diff --git a/stable/nginx-ingress/Chart.yaml b/stable/nginx-ingress/Chart.yaml index 604a30ab76a2..06adef3a8542 100755 --- a/stable/nginx-ingress/Chart.yaml +++ b/stable/nginx-ingress/Chart.yaml @@ -1,6 +1,6 @@ name: nginx-ingress -version: 0.23.1 -appVersion: 0.15.0 +version: 0.24.0 +appVersion: 0.17.1 home: https://github.com/kubernetes/ingress-nginx description: An nginx Ingress controller that uses ConfigMap to store the nginx configuration. icon: https://upload.wikimedia.org/wikipedia/commons/thumb/c/c5/Nginx_logo.svg/500px-Nginx_logo.svg.png diff --git a/stable/nginx-ingress/README.md b/stable/nginx-ingress/README.md index af1611fe4219..9203d1d37466 100644 --- a/stable/nginx-ingress/README.md +++ b/stable/nginx-ingress/README.md @@ -47,7 +47,7 @@ Parameter | Description | Default --- | --- | --- `controller.name` | name of the controller component | `controller` `controller.image.repository` | controller container image repository | `quay.io/kubernetes-ingress-controller/nginx-ingress-controller` -`controller.image.tag` | controller container image tag | `0.15.0` +`controller.image.tag` | controller container image tag | `0.17.1` `controller.image.pullPolicy` | controller container image pull policy | `IfNotPresent` `controller.config` | nginx ConfigMap entries | none `controller.hostNetwork` | If the nginx deployment / daemonset should run on the host's network namespace. Do not set this when `controller.service.externalIPs` is set and `kube-proxy` is used as there will be a port-conflict for port `80` | false @@ -129,7 +129,7 @@ Parameter | Description | Default `defaultBackend.enabled` | If false, controller.defaultBackendService must be provided | `true` `defaultBackend.name` | name of the default backend component | `default-backend` `defaultBackend.image.repository` | default backend container image repository | `k8s.gcr.io/defaultbackend` -`defaultBackend.image.tag` | default backend container image tag | `1.3` +`defaultBackend.image.tag` | default backend container image tag | `1.4` `defaultBackend.image.pullPolicy` | default backend container image pull policy | `IfNotPresent` `defaultBackend.extraArgs` | Additional default backend container arguments | `{}` `defaultBackend.tolerations` | node taints to tolerate (requires Kubernetes >=1.6) | `[]` diff --git a/stable/nginx-ingress/templates/controller-daemonset.yaml b/stable/nginx-ingress/templates/controller-daemonset.yaml index 64f95c38f91e..b945f4f46eca 100644 --- a/stable/nginx-ingress/templates/controller-daemonset.yaml +++ b/stable/nginx-ingress/templates/controller-daemonset.yaml @@ -78,6 +78,16 @@ spec: - --{{ $key }} {{- end }} {{- end }} + {{- if (semverCompare ">=0.16.0" .Values.controller.image.tag) }} + securityContext: + capabilities: + drop: + - ALL + add: + - NET_BIND_SERVICE + # www-data -> 33 + runAsUser: 33 + {{- end }} env: - name: POD_NAME valueFrom: diff --git a/stable/nginx-ingress/templates/controller-deployment.yaml b/stable/nginx-ingress/templates/controller-deployment.yaml index 53802856140a..384e826fffd5 100644 --- a/stable/nginx-ingress/templates/controller-deployment.yaml +++ b/stable/nginx-ingress/templates/controller-deployment.yaml @@ -78,6 +78,16 @@ spec: - --{{ $key }} {{- end }} {{- end }} + {{- if (semverCompare ">=0.16.0" .Values.controller.image.tag) }} + securityContext: + capabilities: + drop: + - ALL + add: + - NET_BIND_SERVICE + # www-data -> 33 + runAsUser: 33 + {{- end }} env: - name: POD_NAME valueFrom: diff --git a/stable/nginx-ingress/values.yaml b/stable/nginx-ingress/values.yaml index 12960a58396f..98ba1e71ef76 100755 --- a/stable/nginx-ingress/values.yaml +++ b/stable/nginx-ingress/values.yaml @@ -5,7 +5,7 @@ controller: name: controller image: repository: quay.io/kubernetes-ingress-controller/nginx-ingress-controller - tag: "0.15.0" + tag: "0.17.1" pullPolicy: IfNotPresent config: {} @@ -291,7 +291,7 @@ defaultBackend: name: default-backend image: repository: k8s.gcr.io/defaultbackend - tag: "1.3" + tag: "1.4" pullPolicy: IfNotPresent extraArgs: {}