diff --git a/deploy/base/config-map-ingress-nginx.yaml b/deploy/base/config-map-ingress-nginx.yaml new file mode 100644 index 0000000..4621ab7 --- /dev/null +++ b/deploy/base/config-map-ingress-nginx.yaml @@ -0,0 +1,6 @@ +# Add additional configmap setting required since ingress-nginx 1.12.0. +# https://github.com/kubernetes/ingress-nginx/issues/13104 +- op: add + path: /data + value: + annotations-risk-level: Critical diff --git a/deploy/base/inflated/ingress-nginx/templates/admission-webhooks/job-patch/clusterrole.yaml b/deploy/base/inflated/ingress-nginx/templates/admission-webhooks/job-patch/clusterrole.yaml index 1c7f0aa..116007c 100644 --- a/deploy/base/inflated/ingress-nginx/templates/admission-webhooks/job-patch/clusterrole.yaml +++ b/deploy/base/inflated/ingress-nginx/templates/admission-webhooks/job-patch/clusterrole.yaml @@ -8,10 +8,10 @@ metadata: "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded labels: - helm.sh/chart: ingress-nginx-4.10.0 + helm.sh/chart: ingress-nginx-4.12.1 app.kubernetes.io/name: ingress-nginx app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/version: "1.10.0" + app.kubernetes.io/version: "1.12.1" app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: admission-webhook diff --git a/deploy/base/inflated/ingress-nginx/templates/admission-webhooks/job-patch/clusterrolebinding.yaml b/deploy/base/inflated/ingress-nginx/templates/admission-webhooks/job-patch/clusterrolebinding.yaml index 0803743..0561ad9 100644 --- a/deploy/base/inflated/ingress-nginx/templates/admission-webhooks/job-patch/clusterrolebinding.yaml +++ b/deploy/base/inflated/ingress-nginx/templates/admission-webhooks/job-patch/clusterrolebinding.yaml @@ -8,10 +8,10 @@ metadata: "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded labels: - helm.sh/chart: ingress-nginx-4.10.0 + helm.sh/chart: ingress-nginx-4.12.1 app.kubernetes.io/name: ingress-nginx app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/version: "1.10.0" + app.kubernetes.io/version: "1.12.1" app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: admission-webhook diff --git a/deploy/base/inflated/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml b/deploy/base/inflated/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml index 67eb581..f663962 100644 --- a/deploy/base/inflated/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml +++ b/deploy/base/inflated/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml @@ -9,10 +9,10 @@ metadata: "helm.sh/hook": pre-install,pre-upgrade "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded labels: - helm.sh/chart: ingress-nginx-4.10.0 + helm.sh/chart: ingress-nginx-4.12.1 app.kubernetes.io/name: ingress-nginx app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/version: "1.10.0" + app.kubernetes.io/version: "1.12.1" app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: admission-webhook @@ -21,17 +21,17 @@ spec: metadata: name: ingress-nginx-admission-create labels: - helm.sh/chart: ingress-nginx-4.10.0 + helm.sh/chart: ingress-nginx-4.12.1 app.kubernetes.io/name: ingress-nginx app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/version: "1.10.0" + app.kubernetes.io/version: "1.12.1" app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: admission-webhook spec: containers: - name: create - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.0@sha256:44d1d0e9f19c63f58b380c5fddaca7cf22c7cee564adeff365225a5df5ef3334 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.5.2@sha256:e8825994b7a2c7497375a9b945f386506ca6a3eda80b89b74ef2db743f66a5ea imagePullPolicy: IfNotPresent args: - create @@ -49,6 +49,7 @@ spec: drop: - ALL readOnlyRootFilesystem: true + runAsGroup: 65532 runAsNonRoot: true runAsUser: 65532 seccompProfile: diff --git a/deploy/base/inflated/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml b/deploy/base/inflated/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml