chore: bump ingress-nginx to 1.12.1

This commit is contained in:
Rob Watson 2025-04-04 09:24:55 +02:00
parent 71027364e1
commit 67ed54afdc
23 changed files with 71 additions and 50 deletions

@ -0,0 +1,6 @@
# Add additional configmap setting required since ingress-nginx 1.12.0.
# https://github.com/kubernetes/ingress-nginx/issues/13104
- op: add
path: /data
value:
annotations-risk-level: Critical

@ -8,10 +8,10 @@ metadata:
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
labels:
helm.sh/chart: ingress-nginx-4.10.0
helm.sh/chart: ingress-nginx-4.12.1
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: "1.10.0"
app.kubernetes.io/version: "1.12.1"
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: admission-webhook

@ -8,10 +8,10 @@ metadata:
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
labels:
helm.sh/chart: ingress-nginx-4.10.0
helm.sh/chart: ingress-nginx-4.12.1
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: "1.10.0"
app.kubernetes.io/version: "1.12.1"
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: admission-webhook

@ -9,10 +9,10 @@ metadata:
"helm.sh/hook": pre-install,pre-upgrade
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
labels:
helm.sh/chart: ingress-nginx-4.10.0
helm.sh/chart: ingress-nginx-4.12.1
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: "1.10.0"
app.kubernetes.io/version: "1.12.1"
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: admission-webhook
@ -21,17 +21,17 @@ spec:
metadata:
name: ingress-nginx-admission-create
labels:
helm.sh/chart: ingress-nginx-4.10.0
helm.sh/chart: ingress-nginx-4.12.1
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: "1.10.0"
app.kubernetes.io/version: "1.12.1"
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: admission-webhook
spec:
containers:
- name: create
image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.0@sha256:44d1d0e9f19c63f58b380c5fddaca7cf22c7cee564adeff365225a5df5ef3334
image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.5.2@sha256:e8825994b7a2c7497375a9b945f386506ca6a3eda80b89b74ef2db743f66a5ea
imagePullPolicy: IfNotPresent
args:
- create
@ -49,6 +49,7 @@ spec:
drop:
- ALL
readOnlyRootFilesystem: true
runAsGroup: 65532
runAsNonRoot: true
runAsUser: 65532
seccompProfile:

@ -9,10 +9,10 @@ metadata:
"helm.sh/hook": post-install,post-upgrade
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
labels:
helm.sh/chart: ingress-nginx-4.10.0
helm.sh/chart: ingress-nginx-4.12.1
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: "1.10.0"
app.kubernetes.io/version: "1.12.1"
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: admission-webhook
@ -21,17 +21,17 @@ spec:
metadata:
name: ingress-nginx-admission-patch
labels:
helm.sh/chart: ingress-nginx-4.10.0
helm.sh/chart: ingress-nginx-4.12.1
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: "1.10.0"
app.kubernetes.io/version: "1.12.1"
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: admission-webhook
spec:
containers:
- name: patch
image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.0@sha256:44d1d0e9f19c63f58b380c5fddaca7cf22c7cee564adeff365225a5df5ef3334
image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.5.2@sha256:e8825994b7a2c7497375a9b945f386506ca6a3eda80b89b74ef2db743f66a5ea
imagePullPolicy: IfNotPresent
args:
- patch
@ -51,6 +51,7 @@ spec:
drop:
- ALL
readOnlyRootFilesystem: true
runAsGroup: 65532
runAsNonRoot: true
runAsUser: 65532
seccompProfile:

@ -9,10 +9,10 @@ metadata:
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
labels:
helm.sh/chart: ingress-nginx-4.10.0
helm.sh/chart: ingress-nginx-4.12.1
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: "1.10.0"
app.kubernetes.io/version: "1.12.1"
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: admission-webhook

@ -9,10 +9,10 @@ metadata:
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
labels:
helm.sh/chart: ingress-nginx-4.10.0
helm.sh/chart: ingress-nginx-4.12.1
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: "1.10.0"
app.kubernetes.io/version: "1.12.1"
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: admission-webhook

@ -9,10 +9,11 @@ metadata:
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
labels:
helm.sh/chart: ingress-nginx-4.10.0
helm.sh/chart: ingress-nginx-4.12.1
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: "1.10.0"
app.kubernetes.io/version: "1.12.1"
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: admission-webhook
automountServiceAccountToken: true

@ -7,10 +7,10 @@ kind: ValidatingWebhookConfiguration
metadata:
annotations:
labels:
helm.sh/chart: ingress-nginx-4.10.0
helm.sh/chart: ingress-nginx-4.12.1
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: "1.10.0"
app.kubernetes.io/version: "1.12.1"
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: admission-webhook
@ -36,4 +36,5 @@ webhooks:
service:
name: ingress-nginx-controller-admission
namespace: default
port: 443
path: /networking/v1/ingresses

@ -4,10 +4,10 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
helm.sh/chart: ingress-nginx-4.10.0
helm.sh/chart: ingress-nginx-4.12.1
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: "1.10.0"
app.kubernetes.io/version: "1.12.1"
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/managed-by: Helm
name: ingress-nginx

