From 9fc8f9a07d99a4864d718f92721888906be45ae4 Mon Sep 17 00:00:00 2001
From: Wong Hoi Sing Edison <hswong3i@gmail.com>
Date: Sun, 2 Sep 2018 12:19:38 +0800
Subject: [PATCH] ingress-nginx: Upgrade to 0.19.0
Upstream Changes:
- ingress-nginx 0.19.0 (https://github.com/kubernetes/ingress-nginx/releases/tag/nginx-0.19.0)
Our Changes:
- Sync templates with upstream changes
---
README.md | 2 +-
roles/download/defaults/main.yml | 2 +-
.../templates/clusterrole-ingress-nginx.yml.j2 | 4 +++-
.../clusterrolebinding-ingress-nginx.yml.j2 | 11 +++++++----
.../templates/cm-ingress-nginx.yml.j2 | 3 ++-
.../templates/cm-tcp-services.yml.j2 | 3 ++-
.../templates/cm-udp-services.yml.j2 | 3 ++-
.../templates/deploy-default-backend.yml.j2 | 12 ++++++------
.../templates/ds-ingress-nginx-controller.yml.j2 | 12 ++++++------
.../templates/role-ingress-nginx.yml.j2 | 15 +++++++--------
.../templates/rolebinding-ingress-nginx.yml.j2 | 11 +++++++----
.../templates/sa-ingress-nginx.yml.j2 | 3 +++
.../templates/svc-default-backend.yml.j2 | 5 +++--
13 files changed, 50 insertions(+), 36 deletions(-)
diff --git a/README.md b/README.md
index c330e9663..0d7d885f4 100644
--- a/README.md
+++ b/README.md
@@ -105,7 +105,7 @@ Supported Components
- [cephfs-provisioner](https://github.com/kubernetes-incubator/external-storage) v2.1.0-k8s1.11
- [cert-manager](https://github.com/jetstack/cert-manager) v0.4.1
- [coredns](https://github.com/coredns/coredns) v1.2.2
- - [ingress-nginx](https://github.com/kubernetes/ingress-nginx) v0.18.0
+ - [ingress-nginx](https://github.com/kubernetes/ingress-nginx) v0.19.0
Note: kubernetes doesn't support newer docker versions. Among other things kubelet currently breaks on docker's non-standard version numbering (it no longer uses semantic versioning). To ensure auto-updates don't break your cluster look into e.g. yum versionlock plugin or apt pin).
diff --git a/roles/download/defaults/main.yml b/roles/download/defaults/main.yml
index 992209f5c..35f1a8dc4 100644
--- a/roles/download/defaults/main.yml
+++ b/roles/download/defaults/main.yml
@@ -151,7 +151,7 @@ local_volume_provisioner_image_tag: "v2.1.0"
cephfs_provisioner_image_repo: "quay.io/external_storage/cephfs-provisioner"
cephfs_provisioner_image_tag: "v2.1.0-k8s1.11"
ingress_nginx_controller_image_repo: "quay.io/kubernetes-ingress-controller/nginx-ingress-controller"
-ingress_nginx_controller_image_tag: "0.18.0"
+ingress_nginx_controller_image_tag: "0.19.0"
ingress_nginx_default_backend_image_repo: "gcr.io/google_containers/defaultbackend"
ingress_nginx_default_backend_image_tag: "1.4"
cert_manager_version: "v0.4.1"
diff --git a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/clusterrole-ingress-nginx.yml.j2 b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/clusterrole-ingress-nginx.yml.j2
index e6c36ef30..7cc6870e5 100644
--- a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/clusterrole-ingress-nginx.yml.j2
+++ b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/clusterrole-ingress-nginx.yml.j2
@@ -3,7 +3,9 @@ apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: ingress-nginx
- namespace: {{ ingress_nginx_namespace }}
+ labels:
+ app.kubernetes.io/name: ingress-nginx
+ app.kubernetes.io/part-of: ingress-nginx
rules:
- apiGroups: [""]
resources: ["configmaps", "endpoints", "nodes", "pods", "secrets"]
diff --git a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/clusterrolebinding-ingress-nginx.yml.j2 b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/clusterrolebinding-ingress-nginx.yml.j2
index 8d14af4b7..67aa97f8b 100644
--- a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/clusterrolebinding-ingress-nginx.yml.j2
+++ b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/clusterrolebinding-ingress-nginx.yml.j2
@@ -4,11 +4,14 @@ kind: ClusterRoleBinding
metadata:
name: ingress-nginx
namespace: {{ ingress_nginx_namespace }}
+ labels:
