Skip to content

Commit c51937f

Browse files
ChristianAtDellChristianAtDell
authored
Update ingress-nginx for Authorization deployments (#959)
1 parent fa428cd commit c51937f

File tree

2 files changed

+45
-64
lines changed

2 files changed

+45
-64
lines changed

operatorconfig/moduleconfig/authorization/v1.14.0/nginx-ingress-controller.yaml

Lines changed: 42 additions & 61 deletions
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@ metadata:
77
app.kubernetes.io/instance: <NAMESPACE>
88
app.kubernetes.io/name: ingress-nginx
99
app.kubernetes.io/part-of: ingress-nginx
10-
app.kubernetes.io/version: 1.1.3
10+
app.kubernetes.io/version: 1.12.1
1111
name: <NAMESPACE>-ingress-nginx
1212
namespace: <NAMESPACE>
1313
---
@@ -19,7 +19,7 @@ metadata:
1919
app.kubernetes.io/instance: <NAMESPACE>
2020
app.kubernetes.io/name: ingress-nginx
2121
app.kubernetes.io/part-of: ingress-nginx
22-
app.kubernetes.io/version: 1.1.3
22+
app.kubernetes.io/version: 1.12.1
2323
name: <NAMESPACE>-ingress-nginx-admission
2424
namespace: <NAMESPACE>
2525
---
@@ -31,30 +31,29 @@ metadata:
3131
app.kubernetes.io/instance: <NAMESPACE>
3232
app.kubernetes.io/name: ingress-nginx
3333
app.kubernetes.io/part-of: ingress-nginx
34-
app.kubernetes.io/version: 1.1.3
34+
app.kubernetes.io/version: 1.12.1
3535
name: <NAMESPACE>-ingress-nginx
3636
namespace: <NAMESPACE>
3737
rules:
3838
- apiGroups:
39-
- ""
39+
- ''
4040
resources:
4141
- namespaces
4242
verbs:
4343
- get
4444
- apiGroups:
45-
- ""
45+
- ''
4646
resources:
4747
- configmaps
4848
- pods
4949
- secrets
5050
- endpoints
51-
- namespaces
5251
verbs:
5352
- get
5453
- list
5554
- watch
5655
- apiGroups:
57-
- ""
56+
- ''
5857
resources:
5958
- services
6059
verbs:
@@ -83,25 +82,10 @@ rules:
8382
- get
8483
- list
8584
- watch
86-
- apiGroups:
87-
- ""
88-
resourceNames:
89-
- ingress-controller-leader
90-
resources:
91-
- configmaps
92-
verbs:
93-
- get
94-
- update
95-
- apiGroups:
96-
- ""
97-
resources:
98-
- configmaps
99-
verbs:
100-
- create
10185
- apiGroups:
10286
- coordination.k8s.io
10387
resourceNames:
104-
- ingress-controller-leader
88+
- ingress-nginx-leader
10589
resources:
10690
- leases
10791
verbs:
@@ -114,7 +98,7 @@ rules:
11498
verbs:
11599
- create
116100
- apiGroups:
117-
- ""
101+
- ''
118102
resources:
119103
- events
120104
verbs:
@@ -137,12 +121,12 @@ metadata:
137121
app.kubernetes.io/instance: <NAMESPACE>
138122
app.kubernetes.io/name: ingress-nginx
139123
app.kubernetes.io/part-of: ingress-nginx
140-
app.kubernetes.io/version: 1.1.3
124+
app.kubernetes.io/version: 1.12.1
141125
name: <NAMESPACE>-ingress-nginx-admission
142126
namespace: <NAMESPACE>
143127
rules:
144128
- apiGroups:
145-
- ""
129+
- ''
146130
resources:
147131
- secrets
148132
verbs:
@@ -156,11 +140,11 @@ metadata:
156140
app.kubernetes.io/instance: <NAMESPACE>
157141
app.kubernetes.io/name: ingress-nginx
158142
app.kubernetes.io/part-of: ingress-nginx
159-
app.kubernetes.io/version: 1.1.3
143+
app.kubernetes.io/version: 1.12.1
160144
name: <NAMESPACE>-ingress-nginx
161145
rules:
162146
- apiGroups:
163-
- ""
147+
- ''
164148
resources:
165149
- configmaps
166150
- endpoints
@@ -179,13 +163,13 @@ rules:
179163
- list
180164
- watch
181165
- apiGroups:
182-
- ""
166+
- ''
183167
resources:
184168
- nodes
185169
verbs:
186170
- get
187171
- apiGroups:
188-
- ""
172+
- ''
189173
resources:
190174
- services
191175
verbs:
@@ -201,7 +185,7 @@ rules:
201185
- list
202186
- watch
203187
- apiGroups:
204-
- ""
188+
- ''
205189
resources:
206190
- events
207191
verbs:
@@ -230,7 +214,7 @@ rules:
230214
- watch
231215
- get
232216
- apiGroups:
233-
- ""
217+
- ''
234218
resources:
235219
- namespaces
236220
resourceNames:
@@ -246,7 +230,7 @@ metadata:
246230
app.kubernetes.io/instance: <NAMESPACE>
247231
app.kubernetes.io/name: ingress-nginx
248232
app.kubernetes.io/part-of: ingress-nginx
249-
app.kubernetes.io/version: 1.1.3
233+
app.kubernetes.io/version: 1.12.1
250234
name: <NAMESPACE>-ingress-nginx-admission
251235
rules:
252236
- apiGroups:
@@ -265,7 +249,7 @@ metadata:
265249
app.kubernetes.io/instance: <NAMESPACE>
266250
app.kubernetes.io/name: ingress-nginx
267251
app.kubernetes.io/part-of: ingress-nginx
268-
app.kubernetes.io/version: 1.1.3
252+
app.kubernetes.io/version: 1.12.1
269253
name: <NAMESPACE>-ingress-nginx
270254
namespace: <NAMESPACE>
271255
roleRef:
@@ -285,7 +269,7 @@ metadata:
285269
app.kubernetes.io/instance: <NAMESPACE>
286270
app.kubernetes.io/name: ingress-nginx
287271
app.kubernetes.io/part-of: ingress-nginx
288-
app.kubernetes.io/version: 1.1.3
272+
app.kubernetes.io/version: 1.12.1
289273
name: <NAMESPACE>-ingress-nginx-admission
290274
namespace: <NAMESPACE>
291275
roleRef:
@@ -304,7 +288,7 @@ metadata:
304288
app.kubernetes.io/instance: <NAMESPACE>
305289
app.kubernetes.io/name: ingress-nginx
306290
app.kubernetes.io/part-of: ingress-nginx
307-
app.kubernetes.io/version: 1.1.3
291+
app.kubernetes.io/version: 1.12.1
308292
name: <NAMESPACE>-ingress-nginx
309293
roleRef:
310294
apiGroup: rbac.authorization.k8s.io
@@ -323,7 +307,7 @@ metadata:
323307
app.kubernetes.io/instance: <NAMESPACE>
324308
app.kubernetes.io/name: ingress-nginx
325309
app.kubernetes.io/part-of: ingress-nginx
326-
app.kubernetes.io/version: 1.1.3
310+
app.kubernetes.io/version: 1.12.1
327311
name: <NAMESPACE>-ingress-nginx-admission
328312
roleRef:
329313
apiGroup: rbac.authorization.k8s.io
@@ -336,15 +320,15 @@ subjects:
336320
---
337321
apiVersion: v1
338322
data:
339-
allow-snippet-annotations: "true"
323+
allow-snippet-annotations: 'true'
340324
kind: ConfigMap
341325
metadata:
342326
labels:
343327
app.kubernetes.io/component: controller
344328
app.kubernetes.io/instance: <NAMESPACE>
345329
app.kubernetes.io/name: ingress-nginx
346330
app.kubernetes.io/part-of: ingress-nginx
347-
app.kubernetes.io/version: 1.1.3
331+
app.kubernetes.io/version: 1.12.1
348332
name: <NAMESPACE>-ingress-nginx-controller