@ -4,10 +4,10 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
helm.sh/chart: ingress-nginx-4.10.0
helm.sh/chart: ingress-nginx-4.12.1
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: "1.10.0"
app.kubernetes.io/version: "1.12.1"
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/managed-by: Helm
name: ingress-nginx

@ -4,14 +4,13 @@ apiVersion: v1
kind: ConfigMap
metadata:
labels:
helm.sh/chart: ingress-nginx-4.10.0
helm.sh/chart: ingress-nginx-4.12.1
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: "1.10.0"
app.kubernetes.io/version: "1.12.1"
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: controller
name: ingress-nginx-controller
namespace: default
data:
allow-snippet-annotations: "false"

@ -4,10 +4,10 @@ apiVersion: apps/v1
kind: Deployment
metadata:
labels:
helm.sh/chart: ingress-nginx-4.10.0
helm.sh/chart: ingress-nginx-4.12.1
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: "1.10.0"
app.kubernetes.io/version: "1.12.1"
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: controller
@ -25,10 +25,10 @@ spec:
template:
metadata:
labels:
helm.sh/chart: ingress-nginx-4.10.0
helm.sh/chart: ingress-nginx-4.12.1
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: "1.10.0"
app.kubernetes.io/version: "1.12.1"
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: controller
@ -36,7 +36,7 @@ spec:
dnsPolicy: ClusterFirst
containers:
- name: controller
image: registry.k8s.io/ingress-nginx/controller:v1.10.0@sha256:42b3f0e5d0846876b1791cd3afeb5f1cbbe4259d6f35651dcc1b5c980925379c
image: registry.k8s.io/ingress-nginx/controller:v1.12.1@sha256:d2fbc4ec70d8aa2050dd91a91506e998765e86c96f32cffb56c503c9c34eed5b
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
@ -53,9 +53,11 @@ spec:
- --validating-webhook=:8443
- --validating-webhook-certificate=/usr/local/certificates/cert
- --validating-webhook-key=/usr/local/certificates/key
- --enable-metrics=true
securityContext:
runAsNonRoot: true
runAsUser: 101
runAsGroup: 82
allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault

@ -1,15 +1,13 @@
---
# Source: ingress-nginx/templates/controller-ingressclass.yaml
# We don't support namespaced ingressClass yet
# So a ClusterRole and a ClusterRoleBinding is required
apiVersion: networking.k8s.io/v1
kind: IngressClass
metadata:
labels:
helm.sh/chart: ingress-nginx-4.10.0
helm.sh/chart: ingress-nginx-4.12.1
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: "1.10.0"
app.kubernetes.io/version: "1.12.1"
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: controller

@ -0,0 +1,4 @@
---
# Source: ingress-nginx/templates/controller-poddisruptionbudget.yaml
# PDB is not supported for DaemonSets.
# https://github.com/kubernetes/kubernetes/issues/108124

@ -4,10 +4,10 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
helm.sh/chart: ingress-nginx-4.10.0
helm.sh/chart: ingress-nginx-4.12.1
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: "1.10.0"
app.kubernetes.io/version: "1.12.1"
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: controller

@ -4,10 +4,10 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
helm.sh/chart: ingress-nginx-4.10.0
helm.sh/chart: ingress-nginx-4.12.1
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: "1.10.0"
app.kubernetes.io/version: "1.12.1"
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: controller

@ -7,10 +7,10 @@ metadata:
prometheus.io/port: "10254"
prometheus.io/scrape: "true"
labels:
helm.sh/chart: ingress-nginx-4.10.0
helm.sh/chart: ingress-nginx-4.12.1
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: "1.10.0"
app.kubernetes.io/version: "1.12.1"
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: controller

@ -4,10 +4,10 @@ apiVersion: v1
kind: Service
metadata:
labels:
helm.sh/chart: ingress-nginx-4.10.0
helm.sh/chart: ingress-nginx-4.12.1
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: "1.10.0"
app.kubernetes.io/version: "1.12.1"
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: controller

@ -5,10 +5,10 @@ kind: Service
metadata:
annotations:
labels:
helm.sh/chart: ingress-nginx-4.10.0
helm.sh/chart: ingress-nginx-4.12.1
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: "1.10.0"
app.kubernetes.io/version: "1.12.1"
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: controller

@ -4,10 +4,10 @@ apiVersion: v1
kind: ServiceAccount
metadata:
labels:
helm.sh/chart: ingress-nginx-4.10.0
helm.sh/chart: ingress-nginx-4.12.1
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: "1.10.0"
app.kubernetes.io/version: "1.12.1"
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: controller

@ -134,6 +134,11 @@ patches:
name: ingress-nginx-controller
path: deploy-ingress-nginx.yaml
- target:
kind: ConfigMap
name: ingress-nginx-controller
path: config-map-ingress-nginx.yaml
- target:
kind: Deployment
name: external-dns

@ -8,6 +8,9 @@
- op: add
path: /spec/template/spec/containers/0/args/-
value: "--tcp-services-configmap=$(POD_NAMESPACE)/prod-ingress-nginx-tcp-services"
- op: add
path: /spec/template/spec/containers/0/args/-
value: "--default-ssl-certificate=$(POD_NAMESPACE)/prod-ingress-tls"
- op: replace
path: /spec/template/spec/volumes/0/secret/secretName
value: prod-ingress-nginx-admission