Nginx Ingress Controller Getting Failed After the AKS Upgrade from 1.18 to higher versions

[40107854]

Hello Team,

Recently we we upgraded AKS from 1.18 and to 1.20 to 1.23 version and we have observed there is an issue with nginx ingress controller. in AKS 1.18 the nginx version is 0.43 but when we upgraded aks cluster higher version ingress controller failed , as we checked it , the problem with nginx version compatibility with aks upgraded version. After I upgrade nginx version using below command taken from nginx official page. "kubectl set image deployment/ingress-nginx-controller \ controller=registry.k8s.io/ingress-nginx/controller:v1.0.5@sha256:55a1fcda5b7657c372515fe402c3e39ad93aa59f6e4378e82acd99912fe6028d \ -n ingress-nginx". Nginx version updated but still ingress controller didn't came up . After we redeployed nginx ingress controller manually with helm. Even though after redeployment nginx ingress controller we faced another issue which is permillage escalation issue faced with azure policies. After that I changed manually in deployment file privallaged escalation to false then the ingress controller came up. As of now i performed these redeployment nginx ingress controller in lower environments. In prod this will be problem right? So how we achieve this in production without down time during AKS cluster upgrade.

[k8s-ci-robot]

@40107854: This issue is currently awaiting triage.

If Ingress contributors determines this is a relevant issue, they will accept it by applying the triage/accepted label and provide further guidance.

The triage/accepted label can be added by org members by writing /triage accepted in a comment.

Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.

[longwuyuan]

/remove-kind bug @40107854

• the ingress api changed between K8S version 1.18 and K8S version 1.23
• The ingress-nginx controller version 1.X is for new ingress api
• The recommended method to install on Azure is https://kubernetes.github.io/ingress-nginx/deploy/#azure
• I think the best approach is to create a completely new cluster for testing the K8S version with the latest release of the ingress-nginx-controller version
• Based on the results of your own testing, you would be better positioned to do the right thing for migration, in production

[40107854]

I don't understand the below point. Based on the results of your own testing, you would be better positioned to do the right thing for migration, in production.

So you are suggesting to recreate the production cluster is that right?

[longwuyuan]

• The change you are going through is a breaking change because there was a big change to the code in controller v1.x
• You can follow documentation and make sure to add the ingressClass field to the ingress resources
• But you have questioned zero-downtime change
• Zero-downtime change with such a breraking change can not be documented by others for your use case
• So the suggestion is that you create a cluster to experiment with the change and its impacts
• The information you get from your experiment will help you plan the migration

[strongjz]

We've seen this in other issues

Might be helpful

https://github.com/kubernetes/ingress-nginx/issues/9601#issuecomment-1454119887

[longwuyuan]

The mentioned controller versions are no longer supported. There are several changes to K8S itself, the controller and then then AKS/Azure. There are many users currently running the controller on AKS.

The project needs to focus on implementing the Gateway-API, securing the controller by default out of the box, reducing the non Ingress-API features as there is shortage of resources.

Since this issue is not tracking any action-item for the project and also adding to the tally of open issues without tracking any real action, I will close this for now.

/close

[k8s-ci-robot]

@longwuyuan: Closing this issue.

In response to [this](https://github.com/kubernetes/ingress-nginx/issues/9293#issuecomment-2336630342): >The mentioned controller versions are no longer supported. >There are several changes to K8S itself, the controller and then then AKS/Azure. >There are many users currently running the controller on AKS. > >The project needs to focus on implementing the Gateway-API, securing the controller by default out of the box, reducing the non Ingress-API features as there is shortage of resources. > >Since this issue is not tracking any action-item for the project and also adding to the tally of open issues without tracking any real action, I will close this for now. > >/close Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes-sigs/prow](https://github.com/kubernetes-sigs/prow/issues/new?title=Prow%20issue:) repository.