349333
namespace: <NAMESPACE>
350334
---
@@ -356,7 +340,7 @@ metadata:
356340
app.kubernetes.io/instance: <NAMESPACE>
357341
app.kubernetes.io/name: ingress-nginx
358342
app.kubernetes.io/part-of: ingress-nginx
359-
app.kubernetes.io/version: 1.1.3
343+
app.kubernetes.io/version: 1.12.1
360344
name: <NAMESPACE>-ingress-nginx-controller
361345
namespace: <NAMESPACE>
362346
spec:
@@ -389,7 +373,7 @@ metadata:
389373
app.kubernetes.io/instance: <NAMESPACE>
390374
app.kubernetes.io/name: ingress-nginx
391375
app.kubernetes.io/part-of: ingress-nginx
392-
app.kubernetes.io/version: 1.1.3
376+
app.kubernetes.io/version: 1.12.1
393377
name: <NAMESPACE>-ingress-nginx-controller-admission
394378
namespace: <NAMESPACE>
395379
spec:
@@ -412,7 +396,7 @@ metadata:
412396
app.kubernetes.io/instance: <NAMESPACE>
413397
app.kubernetes.io/name: ingress-nginx
414398
app.kubernetes.io/part-of: ingress-nginx
415-
app.kubernetes.io/version: 1.1.3
399+
app.kubernetes.io/version: 1.12.1
416400
name: <NAMESPACE>-ingress-nginx-controller
417401
namespace: <NAMESPACE>
418402
spec:
@@ -436,7 +420,7 @@ spec:
436420
- args:
437421
- /nginx-ingress-controller
438422
- --publish-service=$(POD_NAMESPACE)/<NAMESPACE>-ingress-nginx-controller
439-
- --election-id=ingress-controller-leader
423+
- --election-id=ingress-nginx-leader
440424
- --controller-class=k8s.io/ingress-nginx
441425
- --ingress-class=nginx
442426
- --configmap=$(POD_NAMESPACE)/<NAMESPACE>-ingress-nginx-controller
@@ -455,7 +439,7 @@ spec:
455439
fieldPath: metadata.namespace
456440
- name: LD_PRELOAD
457441
value: /usr/local/lib/libmimalloc.so
458-
image: registry.k8s.io/ingress-nginx/controller:v1.4.0@sha256:34ee929b111ffc7aa426ffd409af44da48e5a0eea1eb2207994d9e0c0882d143
442+
image: registry.k8s.io/ingress-nginx/controller:v1.12.1@sha256:d2fbc4ec70d8aa2050dd91a91506e998765e86c96f32cffb56c503c9c34eed5b
459443
imagePullPolicy: IfNotPresent
460444
lifecycle:
461445
preStop:
@@ -498,13 +482,18 @@ spec:
498482
cpu: 100m
499483
memory: 90Mi
500484
securityContext:
501-
allowPrivilegeEscalation: true
485+
allowPrivilegeEscalation: false
502486
capabilities:
503487
add:
504488
- NET_BIND_SERVICE
505489
drop:
506490
- ALL
507491
runAsUser: 101
492+
readOnlyRootFilesystem: false
493+
runAsGroup: 82
494+
runAsNonRoot: true
495+
seccompProfile:
496+
type: RuntimeDefault
508497
volumeMounts:
509498
- mountPath: /usr/local/certificates/
510499
name: webhook-cert
@@ -527,7 +516,7 @@ metadata:
527516
app.kubernetes.io/instance: <NAMESPACE>
528517
app.kubernetes.io/name: ingress-nginx
529518
app.kubernetes.io/part-of: ingress-nginx
530-
app.kubernetes.io/version: 1.1.3
519+
app.kubernetes.io/version: 1.12.1
531520
name: <NAMESPACE>-ingress-nginx-admission-create
532521
namespace: <NAMESPACE>
533522
spec:
@@ -539,7 +528,7 @@ spec:
539528
app.kubernetes.io/instance: <NAMESPACE>
540529
app.kubernetes.io/name: ingress-nginx
541530
app.kubernetes.io/part-of: ingress-nginx
542-
