- k8s-app: default-backend
+ app.kubernetes.io/name: default-backend