diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 327dc15d5..2ff3a635b 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -163,6 +163,14 @@ jobs: go-version: '1.21.5' check-latest: true + - name: Install Helm Unit Test Plugin + run: | + helm plugin install https://github.com/helm-unittest/helm-unittest + + - name: Run Helm Unit Tests + run: | + helm unittest charts/ingress-nginx -d + - name: cache uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 with: diff --git a/.gitignore b/.gitignore index 60bf6a304..73108f627 100644 --- a/.gitignore +++ b/.gitignore @@ -61,3 +61,4 @@ cmd/plugin/release/*.tar.gz cmd/plugin/release/LICENSE tmp/ test/junitreports/ +tests/__snapshot__ diff --git a/Changelog.md.gotmpl b/Changelog.md.gotmpl deleted file mode 100644 index d35df8ade..000000000 --- a/Changelog.md.gotmpl +++ /dev/null @@ -1,15 +0,0 @@ -# Changelog - -### {{ .Version }} -Images: -{{ with .ControllerImages }} -{{ range . }} * {{ .Registry }}/{{ .Name }}:{{ .Tag}}@{{ .Digest }} -{{ end }} {{ end }} -### All Changes: -{{ with .Updates }} -{{ range . }}* {{ . }} -{{ end }}{{ end }} -### Dependencies updates: {{ with .DepUpdates }} -{{ range . }}* {{ . }} -{{ end }} {{ end }} -**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-{{ .PreviousControllerVersion }}...controller-{{ .NewControllerVersion }} diff --git a/changelog/Changelog-1.6.4.md b/changelog/controller-1.6.4.md similarity index 95% rename from changelog/Changelog-1.6.4.md rename to changelog/controller-1.6.4.md index 5f940d1c4..256e5ec09 100644 --- a/changelog/Changelog-1.6.4.md +++ b/changelog/controller-1.6.4.md @@ -1,12 +1,13 @@ # Changelog ### 1.6.4 + Images: - * registry.k8s.io/controller:controller-v1.6.4@sha256:15be4666c53052484dd2992efacf2f50ea77a78ae8aa21ccd91af6baaa7ea22f - * registry.k8s.io/controller-chroot:controller-v1.6.4@sha256:0de01e2c316c3ca7847ca13b32d077af7910d07f21a4a82f81061839764f8f81 - -### All Changes: +* registry.k8s.io/controller:controller-v1.6.4@sha256:15be4666c53052484dd2992efacf2f50ea77a78ae8aa21ccd91af6baaa7ea22f +* registry.k8s.io/controller-chroot:controller-v1.6.4@sha256:0de01e2c316c3ca7847ca13b32d077af7910d07f21a4a82f81061839764f8f81 + +### All changes: * remove tests and regex path checks (#9626) * Fix incorrect annotation name in upstream hashing configuration (#9617) @@ -99,7 +100,8 @@ Images: * PDB: Add `maxUnavailable`. (#9278) * add containerSecurityContext to extraModules init containers (kubernetes#9016) (#9242) -### Dependencies updates: +### Dependency updates: + * Bump google.golang.org/grpc from 1.52.0 to 1.52.3 (#9555) * Bump k8s.io/klog/v2 from 2.80.1 to 2.90.0 (#9553) * Bump sigs.k8s.io/controller-runtime from 0.13.1 to 0.14.2 (#9552) @@ -132,5 +134,5 @@ Images: * Bump github.com/onsi/ginkgo/v2 from 2.4.0 to 2.5.1 (#9317) * Bump actions/dependency-review-action from 2.5.1 to 3.0.0 (#9301) * Bump k8s.io/component-base from 0.25.3 to 0.25.4 (#9300) - + **Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-controller-v1.5.1...controller-controller-v1.6.4 diff --git a/changelog/Changelog-1.7.0.md b/changelog/controller-1.7.0.md similarity index 92% rename from changelog/Changelog-1.7.0.md rename to changelog/controller-1.7.0.md index 6a938c5f5..97f0ebf22 100644 --- a/changelog/Changelog-1.7.0.md +++ b/changelog/controller-1.7.0.md @@ -1,12 +1,13 @@ # Changelog ### 1.7.0 + Images: - * registry.k8s.io/ingress-nginx/controller:v1.7.0@sha256:7612338342a1e7b8090bef78f2a04fffcadd548ccaabe8a47bf7758ff549a5f7 - * registry.k8s.io/ingress-nginx/controller-chroot:v1.7.0@sha256:e84ef3b44c8efeefd8b0aa08770a886bfea1f04c53b61b4ba9a7204e9f1a7edc - -### All Changes: +* registry.k8s.io/ingress-nginx/controller:v1.7.0@sha256:7612338342a1e7b8090bef78f2a04fffcadd548ccaabe8a47bf7758ff549a5f7 +* registry.k8s.io/ingress-nginx/controller-chroot:v1.7.0@sha256:e84ef3b44c8efeefd8b0aa08770a886bfea1f04c53b61b4ba9a7204e9f1a7edc + +### All changes: * kick off 1.7.0 build (#9775) * Update exposing-tcp-udp-services.md (#9777) @@ -46,7 +47,8 @@ Images: * Fix incorrect annotation name in upstream hashing configuration (#9617) * Release docs for Controller v1.6.3 and Helm v4.5.0 (#9614) -### Dependencies updates: +### Dependency updates: + * Bump aquasecurity/trivy-action from 0.8.0 to 0.9.2 (#9767) * Bump k8s.io/component-base from 0.26.2 to 0.26.3 (#9764) * Bump actions/dependency-review-action from 3.0.3 to 3.0.4 (#9766) @@ -74,5 +76,5 @@ Images: * Bump google.golang.org/grpc from 1.52.3 to 1.53.0 (#9610) * Bump github.com/prometheus/client_golang (#9630) * Bump golang.org/x/crypto from 0.5.0 to 0.6.0 (#9609) - + **Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-controller-v1.6.3...controller-controller-v1.7.0 diff --git a/changelog/Changelog-1.7.1.md b/changelog/controller-1.7.1.md similarity index 89% rename from changelog/Changelog-1.7.1.md rename to changelog/controller-1.7.1.md index 9b8422c7e..632ffe963 100644 --- a/changelog/Changelog-1.7.1.md +++ b/changelog/controller-1.7.1.md @@ -1,12 +1,13 @@ # Changelog ### 1.7.1 + Images: - * registry.k8s.io/ingress-nginx/controller:v1.7.1@sha256:7244b95ea47bddcb8267c1e625fb163fc183ef55448855e3ac52a7b260a60407 - * registry.k8s.io/ingress-nginx/controller-chroot:v1.7.1@sha256:e35d5ab487861b9d419c570e3530589229224a0762c7b4d2e2222434abb8d988 - -### All Changes: +* registry.k8s.io/ingress-nginx/controller:v1.7.1@sha256:7244b95ea47bddcb8267c1e625fb163fc183ef55448855e3ac52a7b260a60407 +* registry.k8s.io/ingress-nginx/controller-chroot:v1.7.1@sha256:e35d5ab487861b9d419c570e3530589229224a0762c7b4d2e2222434abb8d988 + +### All changes: * Update TAG - 1.7.1 (#9922) * Update dependabot to watch docker images (#9600) @@ -30,7 +31,8 @@ Images: * Values: Fix indention of commented values. (#9812) * The Ingress-Nginx project recently released version 1.7.0 of the controller, but the deployment documentation still referenced version 1.6.4. This commit updates the documentation to reference the latest version, ensuring that users have access to the most up-to-date information. Fixes#9787 (#9788) -### Dependencies updates: +### Dependency updates: + * Bump github.com/opencontainers/runc from 1.1.6 to 1.1.7 (#9912) * Bump github.com/prometheus/client_golang from 1.14.0 to 1.15.0 (#9868) * Bump aquasecurity/trivy-action from 0.9.2 to 0.10.0 (#9888) @@ -48,5 +50,5 @@ Images: * Bump github.com/imdario/mergo from 0.3.13 to 0.3.15 (#9795) * Bump google.golang.org/grpc from 1.53.0 to 1.54.0 (#9794) * Bump sigs.k8s.io/controller-runtime from 0.14.5 to 0.14.6 (#9822) - + **Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-controller-v1.7.0...controller-controller-v1.7.1 diff --git a/changelog/Changelog-1.8.0.md b/changelog/controller-1.8.0.md similarity index 76% rename from changelog/Changelog-1.8.0.md rename to changelog/controller-1.8.0.md index a109c68ba..48b4cdefa 100644 --- a/changelog/Changelog-1.8.0.md +++ b/changelog/controller-1.8.0.md @@ -1,31 +1,28 @@ # Changelog ### 1.8.0 + Images: * registry.k8s.io/ingress-nginx/controller:v1.8.0@sha256:744ae2afd433a395eeb13dc03d3313facba92e96ad71d9feaafc85925493fee3 * registry.k8s.io/ingress-nginx/controller-chroot:v1.8.0@sha256:a45e41cd2b7670adf829759878f512d4208d0aec1869dae593a0fecd09a5e49e -### Important Changes: +### Important changes: * Validate path types (#9967) * images: upgrade to Alpine 3.18 (#9997) * Update documentation to reflect project name; Ingress-Nginx Controller -For improving security on our 1.8.0 release includes a -[new, **optional** validation ](https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#strict-validate-path-type) -that limits the characters accepted on ".spec paths.path" when pathType=Exact or pathType=Prefix, -to alphanumeric characters only. More information can be found on our -[Google doc](https://docs.google.com/document/d/1HPvaEwHRuMSkXYkVIJ-w7IpijKdHfNynm_4N2Akt0CQ/edit?usp=sharing) -, our new [ingress-nginx-dev mailing list](https://groups.google.com/a/kubernetes.io/g/ingress-nginx-dev/c/ebbBMo-zX-w) -or in our [docs](https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#strict-validate-path-type) +For improving security, our 1.8.0 release includes a [new, **optional** validation ](https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#strict-validate-path-type) that limits the characters accepted on ".spec paths.path" when pathType=Exact or athType=Prefix, to alphanumeric characters only. + +More information can be found on our [Google doc](https://docs.google.com/document/d/1HPvaEwHRuMSkXYkVIJ-w7IpijKdHfNynm_4N2Akt0CQ/edit?usp=sharing), our new [ingress-nginx-dev mailing list](https://groups.google.com/a/kubernetes.io/g/ingress-nginx-dev/c/ebbBMo-zX-w) or in our [docs](https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#strict-validate-path-type) ### Community Updates We are now posting updates and release to our twitter handle, [@IngressNginx](https://twitter.com/IngressNGINX) and on our new [ingress-nginx-dev mailing list](https://groups.google.com/a/kubernetes.io/g/ingress-nginx-dev/c/ebbBMo-zX-w) -### All Changes: +### All changes: * Add legacy to OpenTelemetry migration doc (#10011) * changed tagsha to recent builds (#10001) @@ -64,4 +61,4 @@ on our new [ingress-nginx-dev mailing list](https://groups.google.com/a/kubernet * Bump github.com/prometheus/client_model from 0.3.0 to 0.4.0 (#9937) * Bump google.golang.org/grpc from 1.54.0 to 1.55.0 (#9936) -**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-controller-v1.7.1...controller-controller-v1.8.0 \ No newline at end of file +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-controller-v1.7.1...controller-controller-v1.8.0 diff --git a/changelog/Changelog-1.8.1.md b/changelog/controller-1.8.1.md similarity index 91% rename from changelog/Changelog-1.8.1.md rename to changelog/controller-1.8.1.md index c84a7ce18..16d4a8409 100644 --- a/changelog/Changelog-1.8.1.md +++ b/changelog/controller-1.8.1.md @@ -1,12 +1,13 @@ # Changelog ### 1.8.1 + Images: - * registry.k8s.io/ingress-nginx/controller:v1.8.1@sha256:e5c4824e7375fcf2a393e1c03c293b69759af37a9ca6abdb91b13d78a93da8bd - * registry.k8s.io/ingress-nginx/controller-chroot:v1.8.1@sha256:e0d4121e3c5e39de9122e55e331a32d5ebf8d4d257227cb93ab54a1b912a7627 - -### All Changes: +* registry.k8s.io/ingress-nginx/controller:v1.8.1@sha256:e5c4824e7375fcf2a393e1c03c293b69759af37a9ca6abdb91b13d78a93da8bd +* registry.k8s.io/ingress-nginx/controller-chroot:v1.8.1@sha256:e0d4121e3c5e39de9122e55e331a32d5ebf8d4d257227cb93ab54a1b912a7627 + +### All changes: * netlify: Only trigger preview when there are changes in docs. (#10144) * changed to updated baseimage and reverted tag (#10143) @@ -48,7 +49,8 @@ Images: * added helmshowvalues example (#10019) * release controller 1.8.0 and chart 4.7.0 (#10017) -### Dependencies updates: +### Dependency updates: + * Bump ossf/scorecard-action from 2.1.3 to 2.2.0 (#10133) * Bump google.golang.org/grpc from 1.56.0 to 1.56.1 (#10134) * Bump github.com/prometheus/client_golang from 1.15.1 to 1.16.0 (#10106) @@ -63,5 +65,5 @@ Images: * Bump actions/dependency-review-action from 3.0.4 to 3.0.6 (#10042) * Bump github.com/stretchr/testify from 1.8.3 to 1.8.4 (#10041) * Bump github.com/stretchr/testify from 1.8.2 to 1.8.3 (#10005) - + **Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-controller-v1.8.0...controller-controller-v1.8.1 diff --git a/changelog/Changelog-1.8.2.md b/changelog/controller-1.8.2.md similarity index 64% rename from changelog/Changelog-1.8.2.md rename to changelog/controller-1.8.2.md index 12a273af2..0c20decc9 100644 --- a/changelog/Changelog-1.8.2.md +++ b/changelog/controller-1.8.2.md @@ -1,12 +1,13 @@ # Changelog ### 1.8.2 + Images: - * registry.k8s.io/ingress-nginx/controller:v1.8.2@sha256:74834d3d25b336b62cabeb8bf7f1d788706e2cf1cfd64022de4137ade8881ff2 - * registry.k8s.io/ingress-nginx/controller-chroot:v1.8.2@sha256:1317a563219f755a6094d990057c78e5c4dcea5e31f4ce1db8641e732a7d6133 - -### All Changes: +* registry.k8s.io/ingress-nginx/controller:v1.8.2@sha256:74834d3d25b336b62cabeb8bf7f1d788706e2cf1cfd64022de4137ade8881ff2 +* registry.k8s.io/ingress-nginx/controller-chroot:v1.8.2@sha256:1317a563219f755a6094d990057c78e5c4dcea5e31f4ce1db8641e732a7d6133 + +### All changes: * Release v1.8.2 and Update Go to v1.21.1 (#10379) * Making auth access logs optional (#10380) @@ -15,5 +16,4 @@ Images: * [release-1.8] Update images tags after adding git data in gcloud (#10233) * [release-1.8] Golang 1.20.6 for test runner (#10231) -### Dependencies updates: **Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-controller-v1.8.1...controller-controller-v1.8.2 diff --git a/changelog/controller-1.9.0-beta.0.md b/changelog/controller-1.9.0-beta.0.md new file mode 100644 index 000000000..79ecf596e --- /dev/null +++ b/changelog/controller-1.9.0-beta.0.md @@ -0,0 +1,95 @@ +# Changelog + +### 1.9.0-beta.0 + +Images: + +* registry.k8s.io/ingress-nginx/controller:v1.9.0-beta.0@sha256:531377e4cc9dc62af40d742402222603259673f5a755a64d74122f256dfad8f9 +* registry.k8s.io/ingress-nginx/controller-chroot:v1.9.0-beta.0@sha256:60b4c95349ce2a81a3b2a76423ee483b847b89d3fa8cb148468434f606f3fa0c + +### All changes: + +* Rework mage (#10418) +* Start release of v1.9.0 beta0 (#10407) +* Update k8s versions on CI (#10406) +* Add a flag to enable or disable aio_write (#10394) +* Update external-articles.md - advanced setup with GKE/Cloud Armor/IAP (#10372) +* Fix e2e test suite doc (#10396) +* Disable user snippets per default (#10393) +* Deployment/DaemonSet: Fix templating & value. (#10240) +* Fix deferInLoop error (#10387) +* Remove gofmt (#10385) +* Deployment/DaemonSet: Template `topologySpreadConstraints`. (#10259) +* release notes 1.8.2 (#10389) +* fix: remove curl on base container #9716 (#10306) +* Fix http default backend test (#10382) +* Add golangci github action and replace the deprecated golint (#10187) +* BUGFIX incorrect indentation (#10254) +* Upgrade OpenTelemetry to v1.11.0 and gRPC to v1.57.0 (#10352) +* fix: path with sepecial characters warning #10281 #10308 (#10330) +* Fix golangci-lint errors (#10196) +* chore(build): Fix Run make dev-env syntax error (#10294) +* Add firewall configuration to quick start documentation (#10357) +* Making auth access logs optional (#10335) +* Fix “dev-env” Makefile target to work with kubectl 1.28+ (#10350) +* fix: update action file to auto release plugin #10197 (#10321) +* Use gzip instead of pigz in CI (#10348) +* Disable Modsecurity from internal processing which affects large ingresses (#10316) +* fix: add /etc/mime.types #10309 (#10310) +* Remove curl dependencies in e2e tests #9716 (#10296) +* docs: swap explanation to match example (#10220) +* ci(helm): fix Helm Chart release action 422 error (#10237) +* helm: Use .Release.Namespace as default for ServiceMonitor namespace (#10249) +* Updated index.md - Fix typos (#10256) +* Handle request_id variable correctly in auth requests (#9219) +* test kind updates (#10272) +* promote distroless otel init image (#10257) +* [helm] configure allow to configure hostAliases (#10180) +* Add rolling update strategy to each static deployment file (#10129) +* Implement annotation validation (#9673) +* Golang 1.20.6 for test runner (#10230) +* [helm] pass service annotations through helm tpl engine (#10084) +* Ignore deployment template's replicas if KEDA is enabled (#9534) +* chore: bump OpenResty to v1.21.4.2 (#10219) +* Scanning port 10247 lead to tcp connection 502 error (#9815) +* revise Datadog trace sampling configuration (#10151) +* Clarify TCP/UDP service docs (#10146) +* Exposed continent data as variable in the case of Maxmind city files (#10157) +* Cleanup errcheck code (#10166) +* Fix golang-ci linter errors (#10128) +* Deprecate and remove AJP support (#10158) +* release notes 1.8.1 (#10161) + +### Dependency updates: + +* Bump github.com/onsi/ginkgo/v2 from 2.9.5 to 2.12.0 (#10355) +* Bump golang.org/x/crypto from 0.12.0 to 0.13.0 (#10399) +* Bump actions/setup-go from 4.0.1 to 4.1.0 (#10403) +* Bump goreleaser/goreleaser-action from 4.4.0 to 4.6.0 (#10402) +* Bump actions/upload-artifact from 3.1.2 to 3.1.3 (#10404) +* Bump golangci/golangci-lint-action from 3.6.0 to 3.7.0 (#10400) +* Bump google.golang.org/grpc from 1.57.0 to 1.58.0 (#10398) +* Bump actions/dependency-review-action from 3.0.8 to 3.1.0 (#10401) +* Bump github.com/cyphar/filepath-securejoin from 0.2.3 to 0.2.4 (#10373) +* Bump github.com/cyphar/filepath-securejoin in /magefiles (#10374) +* Bump Go version to 1.21.1 (#10377) +* Bump Go version to 1.21.1 on testrunner (#10378) +* Bump aquasecurity/trivy-action from 0.11.2 to 0.12.0 (#10365) +* Bump docker/setup-buildx-action from 2.9.1 to 2.10.0 (#10353) +* Bump actions/checkout from 3.5.3 to 3.6.0 (#10354) +* Bump actions/dependency-review-action from 3.0.6 to 3.0.8 (#10333) +* Bump actions/setup-go from 4.0.1 to 4.1.0 (#10313) +* Bump securego/gosec from 2.16.0 to 2.17.0 (#10332) +* Bump goreleaser/goreleaser-action from 4.3.0 to 4.4.0 (#10314) +* Bump github.com/opencontainers/runc from 1.1.8 to 1.1.9 (#10298) +* Bump k8s.io/component-base from 0.26.4 to 0.27.4 (Replace Topology Aware Hints with Topology Aware Routing) (#10282) +* Bump google.golang.org/grpc from 1.56.2 to 1.57.0 (#10258) +* Bump golang.org/x/crypto from 0.11.0 to 0.12.0 (#10280) +* Bump github.com/opencontainers/runc from 1.1.7 to 1.1.8 (#10244) +* Bump google.golang.org/grpc from 1.56.1 to 1.56.2 (#10193) +* Bump docker/setup-buildx-action from 2.9.0 to 2.9.1 (#10207) +* Bump golang.org/x/crypto from 0.10.0 to 0.11.0 (#10192) +* Bump docker/setup-buildx-action from 2.8.0 to 2.9.0 (#10191) +* Bump docker/setup-buildx-action from 2.7.0 to 2.8.0 (#10165) + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-release-1.8...controller-controller-v1.9.0-beta.0 diff --git a/changelog/controller-1.9.0.md b/changelog/controller-1.9.0.md new file mode 100644 index 000000000..25442894f --- /dev/null +++ b/changelog/controller-1.9.0.md @@ -0,0 +1,95 @@ +# Changelog + +### 1.9.0 + +Images: + +* registry.k8s.io/ingress-nginx/controller:v1.9.0@sha256:c15d1a617858d90fb8f8a2dd60b0676f2bb85c54e3ed11511794b86ec30c8c60 +* registry.k8s.io/ingress-nginx/controller-chroot:v1.9.0@sha256:d9fa7a136de2104fb2ecfcf1666978bfab927f4a125b75c0fb471e6104366ab5 + +### All changes: + +* Rework mage (#10418) +* Start release of v1.9.0 beta0 (#10407) +* Update k8s versions on CI (#10406) +* Add a flag to enable or disable aio_write (#10394) +* Update external-articles.md - advanced setup with GKE/Cloud Armor/IAP (#10372) +* Fix e2e test suite doc (#10396) +* Disable user snippets per default (#10393) +* Deployment/DaemonSet: Fix templating & value. (#10240) +* Fix deferInLoop error (#10387) +* Remove gofmt (#10385) +* Deployment/DaemonSet: Template `topologySpreadConstraints`. (#10259) +* release notes 1.8.2 (#10389) +* fix: remove curl on base container #9716 (#10306) +* Fix http default backend test (#10382) +* Add golangci github action and replace the deprecated golint (#10187) +* BUGFIX incorrect indentation (#10254) +* Upgrade OpenTelemetry to v1.11.0 and gRPC to v1.57.0 (#10352) +* fix: path with sepecial characters warning #10281 #10308 (#10330) +* Fix golangci-lint errors (#10196) +* chore(build): Fix Run make dev-env syntax error (#10294) +* Add firewall configuration to quick start documentation (#10357) +* Making auth access logs optional (#10335) +* Fix “dev-env” Makefile target to work with kubectl 1.28+ (#10350) +* fix: update action file to auto release plugin #10197 (#10321) +* Use gzip instead of pigz in CI (#10348) +* Disable Modsecurity from internal processing which affects large ingresses (#10316) +* fix: add /etc/mime.types #10309 (#10310) +* Remove curl dependencies in e2e tests #9716 (#10296) +* docs: swap explanation to match example (#10220) +* ci(helm): fix Helm Chart release action 422 error (#10237) +* helm: Use .Release.Namespace as default for ServiceMonitor namespace (#10249) +* Updated index.md - Fix typos (#10256) +* Handle request_id variable correctly in auth requests (#9219) +* test kind updates (#10272) +* promote distroless otel init image (#10257) +* [helm] configure allow to configure hostAliases (#10180) +* Add rolling update strategy to each static deployment file (#10129) +* Implement annotation validation (#9673) +* Golang 1.20.6 for test runner (#10230) +* [helm] pass service annotations through helm tpl engine (#10084) +* Ignore deployment template's replicas if KEDA is enabled (#9534) +* chore: bump OpenResty to v1.21.4.2 (#10219) +* Scanning port 10247 lead to tcp connection 502 error (#9815) +* revise Datadog trace sampling configuration (#10151) +* Clarify TCP/UDP service docs (#10146) +* Exposed continent data as variable in the case of Maxmind city files (#10157) +* Cleanup errcheck code (#10166) +* Fix golang-ci linter errors (#10128) +* Deprecate and remove AJP support (#10158) +* release notes 1.8.1 (#10161) + +### Dependency updates: + +* Bump github.com/onsi/ginkgo/v2 from 2.9.5 to 2.12.0 (#10355) +* Bump golang.org/x/crypto from 0.12.0 to 0.13.0 (#10399) +* Bump actions/setup-go from 4.0.1 to 4.1.0 (#10403) +* Bump goreleaser/goreleaser-action from 4.4.0 to 4.6.0 (#10402) +* Bump actions/upload-artifact from 3.1.2 to 3.1.3 (#10404) +* Bump golangci/golangci-lint-action from 3.6.0 to 3.7.0 (#10400) +* Bump google.golang.org/grpc from 1.57.0 to 1.58.0 (#10398) +* Bump actions/dependency-review-action from 3.0.8 to 3.1.0 (#10401) +* Bump github.com/cyphar/filepath-securejoin from 0.2.3 to 0.2.4 (#10373) +* Bump github.com/cyphar/filepath-securejoin in /magefiles (#10374) +* Bump Go version to 1.21.1 (#10377) +* Bump Go version to 1.21.1 on testrunner (#10378) +* Bump aquasecurity/trivy-action from 0.11.2 to 0.12.0 (#10365) +* Bump docker/setup-buildx-action from 2.9.1 to 2.10.0 (#10353) +* Bump actions/checkout from 3.5.3 to 3.6.0 (#10354) +* Bump actions/dependency-review-action from 3.0.6 to 3.0.8 (#10333) +* Bump actions/setup-go from 4.0.1 to 4.1.0 (#10313) +* Bump securego/gosec from 2.16.0 to 2.17.0 (#10332) +* Bump goreleaser/goreleaser-action from 4.3.0 to 4.4.0 (#10314) +* Bump github.com/opencontainers/runc from 1.1.8 to 1.1.9 (#10298) +* Bump k8s.io/component-base from 0.26.4 to 0.27.4 (Replace Topology Aware Hints with Topology Aware Routing) (#10282) +* Bump google.golang.org/grpc from 1.56.2 to 1.57.0 (#10258) +* Bump golang.org/x/crypto from 0.11.0 to 0.12.0 (#10280) +* Bump github.com/opencontainers/runc from 1.1.7 to 1.1.8 (#10244) +* Bump google.golang.org/grpc from 1.56.1 to 1.56.2 (#10193) +* Bump docker/setup-buildx-action from 2.9.0 to 2.9.1 (#10207) +* Bump golang.org/x/crypto from 0.10.0 to 0.11.0 (#10192) +* Bump docker/setup-buildx-action from 2.8.0 to 2.9.0 (#10191) +* Bump docker/setup-buildx-action from 2.7.0 to 2.8.0 (#10165) + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-release-1.8...controller-controller-v1.9.0 diff --git a/changelog/controller-1.9.1.md b/changelog/controller-1.9.1.md new file mode 100644 index 000000000..b05c88eae --- /dev/null +++ b/changelog/controller-1.9.1.md @@ -0,0 +1,21 @@ +# Changelog + +### 1.9.1 + +Images: + +* registry.k8s.io/ingress-nginx/controller:v1.9.1@sha256:605a737877de78969493a4b1213b21de4ee425d2926906857b98050f57a95b25 +* registry.k8s.io/ingress-nginx/controller-chroot:v1.9.1@sha256:2ac744ef08850ee86ad7162451a6879f47c1a41c6a757f6b6f913c52103b8836 + +### All changes: + +* upgrade owasp modsecurity core rule set to v3.3.5 (#10437) +* Start v1.9.1 release (#10463) +* Accept backend protocol on any case (#10461) +* Chart: Rework network policies. (#10438) + +### Dependency updates: + +* Bump google.golang.org/grpc from 1.58.0 to 1.58.1 (#10436) + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-controller-v1.9.0...controller-controller-v1.9.1 diff --git a/changelog/controller-1.9.3.md b/changelog/controller-1.9.3.md new file mode 100644 index 000000000..59ba545d9 --- /dev/null +++ b/changelog/controller-1.9.3.md @@ -0,0 +1,29 @@ +# Changelog + +### 1.9.3 + +Images: + +* registry.k8s.io/ingress-nginx/controller:v1.9.3@sha256:8fd21d59428507671ce0fb47f818b1d859c92d2ad07bb7c947268d433030ba98 +* registry.k8s.io/ingress-nginx/controller-chroot:v1.9.3@sha256:df4931fd6859fbf1a71e785f02a44b2f9a16f010ae852c442e9bb779cbefdc86 + +### All changes: + +* update nginx base, httpbun, e2e, helm webhook cert gen (#10506) +* added warning for configuration-snippets usage (#10492) +* Remove legacy GeoIP from controller (#10495) +* add upstream patch for CVE-2023-44487 (#10494) +* Revert "Remove curl from nginx base image (#10477)" (#10479) +* update error and otel to have all the arch we support (#10476) +* Remove curl from nginx base image (#10477) + +### Dependency updates: + +* Bump x/net (#10514) +* Bump curl and Go version (#10503) +* Bump google.golang.org/grpc from 1.58.2 to 1.58.3 (#10496) +* Bump github.com/prometheus/client_model (#10486) +* Bump ossf/scorecard-action from 2.2.0 to 2.3.0 (#10487) +* Bump golang.org/x/crypto from 0.13.0 to 0.14.0 (#10485) + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-controller-v1.9.1...controller-controller-v1.9.3 diff --git a/changelog/controller-1.9.4.md b/changelog/controller-1.9.4.md new file mode 100644 index 000000000..69c6ad2e3 --- /dev/null +++ b/changelog/controller-1.9.4.md @@ -0,0 +1,14 @@ +# Changelog + +### 1.9.4 + +Images: + +* registry.k8s.io/ingress-nginx/controller:v1.9.4@sha256:5b161f051d017e55d358435f295f5e9a297e66158f136321d9b04520ec6c48a3 +* registry.k8s.io/ingress-nginx/controller-chroot:v1.9.4@sha256:5976b1067cfbca8a21d0ba53d71f83543a73316a61ea7f7e436d6cf84ddf9b26 + +### All changes: + +* Cherry pick fcgi fix and release v1.9.4 (#10544) + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-controller-v1.9.3...controller-controller-v1.9.4 diff --git a/changelog/controller.md.gotmpl b/changelog/controller.md.gotmpl new file mode 100644 index 000000000..e1ae13cc5 --- /dev/null +++ b/changelog/controller.md.gotmpl @@ -0,0 +1,22 @@ +# Changelog + +### {{ .NewControllerVersion }} +{{ with .ControllerImages }} +Images: +{{ range . }} +* {{ .Registry }}/{{ .Name }}:{{ .Tag}}@{{ .Digest }} +{{- end }} +{{ end }} +{{- with .Updates }} +### All changes: +{{ range . }} +* {{ . }} +{{- end }} +{{ end }} +{{- with .DepUpdates }} +### Dependency updates: +{{ range . }} +* {{ . }} +{{- end }} +{{ end }} +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-{{ .PreviousControllerVersion }}...controller-{{ .NewControllerVersion }} diff --git a/charts/ingress-nginx/.helmignore b/charts/ingress-nginx/.helmignore index 50af03172..109b40811 100644 --- a/charts/ingress-nginx/.helmignore +++ b/charts/ingress-nginx/.helmignore @@ -20,3 +20,4 @@ .idea/ *.tmproj .vscode/ +__snapshot__ diff --git a/charts/ingress-nginx/CHANGELOG.md b/charts/ingress-nginx/CHANGELOG.md deleted file mode 100644 index 7d81ac1bd..000000000 --- a/charts/ingress-nginx/CHANGELOG.md +++ /dev/null @@ -1,460 +0,0 @@ -# Changelog - -This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). - -### 4.4.0 - -* Adding support for disabling liveness and readiness probes to the Helm chart by @njegosrailic in https://github.com/kubernetes/ingress-nginx/pull/9238 -* add:(admission-webhooks) ability to set securityContext by @ybelMekk in https://github.com/kubernetes/ingress-nginx/pull/9186 -* #7652 - Updated Helm chart to use the fullname for the electionID if not specified. by @FutureMatt in https://github.com/kubernetes/ingress-nginx/pull/9133 -* Rename controller-wehbooks-networkpolicy.yaml. by @Gacko in https://github.com/kubernetes/ingress-nginx/pull/9123 - -### 4.3.0 -- Support for Kubernetes v.1.25.0 was added and support for endpoint slices -- Support for Kubernetes v1.20.0 and v1.21.0 was removed -- [8890](https://github.com/kubernetes/ingress-nginx/pull/8890) migrate to endpointslices -- [9059](https://github.com/kubernetes/ingress-nginx/pull/9059) kubewebhookcertgen sha change after go1191 -- [9046](https://github.com/kubernetes/ingress-nginx/pull/9046) Parameterize metrics port name -- [9104](https://github.com/kubernetes/ingress-nginx/pull/9104) Fix yaml formatting error with multiple annotations - -### 4.2.1 - -- The sha of kube-webhook-certgen image & the opentelemetry image, in values file, was changed to new images built on alpine-v3.16.1 -- "[8896](https://github.com/kubernetes/ingress-nginx/pull/8896) updated to new images built today" - -### 4.2.0 - -- Support for Kubernetes v1.19.0 was removed -- "[8810](https://github.com/kubernetes/ingress-nginx/pull/8810) Prepare for v1.3.0" -- "[8808](https://github.com/kubernetes/ingress-nginx/pull/8808) revert arch var name" -- "[8805](https://github.com/kubernetes/ingress-nginx/pull/8805) Bump k8s.io/klog/v2 from 2.60.1 to 2.70.1" -- "[8803](https://github.com/kubernetes/ingress-nginx/pull/8803) Update to nginx base with alpine v3.16" -- "[8802](https://github.com/kubernetes/ingress-nginx/pull/8802) chore: start v1.3.0 release process" -- "[8798](https://github.com/kubernetes/ingress-nginx/pull/8798) Add v1.24.0 to test matrix" -- "[8796](https://github.com/kubernetes/ingress-nginx/pull/8796) fix: add MAC_OS variable for static-check" -- "[8793](https://github.com/kubernetes/ingress-nginx/pull/8793) changed to alpine-v3.16" -- "[8781](https://github.com/kubernetes/ingress-nginx/pull/8781) Bump github.com/stretchr/testify from 1.7.5 to 1.8.0" -- "[8778](https://github.com/kubernetes/ingress-nginx/pull/8778) chore: remove stable.txt from release process" -- "[8775](https://github.com/kubernetes/ingress-nginx/pull/8775) Remove stable" -- "[8773](https://github.com/kubernetes/ingress-nginx/pull/8773) Bump github/codeql-action from 2.1.14 to 2.1.15" -- "[8772](https://github.com/kubernetes/ingress-nginx/pull/8772) Bump ossf/scorecard-action from 1.1.1 to 1.1.2" -- "[8771](https://github.com/kubernetes/ingress-nginx/pull/8771) fix bullet md format" -- "[8770](https://github.com/kubernetes/ingress-nginx/pull/8770) Add condition for monitoring.coreos.com/v1 API" -- "[8769](https://github.com/kubernetes/ingress-nginx/pull/8769) Fix typos and add links to developer guide" -- "[8767](https://github.com/kubernetes/ingress-nginx/pull/8767) change v1.2.0 to v1.2.1 in deploy doc URLs" -- "[8765](https://github.com/kubernetes/ingress-nginx/pull/8765) Bump github/codeql-action from 1.0.26 to 2.1.14" -- "[8752](https://github.com/kubernetes/ingress-nginx/pull/8752) Bump github.com/spf13/cobra from 1.4.0 to 1.5.0" -- "[8751](https://github.com/kubernetes/ingress-nginx/pull/8751) Bump github.com/stretchr/testify from 1.7.2 to 1.7.5" -- "[8750](https://github.com/kubernetes/ingress-nginx/pull/8750) added announcement" -- "[8740](https://github.com/kubernetes/ingress-nginx/pull/8740) change sha e2etestrunner and echoserver" -- "[8738](https://github.com/kubernetes/ingress-nginx/pull/8738) Update docs to make it easier for noobs to follow step by step" -- "[8737](https://github.com/kubernetes/ingress-nginx/pull/8737) updated baseimage sha" -- "[8736](https://github.com/kubernetes/ingress-nginx/pull/8736) set ld-musl-path" -- "[8733](https://github.com/kubernetes/ingress-nginx/pull/8733) feat: migrate leaderelection lock to leases" -- "[8726](https://github.com/kubernetes/ingress-nginx/pull/8726) prometheus metric: upstream_latency_seconds" -- "[8720](https://github.com/kubernetes/ingress-nginx/pull/8720) Ci pin deps" -- "[8719](https://github.com/kubernetes/ingress-nginx/pull/8719) Working OpenTelemetry sidecar (base nginx image)" -- "[8714](https://github.com/kubernetes/ingress-nginx/pull/8714) Create Openssf scorecard" -- "[8708](https://github.com/kubernetes/ingress-nginx/pull/8708) Bump github.com/prometheus/common from 0.34.0 to 0.35.0" -- "[8703](https://github.com/kubernetes/ingress-nginx/pull/8703) Bump actions/dependency-review-action from 1 to 2" -- "[8701](https://github.com/kubernetes/ingress-nginx/pull/8701) Fix several typos" -- "[8699](https://github.com/kubernetes/ingress-nginx/pull/8699) fix the gosec test and a make target for it" -- "[8698](https://github.com/kubernetes/ingress-nginx/pull/8698) Bump actions/upload-artifact from 2.3.1 to 3.1.0" -- "[8697](https://github.com/kubernetes/ingress-nginx/pull/8697) Bump actions/setup-go from 2.2.0 to 3.2.0" -- "[8695](https://github.com/kubernetes/ingress-nginx/pull/8695) Bump actions/download-artifact from 2 to 3" -- "[8694](https://github.com/kubernetes/ingress-nginx/pull/8694) Bump crazy-max/ghaction-docker-buildx from 1.6.2 to 3.3.1" - -### 4.1.2 - -- "[8587](https://github.com/kubernetes/ingress-nginx/pull/8587) Add CAP_SYS_CHROOT to DS/PSP when needed" -- "[8458](https://github.com/kubernetes/ingress-nginx/pull/8458) Add portNamePreffix Helm chart parameter" -- "[8522](https://github.com/kubernetes/ingress-nginx/pull/8522) Add documentation for controller.service.loadBalancerIP