From 0ed7e5a0e8da7f865cee8d229e01a8b0494c93cd Mon Sep 17 00:00:00 2001
From: Vaishali Raval <Vaishali.Raval@neudesic.com>
Date: Mon, 7 Feb 2022 11:18:16 +0530
Subject: [PATCH] Updated the ingress controller version and related
 configuration changes

---
 deploy/k8s/nginx-ingress/local-cm.yaml  |   6 +-
 deploy/k8s/nginx-ingress/local-svc.yaml |  11 ++-
 deploy/k8s/nginx-ingress/mandatory.yaml | 107 ++++++++++++++++++++++--
 3 files changed, 115 insertions(+), 9 deletions(-)

diff --git a/deploy/k8s/nginx-ingress/local-cm.yaml b/deploy/k8s/nginx-ingress/local-cm.yaml
index 02906afc1..ef73d1fbb 100644
--- a/deploy/k8s/nginx-ingress/local-cm.yaml
+++ b/deploy/k8s/nginx-ingress/local-cm.yaml
@@ -4,8 +4,12 @@ metadata:
   labels:
     app.kubernetes.io/name: ingress-nginx
     app.kubernetes.io/part-of: ingress-nginx
+    app.kubernetes.io/instance: ingress-nginx
+    app.kubernetes.io/version: 1.1.1
+    app.kubernetes.io/component: controller
   name: nginx-configuration
   namespace: ingress-nginx
 data:
   proxy-buffer-size: "128k"
-  proxy-buffers: "4 256k"
\ No newline at end of file
+  proxy-buffers: "4 256k"
+  allow-snippet-annotations: 'true'
\ No newline at end of file
diff --git a/deploy/k8s/nginx-ingress/local-svc.yaml b/deploy/k8s/nginx-ingress/local-svc.yaml
index 945441ab8..baef3e2a9 100644
--- a/deploy/k8s/nginx-ingress/local-svc.yaml
+++ b/deploy/k8s/nginx-ingress/local-svc.yaml
@@ -6,6 +6,9 @@ metadata:
   labels:
     app.kubernetes.io/name: ingress-nginx
     app.kubernetes.io/part-of: ingress-nginx
+    app.kubernetes.io/instance: ingress-nginx
+    app.kubernetes.io/version: 1.1.1
+    app.kubernetes.io/component: controller
 spec:
   externalTrafficPolicy: Local
   type: LoadBalancer
@@ -15,7 +18,13 @@ spec:
   ports:
     - name: http
       port: 80
+      protocol: TCP
       targetPort: http
     - name: https
       port: 443
-      targetPort: https
\ No newline at end of file
+      targetPort: https
+      protocol: TCP
+  selector:
+    app.kubernetes.io/name: ingress-nginx
+    app.kubernetes.io/instance: ingress-nginx
+    app.kubernetes.io/component: controller
\ No newline at end of file
diff --git a/deploy/k8s/nginx-ingress/mandatory.yaml b/deploy/k8s/nginx-ingress/mandatory.yaml
index 8fd74f681..a7987fd02 100644
--- a/deploy/k8s/nginx-ingress/mandatory.yaml
+++ b/deploy/k8s/nginx-ingress/mandatory.yaml
@@ -24,6 +24,9 @@ metadata:
   labels:
     app.kubernetes.io/name: ingress-nginx
     app.kubernetes.io/part-of: ingress-nginx
+    app.kubernetes.io/instance: ingress-nginx
+    app.kubernetes.io/version: 1.1.1
+    app.kubernetes.io/component: controller
 
 ---
 apiVersion: rbac.authorization.k8s.io/v1
@@ -33,6 +36,8 @@ metadata:
   labels:
     app.kubernetes.io/name: ingress-nginx
     app.kubernetes.io/part-of: ingress-nginx
+    app.kubernetes.io/instance: ingress-nginx
+    app.kubernetes.io/version: 1.1.1
 rules:
   - apiGroups:
       - ""
@@ -42,6 +47,7 @@ rules:
       - nodes
       - pods
       - secrets
+      - namespaces
     verbs:
       - list
       - watch
@@ -60,7 +66,7 @@ rules:
       - list
       - watch
   - apiGroups:
-      - "extensions"
+      - networking.k8s.io
     resources:
       - ingresses
     verbs:
@@ -75,11 +81,19 @@ rules:
       - create
       - patch
   - apiGroups:
-      - "extensions"
+      - networking.k8s.io
     resources:
       - ingresses/status
     verbs:
       - update
+  - apiGroups:
+      - networking.k8s.io
+    resources:
+      - ingressclasses
+    verbs:
+      - get
+      - list
+      - watch
 
