diff --git a/deploy/addons/ingress-dns/example/example.yaml b/deploy/addons/ingress-dns/example/example.yaml index e1906c2149..d166deb3ef 100644 --- a/deploy/addons/ingress-dns/example/example.yaml +++ b/deploy/addons/ingress-dns/example/example.yaml @@ -38,6 +38,9 @@ kind: Ingress metadata: name: example-ingress namespace: kube-system + annotations: + # use the shared ingress-nginx + kubernetes.io/ingress.class: nginx spec: rules: - host: hello-john.test diff --git a/deploy/addons/ingress-dns/ingress-dns-pod.yaml.tmpl b/deploy/addons/ingress-dns/ingress-dns-pod.yaml.tmpl index 4eaa00a48f..1cf7cb74c5 100644 --- a/deploy/addons/ingress-dns/ingress-dns-pod.yaml.tmpl +++ b/deploy/addons/ingress-dns/ingress-dns-pod.yaml.tmpl @@ -22,7 +22,6 @@ metadata: app: minikube-ingress-dns kubernetes.io/bootstrapping: rbac-defaults app.kubernetes.io/part-of: kube-system - addonmanager.kubernetes.io/mode: Reconcile --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -33,7 +32,6 @@ metadata: app: minikube-ingress-dns kubernetes.io/bootstrapping: rbac-defaults app.kubernetes.io/part-of: kube-system - addonmanager.kubernetes.io/mode: Reconcile gcp-auth-skip-secret: "true" rules: - apiGroups: @@ -56,7 +54,6 @@ metadata: app: minikube-ingress-dns kubernetes.io/bootstrapping: rbac-defaults app.kubernetes.io/part-of: kube-system - addonmanager.kubernetes.io/mode: Reconcile roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -74,13 +71,12 @@ metadata: labels: app: minikube-ingress-dns app.kubernetes.io/part-of: kube-system - addonmanager.kubernetes.io/mode: Reconcile spec: serviceAccountName: minikube-ingress-dns hostNetwork: true containers: - name: minikube-ingress-dns - image: {{.CustomRegistries.IngressDNS | default .ImageRepository | default .Registries.IngressDNS }}{{.Images.IngressDNS}} + image: {{.CustomRegistries.IngressDNS | default .ImageRepository | default .Registries.IngressDNS }}{{.Images.IngressDNS}} imagePullPolicy: IfNotPresent ports: - containerPort: 53 @@ -91,4 +87,4 @@ spec: - name: POD_IP valueFrom: fieldRef: - fieldPath: status.podIP \ No newline at end of file + fieldPath: status.podIP diff --git a/deploy/addons/ingress/ingress-configmap.yaml.tmpl b/deploy/addons/ingress/ingress-configmap.yaml.tmpl deleted file mode 100644 index 37817eaae3..0000000000 --- a/deploy/addons/ingress/ingress-configmap.yaml.tmpl +++ /dev/null @@ -1,58 +0,0 @@ -# Copyright 2016 The Kubernetes Authors All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: Namespace -metadata: - name: ingress-nginx - labels: - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx - addonmanager.kubernetes.io/mode: Reconcile ---- -apiVersion: v1 -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/component: controller - addonmanager.kubernetes.io/mode: EnsureExists - name: ingress-nginx-controller - namespace: ingress-nginx -data: - # see https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/configmap.md for all possible options and their description - hsts: "false" ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: tcp-services - namespace: ingress-nginx - labels: - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/component: controller - addonmanager.kubernetes.io/mode: EnsureExists ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: udp-services - namespace: ingress-nginx - labels: - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/component: controller - addonmanager.kubernetes.io/mode: EnsureExists diff --git a/deploy/addons/ingress/ingress-deploy.yaml.tmpl b/deploy/addons/ingress/ingress-deploy.yaml.tmpl new file mode 100644 index 0000000000..4f0c6a6bed --- /dev/null +++ b/deploy/addons/ingress/ingress-deploy.yaml.tmpl @@ -0,0 +1,632 @@ +# Copyright 2021 The Kubernetes Authors All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Namespace +metadata: + name: ingress-nginx + labels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: ingress-nginx + +--- +# Source: ingress-nginx/templates/controller-serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/component: controller + name: ingress-nginx + namespace: ingress-nginx +automountServiceAccountToken: true +--- +# Source: ingress-nginx/templates/controller-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/component: controller + name: ingress-nginx-controller + namespace: ingress-nginx +data: + # see https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/configmap.md for all possible options and their description + hsts: "false" +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: tcp-services + namespace: ingress-nginx + labels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/component: controller +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: udp-services + namespace: ingress-nginx + labels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/component: controller +--- +# Source: ingress-nginx/templates/clusterrole.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: ingress-nginx + name: ingress-nginx +rules: + - apiGroups: + - '' + resources: + - configmaps + - endpoints + - nodes + - pods + - secrets + verbs: + - list + - watch + - apiGroups: + - '' + resources: + - nodes + verbs: + - get + - apiGroups: + - '' + resources: + - services + verbs: + - get + - list + - watch + - apiGroups: + - extensions + - networking.k8s.io # k8s 1.14+ + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - '' + resources: + - events + verbs: + - create + - patch + - apiGroups: + - extensions + - networking.k8s.io # k8s 1.14+ + resources: + - ingresses/status + verbs: + - update + - apiGroups: + - networking.k8s.io # k8s 1.14+ + resources: + - ingressclasses + verbs: + - get + - list + - watch +--- +# Source: ingress-nginx/templates/clusterrolebinding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: ingress-nginx + name: ingress-nginx +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: ingress-nginx +subjects: + - kind: ServiceAccount + name: ingress-nginx + namespace: ingress-nginx +--- +# Source: ingress-nginx/templates/controller-role.