Skip to content

Commit

Permalink
upgrade ingress-nginx (#373)
Browse files Browse the repository at this point in the history 
Signed-off-by: Manabu McCloskey <[email protected]>
  • Loading branch information
@nabuskey
nabuskey authored Aug 28, 2024
1 parent 3b04b1a commit d2c4a7a
Show file tree
Hide file tree
Showing 2 changed files with 53 additions and 32 deletions.
2 changes: 1 addition & 1 deletion hack/ingress-nginx/kustomization.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.8.1/deploy/static/provider/cloud/deploy.yaml
- https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.11.2/deploy/static/provider/kind/deploy.yaml

patches:
- path: deployment-ingress-nginx.yaml
Expand Down
83 changes: 52 additions & 31 deletions pkg/controllers/localbuild/resources/nginx/k8s/ingress-nginx.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,19 +17,20 @@ metadata:
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.8.1
app.kubernetes.io/version: 1.11.2
name: ingress-nginx
namespace: ingress-nginx
---
apiVersion: v1
automountServiceAccountToken: true
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/component: admission-webhook
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.8.1
app.kubernetes.io/version: 1.11.2
name: ingress-nginx-admission
namespace: ingress-nginx
---
Expand All @@ -41,7 +42,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.8.1
app.kubernetes.io/version: 1.11.2
name: ingress-nginx
namespace: ingress-nginx
rules:
Expand Down Expand Up @@ -131,7 +132,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.8.1
app.kubernetes.io/version: 1.11.2
name: ingress-nginx-admission
namespace: ingress-nginx
rules:
Expand All @@ -150,7 +151,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.8.1
app.kubernetes.io/version: 1.11.2
name: ingress-nginx
rules:
- apiGroups:
Expand Down Expand Up @@ -232,7 +233,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.8.1
app.kubernetes.io/version: 1.11.2
name: ingress-nginx-admission
rules:
- apiGroups:
Expand All @@ -251,7 +252,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.8.1
app.kubernetes.io/version: 1.11.2
name: ingress-nginx
namespace: ingress-nginx
roleRef:
Expand All @@ -271,7 +272,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.8.1
app.kubernetes.io/version: 1.11.2
name: ingress-nginx-admission
namespace: ingress-nginx
roleRef:
Expand All @@ -290,7 +291,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.8.1
app.kubernetes.io/version: 1.11.2
name: ingress-nginx
roleRef:
apiGroup: rbac.authorization.k8s.io
Expand All @@ -309,7 +310,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.8.1
app.kubernetes.io/version: 1.11.2
name: ingress-nginx-admission
roleRef:
apiGroup: rbac.authorization.k8s.io
Expand All @@ -332,7 +333,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.8.1
app.kubernetes.io/version: 1.11.2
name: ingress-nginx-controller
namespace: ingress-nginx
---
Expand All @@ -344,7 +345,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.8.1
app.kubernetes.io/version: 1.11.2
name: ingress-nginx-controller-admission
namespace: ingress-nginx
spec:
Expand All @@ -367,7 +368,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.8.1
app.kubernetes.io/version: 1.11.2
name: ingress-nginx-controller
namespace: ingress-nginx
spec:
Expand Down Expand Up @@ -416,7 +417,7 @@ spec:
fieldPath: metadata.namespace
- name: LD_PRELOAD
value: /usr/local/lib/libmimalloc.so
image: registry.k8s.io/ingress-nginx/controller:v1.8.1@sha256:e5c4824e7375fcf2a393e1c03c293b69759af37a9ca6abdb91b13d78a93da8bd
image: registry.k8s.io/ingress-nginx/controller:v1.11.2@sha256:d5f8217feeac4887cb1ed21f27c2674e58be06bd8f5184cacea2a69abaf78dce
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
Expand Down Expand Up @@ -461,22 +462,34 @@ spec:
cpu: 100m
memory: 90Mi
securityContext:
allowPrivilegeEscalation: true
allowPrivilegeEscalation: false
capabilities:
add:
- NET_BIND_SERVICE
drop:
- ALL
readOnlyRootFilesystem: false
runAsNonRoot: true
runAsUser: 101
seccompProfile:
type: RuntimeDefault
volumeMounts:
- mountPath: /usr/local/certificates/
name: webhook-cert
readOnly: true
dnsPolicy: ClusterFirst
nodeSelector:
ingress-ready: "true"
kubernetes.io/os: linux
serviceAccountName: ingress-nginx
terminationGracePeriodSeconds: 0
tolerations:
- effect: NoSchedule
key: node-role.kubernetes.io/master
operator: Equal
- effect: NoSchedule
key: node-role.kubernetes.io/control-plane
operator: Equal
volumes:
- name: webhook-cert
secret:
Expand All @@ -490,7 +503,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.8.1
app.kubernetes.io/version: 1.11.2
name: ingress-nginx-admission-create
namespace: ingress-nginx
spec:
Expand All @@ -501,7 +514,7 @@ spec:
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.8.1
app.kubernetes.io/version: 1.11.2
name: ingress-nginx-admission-create
spec:
containers:
Expand All @@ -515,18 +528,22 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.namespace
image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20230407@sha256:543c40fd093964bc9ab509d3e791f9989963021f1e9e4c9c7b6700b02bfb227b
image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.3@sha256:a320a50cc91bd15fd2d6fa6de58bd98c1bd64b9a6f926ce23a600d87043455a3
imagePullPolicy: IfNotPresent
name: create
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 65532
seccompProfile:
type: RuntimeDefault
nodeSelector:
kubernetes.io/os: linux
restartPolicy: OnFailure
securityContext:
fsGroup: 2000
runAsNonRoot: true
runAsUser: 2000
serviceAccountName: ingress-nginx-admission
---
apiVersion: batch/v1
Expand All @@ -537,7 +554,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.8.1
app.kubernetes.io/version: 1.11.2
name: ingress-nginx-admission-patch
namespace: ingress-nginx
spec:
Expand All @@ -548,7 +565,7 @@ spec:
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.8.1
app.kubernetes.io/version: 1.11.2
name: ingress-nginx-admission-patch
spec:
containers:
Expand All @@ -564,18 +581,22 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.namespace
image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20230407@sha256:543c40fd093964bc9ab509d3e791f9989963021f1e9e4c9c7b6700b02bfb227b
image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.3@sha256:a320a50cc91bd15fd2d6fa6de58bd98c1bd64b9a6f926ce23a600d87043455a3
imagePullPolicy: IfNotPresent
name: patch
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 65532
seccompProfile:
type: RuntimeDefault
nodeSelector:
kubernetes.io/os: linux
restartPolicy: OnFailure
securityContext:
fsGroup: 2000
runAsNonRoot: true
runAsUser: 2000
serviceAccountName: ingress-nginx-admission
---
apiVersion: networking.k8s.io/v1
Expand All @@ -586,7 +607,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.8.1
app.kubernetes.io/version: 1.11.2
name: nginx
spec:
controller: k8s.io/ingress-nginx
Expand All @@ -599,7 +620,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.8.1
app.kubernetes.io/version: 1.11.2
name: ingress-nginx-admission
webhooks:
- admissionReviewVersions:
Expand Down

0 comments on commit d2c4a7a

Please sign in to comment.