update diun annotations to correctly monitor for image version updates and update some services alongside[ci skip]

modules/kubernetes/nginx-ingress/main.tf

@@ -455,6 +455,10 @@ resource "kubernetes_deployment" "ingress_nginx_controller" {
           "app.kubernetes.io/version"   = "1.8.2"
           "app"                         = "ingress-nginx"
         }
+        annotations = {
+          "diun.enable"       = "true"
+          "diun.include_tags" = "^v\\d+(?:\\.\\d+)?(?:\\.\\d+)?.*$"
+        }
       }
       spec {
         volume {
@@ -539,7 +543,8 @@ resource "kubernetes_deployment" "ingress_nginx_controller" {
         container {
           name  = "controller"
           image = "registry.k8s.io/ingress-nginx/controller:v1.10.1@sha256:e24f39d3eed6bcc239a56f20098878845f62baa34b9f2be2fd2c38ce9fb0f29e"
-          args  = ["/nginx-ingress-controller", "--election-id=ingress-nginx-leader", "--controller-class=k8s.io/ingress-nginx", "--ingress-class=nginx", "--configmap=$(POD_NAMESPACE)/ingress-nginx-controller", "--validating-webhook=:8443", "--validating-webhook-certificate=/usr/local/certificates/cert", "--validating-webhook-key=/usr/local/certificates/key", "--udp-services-configmap", "ingress-nginx/udp-services"]
+          # image = "registry.k8s.io/ingress-nginx/controller:v1.12.0" # reverse-proxy sites break for some reason with this version
+          args = ["/nginx-ingress-controller", "--election-id=ingress-nginx-leader", "--controller-class=k8s.io/ingress-nginx", "--ingress-class=nginx", "--configmap=$(POD_NAMESPACE)/ingress-nginx-controller", "--validating-webhook=:8443", "--validating-webhook-certificate=/usr/local/certificates/cert", "--validating-webhook-key=/usr/local/certificates/key", "--udp-services-configmap", "ingress-nginx/udp-services"]
           volume_mount {
             name       = "crowdsec"
             mount_path = "/etc/nginx/lua/plugins/crowdsec"