diff --git a/cluster/manifests/ingress-controller/01-rbac.yaml b/cluster/manifests/ingress-controller/01-rbac.yaml index 8b68079ca6..df3fc2c558 100644 --- a/cluster/manifests/ingress-controller/01-rbac.yaml +++ b/cluster/manifests/ingress-controller/01-rbac.yaml @@ -45,6 +45,15 @@ rules: verbs: - patch - update +- apiGroups: + - "" + resources: + - pods + - pods/status + verbs: + - get + - list + - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding diff --git a/cluster/manifests/ingress-controller/deployment.yaml b/cluster/manifests/ingress-controller/deployment.yaml index ea0302a2f4..891aadb181 100644 --- a/cluster/manifests/ingress-controller/deployment.yaml +++ b/cluster/manifests/ingress-controller/deployment.yaml @@ -37,7 +37,9 @@ spec: - name: controller image: "{{ $image }}" args: - - --target-access-mode=HostPort + - --target-access-mode=AWSCNI + - --target-cni-namespace=kube-system + - --target-cni-pod-labelselector=application=skipper-ingress,component=ingress - --stack-termination-protection - --ssl-policy={{ .Cluster.ConfigItems.kube_aws_ingress_controller_ssl_policy }} - --idle-connection-timeout={{ .Cluster.ConfigItems.kube_aws_ingress_controller_idle_timeout }} diff --git a/cluster/manifests/skipper/deployment.yaml b/cluster/manifests/skipper/deployment.yaml index dfc6e3eff6..a3f99e424b 100644 --- a/cluster/manifests/skipper/deployment.yaml +++ b/cluster/manifests/skipper/deployment.yaml @@ -96,7 +96,6 @@ spec: serviceAccountName: skipper-ingress terminationGracePeriodSeconds: {{ .Cluster.ConfigItems.skipper_termination_grace_period }} dnsPolicy: ClusterFirstWithHostNet - hostNetwork: true containers: - name: skipper-ingress image: "{{ .image }}" @@ -104,12 +103,10 @@ spec: ports: - name: ingress-port containerPort: 9999 - hostPort: 9999 protocol: TCP {{ if or (eq .Cluster.ConfigItems.nlb_switch "pre") (eq .Cluster.ConfigItems.nlb_switch "exec") }} - name: http-redirect containerPort: 9998 - hostPort: 9998 protocol: TCP {{ end }} env: