cleanup: Deprecate Ingress-Nginx from kubernetes-apps (#12767)

* [docs] Remove ingress-nginx references in docs and scripts jinja

Signed-off-by: Meza <meza-xyz@proton.me>

* Remove ingress-nginx doc and remove references in readme and sidebar

Signed-off-by: Meza <meza-xyz@proton.me>

* Delete ingress-nginx dir from kubernetes-apps

Signed-off-by: Meza <meza-xyz@proton.me>

* Delete ingress-nginx from inventory addons

Signed-off-by: Meza <meza-xyz@proton.me>

* Delete ingress_nginx_enabled from default main

Signed-off-by: Meza <meza-xyz@proton.me>

* Delete ingress_nginx from download

Signed-off-by: Meza <meza-xyz@proton.me>

* Delete ingress_nginx from dependencies

Signed-off-by: Meza <meza-xyz@proton.me>

* Remove ingress_nginx from registry task

Signed-off-by: Meza <meza-xyz@proton.me>

---------

Signed-off-by: Meza <meza-xyz@proton.me>

README.md

@@ -128,7 +128,6 @@ Note:
 - Application
   - [cert-manager](https://github.com/jetstack/cert-manager) 1.15.3
   - [coredns](https://github.com/coredns/coredns) 1.12.4
-  - [ingress-nginx](https://github.com/kubernetes/ingress-nginx) 1.13.3
   - [argocd](https://argoproj.github.io/) 2.14.5
   - [helm](https://helm.sh/) 3.18.4
   - [metallb](https://metallb.universe.tf/) 0.13.9
@@ -202,8 +201,6 @@ See also [Network checker](docs/advanced/netcheck.md).
 
 ## Ingress Plugins
 
-- [nginx](https://kubernetes.github.io/ingress-nginx): the NGINX Ingress Controller.
-
 - [metallb](docs/ingress/metallb.md): the MetalLB bare-metal service LoadBalancer provider.
 
 ## Community docs and resources

docs/_sidebar.md

@@ -57,7 +57,6 @@
   * [Setting-up-your-first-cluster](/docs/getting_started/setting-up-your-first-cluster.md)
 * Ingress
   * [Alb Ingress Controller](/docs/ingress/alb_ingress_controller.md)
-  * [Ingress Nginx](/docs/ingress/ingress_nginx.md)
   * [Kube-vip](/docs/ingress/kube-vip.md)
   * [Metallb](/docs/ingress/metallb.md)
 * Operating Systems

docs/advanced/cert_manager.md

@@ -30,14 +30,7 @@ If you don't have a TLS Root CA certificate and key available, you can create th
 
 A common use-case for cert-manager is requesting TLS signed certificates to secure your ingress resources. This can be done by simply adding annotations to your Ingress resources and cert-manager will facilitate creating the Certificate resource for you. A small sub-component of cert-manager, ingress-shim, is responsible for this.
 
