nginx · soneillf5 · Aug 17, 2021 · Aug 13, 2021
diff --git a/cmd/nginx-ingress/main.go b/cmd/nginx-ingress/main.go
@@ -73,23 +73,11 @@ var (
 	ingressClass = flag.String("ingress-class", "nginx",
 		`A class of the Ingress controller.
 
-	For Kubernetes >= 1.18, a corresponding IngressClass resource with the name equal to the class must be deployed. Otherwise,
-	the Ingress Controller will fail to start.
+	An IngressClass resource with the name equal to the class must be deployed. Otherwise, the Ingress Controller will fail to start.
 	The Ingress controller only processes resources that belong to its class - i.e. have the "ingressClassName" field resource equal to the class.
 
-	For Kubernetes < 1.18, the Ingress Controller only processes resources that belong to its class -
-	i.e have the annotation "kubernetes.io/ingress.class" (for Ingress resources)
-	or field "ingressClassName" equal to the class.
-	Additionally, the Ingress Controller processes resources that do not have the class set,
-	which can be disabled by setting the "-use-ingress-class-only" flag
-
 	The Ingress Controller processes all the VirtualServer/VirtualServerRoute/TransportServer resources that do not have the "ingressClassName" field for all versions of kubernetes.`)
 
-	useIngressClassOnly = flag.Bool("use-ingress-class-only", false,
-		`For kubernetes versions >= 1.18 this flag will be IGNORED.
-
-	Ignore Ingress resources without the "kubernetes.io/ingress.class" annotation`)
-
 	defaultServerSecret = flag.String("default-server-tls-secret", "",
 		`A Secret with a TLS certificate and key for TLS termination of the default server. Format: <namespace>/<name>.
 	If not set, than the certificate and key in the file "/etc/nginx/secrets/default" are used.
@@ -296,25 +284,22 @@ func main() {
 		glog.Fatalf("error retrieving k8s version: %v", err)
 	}
 
-	minK8sVersion := minVersion("1.14.0")
-	if !k8sVersion.AtLeast(minK8sVersion) {
-		glog.Fatalf("Versions of Kubernetes < %v are not supported, please refer to the documentation for details on supported versions.", minK8sVersion)
+	minK8sVersion, err := util_version.ParseGeneric("1.19.0")
+	if err != nil {
+		glog.Fatalf("unexpected error parsing minimum supported version: %v", err)
 	}
 
-	// Ingress V1 is only available from k8s > 1.18
-	ingressV1Version := minVersion("1.18.0")
-	if k8sVersion.AtLeast(ingressV1Version) {
-		*useIngressClassOnly = true
-		glog.Warningln("The '-use-ingress-class-only' flag will be deprecated and has no effect on versions of kubernetes >= 1.18.0. Processing ONLY resources that have the 'ingressClassName' field in Ingress equal to the class.")
+	if !k8sVersion.AtLeast(minK8sVersion) {
+		glog.Fatalf("Versions of Kubernetes < %v are not supported, please refer to the documentation for details on supported versions and legacy controller support.", minK8sVersion)
+	}
 
-		ingressClassRes, err := kubeClient.NetworkingV1().IngressClasses().Get(context.TODO(), *ingressClass, meta_v1.GetOptions{})
-		if err != nil {
-			glog.Fatalf("Error when getting IngressClass %v: %v", *ingressClass, err)
-		}
+	ingressClassRes, err := kubeClient.NetworkingV1().IngressClasses().Get(context.TODO(), *ingressClass, meta_v1.GetOptions{})
+	if err != nil {
+		glog.Fatalf("Error when getting IngressClass %v: %v", *ingressClass, err)
+	}
 
-		if ingressClassRes.Spec.Controller != k8s.IngressControllerName {
-			glog.Fatalf("IngressClass with name %v has an invalid Spec.Controller %v", ingressClassRes.Name, ingressClassRes.Spec.Controller)
-		}
+	if ingressClassRes.Spec.Controller != k8s.IngressControllerName {
+		glog.Fatalf("IngressClass with name %v has an invalid Spec.Controller %v", ingressClassRes.Name, ingressClassRes.Spec.Controller)
 	}
 
