diff --git a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/clusterrole-ingress-nginx.yml.j2 b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/clusterrole-ingress-nginx.yml.j2
index 3243e32c967ab1dbb7ee8d3e32bfc1c471314fe1..1df91ccd6e80131e20231fbd58b15bcebf62c591 100644
--- a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/clusterrole-ingress-nginx.yml.j2
+++ b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/clusterrole-ingress-nginx.yml.j2
@@ -15,7 +15,7 @@ rules:
verbs: ["get"]
- apiGroups: [""]
resources: ["services"]
- verbs: ["get", "list", "watch"]
+ verbs: ["get", "list", "update", "watch"]
- apiGroups: ["extensions","networking.k8s.io"]
resources: ["ingresses"]
verbs: ["get", "list", "watch"]
diff --git a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/ds-ingress-nginx-controller.yml.j2 b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/ds-ingress-nginx-controller.yml.j2
index 2561de074ab5118a7c8f41098a5eeb4d06bfefaa..47f2f1e336f9a828c838257d8ff05e3a39bdd167 100644
--- a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/ds-ingress-nginx-controller.yml.j2
+++ b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/ds-ingress-nginx-controller.yml.j2
@@ -39,6 +39,11 @@ spec:
- name: ingress-nginx-controller
image: {{ ingress_nginx_controller_image_repo }}:{{ ingress_nginx_controller_image_tag }}
imagePullPolicy: {{ k8s_image_pull_policy }}
+ lifecycle:
+ preStop:
+ exec:
+ command:
+ - /wait-shutdown
args:
- /nginx-ingress-controller
- --configmap=$(POD_NAMESPACE)/ingress-nginx
@@ -84,16 +89,18 @@ spec:
path: /healthz
port: 10254
scheme: HTTP
- initialDelaySeconds: 5
+ initialDelaySeconds: 10
+ periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
- failureThreshold: 10
- readinessProbe:
failureThreshold: 3
+ readinessProbe:
httpGet:
path: /healthz
port: 10254
scheme: HTTP
+ initialDelaySeconds: 10
+ periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
- failureThreshold: 10
+ failureThreshold: 3
diff --git a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/role-ingress-nginx.yml.j2 b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/role-ingress-nginx.yml.j2
index f224fae2c2842722e84c6684a0aedcee3aa14b39..218b23747a80025a0809159f03fa2b347c9547d1 100644
--- a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/role-ingress-nginx.yml.j2
+++ b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/role-ingress-nginx.yml.j2
@@ -9,8 +9,20 @@ metadata:
app.kubernetes.io/part-of: ingress-nginx
rules:
- apiGroups: [""]
- resources: ["configmaps", "pods", "secrets", "namespaces"]
+ resources: ["namespaces"]
verbs: ["get"]
+ - apiGroups: [""]
+ resources: ["configmaps", "pods", "secrets", "endpoints"]
+ verbs: ["get", "list", "watch"]
+ - apiGroups: [""]
+ resources: ["services"]
+ verbs: ["get", "list", "update", "watch"]
+ - apiGroups: ["extensions", "networking.k8s.io"]
+ resources: ["ingresses"]
+ verbs: ["get", "list", "watch"]
+ - apiGroups: ["extensions", "networking.k8s.io"]
+ resources: ["ingresses/status"]
+ verbs: ["update"]
- apiGroups: [""]
resources: ["configmaps"]
# Defaults to "<election-id>-<ingress-class>"
@@ -24,7 +36,10 @@ rules:
verbs: ["create"]
- apiGroups: [""]
resources: ["endpoints"]
- verbs: ["get"]
+ verbs: ["create", "get", "update"]
+ - apiGroups: [""]
+ resources: ["events"]
+ verbs: ["create", "patch"]
- apiGroups: ["policy"]
resourceNames: ["ingress-nginx"]
resources: ["podsecuritypolicies"]