mirror of
https://github.com/rancher/rke.git
synced 2025-08-29 11:43:07 +00:00
Use initContainer for nginx ingress if it is old version
**Problem:** The nginx ingress daemonSet securityContext can not be applied to version before 0.16.0 **Solution:** When the nginx controller version is older than 0.16.0, we use the old way to set it up.
This commit is contained in:
parent
3094ac132d
commit
642970feb2
@ -439,6 +439,16 @@ func (c *Cluster) deployIngress(ctx context.Context) error {
|
||||
IngressImage: c.SystemImages.Ingress,
|
||||
IngressBackend: c.SystemImages.IngressBackend,
|
||||
}
|
||||
// since nginx ingress controller 0.16.0, it can be run as non-root and doesn't require privileged anymore.
|
||||
// So we can use securityContext instead of setting privileges via initContainer.
|
||||
ingressSplits := strings.SplitN(c.SystemImages.Ingress, ":", 2)
|
||||
if len(ingressSplits) == 2 {
|
||||
version := strings.Split(ingressSplits[1], "-")[0]
|
||||
if version < "0.16.0" {
|
||||
ingressConfig.AlpineImage = c.SystemImages.Alpine
|
||||
}
|
||||
}
|
||||
|
||||
// Currently only deploying nginx ingress controller
|
||||
ingressYaml, err := addons.GetNginxIngressManifest(ingressConfig)
|
||||
if err != nil {
|
||||
|
@ -193,6 +193,18 @@ spec:
|
||||
{{if eq .RBACConfig "rbac"}}
|
||||
serviceAccountName: nginx-ingress-serviceaccount
|
||||
{{ end }}
|
||||
{{- if ne .AlpineImage ""}}
|
||||
initContainers:
|
||||
- command:
|
||||
- sh
|
||||
- -c
|
||||
- sysctl -w net.core.somaxconn=32768; sysctl -w net.ipv4.ip_local_port_range="1024 65535"
|
||||
image: {{.AlpineImage}}
|
||||
imagePullPolicy: IfNotPresent
|
||||
name: sysctl
|
||||
securityContext:
|
||||
privileged: true
|
||||
{{- end }}
|
||||
containers:
|
||||
- name: nginx-ingress-controller
|
||||
image: {{.IngressImage}}
|
||||
@ -206,6 +218,7 @@ spec:
|
||||
{{ range $k, $v := .ExtraArgs }}
|
||||
- --{{ $k }}{{if ne $v "" }}={{ $v }}{{end}}
|
||||
{{ end }}
|
||||
{{- if eq .AlpineImage ""}}
|
||||
securityContext:
|
||||
capabilities:
|
||||
drop:
|
||||
@ -213,6 +226,7 @@ spec:
|
||||
add:
|
||||
- NET_BIND_SERVICE
|
||||
runAsUser: 33
|
||||
{{- end }}
|
||||
env:
|
||||
- name: POD_NAME
|
||||
valueFrom:
|
||||
|
Loading…
Reference in New Issue
Block a user