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/component: controller + name: ingress-nginx + namespace: ingress-nginx +rules: + - apiGroups: + - '' + resources: + - namespaces + verbs: + - get + - apiGroups: + - '' + resources: + - configmaps + - pods + - secrets + - endpoints + verbs: + - get + - list + - watch + - apiGroups: + - '' + resources: + - services + verbs: + - get + - list + - watch + - apiGroups: + - extensions + - networking.k8s.io # k8s 1.14+ + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - extensions + - networking.k8s.io # k8s 1.14+ + resources: + - ingresses/status + verbs: + - update + - apiGroups: + - networking.k8s.io # k8s 1.14+ + resources: + - ingressclasses + verbs: + - get + - list + - watch + - apiGroups: + - '' + resources: + - configmaps + resourceNames: + - ingress-controller-leader-nginx + verbs: + - get + - update + - apiGroups: + - '' + resources: + - configmaps + verbs: + - create + - apiGroups: + - '' + resources: + - events + verbs: + - create + - patch +--- +# Source: ingress-nginx/templates/controller-rolebinding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/component: controller + name: ingress-nginx + namespace: ingress-nginx +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ingress-nginx +subjects: + - kind: ServiceAccount + name: ingress-nginx + namespace: ingress-nginx +--- +# Source: ingress-nginx/templates/controller-service-webhook.yaml +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/component: controller + name: ingress-nginx-controller-admission + namespace: ingress-nginx +spec: + type: ClusterIP + ports: + - name: https-webhook + port: 443 + targetPort: webhook + selector: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/component: controller +--- +# Source: ingress-nginx/templates/controller-service.yaml +apiVersion: v1 +kind: Service +metadata: + annotations: + labels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/component: controller + name: ingress-nginx-controller + namespace: ingress-nginx +spec: + type: NodePort + ports: + - name: http + port: 80 + protocol: TCP + targetPort: http + - name: https + port: 443 + protocol: TCP + targetPort: https + selector: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/component: controller +--- +# Source: ingress-nginx/templates/controller-deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/component: controller + name: ingress-nginx-controller + namespace: ingress-nginx +spec: + selector: + matchLabels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/component: controller + revisionHistoryLimit: 10 + strategy: + rollingUpdate: + maxUnavailable: 1 + type: RollingUpdate + minReadySeconds: 0 + template: + metadata: + labels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/component: controller + gcp-auth-skip-secret: "true" + spec: + dnsPolicy: ClusterFirst + containers: + - name: controller + image: {{.CustomRegistries.IngressController | default .ImageRepository | default .Registries.IngressController}}{{.Images.IngressController}} + imagePullPolicy: IfNotPresent + lifecycle: + preStop: + exec: + command: + - /wait-shutdown + args: + - /nginx-ingress-controller + - --election-id=ingress-controller-leader + - --ingress-class=nginx + - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller + - --report-node-internal-ip-address + - --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services + - --udp-services-configmap=$(POD_NAMESPACE)/udp-services + - --validating-webhook=:8443 + - --validating-webhook-certificate=/usr/local/certificates/cert + - --validating-webhook-key=/usr/local/certificates/key + {{if .CustomIngressCert}} + - --default-ssl-certificate={{ .CustomIngressCert }} + {{end}} + securityContext: + capabilities: + drop: + - ALL + add: + - NET_BIND_SERVICE + runAsUser: 101 + allowPrivilegeEscalation: true + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: LD_PRELOAD + value: /usr/local/lib/libmimalloc.so + livenessProbe: + failureThreshold: 5 + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + readinessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + ports: + - name: http + containerPort: 80 + protocol: TCP + hostPort: 80 + - name: https + containerPort: 443 + protocol: TCP + hostPort: 443 + - name: webhook + containerPort: 8443 + protocol: TCP + volumeMounts: + - name: webhook-cert + mountPath: /usr/local/certificates/ + readOnly: true + resources: + requests: + cpu: 100m + memory: 90Mi + serviceAccountName: ingress-nginx + volumes: + - name: webhook-cert + secret: + secretName: ingress-nginx-admission +--- +# Source: ingress-nginx/templates/admission-webhooks/validating-webhook.yaml +# before changing this value, check the required kubernetes version +# https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#prerequisites +# Currently(v0.49.0), ValidatingWebhookConfiguration of this validates v1beta1 request +# TODO(govargo): check this after upstream ingress-nginx can validate v1 version +# https://github.com/kubernetes/ingress-nginx/blob/controller-v0.49.0/internal/admission/controller/main.go#L46-L52 +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + labels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/component: admission-webhook + name: ingress-nginx-admission +webhooks: + - name: validate.nginx.ingress.kubernetes.io + matchPolicy: Equivalent + rules: + - apiGroups: + - networking.k8s.io + apiVersions: + - {{.IngressAPIVersion}} + operations: + - CREATE + - UPDATE + resources: + - ingresses + failurePolicy: Fail + sideEffects: None + admissionReviewVersions: + {{if eq .IngressAPIVersion "v1beta1"}} + - v1 + {{end}} + - {{.IngressAPIVersion}} + clientConfig: + service: + namespace: ingress-nginx + name: ingress-nginx-controller-admission + path: /networking/{{.IngressAPIVersion}}/ingresses +--- +# Source: ingress-nginx/templates/admission-webhooks/job-patch/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: ingress-nginx-admission + namespace: ingress-nginx + annotations: + labels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/component: admission-webhook +--- +# Source: ingress-nginx/templates/admission-webhooks/job-patch/clusterrole.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: ingress-nginx-admission + annotations: + labels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/component: admission-webhook +rules: + - apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + verbs: + - get + - update +--- +# Source: ingress-nginx/templates/admission-webhooks/job-patch/clusterrolebinding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: ingress-nginx-admission + annotations: + labels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/component: admission-webhook +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: ingress-nginx-admission +subjects: + - kind: ServiceAccount + name: ingress-nginx-admission + namespace: ingress-nginx +--- +# Source: ingress-nginx/templates/admission-webhooks/job-patch/role.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: ingress-nginx-admission + namespace: ingress-nginx + annotations: + labels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/component: admission-webhook +rules: + - apiGroups: + - '' + resources: + - secrets + verbs: + - get + - create +--- +# Source: ingress-nginx/templates/admission-webhooks/job-patch/rolebinding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: ingress-nginx-admission + namespace: ingress-nginx + annotations: + labels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/component: admission-webhook +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ingress-nginx-admission +subjects: + - kind: ServiceAccount + name: ingress-nginx-admission + namespace: ingress-nginx +--- +# Source: ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml +apiVersion: batch/v1 +kind: Job +metadata: + name: ingress-nginx-admission-create + namespace: ingress-nginx + annotations: + labels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/component: admission-webhook +spec: + template: + metadata: + name: ingress-nginx-admission-create + labels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/component: admission-webhook + spec: + containers: + - name: create + image: {{.CustomRegistries.KubeWebhookCertgenCreate | default .ImageRepository | default .Registries.KubeWebhookCertgenCreate }}{{.Images.KubeWebhookCertgenCreate}} + imagePullPolicy: IfNotPresent + args: + - create + - --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.$(POD_NAMESPACE).svc + - --namespace=$(POD_NAMESPACE) + - --secret-name=ingress-nginx-admission + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + restartPolicy: OnFailure + serviceAccountName: ingress-nginx-admission + securityContext: + runAsNonRoot: true + runAsUser: 2000 +--- +# Source: ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml +apiVersion: batch/v1 +kind: Job +metadata: + name: ingress-nginx-admission-patch + namespace: ingress-nginx + annotations: + labels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/component: admission-webhook +spec: + template: + metadata: + name: ingress-nginx-admission-patch + labels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/component: admission-webhook + spec: + containers: + - name: patch + image: {{.CustomRegistries.KubeWebhookCertgenPatch | default .ImageRepository | default .Registries.KubeWebhookCertgenPatch }}{{.Images.KubeWebhookCertgenPatch}} + imagePullPolicy: IfNotPresent + args: + - patch + - --webhook-name=ingress-nginx-admission + - --namespace=$(POD_NAMESPACE) + - --patch-mutating=false + - --secret-name=ingress-nginx-admission + - --patch-failure-policy=Fail + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + restartPolicy: OnFailure + serviceAccountName: ingress-nginx-admission + securityContext: + runAsNonRoot: true + runAsUser: 2000 diff --git a/deploy/addons/ingress/ingress-dp.yaml.tmpl b/deploy/addons/ingress/ingress-dp.yaml.tmpl deleted file mode 100644 index 694534c936..0000000000 --- a/deploy/addons/ingress/ingress-dp.yaml.tmpl +++ /dev/null @@ -1,299 +0,0 @@ -# Copyright 2016 The Kubernetes Authors All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/component: controller - addonmanager.kubernetes.io/mode: Reconcile - name: ingress-nginx-controller-admission - namespace: ingress-nginx -spec: - type: ClusterIP - ports: - - name: https-webhook - port: 443 - targetPort: webhook - selector: - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/component: controller ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/component: controller - addonmanager.kubernetes.io/mode: Reconcile - name: ingress-nginx-controller - namespace: ingress-nginx -spec: - type: NodePort - ports: - - name: http - port: 80 - protocol: TCP - targetPort: http - - name: https - port: 443 - protocol: TCP - targetPort: https - selector: - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/component: controller ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: ingress-nginx-controller - namespace: ingress-nginx - labels: - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/component: controller - addonmanager.kubernetes.io/mode: Reconcile -spec: - selector: - matchLabels: - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/component: controller - addonmanager.kubernetes.io/mode: Reconcile - revisionHistoryLimit: 10 - strategy: - rollingUpdate: - maxUnavailable: 1 - type: RollingUpdate - minReadySeconds: 0 - template: - metadata: - labels: - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/component: controller - addonmanager.kubernetes.io/mode: Reconcile - gcp-auth-skip-secret: "true" - spec: - dnsPolicy: ClusterFirst - containers: - - name: controller - image: {{.CustomRegistries.IngressController | default .ImageRepository | default .Registries.IngressController }}{{.Images.IngressController}} - imagePullPolicy: IfNotPresent - lifecycle: - preStop: - exec: - command: - - /wait-shutdown - args: - - /nginx-ingress-controller - - --ingress-class=nginx - - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller - - --report-node-internal-ip-address - - --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services - - --udp-services-configmap=$(POD_NAMESPACE)/udp-services - - --validating-webhook=:8443 - - --validating-webhook-certificate=/usr/local/certificates/cert - - --validating-webhook-key=/usr/local/certificates/key - {{if .CustomIngressCert}} - - --default-ssl-certificate={{ .CustomIngressCert }} - {{end}} - securityContext: - capabilities: - drop: - - ALL - add: - - NET_BIND_SERVICE - runAsUser: 101 - allowPrivilegeEscalation: true - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: LD_PRELOAD - value: /usr/local/lib/libmimalloc.so - livenessProbe: - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - timeoutSeconds: 1 - successThreshold: 1 - failureThreshold: 5 - readinessProbe: - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - timeoutSeconds: 1 - successThreshold: 1 - failureThreshold: 3 - ports: - - name: http - containerPort: 80 - protocol: TCP - hostPort: 80 - - name: https - containerPort: 443 - protocol: TCP - hostPort: 443 - - name: webhook - containerPort: 8443 - protocol: TCP - volumeMounts: - - name: webhook-cert - mountPath: /usr/local/certificates/ - readOnly: true - resources: - requests: - cpu: 100m - memory: 90Mi - serviceAccountName: ingress-nginx - volumes: - - name: webhook-cert - secret: - secretName: ingress-nginx-admission ---- -# Currently(v0.44.0), ValidatingWebhookConfiguration of this validates v1beta1 request -# TODO(govargo): check this after upstream ingress-nginx can validate v1 version -# https://github.com/kubernetes/ingress-nginx/blob/controller-v0.44.0/internal/admission/controller/main.go#L46-L52 -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - labels: - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/component: admission-webhook - addonmanager.kubernetes.io/mode: Reconcile - name: ingress-nginx-admission -webhooks: - - name: validate.nginx.ingress.kubernetes.io - matchPolicy: Equivalent - rules: - - apiGroups: - - networking.k8s.io - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - ingresses - failurePolicy: Fail - sideEffects: None - admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - namespace: ingress-nginx - name: ingress-nginx-controller-admission - path: /networking/v1beta1/ingresses ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: ingress-nginx-admission-create - labels: - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/component: admission-webhook - addonmanager.kubernetes.io/mode: Reconcile - namespace: ingress-nginx -spec: - template: - metadata: - name: ingress-nginx-admission-create - labels: - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/component: admission-webhook - addonmanager.kubernetes.io/mode: Reconcile - spec: - containers: - - name: create - image: {{.CustomRegistries.KubeWebhookCertgenCreate | default .ImageRepository | default .Registries.KubeWebhookCertgenCreate }}{{.Images.KubeWebhookCertgenCreate}} - imagePullPolicy: IfNotPresent - args: - - create - - --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.$(POD_NAMESPACE).svc - - --namespace=$(POD_NAMESPACE) - - --secret-name=ingress-nginx-admission - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - restartPolicy: OnFailure - serviceAccountName: ingress-nginx-admission - securityContext: - runAsNonRoot: true - runAsUser: 2000 ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: ingress-nginx-admission-patch - labels: - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/component: admission-webhook - addonmanager.kubernetes.io/mode: Reconcile - namespace: ingress-nginx -spec: - template: - metadata: - name: ingress-nginx-admission-patch - labels: - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/component: admission-webhook - addonmanager.kubernetes.io/mode: Reconcile - spec: - containers: - - name: patch - image: {{.CustomRegistries.KubeWebhookCertgenPatch | default .ImageRepository | default .Registries.KubeWebhookCertgenPatch }}{{.Images.KubeWebhookCertgenPatch}} - imagePullPolicy: IfNotPresent - args: - - patch - - --webhook-name=ingress-nginx-admission - - --namespace=$(POD_NAMESPACE) - - --patch-mutating=false - - --secret-name=ingress-nginx-admission - - --patch-failure-policy=Fail - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - restartPolicy: OnFailure - serviceAccountName: ingress-nginx-admission - securityContext: - runAsNonRoot: true - runAsUser: 2000 diff --git a/deploy/addons/ingress/ingress-rbac.yaml.tmpl b/deploy/addons/ingress/ingress-rbac.yaml.tmpl deleted file mode 100644 index 5a2cf139b7..0000000000 --- a/deploy/addons/ingress/ingress-rbac.yaml.tmpl +++ /dev/null @@ -1,283 +0,0 @@ ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/component: controller - addonmanager.kubernetes.io/mode: Reconcile - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx - addonmanager.kubernetes.io/mode: Reconcile - name: ingress-nginx -rules: - - apiGroups: - - '' - resources: - - configmaps - - endpoints - - nodes - - pods - - secrets - verbs: - - list - - watch - - apiGroups: - - '' - resources: - - nodes - verbs: - - get - - apiGroups: - - '' - resources: - - services - verbs: - - get - - list - - watch - - apiGroups: - - extensions - - networking.k8s.io # k8s 1.14+ - resources: - - ingresses - verbs: - - get - - list - - watch - - apiGroups: - - '' - resources: - - events - verbs: - - create - - patch - - apiGroups: - - extensions - - networking.k8s.io # k8s 1.14+ - resources: - - ingresses/status - verbs: - - update - - apiGroups: - - networking.k8s.io # k8s 1.18+ - resources: - - ingressclasses - verbs: - - get - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: ingress-nginx - labels: - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx - addonmanager.kubernetes.io/mode: Reconcile -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ingress-nginx -subjects: -- kind: ServiceAccount - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/component: controller - addonmanager.kubernetes.io/mode: Reconcile - name: ingress-nginx - namespace: ingress-nginx -rules: - - apiGroups: - - '' - resources: - - namespaces - verbs: - - get - - apiGroups: - - '' - resources: - - configmaps - - pods - - secrets - - endpoints - verbs: - - get - - list - - watch - - apiGroups: - - '' - resources: - - services - verbs: - - get - - list - - watch - - apiGroups: - - extensions - - networking.k8s.io # k8s 1.14+ - resources: - - ingresses - verbs: - - get - - list - - watch - - apiGroups: - - extensions - - networking.k8s.io # k8s 1.14+ - resources: - - ingresses/status - verbs: - - update - - apiGroups: - - networking.k8s.io # k8s 1.18+ - resources: - - ingressclasses - verbs: - - get - - list - - watch - - apiGroups: - - '' - resources: - - configmaps - resourceNames: - - ingress-controller-leader-nginx - verbs: - - get - - update - - apiGroups: - - '' - resources: - - configmaps - verbs: - - create - - apiGroups: - - '' - resources: - - events - verbs: - - create - - patch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/component: controller - addonmanager.kubernetes.io/mode: Reconcile - name: ingress-nginx - namespace: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: ingress-nginx -subjects: -- kind: ServiceAccount - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: ingress-nginx-admission - labels: - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/component: admission-webhook - addonmanager.kubernetes.io/mode: Reconcile - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: ingress-nginx-admission - labels: - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/component: admission-webhook - addonmanager.kubernetes.io/mode: Reconcile - namespace: ingress-nginx -rules: - - apiGroups: - - admissionregistration.k8s.io - resources: - - validatingwebhookconfigurations - verbs: - - get - - update ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: ingress-nginx-admission - labels: - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/component: admission-webhook - addonmanager.kubernetes.io/mode: Reconcile - namespace: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ingress-nginx-admission -subjects: - - kind: ServiceAccount - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: ingress-nginx-admission - labels: - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/component: admission-webhook - addonmanager.kubernetes.io/mode: Reconcile - namespace: ingress-nginx -rules: - - apiGroups: - - '' - resources: - - secrets - verbs: - - get - - create ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: ingress-nginx-admission - labels: - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/component: admission-webhook - addonmanager.kubernetes.io/mode: Reconcile - namespace: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: ingress-nginx-admission -subjects: - - kind: ServiceAccount - name: ingress-nginx-admission - namespace: ingress-nginx diff --git a/pkg/addons/addons.go b/pkg/addons/addons.go index ab39192932..a4510ee401 100644 --- a/pkg/addons/addons.go +++ b/pkg/addons/addons.go @@ -26,6 +26,7 @@ import ( "sync" "time" + "github.com/blang/semver/v4" "github.com/pkg/errors" "github.com/spf13/viper" @@ -44,6 +45,7 @@ import ( "k8s.io/minikube/pkg/minikube/reason" "k8s.io/minikube/pkg/minikube/style" "k8s.io/minikube/pkg/minikube/sysinit" + "k8s.io/minikube/pkg/util" "k8s.io/minikube/pkg/util/retry" ) @@ -160,6 +162,9 @@ func EnableOrDisableAddon(cc *config.ClusterConfig, name string, val string) err out.V{"driver_name": cc.Driver, "addon_name": name}) } } + if err := supportLegacyIngress(cc); err != nil { + return err + } } if strings.HasPrefix(name, "istio") && enable { @@ -246,6 +251,30 @@ func isAddonAlreadySet(cc *config.ClusterConfig, addon *assets.Addon, enable boo return false } +// maintain backwards compatibility with k8s < v1.19 +// by replacing images with old versions if custom ones are not already provided +func supportLegacyIngress(cc *config.ClusterConfig) error { + v, err := util.ParseKubernetesVersion(cc.KubernetesConfig.KubernetesVersion) + if err != nil { + return errors.Wrap(err, "parsing Kubernetes version") + } + if semver.MustParseRange("<1.19.0")(v) { + imgs := map[string]string{ + // https://github.com/kubernetes/ingress-nginx/blob/f3c50698d98299b1a61f83cb6c4bb7de0b71fb4b/deploy/static/provider/kind/deploy.yaml#L327 + "IngressController": "ingress-nginx/controller:v0.49.0@sha256:e9707504ad0d4c119036b6d41ace4a33596139d3feb9ccb6617813ce48c3eeef", + // issues: https://github.com/kubernetes/ingress-nginx/issues/7418 and https://github.com/jet/kube-webhook-certgen/issues/30 + "KubeWebhookCertgenCreate": "docker.io/jettech/kube-webhook-certgen:v1.5.1@sha256:950833e19ade18cd389d647efb88992a7cc077abedef343fa59e012d376d79b7", + "KubeWebhookCertgenPatch": "docker.io/jettech/kube-webhook-certgen:v1.5.1@sha256:950833e19ade18cd389d647efb88992a7cc077abedef343fa59e012d376d79b7", + } + for