in Helm chart" - -### 4.1.0 - -- "[8481](https://github.com/kubernetes/ingress-nginx/pull/8481) Fix log creation in chroot script" -- "[8479](https://github.com/kubernetes/ingress-nginx/pull/8479) changed nginx base img tag to img built with alpine3.14.6" -- "[8478](https://github.com/kubernetes/ingress-nginx/pull/8478) update base images and protobuf gomod" -- "[8468](https://github.com/kubernetes/ingress-nginx/pull/8468) Fallback to ngx.var.scheme for redirectScheme with use-forward-headers when X-Forwarded-Proto is empty" -- "[8456](https://github.com/kubernetes/ingress-nginx/pull/8456) Implement object deep inspector" -- "[8455](https://github.com/kubernetes/ingress-nginx/pull/8455) Update dependencies" -- "[8454](https://github.com/kubernetes/ingress-nginx/pull/8454) Update index.md" -- "[8447](https://github.com/kubernetes/ingress-nginx/pull/8447) typo fixing" -- "[8446](https://github.com/kubernetes/ingress-nginx/pull/8446) Fix suggested annotation-value-word-blocklist" -- "[8444](https://github.com/kubernetes/ingress-nginx/pull/8444) replace deprecated topology key in example with current one" -- "[8443](https://github.com/kubernetes/ingress-nginx/pull/8443) Add dependency review enforcement" -- "[8434](https://github.com/kubernetes/ingress-nginx/pull/8434) added new auth-tls-match-cn annotation" -- "[8426](https://github.com/kubernetes/ingress-nginx/pull/8426) Bump github.com/prometheus/common from 0.32.1 to 0.33.0" - -### 4.0.18 - -- "[8291](https://github.com/kubernetes/ingress-nginx/pull/8291) remove git tag env from cloud build" -- "[8286](https://github.com/kubernetes/ingress-nginx/pull/8286) Fix OpenTelemetry sidecar image build" -- "[8277](https://github.com/kubernetes/ingress-nginx/pull/8277) Add OpenSSF Best practices badge" -- "[8273](https://github.com/kubernetes/ingress-nginx/pull/8273) Issue#8241" -- "[8267](https://github.com/kubernetes/ingress-nginx/pull/8267) Add fsGroup value to admission-webhooks/job-patch charts" -- "[8262](https://github.com/kubernetes/ingress-nginx/pull/8262) Updated confusing error" -- "[8256](https://github.com/kubernetes/ingress-nginx/pull/8256) fix: deny locations with invalid auth-url annotation" -- "[8253](https://github.com/kubernetes/ingress-nginx/pull/8253) Add a certificate info metric" -- "[8236](https://github.com/kubernetes/ingress-nginx/pull/8236) webhook: remove useless code." -- "[8227](https://github.com/kubernetes/ingress-nginx/pull/8227) Update libraries in webhook image" -- "[8225](https://github.com/kubernetes/ingress-nginx/pull/8225) fix inconsistent-label-cardinality for prometheus metrics: nginx_ingress_controller_requests" -- "[8221](https://github.com/kubernetes/ingress-nginx/pull/8221) Do not validate ingresses with unknown ingress class in admission webhook endpoint" -- "[8210](https://github.com/kubernetes/ingress-nginx/pull/8210) Bump github.com/prometheus/client_golang from 1.11.0 to 1.12.1" -- "[8209](https://github.com/kubernetes/ingress-nginx/pull/8209) Bump google.golang.org/grpc from 1.43.0 to 1.44.0" -- "[8204](https://github.com/kubernetes/ingress-nginx/pull/8204) Add Artifact Hub lint" -- "[8203](https://github.com/kubernetes/ingress-nginx/pull/8203) Fix Indentation of example and link to cert-manager tutorial" -- "[8201](https://github.com/kubernetes/ingress-nginx/pull/8201) feat(metrics): add path and method labels to requests countera" -- "[8199](https://github.com/kubernetes/ingress-nginx/pull/8199) use functional options to reduce number of methods creating an EchoDeployment" -- "[8196](https://github.com/kubernetes/ingress-nginx/pull/8196) docs: fix inconsistent controller annotation" -- "[8191](https://github.com/kubernetes/ingress-nginx/pull/8191) Using Go install for misspell" -- "[8186](https://github.com/kubernetes/ingress-nginx/pull/8186) prometheus+grafana using servicemonitor" -- "[8185](https://github.com/kubernetes/ingress-nginx/pull/8185) Append elements on match, instead of removing for cors-annotations" -- "[8179](https://github.com/kubernetes/ingress-nginx/pull/8179) Bump github.com/opencontainers/runc from 1.0.3 to 1.1.0" -- "[8173](https://github.com/kubernetes/ingress-nginx/pull/8173) Adding annotations to the controller service account" -- "[8163](https://github.com/kubernetes/ingress-nginx/pull/8163) Update the $req_id placeholder description" -- "[8162](https://github.com/kubernetes/ingress-nginx/pull/8162) Versioned static manifests" -- "[8159](https://github.com/kubernetes/ingress-nginx/pull/8159) Adding some geoip variables and default values" -- "[8155](https://github.com/kubernetes/ingress-nginx/pull/8155) #7271 feat: avoid-pdb-creation-when-default-backend-disabled-and-replicas-gt-1" -- "[8151](https://github.com/kubernetes/ingress-nginx/pull/8151) Automatically generate helm docs" -- "[8143](https://github.com/kubernetes/ingress-nginx/pull/8143) Allow to configure delay before controller exits" -- "[8136](https://github.com/kubernetes/ingress-nginx/pull/8136) add ingressClass option to helm chart - back compatibility with ingress.class annotations" -- "[8126](https://github.com/kubernetes/ingress-nginx/pull/8126) Example for JWT" - - -### 4.0.15 - -- [8120] https://github.com/kubernetes/ingress-nginx/pull/8120 Update go in runner and release v1.1.1 -- [8119] https://github.com/kubernetes/ingress-nginx/pull/8119 Update to go v1.17.6 -- [8118] https://github.com/kubernetes/ingress-nginx/pull/8118 Remove deprecated libraries, update other libs -- [8117] https://github.com/kubernetes/ingress-nginx/pull/8117 Fix codegen errors -- [8115] https://github.com/kubernetes/ingress-nginx/pull/8115 chart/ghaction: set the correct permission to have access to push a release -- [8098] https://github.com/kubernetes/ingress-nginx/pull/8098 generating SHA for CA only certs in backend_ssl.go + comparison of P… -- [8088] https://github.com/kubernetes/ingress-nginx/pull/8088 Fix Edit this page link to use main branch -- [8072] https://github.com/kubernetes/ingress-nginx/pull/8072 Expose GeoIP2 Continent code as variable -- [8061] https://github.com/kubernetes/ingress-nginx/pull/8061 docs(charts): using helm-docs for chart -- [8058] https://github.com/kubernetes/ingress-nginx/pull/8058 Bump github.com/spf13/cobra from 1.2.1 to 1.3.0 -- [8054] https://github.com/kubernetes/ingress-nginx/pull/8054 Bump google.golang.org/grpc from 1.41.0 to 1.43.0 -- [8051] https://github.com/kubernetes/ingress-nginx/pull/8051 align bug report with feature request regarding kind documentation -- [8046] https://github.com/kubernetes/ingress-nginx/pull/8046 