 	var dynClient dynamic.Interface
@@ -633,7 +618,6 @@ func main() {
 		AppProtectEnabled:            *appProtect,
 		IsNginxPlus:                  *nginxPlus,
 		IngressClass:                 *ingressClass,
-		UseIngressClassOnly:          *useIngressClassOnly,
 		ExternalServiceName:          *externalService,
 		IngressLink:                  *ingressLink,
 		ControllerNamespace:          controllerNamespace,
@@ -862,12 +846,3 @@ func ready(lbc *k8s.LoadBalancerController) http.HandlerFunc {
 		fmt.Fprintln(w, "Ready")
 	}
 }
-
-func minVersion(min string) (v *util_version.Version) {
-	minVer, err := util_version.ParseGeneric(min)
-	if err != nil {
-		glog.Fatalf("unexpected error parsing minimum supported version: %v", err)
-	}
-
-	return minVer
-}
diff --git a/deployments/helm-chart/Chart.yaml b/deployments/helm-chart/Chart.yaml
@@ -2,7 +2,7 @@ name: nginx-ingress
 version: 0.10.0
 appVersion: 1.12.0
 apiVersion: v1
-kubeVersion: ">= 1.16.0-0"
+kubeVersion: ">= 1.19.0-0"
 description: NGINX Ingress Controller
 icon: https://raw.githubusercontent.com/nginxinc/kubernetes-ingress/v1.12.0/deployments/helm-chart/chart-icon.png
 home: https://github.com/nginxinc/kubernetes-ingress

diff --git a/deployments/helm-chart/README.md b/deployments/helm-chart/README.md
@@ -172,9 +172,8 @@ Parameter | Description | Default
 `controller.volumeMounts` | The volumeMounts of the Ingress controller pods. | []
 `controller.resources` | The resources of the Ingress controller pods. | {}
 `controller.replicaCount` | The number of replicas of the Ingress controller deployment. | 1
-`controller.ingressClass` | A class of the Ingress controller. For Kubernetes >= 1.18, a corresponding IngressClass resource with the name equal to the class must be deployed. Otherwise, the Ingress Controller will fail to start. The Ingress controller only processes resources that belong to its class - i.e. have the "ingressClassName" field resource equal to the class. For Kubernetes < 1.18, the Ingress Controller only processes resources that belong to its class - i.e have the annotation "kubernetes.io/ingress.class" (for Ingress resources) or field "ingressClassName" equal to the class. Additionally, the Ingress Controller processes resources that do not have the class set, which can be disabled by setting the `controller.useIngressClassOnly` parameter to `true`. The Ingress Controller processes all the VirtualServer/VirtualServerRoute/TransportServer resources that do not have the "ingressClassName" field for all versions of kubernetes. | nginx
-`controller.useIngressClassOnly` | Ignore Ingress resources without the `"kubernetes.io/ingress.class"` annotation. For kubernetes versions >= 1.18 this flag will be IGNORED. | false
-`controller.setAsDefaultIngress` | New Ingresses without an `"ingressClassName"` field specified will be assigned the class specified in `controller.ingressClass`. Only for kubernetes versions >= 1.18. | false
+`controller.ingressClass` | A class of the Ingress controller. An IngressClass resource with the name equal to the class must be deployed. Otherwise, the Ingress Controller will fail to start. The Ingress controller only processes resources that belong to its class - i.e. have the "ingressClassName" field resource equal to the class. The Ingress Controller processes all the VirtualServer/VirtualServerRoute/TransportServer resources that do not have the "ingressClassName" field for all versions of kubernetes. | nginx
+`controller.setAsDefaultIngress` | New Ingresses without an `"ingressClassName"` field specified will be assigned the class specified in `controller.ingressClass`. | false
 `controller.watchNamespace` | Namespace to watch for Ingress resources. By default the Ingress controller watches all namespaces. | ""
 `controller.enableCustomResources` | Enable the custom resources. | true
 `controller.enablePreviewPolicies` | Enable preview policies. | false

diff --git a/deployments/helm-chart/templates/controller-daemonset.yaml b/deployments/helm-chart/templates/controller-daemonset.yaml
@@ -109,9 +109,6 @@ spec:
           - -default-server-tls-secret=$(POD_NAMESPACE)/{{ include "nginx-ingress.defaultTLSName" . }}
 {{- end }}
           - -ingress-class={{ .Values.controller.ingressClass }}
-{{- if semverCompare "<1.18.0" .Capabilities.KubeVersion.GitVersion }}
-          - -use-ingress-class-only={{ .Values.controller.useIngressClassOnly }}
-{{- end }}
 {{- if .Values.controller.watchNamespace }}
           - -watch-namespace={{ .Values.controller.watchNamespace }}
 {{- end }}