-To enable the Nginx Ingress controller as part of your Kubespray deployment, simply edit your K8s cluster addons inventory e.g. `inventory\sample\group_vars\k8s_cluster\addons.yml` and set `ingress_nginx_enabled` to true.
+For example, if you're using the Traefik ingress controller, you can secure the Prometheus ingress by adding the annotation `cert-manager.io/cluster-issuer: ca-issuer` and the `spec.tls` section to the `Ingress` resource definition.
-
-```ini
-# Nginx ingress controller deployment
-ingress_nginx_enabled: true
-```
-
-For example, if you're using the Nginx ingress controller, you can secure the Prometheus ingress by adding the annotation `cert-manager.io/cluster-issuer: ca-issuer` and the `spec.tls` section to the `Ingress` resource definition.
 
 ```yaml
 apiVersion: networking.k8s.io/v1
@@ -48,9 +41,9 @@ metadata:
   labels:
     prometheus: k8s
   annotations:
-    kubernetes.io/ingress.class: "nginx"
     cert-manager.io/cluster-issuer: ca-issuer
 spec:
+  ingressClassName: "traefik"
   tls:
   - hosts:
     - prometheus.example.com
@@ -72,8 +65,8 @@ Once deployed to your K8s cluster, every 3 months cert-manager will automaticall
 
 Please consult the official upstream documentation:
 
-- [cert-manager Ingress Usage](https://cert-manager.io/v1.5-docs/usage/ingress/)
+- [cert-manager Ingress Usage](https://cert-manager.io/usage/ingress/)
-- [cert-manager Ingress Tutorial](https://cert-manager.io/v1.5-docs/tutorials/acme/ingress/#step-3-assign-a-dns-name)
+- [cert-manager Ingress Tutorial](https://cert-manager.io/tutorials/acme/ingress/#step-3-assign-a-dns-name)
 
 ### ACME
 
@@ -81,12 +74,12 @@ The ACME Issuer type represents a single account registered with the Automated C
 
 Certificates issued by public ACME servers are typically trusted by client’s computers by default. This means that, for example, visiting a website that is backed by an ACME certificate issued for that URL, will be trusted by default by most client’s web browsers. ACME certificates are typically free.
 
-- [ACME Configuration](https://cert-manager.io/v1.5-docs/configuration/acme/)
+- [ACME Configuration](https://cert-manager.io/docs/configuration/acme/)
-- [ACME HTTP Validation](https://cert-manager.io/v1.5-docs/tutorials/acme/http-validation/)
+- [ACME HTTP Validation](https://cert-manager.io/docs/tutorials/acme/http-validation/)
-  - [HTTP01 Challenges](https://cert-manager.io/v1.5-docs/configuration/acme/http01/)
+  - [HTTP01 Challenges](https://cert-manager.io/docs/configuration/acme/http01/)
-- [ACME DNS Validation](https://cert-manager.io/v1.5-docs/tutorials/acme/dns-validation/)
+- [ACME DNS Validation](https://cert-manager.io/docs/tutorials/acme/dns-validation/)
-  - [DNS01 Challenges](https://cert-manager.io/v1.5-docs/configuration/acme/dns01/)
+  - [DNS01 Challenges](https://cert-manager.io/docs/configuration/acme/dns01/)
-- [ACME FAQ](https://cert-manager.io/v1.5-docs/faq/acme/)
+- [ACME FAQ](https://cert-manager.io/docs/troubleshooting/acme/)
 
 #### ACME With An Internal Certificate Authority
 

docs/developers/ci-setup.md

@@ -145,7 +145,6 @@ upstream_dns_servers:
   - 1.0.0.1
 
 # Extensions
-ingress_nginx_enabled: True
 helm_enabled: True
 cert_manager_enabled: True
 metrics_server_enabled: True

docs/ingress/ingress_nginx.md

@@ -1,203 +0,0 @@
-# Installation Guide
-
-## Contents
-
-- [Prerequisite Generic Deployment Command](#prerequisite-generic-deployment-command)
-  - [Provider Specific Steps](#provider-specific-steps)
-    - [Docker for Mac](#docker-for-mac)
-    - [minikube](#minikube)
-    - [AWS](#aws)
-    - [GCE - GKE](#gce-gke)
-    - [Azure](#azure)
-    - [Bare-metal](#bare-metal)
-  - [Verify installation](#verify-installation)
-  - [Detect installed version](#detect-installed-version)
-- [Using Helm](#using-helm)
-
-## Prerequisite Generic Deployment Command
-
-!!! attention
-    The default configuration watches Ingress object from *all the namespaces*.
-    To change this behavior use the flag `--watch-namespace` to limit the scope to a particular namespace.
-
-!!! warning
-    If multiple Ingresses define different paths for the same host, the ingress controller will merge the definitions.
-
-!!! attention
-    If you're using GKE you need to initialize your user as a cluster-admin with the following command:
-
-```console
-kubectl create clusterrolebinding cluster-admin-binding \
---clusterrole cluster-admin \
---user $(gcloud config get-value account)
-```
-
-The following **Mandatory Command** is required for all deployments except for AWS. See below for the AWS version.
-
-```console
-kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.13.3/deploy/static/provider/cloud/deploy.yaml
-```
-
-### Provider Specific Steps
-
-There are cloud provider specific yaml files.
-
-#### Docker for Mac
-
-Kubernetes is available in Docker for Mac (from [version 18.06.0-ce](https://docs.docker.com/docker-for-mac/release-notes/#stable-releases-of-2018))
-
-First you need to [enable kubernetes](https://docs.docker.com/docker-for-mac/#kubernetes).
-
-Then you have to create a service:
-
-```console
-kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/provider/cloud-generic.yaml
-```
-
-#### minikube
-
-For standard usage:
-
-```console
-minikube addons enable ingress
-```
-
-For development:
-
-1. Disable the ingress addon:
-
-```console
-minikube addons disable ingress
-```
-
-1. Execute `make dev-env`
-1. Confirm the `nginx-ingress-controller` deployment exists:
-
-```console
-$ kubectl get pods -n ingress-nginx
-NAME                                       READY     STATUS    RESTARTS   AGE
-default-http-backend-66b447d9cf-rrlf9      1/1       Running   0          12s
-nginx-ingress-controller-fdcdcd6dd-vvpgs   1/1       Running   0          11s
-```
-
-#### AWS
-
-In AWS we use an Elastic Load Balancer (ELB) to expose the NGINX Ingress controller behind a Service of `Type=LoadBalancer`.
-Since Kubernetes v1.9.0 it is possible to use a classic load balancer (ELB) or network load balancer (NLB)
