Skip to content

Commit b6d9d65

Browse files
instantlinuxinstantlinux
authored
SYS-661 bump ingress-nginx from 1.11.2 to 1.13.1 (#219)
1 parent acf7ae8 commit b6d9d65

3 files changed

Lines changed: 19 additions & 15 deletions

File tree

k8s/Makefile

Lines changed: 4 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -196,23 +196,15 @@ include Makefile.sops
196196
# cert-manager
197197
##########
198198

199+
# Note - need both, to define the CRD and the ClusterIssuer resources
200+
# make imports/cert-manager
201+
# make install/cert-manager
202+
199203
imports/cert-manager.yaml: imports/cert-manager-$(VERSION_CERT_MANAGER).yaml
200204
ln -s $(notdir $<) $@
201205
imports/cert-manager-$(VERSION_CERT_MANAGER).yaml:
202206
curl -sLo $@ https://github.com/jetstack/cert-manager/releases/download/v$(VERSION_CERT_MANAGER)/cert-manager.yaml
203207

204-
# TODO: remove this once it's clear the above works without helm
205-
# When updating, do "helm delete --purge cert-manager" first
206-
cert-manager-helm: helm_install
207-
helm install stable/cert-manager \
208-
--name cert-manager --namespace cert-manager \
209-
--set ingressShim.defaultIssuerName=letsencrypt-prod \
210-
--set ingressShim.defaultIssuerKind=ClusterIssuer \
211-
--set webhook.enabled=false \
212-
--kube-context=sudo
213-
kubectl label namespace cert-manager --context=sudo \
214-
certmanager.k8s.io/disable-validation=true
215-
216208
##########
217209
# Add-ons
218210
##########

k8s/Makefile.versions

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -4,11 +4,11 @@ export VERSION_LOGSPOUT ?= v3.2.14
44
export VERSION_NGINX ?= 1.27.2-alpine
55

66
# Third-party versions - other (quay.io, k8s.gcr.io, crunchydata.com)
7-
export VERSION_CERT_MANAGER ?= 1.16.1
7+
export VERSION_CERT_MANAGER ?= 1.16.5
88
export VERSION_DEFAULTBACKEND ?= 1.5
99
export VERSION_FLANNEL ?= 0.26.1
1010
export VERSION_HELM ?= 3.16.2
11-
export VERSION_INGRESS_NGINX ?= 1.11.2
11+
export VERSION_INGRESS_NGINX ?= 1.13.1
1212
export VERSION_METRICS ?= 2.15.0
1313

1414
# Held back versions - more effort to upgrade

k8s/install/ingress-nginx.yaml

Lines changed: 13 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -71,6 +71,7 @@ spec:
7171
fieldPath: metadata.namespace
7272
args:
7373
- /nginx-ingress-controller
74+
- --configmap=$K8S_NAMESPACE/nginx-ingress-controller
7475
- --ingress-class=nginx
7576
- --election-id=ingress-controller-leader-external
7677
- --default-backend-service=$(POD_NAMESPACE)/default-http-backend
@@ -241,7 +242,7 @@ rules:
241242
- "discovery.k8s.io"
242243
resources:
243244
- endpointslices
244-
verbs: [get, list]
245+
verbs: [get, list, watch]
245246
---
246247
apiVersion: rbac.authorization.k8s.io/v1
247248
kind: ClusterRoleBinding
@@ -277,3 +278,14 @@ data:
277278
$PORT_DOVECOT_IMAPD: $K8S_NAMESPACE/dovecot:$PORT_DOVECOT_IMAPD
278279
$PORT_DOVECOT_IMAPS: $K8S_NAMESPACE/dovecot:$PORT_DOVECOT_IMAPS
279280
$PORT_DOVECOT_SMTP: $K8S_NAMESPACE/dovecot:$PORT_DOVECOT_SMTP
281+
---
282+
apiVersion: v1
283+
kind: ConfigMap
284+
metadata:
285+
name: nginx-ingress-controller
286+
namespace: $K8S_NAMESPACE
287+
data:
288+
# needed for some services that use config snippets, e.g. for
289+
# adjusting fastcgi_buffers
290+
annotations-risk-level: Critical
291+
allowSnippetAnnotations: "true"

0 commit comments

Comments
 (0)