index 181dc00..7d0ebf6 100644 --- a/deploy/base/inflated/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml +++ b/deploy/base/inflated/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml @@ -9,10 +9,10 @@ metadata: "helm.sh/hook": post-install,post-upgrade "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded labels: - helm.sh/chart: ingress-nginx-4.10.0 + helm.sh/chart: ingress-nginx-4.12.1 app.kubernetes.io/name: ingress-nginx app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/version: "1.10.0" + app.kubernetes.io/version: "1.12.1" app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: admission-webhook @@ -21,17 +21,17 @@ spec: metadata: name: ingress-nginx-admission-patch labels: - helm.sh/chart: ingress-nginx-4.10.0 + helm.sh/chart: ingress-nginx-4.12.1 app.kubernetes.io/name: ingress-nginx app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/version: "1.10.0" + app.kubernetes.io/version: "1.12.1" app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: admission-webhook spec: containers: - name: patch - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.0@sha256:44d1d0e9f19c63f58b380c5fddaca7cf22c7cee564adeff365225a5df5ef3334 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.5.2@sha256:e8825994b7a2c7497375a9b945f386506ca6a3eda80b89b74ef2db743f66a5ea imagePullPolicy: IfNotPresent args: - patch @@ -51,6 +51,7 @@ spec: drop: - ALL readOnlyRootFilesystem: true + runAsGroup: 65532 runAsNonRoot: true runAsUser: 65532 seccompProfile: diff --git a/deploy/base/inflated/ingress-nginx/templates/admission-webhooks/job-patch/role.yaml b/deploy/base/inflated/ingress-nginx/templates/admission-webhooks/job-patch/role.yaml index c3e46b9..36c3847 100644 --- a/deploy/base/inflated/ingress-nginx/templates/admission-webhooks/job-patch/role.yaml +++ b/deploy/base/inflated/ingress-nginx/templates/admission-webhooks/job-patch/role.yaml @@ -9,10 +9,10 @@ metadata: "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded labels: - helm.sh/chart: ingress-nginx-4.10.0 + helm.sh/chart: ingress-nginx-4.12.1 app.kubernetes.io/name: ingress-nginx app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/version: "1.10.0" + app.kubernetes.io/version: "1.12.1" app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: admission-webhook diff --git a/deploy/base/inflated/ingress-nginx/templates/admission-webhooks/job-patch/rolebinding.yaml b/deploy/base/inflated/ingress-nginx/templates/admission-webhooks/job-patch/rolebinding.yaml index 994e30f..041a798 100644 --- a/deploy/base/inflated/ingress-nginx/templates/admission-webhooks/job-patch/rolebinding.yaml +++ b/deploy/base/inflated/ingress-nginx/templates/admission-webhooks/job-patch/rolebinding.yaml @@ -9,10 +9,10 @@ metadata: "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded labels: - helm.sh/chart: ingress-nginx-4.10.0 + helm.sh/chart: ingress-nginx-4.12.1 app.kubernetes.io/name: ingress-nginx app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/version: "1.10.0" + app.kubernetes.io/version: "1.12.1" app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: admission-webhook diff --git a/deploy/base/inflated/ingress-nginx/templates/admission-webhooks/job-patch/serviceaccount.yaml b/deploy/base/inflated/ingress-nginx/templates/admission-webhooks/job-patch/serviceaccount.yaml index 8c70b2b..b362000 100644 --- a/deploy/base/inflated/ingress-nginx/templates/admission-webhooks/job-patch/serviceaccount.yaml +++ b/deploy/base/inflated/ingress-nginx/templates/admission-webhooks/job-patch/serviceaccount.yaml @@ -9,10 +9,11 @@ metadata: "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded labels: - helm.sh/chart: ingress-nginx-4.10.0 + helm.sh/chart: ingress-nginx-4.12.1 app.kubernetes.io/name: ingress-nginx app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/version: "1.10.0" + app.kubernetes.io/version: "1.12.1" app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: admission-webhook +automountServiceAccountToken: true diff --git a/deploy/base/inflated/ingress-nginx/templates/admission-webhooks/validating-webhook.yaml b/deploy/base/inflated/ingress-nginx/templates/admission-webhooks/validating-webhook.yaml index 7f349f5..402aeaa 100644 --- a/deploy/base/inflated/ingress-nginx/templates/admission-webhooks/validating-webhook.yaml +++ b/deploy/base/inflated/ingress-nginx/templates/admission-webhooks/validating-webhook.yaml @@ -7,10 +7,10 @@ kind: ValidatingWebhookConfiguration metadata: annotations: labels: - helm.sh/chart: ingress-nginx-4.10.0 + helm.sh/chart: ingress-nginx-4.12.1 app.kubernetes.io/name: ingress-nginx app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/version: "1.10.0" + app.kubernetes.io/version: "1.12.1" app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: admission-webhook @@ -36,4 +36,5 @@ webhooks: service: name: ingress-nginx-controller-admission namespace: default + port: 443 path: /networking/v1/ingresses diff --git a/deploy/base/inflated/ingress-nginx/templates/clusterrole.yaml b/deploy/base/inflated/ingress-nginx/templates/clusterrole.yaml index 45f51dc..c888814 100644 --- a/deploy/base/inflated/ingress-nginx/templates/clusterrole.yaml +++ b/deploy/base/inflated/ingress-nginx/templates/clusterrole.yaml @@ -4,10 +4,10 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: - helm.sh/chart: ingress-nginx-4.10.0 + helm.sh/chart: ingress-nginx-4.12.1 app.kubernetes.io/name: ingress-nginx app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/version: "1.10.0" + app.kubernetes.io/version: "1.12.1" app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/managed-by: Helm name: ingress-nginx diff --git a/deploy/base/inflated/ingress-nginx/templates/clusterrolebinding.yaml b/deploy/base/inflated/ingress-nginx/templates/clusterrolebinding.yaml index 857bdc7..0be3ae6 100644 --- a/deploy/base/inflated/ingress-nginx/templates/clusterrolebinding.yaml +++ b/deploy/base/inflated/ingress-nginx/templates/clusterrolebinding.yaml @@ -4,10 +4,10 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: ingress-nginx-4.10.0 + helm.sh/chart: ingress-nginx-4.12.1 app.kubernetes.io/name: ingress-nginx app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/version: "1.10.0" + app.kubernetes.io/version: "1.12.1" app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/managed-by: Helm name: ingress-nginx diff --git a/deploy/base/inflated/ingress-nginx/templates/controller-configmap.yaml b/deploy/base/inflated/ingress-nginx/templates/controller-configmap.yaml index 4854a47..81ba652 100644 --- a/deploy/base/inflated/ingress-nginx/templates/controller-configmap.yaml +++ b/deploy/base/inflated/ingress-nginx/templates/controller-configmap.yaml @@ -4,14 +4,13 @@ apiVersion: v1 kind: ConfigMap metadata: labels: - helm.sh/chart: ingress-nginx-4.10.0 + helm.sh/chart: ingress-nginx-4.12.1 app.kubernetes.io/name: ingress-nginx app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/version: "1.10.0" + app.kubernetes.io/version: "1.12.1" app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: controller name: ingress-nginx-controller namespace: default data: - allow-snippet-annotations: "false" diff --git a/deploy/base/inflated/ingress-nginx/templates/controller-deployment.yaml b/deploy/base/inflated/ingress-nginx/templates/controller-deployment.yaml index 6eba6f7..4bf4a57 100644 --- a/deploy/base/inflated/ingress-nginx/templates/controller-deployment.yaml +++ b/deploy/base/inflated/ingress-nginx/templates/controller-deployment.yaml @@ -4,10 +4,10 @@ apiVersion: apps/v1 kind: Deployment metadata: labels: - helm.sh/chart: ingress-nginx-4.10.0 + helm.sh/chart: ingress-nginx-4.12.1 app.kubernetes.io/name: ingress-nginx app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/version: "1.10.0" + app.kubernetes.io/version: "1.12.1" app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: controller @@ -25,10 +25,10 @@ spec: template: metadata: labels: - helm.sh/chart: ingress-nginx-4.10.0 + helm.sh/chart: ingress-nginx-4.12.1 app.kubernetes.io/name: ingress-nginx app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/version: "1.10.0" + app.kubernetes.io/version: "1.12.1" app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: controller @@ -36,7 +36,7 @@ spec: dnsPolicy: ClusterFirst containers: - name: controller - image: registry.k8s.io/ingress-nginx/controller:v1.10.0@sha256:42b3f0e5d0846876b1791cd3afeb5f1cbbe4259d6f35651dcc1b5c980925379c + image: registry.k8s.io/ingress-nginx/controller:v1.12.1@sha256:d2fbc4ec70d8aa2050dd91a91506e998765e86c96f32cffb56c503c9c34eed5b imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -53,9 +53,11 @@ spec: - --validating-webhook=:8443 - --validating-webhook-certificate=/usr/local/certificates/cert - --validating-webhook-key=/usr/local/certificates/key + - --enable-metrics=true securityContext: runAsNonRoot: true runAsUser: 101 + runAsGroup: 82 allowPrivilegeEscalation: false seccompProfile: type: RuntimeDefault diff --git a/deploy/base/inflated/ingress-nginx/templates/controller-ingressclass.yaml b/deploy/base/inflated/ingress-nginx/templates/controller-ingressclass.yaml index 1738054..d04497a 100644 --- a/deploy/base/inflated/ingress-nginx/templates/controller-ingressclass.yaml +++ b/deploy/base/inflated/ingress-nginx/templates/controller-ingressclass.yaml @@ -1,15 +1,13 @@ --- # Source: ingress-nginx/templates/controller-ingressclass.yaml -# We don't support namespaced ingressClass yet -# So a ClusterRole and a ClusterRoleBinding is required apiVersion: networking.k8s.io/v1 kind: IngressClass metadata: labels: - helm.sh/chart: ingress-nginx-4.10.0 + helm.sh/chart: ingress-nginx-4.12.1 app.kubernetes.io/name: ingress-nginx app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/version: "1.10.0" + app.kubernetes.io/version: "1.12.1" app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: controller diff --git a/deploy/base/inflated/ingress-nginx/templates/controller-poddisruptionbudget.yaml b/deploy/base/inflated/ingress-nginx/templates/controller-poddisruptionbudget.yaml new file mode 100644 index 0000000..ab17e55 --- /dev/null +++ b/deploy/base/inflated/ingress-nginx/templates/controller-poddisruptionbudget.yaml @@ -0,0 +1,4 @@ +--- +# Source: ingress-nginx/templates/controller-poddisruptionbudget.yaml +# PDB is not supported for DaemonSets. +# https://github.com/kubernetes/kubernetes/issues/108124 diff --git a/deploy/base/inflated/ingress-nginx/templates/controller-role.yaml b/deploy/base/inflated/ingress-nginx/templates/controller-role.yaml index c9c78fe..37582c9 100644 --- a/deploy/base/inflated/ingress-nginx/templates/controller-role.yaml +++ b/deploy/base/inflated/ingress-nginx/templates/controller-role.yaml @@ -4,10 +4,10 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: labels: - helm.sh/chart: ingress-nginx-4.10.0 + helm.sh/chart: ingress-nginx-4.12.1 app.kubernetes.io/name: ingress-nginx app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/version: "1.10.0" + app.kubernetes.io/version: "1.12.1" app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: controller diff --git a/deploy/base/inflated/ingress-nginx/templates/controller-rolebinding.yaml b/deploy/base/inflated/ingress-nginx/templates/controller-rolebinding.yaml index b2d2c0e..5c648a8 100644 --- a/deploy/base/inflated/ingress-nginx/templates/controller-rolebinding.yaml +++ b/deploy/base/inflated/ingress-nginx/templates/controller-rolebinding.yaml @@ -4,10 +4,10 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: labels: - helm.sh/chart: ingress-nginx-4.10.0 + helm.sh/chart: ingress-nginx-4.12.1 app.kubernetes.io/name: ingress-nginx app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/version: "1.10.0" + app.kubernetes.io/version: "1.12.1" app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: controller diff --git a/deploy/base/inflated/ingress-nginx/templates/controller-service-metrics.yaml b/deploy/base/inflated/ingress-nginx/templates/controller-service-metrics.yaml index 4040df9..44c83f6 100644 --- a/deploy/base/inflated/ingress-nginx/templates/controller-service-metrics.yaml +++ b/deploy/base/inflated/ingress-nginx/templates/controller-service-metrics.yaml @@ -7,10 +7,10 @@ metadata: prometheus.io/port: "10254" prometheus.io/scrape: "true" labels: - helm.sh/chart: ingress-nginx-4.10.0 + helm.sh/chart: ingress-nginx-4.12.1 app.kubernetes.io/name: ingress-nginx app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/version: "1.10.0" + app.kubernetes.io/version: "1.12.1" app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: controller diff --git a/deploy/base/inflated/ingress-nginx/templates/controller-service-webhook.yaml b/deploy/base/inflated/ingress-nginx/templates/controller-service-webhook.yaml index 25bb40f..ec959ca 100644 --- a/deploy/base/inflated/ingress-nginx/templates/controller-service-webhook.yaml +++ b/deploy/base/inflated/ingress-nginx/templates/controller-service-webhook.yaml @@ -4,10 +4,10 @@ apiVersion: v1 kind: Service metadata: labels: - helm.sh/chart: ingress-nginx-4.10.0 + helm.sh/chart: ingress-nginx-4.12.1 app.kubernetes.io/name: ingress-nginx app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/version: "1.10.0" + app.kubernetes.io/version: "1.12.1" app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: controller diff --git a/deploy/base/inflated/ingress-nginx/templates/controller-service.yaml b/deploy/base/inflated/ingress-nginx/templates/controller-service.yaml index 28af4af..028de3a 100644 --- a/deploy/base/inflated/ingress-nginx/templates/controller-service.yaml +++ b/deploy/base/inflated/ingress-nginx/templates/controller-service.yaml @@ -5,10 +5,10 @@ kind: Service metadata: annotations: labels: - helm.sh/chart: ingress-nginx-4.10.0 + helm.sh/chart: ingress-nginx-4.12.1 app.kubernetes.io/name: ingress-nginx app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/version: "1.10.0" + app.kubernetes.io/version: "1.12.1" app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: controller diff --git a/deploy/base/inflated/ingress-nginx/templates/controller-serviceaccount.yaml b/deploy/base/inflated/ingress-nginx/templates/controller-serviceaccount.yaml index 1d4faf4..163b14d 100644 --- a/deploy/base/inflated/ingress-nginx/templates/controller-serviceaccount.yaml +++ b/deploy/base/inflated/ingress-nginx/templates/controller-serviceaccount.yaml @@ -4,10 +4,10 @@ apiVersion: v1 kind: ServiceAccount metadata: labels: - helm.sh/chart: ingress-nginx-4.10.0 + helm.sh/chart: ingress-nginx-4.12.1 app.kubernetes.io/name: ingress-nginx app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/version: "1.10.0" + app.kubernetes.io/version: "1.12.1" app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: controller diff --git a/deploy/base/kustomization.yaml b/deploy/base/kustomization.yaml index 8ebc8e0..74f268e 100644 --- a/deploy/base/kustomization.yaml +++ b/deploy/base/kustomization.yaml @@ -134,6 +134,11 @@ patches: name: ingress-nginx-controller path: deploy-ingress-nginx.yaml +- target: + kind: ConfigMap + name: ingress-nginx-controller + path: config-map-ingress-nginx.yaml + - target: kind: Deployment name: external-dns diff --git a/deploy/prod/deploy-ingress-nginx.yaml b/deploy/prod/deploy-ingress-nginx.yaml index b117dfa..b853815 100644 --- a/deploy/prod/deploy-ingress-nginx.yaml +++ b/deploy/prod/deploy-ingress-nginx.yaml @@ -8,6 +8,9 @@ - op: add path: /spec/template/spec/containers/0/args/- value: "--tcp-services-configmap=$(POD_NAMESPACE)/prod-ingress-nginx-tcp-services" +- op: add + path: /spec/template/spec/containers/0/args/- + value: "--default-ssl-certificate=$(POD_NAMESPACE)/prod-ingress-tls" - op: replace path: /spec/template/spec/volumes/0/secret/secretName value: prod-ingress-nginx-admission