app.kubernetes.io/version: 1.1.3
531+
app.kubernetes.io/version: 1.12.1
543532
name: <NAMESPACE>-ingress-nginx-admission-create
544533
spec:
545534
containers:
@@ -553,18 +542,14 @@ spec:
553542
valueFrom:
554543
fieldRef:
555544
fieldPath: metadata.namespace
556-
image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f
545+
image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20231226-1a7112e06@sha256:25d6a5f11211cc5c3f9f2bf552b585374af287b4debf693cacbe2da47daa5084
557546
imagePullPolicy: IfNotPresent
558547
name: create
559548
securityContext:
560549
allowPrivilegeEscalation: false
561550
nodeSelector:
562551
kubernetes.io/os: linux
563552
restartPolicy: OnFailure
564-
securityContext:
565-
fsGroup: 2000
566-
runAsNonRoot: true
567-
runAsUser: 2000
568553
serviceAccountName: <NAMESPACE>-ingress-nginx-admission
569554
---
570555
apiVersion: batch/v1
@@ -575,7 +560,7 @@ metadata:
575560
app.kubernetes.io/instance: <NAMESPACE>
576561
app.kubernetes.io/name: ingress-nginx
577562
app.kubernetes.io/part-of: ingress-nginx
578-
app.kubernetes.io/version: 1.1.3
563+
app.kubernetes.io/version: 1.12.1
579564
name: <NAMESPACE>-ingress-nginx-admission-patch
580565
namespace: <NAMESPACE>
581566
spec:
@@ -587,7 +572,7 @@ spec:
587572
app.kubernetes.io/instance: <NAMESPACE>
588573
app.kubernetes.io/name: ingress-nginx
589574
app.kubernetes.io/part-of: ingress-nginx
590-
app.kubernetes.io/version: 1.1.3
575+
app.kubernetes.io/version: 1.12.1
591576
name: <NAMESPACE>-ingress-nginx-admission-patch
592577
spec:
593578
containers:
@@ -603,18 +588,14 @@ spec:
603588
valueFrom:
604589
fieldRef:
605590
fieldPath: metadata.namespace
606-
image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f
591+
image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20231226-1a7112e06@sha256:25d6a5f11211cc5c3f9f2bf552b585374af287b4debf693cacbe2da47daa5084
607592
imagePullPolicy: IfNotPresent
608593
name: patch
609594
securityContext:
610595
allowPrivilegeEscalation: false
611596
nodeSelector:
612597
kubernetes.io/os: linux
613598
restartPolicy: OnFailure
614-
securityContext:
615-
fsGroup: 2000
616-
runAsNonRoot: true
617-
runAsUser: 2000
618599
serviceAccountName: <NAMESPACE>-ingress-nginx-admission
619600
---
620601
apiVersion: networking.k8s.io/v1
@@ -625,7 +606,7 @@ metadata:
625606
app.kubernetes.io/instance: <NAMESPACE>
626607
app.kubernetes.io/name: ingress-nginx
627608
app.kubernetes.io/part-of: ingress-nginx
628-
app.kubernetes.io/version: 1.1.3
609+
app.kubernetes.io/version: 1.12.1
629610
name: nginx
630611
spec:
631612
controller: k8s.io/ingress-nginx
@@ -638,7 +619,7 @@ metadata:
638619
app.kubernetes.io/instance: <NAMESPACE>
639620
app.kubernetes.io/name: ingress-nginx
640621
app.kubernetes.io/part-of: ingress-nginx
641-
app.kubernetes.io/version: 1.1.3
622+
app.kubernetes.io/version: 1.12.1
642623
name: <NAMESPACE>-ingress-nginx-admission
643624
webhooks:
644625
- admissionReviewVersions:

0 commit comments

Comments
 (0)