Merge pull request #445 from junior/helm-ingress-update

Helm ingress update

Author: junior

deploy/complete/helm-chart/mushop/templates/cluster-issuers.yaml

@@ -18,7 +18,7 @@ spec:
     solvers:
     - http01:
         ingress:
-          class: nginx
+          ingressClassName: nginx
 ---
 apiVersion: cert-manager.io/v1
 kind: ClusterIssuer
@@ -36,7 +36,7 @@ spec:
     solvers:
     - http01:
         ingress:
-          class: nginx
+          ingressClassName: nginx
 ---
 apiVersion: cert-manager.io/v1
 kind: ClusterIssuer

deploy/complete/helm-chart/mushop/templates/ingress-edge.yaml

@@ -6,14 +6,14 @@ metadata:
   labels:
 {{ include "mushop.labels" . | indent 4 }}
   annotations:
-    kubernetes.io/ingress.class: nginx
     {{- if .Values.ingress.tls }}
     nginx.ingress.kubernetes.io/ssl-redirect: "true"
     cert-manager.io/cluster-issuer: {{ include "mushop.fullname" . }}-{{ .Values.ingress.clusterIssuer }}
     cert-manager.io/acme-challenge-type: http01
     {{- end }}
-    
+
 spec:
+  ingressClassName: nginx
   rules:
     {{- if .Values.ingress.hosts }}
     {{- range $host := .Values.ingress.hosts }}

deploy/complete/helm-chart/mushop/templates/ingress-grafana.yaml

@@ -20,15 +20,15 @@ metadata:
   labels:
 {{ include "mushop.labels" . | indent 4 }}
   annotations:
-    kubernetes.io/ingress.class: nginx
     nginx.ingress.kubernetes.io/rewrite-target: /$2
     {{- if .Values.ingress.tls }}
     nginx.ingress.kubernetes.io/ssl-redirect: "true"
     cert-manager.io/cluster-issuer: {{ include "mushop.fullname" . }}-{{ .Values.ingress.clusterIssuer }}
     cert-manager.io/acme-challenge-type: http01
     {{- end }}
-    
+
 spec:
+  ingressClassName: nginx
   rules:
     {{- if .Values.ingress.hosts }}
     {{- range $host := .Values.ingress.hosts }}

deploy/complete/helm-chart/setup/requirements.yaml

@@ -1,31 +1,31 @@
-# Copyright (c) 2019-2021 Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2019-2024 Oracle and/or its affiliates. All rights reserved.
 # Licensed under the Universal Permissive License v 1.0 as shown at http://oss.oracle.com/licenses/upl.
 # 
 
 dependencies:
   # Prometheus
   - name: prometheus
-    version: 25.18.0
+    version: 25.27.0
     condition: prometheus.enabled
     repository: https://prometheus-community.github.io/helm-charts
   # Grafana
   - name: grafana
-    version: 7.3.7
+    version: 8.5.1
     condition: grafana.enabled
     repository: https://grafana.github.io/helm-charts
   # HPA Metrics
   - name: metrics-server
-    version: 3.12.0
+    version: 3.12.1
     condition: metrics-server.enabled
     repository: https://kubernetes-sigs.github.io/metrics-server
   # Ingress Controller
   - name: ingress-nginx
-    version: 4.10.0
+    version: 4.11.2
     condition: ingress-nginx.enabled
     repository: https://kubernetes.github.io/ingress-nginx
   # cert-manager
   - name: cert-manager
-    version: 1.14.4
+    version: 1.15.3
     condition: cert-manager.enabled
     repository: https://charts.jetstack.io
   # jenkins

deploy/complete/helm-chart/setup/values.yaml

@@ -33,12 +33,16 @@ ingress-nginx:
   controller:
     metrics:
       enabled: true
+    ingressClassResource:
+      default: true
 
 # https://github.com/jetstack/cert-manager/blob/master/README.md
 # https://artifacthub.io/packages/helm/jetstack/cert-manager
 cert-manager:
   enabled: true
-  installCRDs: true
+  crds:
+    enabled: true
+    keep: false
 
