Upgrading Nginx Ingress Controller

You must upgrade the Nginx Ingress Controller (nginx-ingress-controller) based on your Kubernetes and OpenShift version.
The following table lists the Nginx Ingress Controller versions and the certified versions of Kubernetes and OpenShift:

Nginx Ingress Controller version	Supported Kubernetes version	OpenShift version
1.6.4	1.23	4.10
1.7.0	1.24,1.25 To use Kubernetes 1.26, apply the hotfix itom-predeploy-hotfix-23.2.02.002-6.tar.gz. For more information see, Deploying BMC Helix IT Operations Management.	4.11 or 4.12

Use the information in this section to upgrade the Nginx Ingress controller from version 1.2.0 to 1.6.4 or 1.7.0.

Important

You might experience downtime while upgrading nginx-ingress-controller to version 1.6.4 or 1.7.0.

Best practice
Run the following command to check the version of nginx-ingress-controller:

# kubectl -n ingress-nginx get ds -o yaml | grep -i image:

Sample output:

image: k8s.gcr.io/ingress-nginx/controller:v1.2.0@sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185

To upgrade the Nginx Ingress Controller

Perform the following steps to upgrade the Nginx Ingress Controller from version 1.2.0 to version 1.6.4 or 1.7.0:

Run the following command to get the ingress-class used for the Nginx Ingress Controller version 1.2.0:
kubectl get ds -n ingress-nginx -o yaml | grep -i "\-\-ingress-class"
Look for --ingress-class in the command output.
Example: --ingress-class=nginx
Run one of the commands:
- To get the deploy.yaml file for Nginx Ingress Controller 1.6.4
  $ wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.6.4/deploy/static/provider/cloud/deploy.yaml
- To get the deploy.yaml file for Nginx Ingress Controller 1.7.0
  $ wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.7.0/deploy/static/provider/cloud/deploy.yaml
Make sure that the ingress-class (that you verified in step 1) is mentioned in the deploy.yaml file.
Run the following command to delete the jobs (ingress-nginx-admission-create and ingress-nginx-admission-patch):
kubectl delete job ingress-nginx-admission-create ingress-nginx-admission-patch -n ingress-nginx
Important
Ignore the errors or warnings if the ingress-nginx-admission-create and ingress-nginx-admission-patch jobs are not present.
Make the following changes in the deploy.yaml file:
1. Change the kind field of the ingress-nginx-controller from Deployment to DaemonSet
2. In the args section, set the default certificate to my-tls-secret:
  spec:
        containers:
       - args:
         - /nginx-ingress-controller
         - --publish-service=$(POD_NAMESPACE)/ingress-nginx-controller
         - --election-id=ingress-controller-leader
         - --controller-class=k8s.io/ingress-nginx
         - --ingress-class=nginx
         - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller
         - --validating-webhook=:8443
         - --validating-webhook-certificate=/usr/local/certificates/cert
         - --validating-webhook-key=/usr/local/certificates/key
         - --default-ssl-certificate=ingress-nginx/my-tls-secret           # <<<<<<<<<<<<<<
Run the command to apply the deploy.yaml:
kubectl apply -f deploy.yaml
Run the command to verify that the Nginx Ingress Controller pods are running on all worker nodes:
kubectl -n ingress-nginx get pods
Run the command to verify the version of the Nginx Ingress Controller from one of the pod logs:
kubectl logs <ingress controller pod> -n ingress-nginx | less
Where -n ingress-nginx is the ingress namespace.

The version of the Nginx Ingress Controller must be 1.6.4 or 1.7.0.
Run the command to make sure that the same ports of the Nginx Ingress Controller service are configured in the load balancer:
kubectl -n ingress-nginx get service

Upgrading Nginx Ingress Controller

To upgrade the Nginx Ingress Controller

On this page