-Please check the [elastic load balancing AWS details page](https://aws.amazon.com/elasticloadbalancing/details/)
-
-##### Elastic Load Balancer - ELB
-
-This setup requires to choose in which layer (L4 or L7) we want to configure the Load Balancer:
-
-- [Layer 4](https://en.wikipedia.org/wiki/OSI_model#Layer_4:_Transport_Layer): Use an Network Load Balancer (NLB) with TCP as the listener protocol for ports 80 and 443.
-- [Layer 7](https://en.wikipedia.org/wiki/OSI_model#Layer_7:_Application_Layer): Use an Elastic Load Balancer (ELB) with HTTP as the listener protocol for port 80 and terminate TLS in the ELB
-
-For L4:
-
-```console
-kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/provider/aws/deploy.yaml
-```
-
-For L7:
-
-Change the value of `service.beta.kubernetes.io/aws-load-balancer-ssl-cert` in the file `provider/aws/deploy-tls-termination.yaml` replacing the dummy id with a valid one. The dummy value is `"arn:aws:acm:us-west-2:XXXXXXXX:certificate/XXXXXX-XXXXXXX-XXXXXXX-XXXXXXXX"`
-
-Check that no change is necessary with regards to the ELB idle timeout. In some scenarios, users may want to modify the ELB idle timeout, so please check the [ELB Idle Timeouts section](#elb-idle-timeouts) for additional information. If a change is required, users will need to update the value of `service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout` in `provider/aws/deploy-tls-termination.yaml`
-
-Then execute:
-
-```console
-kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/provider/aws/deploy-tls-termination.yaml
-```
-
-This example creates an ELB with just two listeners, one in port 80 and another in port 443
-
-![Listeners](https://github.com/kubernetes/ingress-nginx/blob/main/docs/images/elb-l7-listener.png)
-
-##### ELB Idle Timeouts
-
-In some scenarios users will need to modify the value of the ELB idle timeout.
-Users need to ensure the idle timeout is less than the [keepalive_timeout](http://nginx.org/en/docs/http/ngx_http_core_module.html#keepalive_timeout) that is configured for NGINX.
-By default NGINX `keepalive_timeout` is set to `75s`.
-
-The default ELB idle timeout will work for most scenarios, unless the NGINX [keepalive_timeout](http://nginx.org/en/docs/http/ngx_http_core_module.html#keepalive_timeout) has been modified,
-in which case `service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout` will need to be modified to ensure it is less than the `keepalive_timeout` the user has configured.
-
-*Please Note: An idle timeout of `3600s` is recommended when using WebSockets.*
-
-More information with regards to idle timeouts for your Load Balancer can be found in the [official AWS documentation](https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/config-idle-timeout.html).
-
-##### Network Load Balancer (NLB)
-
-This type of load balancer is supported since v1.10.0 as an ALPHA feature.
-
-```console
-kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/provider/aws/service-nlb.yaml
-```
-
-#### GCE-GKE
-
-```console
-kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/provider/cloud-generic.yaml
-```
-
-**Important Note:** proxy protocol is not supported in GCE/GKE
-
-#### Azure
-
-```console
-kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/provider/cloud-generic.yaml
-```
-
-#### Bare-metal
-
-Using [NodePort](https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport):
-
-```console
-kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/baremetal/deploy.yaml
-```
-
-!!! tip
-    For extended notes regarding deployments on bare-metal, see [Bare-metal considerations](https://github.com/kubernetes/ingress-nginx/blob/main/docs/deploy/baremetal.md).
-
-### Verify installation
-
-To check if the ingress controller pods have started, run the following command:
-
-```console
-kubectl get pods --all-namespaces -l app.kubernetes.io/name=ingress-nginx --watch
-```
-
-Once the operator pods are running, you can cancel the above command by typing `Ctrl+C`.
-Now, you are ready to create your first ingress.
-
-### Detect installed version
-
-To detect which version of the ingress controller is running, exec into the pod and run `nginx-ingress-controller version` command.
-
-```console
-POD_NAMESPACE=ingress-nginx
-POD_NAME=$(kubectl get pods -n $POD_NAMESPACE -l app.kubernetes.io/component=controller -o jsonpath='{.items[0].metadata.name}')
-
-kubectl exec -it $POD_NAME -n $POD_NAMESPACE -- /nginx-ingress-controller --version
-```
-
-## Using Helm
-
-NGINX Ingress controller can be installed via [Helm](https://helm.sh/) using the chart [ingress-nginx/ingress-nginx](https://kubernetes.github.io/ingress-nginx).
-Official documentation is [here](https://kubernetes.github.io/ingress-nginx/deploy/#using-helm)
-
-To install the chart with the release name `my-nginx`:
-
-```console
-helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
-helm install my-nginx ingress-nginx/ingress-nginx
-```
-
-Detect installed version:
-
-```console
-POD_NAME=$(kubectl get pods -l app.kubernetes.io/name=ingress-nginx -o jsonpath='{.items[0].metadata.name}')
-kubectl exec -it $POD_NAME -- /nginx-ingress-controller --version
-```

inventory/sample/group_vars/k8s_cluster/addons.yml

@@ -63,39 +63,6 @@ local_volume_provisioner_enabled: false
 # Gateway API CRDs
 gateway_api_enabled: false
 
-# Nginx ingress controller deployment
-ingress_nginx_enabled: false
-# ingress_nginx_host_network: false
-# ingress_nginx_service_type: LoadBalancer
-# ingress_nginx_service_annotations:
-#   example.io/loadbalancerIPs: 1.2.3.4
-# ingress_nginx_service_nodeport_http: 30080
-# ingress_nginx_service_nodeport_https: 30081
-ingress_publish_status_address: ""
-# ingress_nginx_nodeselector:
-#   kubernetes.io/os: "linux"
-# ingress_nginx_tolerations:
-#   - key: "node-role.kubernetes.io/control-plane"
-#     operator: "Equal"
-#     value: ""
-#     effect: "NoSchedule"
-# ingress_nginx_namespace: "ingress-nginx"
-# ingress_nginx_insecure_port: 80
-# ingress_nginx_secure_port: 443
-# ingress_nginx_configmap:
-#   map-hash-bucket-size: "128"
-#   ssl-protocols: "TLSv1.2 TLSv1.3"
-# ingress_nginx_configmap_tcp_services:
