From b8cd9403df0fb96d402f656665abdae9be9eb4aa Mon Sep 17 00:00:00 2001
From: Florian Ruynat <florian234@hotmail.com>
Date: Wed, 22 Apr 2020 17:41:52 +0200
Subject: [PATCH] Fix nginx template missing latest changes (#6000)
---
.../clusterrole-ingress-nginx.yml.j2 | 2 +-
.../ds-ingress-nginx-controller.yml.j2 | 15 +++++++++++----
.../templates/role-ingress-nginx.yml.j2 | 19 +++++++++++++++++--
3 files changed, 29 insertions(+), 7 deletions(-)
diff --git a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/clusterrole-ingress-nginx.yml.j2 b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/clusterrole-ingress-nginx.yml.j2
index 3243e32c9..1df91ccd6 100644
--- a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/clusterrole-ingress-nginx.yml.j2
+++ b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/clusterrole-ingress-nginx.yml.j2
@@ -15,7 +15,7 @@ rules:
verbs: ["get"]
- apiGroups: [""]
resources: ["services"]
- verbs: ["get", "list", "watch"]
+ verbs: ["get", "list", "update", "watch"]
- apiGroups: ["extensions","networking.k8s.io"]
resources: ["ingresses"]
verbs: ["get", "list", "watch"]
diff --git a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/ds-ingress-nginx-controller.yml.j2 b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/ds-ingress-nginx-controller.yml.j2
index 2561de074..47f2f1e33 100644
--- a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/ds-ingress-nginx-controller.yml.j2
+++ b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/ds-ingress-nginx-controller.yml.j2
@@ -39,6 +39,11 @@ spec:
- name: ingress-nginx-controller
image: {{ ingress_nginx_controller_image_repo }}:{{ ingress_nginx_controller_image_tag }}
imagePullPolicy: {{ k8s_image_pull_policy }}
+ lifecycle:
+ preStop:
+ exec:
+ command:
+ - /wait-shutdown
args:
- /nginx-ingress-controller
- --configmap=$(POD_NAMESPACE)/ingress-nginx
@@ -84,16 +89,18 @@ spec:
path: /healthz
port: 10254
scheme: HTTP
- initialDelaySeconds: 5
+ initialDelaySeconds: 10
+ periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
- failureThreshold: 10
- readinessProbe:
failureThreshold: 3
+ readinessProbe:
httpGet:
path: /healthz
port: 10254
scheme: HTTP
+ initialDelaySeconds: 10
+ periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
- failureThreshold: 10
+ failureThreshold: 3
diff --git a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/role-ingress-nginx.yml.j2 b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/role-ingress-nginx.yml.j2
index f224fae2c..218b23747 100644
--- a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/role-ingress-nginx.yml.j2
+++ b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/role-ingress-nginx.yml.j2
@@ -9,8 +9,20 @@ metadata:
app.kubernetes.io/part-of: ingress-nginx
rules:
- apiGroups: [""]
- resources: ["configmaps", "pods", "secrets", "namespaces"]
+ resources: ["namespaces"]
verbs: ["get"]
+ - apiGroups: [""]
+ resources: ["configmaps", "pods", "secrets", "endpoints"]
+ verbs: ["get", "list", "watch"]
+ - apiGroups: [""]
+ resources: ["services"]
+ verbs: ["get", "list", "update", "watch"]
+ - apiGroups: ["extensions", "networking.k8s.io"]
+ resources: ["ingresses"]
+ verbs: ["get", "list", "watch"]
+ - apiGroups: ["extensions", "networking.k8s.io"]
+ resources: ["ingresses/status"]
+ verbs: ["update"]
- apiGroups: [""]
resources: ["configmaps"]
# Defaults to "<election-id>-<ingress-class>"
@@ -24,7 +36,10 @@ rules:
verbs: ["create"]
- apiGroups: [""]
resources: ["endpoints"]
- verbs: ["get"]
+ verbs: ["create", "get", "update"]
+ - apiGroups: [""]
+ resources: ["events"]
+ verbs: ["create", "patch"]
- apiGroups: ["policy"]
resourceNames: ["ingress-nginx"]
resources: ["podsecuritypolicies"]
--
GitLab