From 0b4c98b7c31f95e00dc93b7a346bfe3a6526af51 Mon Sep 17 00:00:00 2001 From: LucasBoisserie Date: Thu, 22 Jun 2023 16:59:40 +0200 Subject: [PATCH 01/14] feat(helm): Add loadBalancerClass (#9562) --- charts/ingress-nginx/README.md | 1 + charts/ingress-nginx/templates/controller-service.yaml | 3 +++ charts/ingress-nginx/values.yaml | 2 ++ 3 files changed, 6 insertions(+) diff --git a/charts/ingress-nginx/README.md b/charts/ingress-nginx/README.md index 363970f60..a425ca33e 100644 --- a/charts/ingress-nginx/README.md +++ b/charts/ingress-nginx/README.md @@ -414,6 +414,7 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu | controller.service.ipFamilies | list | `["IPv4"]` | List of IP families (e.g. IPv4, IPv6) assigned to the service. This field is usually assigned automatically based on cluster configuration and the ipFamilyPolicy field. # Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/ | | controller.service.ipFamilyPolicy | string | `"SingleStack"` | Represents the dual-stack-ness requested or required by this Service. Possible values are SingleStack, PreferDualStack or RequireDualStack. The ipFamilies and clusterIPs fields depend on the value of this field. # Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/ | | controller.service.labels | object | `{}` | | +| controller.service.loadBalancerClass | string | `""` | Used by cloud providers to select a load balancer implementation other than the cloud provider default. https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-class | | controller.service.loadBalancerIP | string | `""` | Used by cloud providers to connect the resulting `LoadBalancer` to a pre-existing static IP according to https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer | | controller.service.loadBalancerSourceRanges | list | `[]` | | | controller.service.nodePorts.http | string | `""` | | diff --git a/charts/ingress-nginx/templates/controller-service.yaml b/charts/ingress-nginx/templates/controller-service.yaml index 2b28196de..36feb06c5 100644 --- a/charts/ingress-nginx/templates/controller-service.yaml +++ b/charts/ingress-nginx/templates/controller-service.yaml @@ -28,6 +28,9 @@ spec: {{- if .Values.controller.service.loadBalancerSourceRanges }} loadBalancerSourceRanges: {{ toYaml .Values.controller.service.loadBalancerSourceRanges | nindent 4 }} {{- end }} +{{- if .Values.controller.service.loadBalancerClass }} + loadBalancerClass: {{ toYaml .Values.controller.service.loadBalancerClass }} +{{- end }} {{- if .Values.controller.service.externalTrafficPolicy }} externalTrafficPolicy: {{ .Values.controller.service.externalTrafficPolicy }} {{- end }} diff --git a/charts/ingress-nginx/values.yaml b/charts/ingress-nginx/values.yaml index 8080a1fc3..cc8bddf28 100644 --- a/charts/ingress-nginx/values.yaml +++ b/charts/ingress-nginx/values.yaml @@ -426,6 +426,8 @@ controller: # -- Used by cloud providers to connect the resulting `LoadBalancer` to a pre-existing static IP according to https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer loadBalancerIP: "" loadBalancerSourceRanges: [] + # -- Used by cloud providers to select a load balancer implementation other than the cloud provider default. https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-class + loadBalancerClass: "" enableHttp: true enableHttps: true ## Set external traffic policy to: "Local" to preserve source IP on providers supporting it. From 8cdbcfa61cefe2bd49ca45bf71b05a57b0a1d30d Mon Sep 17 00:00:00 2001 From: James Strong Date: Thu, 22 Jun 2023 13:25:41 -0400 Subject: [PATCH 02/14] golang 1.20.5 bump (#10120) Signed-off-by: James Strong --- images/test-runner/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/images/test-runner/Makefile b/images/test-runner/Makefile index 1d1f4f638..acf3dd660 100644 --- a/images/test-runner/Makefile +++ b/images/test-runner/Makefile @@ -43,7 +43,7 @@ image: --pull \ --push \ --build-arg BASE_IMAGE=${NGINX_BASE_IMAGE} \ - --build-arg GOLANG_VERSION=1.20.4 \ + --build-arg GOLANG_VERSION=1.20.5 \ --build-arg ETCD_VERSION=3.4.3-0 \ --build-arg K8S_RELEASE=v1.26.0 \ --build-arg RESTY_CLI_VERSION=0.27 \ @@ -64,7 +64,7 @@ build: ensure-buildx --progress=${PROGRESS} \ --pull \ --build-arg BASE_IMAGE=${NGINX_BASE_IMAGE} \ - --build-arg GOLANG_VERSION=1.20.4 \ + --build-arg GOLANG_VERSION=1.20.5 \ --build-arg ETCD_VERSION=3.4.3-0 \ --build-arg K8S_RELEASE=v1.26.0 \ --build-arg RESTY_CLI_VERSION=0.27 \ From 08158df8c0b9d869247aceed8fdfffe5ac55e929 Mon Sep 17 00:00:00 2001 From: Isaac Wilson <10012479+jukie@users.noreply.github.com> Date: Thu, 22 Jun 2023 11:35:40 -0600 Subject: [PATCH 03/14] Update typo in docs for lb scheme (#10117) --- charts/ingress-nginx/README.md | 2 +- charts/ingress-nginx/README.md.gotmpl | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/ingress-nginx/README.md b/charts/ingress-nginx/README.md index a425ca33e..808601439 100644 --- a/charts/ingress-nginx/README.md +++ b/charts/ingress-nginx/README.md @@ -144,7 +144,7 @@ controller: enabled: true annotations: # Create internal NLB - service.beta.kubernetes.io/aws-load-balancer-scheme: "internet-facing" + service.beta.kubernetes.io/aws-load-balancer-scheme: "internal" # Create internal ELB(Deprecated) # service.beta.kubernetes.io/aws-load-balancer-internal: "true" # Any other annotation can be declared here. diff --git a/charts/ingress-nginx/README.md.gotmpl b/charts/ingress-nginx/README.md.gotmpl index 9b6f8c9c9..17b029bbf 100644 --- a/charts/ingress-nginx/README.md.gotmpl +++ b/charts/ingress-nginx/README.md.gotmpl @@ -141,7 +141,7 @@ controller: enabled: true annotations: # Create internal NLB - service.beta.kubernetes.io/aws-load-balancer-scheme: "internet-facing" + service.beta.kubernetes.io/aws-load-balancer-scheme: "internal" # Create internal ELB(Deprecated) # service.beta.kubernetes.io/aws-load-balancer-internal: "true" # Any other annotation can be declared here. From f8bf5a3086fc52114040a60335e2f483e819a14c Mon Sep 17 00:00:00 2001 From: Brendan Kamp Date: Fri, 23 Jun 2023 12:01:24 +0200 Subject: [PATCH 04/14] chore: remove echo from snippet tests (#10110) Signed-off-by: Spazzy --- test/e2e/annotations/snippet.go | 46 +++++++++++++++++++++------------ 1 file changed, 30 insertions(+), 16 deletions(-) diff --git a/test/e2e/annotations/snippet.go b/test/e2e/annotations/snippet.go index 367708302..2bbd3e33a 100644 --- a/test/e2e/annotations/snippet.go +++ b/test/e2e/annotations/snippet.go @@ -26,21 +26,25 @@ import ( ) var _ = framework.DescribeAnnotation("configuration-snippet", func() { - f := framework.NewDefaultFramework("configurationsnippet") + f := framework.NewDefaultFramework( + "configurationsnippet", + framework.WithHTTPBunEnabled(), + ) - ginkgo.BeforeEach(func() { - f.NewEchoDeployment() - }) - - ginkgo.It(`set snippet "more_set_headers "Foo1: Bar1";" in all locations"`, func() { + ginkgo.It("set snippet more_set_headers in all locations", func() { host := "configurationsnippet.foo.com" annotations := map[string]string{ - "nginx.ingress.kubernetes.io/configuration-snippet": ` - more_set_headers "Foo1: Bar1";`, + "nginx.ingress.kubernetes.io/configuration-snippet": `more_set_headers "Foo1: Bar1";`, } - ing := framework.NewSingleIngress(host, "/", host, f.Namespace, framework.EchoService, 80, annotations) - f.EnsureIngress(ing) + f.EnsureIngress(framework.NewSingleIngress( + host, + "/", + host, + f.Namespace, + framework.HTTPBunService, + 80, + annotations)) f.WaitForNginxServer(host, func(server string) bool { @@ -51,23 +55,32 @@ var _ = framework.DescribeAnnotation("configuration-snippet", func() { GET("/"). WithHeader("Host", host). Expect(). - Status(http.StatusOK).Headers(). + Status(http.StatusOK). + Headers(). ValueEqual("Foo1", []string{"Bar1"}) }) - ginkgo.It(`drops snippet "more_set_headers "Foo1: Bar1";" in all locations if disabled by admin"`, func() { + ginkgo.It("drops snippet more_set_header in all locations if disabled by admin", func() { host := "noconfigurationsnippet.foo.com" annotations := map[string]string{ - "nginx.ingress.kubernetes.io/configuration-snippet": ` - more_set_headers "Foo1: Bar1";`, + "nginx.ingress.kubernetes.io/configuration-snippet": `more_set_headers "Foo1: Bar1";`, } - ing := framework.NewSingleIngress(host, "/", host, f.Namespace, framework.EchoService, 80, annotations) + ing := framework.NewSingleIngress( + host, + "/", + host, + f.Namespace, + framework.HTTPBunService, + 80, + annotations) + f.UpdateNginxConfigMapData("allow-snippet-annotations", "false") defer func() { // Return to the original value f.UpdateNginxConfigMapData("allow-snippet-annotations", "true") }() + // Sleep a while just to guarantee that the configmap is applied framework.Sleep() f.EnsureIngress(ing) @@ -81,7 +94,8 @@ var _ = framework.DescribeAnnotation("configuration-snippet", func() { GET("/"). WithHeader("Host", host). Expect(). - Status(http.StatusOK).Headers(). + Status(http.StatusOK). + Headers(). NotContainsKey("Foo1") }) }) From 44b006719150ac45f05e9fbb7f269110c3f3ec61 Mon Sep 17 00:00:00 2001 From: James Strong Date: Fri, 23 Jun 2023 09:31:00 -0400 Subject: [PATCH 05/14] add gcloud ignore Signed-off-by: James Strong --- .gcloudignore | 0 images/test-runner/cloudbuild.yaml | 6 ------ 2 files changed, 6 deletions(-) create mode 100644 .gcloudignore diff --git a/.gcloudignore b/.gcloudignore new file mode 100644 index 000000000..e69de29bb diff --git a/images/test-runner/cloudbuild.yaml b/images/test-runner/cloudbuild.yaml index 761ea7f28..b17de9b31 100644 --- a/images/test-runner/cloudbuild.yaml +++ b/images/test-runner/cloudbuild.yaml @@ -6,8 +6,6 @@ steps: entrypoint: bash env: - DOCKER_CLI_EXPERIMENTAL=enabled - - SHORT_SHA=$SHORT_SHA - - BASE_REF=$_PULL_BASE_REF - REGISTRY=gcr.io/k8s-staging-ingress-nginx # default cloudbuild has HOME=/builder/home and docker buildx is in /root/.docker/cli-plugins/docker-buildx # set the home to /root explicitly to if using docker buildx @@ -17,7 +15,3 @@ steps: - | gcloud auth configure-docker \ && cd images/test-runner && make push -substitutions: - _GIT_TAG: "12345" - _PULL_BASE_REF: "master" - _PULL_BASE_SHA: '12345' \ No newline at end of file From cd610168be182844c8a9d73cd5540de2dc62b5d0 Mon Sep 17 00:00:00 2001 From: James Strong Date: Fri, 23 Jun 2023 14:17:24 -0400 Subject: [PATCH 06/14] update test runner (#10125) Signed-off-by: James Strong --- build/run-in-docker.sh | 2 +- test/e2e-image/Makefile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/build/run-in-docker.sh b/build/run-in-docker.sh index d2d6fcdd9..86e0e443f 100755 --- a/build/run-in-docker.sh +++ b/build/run-in-docker.sh @@ -44,7 +44,7 @@ function cleanup { } trap cleanup EXIT -E2E_IMAGE=${E2E_IMAGE:-registry.k8s.io/ingress-nginx/e2e-test-runner:v20230527@sha256:a98ce8ab90f16bdd8539b168a4d000f366afa4eec23a220b3ce39698c5769bfd} +E2E_IMAGE=${E2E_IMAGE:-registry.k8s.io/ingress-nginx/e2e-test-runner:v20230623-d50c7193b@sha256:e5c68dc56934c273850bfb75c0348a2819756669baf59fcdce9e16771537b247} if [[ "$RUNTIME" == podman ]]; then # Podman does not support both tag and digest diff --git a/test/e2e-image/Makefile b/test/e2e-image/Makefile index f74ea8c74..f68d6ea6e 100644 --- a/test/e2e-image/Makefile +++ b/test/e2e-image/Makefile @@ -1,6 +1,6 @@ DIR:=$(shell dirname $(realpath $(firstword $(MAKEFILE_LIST)))) -E2E_BASE_IMAGE ?= "registry.k8s.io/ingress-nginx/e2e-test-runner:v20230527@sha256:a98ce8ab90f16bdd8539b168a4d000f366afa4eec23a220b3ce39698c5769bfd" +E2E_BASE_IMAGE ?= "registry.k8s.io/ingress-nginx/e2e-test-runner:v20230623-d50c7193b@sha256:e5c68dc56934c273850bfb75c0348a2819756669baf59fcdce9e16771537b247" image: echo "..entered Makefile in /test/e2e-image" From 58650d6aaab8452d9ceaa010db251c068a1d91f3 Mon Sep 17 00:00:00 2001 From: James Strong Date: Fri, 23 Jun 2023 15:29:48 -0400 Subject: [PATCH 07/14] rebuild nginx base container image Signed-off-by: James Strong --- TAG | 2 +- images/nginx/TAG | 2 +- images/nginx/cloudbuild.yaml | 6 ------ 3 files changed, 2 insertions(+), 8 deletions(-) diff --git a/TAG b/TAG index ba103d909..c9a0c1a83 100644 --- a/TAG +++ b/TAG @@ -1,2 +1,2 @@ -v1.8.0 +v1.8.1 diff --git a/images/nginx/TAG b/images/nginx/TAG index 77d6f4ca2..8acdd82b7 100644 --- a/images/nginx/TAG +++ b/images/nginx/TAG @@ -1 +1 @@ -0.0.0 +0.0.1 diff --git a/images/nginx/cloudbuild.yaml b/images/nginx/cloudbuild.yaml index c581700dd..71051f26d 100644 --- a/images/nginx/cloudbuild.yaml +++ b/images/nginx/cloudbuild.yaml @@ -8,8 +8,6 @@ steps: entrypoint: bash env: - DOCKER_CLI_EXPERIMENTAL=enabled - - SHORT_SHA=$SHORT_SHA - - BASE_REF=$_PULL_BASE_REF - REGISTRY=gcr.io/k8s-staging-ingress-nginx - HOME=/root args: @@ -17,7 +15,3 @@ steps: - | gcloud auth configure-docker \ && cd images/nginx && make push -substitutions: - _GIT_TAG: "12345" - _PULL_BASE_REF: "master" - _PULL_BASE_SHA: '12345' From 643c475db08e216eebd8c17dfc069b1a257d2df1 Mon Sep 17 00:00:00 2001 From: Long Wu Yuan Date: Mon, 26 Jun 2023 07:03:11 +0530 Subject: [PATCH 08/14] bump pinned golang to 1.20.5 (#10127) --- images/custom-error-pages/rootfs/Dockerfile | 2 +- images/ext-auth-example-authsvc/rootfs/Dockerfile | 2 +- images/fastcgi-helloserver/rootfs/Dockerfile | 2 +- images/go-grpc-greeter-server/rootfs/Dockerfile | 2 +- images/httpbun/rootfs/Dockerfile | 2 +- images/kube-webhook-certgen/rootfs/Dockerfile | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/images/custom-error-pages/rootfs/Dockerfile b/images/custom-error-pages/rootfs/Dockerfile index 30ac54693..04bcb8e08 100755 --- a/images/custom-error-pages/rootfs/Dockerfile +++ b/images/custom-error-pages/rootfs/Dockerfile @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM golang:1.20.4-alpine3.18 as builder +FROM golang:1.20.5-alpine3.18 as builder RUN apk update \ && apk upgrade && apk add git diff --git a/images/ext-auth-example-authsvc/rootfs/Dockerfile b/images/ext-auth-example-authsvc/rootfs/Dockerfile index 96dcd9a39..02d92d773 100644 --- a/images/ext-auth-example-authsvc/rootfs/Dockerfile +++ b/images/ext-auth-example-authsvc/rootfs/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.20.4-alpine3.18 as builder +FROM golang:1.20.5-alpine3.18 as builder RUN mkdir /authsvc WORKDIR /authsvc COPY . ./ diff --git a/images/fastcgi-helloserver/rootfs/Dockerfile b/images/fastcgi-helloserver/rootfs/Dockerfile index a11834373..096d31abb 100755 --- a/images/fastcgi-helloserver/rootfs/Dockerfile +++ b/images/fastcgi-helloserver/rootfs/Dockerfile @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM golang:1.20.4-alpine3.18 as builder +FROM golang:1.20.5-alpine3.18 as builder WORKDIR /go/src/k8s.io/ingress-nginx/images/fastcgi diff --git a/images/go-grpc-greeter-server/rootfs/Dockerfile b/images/go-grpc-greeter-server/rootfs/Dockerfile index d457b43e5..46f916fb4 100644 --- a/images/go-grpc-greeter-server/rootfs/Dockerfile +++ b/images/go-grpc-greeter-server/rootfs/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.20.4-alpine3.18 as build +FROM golang:1.20.5-alpine3.18 as build WORKDIR /go/src/greeter-server diff --git a/images/httpbun/rootfs/Dockerfile b/images/httpbun/rootfs/Dockerfile index a1775d303..e88716bb8 100644 --- a/images/httpbun/rootfs/Dockerfile +++ b/images/httpbun/rootfs/Dockerfile @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM golang:1.20 AS builder +FROM golang:1.20.5 AS builder ENV LC_ALL=C.UTF-8 ENV LANG=C.UTF-8 diff --git a/images/kube-webhook-certgen/rootfs/Dockerfile b/images/kube-webhook-certgen/rootfs/Dockerfile index 40a2c31ac..13226dbe2 100644 --- a/images/kube-webhook-certgen/rootfs/Dockerfile +++ b/images/kube-webhook-certgen/rootfs/Dockerfile @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM --platform=$BUILDPLATFORM golang:1.20.1 as builder +FROM --platform=$BUILDPLATFORM golang:1.20.5 as builder ARG BUILDPLATFORM ARG TARGETARCH From a21b5218a53476015c996e2588ac5837b20d37b0 Mon Sep 17 00:00:00 2001 From: Junrui Chen Date: Tue, 27 Jun 2023 16:30:30 +1000 Subject: [PATCH 09/14] Set grpc :authority header from request header (#8912) This is to fix that the `:authority` header is set to `upstream_balancer` --- rootfs/etc/nginx/template/nginx.tmpl | 2 -- test/e2e/annotations/grpc.go | 1 + 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/rootfs/etc/nginx/template/nginx.tmpl b/rootfs/etc/nginx/template/nginx.tmpl index a1e02aae3..ccc86702d 100644 --- a/rootfs/etc/nginx/template/nginx.tmpl +++ b/rootfs/etc/nginx/template/nginx.tmpl @@ -1388,13 +1388,11 @@ stream { {{ end }} {{/* By default use vhost as Host to upstream, but allow overrides */}} - {{ if not (eq $proxySetHeader "grpc_set_header") }} {{ if not (empty $location.UpstreamVhost) }} {{ $proxySetHeader }} Host {{ $location.UpstreamVhost | quote }}; {{ else }} {{ $proxySetHeader }} Host $best_http_host; {{ end }} - {{ end }} # Pass the extracted client certificate to the backend {{ if not (empty $server.CertificateAuth.CAFileName) }} diff --git a/test/e2e/annotations/grpc.go b/test/e2e/annotations/grpc.go index c8e530ead..243307df4 100644 --- a/test/e2e/annotations/grpc.go +++ b/test/e2e/annotations/grpc.go @@ -120,6 +120,7 @@ var _ = framework.DescribeAnnotation("backend-protocol - GRPC", func() { metadata := res.GetMetadata() assert.Equal(ginkgo.GinkgoT(), metadata["content-type"].Values[0], "application/grpc") + assert.Equal(ginkgo.GinkgoT(), metadata[":authority"].Values[0], host) }) ginkgo.It("authorization metadata should be overwritten by external auth response headers", func() { From 0986c33378e8567059ce00d7dc8e7f36c56731e4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 27 Jun 2023 05:28:30 -0700 Subject: [PATCH 10/14] Bump google.golang.org/grpc from 1.56.0 to 1.56.1 (#10134) Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.56.0 to 1.56.1. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](https://github.com/grpc/grpc-go/compare/v1.56.0...v1.56.1) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index cbcc28cc8..4b75cbd12 100644 --- a/go.mod +++ b/go.mod @@ -26,7 +26,7 @@ require ( github.com/yudai/gojsondiff v1.0.0 github.com/zakjan/cert-chain-resolver v0.0.0-20211122211144-c6b0b792af9a golang.org/x/crypto v0.10.0 - google.golang.org/grpc v1.56.0 + google.golang.org/grpc v1.56.1 google.golang.org/grpc/examples v0.0.0-20221220003428-4f16fbe410f7 gopkg.in/go-playground/pool.v3 v3.1.1 gopkg.in/mcuadros/go-syslog.v2 v2.3.0 diff --git a/go.sum b/go.sum index 5924b2d1c..db879481c 100644 --- a/go.sum +++ b/go.sum @@ -661,8 +661,8 @@ google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKa google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk= google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= -google.golang.org/grpc v1.56.0 h1:+y7Bs8rtMd07LeXmL3NxcTLn7mUkbKZqEpPhMNkwJEE= -google.golang.org/grpc v1.56.0/go.mod h1:I9bI3vqKfayGqPUAwGdOSu7kt6oIJLixfffKrpXqQ9s= +google.golang.org/grpc v1.56.1 h1:z0dNfjIl0VpaZ9iSVjA6daGatAYwPGstTjt5vkRMFkQ= +google.golang.org/grpc v1.56.1/go.mod h1:I9bI3vqKfayGqPUAwGdOSu7kt6oIJLixfffKrpXqQ9s= google.golang.org/grpc/examples v0.0.0-20221220003428-4f16fbe410f7 h1:pPsdyuBif+uoyUoL19yuj/TCfUPsmpJHJZhWQ98JGLU= google.golang.org/grpc/examples v0.0.0-20221220003428-4f16fbe410f7/go.mod h1:8pQa1yxxkh+EsxUK8/455D5MSbv3vgmEJqKCH3y17mI= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= From ef6163a0883e2be47d89a18b571aa128e24a19c1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 27 Jun 2023 05:30:31 -0700 Subject: [PATCH 11/14] Bump ossf/scorecard-action from 2.1.3 to 2.2.0 (#10133) Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.1.3 to 2.2.0. - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](https://github.com/ossf/scorecard-action/compare/80e868c13c90f172d68d1f4501dee99e2479f7af...08b4669551908b1024bb425080c797723083c031) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/scorecards.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 72a112ac4..2e276a3f6 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -32,7 +32,7 @@ jobs: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@80e868c13c90f172d68d1f4501dee99e2479f7af # v2.1.3 + uses: ossf/scorecard-action@08b4669551908b1024bb425080c797723083c031 # v2.2.0 with: results_file: results.sarif results_format: sarif From 002d7e90d76e2588a7b3babc671837e5803656d9 Mon Sep 17 00:00:00 2001 From: Fabio Formosa Date: Tue, 27 Jun 2023 14:34:32 +0200 Subject: [PATCH 12/14] Added a doc line to the missing helm value service.internal.loadBalancerIP (#9406) * Update README.md #9403 Add documentation for controller.service.internal.loadBalancerIP in Helm chart * Update README.md removed a duplicated row in the helm chart values * #9403 added a doc to the internal loadBalancerIP removed a comment from an already supported helm value and added a doc line * #9403 Reverted a manual added line Removed a manual added line in favour of helm doc * #9403 re-generated the README with the last doc line added to the value.yaml * #9403 removed trailing spaces * removed trail spaces --- charts/ingress-nginx/README.md | 1 + charts/ingress-nginx/values.yaml | 4 +++- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/charts/ingress-nginx/README.md b/charts/ingress-nginx/README.md index 808601439..8b5d92d37 100644 --- a/charts/ingress-nginx/README.md +++ b/charts/ingress-nginx/README.md @@ -408,6 +408,7 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu | controller.service.externalIPs | list | `[]` | List of IP addresses at which the controller services are available # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips # | | controller.service.internal.annotations | object | `{}` | Annotations are mandatory for the load balancer to come up. Varies with the cloud