chore: bump ingress-nginx to 1.12.1
This commit is contained in:
parent
71027364e1
commit
67ed54afdc
deploy
base
config-map-ingress-nginx.yamlclusterrole.yamlclusterrolebinding.yamlcontroller-configmap.yamlcontroller-deployment.yamlcontroller-ingressclass.yamlcontroller-poddisruptionbudget.yamlcontroller-role.yamlcontroller-rolebinding.yamlcontroller-service-metrics.yamlcontroller-service-webhook.yamlcontroller-service.yamlcontroller-serviceaccount.yamlkustomization.yaml
inflated/ingress-nginx/templates
admission-webhooks
job-patch
clusterrole.yamlclusterrolebinding.yamljob-createSecret.yamljob-patchWebhook.yamlrole.yamlrolebinding.yamlserviceaccount.yaml
validating-webhook.yamlprod
6
deploy/base/config-map-ingress-nginx.yaml
Normal file
6
deploy/base/config-map-ingress-nginx.yaml
Normal file
@ -0,0 +1,6 @@
|
||||
# Add additional configmap setting required since ingress-nginx 1.12.0.
|
||||
# https://github.com/kubernetes/ingress-nginx/issues/13104
|
||||
- op: add
|
||||
path: /data
|
||||
value:
|
||||
annotations-risk-level: Critical
|
@ -8,10 +8,10 @@ metadata:
|
||||
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
|
||||
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-4.10.0
|
||||
helm.sh/chart: ingress-nginx-4.12.1
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: "1.10.0"
|
||||
app.kubernetes.io/version: "1.12.1"
|
||||
app.kubernetes.io/part-of: ingress-nginx
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
|
@ -8,10 +8,10 @@ metadata:
|
||||
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
|
||||
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-4.10.0
|
||||
helm.sh/chart: ingress-nginx-4.12.1
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: "1.10.0"
|
||||
app.kubernetes.io/version: "1.12.1"
|
||||
app.kubernetes.io/part-of: ingress-nginx
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
|
@ -9,10 +9,10 @@ metadata:
|
||||
"helm.sh/hook": pre-install,pre-upgrade
|
||||
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-4.10.0
|
||||
helm.sh/chart: ingress-nginx-4.12.1
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: "1.10.0"
|
||||
app.kubernetes.io/version: "1.12.1"
|
||||
app.kubernetes.io/part-of: ingress-nginx
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
@ -21,17 +21,17 @@ spec:
|
||||
metadata:
|
||||
name: ingress-nginx-admission-create
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-4.10.0
|
||||
helm.sh/chart: ingress-nginx-4.12.1
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: "1.10.0"
|
||||
app.kubernetes.io/version: "1.12.1"
|
||||
app.kubernetes.io/part-of: ingress-nginx
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
spec:
|
||||
containers:
|
||||
- name: create
|
||||
image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.0@sha256:44d1d0e9f19c63f58b380c5fddaca7cf22c7cee564adeff365225a5df5ef3334
|
||||
image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.5.2@sha256:e8825994b7a2c7497375a9b945f386506ca6a3eda80b89b74ef2db743f66a5ea
|
||||
imagePullPolicy: IfNotPresent
|
||||
args:
|
||||
- create
|
||||
@ -49,6 +49,7 @@ spec:
|
||||
drop:
|
||||
- ALL
|
||||
readOnlyRootFilesystem: true
|
||||
runAsGroup: 65532
|
||||
runAsNonRoot: true
|
||||
runAsUser: 65532
|
||||
seccompProfile:
|
||||
|
@ -9,10 +9,10 @@ metadata:
|
||||
"helm.sh/hook": post-install,post-upgrade
|
||||
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-4.10.0
|
||||
helm.sh/chart: ingress-nginx-4.12.1
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: "1.10.0"
|
||||
app.kubernetes.io/version: "1.12.1"
|
||||
app.kubernetes.io/part-of: ingress-nginx
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
@ -21,17 +21,17 @@ spec:
|
||||
metadata:
|
||||
name: ingress-nginx-admission-patch
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-4.10.0
|
||||
helm.sh/chart: ingress-nginx-4.12.1
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: "1.10.0"
|
||||
app.kubernetes.io/version: "1.12.1"
|
||||
app.kubernetes.io/part-of: ingress-nginx
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
spec:
|
||||
containers:
|
||||
- name: patch
|
||||
image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.0@sha256:44d1d0e9f19c63f58b380c5fddaca7cf22c7cee564adeff365225a5df5ef3334
|
||||
image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.5.2@sha256:e8825994b7a2c7497375a9b945f386506ca6a3eda80b89b74ef2db743f66a5ea
|
||||
imagePullPolicy: IfNotPresent
|
||||
args:
|
||||
- patch
|
||||
@ -51,6 +51,7 @@ spec:
|
||||
drop:
|
||||
- ALL
|
||||
readOnlyRootFilesystem: true
|
||||
runAsGroup: 65532
|
||||
runAsNonRoot: true
|
||||
runAsUser: 65532
|
||||
seccompProfile:
|
||||
|
@ -9,10 +9,10 @@ metadata:
|
||||
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
|
||||
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-4.10.0
|
||||
helm.sh/chart: ingress-nginx-4.12.1
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: "1.10.0"