-#   9000: "default/example-go:8080"
-# ingress_nginx_configmap_udp_services:
-#   53: "kube-system/coredns:53"
-# ingress_nginx_extra_args:
-#   - --default-ssl-certificate=default/foo-tls
-# ingress_nginx_termination_grace_period_seconds: 300
-# ingress_nginx_class: nginx
-# ingress_nginx_without_class: true
-# ingress_nginx_default: false
-
 # ALB ingress controller deployment
 ingress_alb_enabled: false
 # alb_ingress_aws_region: "us-east-1"

roles/kubernetes-apps/ingress_controller/ingress_nginx/defaults/main.yml

@@ -1,28 +0,0 @@
----
-ingress_nginx_namespace: "ingress-nginx"
-ingress_nginx_host_network: false
-ingress_nginx_service_type: LoadBalancer
-ingress_nginx_service_nodeport_http: ""
-ingress_nginx_service_nodeport_https: ""
-ingress_nginx_service_annotations: {}
-ingress_publish_status_address: ""
-ingress_nginx_publish_service: "{{ ingress_nginx_namespace }}/ingress-nginx"
-ingress_nginx_nodeselector:
-  kubernetes.io/os: "linux"
-ingress_nginx_tolerations: []
-ingress_nginx_insecure_port: 80
-ingress_nginx_secure_port: 443
-ingress_nginx_metrics_port: 10254
-ingress_nginx_configmap: {}
-ingress_nginx_configmap_tcp_services: {}
-ingress_nginx_configmap_udp_services: {}
-ingress_nginx_extra_args: []
-ingress_nginx_termination_grace_period_seconds: 300
-ingress_nginx_class: nginx
-ingress_nginx_without_class: true
-ingress_nginx_default: false
-ingress_nginx_webhook_enabled: false
-ingress_nginx_webhook_job_ttl: 1800
-ingress_nginx_opentelemetry_enabled: false
-
-ingress_nginx_probe_initial_delay_seconds: 10

roles/kubernetes-apps/ingress_controller/ingress_nginx/tasks/main.yml

@@ -1,69 +0,0 @@
----
-
-- name: NGINX Ingress Controller | Create addon dir
-  file:
-    path: "{{ kube_config_dir }}/addons/ingress_nginx"
-    state: directory
-    owner: root
-    group: root
-    mode: "0755"
-  when:
-    - inventory_hostname == groups['kube_control_plane'][0]
-
-- name: NGINX Ingress Controller | Templates list
-  set_fact:
-    ingress_nginx_templates:
-      - { name: 00-namespace, file: 00-namespace.yml, type: ns }
-      - { name: cm-ingress-nginx, file: cm-ingress-nginx.yml, type: cm }
-      - { name: cm-tcp-services, file: cm-tcp-services.yml, type: cm }
-      - { name: cm-udp-services, file: cm-udp-services.yml, type: cm }
-      - { name: sa-ingress-nginx, file: sa-ingress-nginx.yml, type: sa }
-      - { name: clusterrole-ingress-nginx, file: clusterrole-ingress-nginx.yml, type: clusterrole }
-      - { name: clusterrolebinding-ingress-nginx, file: clusterrolebinding-ingress-nginx.yml, type: clusterrolebinding }
-      - { name: role-ingress-nginx, file: role-ingress-nginx.yml, type: role }
-      - { name: rolebinding-ingress-nginx, file: rolebinding-ingress-nginx.yml, type: rolebinding }
-      - { name: ingressclass-nginx, file: ingressclass-nginx.yml, type: ingressclass }
-      - { name: ds-ingress-nginx-controller, file: ds-ingress-nginx-controller.yml, type: ds }
-    ingress_nginx_template_for_service:
-      - { name: svc-ingress-nginx, file: svc-ingress-nginx.yml, type: svc }
-    ingress_nginx_templates_for_webhook:
-      - { name: admission-webhook-configuration, file: admission-webhook-configuration.yml, type: sa }
-      - { name: sa-admission-webhook, file: sa-admission-webhook.yml, type: sa }
-      - { name: clusterrole-admission-webhook, file: clusterrole-admission-webhook.yml, type: clusterrole }
-      - { name: clusterrolebinding-admission-webhook, file: clusterrolebinding-admission-webhook.yml, type: clusterrolebinding }
-      - { name: role-admission-webhook, file: role-admission-webhook.yml, type: role }
-      - { name: rolebinding-admission-webhook, file: rolebinding-admission-webhook.yml, type: rolebinding }
-      - { name: admission-webhook-job, file: admission-webhook-job.yml, type: job }
-      - { name: svc-ingress-nginx-controller-admission, file: svc-ingress-nginx-controller-admission.yml, type: svc }
-
-- name: NGINX Ingress Controller | Append extra templates to NGINX Ingress Template list for service
-  set_fact:
-    ingress_nginx_templates: "{{ ingress_nginx_templates + ingress_nginx_template_for_service }}"
-  when: not ingress_nginx_host_network
-
-- name: NGINX Ingress Controller | Append extra templates to NGINX Ingress Templates list for webhook
-  set_fact:
-    ingress_nginx_templates: "{{ ingress_nginx_templates + ingress_nginx_templates_for_webhook }}"
-  when: ingress_nginx_webhook_enabled
-
-- name: NGINX Ingress Controller | Create manifests
-  template:
-    src: "{{ item.file }}.j2"
-    dest: "{{ kube_config_dir }}/addons/ingress_nginx/{{ item.file }}"
-    mode: "0644"
-  with_items: "{{ ingress_nginx_templates }}"
-  register: ingress_nginx_manifests
-  when:
-    - inventory_hostname == groups['kube_control_plane'][0]
-
-- name: NGINX Ingress Controller | Apply manifests
-  kube:
-    name: "{{ item.item.name }}"
-    namespace: "{{ ingress_nginx_namespace }}"
-    kubectl: "{{ bin_dir }}/kubectl"
-    resource: "{{ item.item.type }}"
-    filename: "{{ kube_config_dir }}/addons/ingress_nginx/{{ item.item.file }}"
-    state: "latest"
-  with_items: "{{ ingress_nginx_manifests.results }}"
-  when:
-    - inventory_hostname == groups['kube_control_plane'][0]

roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/00-namespace.yml.j2

@@ -1,7 +0,0 @@
----
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: {{ ingress_nginx_namespace }}
-  labels:
-    name: {{ ingress_nginx_namespace }}

roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/admission-webhook-configuration.yml.j2

@@ -1,30 +0,0 @@
-apiVersion: admissionregistration.k8s.io/v1
-kind: ValidatingWebhookConfiguration
-metadata:
-  labels:
-    app.kubernetes.io/name: ingress-nginx
-    app.kubernetes.io/part-of: ingress-nginx
-  name: ingress-nginx-admission
-webhooks:
-- admissionReviewVersions:
-  - v1
-  clientConfig:
-    service:
-      name: ingress-nginx-controller-admission
-      namespace: {{ ingress_nginx_namespace }}
-      path: /networking/v1/ingresses
-      port: 443
-  failurePolicy: Fail
