Upgrading Nginx Ingress Controller
To upgrade the Nginx Ingress Controller
To get the ingress class used for the NGINX Ingress Controller, run the following command:
kubectl get ds -n ingress-nginx -o yaml | grep -i "\-\-ingress-class"Look for --ingress-class in the command output.
Example: --ingress-class=nginxBased on the version of your Kubernetes or OpenShift, run the following commands to get the deploy.yaml file for the NGINX Ingress Controller
$ wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.8.1/deploy/static/provider/cloud/deploy.yaml- Make sure that the ingress-class (that you verified in step 1) is mentioned in the deploy.yaml file.
Run the following command to delete the jobs (ingress-nginx-admission-create and ingress-nginx-admission-patch):
kubectl delete job ingress-nginx-admission-create ingress-nginx-admission-patch -n ingress-nginx --ignore-not-found=true- Make the following changes in the deploy.yaml file:
Change the kind field of the ingress-nginx-controller from Deployment to DaemonSet
apiVersion: apps/v1
kind: DaemonSet
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.3
name: ingress-nginx-controller
namespace: ingress-nginxChange the spec.strategy field to spec.updateStrategy
spec:
minReadySeconds: 0
revisionHistoryLimit: 10
selector:
matchLabels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
updateStrategy:
rollingUpdate:
maxUnavailable: 1
type: RollingUpdateIn the args section, set the default certificate to my-tls-secret:
spec:
containers:
- args:
- /nginx-ingress-controller
- --publish-service=$(POD_NAMESPACE)/ingress-nginx-controller
- --election-id=ingress-controller-leader
- --controller-class=k8s.io/ingress-nginx
- --ingress-class=nginx
- --configmap=$(POD_NAMESPACE)/ingress-nginx-controller
- --validating-webhook=:8443
- --validating-webhook-certificate=/usr/local/certificates/cert
- --validating-webhook-key=/usr/local/certificates/key
- --default-ssl-certificate=ingress-nginx/my-tls-secret # <<<<<<<<<<<<<<
Run the following command to apply the deploy.yaml:
kubectl apply -f deploy.yamlRun the following command to verify that the Nginx Ingress Controller pods are running on all worker nodes:
kubectl -n ingress-nginx get podsRun the command to verify the version of the Nginx Ingress Controller from one of the pod logs:
kubectl logs <ingress controller pod> -n ingress-nginx | lessWhere -n ingress-nginx is the ingress namespace.
The version of the Nginx Ingress Controller must be 1.8.1.Run the command to make sure that the same ports of the Nginx Ingress Controller service are configured in the load balancer:
kubectl -n ingress-nginx get service
Performing post upgrade task
- In the ingress-nginx namespace, open the nginx-configuration configmap and review the value of allow-snippet-annotations configuration parameter.
- If the value of allow-snippet-annotations is false, set it to true:
allow-snippet-annotations: "true".