diff --git a/deployments/helm-chart/templates/controller-deployment.yaml b/deployments/helm-chart/templates/controller-deployment.yaml
@@ -107,9 +107,6 @@ spec:
           - -default-server-tls-secret=$(POD_NAMESPACE)/{{ include "nginx-ingress.defaultTLSName" . }}
 {{- end }}
           - -ingress-class={{ .Values.controller.ingressClass }}
-{{- if semverCompare "<1.18.0" .Capabilities.KubeVersion.GitVersion }}
-          - -use-ingress-class-only={{ .Values.controller.useIngressClassOnly }}
-{{- end }}
 {{- if .Values.controller.watchNamespace }}
           - -watch-namespace={{ .Values.controller.watchNamespace }}
 {{- end }}

diff --git a/deployments/helm-chart/templates/controller-ingress-class.yaml b/deployments/helm-chart/templates/controller-ingress-class.yaml
@@ -1,4 +1,3 @@
-{{- if semverCompare ">=1.18.0-0" .Capabilities.KubeVersion.GitVersion }}
 apiVersion: networking.k8s.io/v1
 kind: IngressClass
 metadata:
@@ -9,4 +8,3 @@ metadata:
 {{- end }}
 spec:
   controller: nginx.org/ingress-controller
-{{- end }}
diff --git a/deployments/helm-chart/values.yaml b/deployments/helm-chart/values.yaml
@@ -126,16 +126,11 @@ controller:
   ## For Kubernetes &l
6293
t; 1.18, the Ingress Controller only processes resources that belong to its class -
   ## i.e have the annotation "kubernetes.io/ingress.class" (for Ingress resources)
   ## or field "ingressClassName" equal to the class.
-  ## Additionally, the Ingress Controller processes resources that do not have the class set,
-  ## which can be disabled by setting the controller.useIngressClassOnly parameter to true.
+  ## Additionally, the Ingress Controller processes resources that do not have the class set.
 
   ## The Ingress Controller processes all the resources that do not have the "ingressClassName" field for all versions of kubernetes.
   ingressClass: nginx
 
-  ## For kubernetes versions >= 1.18 this flag will be IGNORED.
-  ## Ignore Ingress resources without the "kubernetes.io/ingress.class" annotation
-  useIngressClassOnly: false
-
   ## Only for Kubernetes >= 1.18
   ## New Ingresses without an ingressClassName field specified will be assigned the class specified in `controller.ingressClass`.
   setAsDefaultIngress: false

diff --git a/docs/content/configuration/global-configuration/command-line-arguments.md b/docs/content/configuration/global-configuration/command-line-arguments.md
@@ -91,12 +91,9 @@ Below we describe the available command-line arguments:
 
 		A class of the Ingress controller.
 
-		For Kubernetes >= 1.18, a corresponding IngressClass resource with the name equal to the class must be deployed. Otherwise, the Ingress Controller will fail to start.
+		A corresponding IngressClass resource with the name equal to the class must be deployed. Otherwise, the Ingress Controller will fail to start.
 		The Ingress controller only processes resources that belong to its class - i.e. have the "ingressClassName" field resource equal to the class.
 
-		For Kubernetes < 1.18, the Ingress Controller only processes resources that belong to its class - i.e have the annotation "kubernetes.io/ingress.class" (for Ingress resources) or field "ingressClassName" equal to the class.
-		Additionally, the Ingress Controller processes resources that do not have the class set, which can be disabled by setting the "-use-ingress-class-only" flag.
-
 		The Ingress Controller processes all the resources that do not have the "ingressClassName" field.
 
 		(default "nginx")
@@ -170,12 +167,6 @@ Below we describe the available command-line arguments:
 		- Default for NGINX is "nginx.transportserver.tmpl"
 		- Default for NGINX Plus is "nginx-plus.transportserver.tmpl".
 