Report expired certificates (#8045) -- [8044] https://github.com/kubernetes/ingress-nginx/pull/8044 remove G109 check till gosec resolves issues -- [8042] https://github.com/kubernetes/ingress-nginx/pull/8042 docs_multiple_instances_one_cluster_ticket_7543 -- [8041] https://github.com/kubernetes/ingress-nginx/pull/8041 docs: fix typo'd executable name -- [8035] https://github.com/kubernetes/ingress-nginx/pull/8035 Comment busy owners -- [8029] https://github.com/kubernetes/ingress-nginx/pull/8029 Add stream-snippet as a ConfigMap and Annotation option -- [8023] https://github.com/kubernetes/ingress-nginx/pull/8023 fix nginx compilation flags -- [8021] https://github.com/kubernetes/ingress-nginx/pull/8021 Disable default modsecurity_rules_file if modsecurity-snippet is specified -- [8019] https://github.com/kubernetes/ingress-nginx/pull/8019 Revise main documentation page -- [8018] https://github.com/kubernetes/ingress-nginx/pull/8018 Preserve order of plugin invocation -- [8015] https://github.com/kubernetes/ingress-nginx/pull/8015 Add newline indenting to admission webhook annotations -- [8014] https://github.com/kubernetes/ingress-nginx/pull/8014 Add link to example error page manifest in docs -- [8009] https://github.com/kubernetes/ingress-nginx/pull/8009 Fix spelling in documentation and top-level files -- [8008] https://github.com/kubernetes/ingress-nginx/pull/8008 Add relabelings in controller-servicemonitor.yaml -- [8003] https://github.com/kubernetes/ingress-nginx/pull/8003 Minor improvements (formatting, consistency) in install guide -- [8001] https://github.com/kubernetes/ingress-nginx/pull/8001 fix: go-grpc Dockerfile -- [7999] https://github.com/kubernetes/ingress-nginx/pull/7999 images: use k8s-staging-test-infra/gcb-docker-gcloud -- [7996] https://github.com/kubernetes/ingress-nginx/pull/7996 doc: improvement -- [7983] https://github.com/kubernetes/ingress-nginx/pull/7983 Fix a couple of misspellings in the annotations documentation. -- [7979] https://github.com/kubernetes/ingress-nginx/pull/7979 allow set annotations for admission Jobs -- [7977] https://github.com/kubernetes/ingress-nginx/pull/7977 Add ssl_reject_handshake to default server -- [7975] https://github.com/kubernetes/ingress-nginx/pull/7975 add legacy version update v0.50.0 to main changelog -- [7972] https://github.com/kubernetes/ingress-nginx/pull/7972 updated service upstream definition - -### 4.0.14 - -- [8061] https://github.com/kubernetes/ingress-nginx/pull/8061 Using helm-docs to populate values table in README.md - -### 4.0.13 - -- [8008] https://github.com/kubernetes/ingress-nginx/pull/8008 Add relabelings in controller-servicemonitor.yaml - -### 4.0.12 - -- [7978] https://github.com/kubernetes/ingress-nginx/pull/7979 Support custom annotations in admissions Jobs - -### 4.0.11 - -- [7873] https://github.com/kubernetes/ingress-nginx/pull/7873 Makes the [appProtocol](https://kubernetes.io/docs/concepts/services-networking/_print/#application-protocol) field optional. - -### 4.0.10 - -- [7964] https://github.com/kubernetes/ingress-nginx/pull/7964 Update controller version to v1.1.0 - -### 4.0.9 - -- [6992] https://github.com/kubernetes/ingress-nginx/pull/6992 Add ability to specify labels for all resources - -### 4.0.7 - -- [7923] https://github.com/kubernetes/ingress-nginx/pull/7923 Release v1.0.5 of ingress-nginx -- [7806] https://github.com/kubernetes/ingress-nginx/pull/7806 Choice option for internal/external loadbalancer type service - -### 4.0.6 - -- [7804] https://github.com/kubernetes/ingress-nginx/pull/7804 Release v1.0.4 of ingress-nginx -- [7651] https://github.com/kubernetes/ingress-nginx/pull/7651 Support ipFamilyPolicy and ipFamilies fields in Helm Chart -- [7798] https://github.com/kubernetes/ingress-nginx/pull/7798 Exoscale: use HTTP Healthcheck mode -- [7793] https://github.com/kubernetes/ingress-nginx/pull/7793 Update kube-webhook-certgen to v1.1.1 - -### 4.0.5 - -- [7740] https://github.com/kubernetes/ingress-nginx/pull/7740 Release v1.0.3 of ingress-nginx - -### 4.0.3 - -- [7707] https://github.com/kubernetes/ingress-nginx/pull/7707 Release v1.0.2 of ingress-nginx - -### 4.0.2 - -- [7681] https://github.com/kubernetes/ingress-nginx/pull/7681 Release v1.0.1 of ingress-nginx - -### 4.0.1 - -- [7535] https://github.com/kubernetes/ingress-nginx/pull/7535 Release v1.0.0 ingress-nginx - -### 3.34.0 - -- [7256] https://github.com/kubernetes/ingress-nginx/pull/7256 Add namespace field in the namespace scoped resource templates - -### 3.33.0 - -- [7164] https://github.com/kubernetes/ingress-nginx/pull/7164 Update nginx to v1.20.1 - -### 3.32.0 - -- [7117] https://github.com/kubernetes/ingress-nginx/pull/7117 Add annotations for HPA - -### 3.31.0 - -- [7137] https://github.com/kubernetes/ingress-nginx/pull/7137 Add support for custom probes - -### 3.30.0 - -- [#7092](https://github.com/kubernetes/ingress-nginx/pull/7092) Removes the possibility of using localhost in ExternalNames as endpoints - -### 3.29.0 - -- [X] [#6945](https://github.com/kubernetes/ingress-nginx/pull/7020) Add option to specify job label for ServiceMonitor - -### 3.28.0 - -- [ ] [#6900](https://github.com/kubernetes/ingress-nginx/pull/6900) Support existing PSPs - -### 3.27.0 - -- Update ingress-nginx v0.45.0 - -### 3.26.0 - -- [X] [#6979](https://github.com/kubernetes/ingress-nginx/pull/6979) Changed servicePort value for metrics - -### 3.25.0 - -- [X] [#6957](https://github.com/kubernetes/ingress-nginx/pull/6957) Add ability to specify automountServiceAccountToken - -### 3.24.0 - -- [X] [#6908](https://github.com/kubernetes/ingress-nginx/pull/6908) Add volumes to default-backend deployment - -### 3.23.0 - -- Update ingress-nginx v0.44.0 - -### 3.22.0 - -- [X] [#6802](https://github.com/kubernetes/ingress-nginx/pull/6802) Add value for configuring a custom Diffie-Hellman parameters file -- [X] [#6815](https://github.com/kubernetes/ingress-nginx/pull/6815) Allow use of numeric namespaces in helm chart - -### 3.21.0 - -- [X] [#6783](https://github.com/kubernetes/ingress-nginx/pull/6783) Add custom annotations to ScaledObject -- [X] [#6761](https://github.com/kubernetes/ingress-nginx/pull/6761) Adding quotes in the serviceAccount name in Helm values -- [X] [#6767](https://github.com/kubernetes/ingress-nginx/pull/6767) Remove ClusterRole when scope option is enabled -- [X] [#6785](https://github.com/kubernetes/ingress-nginx/pull/6785) Update kube-webhook-certgen image to v1.5.1 - -### 3.20.1 - -- Do not create KEDA in case of DaemonSets. -- Fix