-  matchPolicy: Equivalent
-  name: validate.nginx.ingress.kubernetes.io
-  rules:
-  - apiGroups:
-    - networking.k8s.io
-    apiVersions:
-    - v1
-    operations:
-    - CREATE
-    - UPDATE
-    resources:
-    - ingresses
-  sideEffects: None

roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/admission-webhook-job.yml.j2

@@ -1,96 +0,0 @@
----
-apiVersion: batch/v1
-kind: Job
-metadata:
-  labels:
-    app.kubernetes.io/name: ingress-nginx
-    app.kubernetes.io/part-of: ingress-nginx
-  name: ingress-nginx-admission-create
-  namespace: {{ ingress_nginx_namespace }}
-spec:
-  template:
-    metadata:
-      labels:
-        app.kubernetes.io/name: ingress-nginx
-        app.kubernetes.io/part-of: ingress-nginx
-      name: ingress-nginx-admission-create
-    spec:
-      containers:
-      - args:
-        - create
-        - --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.$(POD_NAMESPACE).svc
-        - --namespace=$(POD_NAMESPACE)
-        - --secret-name=ingress-nginx-admission
-        env:
-        - name: POD_NAMESPACE
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.namespace
-        image: "{{ ingress_nginx_kube_webhook_certgen_image_repo }}:{{ ingress_nginx_kube_webhook_certgen_image_tag }}"
-        imagePullPolicy: {{ k8s_image_pull_policy }}
-        name: create
-        securityContext:
-          allowPrivilegeEscalation: false
-          capabilities:
-            drop:
-            - ALL
-          readOnlyRootFilesystem: true
-          runAsGroup: 65532
-          runAsNonRoot: true
-          runAsUser: 65532
-          seccompProfile:
-            type: RuntimeDefault
-      nodeSelector:
-        kubernetes.io/os: linux
-      restartPolicy: OnFailure
-      serviceAccountName: ingress-nginx-admission
-  ttlSecondsAfterFinished: {{ ingress_nginx_webhook_job_ttl }}
----
-apiVersion: batch/v1
-kind: Job
-metadata:
-  labels:
-    app.kubernetes.io/name: ingress-nginx
-    app.kubernetes.io/part-of: ingress-nginx
-  name: ingress-nginx-admission-patch
-  namespace: {{ ingress_nginx_namespace }}
-spec:
-  template:
-    metadata:
-      labels:
-        app.kubernetes.io/name: ingress-nginx
-        app.kubernetes.io/part-of: ingress-nginx
-      name: ingress-nginx-admission-patch
-    spec:
-      containers:
-      - args:
-        - patch
-        - --webhook-name=ingress-nginx-admission
-        - --namespace=$(POD_NAMESPACE)
-        - --patch-mutating=false
-        - --secret-name=ingress-nginx-admission
-        - --patch-failure-policy=Fail
-        env:
-        - name: POD_NAMESPACE
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.namespace
-        image: "{{ ingress_nginx_kube_webhook_certgen_image_repo }}:{{ ingress_nginx_kube_webhook_certgen_image_tag }}"
-        imagePullPolicy: {{ k8s_image_pull_policy }}
-        name: patch
-        securityContext:
-          allowPrivilegeEscalation: false
-          capabilities:
-            drop:
-            - ALL
-          readOnlyRootFilesystem: true
-          runAsGroup: 65532
-          runAsNonRoot: true
-          runAsUser: 65532
-          seccompProfile:
-            type: RuntimeDefault
-      nodeSelector:
-        kubernetes.io/os: linux
-      restartPolicy: OnFailure
-      serviceAccountName: ingress-nginx-admission
-  ttlSecondsAfterFinished: {{ ingress_nginx_webhook_job_ttl }}

roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/clusterrole-admission-webhook.yml.j2

@@ -1,15 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  labels:
-    app.kubernetes.io/name: ingress-nginx
-    app.kubernetes.io/part-of: ingress-nginx
-  name: ingress-nginx-admission
-rules:
-- apiGroups:
-  - admissionregistration.k8s.io
-  resources:
-  - validatingwebhookconfigurations
-  verbs:
-  - get
-  - update

roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/clusterrole-ingress-nginx.yml.j2

@@ -1,36 +0,0 @@
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: ingress-nginx
-  labels:
-    app.kubernetes.io/name: ingress-nginx
-    app.kubernetes.io/part-of: ingress-nginx
-rules:
-  - apiGroups: [""]
-    resources: ["configmaps", "endpoints", "nodes", "pods", "secrets", "namespaces"]
-    verbs: ["list", "watch"]
-  - apiGroups: [""]
-    resources: ["nodes"]
-    verbs: ["get"]
-  - apiGroups: [""]
-    resources: ["services"]
-    verbs: ["get", "list", "watch"]
-  - apiGroups: ["networking.k8s.io"]
-    resources: ["ingresses"]
-    verbs: ["get", "list", "watch"]
-  - apiGroups: [""]
-    resources: ["events"]
-    verbs: ["create", "patch"]
-  - apiGroups: ["networking.k8s.io"]
-    resources: ["ingresses/status"]
-    verbs: ["update"]
-  - apiGroups: ["networking.k8s.io"]
-    resources: ["ingressclasses"]
-    verbs: ["get", "list", "watch"]
-  - apiGroups: ["coordination.k8s.io"]
-    resources: ["leases"]
-    verbs: ["list", "watch"]
-  - apiGroups: ["discovery.k8s.io"]
-    resources: ["endpointslices"]
-    verbs: ["get", "list", "watch"]

roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/clusterrolebinding-admission-webhook.yml.j2

@@ -1,16 +0,0 @@
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  labels:
-    app.kubernetes.io/name: ingress-nginx
-    app.kubernetes.io/part-of: ingress-nginx
-  name: ingress-nginx-admission
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: ingress-nginx-admission
-subjects:
-  - kind: ServiceAccount
-    name: ingress-nginx-admission
-    namespace: {{ ingress_nginx_namespace }}

roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/clusterrolebinding-ingress-nginx.yml.j2

@@ -1,16 +0,0 @@
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: ingress-nginx
-  labels:
-    app.kubernetes.io/name: ingress-nginx
-    app.kubernetes.io/part-of: ingress-nginx
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: ingress-nginx
-subjects:
-  - kind: ServiceAccount
-    name: ingress-nginx
-    namespace: {{ ingress_nginx_namespace }}

roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/cm-ingress-nginx.yml.j2

@@ -1,13 +0,0 @@
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: ingress-nginx
