From e72b880b1891487fa1a6d3dac13d1b9ab519413a Mon Sep 17 00:00:00 2001
From: Jeff <jeffzhang@yunify.com>
Date: Sun, 30 Jun 2019 21:06:43 +0800
Subject: [PATCH] update nginx ingress controller

---
 .../ingress-controller/ingress-controller.yaml | 18 +++++++++++++-----
 1 file changed, 13 insertions(+), 5 deletions(-)

diff --git a/install/ingress-controller/ingress-controller.yaml b/install/ingress-controller/ingress-controller.yaml
index 8480fa1cb..4c5bebbd7 100644
--- a/install/ingress-controller/ingress-controller.yaml
+++ b/install/ingress-controller/ingress-controller.yaml
@@ -22,7 +22,7 @@ spec:
       serviceAccountName: kubesphere-router-serviceaccount
       containers:
         - name: nginx-ingress-controller
-          image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.16.2
+          image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.24.1
           args:
             - /nginx-ingress-controller
             - --default-backend-service=$(POD_NAMESPACE)/default-http-backend
@@ -31,6 +31,15 @@ spec:
             - --force-namespace-isolation
             - --update-status
             - --update-status-on-shutdown
+          securityContext:
+            allowPrivilegeEscalation: true
+            capabilities:
+              drop:
+                - ALL
+              add:
+                - NET_BIND_SERVICE
+            # www-data -> 33
+            runAsUser: 33
           env:
             - name: POD_NAME
               valueFrom:
@@ -54,7 +63,7 @@ spec:
             initialDelaySeconds: 10
             periodSeconds: 10
             successThreshold: 1
-            timeoutSeconds: 1
+            timeoutSeconds: 10
           readinessProbe:
             failureThreshold: 3
             httpGet:
@@ -63,7 +72,6 @@ spec:
               scheme: HTTP
             periodSeconds: 10
             successThreshold: 1
-            timeoutSeconds: 1
-          securityContext:
-            runAsNonRoot: false
+            timeoutSeconds: 10
+