diff --git a/README.md b/README.md
index b36b84df3525d67d9f7c64a21464cd9bd69b431e..a9b248be46f525fc6fbd6ddb2a00c8c7d104987b 100644
--- a/README.md
+++ b/README.md
@@ -152,7 +152,7 @@ Note: Upstart/SysV init based OS types are not supported.
- Application
- [cert-manager](https://github.com/jetstack/cert-manager) v1.8.2
- [coredns](https://github.com/coredns/coredns) v1.8.6
- - [ingress-nginx](https://github.com/kubernetes/ingress-nginx) v1.2.1
+ - [ingress-nginx](https://github.com/kubernetes/ingress-nginx) v1.3.0
- [krew](https://github.com/kubernetes-sigs/krew) v0.4.3
- [argocd](https://argoproj.github.io/) v2.4.3
- [helm](https://helm.sh/) v3.8.2
diff --git a/roles/download/defaults/main.yml b/roles/download/defaults/main.yml
index a94c93b289ff83c93d495ba53bb7d18d0d9c70dd..fb8083098a06dd5273cb62b11289b6b5695d09ac 100644
--- a/roles/download/defaults/main.yml
+++ b/roles/download/defaults/main.yml
@@ -893,7 +893,7 @@ local_path_provisioner_version: "v0.0.21"
local_path_provisioner_image_repo: "{{ docker_image_repo }}/rancher/local-path-provisioner"
local_path_provisioner_image_tag: "{{ local_path_provisioner_version }}"
ingress_nginx_controller_image_repo: "{{ kube_image_repo }}/ingress-nginx/controller"
-ingress_nginx_controller_image_tag: "v1.2.1"
+ingress_nginx_controller_image_tag: "v1.3.0"
ingress_nginx_kube_webhook_certgen_imae_repo: "{{ kube_image_repo }}/ingress-nginx/kube-webhook-certgen"
ingress_nginx_kube_webhook_certgen_imae_tag: "v1.1.1"
alb_ingress_image_repo: "{{ docker_image_repo }}/amazon/aws-alb-ingress-controller"
diff --git a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/clusterrole-ingress-nginx.yml.j2 b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/clusterrole-ingress-nginx.yml.j2
index 5d1e570818a43fe16dae5f07656b146dd577b60c..80d25df5a30d479479929e28a342957b3195de53 100644
--- a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/clusterrole-ingress-nginx.yml.j2
+++ b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/clusterrole-ingress-nginx.yml.j2
@@ -28,3 +28,6 @@ rules:
- apiGroups: ["networking.k8s.io"]
resources: ["ingressclasses"]
verbs: ["get", "list", "watch"]
+ - apiGroups: ["coordination.k8s.io"]
+ resources: ["leases"]
+ verbs: ["list", "watch"]
diff --git a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/role-ingress-nginx.yml.j2 b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/role-ingress-nginx.yml.j2
index 3c408e3dc80bbc0ed717afe5eb7c89a666d5bd3a..15feea81655bc51241173ee8238be74b19682ba6 100644
--- a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/role-ingress-nginx.yml.j2
+++ b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/role-ingress-nginx.yml.j2
@@ -34,6 +34,14 @@ rules:
# when launching the nginx-ingress-controller.
resourceNames: ["ingress-controller-leader-{{ ingress_nginx_class | default('nginx') }}"]
verbs: ["get", "update"]
+ - apiGroups: ["coordination.k8s.io"]
+ resources: ["leases"]
+ # Defaults to "<election-id>-<ingress-class>"
+ # Here: "<ingress-controller-leader>-<nginx>"
+ # This has to be adapted if you change either parameter
+ # when launching the nginx-ingress-controller.
+ resourceNames: ["ingress-controller-leader-{{ ingress_nginx_class | default('nginx') }}"]
+ verbs: ["get", "update"]
- apiGroups: [""]
resources: ["configmaps"]
verbs: ["create", "update"]
@@ -44,3 +52,14 @@ rules:
resourceNames: ["ingress-nginx"]
resources: ["podsecuritypolicies"]
verbs: ["use"]
+ - apiGroups: ["coordination.k8s.io"]
+ resources: ["leases"]
+ # Defaults to "<election-id>-<ingress-class>"
+ # Here: "<ingress-controller-leader>-<nginx>"
+ # This has to be adapted if you change either parameter
+ # when launching the nginx-ingress-controller.
+ resourceNames: ["ingress-controller-leader-{{ ingress_nginx_class | default('nginx') }}"]
+ verbs: ["get", "update"]
+ - apiGroups: ["coordination.k8s.io"]
+ resources: ["leases"]
+ verbs: ["create"]