-  namespace: {{ ingress_nginx_namespace }}
-  labels:
-    app.kubernetes.io/name: ingress-nginx
-    app.kubernetes.io/part-of: ingress-nginx
-{% if ingress_nginx_configmap %}
-data:
-  {{ ingress_nginx_configmap | to_nice_yaml | indent(2) }}
-{%- endif %}

roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/cm-tcp-services.yml.j2

@@ -1,13 +0,0 @@
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: tcp-services
-  namespace: {{ ingress_nginx_namespace }}
-  labels:
-    app.kubernetes.io/name: ingress-nginx
-    app.kubernetes.io/part-of: ingress-nginx
-{% if ingress_nginx_configmap_tcp_services %}
-data:
-  {{ ingress_nginx_configmap_tcp_services | to_nice_yaml | indent(2) }}
-{%- endif %}

roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/cm-udp-services.yml.j2

@@ -1,13 +0,0 @@
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: udp-services
-  namespace: {{ ingress_nginx_namespace }}
-  labels:
-    app.kubernetes.io/name: ingress-nginx
-    app.kubernetes.io/part-of: ingress-nginx
-{% if ingress_nginx_configmap_udp_services %}
-data:
-  {{ ingress_nginx_configmap_udp_services | to_nice_yaml | indent(2) }}
-{%- endif %}

roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/ds-ingress-nginx-controller.yml.j2

@@ -1,201 +0,0 @@
----
-apiVersion: apps/v1
-kind: DaemonSet
-metadata:
-  name: ingress-nginx-controller
-  namespace: {{ ingress_nginx_namespace }}
-  labels:
-    app.kubernetes.io/name: ingress-nginx
-    app.kubernetes.io/part-of: ingress-nginx
-spec:
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: ingress-nginx
-      app.kubernetes.io/part-of: ingress-nginx
-  template:
-    metadata:
-      labels:
-        app.kubernetes.io/name: ingress-nginx
-        app.kubernetes.io/part-of: ingress-nginx
-      annotations:
-        prometheus.io/port: "10254"
-        prometheus.io/scrape: "true"
-    spec:
-      serviceAccountName: ingress-nginx
-      terminationGracePeriodSeconds: {{ ingress_nginx_termination_grace_period_seconds }}
-{% if ingress_nginx_opentelemetry_enabled %}
-      initContainers:
-      - name: opentelemetry
-        command:
-        - /init_module
-        image: {{ ingress_nginx_opentelemetry_image_repo }}:{{ ingress_nginx_opentelemetry_image_tag }}
-        securityContext:
-          allowPrivilegeEscalation: false
-          capabilities:
-            add:
-            - NET_BIND_SERVICE
-            drop:
-            - ALL
-          readOnlyRootFilesystem: false
-          runAsGroup: 82
-          runAsNonRoot: true
-          runAsUser: 101
-          seccompProfile:
-            type: RuntimeDefault
-        volumeMounts:
-        - mountPath: /modules_mount
-          name: modules
-{% endif %}
-{% if ingress_nginx_host_network %}
-      hostNetwork: true
-      dnsPolicy: ClusterFirstWithHostNet
-{% endif %}
-{% if ingress_nginx_nodeselector %}
-      nodeSelector:
-        {{ ingress_nginx_nodeselector | to_nice_yaml | indent(width=8) }}
-{%- endif %}
-{% if ingress_nginx_tolerations %}
-      tolerations:
-        {{ ingress_nginx_tolerations | to_nice_yaml(indent=2) | indent(width=8) }}
-{% endif %}
-      priorityClassName: {% if ingress_nginx_namespace == 'kube-system' %}system-node-critical{% else %}k8s-cluster-critical{% endif %}{{ '' }}
-      containers:
-        - name: ingress-nginx-controller
-          image: {{ ingress_nginx_controller_image_repo }}:{{ ingress_nginx_controller_image_tag }}
-          imagePullPolicy: {{ k8s_image_pull_policy }}
-          lifecycle:
-            preStop:
-              exec:
-                command:
-                  - /wait-shutdown
-          args:
-            - /nginx-ingress-controller
-            - --configmap=$(POD_NAMESPACE)/ingress-nginx
-            - --election-id=ingress-controller-leader-{{ ingress_nginx_class }}
-            - --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services
-            - --udp-services-configmap=$(POD_NAMESPACE)/udp-services
-            - --annotations-prefix=nginx.ingress.kubernetes.io
-            - --ingress-class={{ ingress_nginx_class }}
-{% if ingress_nginx_without_class %}
-            - --watch-ingress-without-class=true
-{% endif %}
-{% if ingress_publish_status_address != "" %}
-            - --publish-status-address={{ ingress_publish_status_address }}
-{% elif ingress_nginx_host_network %}
-            - --report-node-internal-ip-address
-{% elif ingress_nginx_publish_service != "" %}
-            - --publish-service={{ ingress_nginx_publish_service }}
-{% endif %}
-{% for extra_arg in ingress_nginx_extra_args %}
-            - {{ extra_arg }}
-{% endfor %}
-{% if ingress_nginx_webhook_enabled %}
-            - --validating-webhook=:8443
-            - --validating-webhook-certificate=/usr/local/certificates/cert
-            - --validating-webhook-key=/usr/local/certificates/key
-{% endif %}
-          securityContext:
-            allowPrivilegeEscalation: false
-            capabilities:
-              add:
-              - NET_BIND_SERVICE
-              drop:
-              - ALL
-            readOnlyRootFilesystem: false
-            runAsGroup: 82
-            runAsNonRoot: true
-            runAsUser: 101
-            seccompProfile:
-              type: RuntimeDefault
-          env:
-            - name: POD_NAME
-              valueFrom:
-                fieldRef:
-                  fieldPath: metadata.name
-            - name: POD_NAMESPACE
-              valueFrom:
-                fieldRef:
-                  fieldPath: metadata.namespace
-            - name: LD_PRELOAD
-              value: /usr/local/lib/libmimalloc.so
-          ports:
-            - name: http
-              containerPort: 80
-              hostPort: {{ ingress_nginx_insecure_port }}
-            - name: https
-              containerPort: 443
-              hostPort: {{ ingress_nginx_secure_port }}
-            - name: metrics
-              containerPort: 10254
-{% if not ingress_nginx_host_network %}
-              hostPort: {{ ingress_nginx_metrics_port }}
-{% endif %}
-{% if ingress_nginx_configmap_tcp_services %}
-{% for port in ingress_nginx_configmap_tcp_services.keys() %}
-            - name: tcp-port-{{ port }}
-              containerPort: {{ port | int }}
-              protocol: TCP
-{% if not ingress_nginx_host_network %}
-              hostPort: {{ port | int }}
-{% endif %}
-{% endfor %}
-{% endif %}
-{% if ingress_nginx_configmap_udp_services %}
-{% for port in ingress_nginx_configmap_udp_services.keys() %}
-            - name: udp-port-{{ port }}
-              containerPort: {{ port | int }}
-              protocol: UDP
-{% if not ingress_nginx_host_network %}
-              hostPort: {{ port | int }}
-{% endif %}
-{% endfor %}
-{% endif %}
-{% if ingress_nginx_webhook_enabled %}
-            - name: webhook
-              containerPort: 8443
-              protocol: TCP
-{% endif %}
-          livenessProbe:
-            httpGet:
-              path: /healthz
-              port: 10254
-              scheme: HTTP
-            initialDelaySeconds: {{ ingress_nginx_probe_initial_delay_seconds }}
-            periodSeconds: 10
-            timeoutSeconds: 5
-            successThreshold: 1
-            failureThreshold: 3
-          readinessProbe:
-            httpGet:
-              path: /healthz
-              port: 10254
-              scheme: HTTP
-            initialDelaySeconds: {{ ingress_nginx_probe_initial_delay_seconds }}
-            periodSeconds: 10
-            timeoutSeconds: 5
-            successThreshold: 1
-            failureThreshold: 3
-{% if ingress_nginx_webhook_enabled or ingress_nginx_opentelemetry_enabled %}
-          volumeMounts:
-{% if ingress_nginx_webhook_enabled %}
-            - mountPath: /usr/local/certificates/
-              name: webhook-cert
-              readOnly: true
-{% endif %}
-{% if ingress_nginx_opentelemetry_enabled %}
-            - name: modules
-              mountPath: /modules_mount
-{% endif %}
-{% endif %}
-{% if ingress_nginx_webhook_enabled or ingress_nginx_opentelemetry_enabled %}
-      volumes:
-{% if ingress_nginx_webhook_enabled %}
-        - name: webhook-cert
-          secret:
-            secretName: ingress-nginx-admission
-{% endif %}
-{% if ingress_nginx_opentelemetry_enabled %}
-        - name: modules
-          emptyDir: {}
-{% endif %}
-{% endif %}

roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/ingressclass-nginx.yml.j2

@@ -1,13 +0,0 @@
-apiVersion: networking.k8s.io/v1
-kind: IngressClass
-metadata:
-  name: {{ ingress_nginx_class }}
-  labels:
-    app.kubernetes.io/name: ingress-nginx
-    app.kubernetes.io/part-of: ingress-nginx
-{% if ingress_nginx_default %}
-  annotations:
-    ingressclass.kubernetes.io/is-default-class: "true"
-{% endif %}
-spec:
-  controller: k8s.io/ingress-nginx

roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/role-admission-webhook.yml.j2

@@ -1,17 +0,0 @@
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  labels:
-    app.kubernetes.io/name: ingress-nginx
-    app.kubernetes.io/part-of: ingress-nginx
-  name: ingress-nginx-admission
-  namespace: {{ ingress_nginx_namespace }}
-rules:
-- apiGroups:
-  - ""
-  resources:
-  - secrets
-  verbs:
-  - get
-  - create

roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/role-ingress-nginx.yml.j2

@@ -1,47 +0,0 @@
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: ingress-nginx
-  namespace: {{ ingress_nginx_namespace }}
-  labels:
-    app.kubernetes.io/name: ingress-nginx
-    app.kubernetes.io/part-of: ingress-nginx
-rules:
-  - apiGroups: [""]
-    resources: ["namespaces"]
-    verbs: ["get"]
-  - apiGroups: [""]
-    resources: ["configmaps", "pods", "secrets", "endpoints"]
-    verbs: ["get", "list", "watch"]
-  - apiGroups: [""]
-    resources: ["services"]
-    verbs: ["get", "list", "watch"]
-  - apiGroups: ["networking.k8s.io"]
-    resources: ["ingresses"]
-    verbs: ["get", "list", "watch"]
-  - apiGroups: ["networking.k8s.io"]
-    resources: ["ingresses/status"]
-    verbs: ["update"]
-  - apiGroups: ["networking.k8s.io"]
-    resources: ["ingressclasses"]
-    verbs: ["get", "list", "watch"]
-  - apiGroups: ["coordination.k8s.io"]
-    resources: ["leases"]
-    # Defaults to "<election-id>", defined in
-    # ds-ingress-nginx-controller.yml.js
-    # by a command-line argument.
-    #
-    # This is the correct behaviour for ingress-controller
-    # version 1.8.1
-    resourceNames: ["ingress-controller-leader-{{ ingress_nginx_class }}"]
-    verbs: ["get", "update"]
-  - apiGroups: [""]
-    resources: ["events"]
-    verbs: ["create", "patch"]
-  - apiGroups: ["coordination.k8s.io"]
-    resources: ["leases"]
-    verbs: ["create"]
-  - apiGroups: ["discovery.k8s.io"]
-    resources: ["endpointslices"]
-    verbs: ["get", "list", "watch"]

roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/rolebinding-admission-webhook.yml.j2

@@ -1,17 +0,0 @@
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  labels:
-    app.kubernetes.io/name: ingress-nginx
-    app.kubernetes.io/part-of: ingress-nginx
-  name: ingress-nginx-admission
-  namespace: {{ ingress_nginx_namespace }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: ingress-nginx-admission
-subjects:
-- kind: ServiceAccount
-  name: ingress-nginx-admission
-  namespace: {{ ingress_nginx_namespace }}

roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/rolebinding-ingress-nginx.yml.j2

@@ -1,17 +0,0 @@
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: ingress-nginx
-  namespace: {{ ingress_nginx_namespace }}
-  labels:
-    app.kubernetes.io/name: ingress-nginx
-    app.kubernetes.io/part-of: ingress-nginx
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: ingress-nginx
-subjects:
-  - kind: ServiceAccount
-    name: ingress-nginx
-    namespace: {{ ingress_nginx_namespace }}

roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/sa-admission-webhook.yml.j2

@@ -1,8 +0,0 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: ingress-nginx-admission
-  namespace: {{ ingress_nginx_namespace }}
-  labels:
-    app.kubernetes.io/name: ingress-nginx