service. | | controller.service.internal.enabled | bool | `false` | Enables an additional internal load balancer (besides the external one). | +| controller.service.internal.loadBalancerIP | string | `""` | Used by cloud providers to connect the resulting internal LoadBalancer to a pre-existing static IP. Make sure to add to the service the needed annotation to specify the subnet which the static IP belongs to. For instance, `networking.gke.io/internal-load-balancer-subnet` for GCP and `service.beta.kubernetes.io/aws-load-balancer-subnets` for AWS. | | controller.service.internal.loadBalancerSourceRanges | list | `[]` | Restrict access For LoadBalancer service. Defaults to 0.0.0.0/0. | | controller.service.internal.ports | object | `{}` | Custom port mapping for internal service | | controller.service.internal.targetPorts | object | `{}` | Custom target port mapping for internal service | diff --git a/charts/ingress-nginx/values.yaml b/charts/ingress-nginx/values.yaml index cc8bddf28..b313643f3 100644 --- a/charts/ingress-nginx/values.yaml +++ b/charts/ingress-nginx/values.yaml @@ -478,7 +478,9 @@ controller: enabled: false # -- Annotations are mandatory for the load balancer to come up. Varies with the cloud service. annotations: {} - # loadBalancerIP: "" + + # -- Used by cloud providers to connect the resulting internal LoadBalancer to a pre-existing static IP. Make sure to add to the service the needed annotation to specify the subnet which the static IP belongs to. For instance, `networking.gke.io/internal-load-balancer-subnet` for GCP and `service.beta.kubernetes.io/aws-load-balancer-subnets` for AWS. + loadBalancerIP: "" # -- Restrict access For LoadBalancer service. Defaults to 0.0.0.0/0. loadBalancerSourceRanges: [] From 8b24fc98d28dec4e1cdc247fac240cd237c0c8c9 Mon Sep 17 00:00:00 2001 From: kylekluever <39891060+kylekluever@users.noreply.github.com> Date: Tue, 27 Jun 2023 07:42:32 -0500 Subject: [PATCH 13/14] Fix loadBalancerClass value (#10139) --- charts/ingress-nginx/templates/controller-service.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/ingress-nginx/templates/controller-service.yaml b/charts/ingress-nginx/templates/controller-service.yaml index 36feb06c5..b2735d2e8 100644 --- a/charts/ingress-nginx/templates/controller-service.yaml +++ b/charts/ingress-nginx/templates/controller-service.yaml @@ -29,7 +29,7 @@ spec: loadBalancerSourceRanges: {{ toYaml .Values.controller.service.loadBalancerSourceRanges | nindent 4 }} {{- end }} {{- if .Values.controller.service.loadBalancerClass }} - loadBalancerClass: {{ toYaml .Values.controller.service.loadBalancerClass }} + loadBalancerClass: {{ .Values.controller.service.loadBalancerClass }} {{- end }} {{- if .Values.controller.service.externalTrafficPolicy }} externalTrafficPolicy: {{ .Values.controller.service.externalTrafficPolicy }} From 1ddecfc09945e265b88e510f8c0787519ab7b476 Mon Sep 17 00:00:00 2001 From: Long Wu Yuan Date: Tue, 27 Jun 2023 23:36:33 +0530 Subject: [PATCH 14/14] changed to updated baseimage and reverted tag (#10143) --- NGINX_BASE | 2 +- TAG | 3 +-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/NGINX_BASE b/NGINX_BASE index 02a35039a..14a7ee54b 100644 --- a/NGINX_BASE +++ b/NGINX_BASE @@ -1 +1 @@ -registry.k8s.io/ingress-nginx/nginx:v20230527@sha256:cf77c71aa6e4284925ca2233ddf871b5823eaa3ee000347ae25096b07fb52c57 +registry.k8s.io/ingress-nginx/nginx:v20230623-427f3d2fb@sha256:7b479f66872c0b1cb0f1315e305b8a3e9c6da846c7dd3855db99bc8cfd6791e1 diff --git a/TAG b/TAG index c9a0c1a83..804a616da 100644 --- a/TAG +++ b/TAG @@ -1,2 +1 @@ -v1.8.1 - +v1.8.0