--use-ingress-class-only
-
-		For kubernetes versions >= 1.18 this flag will be IGNORED.
-
-		Ignore Ingress resources without the "kubernetes.io/ingress.class" annotation.
-
 -v <value>
 
 		Log level for V logs

diff --git a/docs/content/installation/installation-with-helm.md b/docs/content/installation/installation-with-helm.md
@@ -172,8 +172,7 @@ The following tables lists the configurable parameters of the NGINX Ingress cont
 |``controller.volumeMounts`` | The volumeMounts of the Ingress controller pods. | [] | 
 |``controller.resources`` | The resources of the Ingress controller pods. | {} | 
 |``controller.replicaCount`` | The number of replicas of the Ingress controller deployment. | 1 | 
-|``controller.ingressClass`` | A class of the Ingress controller. For Kubernetes >= 1.18, a corresponding IngressClass resource with the name equal to the class must be deployed. Otherwise, the Ingress Controller will fail to start. The Ingress controller only processes resources that belong to its class - i.e. have the ``"ingressClassName"`` field resource equal to the class. For Kubernetes < 1.18, the Ingress Controller only processes resources that belong to its class - i.e have the annotation ``"kubernetes.io/ingress.class"`` (for Ingress resources) or field ``"ingressClassName"`` (for VirtualServer/VirtualServerRoute/TransportServer resources) equal to the class. Additionally, the Ingress Controller processes resources that do not have the class set, which can be disabled by setting the ``controller.useIngressClassOnly`` parameter to ``true``. The Ingress Controller processes all the VirtualServer/VirtualServerRoute/TransportServer resources that do not have the ``"ingressClassName"`` field for all versions of kubernetes. | nginx | 
-|``controller.useIngressClassOnly`` | Ignore Ingress resources without the ``"kubernetes.io/ingress.class"`` annotation. For kubernetes versions >= 1.18 this flag will be IGNORED. | false | 
+|``controller.ingressClass`` | A class of the Ingress controller. An IngressClass resource with the name equal to the class must be deployed. Otherwise, the Ingress Controller will fail to start. The Ingress controller only processes resources that belong to its class - i.e. have the "ingressClassName" field resource equal to the class. The Ingress Controller processes all the VirtualServer/VirtualServerRoute/TransportServer resources that do not have the "ingressClassName" field for all versions of kubernetes. | nginx |
 |``controller.setAsDefaultIngress`` | New Ingresses without an ingressClassName field specified will be assigned the class specified in `controller.ingressClass`. | false | 
 |``controller.watchNamespace`` | Namespace to watch for Ingress resources. By default the Ingress controller watches all namespaces. | "" | 
 |``controller.enableCustomResources`` | Enable the custom resources. | true | 

diff --git a/docs/content/installation/installation-with-manifests.md b/docs/content/installation/installation-with-manifests.md
@@ -58,7 +58,7 @@ In this section, we create resources common for most of the Ingress Controller i
     $ kubectl apply -f common/nginx-config.yaml
     ```
 
-1. Create an IngressClass resource (for Kubernetes >= 1.18):
+1. Create an IngressClass resource:
     ```
     $ kubectl apply -f common/ingress-class.yaml
     ```

diff --git a/docs/content/installation/running-multiple-ingress-controllers.md b/docs/content/installation/running-multiple-ingress-controllers.md
@@ -20,18 +20,16 @@ This document explains the following topics:
 ## Ingress Class
 
 The smooth coexistence of multiple Ingress Controllers in one cluster is provided by the Ingress class concept, which mandates the following:
-* Every Ingress Controller must only handle Ingress resources for its particular class. 
-* For Kubernetes < 1.18, Ingress resources should be annotated with the `kubernetes.io/ingress.class` annotation set to the value, which corresponds to the class of the Ingress Controller the user wants to use. 
-* When using versions of Kubernetes >= 1.18, Ingress resources should have the `ingressClassName` field set to the value, which corresponds to the class of the Ingress Controller the user wants to use. 
+* Every Ingress Controller must only handle Ingress resources for its particular class.
+* Ingress resources should have the `ingressClassName` field set to the value, which corresponds to the class of the Ingress Controller the user wants to use. 
 * VirtualServer, VirtualServerRoute, Policy and TransportServer resources should have the `ingressClassName` field set to the value, which corresponds to the class of the Ingress Controller the user wants to use.
 
 ### Configuring Ingress Class
 
 The default Ingress class of NGINX Ingress Controller is `nginx`, which means that it only handles configuration resources with the `class` set to `nginx`. You can customize the class through the `-ingress-class` command-line argument.
 