+ app.kubernetes.io/name: ingress-nginx
+ app.kubernetes.io/part-of: ingress-nginx
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: ingress-nginx
subjects:
- kind: ServiceAccount
name: ingress-nginx
namespace: {{ ingress_nginx_namespace }}
-roleRef:
- kind: ClusterRole
- name: ingress-nginx
- apiGroup: rbac.authorization.k8s.io
diff --git a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/cm-ingress-nginx.yml.j2 b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/cm-ingress-nginx.yml.j2
index 00c44a97b..9f1e3bb36 100644
--- a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/cm-ingress-nginx.yml.j2
+++ b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/cm-ingress-nginx.yml.j2
@@ -5,7 +5,8 @@ metadata:
name: ingress-nginx
namespace: {{ ingress_nginx_namespace }}
labels:
- k8s-app: ingress-nginx
+ app.kubernetes.io/name: ingress-nginx
+ app.kubernetes.io/part-of: ingress-nginx
{% if ingress_nginx_configmap %}
data:
{{ ingress_nginx_configmap | to_nice_yaml | indent(2) }}
diff --git a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/cm-tcp-services.yml.j2 b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/cm-tcp-services.yml.j2
index d97c42d97..97520816c 100644
--- a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/cm-tcp-services.yml.j2
+++ b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/cm-tcp-services.yml.j2
@@ -5,7 +5,8 @@ metadata:
name: tcp-services
namespace: {{ ingress_nginx_namespace }}
labels:
- k8s-app: ingress-nginx
+ app.kubernetes.io/name: ingress-nginx
+ app.kubernetes.io/part-of: ingress-nginx
{% if ingress_nginx_configmap_tcp_services %}
data:
{{ ingress_nginx_configmap_tcp_services | to_nice_yaml | indent(2) }}
diff --git a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/cm-udp-services.yml.j2 b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/cm-udp-services.yml.j2
index b343869b7..a3f6613a4 100644
--- a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/cm-udp-services.yml.j2
+++ b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/cm-udp-services.yml.j2
@@ -5,7 +5,8 @@ metadata:
name: udp-services
namespace: {{ ingress_nginx_namespace }}
labels:
- k8s-app: ingress-nginx
+ app.kubernetes.io/name: ingress-nginx
+ app.kubernetes.io/part-of: ingress-nginx
{% if ingress_nginx_configmap_udp_services %}
data:
{{ ingress_nginx_configmap_udp_services | to_nice_yaml | indent(2) }}
diff --git a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/deploy-default-backend.yml.j2 b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/deploy-default-backend.yml.j2
index 76d71dd96..884b6d79b 100644
--- a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/deploy-default-backend.yml.j2
+++ b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/deploy-default-backend.yml.j2
@@ -5,19 +5,19 @@ metadata:
name: default-backend
namespace: {{ ingress_nginx_namespace }}
labels:
- k8s-app: default-backend
- version: v{{ ingress_nginx_default_backend_image_tag }}
+ app.kubernetes.io/name: default-backend
+ app.kubernetes.io/part-of: ingress-nginx
spec:
replicas: 1
selector:
matchLabels:
- k8s-app: default-backend
- version: v{{ ingress_nginx_default_backend_image_tag }}
+ app.kubernetes.io/name: default-backend
+ app.kubernetes.io/part-of: ingress-nginx
template:
metadata:
labels:
- k8s-app: default-backend
- version: v{{ ingress_nginx_default_backend_image_tag }}
+ app.kubernetes.io/name: default-backend
+ app.kubernetes.io/part-of: ingress-nginx
spec:
terminationGracePeriodSeconds: 60
containers:
diff --git a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/ds-ingress-nginx-controller.yml.j2 b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/ds-ingress-nginx-controller.yml.j2
index 490be52fb..1031798af 100644
--- a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/ds-ingress-nginx-controller.yml.j2
+++ b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/ds-ingress-nginx-controller.yml.j2
