Skip to content

SYS-661 bump ingress-nginx from 1.11.2 to 1.13.1; cert-manager to 1.16.1 #219

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
instantlinux merged 1 commit into from
Aug 29, 2025
Merged

SYS-661 bump ingress-nginx from 1.11.2 to 1.13.1; cert-manager to 1.16.1 #219

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 4 additions & 12 deletions k8s/Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -196,23 +196,15 @@ include Makefile.sops
# cert-manager
##########

# Note - need both, to define the CRD and the ClusterIssuer resources
# make imports/cert-manager
# make install/cert-manager

imports/cert-manager.yaml: imports/cert-manager-$(VERSION_CERT_MANAGER).yaml
ln -s $(notdir $<) $@
imports/cert-manager-$(VERSION_CERT_MANAGER).yaml:
curl -sLo $@ https://github.com/jetstack/cert-manager/releases/download/v$(VERSION_CERT_MANAGER)/cert-manager.yaml

# TODO: remove this once it's clear the above works without helm
# When updating, do "helm delete --purge cert-manager" first
cert-manager-helm: helm_install
helm install stable/cert-manager \
--name cert-manager --namespace cert-manager \
--set ingressShim.defaultIssuerName=letsencrypt-prod \
--set ingressShim.defaultIssuerKind=ClusterIssuer \
--set webhook.enabled=false \
--kube-context=sudo
kubectl label namespace cert-manager --context=sudo \
certmanager.k8s.io/disable-validation=true

##########
# Add-ons
##########
Expand Down
4 changes: 2 additions & 2 deletions k8s/Makefile.versions
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,11 +4,11 @@ export VERSION_LOGSPOUT ?= v3.2.14
export VERSION_NGINX ?= 1.27.2-alpine

# Third-party versions - other (quay.io, k8s.gcr.io, crunchydata.com)
export VERSION_CERT_MANAGER ?= 1.16.1
export VERSION_CERT_MANAGER ?= 1.16.5
export VERSION_DEFAULTBACKEND ?= 1.5
export VERSION_FLANNEL ?= 0.26.1
export VERSION_HELM ?= 3.16.2
export VERSION_INGRESS_NGINX ?= 1.11.2
export VERSION_INGRESS_NGINX ?= 1.13.1
export VERSION_METRICS ?= 2.15.0

# Held back versions - more effort to upgrade
Expand Down
14 changes: 13 additions & 1 deletion k8s/install/ingress-nginx.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -71,6 +71,7 @@ spec:
fieldPath: metadata.namespace
args:
- /nginx-ingress-controller
- --configmap=$K8S_NAMESPACE/nginx-ingress-controller
- --ingress-class=nginx
- --election-id=ingress-controller-leader-external
- --default-backend-service=$(POD_NAMESPACE)/default-http-backend
Expand Down Expand Up @@ -241,7 +242,7 @@ rules:
- "discovery.k8s.io"
resources:
- endpointslices
verbs: [get, list]
verbs: [get, list, watch]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
Expand Down Expand Up @@ -277,3 +278,14 @@ data:
$PORT_DOVECOT_IMAPD: $K8S_NAMESPACE/dovecot:$PORT_DOVECOT_IMAPD
$PORT_DOVECOT_IMAPS: $K8S_NAMESPACE/dovecot:$PORT_DOVECOT_IMAPS
$PORT_DOVECOT_SMTP: $K8S_NAMESPACE/dovecot:$PORT_DOVECOT_SMTP
---
apiVersion: v1
kind: ConfigMap
metadata:
name: nginx-ingress-controller
namespace: $K8S_NAMESPACE
data:
# needed for some services that use config snippets, e.g. for
# adjusting fastcgi_buffers
annotations-risk-level: Critical
allowSnippetAnnotations: "true"
Loading