From deff6a82faceb1e5b6efb5a13300a1da44b3be45 Mon Sep 17 00:00:00 2001 From: Wong Hoi Sing Edison Date: Fri, 30 Nov 2018 18:48:50 +0800 Subject: [PATCH] ingress-nginx: Upgrade to 0.21.0 (#3789) Upstream Changes: - ingress-nginx 0.21.0 (https://github.com/kubernetes/ingress-nginx/releases/tag/nginx-0.21.0) Our Changes: - Sync templates with upstream changes - Remove --default-backend-service requirement. Use the flag only for custom default backends --- README.md | 2 +- roles/download/defaults/main.yml | 13 +---- .../ingress_nginx/tasks/main.yml | 1 - .../templates/deploy-default-backend.yml.j2 | 49 ------------------- .../ds-ingress-nginx-controller.yml.j2 | 1 - 5 files changed, 2 insertions(+), 64 deletions(-) delete mode 100644 roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/deploy-default-backend.yml.j2 diff --git a/README.md b/README.md index c513928e8..1138419b2 100644 --- a/README.md +++ b/README.md @@ -129,7 +129,7 @@ Supported Components - [cephfs-provisioner](https://github.com/kubernetes-incubator/external-storage) v2.1.0-k8s1.11 - [cert-manager](https://github.com/jetstack/cert-manager) v0.5.2 - [coredns](https://github.com/coredns/coredns) v1.2.6 - - [ingress-nginx](https://github.com/kubernetes/ingress-nginx) v0.20.0 + - [ingress-nginx](https://github.com/kubernetes/ingress-nginx) v0.21.0 Note: The list of validated [docker versions](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG-1.12.md) was updated to 1.11.1, 1.12.1, 1.13.1, 17.03, 17.06, 17.09, 18.06. The kubelet might break on docker's non-standard version numbering (it no longer uses semantic versioning). To ensure auto-updates don't break your cluster look into e.g. yum versionlock plugin or apt pin). diff --git a/roles/download/defaults/main.yml b/roles/download/defaults/main.yml index 0f6b8b38c..dc96c2908 100644 --- a/roles/download/defaults/main.yml +++ b/roles/download/defaults/main.yml @@ -208,9 +208,7 @@ local_volume_provisioner_image_tag: "v2.1.0" cephfs_provisioner_image_repo: "quay.io/external_storage/cephfs-provisioner" cephfs_provisioner_image_tag: "v2.1.0-k8s1.11" ingress_nginx_controller_image_repo: "quay.io/kubernetes-ingress-controller/nginx-ingress-controller" -ingress_nginx_controller_image_tag: "0.20.0" -ingress_nginx_default_backend_image_repo: "k8s.gcr.io/defaultbackend-amd64" -ingress_nginx_default_backend_image_tag: "1.5" +ingress_nginx_controller_image_tag: "0.21.0" cert_manager_version: "v0.5.2" cert_manager_controller_image_repo: "quay.io/jetstack/cert-manager-controller" cert_manager_controller_image_tag: "{{ cert_manager_version }}" @@ -602,15 +600,6 @@ downloads: groups: - kube-node - ingress_nginx_default_backend: - enabled: "{{ ingress_nginx_enabled }}" - container: true - repo: "{{ ingress_nginx_default_backend_image_repo }}" - tag: "{{ ingress_nginx_default_backend_image_tag }}" - sha256: "{{ ingress_nginx_default_backend_digest_checksum|default(None) }}" - groups: - - kube-node - cert_manager_controller: enabled: "{{ cert_manager_enabled }}" container: true diff --git a/roles/kubernetes-apps/ingress_controller/ingress_nginx/tasks/main.yml b/roles/kubernetes-apps/ingress_controller/ingress_nginx/tasks/main.yml index 8db7d2972..c3c5d9c17 100644 --- a/roles/kubernetes-apps/ingress_controller/ingress_nginx/tasks/main.yml +++ b/roles/kubernetes-apps/ingress_controller/ingress_nginx/tasks/main.yml @@ -32,7 +32,6 @@ set_fact: ingress_nginx_templates: - { name: 00-namespace, file: 00-namespace.yml, type: ns } - - { name: deploy-default-backend, file: deploy-default-backend.yml, type: deploy } - { name: svc-default-backend, file: svc-default-backend.yml, type: svc } - { name: cm-ingress-nginx, file: cm-ingress-nginx.yml, type: cm } - { name: cm-tcp-services, file: cm-tcp-services.yml, type: cm } diff --git a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/deploy-default-backend.yml.j2 b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/deploy-default-backend.yml.j2 deleted file mode 100644 index 679ad9ca2..000000000 --- a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/deploy-default-backend.yml.j2 +++ /dev/null @@ -1,49 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: default-backend - namespace: {{ ingress_nginx_namespace }} - labels: - app.kubernetes.io/name: default-backend - app.kubernetes.io/part-of: ingress-nginx -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/name: default-backend - app.kubernetes.io/part-of: ingress-nginx - template: - metadata: - labels: - app.kubernetes.io/name: default-backend - app.kubernetes.io/part-of: ingress-nginx - spec: -{% if kube_version is version('v1.11.1', '>=') %} - priorityClassName: {% if ingress_nginx_namespace == 'kube-system' %}system-cluster-critical{% else %}k8s-cluster-critical{% endif %}{{''}} -{% endif %} - terminationGracePeriodSeconds: 60 - containers: - - name: default-backend - # Any image is permissible as long as: - # 1. It serves a 404 page at / - # 2. It serves 200 on a /healthz endpoint - image: {{ ingress_nginx_default_backend_image_repo }}:{{ ingress_nginx_default_backend_image_tag }} - livenessProbe: - httpGet: - path: /healthz - port: 8080 - scheme: HTTP - initialDelaySeconds: 30 - timeoutSeconds: 5 - ports: - - containerPort: 8080 - resources: - limits: - cpu: 10m - memory: 20Mi - requests: - cpu: 10m - memory: 20Mi - nodeSelector: - beta.kubernetes.io/os: linux diff --git a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/ds-ingress-nginx-controller.yml.j2 b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/ds-ingress-nginx-controller.yml.j2 index 617a6df93..e6a512935 100644 --- a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/ds-ingress-nginx-controller.yml.j2 +++ b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/ds-ingress-nginx-controller.yml.j2 @@ -42,7 +42,6 @@ spec: imagePullPolicy: {{ k8s_image_pull_policy }} args: - /nginx-ingress-controller - - --default-backend-service=$(POD_NAMESPACE)/default-backend - --configmap=$(POD_NAMESPACE)/ingress-nginx - --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services - --udp-services-configmap=$(POD_NAMESPACE)/udp-services