 # https://github.com/grafana/helm-charts/blob/main/charts/grafana/README.md
 # https://artifacthub.io/packages/helm/grafana/grafana
@@ -136,10 +140,10 @@ jenkins:
       apiVersion: networking.k8s.io/v1
       metadata:
         annotations:
-          kubernetes.io/ingress.class: nginx
           nginx.ingress.kubernetes.io/rewrite-target: /$2
       labels: {}
       spec:
+        ingressClassName: nginx
         rules:
         - http:
             paths:

deploy/complete/kubernetes/ingress/mushop-dev.yaml

@@ -2,9 +2,8 @@ apiVersion: extensions/v1beta1
 kind: Ingress
 metadata:
   name: mushop-dev
-  annotations:
-    kubernetes.io/ingress.class: nginx
 spec:
+  ingressClassName: nginx
   rules:
   - http:
       paths:

deploy/complete/kubernetes/ingress/mushop-grafana.yaml

@@ -1,13 +1,13 @@
-apiVersion: networking.k8s.io/v1beta1
+apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
   name: grafana
   annotations:
-    kubernetes.io/ingress.class: nginx
     nginx.ingress.kubernetes.io/ssl-redirect: "true"
     cert-manager.io/cluster-issuer: letsencrypt-prod
     cert-manager.io/acme-challenge-type: http01
 spec:
+  ingressClassName: nginx
   tls:
   - secretName: mushop-grafana-tls
     hosts:

deploy/complete/kubernetes/ingress/mushop-issuer.yaml

@@ -1,5 +1,5 @@
 ---
-apiVersion: cert-manager.io/v1alpha2
+apiVersion: cert-manager.io/v1
 kind: ClusterIssuer
 metadata:
   name: letsencrypt-prod
@@ -15,9 +15,9 @@ spec:
     solvers:
     - http01:
         ingress:
-          class: nginx
+          ingressClassName: nginx
 ---
-apiVersion: cert-manager.io/v1alpha2
+apiVersion: cert-manager.io/v1
 kind: ClusterIssuer
 metadata:
   name: letsencrypt-staging
@@ -33,9 +33,9 @@ spec:
     solvers:
     - http01:
         ingress:
-          class: nginx
+          ingressClassName: nginx
 ---
-apiVersion: cert-manager.io/v1alpha2
+apiVersion: cert-manager.io/v1
 kind: ClusterIssuer
 metadata:
   name: selfsigned

deploy/complete/kubernetes/ingress/mushop-prod.yaml

@@ -1,15 +1,15 @@
-apiVersion: networking.k8s.io/v1beta1
+apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
   name: mushop-prod
   annotations:
-    kubernetes.io/ingress.class: nginx
     nginx.ingress.kubernetes.io/ssl-redirect: "true"
     cert-manager.io/cluster-issuer: letsencrypt-prod
     cert-manager.io/acme-challenge-type: http01
 spec:
+  ingressClassName: nginx
   tls:
-  - secretName: mushop-prod-tls 
+  - secretName: mushop-prod-tls
     hosts:
     - mushop.ateam.cloud
     - insecure.mushop.ateam.cloud

deploy/complete/kubernetes/ingress/mushop-test.yaml

@@ -1,13 +1,13 @@
-apiVersion: networking.k8s.io/v1beta1
+apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
   name: mushop-test
   annotations:
-    kubernetes.io/ingress.class: nginx
     nginx.ingress.kubernetes.io/ssl-redirect: "true"
     cert-manager.io/cluster-issuer: letsencrypt-prod
     cert-manager.io/acme-challenge-type: http01
 spec:
+  ingressClassName: nginx
   tls:
   - secretName: mushop-test-tls
     hosts:

deploy/complete/kubernetes/mushop.yaml

@@ -10,9 +10,8 @@ metadata:
     app.kubernetes.io/instance: mushop
     app.kubernetes.io/version: "1.0"
     app.kubernetes.io/managed-by: Helm
-  annotations:
-    kubernetes.io/ingress.class: nginx
 spec:
+  ingressClassName: nginx
   rules:
     # change this for user-specific ingress
     - host: mushop.example.com

deploy/complete/terraform/VERSION

@@ -1 +1 @@
-3.2.0
+3.3.0

deploy/complete/terraform/mushop-utilities.tf

@@ -18,7 +18,7 @@ resource "helm_release" "prometheus" {
   name       = "prometheus"
   repository = local.helm_repository.prometheus
   chart      = "prometheus"
-  version    = "25.18.0"
+  version    = "25.27.0"
   namespace  = kubernetes_namespace.cluster_utilities_namespace.id
   wait       = false
 
