From 17e335c6a76bfdc3d72facbf76235fdadadea26a Mon Sep 17 00:00:00 2001 From: Wong Hoi Sing Edison Date: Tue, 7 Aug 2018 18:31:08 +0800 Subject: [PATCH] ingress-nginx: Upgrade to 0.17.1 Upstream Changes: - ingress-nginx 0.17.1 (https://github.com/kubernetes/ingress-nginx/releases/tag/nginx-0.17.1) - Remove duplicated `securityContext` (https://github.com/kubernetes/ingress-nginx/pull/2705) - Remove --publish-service flag, in favor of DaemonSet + hostPort Close #2998 Close #2999 --- README.md | 2 +- roles/download/defaults/main.yml | 2 +- .../ingress_nginx/templates/ds-ingress-nginx-controller.yml.j2 | 3 --- 3 files changed, 2 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 3c1c713af..7ab1141e0 100644 --- a/README.md +++ b/README.md @@ -104,7 +104,7 @@ Supported Components - Application - [cephfs-provisioner](https://github.com/kubernetes-incubator/external-storage) v1.1.0-k8s1.10 - [cert-manager](https://github.com/jetstack/cert-manager) v0.4.0 - - [ingress-nginx](https://github.com/kubernetes/ingress-nginx) v0.16.2 + - [ingress-nginx](https://github.com/kubernetes/ingress-nginx) v0.17.1 Note: kubernetes doesn't support newer docker versions. Among other things kubelet currently breaks on docker's non-standard version numbering (it no longer uses semantic versioning). To ensure auto-updates don't break your cluster look into e.g. yum versionlock plugin or apt pin). diff --git a/roles/download/defaults/main.yml b/roles/download/defaults/main.yml index be0d6800b..0f765597d 100644 --- a/roles/download/defaults/main.yml +++ b/roles/download/defaults/main.yml @@ -157,7 +157,7 @@ local_volume_provisioner_image_tag: "v2.0.0" cephfs_provisioner_image_repo: "quay.io/external_storage/cephfs-provisioner" cephfs_provisioner_image_tag: "v1.1.0-k8s1.10" ingress_nginx_controller_image_repo: "quay.io/kubernetes-ingress-controller/nginx-ingress-controller" -ingress_nginx_controller_image_tag: "0.16.2" +ingress_nginx_controller_image_tag: "0.17.1" ingress_nginx_default_backend_image_repo: "gcr.io/google_containers/defaultbackend" ingress_nginx_default_backend_image_tag: "1.4" cert_manager_version: "v0.4.0" diff --git a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/ds-ingress-nginx-controller.yml.j2 b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/ds-ingress-nginx-controller.yml.j2 index 5d141d4ff..068754642 100644 --- a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/ds-ingress-nginx-controller.yml.j2 +++ b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/ds-ingress-nginx-controller.yml.j2 @@ -41,7 +41,6 @@ spec: - --configmap=$(POD_NAMESPACE)/ingress-nginx - --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services - --udp-services-configmap=$(POD_NAMESPACE)/udp-services - - --publish-service=$(POD_NAMESPACE)/ingress-nginx - --annotations-prefix=nginx.ingress.kubernetes.io securityContext: capabilities: @@ -86,5 +85,3 @@ spec: periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 - securityContext: - runAsNonRoot: false