diff --git a/k8s/ingress-nginx.yml b/k8s/ingress-nginx.yml index 2f31d11..df80ea4 100644 --- a/k8s/ingress-nginx.yml +++ b/k8s/ingress-nginx.yml @@ -1,4 +1,4 @@ -# From https://github.com/kubernetes/ingress-nginx/blob/controller-v1.4.0/deploy/static/provider/baremetal/deploy.yaml +# remram44: From https://github.com/kubernetes/ingress-nginx/raw/controller-v1.9.3/deploy/static/provider/baremetal/deploy.yaml # remram44: Changed Service to a static NodePort --- apiVersion: v1 @@ -18,7 +18,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.9.3 name: ingress-nginx namespace: ingress-nginx --- @@ -30,7 +30,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.9.3 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -42,7 +42,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.9.3 name: ingress-nginx namespace: ingress-nginx rules: @@ -93,25 +93,10 @@ rules: - get - list - watch -- apiGroups: - - "" - resourceNames: - - ingress-controller-leader - resources: - - configmaps - verbs: - - get - - update -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create - apiGroups: - coordination.k8s.io resourceNames: - - ingress-controller-leader + - ingress-nginx-leader resources: - leases verbs: @@ -147,7 +132,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.9.3 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -166,7 +151,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.9.3 name: ingress-nginx rules: - apiGroups: @@ -248,7 +233,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.9.3 name: ingress-nginx-admission rules: - apiGroups: @@ -267,7 +252,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.9.3 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -287,7 +272,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.9.3 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -306,7 +291,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.9.3 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -325,7 +310,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.9.3 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -338,7 +323,7 @@ subjects: --- apiVersion: v1 data: - allow-snippet-annotations: "true" + allow-snippet-annotations: "false" kind: ConfigMap metadata: labels: @@ -346,7 +331,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.9.3 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -358,7 +343,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.9.3 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -392,7 +377,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.9.3 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -415,7 +400,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.9.3 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -426,17 +411,23 @@ spec: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx + strategy: + rollingUpdate: + maxUnavailable: 1 + type: RollingUpdate template: metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.9.3 spec: containers: - args: - /nginx-ingress-controller - - --election-id=ingress-controller-leader + - --election-id=ingress-nginx-leader - --controller-class=k8s.io/ingress-nginx - --ingress-class=nginx - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller @@ -454,7 +445,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.4.0@sha256:34ee929b111ffc7aa426ffd409af44da48e5a0eea1eb2207994d9e0c0882d143 + image: registry.k8s.io/ingress-nginx/controller:v1.9.3@sha256:8fd21d59428507671ce0fb47f818b1d859c92d2ad07bb7c947268d433030ba98 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -526,7 +517,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.9.3 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -537,7 +528,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.9.3 name: ingress-nginx-admission-create spec: containers: @@ -551,7 +542,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20231011-8b53cabe0@sha256:a7943503b45d552785aa3b5e457f169a5661fb94d82b8a3373bcd9ebaf9aac80 imagePullPolicy: IfNotPresent name: create securityContext: @@ -573,7 +564,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.9.3 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -584,7 +575,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.9.3 name: ingress-nginx-admission-patch spec: containers: @@ -600,7 +591,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20231011-8b53cabe0@sha256:a7943503b45d552785aa3b5e457f169a5661fb94d82b8a3373bcd9ebaf9aac80 imagePullPolicy: IfNotPresent name: patch securityContext: @@ -622,11 +613,34 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.9.3 name: nginx spec: controller: k8s.io/ingress-nginx --- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + labels: + app.kubernetes.io/component: admission-webhook + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.9.3 + name: ingress-nginx-admission + namespace: ingress-nginx +spec: + egress: + - {} + podSelector: + matchLabels: + app.kubernetes.io/component: admission-webhook + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/name: ingress-nginx + policyTypes: + - Ingress + - Egress +--- apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration metadata: @@ -635,7 +649,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.9.3 name: ingress-nginx-admission webhooks: - admissionReviewVersions: