I am using RKE cli tool from Rancher for upgrading Kubernetes cluster, but instead of using rancher/nginx-ingress-controller:0.21 I am using kubernetes-ingress-controller/nginx-ingress-controller:0.25.0.

In Kubernetes v1.13 kubernetes-ingress-controller/nginx-ingress-controller:0.25.0 works well but stopped after upgrade. You will get this error in ingress log:

reflector.go:98: Failed to list *v1beta1.Ingress: ingresses.networking.k8s.io is forbidden: User "system:serviceaccount:ingress-nginx:nginx-ingress-serviceaccount" cannot list resource "ingresses" in API group "networking.k8s.io" at the cluster scope

Issue is here https://github.com/kubernetes/ingress-nginx/issues/4296

Fix is here https://github.com/kubernetes/ingress-nginx/pull/4298/files

Apply updated ClusterRoleBinding to your ingress:

kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/rbac.yaml

Use this command and review "networking.k8s.io" in "apiGroups:"

kubectl -n ingress-nginx edit ClusterRole nginx-ingress-clusterrole