name, path := range imgs { + if _, exists := cc.CustomAddonImages[name]; !exists { + cc.CustomAddonImages[name] = path + } + } + } + return nil +} + func enableOrDisableAddonInternal(cc *config.ClusterConfig, addon *assets.Addon, runner command.Runner, data interface{}, enable bool) error { deployFiles := []string{} diff --git a/pkg/minikube/assets/addons.go b/pkg/minikube/assets/addons.go index 4dced7bdb8..e698635a5d 100755 --- a/pkg/minikube/assets/addons.go +++ b/pkg/minikube/assets/addons.go @@ -21,12 +21,15 @@ import ( "runtime" "strings" + "github.com/blang/semver/v4" + "github.com/pkg/errors" "github.com/spf13/viper" "k8s.io/minikube/deploy/addons" "k8s.io/minikube/pkg/minikube/config" "k8s.io/minikube/pkg/minikube/constants" "k8s.io/minikube/pkg/minikube/out" "k8s.io/minikube/pkg/minikube/vmpath" + "k8s.io/minikube/pkg/util" "k8s.io/minikube/pkg/version" ) @@ -230,24 +233,17 @@ var Addons = map[string]*Addon{ }), "ingress": NewAddon([]*BinAsset{ MustBinAsset(addons.IngressAssets, - "ingress/ingress-configmap.yaml.tmpl", + "ingress/ingress-deploy.yaml.tmpl", vmpath.GuestAddonsDir, - "ingress-configmap.yaml", - "0640"), - MustBinAsset(addons.IngressAssets, - "ingress/ingress-rbac.yaml.tmpl", - vmpath.GuestAddonsDir, - "ingress-rbac.yaml", - "0640"), - MustBinAsset(addons.IngressAssets, - "ingress/ingress-dp.yaml.tmpl", - vmpath.GuestAddonsDir, - "ingress-dp.yaml", + "ingress-deploy.yaml", "0640"), }, false, "ingress", "", map[string]string{ - "IngressController": "ingress-nginx/controller:v0.44.0@sha256:3dd0fac48073beaca2d67a78c746c7593f9c575168a17139a9955a82c63c4b9a", - "KubeWebhookCertgenCreate": "docker.io/jettech/kube-webhook-certgen:v1.5.1@sha256:950833e19ade18cd389d647efb88992a7cc077abedef343fa59e012d376d79b7", - "KubeWebhookCertgenPatch": "docker.io/jettech/kube-webhook-certgen:v1.5.1@sha256:950833e19ade18cd389d647efb88992a7cc077abedef343fa59e012d376d79b7", + // https://github.com/kubernetes/ingress-nginx/blob/557604f4ef526f7755d36089b617bc7686c389f9/deploy/static/provider/kind/deploy.yaml#L323 + "IngressController": "ingress-nginx/controller:v1.0.0-beta.3@sha256:44a7a06b71187a4529b0a9edee5cc22bdf71b414470eff696c3869ea8d90a695", + // https://github.com/kubernetes/ingress-nginx/blob/557604f4ef526f7755d36089b617bc7686c389f9/deploy/static/provider/kind/deploy.yaml#L612 + "KubeWebhookCertgenCreate": "k8s.gcr.io/ingress-nginx/kube-webhook-certgen:v1.0@sha256:f3b6b39a6062328c095337b4cadcefd1612348fdd5190b1dcbcb9b9e90bd8068", + // https://github.com/kubernetes/ingress-nginx/blob/557604f4ef526f7755d36089b617bc7686c389f9/deploy/static/provider/kind/deploy.yaml#L660 + "KubeWebhookCertgenPatch": "k8s.gcr.io/ingress-nginx/kube-webhook-certgen:v1.0@sha256:f3b6b39a6062328c095337b4cadcefd1612348fdd5190b1dcbcb9b9e90bd8068", }, map[string]string{ "IngressController": "k8s.gcr.io", }), @@ -795,6 +791,7 @@ func GenerateTemplateData(addon *Addon, cfg config.KubernetesConfig, netInfo Net LoadBalancerStartIP string LoadBalancerEndIP string CustomIngressCert string + IngressAPIVersion string ContainerRuntime string Images map[string]string Registries map[string]string @@ -807,6 +804,7 @@ func GenerateTemplateData(addon *Addon, cfg config.KubernetesConfig, netInfo Net LoadBalancerStartIP: cfg.LoadBalancerStartIP, LoadBalancerEndIP: cfg.LoadBalancerEndIP, CustomIngressCert: cfg.CustomIngressCert, + IngressAPIVersion: "v1", // api version for ingress (eg, "v1beta1"; defaults to "v1" for k8s 1.19+) ContainerRuntime: cfg.ContainerRuntime, Images: images, Registries: addon.Registries, @@ -820,6 +818,16 @@ func GenerateTemplateData(addon *Addon, cfg config.KubernetesConfig, netInfo Net opts.Registries = make(map[string]string) } + // maintain backwards compatibility with k8s < v1.19 + // by using v1beta1 instead of v1 api version for ingress + v, err := util.ParseKubernetesVersion(cfg.KubernetesVersion) + if err != nil { + return errors.Wrap(err, "parsing Kubernetes version") + } + if semver.MustParseRange("<1.19.0")(v) { + opts.IngressAPIVersion = "v1beta1" + } + // Network info for generating template opts.NetworkInfo["ControlPlaneNodeIP"] = netInfo.ControlPlaneNodeIP opts.NetworkInfo["ControlPlaneNodePort"] = fmt.Sprint(netInfo.ControlPlaneNodePort) diff --git a/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/containerd-api-port.yaml b/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/containerd-api-port.yaml index 9df5003de0..a6f66ca3fc 100644 --- a/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/containerd-api-port.yaml +++ b/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/containerd-api-port.yaml @@ -40,7 +40,7 @@ etcd: dataDir: /var/lib/minikube/etcd extraArgs: proxy-refresh-interval: "70000" -kubernetesVersion: v1.22.0-rc.0 +kubernetesVersion: v1.22.0 networking: dnsDomain: cluster.local podSubnet: "10.244.0.0/16" diff --git a/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/containerd-pod-network-cidr.yaml b/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/containerd-pod-network-cidr.yaml index dbb3848b7a..be1449f67c 100644 --- a/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/containerd-pod-network-cidr.yaml +++ b/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/containerd-pod-network-cidr.yaml @@ -40,7 +40,7 @@ etcd: dataDir: /var/lib/minikube/etcd extraArgs: proxy-refresh-interval: "70000" -kubernetesVersion: v1.22.0-rc.0 +kubernetesVersion: v1.22.0 networking: dnsDomain: cluster.local podSubnet: "192.168.32.0/20" diff --git a/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/containerd.yaml b/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/containerd.yaml index 0b4338aa95..17add873e8 100644 --- a/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/containerd.yaml +++ b/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/containerd.yaml @@ -40,7 +40,7 @@ etcd: dataDir: /var/lib/minikube/etcd extraArgs: proxy-refresh-interval: "70000" -kubernetesVersion: v1.22.0-rc.0 +kubernetesVersion: v1.22.0 networking: dnsDomain: cluster.local podSubnet: "10.244.0.0/16" diff --git a/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/crio-options-gates.yaml b/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/crio-options-gates.yaml index 7146db8f6a..675695d35c 100644 --- a/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/crio-options-gates.yaml +++ b/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/crio-options-gates.yaml @@ -46,7 +46,7 @@ etcd: dataDir: /var/lib/minikube/etcd extraArgs: proxy-refresh-interval: "70000" -kubernetesVersion: v1.22.0-rc.0 +kubernetesVersion: v1.22.0 networking: dnsDomain: cluster.local podSubnet: "10.244.0.0/16" diff --git a/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/crio.yaml b/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/crio.yaml index 0f98e04878..c4cdca797b 100644 --- a/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/crio.yaml +++ b/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/crio.yaml @@ -40,7 +40,7 @@ etcd: dataDir: /var/lib/minikube/etcd extraArgs: proxy-refresh-interval: "70000" -kubernetesVersion: v1.22.0-rc.0 +kubernetesVersion: v1.22.0 networking: dnsDomain: cluster.local podSubnet: "10.244.0.0/16" diff --git a/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/default.yaml b/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/default.yaml index 6a04619bf1..41c52cead9 100644 --- a/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/default.yaml +++ b/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/default.yaml @@ -40,7 +40,7 @@ etcd: dataDir: /var/lib/minikube/etcd extraArgs: proxy-refresh-interval: "70000" -kubernetesVersion: v1.22.0-rc.0 +kubernetesVersion: v1.22.0 networking: dnsDomain: cluster.local podSubnet: "10.244.0.0/16" diff --git a/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/dns.yaml b/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/dns.yaml index 9bbacc2ff8..6ad1aece47 100644 --- a/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/dns.yaml +++ b/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/dns.yaml @@ -40,7 +40,7 @@ etcd: dataDir: /var/lib/minikube/etcd extraArgs: proxy-refresh-interval: "70000" -kubernetesVersion: v1.22.0-rc.0 +kubernetesVersion: v1.22.0 networking: dnsDomain: minikube.local podSubnet: "10.244.0.0/16" diff --git a/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/image-repository.yaml b/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/image-repository.yaml index 169d8d4721..6eea4cd782 100644 --- a/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/image-repository.yaml +++ b/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/image-repository.yaml @@ -41,7 +41,7 @@ etcd: dataDir: /var/lib/minikube/etcd extraArgs: proxy-refresh-interval: "70000" -kubernetesVersion: v1.22.0-rc.0 +kubernetesVersion: v1.22.0 networking: dnsDomain: cluster.local podSubnet: "10.244.0.0/16" diff --git a/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/options.yaml b/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/options.yaml index e663396bb6..0869698959 100644 --- a/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/options.yaml +++ b/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/options.yaml @@ -43,7 +43,7 @@ etcd: dataDir: /var/lib/minikube/etcd extraArgs: proxy-refresh-interval: "70000" -kubernetesVersion: v1.22.0-rc.0 +kubernetesVersion: v1.22.0 networking: dnsDomain: cluster.local podSubnet: "10.244.0.0/16" diff --git a/pkg/minikube/constants/constants.go b/pkg/minikube/constants/constants.go index b0d425d958..162f9027fc 100644 --- a/pkg/minikube/constants/constants.go +++ b/pkg/minikube/constants/constants.go @@ -34,10 +34,10 @@ var ( const ( // DefaultKubernetesVersion is the default Kubernetes version // dont update till #10545 is solved - DefaultKubernetesVersion = "v1.21.3" + DefaultKubernetesVersion = "v1.22.1" // NewestKubernetesVersion is the newest Kubernetes version to test against // NOTE: You may need to update coreDNS & etcd versions in pkg/minikube/bootstrapper/images/images.go - NewestKubernetesVersion = "v1.22.0-rc.0" + NewestKubernetesVersion = "v1.22.2-rc.0" // OldestKubernetesVersion is the oldest Kubernetes version to test against OldestKubernetesVersion = "v1.14.0" // DefaultClusterName is the default nane for the k8s cluster diff --git a/site/content/en/docs/commands/start.md b/site/content/en/docs/commands/start.md index a57cd14c07..704501ff24 100644 --- a/site/content/en/docs/commands/start.md +++ b/site/content/en/docs/commands/start.md @@ -67,7 +67,7 @@ minikube start [flags] --interactive Allow user prompts for more information (default true) --iso-url strings Locations to fetch the minikube ISO from. (default [https://storage.googleapis.com/minikube-builds/iso/12268/minikube-v1.22.0-1628974786-12268.iso,https://github.com/kubernetes/minikube/releases/download/v1.22.0-1628974786-12268/minikube-v1.22.0-1628974786-12268.iso,https://kubernetes.oss-cn-hangzhou.aliyuncs.com/minikube/iso/minikube-v1.22.0-1628974786-12268.iso]) --keep-context This will keep the existing kubectl context and will create a minikube context. - --kubernetes-version string The Kubernetes version that the minikube VM will use (ex: v1.2.3, 'stable' for v1.21.3, 'latest' for v1.22.0-rc.0). Defaults to 'stable'. + --kubernetes-version string The Kubernetes version that the minikube VM will use (ex: v1.2.3, 'stable' for v1.22.1, 'latest' for v1.22.2-rc.0). Defaults to 'stable'. --kvm-gpu Enable experimental NVIDIA GPU support in minikube --kvm-hidden Hide the hypervisor signature from the guest in minikube (kvm2 driver only) --kvm-network string The KVM default network name. (kvm2 driver only) (default "default") diff --git a/test/integration/addons_test.go b/test/integration/addons_test.go index 62dfd5339c..560a4329ab 100644 --- a/test/integration/addons_test.go +++ b/test/integration/addons_test.go @@ -163,16 +163,16 @@ func validateIngressAddon(ctx context.Context, t *testing.T, profile string) { t.Fatalf("failed to get Kubernetes client: %v", client) } - if err := kapi.WaitForDeploymentToStabilize(client, "ingress-nginx", "ingress-nginx-controller", Minutes(6)); err != nil { - t.Errorf("failed waiting for ingress-controller deployment to stabilize: %v", err) - } - if _, err := PodWait(ctx, t, profile, "ingress-nginx", "app.kubernetes.io/name=ingress-nginx", Minutes(12)); err != nil { + // avoid timeouts like: + // Error from server (InternalError): Internal error occurred: failed calling webhook "validate.nginx.ingress.kubernetes.io": Post "https://ingress-nginx-controller-admission.ingress-nginx.svc:443/networking/v1/ingresses?timeout=10s": dial tcp 10.107.218.58:443: i/o timeout + // Error from server (InternalError): Internal error occurred: failed calling webhook "validate.nginx.ingress.kubernetes.io": Post "https://ingress-nginx-controller-admission.ingress-nginx.svc:443/networking/v1/ingresses?timeout=10s": context deadline exceeded + if _, err = Run(t, exec.CommandContext(ctx, "kubectl", "--context", profile, "wait", "--for=condition=ready", "--namespace=ingress-nginx", "pod", "--selector=app.kubernetes.io/component=controller", "--timeout=90s")); err != nil { t.Fatalf("failed waititing for ingress-nginx-controller : %v", err) } // create networking.k8s.io/v1 ingress createv1Ingress := func() error { - // apply networking.k8s.io/v1beta1 ingress + // apply networking.k8s.io/v1 ingress rr, err := Run(t, exec.CommandContext(ctx, "kubectl", "--context", profile, "replace", "--force", "-f", filepath.Join(*testdataDir, "nginx-ingv1.yaml"))) if err != nil { return err @@ -182,8 +182,6 @@ func validateIngressAddon(ctx context.Context, t *testing.T, profile string) { } return nil } - - // create networking.k8s.io/v1 ingress if err := retry.Expo(createv1Ingress, 1*time.Second, Seconds(90)); err != nil { t.Errorf("failed to create ingress: %v", err) } @@ -202,43 +200,6 @@ func validateIngressAddon(ctx context.Context, t *testing.T, profile string) { want := "Welcome to nginx!" addr := "http://127.0.0.1/" - // check if the ingress can route nginx app with networking.k8s.io/v1beta1 ingress - checkv1betaIngress := func() error { - var rr *RunResult - var err error - if NoneDriver() { // just run curl directly on the none driver - rr, err = Run(t, exec.CommandContext(ctx, "curl", "-s", addr, "-H", "'Host: nginx.example.com'")) - if err != nil { - return err - } - } else { - rr, err = Run(t, exec.CommandContext(ctx, Target(), "-p", profile, "ssh", fmt.Sprintf("curl -s %s -H 'Host: nginx.example.com'", addr))) - if err != nil { - return err - } - } - - stderr := rr.Stderr.String() - if rr.Stderr.String() != "" { - t.Logf("debug: unexpected stderr for %v:\n%s", rr.Command(), stderr) - } - - stdout := rr.Stdout.String() - if !strings.Contains(stdout, want) { - return fmt.Errorf("%v stdout = %q, want %q", rr.Command(), stdout, want) - } - return nil - } - - // check if the ingress can route nginx app with networking.k8s.io/v1beta1 ingress - if err := retry.Expo(checkv1betaIngress, 500*time.Millisecond, Seconds(90)); err != nil { - t.Errorf("failed to get expected response from %s within minikube: %v", addr, err) - } - - // create networking.k8s.io/v1 ingress - if err := retry.Expo(createv1Ingress, 1*time.Second, Seconds(90)); err != nil { - t.Errorf("failed to create ingress: %v", err) - } // check if the ingress can route nginx app with networking.k8s.io/v1 ingress checkv1Ingress := func() error { @@ -255,20 +216,16 @@ func validateIngressAddon(ctx context.Context, t *testing.T, profile string) { return err } } - stderr := rr.Stderr.String() if rr.Stderr.String() != "" { t.Logf("debug: unexpected stderr for %v:\n%s", rr.Command(), stderr) } - stdout := rr.Stdout.String() if !strings.Contains(stdout, want) { return fmt.Errorf("%v stdout = %q, want %q", rr.Command(), stdout, want) } return nil } - - // check if the ingress can route nginx app with networking.k8s.io/v1 ingress if err := retry.Expo(checkv1Ingress, 500*time.Millisecond, Seconds(90)); err != nil { t.Errorf("failed to get expected response from %s within minikube: %v", addr, err) } diff --git a/test/integration/main_test.go b/test/integration/main_test.go index c259933bef..b59b7705e6 100644 --- a/test/integration/main_test.go +++ b/test/integration/main_test.go @@ -146,7 +146,7 @@ func DockerDriver() bool { // PodmanDriver returns whether or not this test is using the docker or podman driver func PodmanDriver() bool { - return strings.Contains(*startArgs, "--vm-driver=podman") || strings.Contains(*startArgs, "driver=podman") + return strings.Contains(*startArgs, "--driver=podman") || strings.Contains(*startArgs, "--vm-driver=podman") } // KicDriver returns whether or not this test is using the docker or podman driver diff --git a/test/integration/testdata/nginx-ingv1.yaml b/test/integration/testdata/nginx-ingv1.yaml index 03663248ea..e95cf7fc02 100644 --- a/test/integration/testdata/nginx-ingv1.yaml +++ b/test/integration/testdata/nginx-ingv1.yaml @@ -3,7 +3,8 @@ kind: Ingress metadata: name: nginx-ingress annotations: - kubernetes.io/ingress.class: "nginx" + # use the shared ingress-nginx + kubernetes.io/ingress.class: nginx labels: integration-test: ingress spec: @@ -11,10 +12,10 @@ spec: - host: nginx.example.com http: paths: - - path: "/" + - path: / pathType: Prefix backend: service: name: nginx port: - number: 80 \ No newline at end of file + number: 80