|
||||
app.kubernetes.io/version: "1.12.1"
|
||||
app.kubernetes.io/part-of: ingress-nginx
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
|
@ -9,10 +9,10 @@ metadata:
|
||||
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
|
||||
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-4.10.0
|
||||
helm.sh/chart: ingress-nginx-4.12.1
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: "1.10.0"
|
||||
app.kubernetes.io/version: "1.12.1"
|
||||
app.kubernetes.io/part-of: ingress-nginx
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
|
@ -9,10 +9,11 @@ metadata:
|
||||
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
|
||||
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-4.10.0
|
||||
helm.sh/chart: ingress-nginx-4.12.1
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: "1.10.0"
|
||||
app.kubernetes.io/version: "1.12.1"
|
||||
app.kubernetes.io/part-of: ingress-nginx
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
automountServiceAccountToken: true
|
||||
|
@ -7,10 +7,10 @@ kind: ValidatingWebhookConfiguration
|
||||
metadata:
|
||||
annotations:
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-4.10.0
|
||||
helm.sh/chart: ingress-nginx-4.12.1
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: "1.10.0"
|
||||
app.kubernetes.io/version: "1.12.1"
|
||||
app.kubernetes.io/part-of: ingress-nginx
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
@ -36,4 +36,5 @@ webhooks:
|
||||
service:
|
||||
name: ingress-nginx-controller-admission
|
||||
namespace: default
|
||||
port: 443
|
||||
path: /networking/v1/ingresses
|
||||
|
@ -4,10 +4,10 @@ apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-4.10.0
|
||||
helm.sh/chart: ingress-nginx-4.12.1
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: "1.10.0"
|
||||
app.kubernetes.io/version: "1.12.1"
|
||||
app.kubernetes.io/part-of: ingress-nginx
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
name: ingress-nginx
|
||||
|
@ -4,10 +4,10 @@ apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-4.10.0
|
||||
helm.sh/chart: ingress-nginx-4.12.1
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: "1.10.0"
|
||||
app.kubernetes.io/version: "1.12.1"
|
||||
app.kubernetes.io/part-of: ingress-nginx
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
name: ingress-nginx
|
||||
|
@ -4,14 +4,13 @@ apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-4.10.0
|
||||
helm.sh/chart: ingress-nginx-4.12.1
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: "1.10.0"
|
||||
app.kubernetes.io/version: "1.12.1"
|
||||
app.kubernetes.io/part-of: ingress-nginx
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: controller
|
||||
name: ingress-nginx-controller
|
||||
namespace: default
|
||||
data:
|
||||
allow-snippet-annotations: "false"
|
||||
|
@ -4,10 +4,10 @@ apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-4.10.0
|
||||
helm.sh/chart: ingress-nginx-4.12.1
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: "1.10.0"
|
||||
app.kubernetes.io/version: "1.12.1"
|
||||
app.kubernetes.io/part-of: ingress-nginx
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: controller
|
||||
@ -25,10 +25,10 @@ spec:
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-4.10.0
|
||||
helm.sh/chart: ingress-nginx-4.12.1
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: "1.10.0"
|
||||
app.kubernetes.io/version: "1.12.1"
|
||||
app.kubernetes.io/part-of: ingress-nginx
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: controller
|
||||
@ -36,7 +36,7 @@ spec:
|
||||
dnsPolicy: ClusterFirst
|
||||
containers:
|
||||
- name: controller
|
||||
image: registry.k8s.io/ingress-nginx/controller:v1.10.0@sha256:42b3f0e5d0846876b1791cd3afeb5f1cbbe4259d6f35651dcc1b5c980925379c
|
||||
image: registry.k8s.io/ingress-nginx/controller:v1.12.1@sha256:d2fbc4ec70d8aa2050dd91a91506e998765e86c96f32cffb56c503c9c34eed5b
|
||||
imagePullPolicy: IfNotPresent
|
||||
lifecycle:
|
||||
preStop:
|
||||
@ -53,9 +53,11 @@ spec:
|
||||
- --validating-webhook=:8443
|
||||
- --validating-webhook-certificate=/usr/local/certificates/cert
|
||||
- --validating-webhook-key=/usr/local/certificates/key
|
||||
- --enable-metrics=true
|
||||
securityContext:
|
||||
runAsNonRoot: true
|
||||
runAsUser: 101
|
||||
runAsGroup: 82
|
||||
allowPrivilegeEscalation: false
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
|
@ -1,15 +1,13 @@
|
||||
---
|
||||
# Source: ingress-nginx/templates/controller-ingressclass.yaml
|
||||
# We don't support namespaced ingressClass yet
|
||||
# So a ClusterRole and a ClusterRoleBinding is required
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: IngressClass
|
||||
metadata:
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-4.10.0
|
||||
helm.sh/chart: ingress-nginx-4.12.1
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: "1.10.0"
|
||||
app.kubernetes.io/version: "1.12.1"