-    app.kubernetes.io/part-of: ingress-nginx

roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/sa-ingress-nginx.yml.j2

@@ -1,9 +0,0 @@
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: ingress-nginx
-  namespace: {{ ingress_nginx_namespace }}
-  labels:
-    app.kubernetes.io/name: ingress-nginx
-    app.kubernetes.io/part-of: ingress-nginx

roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/svc-ingress-nginx-controller-admission.yml.j2

@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    app.kubernetes.io/name: ingress-nginx
-    app.kubernetes.io/part-of: ingress-nginx
-  name: ingress-nginx-controller-admission
-  namespace: {{ ingress_nginx_namespace }}
-spec:
-  type: ClusterIP
-  ports:
-  - appProtocol: https
-    name: https-webhook
-    port: 443
-    targetPort: webhook
-  selector:
-    app.kubernetes.io/name: ingress-nginx
-    app.kubernetes.io/part-of: ingress-nginx

roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/svc-ingress-nginx.yml.j2

@@ -1,50 +0,0 @@
-{% if not ingress_nginx_host_network %}
-apiVersion: v1
-kind: Service
-metadata:
-  name: ingress-nginx
-  namespace: {{ ingress_nginx_namespace }}
-  labels:
-    app.kubernetes.io/name: ingress-nginx
-    app.kubernetes.io/part-of: ingress-nginx
-{% if ingress_nginx_service_annotations %}
-  annotations:
-    {{ ingress_nginx_service_annotations | to_nice_yaml(indent=2, width=1337) | indent(width=4) }}
-{% endif %}
-spec:
-  type: {{ ingress_nginx_service_type }}
-  ports:
-    - name: http
-      port: 80
-      targetPort: 80
-      protocol: TCP
-{% if (ingress_nginx_service_type == 'NodePort' or ingress_nginx_service_type == 'LoadBalancer') and ingress_nginx_service_nodeport_http %}
-      nodePort: {{ingress_nginx_service_nodeport_http | int}}
-{% endif %}
-    - name: https
-      port: 443
-      targetPort: 443
-      protocol: TCP
-{% if (ingress_nginx_service_type == 'NodePort' or ingress_nginx_service_type == 'LoadBalancer') and ingress_nginx_service_nodeport_https %}
-      nodePort: {{ingress_nginx_service_nodeport_https | int}}
-{% endif %}
-{% if ingress_nginx_configmap_tcp_services %}
-{% for port in ingress_nginx_configmap_tcp_services.keys() %}
-    - name: tcp-port-{{ port }}
-      port: {{ port | int }}
-      targetPort: {{ port | int }}
-      protocol: TCP
-{% endfor %}
-{% endif %}
-{% if ingress_nginx_configmap_udp_services %}
-{% for port in ingress_nginx_configmap_udp_services.keys() %}
-    - name: udp-port-{{ port }}
-      port: {{ port | int }}
-      targetPort: {{ port | int }}
-      protocol: UDP
-{% endfor %}
-{% endif %}
-  selector:
-    app.kubernetes.io/name: ingress-nginx
-    app.kubernetes.io/part-of: ingress-nginx
-{% endif %}

roles/kubernetes-apps/ingress_controller/meta/main.yml

@@ -1,12 +1,5 @@
 ---
 dependencies:
-  - role: kubernetes-apps/ingress_controller/ingress_nginx
-    when: ingress_nginx_enabled
-    tags:
-      - apps
-      - ingress-controller
-      - ingress-nginx
-
   - role: kubernetes-apps/ingress_controller/cert_manager
     when: cert_manager_enabled
     tags:

roles/kubernetes-apps/registry/tasks/main.yml

@@ -43,12 +43,12 @@
       - { name: registry-cm, file: registry-cm.yml, type: cm }
       - { name: registry-rs, file: registry-rs.yml, type: rs }
 
-- name: Registry | Append nginx ingress templates to Registry Templates list when ingress enabled
+- name: Registry | Append ingress templates to Registry Templates list when ALB ingress enabled
   set_fact:
     registry_templates: "{{ registry_templates + [item] }}"
   with_items:
     - [{ name: registry-ing, file: registry-ing.yml, type: ing }]
-  when: ingress_nginx_enabled or ingress_alb_enabled
+  when: ingress_alb_enabled
 
 - name: Registry | Create manifests
   template:

roles/kubespray_defaults/defaults/main/download.yml

@@ -309,13 +309,6 @@ local_volume_provisioner_image_tag: "v{{ local_volume_provisioner_version }}"
 local_path_provisioner_version: "0.0.32"
 local_path_provisioner_image_repo: "{{ docker_image_repo }}/rancher/local-path-provisioner"
 local_path_provisioner_image_tag: "v{{ local_path_provisioner_version }}"
-ingress_nginx_version: "1.13.3"
-ingress_nginx_controller_image_repo: "{{ kube_image_repo }}/ingress-nginx/controller"
-ingress_nginx_opentelemetry_image_repo: "{{ kube_image_repo }}/ingress-nginx/opentelemetry"
-ingress_nginx_controller_image_tag: "v{{ ingress_nginx_version }}"
-ingress_nginx_opentelemetry_image_tag: "v20230721-3e2062ee5"
-ingress_nginx_kube_webhook_certgen_image_repo: "{{ kube_image_repo }}/ingress-nginx/kube-webhook-certgen"
-ingress_nginx_kube_webhook_certgen_image_tag: "v1.6.3"
 alb_ingress_image_repo: "{{ docker_image_repo }}/amazon/aws-alb-ingress-controller"
 alb_ingress_image_tag: "v1.1.9"
 cert_manager_version: "1.15.3"
@@ -919,15 +912,6 @@ downloads:
     groups:
       - kube_node
 
-  ingress_nginx_controller:
-    enabled: "{{ ingress_nginx_enabled }}"
-    container: true
-    repo: "{{ ingress_nginx_controller_image_repo }}"
-    tag: "{{ ingress_nginx_controller_image_tag }}"
-    checksum: "{{ ingress_nginx_controller_digest_checksum | default(None) }}"
-    groups:
-      - kube_node
-
   ingress_alb_controller:
     enabled: "{{ ingress_alb_enabled }}"
     container: true

roles/kubespray_defaults/defaults/main/main.yml

@@ -455,7 +455,6 @@ vsphere_csi_enabled: false
 upcloud_csi_enabled: false
 csi_snapshot_controller_enabled: false
 persistent_volumes_enabled: false
-ingress_nginx_enabled: false
 ingress_alb_enabled: false
 cert_manager_enabled: false
 expand_persistent_volumes: false

scripts/readme_versions.md.j2

@@ -16,7 +16,6 @@
 - Application
   - [cert-manager](https://github.com/jetstack/cert-manager) {{ cert_manager_version }}
   - [coredns](https://github.com/coredns/coredns) {{ coredns_version }}
-  - [ingress-nginx](https://github.com/kubernetes/ingress-nginx) {{ ingress_nginx_version }}
   - [argocd](https://argoproj.github.io/) {{ argocd_version }}
   - [helm](https://helm.sh/) {{ helm_version }}
   - [metallb](https://metallb.universe.tf/) {{ metallb_version }}