Skip to content

Upgrade ingress-nginx to latest version supporting K8s 1.27

Pam Artiaga requested to merge 49-upgrade-ingress-nginx-for-k8s-127 into master

Context

Kubernetes 1.27 was released on 14 April 2023. We need to make sure that our projects and project templates support this new version.

Kubernetes 1.27 is supported in NGINX-Ingress controller version 1.7.1, 1.8.0, and 1.8.1 (see table). Going by the latest version, the equivalent Helm chart version of nginx-ingress 1.8.1 is 4.7.1 (see chart details).

We need to update the nginx-ingress version in the corresponding helm file to 4.7.1.

Tests

This is tested by creating a project from this template and applying the 4.7.1 upgrade to the nginx-ingress helmfile.

Note: I also tested with the existing 4.5.2 helm chart version and it still seems to be working, but I think it would still be best to upgrade to 4.7.1 as it wraps the nginx-ingress version that is declared to support Kubernetes 1.27

Cluster Management

sync job 
$ gl-helmfile --file $CI_PROJECT_DIR/helmfile.yaml sync
+ '[' -z --file ']'
+ export HELM_NAMESPACE=gitlab-managed-apps
+ HELM_NAMESPACE=gitlab-managed-apps
+ export HELM_HOST=localhost:44134
+ HELM_HOST=localhost:44134
+ export TILLER_NAMESPACE=gitlab-managed-apps
+ TILLER_NAMESPACE=gitlab-managed-apps
+ helmfile --file /builds/partiaga-test-group-2/cluster-management-k8s-127/helmfile.yaml sync
Adding repo ingress-nginx https://kubernetes.github.io/ingress-nginx
"ingress-nginx" has been added to your repositories
Affected releases are:
  ingress (ingress-nginx/ingress-nginx) UPDATED
Upgrading release=ingress, chart=ingress-nginx/ingress-nginx
Release "ingress" has been upgraded. Happy Helming!
NAME: ingress
LAST DEPLOYED: Tue Aug 15 05:03:35 2023
NAMESPACE: gitlab-managed-apps
STATUS: deployed
REVISION: 3
TEST SUITE: None
NOTES:
The ingress-nginx controller has been installed.
It may take a few minutes for the LoadBalancer IP to be available.
You can watch the status by running 'kubectl --namespace gitlab-managed-apps get services -o wide -w ingress-ingress-nginx-controller'
An example Ingress that makes use of the controller:
  apiVersion: networking.k8s.io/v1
  kind: Ingress
  metadata:
    name: example
    namespace: foo
  spec:
    ingressClassName: nginx
    rules:
      - host: www.example.com
        http:
          paths:
            - pathType: Prefix
              backend:
                service:
                  name: exampleService
                  port:
                    number: 80
              path: /
    # This section is only required if TLS is to be enabled for the Ingress
    tls:
      - hosts:
        - www.example.com
        secretName: example-tls
If TLS is enabled for the Ingress, a Secret containing the certificate and key must also be provided:
  apiVersion: v1
  kind: Secret
  metadata:
    name: example-tls
    namespace: foo
  data:
    tls.crt: <base64 encoded cert>
    tls.key: <base64 encoded key>
  type: kubernetes.io/tls
Listing releases matching ^ingress$
ingress	gitlab-managed-apps	3       	2023-08-15 05:03:35.11618979 +0000 UTC	deployed	ingress-nginx-4.7.1	1.8.1      
UPDATED RELEASES:
NAME      CHART                         VERSION
ingress   ingress-nginx/ingress-nginx     4.7.1

Test deployment project

deploy job 
$ auto-deploy deploy
WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /builds/partiaga-test-group-2/pam-cluster-management-deploy.tmp/KUBECONFIG
WARNING: Kubernetes configuration file is world-readable. This is insecure. Location: /builds/partiaga-test-group-2/pam-cluster-management-deploy.tmp/KUBECONFIG
Validating chart version...
Fetching the previously deployed chart version... v2.40.0
Fetching the deploying chart version... v2.40.0
The current chart is compatible with the previously deployed chart
secret "production-secret" deleted
secret/production-secret replaced
No helm values file found at '.gitlab/auto-deploy-values.yaml'
Deploying new stable release...
WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /builds/partiaga-test-group-2/pam-cluster-management-deploy.tmp/KUBECONFIG
WARNING: Kubernetes configuration file is world-readable. This is insecure. Location: /builds/partiaga-test-group-2/pam-cluster-management-deploy.tmp/KUBECONFIG
Release "production" has been upgraded. Happy Helming!
NAME: production
LAST DEPLOYED: Tue Aug 15 23:26:32 2023
NAMESPACE: default
STATUS: deployed
REVISION: 2
TEST SUITE: None
NOTES:
Application should be accessible at
    http://partiaga-test-group-2-pam-cluster-management-deploy.34.121.182.49.nip.io/
deployment "production" successfully rolled out

Screenshot of deployed app

screenshot

Screenshot_2023-08-16_at_09.28.17

Closes #49 (closed)

Edited by Pam Artiaga

Merge request reports