Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

upgrade ingress-nginx #373

Merged
merged 1 commit into from
Aug 28, 2024
Merged

upgrade ingress-nginx #373

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion hack/ingress-nginx/kustomization.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.8.1/deploy/static/provider/cloud/deploy.yaml
- https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.11.2/deploy/static/provider/kind/deploy.yaml

patches:
- path: deployment-ingress-nginx.yaml
Expand Down
83 changes: 52 additions & 31 deletions pkg/controllers/localbuild/resources/nginx/k8s/ingress-nginx.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,19 +17,20 @@ metadata:
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.8.1
app.kubernetes.io/version: 1.11.2
name: ingress-nginx
namespace: ingress-nginx
---
apiVersion: v1
automountServiceAccountToken: true
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/component: admission-webhook
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.8.1
app.kubernetes.io/version: 1.11.2
name: ingress-nginx-admission
namespace: ingress-nginx
---
Expand All @@ -41,7 +42,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.8.1
app.kubernetes.io/version: 1.11.2
name: ingress-nginx
namespace: ingress-nginx
rules:
Expand Down Expand Up @@ -131,7 +132,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.8.1
app.kubernetes.io/version: 1.11.2
name: ingress-nginx-admission
namespace: ingress-nginx
rules:
Expand All @@ -150,7 +151,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.8.1
app.kubernetes.io/version: 1.11.2
name: ingress-nginx
rules:
- apiGroups:
Expand Down Expand Up @@ -232,7 +233,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.8.1
app.kubernetes.io/version: 1.11.2
name: ingress-nginx-admission
rules:
- apiGroups:
Expand All @@ -251,7 +252,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.8.1
app.kubernetes.io/version: 1.11.2
name: ingress-nginx
namespace: ingress-nginx
roleRef:
Expand All @@ -271,7 +272,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.8.1
app.kubernetes.io/version: 1.11.2
name: ingress-nginx-admission
namespace: ingress-nginx
roleRef:
Expand All @@ -290,7 +291,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.8.1
app.kubernetes.io/version: 1.11.2
name: ingress-nginx
roleRef:
apiGroup: rbac.authorization.k8s.io
Expand All @@ -309,7 +310,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.8.1
app.kubernetes.io/version: 1.11.2
name: ingress-nginx-admission
roleRef:
apiGroup: rbac.authorization.k8s.io
Expand All @@ -332,7 +333,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.8.1
app.kubernetes.io/version: 1.11.2
name: ingress-nginx-controller
namespace: ingress-nginx
---
Expand All @@ -344,7 +345,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.8.1
app.kubernetes.io/version: 1.11.2
name: ingress-nginx-controller-admission
namespace: ingress-nginx
spec:
Expand All @@ -367,7 +368,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.8.1
app.kubernetes.io/version: 1.11.2
name: ingress-nginx-controller
namespace: ingress-nginx
spec:
Expand Down Expand Up @@ -416,7 +417,7 @@ spec:
fieldPath: metadata.namespace
- name: LD_PRELOAD
value: /usr/local/lib/libmimalloc.so
image: registry.k8s.io/ingress-nginx/controller:v1.8.1@sha256:e5c4824e7375fcf2a393e1c03c293b69759af37a9ca6abdb91b13d78a93da8bd
image: registry.k8s.io/ingress-nginx/controller:v1.11.2@sha256:d5f8217feeac4887cb1ed21f27c2674e58be06bd8f5184cacea2a69abaf78dce
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
Expand Down Expand Up @@ -461,22 +462,34 @@ spec:
cpu: 100m
memory: 90Mi
securityContext:
allowPrivilegeEscalation: true
allowPrivilegeEscalation: false
capabilities:
add:
- NET_BIND_SERVICE
drop:
- ALL
readOnlyRootFilesystem: false
runAsNonRoot: true
runAsUser: 101
seccompProfile:
type: RuntimeDefault
volumeMounts:
- mountPath: /usr/local/certificates/
name: webhook-cert
readOnly: true
dnsPolicy: ClusterFirst
nodeSelector:
ingress-ready: "true"
kubernetes.io/os: linux
serviceAccountName: ingress-nginx
terminationGracePeriodSeconds: 0
tolerations:
- effect: NoSchedule
key: node-role.kubernetes.io/master
operator: Equal
- effect: NoSchedule
key: node-role.kubernetes.io/control-plane
operator: Equal
volumes:
- name: webhook-cert
secret:
Expand All @@ -490,7 +503,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.8.1
app.kubernetes.io/version: 1.11.2
name: ingress-nginx-admission-create
namespace: ingress-nginx
spec:
Expand All @@ -501,7 +514,7 @@ spec:
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.8.1
app.kubernetes.io/version: 1.11.2
name: ingress-nginx-admission-create
spec:
containers:
Expand All @@ -515,18 +528,22 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.namespace
image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20230407@sha256:543c40fd093964bc9ab509d3e791f9989963021f1e9e4c9c7b6700b02bfb227b
image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.3@sha256:a320a50cc91bd15fd2d6fa6de58bd98c1bd64b9a6f926ce23a600d87043455a3
imagePullPolicy: IfNotPresent
name: create
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 65532
seccompProfile:
type: RuntimeDefault
nodeSelector:
kubernetes.io/os: linux
restartPolicy: OnFailure
securityContext:
fsGroup: 2000
runAsNonRoot: true
runAsUser: 2000
serviceAccountName: ingress-nginx-admission
---
apiVersion: batch/v1
Expand All @@ -537,7 +554,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.8.1
app.kubernetes.io/version: 1.11.2
name: ingress-nginx-admission-patch
namespace: ingress-nginx
spec:
Expand All @@ -548,7 +565,7 @@ spec:
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.8.1
app.kubernetes.io/version: 1.11.2
name: ingress-nginx-admission-patch
spec:
containers:
Expand All @@ -564,18 +581,22 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.namespace
image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20230407@sha256:543c40fd093964bc9ab509d3e791f9989963021f1e9e4c9c7b6700b02bfb227b
image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.3@sha256:a320a50cc91bd15fd2d6fa6de58bd98c1bd64b9a6f926ce23a600d87043455a3
imagePullPolicy: IfNotPresent
name: patch
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 65532
seccompProfile:
type: RuntimeDefault
nodeSelector:
kubernetes.io/os: linux
restartPolicy: OnFailure
securityContext:
fsGroup: 2000
runAsNonRoot: true
runAsUser: 2000
serviceAccountName: ingress-nginx-admission
---
apiVersion: networking.k8s.io/v1
Expand All @@ -586,7 +607,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.8.1
app.kubernetes.io/version: 1.11.2
name: nginx
spec:
controller: k8s.io/ingress-nginx
Expand All @@ -599,7 +620,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.8.1
app.kubernetes.io/version: 1.11.2
name: ingress-nginx-admission
webhooks:
- admissionReviewVersions:
Expand Down
Loading