 **Notes**: 
-* For Kubernetes < 1.18, if the class is not set in an Ingress configuration resource, the Ingress Controller will handle the resource. This is controlled via the `-use-ingress-class-only` argument. 
-* For Kubernetes >= 1.18, if the class is not set in an Ingress resource, Kubernetes will set it to the class of the default Ingress Controller. To make the Ingress Controller the default one, the `ingressclass.kubernetes.io/
6293
is-default-class` must be set on the IngressClass resource. See Step 3 *Create an IngressClass resource* of the [Create Common Resources](/nginx-ingress-controller/installation/installation-with-manifests/#create-common-resources) section.
+* If the class is not set in an Ingress resource, Kubernetes will set it to the class of the default Ingress Controller. To make the Ingress Controller the default one, the `ingressclass.kubernetes.io/is-default-class` must be set on the IngressClass resource. See Step 3 *Create an IngressClass resource* of the [Create Common Resources](/nginx-ingress-controller/installation/installation-with-manifests/#create-common-resources) section.
 * For VirtualServer, VirtualServerRoute, Policy and TransportServer resources the Ingress Controller will always handle resources with an empty class.
 
 ## Running NGINX Ingress Controller and Another Ingress Controller

diff --git a/internal/k8s/configuration_test.go b/internal/k8s/configuration_test.go
@@ -15,8 +15,7 @@ import (
 
 func createTestConfiguration() *Configuration {
 	lbc := LoadBalancerController{
-		ingressClass:        "nginx",
-		useIngressClassOnly: true,
+		ingressClass: "nginx",
 	}
 	isPlus := false
 	appProtectEnabled := false

diff --git a/internal/k8s/controller.go b/internal/k8s/controller.go
@@ -125,7 +125,6 @@ type LoadBalancerController struct {
 	recorder                      record.EventRecorder
 	defaultServerSecret           string
 	ingressClass                  string
-	useIngressClassOnly           bool
 	statusUpdater                 *statusUpdater
 	leaderElector                 *leaderelection.LeaderElector
 	reportIngressStatus           bool
@@ -166,7 +165,6 @@ type NewLoadBalancerControllerInput struct {
 	AppProtectEnabled            bool
 	IsNginxPlus                  bool
 	IngressClass                 string
-	UseIngressClassOnly          bool
 	ExternalServiceName          string
 	IngressLink                  string
 	ControllerNamespace          string
@@ -200,7 +198,6 @@ func NewLoadBalancerController(input NewLoadBalancerControllerInput) *LoadBalanc
 		appProtectEnabled:            input.AppProtectEnabled,
 		isNginxPlus:                  input.IsNginxPlus,
 		ingressClass:                 input.IngressClass,
-		useIngressClassOnly:          input.UseIngressClassOnly,
 		reportIngressStatus:          input.ReportIngressStatus,
 		isLeaderElectionEnabled:      input.IsLeaderElectionEnabled,
 		leaderElectionLockName:       input.LeaderElectionLockName,
@@ -3067,7 +3064,6 @@ func (lbc *LoadBalancerController) getServiceForIngressBackend(backend *networki
 // HasCorrectIngressClass checks if resource ingress class annotation (if exists) or ingressClass string for VS/VSR is matching with ingress controller class
 func (lbc *LoadBalancerController) HasCorrectIngressClass(obj interface{}) bool {
 	var class string
-	var isIngress bool
 	switch obj := obj.(type) {
 	case *conf_v1.VirtualServer:
 		class = obj.Spec.IngressClass
@@ -3078,23 +3074,19 @@ func (lbc *LoadBalancerController) HasCorrectIngressClass(obj interface{}) bool
 	case *conf_v1.Policy:
 		class = obj.Spec.IngressClass
 	case *networking.Ingress:
-		isIngress = true
 		class = obj.Annotations[ingressClassKey]
 		if class == "" && obj.Spec.IngressClassName != nil {
 			class = *obj.Spec.IngressClassName
 		} else {
 			// the annotation takes precedence over the field
 			glog.Warningln("Using the DEPRECATED annotation 'kubernetes.io/ingress.class'. The 'ingressClassName' field will be ignored.")
 		}
+		return class == lbc.ingressClass
 
 	default:
 		return false
 	}
 
-	// useIngressClassOnly only applies for Ingress resources
-	if lbc.useIngressClassOnly && isIngress {
-		return class == lbc.ingressClass
-	}
 	return class == lbc.ingressClass || class == ""
 }