ingress-nginx: Upgrade to 0.16.2

ingress-nginx 0.16.2 (https://github.com/kubernetes/ingress-nginx/releases/tag/nginx-0.16.2) This patch simplify ingress-nginx deployment by default deploy on master, with customizable options; on the other hand, remove the additional Ansible group "kube-ingress" and its k8s node label injection. Reference to https://kubernetes.io/docs/concepts/services-networking/ingress/#prerequisites: GCE/Google Kubernetes Engine deploys an ingress controller on the master. By changing `ingress_nginx_nodeselector` plus custom k8s node label, user could customize the DaemonSet deployment target. If `ingress_nginx_nodeselector` is empty, will deploy DaemonSet on every k8s node.
2026-03-09 19:58:07 +03:00 · 2018-06-07 17:25:25 +08:00
parent 9e19159547
commit a0defefb3f
20 changed files with 82 additions and 50 deletions
--- a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/ds-ingress-nginx-controller.yml.j2
+++ b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/ds-ingress-nginx-controller.yml.j2
@@ -0,0 +1,90 @@
+---
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: ingress-nginx-controller
+  namespace: {{ ingress_nginx_namespace }}
+  labels:
+    k8s-app: ingress-nginx
+    version: v{{ ingress_nginx_controller_image_tag }}
+spec:
+  selector:
+    matchLabels:
+      k8s-app: ingress-nginx
+      version: v{{ ingress_nginx_controller_image_tag }}
+  template:
+    metadata:
+      labels:
+        k8s-app: ingress-nginx
+        version: v{{ ingress_nginx_controller_image_tag }}
+      annotations:
+        prometheus.io/port: '10254'
+        prometheus.io/scrape: 'true'
+    spec:
+{% if rbac_enabled %}
+      serviceAccountName: ingress-nginx
+{% endif %}
+{% if ingress_nginx_host_network %}
+      hostNetwork: true
+{% endif %}
+{% if ingress_nginx_nodeselector %}
+      nodeSelector:
+        {{ ingress_nginx_nodeselector | to_nice_yaml }}
+{%- endif %}
+      containers:
+        - name: ingress-nginx-controller
+          image: {{ ingress_nginx_controller_image_repo }}:{{ ingress_nginx_controller_image_tag }}
+          imagePullPolicy: {{ k8s_image_pull_policy }}
+          args:
+            - /nginx-ingress-controller
+            - --default-backend-service=$(POD_NAMESPACE)/default-backend
+            - --configmap=$(POD_NAMESPACE)/ingress-nginx
+            - --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services
+            - --udp-services-configmap=$(POD_NAMESPACE)/udp-services
+            - --publish-service=$(POD_NAMESPACE)/ingress-nginx
+            - --annotations-prefix=nginx.ingress.kubernetes.io
+          securityContext:
+            capabilities:
+                drop:
+                  - ALL
+                add:
+                  - NET_BIND_SERVICE
+            # www-data -> 33
+            runAsUser: 33
+          env:
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: POD_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+          ports:
+            - name: http
+              containerPort: 80
+              hostPort: {{ ingress_nginx_insecure_port }}
+            - name: https
+              containerPort: 443
+              hostPort: {{ ingress_nginx_secure_port }}
+          livenessProbe:
+            failureThreshold: 3
+            httpGet:
+              path: /healthz
+              port: 10254
+              scheme: HTTP
+            initialDelaySeconds: 10
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 1
+          readinessProbe:
+            failureThreshold: 3
+            httpGet:
+              path: /healthz
+              port: 10254
+              scheme: HTTP
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 1
+          securityContext:
+            runAsNonRoot: false