While upgrading the Nginx Ingress Controller, I encountered a few issues with the controller pod startup. Here are the problems and their solutions:

1. Cross-namespace secret is not supported

If you have your mTLS CA as a secret in the namespace where the controller is deployed, you’ll face this issue. After the upgrade, the ingress deployed in the application’s namespace will not have access to this secret by default.

Solution:

Add the following configmap value:

allow-cross-namespace-resources: "true"

2. Config file in /tmp/nginx/nginxcfg* does not exist

The new version uses /tmp/nginx instead of /tmp.

Solution:

Create a volume mount with the mount path /tmp/nginx.

These solutions should help you smoothly upgrade your Nginx Ingress Controller from V1.1.1 to V1.12.0.