@@ -5,18 +5,18 @@ metadata:
name: ingress-nginx-controller
namespace: {{ ingress_nginx_namespace }}
labels:
- k8s-app: ingress-nginx
- version: v{{ ingress_nginx_controller_image_tag }}
+ app.kubernetes.io/name: ingress-nginx
+ app.kubernetes.io/part-of: ingress-nginx
spec:
selector:
matchLabels:
- k8s-app: ingress-nginx
- version: v{{ ingress_nginx_controller_image_tag }}
+ app.kubernetes.io/name: ingress-nginx
+ app.kubernetes.io/part-of: ingress-nginx
template:
metadata:
labels:
- k8s-app: ingress-nginx
- version: v{{ ingress_nginx_controller_image_tag }}
+ app.kubernetes.io/name: ingress-nginx
+ app.kubernetes.io/part-of: ingress-nginx
annotations:
prometheus.io/port: '10254'
prometheus.io/scrape: 'true'
diff --git a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/role-ingress-nginx.yml.j2 b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/role-ingress-nginx.yml.j2
index 1f436ba7d..3148002da 100644
--- a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/role-ingress-nginx.yml.j2
+++ b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/role-ingress-nginx.yml.j2
@@ -4,6 +4,9 @@ kind: Role
metadata:
name: ingress-nginx
namespace: {{ ingress_nginx_namespace }}
+ labels:
+ app.kubernetes.io/name: ingress-nginx
+ app.kubernetes.io/part-of: ingress-nginx
rules:
- apiGroups: [""]
resources: ["configmaps", "pods", "secrets", "namespaces"]
@@ -22,11 +25,7 @@ rules:
- apiGroups: [""]
resources: ["endpoints"]
verbs: ["get"]
- - apiGroups:
- - policy
- resourceNames:
- - ingress-nginx
- resources:
- - podsecuritypolicies
- verbs:
- - use
+ - apiGroups: ["policy"]
+ resourceNames: ["ingress-nginx"]
+ resources: ["podsecuritypolicies"]
+ verbs: ["use"]
diff --git a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/rolebinding-ingress-nginx.yml.j2 b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/rolebinding-ingress-nginx.yml.j2
index a6a8dec4b..4357a2d77 100644
--- a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/rolebinding-ingress-nginx.yml.j2
+++ b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/rolebinding-ingress-nginx.yml.j2
@@ -4,11 +4,14 @@ kind: RoleBinding
metadata:
name: ingress-nginx
namespace: {{ ingress_nginx_namespace }}
-subjects:
- - kind: ServiceAccount
- name: ingress-nginx
- namespace: {{ ingress_nginx_namespace }}
+ labels:
+ app.kubernetes.io/name: ingress-nginx
+ app.kubernetes.io/part-of: ingress-nginx
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: ingress-nginx
+subjects:
+ - kind: ServiceAccount
+ name: ingress-nginx
+ namespace: {{ ingress_nginx_namespace }}
diff --git a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/sa-ingress-nginx.yml.j2 b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/sa-ingress-nginx.yml.j2
index 55d6d6518..305d553f0 100644
--- a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/sa-ingress-nginx.yml.j2
+++ b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/sa-ingress-nginx.yml.j2
@@ -4,3 +4,6 @@ kind: ServiceAccount
metadata:
name: ingress-nginx
namespace: {{ ingress_nginx_namespace }}
+ labels:
+ app.kubernetes.io/name: ingress-nginx
+ app.kubernetes.io/part-of: ingress-nginx
diff --git a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/svc-default-backend.yml.j2 b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/svc-default-backend.yml.j2
index 326cc8843..8d4ad5991 100644
--- a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/svc-default-backend.yml.j2
+++ b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/svc-default-backend.yml.j2
@@ -5,10 +5,11 @@ metadata:
name: default-backend
namespace: {{ ingress_nginx_namespace }}
labels:
- k8s-app: default-backend
+ app.kubernetes.io/name: default-backend
+ app.kubernetes.io/part-of: ingress-nginx
spec:
ports:
- port: 80
targetPort: 8080
selector:
- k8s-app: default-backend
+ app.kubernetes.io/name: default-backend
--
GitLab