Static manifest generation uses kustomize instead of python (#8099)

* regenerate at 4.0.12

* bash for loop and static values files

* add .tool-versions

* fixup static manifests with kustomize instead of python

* remove spec.replicas where set

* generate manifests for all supported versions

* update docs

* remove all versions except default (1.20) for now

* update to 1.1.1/4.0.15

hack/manifest-templates/common/kustomization.yaml

@@ -0,0 +1,14 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- manifest.yaml
+- namespace.yaml
+
+patches:
+- target:
+    group: apps
+    version: v1
+    kind: Deployment
+  patch: |-
+    - op: remove
+      path: /spec/replicas

hack/manifest-templates/common/namespace.yaml

@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: ingress-nginx
+  labels:
+    app.kubernetes.io/name: ingress-nginx
+    app.kubernetes.io/instance: ingress-nginx

hack/manifest-templates/provider/aws/kustomization.yaml

@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- ../../common

hack/manifest-templates/provider/aws/nlb-with-tls-termination/kustomization.yaml

@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- ../../../common

hack/manifest-templates/provider/aws/nlb-with-tls-termination/values.yaml

@@ -0,0 +1,36 @@
+# AWS NLB with TLS termination
+controller:
+  service:
+    type: LoadBalancer
+    externalTrafficPolicy: Local
+
+    annotations:
+      # This example is for legacy in-tree service load balancer controller for AWS NLB,
+      # that has been phased out from Kubernetes mainline.
+      service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: "true"
+      service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https"
+      service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-west-2:XXXXXXXX:certificate/XXXXXX-XXXXXXX-XXXXXXX-XXXXXXXX"
+      service.beta.kubernetes.io/aws-load-balancer-type: nlb
+      # Ensure the ELB idle timeout is less than nginx keep-alive timeout. By default,
+      # NGINX keep-alive is set to 75s. If using WebSockets, the value will need to be
+      # increased to '3600' to avoid any potential issues.
+      service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "60"
+
+    targetPorts:
+      http: tohttps
+      https: http
+
+  # Configures the ports the nginx-controller listens on
+  containerPort:
+    http: 80
+    https: 80
+    tohttps: 2443
+
+  config:
+    proxy-real-ip-cidr: XXX.XXX.XXX/XX
+    use-forwarded-headers: "true"
+    http-snippet: |
+      server {
+        listen 2443;
+        return 308 https://$host$request_uri;
+      }

hack/manifest-templates/provider/aws/values.yaml

@@ -0,0 +1,9 @@
+# AWS - NLB
+controller:
+  service:
+    type: LoadBalancer
+    externalTrafficPolicy: Local
+    annotations:
+      service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "tcp"
+      service.beta.kubernetes.io/aws-load-balancer-type: nlb
+      service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: "true"

hack/manifest-templates/provider/baremetal/kustomization.yaml

@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- ../../common

hack/manifest-templates/provider/baremetal/values.yaml

@@ -0,0 +1,7 @@
+# Baremetal
+controller:
+  service:
+    type: NodePort
+
+  publishService:
+    enabled: false

hack/manifest-templates/provider/cloud/kustomization.yaml

@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- ../../common

hack/manifest-templates/provider/cloud/values.yaml

@@ -0,0 +1,4 @@
+controller:
+  service:
+    type: LoadBalancer
+    externalTrafficPolicy: Local

hack/manifest-templates/provider/do/kustomization.yaml

@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- ../../common

hack/manifest-templates/provider/do/values.yaml

@@ -0,0 +1,11 @@
+# Digital Ocean
+controller:
+  service:
+    type: LoadBalancer
+    externalTrafficPolicy: Local
+    annotations:
+      service.beta.kubernetes.io/do-loadbalancer-enable-proxy-protocol: "true"
+  config:
+    use-proxy-protocol: "true"
+  admissionWebhooks:
+    timeoutSeconds: 29

hack/manifest-templates/provider/exoscale/kustomization.yaml

@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- ../../common

hack/manifest-templates/provider/exoscale/values.yaml

@@ -0,0 +1,17 @@
+# Exoscale
+controller:
+  kind: DaemonSet
+  service:
+    type: LoadBalancer
+    externalTrafficPolicy: Local
+    annotations:
+      service.beta.kubernetes.io/exoscale-loadbalancer-name: "nginx-ingress-controller"
+      service.beta.kubernetes.io/exoscale-loadbalancer-description: "NGINX Ingress Controller load balancer"
+      service.beta.kubernetes.io/exoscale-loadbalancer-service-strategy: "source-hash"
+      service.beta.kubernetes.io/exoscale-loadbalancer-service-healthcheck-mode: "http"
+      service.beta.kubernetes.io/exoscale-loadbalancer-service-healthcheck-uri: "/"
+      service.beta.kubernetes.io/exoscale-loadbalancer-service-healthcheck-interval: "10s"
+      service.beta.kubernetes.io/exoscale-loadbalancer-service-healthcheck-timeout: "3s"
+      service.beta.kubernetes.io/exoscale-loadbalancer-service-healthcheck-retries: "1"
+  publishService:
+      enabled: true

hack/manifest-templates/provider/kind/kustomization.yaml

@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- ../../common

hack/manifest-templates/provider/kind/values.yaml

@@ -0,0 +1,24 @@
+# Kind - https://kind.sigs.k8s.io/docs/user/ingress/
+controller:
+  updateStrategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxUnavailable: 1
+  hostPort:
+    enabled: true
+  terminationGracePeriodSeconds: 0
+  service:
+    type: NodePort
+  watchIngressWithoutClass: true
+
+  nodeSelector:
+    ingress-ready: "true"
+  tolerations:
+    - key: "node-role.kubernetes.io/master"
+      operator: "Equal"
+      effect: "NoSchedule"
+
+  publishService:
+    enabled: false
+  extraArgs:
+    publish-status-address: localhost

hack/manifest-templates/provider/scw/kustomization.yaml

@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- ../../common

hack/manifest-templates/provider/scw/values.yaml

@@ -0,0 +1,9 @@
+# Scaleway
+controller:
+  service:
+    type: LoadBalancer
+    externalTrafficPolicy: Local
+    annotations:
+      service.beta.kubernetes.io/scw-loadbalancer-proxy-protocol-v2: "true"
+  config:
+    use-proxy-protocol: "true"

hack/manifest-templates/static-kustomization-template.yaml

@@ -0,0 +1,11 @@
+# NOTE: kustomize is not supported. This file exists only to be able to reference it from bases.
+# https://kubectl.docs.kubernetes.io/references/kustomize/bases/
+#
+# ```
+# namespace: ingress-nginx
+# bases:
+#   - github.com/kubernetes/ingress-nginx/deploy/static/{TARGET}?ref=master
+# ```
+
+resources:
+  - deploy.yaml