update ingress controller to v1/1.0.4 and v1beta1/0.49.3

deploy/addons/ingress/ingress-deploy.yaml.tmpl

@@ -46,6 +46,7 @@ metadata:
 data:
   # see https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/configmap.md for all possible options and their description
   hsts: "false"
+  allow-snippet-annotations: 'true'
 ---
 apiVersion: v1
 kind: ConfigMap
@@ -102,8 +103,10 @@ rules:
       - list
       - watch
   - apiGroups:
+      {{- if eq .IngressAPIVersion "v1beta1"}}
       - extensions
-      - networking.k8s.io   # k8s 1.14+
+      {{- end}}
+      - networking.k8s.io
     resources:
       - ingresses
     verbs:
@@ -118,14 +121,16 @@ rules:
       - create
       - patch
   - apiGroups:
+      {{- if eq .IngressAPIVersion "v1beta1"}}
       - extensions
-      - networking.k8s.io   # k8s 1.14+
+      {{- end}}
+      - networking.k8s.io
     resources:
       - ingresses/status
     verbs:
       - update
   - apiGroups:
-      - networking.k8s.io   # k8s 1.14+
+      - networking.k8s.io
     resources:
       - ingressclasses
     verbs:
@@ -187,23 +192,27 @@ rules:
       - list
       - watch
   - apiGroups:
+      {{- if eq .IngressAPIVersion "v1beta1"}}
       - extensions
-      - networking.k8s.io   # k8s 1.14+
+      {{- end}}
+      - networking.k8s.io
     resources:
       - ingresses
     verbs:
       - get
       - list
       - watch
   - apiGroups:
+      {{- if eq .IngressAPIVersion "v1beta1"}}
       - extensions
-      - networking.k8s.io   # k8s 1.14+
+      {{- end}}
+      - networking.k8s.io
     resources:
       - ingresses/status
     verbs:
       - update
   - apiGroups:
-      - networking.k8s.io   # k8s 1.14+
+      - networking.k8s.io
     resources:
       - ingressclasses
     verbs:
@@ -225,7 +234,6 @@ rules:
       - configmaps
     verbs:
       - create
-      - update
   - apiGroups:
       - ''
     resources:
@@ -253,17 +261,6 @@ subjects:
     name: ingress-nginx
     namespace: ingress-nginx
 ---
-apiVersion: networking.k8s.io/v1
-kind: IngressClass
-metadata:
-  labels:
-    app.kubernetes.io/component: controller
-  name: nginx
-  annotations:
-    ingressclass.kubernetes.io/is-default-class: "true"
-spec:
-  controller: k8s.io/ingress-nginx
----
 # Source: ingress-nginx/templates/controller-service-webhook.yaml
 apiVersion: v1
 kind: Service
@@ -280,6 +277,9 @@ spec:
     - name: https-webhook
       port: 443
       targetPort: webhook
+      {{- if eq .IngressAPIVersion "v1"}}
+      appProtocol: https
+      {{- end}}
   selector:
     app.kubernetes.io/name: ingress-nginx
     app.kubernetes.io/instance: ingress-nginx
@@ -303,10 +303,16 @@ spec:
       port: 80
       protocol: TCP
       targetPort: http
+      {{- if eq .IngressAPIVersion "v1"}}
+      appProtocol: http
+      {{- end}}
     - name: https
       port: 443
       protocol: TCP
       targetPort: https
+      {{- if eq .IngressAPIVersion "v1"}}
+      appProtocol: https
+      {{- end}}
   selector:
     app.kubernetes.io/name: ingress-nginx
     app.kubernetes.io/instance: ingress-nginx
@@ -329,10 +335,6 @@ spec:
       app.kubernetes.io/instance: ingress-nginx
       app.kubernetes.io/component: controller
   revisionHistoryLimit: 10
-  strategy:
-    rollingUpdate:
-      maxUnavailable: 1
-    type: RollingUpdate
   minReadySeconds: 0
   template:
     metadata:
@@ -355,7 +357,14 @@ spec:
           args:
             - /nginx-ingress-controller
             - --election-id=ingress-controller-leader
+            {{- if eq .IngressAPIVersion "v1"}}
+            - --controller-class=k8s.io/ingress-nginx
+            {{- end}}
+            {{- if eq .IngressAPIVersion "v1beta1"}}
             - --ingress-class=nginx
+            - --watch-ingress-without-class=true
+            - --publish-status-address=localhost
+            {{- end}}
             - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller
             - --report-node-internal-ip-address
             - --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services
@@ -431,12 +440,28 @@ spec:
           secret:
             secretName: ingress-nginx-admission
 ---
+{{- if eq .IngressAPIVersion "v1"}}
+# Source: ingress-nginx/templates/controller-ingressclass.yaml
+# We don't support namespaced ingressClass yet
+# So a ClusterRole and a ClusterRoleBinding is required
+apiVersion: networking.k8s.io/v1
+kind: IngressClass
+metadata:
+  labels:
+    app.kubernetes.io/name: ingress-nginx
+    app.kubernetes.io/instance: ingress-nginx
+    app.kubernetes.io/component: controller
+  name: nginx
+  namespace: ingress-nginx
+  annotations:
+    ingressclass.kubernetes.io/is-default-class: "true"
+spec:
+  controller: k8s.io/ingress-nginx
+---
+{{- end}}
 # Source: ingress-nginx/templates/admission-webhooks/validating-webhook.yaml
 # before changing this value, check the required kubernetes version
 # https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#prerequisites
-# Currently(v0.49.0), ValidatingWebhookConfiguration of this validates v1beta1 request
-# TODO(govargo): check this after upstream ingress-nginx can validate v1 version
-# https://github.com/kubernetes/ingress-nginx/blob/controller-v0.49.0/internal/admission/controller/main.go#L46-L52
 apiVersion: admissionregistration.k8s.io/v1
 kind: ValidatingWebhookConfiguration
 metadata:
@@ -461,10 +486,10 @@ webhooks:
     failurePolicy: Fail
     sideEffects: None
     admissionReviewVersions:
-    {{- if eq .IngressAPIVersion "v1beta1"}}
       - v1
-    {{- end}}
-      - {{.IngressAPIVersion}}
+      {{- if eq .IngressAPIVersion "v1beta1"}}
+      - v1beta1
+      {{- end}}
     clientConfig:
       service:
         namespace: ingress-nginx

pkg/addons/addons.go

@@ -298,8 +298,8 @@ func supportLegacyIngress(cc *config.ClusterConfig) error {
 	}
 	if semver.MustParseRange("<1.19.0")(v) {
 		imgs := map[string]string{
-			// https://github.com/kubernetes/ingress-nginx/blob/f3c50698d98299b1a61f83cb6c4bb7de0b71fb4b/deploy/static/provider/kind/deploy.yaml#L327
-			"IngressController": "ingress-nginx/controller:v0.49.0@sha256:e9707504ad0d4c119036b6d41ace4a33596139d3feb9ccb6617813ce48c3eeef",
+			// https://github.com/kubernetes/ingress-nginx/blob/0a2ec01eb4ec0e1b29c4b96eb838a2e7bfe0e9f6/deploy/static/provider/baremetal/deploy.yaml#L324
+			"IngressController": "ingress-nginx/controller:v0.49.3@sha256:35fe394c82164efa8f47f3ed0be981b3f23da77175bbb8268a9ae438851c8324",
 			// issues: https://github.com/kubernetes/ingress-nginx/issues/7418 and https://github.com/jet/kube-webhook-certgen/issues/30
 			"KubeWebhookCertgenCreate": "docker.io/jettech/kube-webhook-certgen:v1.5.1@sha256:950833e19ade18cd389d647efb88992a7cc077abedef343fa59e012d376d79b7",
 			"KubeWebhookCertgenPatch":  "docker.io/jettech/kube-webhook-certgen:v1.5.1@sha256:950833e19ade18cd389d647efb88992a7cc077abedef343fa59e012d376d79b7",

pkg/minikube/assets/addons.go

@@ -239,7 +239,7 @@ var Addons = map[string]*Addon{
 			"0640"),
 	}, false, "ingress", "", map[string]string{
 		// https://github.com/kubernetes/ingress-nginx/blob/557604f4ef526f7755d36089b617bc7686c389f9/deploy/static/provider/kind/deploy.yaml#L323
-		"IngressController": "ingress-nginx/controller:v1.0.0-beta.3@sha256:44a7a06b71187a4529b0a9edee5cc22bdf71b414470eff696c3869ea8d90a695",
+		"IngressController": "ingress-nginx/controller:v1.0.3@sha256:4ade87838eb8256b094fbb5272d7dda9b6c7fa8b759e6af5383c1300996a7452",
 		// https://github.com/kubernetes/ingress-nginx/blob/557604f4ef526f7755d36089b617bc7686c389f9/deploy/static/provider/kind/deploy.yaml#L612
 		"KubeWebhookCertgenCreate": "k8s.gcr.io/ingress-nginx/kube-webhook-certgen:v1.0@sha256:f3b6b39a6062328c095337b4cadcefd1612348fdd5190b1dcbcb9b9e90bd8068",
 		// https://github.com/kubernetes/ingress-nginx/blob/557604f4ef526f7755d36089b617bc7686c389f9/deploy/static/provider/kind/deploy.yaml#L660