update ingress controller to v1/1.0.4 and v1beta1/0.49.3

deploy/addons/ingress/ingress-deploy.yaml.tmpl

@@ -46,6 +46,8 @@ metadata:
 data:
   # see https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/configmap.md for all possible options and their description
   hsts: "false"
+# see https://github.com/kubernetes/minikube/pull/12702#discussion_r727519180: 'allow-snippet-annotations' should be used only if strictly required by another part of the deployment
+#  allow-snippet-annotations: 'true'
 ---
 apiVersion: v1
 kind: ConfigMap
@@ -102,8 +104,10 @@ rules:
       - list
       - watch
   - apiGroups:
+      {{- if eq .IngressAPIVersion "v1beta1"}}
       - extensions
-      - networking.k8s.io   # k8s 1.14+
+      {{- end}}
+      - networking.k8s.io
     resources:
       - ingresses
     verbs:
@@ -118,14 +122,16 @@ rules:
       - create
       - patch
   - apiGroups:
+      {{- if eq .IngressAPIVersion "v1beta1"}}
       - extensions
-      - networking.k8s.io   # k8s 1.14+
+      {{- end}}
+      - networking.k8s.io
     resources:
       - ingresses/status
     verbs:
       - update
   - apiGroups:
-      - networking.k8s.io   # k8s 1.14+
+      - networking.k8s.io
     resources:
       - ingressclasses
     verbs:
@@ -187,23 +193,27 @@ rules:
       - list
       - watch
   - apiGroups:
+      {{- if eq .IngressAPIVersion "v1beta1"}}
       - extensions
-      - networking.k8s.io   # k8s 1.14+
+      {{- end}}
+      - networking.k8s.io
     resources:
       - ingresses
     verbs:
       - get
       - list
       - watch
   - apiGroups:
+      {{- if eq .IngressAPIVersion "v1beta1"}}
       - extensions
-      - networking.k8s.io   # k8s 1.14+
+      {{- end}}
+      - networking.k8s.io
     resources:
       - ingresses/status
     verbs:
       - update
   - apiGroups:
-      - networking.k8s.io   # k8s 1.14+
+      - networking.k8s.io
     resources:
       - ingressclasses
     verbs:
@@ -225,7 +235,6 @@ rules:
       - configmaps
     verbs:
       - create
-      - update
   - apiGroups:
       - ''
     resources:
@@ -253,17 +262,6 @@ subjects:
     name: ingress-nginx
     namespace: ingress-nginx
 ---
-apiVersion: networking.k8s.io/v1
-kind: IngressClass
-metadata:
-  labels:
-    app.kubernetes.io/component: controller
-  name: nginx
-  annotations:
-    ingressclass.kubernetes.io/is-default-class: "true"
-spec:
-  controller: k8s.io/ingress-nginx
----
 # Source: ingress-nginx/templates/controller-service-webhook.yaml
 apiVersion: v1
 kind: Service
@@ -280,6 +278,9 @@ spec:
     - name: https-webhook
       port: 443
       targetPort: webhook
+      {{- if eq .IngressAPIVersion "v1"}}
+      appProtocol: https
+      {{- end}}
   selector:
     app.kubernetes.io/name: ingress-nginx
     app.kubernetes.io/instance: ingress-nginx
@@ -298,15 +299,26 @@ metadata:
   namespace: ingress-nginx
 spec:
   type: NodePort
+  {{- if eq .IngressAPIVersion "v1"}}
+  ipFamilyPolicy: SingleStack
+  ipFamilies:
+    - IPv4
+  {{- end}}
   ports:
     - name: http
       port: 80
       protocol: TCP
       targetPort: http
+      {{- if eq .IngressAPIVersion "v1"}}
+      appProtocol: http
+      {{- end}}
     - name: https
       port: 443
       protocol: TCP
       targetPort: https
+      {{- if eq .IngressAPIVersion "v1"}}
+      appProtocol: https
+      {{- end}}
   selector:
     app.kubernetes.io/name: ingress-nginx
     app.kubernetes.io/instance: ingress-nginx
@@ -329,10 +341,6 @@ spec:
       app.kubernetes.io/instance: ingress-nginx
       app.kubernetes.io/component: controller
   revisionHistoryLimit: 10
-  strategy:
-    rollingUpdate:
-      maxUnavailable: 1
-    type: RollingUpdate
   minReadySeconds: 0
   template:
     metadata:
@@ -355,7 +363,14 @@ spec:
           args:
             - /nginx-ingress-controller
             - --election-id=ingress-controller-leader
+            {{- if eq .IngressAPIVersion "v1"}}
+            - --controller-class=k8s.io/ingress-nginx
+            {{- end}}
+            {{- if eq .IngressAPIVersion "v1beta1"}}
             - --ingress-class=nginx
+            - --watch-ingress-without-class=true
+            - --publish-status-address=localhost
+            {{- end}}
             - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller
             - --report-node-internal-ip-address
             - --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services
@@ -431,12 +446,28 @@ spec:
           secret:
             secretName: ingress-nginx-admission
 ---
+{{- if eq .IngressAPIVersion "v1"}}
+# Source: ingress-nginx/templates/controller-ingressclass.yaml
+# We don't support namespaced ingressClass yet
+# So a ClusterRole and a ClusterRoleBinding is required
+apiVersion: networking.k8s.io/v1
+kind: IngressClass
+metadata:
+  labels:
+    app.kubernetes.io/name: ingress-nginx
+    app.kubernetes.io/instance: ingress-nginx
+    app.kubernetes.io/component: controller
+  name: nginx
+  namespace: ingress-nginx
+  annotations:
+    ingressclass.kubernetes.io/is-default-class: "true"
+spec:
+  controller: k8s.io/ingress-nginx
+---
+{{- end}}
 # Source: ingress-nginx/templates/admission-webhooks/validating-webhook.yaml
 # before changing this value, check the required kubernetes version
 # https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#prerequisites
-# Currently(v0.49.0), ValidatingWebhookConfiguration of this validates v1beta1 request
-# TODO(govargo): check this after upstream ingress-nginx can validate v1 version
-# https://github.com/kubernetes/ingress-nginx/blob/controller-v0.49.0/internal/admission/controller/main.go#L46-L52
 apiVersion: admissionregistration.k8s.io/v1
 kind: ValidatingWebhookConfiguration
 metadata:
@@ -461,10 +492,10 @@ webhooks:
     failurePolicy: Fail
     sideEffects: None
     admissionReviewVersions:
-    {{- if eq .IngressAPIVersion "v1beta1"}}
       - v1
-    {{- end}}
-      - {{.IngressAPIVersion}}
+      {{- if eq .IngressAPIVersion "v1beta1"}}
+      - v1beta1
+      {{- end}}
     clientConfig:
       service:
         namespace: ingress-nginx

