From ce04fdde72baaccead7f3846618c1ae361b4d25c Mon Sep 17 00:00:00 2001
From: Mohamed Zaian <mohamedzaian@gmail.com>
Date: Fri, 15 Jul 2022 03:46:25 +0200
Subject: [PATCH] [ingress-nginx] upgrade to 1.3.0 (#9088)

* This release removes support for Kubernetes v1.19.0
* This release adds support for Kubernetes v1.24.0
* Starting with this release, we will need permissions on the coordination.k8s.io/leases resource for leaderelection lock
---
 README.md                                     |  2 +-
 roles/download/defaults/main.yml              |  2 +-
 .../clusterrole-ingress-nginx.yml.j2          |  3 +++
 .../templates/role-ingress-nginx.yml.j2       | 19 +++++++++++++++++++
 4 files changed, 24 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index b36b84df3..a9b248be4 100644
--- a/README.md
+++ b/README.md
@@ -152,7 +152,7 @@ Note: Upstart/SysV init based OS types are not supported.
 - Application
   - [cert-manager](https://github.com/jetstack/cert-manager) v1.8.2
   - [coredns](https://github.com/coredns/coredns) v1.8.6
-  - [ingress-nginx](https://github.com/kubernetes/ingress-nginx) v1.2.1
+  - [ingress-nginx](https://github.com/kubernetes/ingress-nginx) v1.3.0
   - [krew](https://github.com/kubernetes-sigs/krew) v0.4.3
   - [argocd](https://argoproj.github.io/) v2.4.3
   - [helm](https://helm.sh/) v3.8.2
diff --git a/roles/download/defaults/main.yml b/roles/download/defaults/main.yml
index a94c93b28..fb8083098 100644
--- a/roles/download/defaults/main.yml
+++ b/roles/download/defaults/main.yml
@@ -893,7 +893,7 @@ local_path_provisioner_version: "v0.0.21"
 local_path_provisioner_image_repo: "{{ docker_image_repo }}/rancher/local-path-provisioner"
 local_path_provisioner_image_tag: "{{ local_path_provisioner_version }}"
 ingress_nginx_controller_image_repo: "{{ kube_image_repo }}/ingress-nginx/controller"
-ingress_nginx_controller_image_tag: "v1.2.1"
+ingress_nginx_controller_image_tag: "v1.3.0"
 ingress_nginx_kube_webhook_certgen_imae_repo: "{{ kube_image_repo }}/ingress-nginx/kube-webhook-certgen"
 ingress_nginx_kube_webhook_certgen_imae_tag: "v1.1.1"
 alb_ingress_image_repo: "{{ docker_image_repo }}/amazon/aws-alb-ingress-controller"
diff --git a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/clusterrole-ingress-nginx.yml.j2 b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/clusterrole-ingress-nginx.yml.j2
index 5d1e57081..80d25df5a 100644
--- a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/clusterrole-ingress-nginx.yml.j2
+++ b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/clusterrole-ingress-nginx.yml.j2
@@ -28,3 +28,6 @@ rules:
   - apiGroups: ["networking.k8s.io"]
     resources: ["ingressclasses"]
     verbs: ["get", "list", "watch"]
+  - apiGroups: ["coordination.k8s.io"]
+    resources: ["leases"]
+    verbs: ["list", "watch"]
diff --git a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/role-ingress-nginx.yml.j2 b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/role-ingress-nginx.yml.j2
index 3c408e3dc..15feea816 100644
--- a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/role-ingress-nginx.yml.j2
+++ b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/role-ingress-nginx.yml.j2
@@ -34,6 +34,14 @@ rules:
     # when launching the nginx-ingress-controller.
     resourceNames: ["ingress-controller-leader-{{ ingress_nginx_class | default('nginx') }}"]
     verbs: ["get", "update"]
+  - apiGroups: ["coordination.k8s.io"]
+    resources: ["leases"]
+    # Defaults to "<election-id>-<ingress-class>"
+    # Here: "<ingress-controller-leader>-<nginx>"
+    # This has to be adapted if you change either parameter
+    # when launching the nginx-ingress-controller.
+    resourceNames: ["ingress-controller-leader-{{ ingress_nginx_class | default('nginx') }}"]
+    verbs: ["get", "update"]
   - apiGroups: [""]
     resources: ["configmaps"]
     verbs: ["create", "update"]
@@ -44,3 +52,14 @@ rules:
     resourceNames: ["ingress-nginx"]
     resources: ["podsecuritypolicies"]
     verbs: ["use"]
+  - apiGroups: ["coordination.k8s.io"]
+    resources: ["leases"]
+    # Defaults to "<election-id>-<ingress-class>"
+    # Here: "<ingress-controller-leader>-<nginx>"
+    # This has to be adapted if you change either parameter
+    # when launching the nginx-ingress-controller.
+    resourceNames: ["ingress-controller-leader-{{ ingress_nginx_class | default('nginx') }}"]
+    verbs: ["get", "update"]
+  - apiGroups: ["coordination.k8s.io"]
+    resources: ["leases"]
+    verbs: ["create"]