|
||||
app.kubernetes.io/part-of: ingress-nginx
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: controller
|
||||
|
@ -0,0 +1,4 @@
|
||||
---
|
||||
# Source: ingress-nginx/templates/controller-poddisruptionbudget.yaml
|
||||
# PDB is not supported for DaemonSets.
|
||||
# https://github.com/kubernetes/kubernetes/issues/108124
|
@ -4,10 +4,10 @@ apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
metadata:
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-4.10.0
|
||||
helm.sh/chart: ingress-nginx-4.12.1
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: "1.10.0"
|
||||
app.kubernetes.io/version: "1.12.1"
|
||||
app.kubernetes.io/part-of: ingress-nginx
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: controller
|
||||
|
@ -4,10 +4,10 @@ apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-4.10.0
|
||||
helm.sh/chart: ingress-nginx-4.12.1
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: "1.10.0"
|
||||
app.kubernetes.io/version: "1.12.1"
|
||||
app.kubernetes.io/part-of: ingress-nginx
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: controller
|
||||
|
@ -7,10 +7,10 @@ metadata:
|
||||
prometheus.io/port: "10254"
|
||||
prometheus.io/scrape: "true"
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-4.10.0
|
||||
helm.sh/chart: ingress-nginx-4.12.1
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: "1.10.0"
|
||||
app.kubernetes.io/version: "1.12.1"
|
||||
app.kubernetes.io/part-of: ingress-nginx
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: controller
|
||||
|
@ -4,10 +4,10 @@ apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-4.10.0
|
||||
helm.sh/chart: ingress-nginx-4.12.1
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: "1.10.0"
|
||||
app.kubernetes.io/version: "1.12.1"
|
||||
app.kubernetes.io/part-of: ingress-nginx
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: controller
|
||||
|
@ -5,10 +5,10 @@ kind: Service
|
||||
metadata:
|
||||
annotations:
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-4.10.0
|
||||
helm.sh/chart: ingress-nginx-4.12.1
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: "1.10.0"
|
||||
app.kubernetes.io/version: "1.12.1"
|
||||
app.kubernetes.io/part-of: ingress-nginx
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: controller
|
||||
|
@ -4,10 +4,10 @@ apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-4.10.0
|
||||
helm.sh/chart: ingress-nginx-4.12.1
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: "1.10.0"
|
||||
app.kubernetes.io/version: "1.12.1"
|
||||
app.kubernetes.io/part-of: ingress-nginx
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: controller
|
||||
|
@ -134,6 +134,11 @@ patches:
|
||||
name: ingress-nginx-controller
|
||||
path: deploy-ingress-nginx.yaml
|
||||
|
||||
- target:
|
||||
kind: ConfigMap
|
||||
name: ingress-nginx-controller
|
||||
path: config-map-ingress-nginx.yaml
|
||||
|
||||
- target:
|
||||
kind: Deployment
|
||||
name: external-dns
|
||||
|
@ -8,6 +8,9 @@
|
||||
- op: add
|
||||
path: /spec/template/spec/containers/0/args/-
|
||||
value: "--tcp-services-configmap=$(POD_NAMESPACE)/prod-ingress-nginx-tcp-services"
|
||||
- op: add
|
||||
path: /spec/template/spec/containers/0/args/-
|
||||
value: "--default-ssl-certificate=$(POD_NAMESPACE)/prod-ingress-tls"
|
||||
- op: replace
|
||||
path: /spec/template/spec/volumes/0/secret/secretName
|
||||
value: prod-ingress-nginx-admission
|
||||
|
Loading…
x
Reference in New Issue
Block a user