pkg/addons/addons.go

@@ -298,8 +298,8 @@ func supportLegacyIngress(cc *config.ClusterConfig) error {
 	}
 	if semver.MustParseRange("<1.19.0")(v) {
 		imgs := map[string]string{
-			// https://github.com/kubernetes/ingress-nginx/blob/f3c50698d98299b1a61f83cb6c4bb7de0b71fb4b/deploy/static/provider/kind/deploy.yaml#L327
-			"IngressController": "ingress-nginx/controller:v0.49.0@sha256:e9707504ad0d4c119036b6d41ace4a33596139d3feb9ccb6617813ce48c3eeef",
+			// https://github.com/kubernetes/ingress-nginx/blob/0a2ec01eb4ec0e1b29c4b96eb838a2e7bfe0e9f6/deploy/static/provider/kind/deploy.yaml#L328
+			"IngressController": "ingress-nginx/controller:v0.49.3@sha256:35fe394c82164efa8f47f3ed0be981b3f23da77175bbb8268a9ae438851c8324",
 			// issues: https://github.com/kubernetes/ingress-nginx/issues/7418 and https://github.com/jet/kube-webhook-certgen/issues/30
 			"KubeWebhookCertgenCreate": "docker.io/jettech/kube-webhook-certgen:v1.5.1@sha256:950833e19ade18cd389d647efb88992a7cc077abedef343fa59e012d376d79b7",
 			"KubeWebhookCertgenPatch":  "docker.io/jettech/kube-webhook-certgen:v1.5.1@sha256:950833e19ade18cd389d647efb88992a7cc077abedef343fa59e012d376d79b7",

pkg/minikube/assets/addons.go

@@ -238,12 +238,12 @@ var Addons = map[string]*Addon{
 			"ingress-deploy.yaml",
 			"0640"),
 	}, false, "ingress", "", map[string]string{
-		// https://github.com/kubernetes/ingress-nginx/blob/557604f4ef526f7755d36089b617bc7686c389f9/deploy/static/provider/kind/deploy.yaml#L323
-		"IngressController": "ingress-nginx/controller:v1.0.0-beta.3@sha256:44a7a06b71187a4529b0a9edee5cc22bdf71b414470eff696c3869ea8d90a695",
-		// https://github.com/kubernetes/ingress-nginx/blob/557604f4ef526f7755d36089b617bc7686c389f9/deploy/static/provider/kind/deploy.yaml#L612
-		"KubeWebhookCertgenCreate": "k8s.gcr.io/ingress-nginx/kube-webhook-certgen:v1.0@sha256:f3b6b39a6062328c095337b4cadcefd1612348fdd5190b1dcbcb9b9e90bd8068",
-		// https://github.com/kubernetes/ingress-nginx/blob/557604f4ef526f7755d36089b617bc7686c389f9/deploy/static/provider/kind/deploy.yaml#L660
-		"KubeWebhookCertgenPatch": "k8s.gcr.io/ingress-nginx/kube-webhook-certgen:v1.0@sha256:f3b6b39a6062328c095337b4cadcefd1612348fdd5190b1dcbcb9b9e90bd8068",
+		// https://github.com/kubernetes/ingress-nginx/blob/14f6b32032b709d3e0f614ca85954c3583c5fe3d/deploy/static/provider/kind/deploy.yaml#L330
+		"IngressController": "ingress-nginx/controller:v1.0.4@sha256:545cff00370f28363dad31e3b59a94ba377854d3a11f18988f5f9e56841ef9ef",
+		// https://github.com/kubernetes/ingress-nginx/blob/14f6b32032b709d3e0f614ca85954c3583c5fe3d/deploy/static/provider/kind/deploy.yaml#L620
+		"KubeWebhookCertgenCreate": "k8s.gcr.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660",
+		// https://github.com/kubernetes/ingress-nginx/blob/14f6b32032b709d3e0f614ca85954c3583c5fe3d/deploy/static/provider/kind/deploy.yaml#L670
+		"KubeWebhookCertgenPatch": "k8s.gcr.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660",
 	}, map[string]string{
 		"IngressController": "k8s.gcr.io",
 	}),