 ---
 apiVersion: rbac.authorization.k8s.io/v1
@@ -90,18 +104,59 @@ metadata:
   labels:
     app.kubernetes.io/name: ingress-nginx
     app.kubernetes.io/part-of: ingress-nginx
+    app.kubernetes.io/instance: ingress-nginx
+    app.kubernetes.io/version: 1.1.1
+    app.kubernetes.io/component: controller
 rules:
   - apiGroups:
       - ""
+    resources:
+      - namespaces
+    verbs:
+      - get
+  - apiGroups:
+      - ''
     resources:
       - configmaps
       - pods
       - secrets
-      - namespaces
+      - endpoints
     verbs:
       - get
+      - list
+      - watch
   - apiGroups:
-      - ""
+      - ''
+    resources:
+      - services
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - networking.k8s.io
+    resources:
+      - ingresses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - networking.k8s.io
+    resources:
+      - ingresses/status
+    verbs:
+      - update
+  - apiGroups:
+      - networking.k8s.io
+    resources:
+      - ingressclasses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - ''
     resources:
       - configmaps
     resourceNames:
@@ -122,9 +177,11 @@ rules:
   - apiGroups:
       - ""
     resources:
-      - endpoints
+      - events
     verbs:
       - get
+      - create
+      - patch
 
 ---
 apiVersion: rbac.authorization.k8s.io/v1
@@ -135,6 +192,9 @@ metadata:
   labels:
     app.kubernetes.io/name: ingress-nginx
     app.kubernetes.io/part-of: ingress-nginx
+    app.kubernetes.io/instance: ingress-nginx
+    app.kubernetes.io/version: 1.1.1
+    app.kubernetes.io/component: controller
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: Role
@@ -152,6 +212,8 @@ metadata:
   labels:
     app.kubernetes.io/name: ingress-nginx
     app.kubernetes.io/part-of: ingress-nginx
+    app.kubernetes.io/instance: ingress-nginx
+    app.kubernetes.io/version: 1.1.1
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
@@ -171,17 +233,26 @@ metadata:
   labels:
     app.kubernetes.io/name: ingress-nginx
     app.kubernetes.io/part-of: ingress-nginx
+    app.kubernetes.io/instance: ingress-nginx
+    app.kubernetes.io/version: 1.1.1
+    app.kubernetes.io/component: controller
 spec:
   replicas: 1
   selector:
     matchLabels:
       app.kubernetes.io/name: ingress-nginx
       app.kubernetes.io/part-of: ingress-nginx
+      app.kubernetes.io/instance: ingress-nginx
+      app.kubernetes.io/component: controller
+  revisionHistoryLimit: 10
+  minReadySeconds: 0
   template:
     metadata:
       labels:
         app.kubernetes.io/name: ingress-nginx
         app.kubernetes.io/part-of: ingress-nginx
+        app.kubernetes.io/instance: ingress-nginx
+        app.kubernetes.io/component: controller
       annotations:
         prometheus.io/port: "10254"
         prometheus.io/scrape: "true"
@@ -189,7 +260,13 @@ spec:
       serviceAccountName: nginx-ingress-serviceaccount
       containers:
         - name: nginx-ingress-controller
-          image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.20.0
+          image:  k8s.gcr.io/ingress-nginx/controller:v1.1.1@sha256:0bc88eb15f9e7f84e8e56c14fa5735aaa488b840983f87bd79b1054190e660de
+          imagePullPolicy: IfNotPresent
+          lifecycle:
+            preStop:
+              exec:
+                command:
+                  - /wait-shutdown
           args:
             - /nginx-ingress-controller
             - --configmap=$(POD_NAMESPACE)/nginx-configuration
@@ -202,7 +279,8 @@ spec:
               add:
                 - NET_BIND_SERVICE
             # www-data -> 33
-            runAsUser: 33
+            runAsUser: 101
+            allowPrivilegeEscalation: true
           env:
             - name: POD_NAME
               valueFrom:
@@ -236,3 +314,18 @@ spec:
             periodSeconds: 10
             successThreshold: 1
             timeoutSeconds: 1
+
+---
+
+apiVersion: networking.k8s.io/v1
+kind: IngressClass
+metadata:
+  labels:
+    app.kubernetes.io/name: ingress-nginx
+    app.kubernetes.io/instance: ingress-nginx
+    app.kubernetes.io/version: 1.1.1
+    app.kubernetes.io/component: controller
+  name: nginx
+  namespace: ingress-nginx
+spec:
+  controller: k8s.io/ingress-nginx
\ No newline at end of file