@@ -37,7 +37,7 @@ resource "helm_release" "grafana" {
   name       = "mushop-utils-grafana" # mushop-utils included to be backwards compatible to the docs and setup chart install
   repository = local.helm_repository.grafana
   chart      = "grafana"
-  version    = "7.3.7"
+  version    = "8.5.1"
   namespace  = kubernetes_namespace.cluster_utilities_namespace.id
   wait       = false
 
@@ -97,7 +97,7 @@ resource "helm_release" "metrics_server" {
   name       = "metrics-server"
   repository = local.helm_repository.metrics_server
   chart      = "metrics-server"
-  version    = "3.12.0"
+  version    = "3.12.1"
   namespace  = kubernetes_namespace.cluster_utilities_namespace.id
   wait       = false
 
@@ -116,7 +116,7 @@ resource "helm_release" "ingress_nginx" {
   name       = "mushop-utils-ingress-nginx" # mushop-utils included to be backwards compatible to the docs and setup chart install
   repository = local.helm_repository.ingress_nginx
   chart      = "ingress-nginx"
-  version    = "4.10.0"
+  version    = "4.11.2"
   namespace  = kubernetes_namespace.cluster_utilities_namespace.id
   wait       = true
 
@@ -140,6 +140,11 @@ resource "helm_release" "ingress_nginx" {
     type  = "string"
   }
 
+  set {
+    name  = "controller.ingressClassResource.default"
+    value = true
+  }
+
   timeout = 1800 # workaround to wait the node be active for other charts
 
   depends_on = [kubernetes_deployment.cluster_autoscaler_deployment]
@@ -156,15 +161,20 @@ resource "helm_release" "cert_manager" {
   name       = "cert-manager"
   repository = local.helm_repository.jetstack
   chart      = "cert-manager"
-  version    = "1.14.4"
+  version    = "1.15.3"
   namespace  = kubernetes_namespace.cluster_utilities_namespace.id
   wait       = true # wait to allow the webhook be properly configured
 
   set {
-    name  = "installCRDs"
+    name  = "crds.enabled"
     value = true
   }
 
+  set {
+    name  = "crds.keep"
+    value = false
+  }
+
   set {
     name  = "webhook.timeoutSeconds"
     value = "30"

src/docs/content/disaster-recovery/setup.md

@@ -167,22 +167,21 @@ A TLS secret is used for SSL termination on the ingress controller. To generate
     apiVersion: networking.k8s.io/v1
     kind: Ingress
     metadata:
-    name: mushop
-    annotations:
-        kubernetes.io/ingress.class: "nginx"
+        name: mushop
     spec:
-    tls:
-    - secretName: tls-secret
-    rules:
-    - http:
-        paths:
-        - path: /
-            pathType: Prefix
-            backend:
-            service:
-                name: edge
-                port:
-                number: 80
+        ingressClassName: nginx
+        tls:
+        - secretName: tls-secret
+        rules:
+        - http:
+            paths:
+            - path: /
+                pathType: Prefix
+                backend:
+                service:
+                    name: edge
+                    port:
+                    number: 80
     EOF
     ```
 
@@ -301,22 +300,21 @@ oadbConnectionSecret: oadb-connection # Name of connection secret created earlie
     apiVersion: networking.k8s.io/v1
     kind: Ingress
     metadata:
-    name: mushop
-    annotations:
-        kubernetes.io/ingress.class: "nginx"
+        name: mushop
     spec:
-    tls:
-    - secretName: tls-secret
-    rules:
-    - http:
-        paths:
-        - path: /
-            pathType: Prefix
-            backend:
-            service:
-                name: edge
-                port:
-                number: 80
+        ingressClassName: nginx
+        tls:
+        - secretName: tls-secret
+        rules:
+        - http:
+            paths:
+            - path: /
+                pathType: Prefix
+                backend:
+                service:
+                    name: edge
+                    port:
+                    number: 80
     EOF
     ```