KEDA v2 definition - -### 3.20.0 - -- [X] [#6730](https://github.com/kubernetes/ingress-nginx/pull/6730) Do not create HPA for defaultBackend if not enabled. - -### 3.19.0 - -- Update ingress-nginx v0.43.0 - -### 3.18.0 - -- [X] [#6688](https://github.com/kubernetes/ingress-nginx/pull/6688) Allow volume-type emptyDir in controller podsecuritypolicy -- [X] [#6691](https://github.com/kubernetes/ingress-nginx/pull/6691) Improve parsing of helm parameters - -### 3.17.0 - -- Update ingress-nginx v0.42.0 - -### 3.16.1 - -- Fix chart-releaser action - -### 3.16.0 - -- [X] [#6646](https://github.com/kubernetes/ingress-nginx/pull/6646) Added LoadBalancerIP value for internal service - -### 3.15.1 - -- Fix chart-releaser action - -### 3.15.0 - -- [X] [#6586](https://github.com/kubernetes/ingress-nginx/pull/6586) Fix 'maxmindLicenseKey' location in values.yaml - -### 3.14.0 - -- [X] [#6469](https://github.com/kubernetes/ingress-nginx/pull/6469) Allow custom service names for controller and backend - -### 3.13.0 - -- [X] [#6544](https://github.com/kubernetes/ingress-nginx/pull/6544) Fix default backend HPA name variable - -### 3.12.0 - -- [X] [#6514](https://github.com/kubernetes/ingress-nginx/pull/6514) Remove helm2 support and update docs - -### 3.11.1 - -- [X] [#6505](https://github.com/kubernetes/ingress-nginx/pull/6505) Reorder HPA resource list to work with GitOps tooling - -### 3.11.0 - -- Support Keda Autoscaling - -### 3.10.1 - -- Fix regression introduced in 0.41.0 with external authentication - -### 3.10.0 - -- Fix routing regression introduced in 0.41.0 with PathType Exact - -### 3.9.0 - -- [X] [#6423](https://github.com/kubernetes/ingress-nginx/pull/6423) Add Default backend HPA autoscaling - -### 3.8.0 - -- [X] [#6395](https://github.com/kubernetes/ingress-nginx/pull/6395) Update jettech/kube-webhook-certgen image -- [X] [#6377](https://github.com/kubernetes/ingress-nginx/pull/6377) Added loadBalancerSourceRanges for internal lbs -- [X] [#6356](https://github.com/kubernetes/ingress-nginx/pull/6356) Add securitycontext settings on defaultbackend -- [X] [#6401](https://github.com/kubernetes/ingress-nginx/pull/6401) Fix controller service annotations -- [X] [#6403](https://github.com/kubernetes/ingress-nginx/pull/6403) Initial helm chart changelog - -### 3.7.1 - -- [X] [#6326](https://github.com/kubernetes/ingress-nginx/pull/6326) Fix liveness and readiness probe path in daemonset chart - -### 3.7.0 - -- [X] [#6316](https://github.com/kubernetes/ingress-nginx/pull/6316) Numerals in podAnnotations in quotes [#6315](https://github.com/kubernetes/ingress-nginx/issues/6315) - -### 3.6.0 - -- [X] [#6305](https://github.com/kubernetes/ingress-nginx/pull/6305) Add default linux nodeSelector - -### 3.5.1 - -- [X] [#6299](https://github.com/kubernetes/ingress-nginx/pull/6299) Fix helm chart release - -### 3.5.0 - -- [X] [#6260](https://github.com/kubernetes/ingress-nginx/pull/6260) Allow Helm Chart to customize admission webhook's annotations, timeoutSeconds, namespaceSelector, objectSelector and cert files locations - -### 3.4.0 - -- [X] [#6268](https://github.com/kubernetes/ingress-nginx/pull/6268) Update to 0.40.2 in helm chart #6288 - -### 3.3.1 - -- [X] [#6259](https://github.com/kubernetes/ingress-nginx/pull/6259) Release helm chart -- [X] [#6258](https://github.com/kubernetes/ingress-nginx/pull/6258) Fix chart markdown link -- [X] [#6253](https://github.com/kubernetes/ingress-nginx/pull/6253) Release v0.40.0 - -### 3.3.1 - -- [X] [#6233](https://github.com/kubernetes/ingress-nginx/pull/6233) Add admission controller e2e test - -### 3.3.0 - -- [X] [#6203](https://github.com/kubernetes/ingress-nginx/pull/6203) Refactor parsing of key values -- [X] [#6162](https://github.com/kubernetes/ingress-nginx/pull/6162) Add helm chart options to expose metrics service as NodePort -- [X] [#6180](https://github.com/kubernetes/ingress-nginx/pull/6180) Fix helm chart admissionReviewVersions regression -- [X] [#6169](https://github.com/kubernetes/ingress-nginx/pull/6169) Fix Typo in example prometheus rules - -### 3.0.0 - -- [X] [#6167](https://github.com/kubernetes/ingress-nginx/pull/6167) Update chart requirements - -### 2.16.0 - -- [X] [#6154](https://github.com/kubernetes/ingress-nginx/pull/6154) add `topologySpreadConstraint` to controller - -### 2.15.0 - -- [X] [#6087](https://github.com/kubernetes/ingress-nginx/pull/6087) Adding parameter for externalTrafficPolicy in internal controller service spec - -### 2.14.0 - -- [X] [#6104](https://github.com/kubernetes/ingress-nginx/pull/6104) Misc fixes for nginx-ingress chart for better keel and prometheus-operator integration - -### 2.13.0 - -- [X] [#6093](https://github.com/kubernetes/ingress-nginx/pull/6093) Release v0.35.0 - -### 2.13.0 - -- [X] [#6093](https://github.com/kubernetes/ingress-nginx/pull/6093) Release v0.35.0 -- [X] [#6080](https://github.com/kubernetes/ingress-nginx/pull/6080) Switch images to k8s.gcr.io after Vanity Domain Flip - -### 2.12.1 - -- [X] [#6075](https://github.com/kubernetes/ingress-nginx/pull/6075) Sync helm chart affinity examples - -### 2.12.0 - -- [X] [#6039](https://github.com/kubernetes/ingress-nginx/pull/6039) Add configurable serviceMonitor metricRelabelling and targetLabels -- [X] [#6044](https://github.com/kubernetes/ingress-nginx/pull/6044) Fix YAML linting - -### 2.11.3 - -- [X] [#6038](https://github.com/kubernetes/ingress-nginx/pull/6038) Bump chart version PATCH - -### 2.11.2 - -- [X] [#5951](https://github.com/kubernetes/ingress-nginx/pull/5951) Bump chart patch version - -### 2.11.1 - -- [X] [#5900](https://github.com/kubernetes/ingress-nginx/pull/5900) Release helm chart for v0.34.1 - -### 2.11.0 - -- [X] [#5879](https://github.com/kubernetes/ingress-nginx/pull/5879) Update helm chart for v0.34.0 -- [X] [#5671](https://github.com/kubernetes/ingress-nginx/pull/5671) Make liveness probe more fault tolerant than readiness probe - -### 2.10.0 - -- [X] [#5843](https://github.com/kubernetes/ingress-nginx/pull/5843) Update jettech/kube-webhook-certgen image - -### 2.9.1 - -- [X] [#5823](https://github.com/kubernetes/ingress-nginx/pull/5823) Add quoting to sysctls because numeric values need to be presented as strings (#5823) - -### 2.9.0 - -- [X] [#5795](https://github.com/kubernetes/ingress-nginx/pull/5795) Use fully qualified images to avoid cri-o issues - - -### TODO - -Keep building the changelog using *git log charts* checking the tag diff --git a/charts/ingress-nginx/Chart.yaml b/charts/ingress-nginx/Chart.yaml index 4e1fc67a5..b664a6714 100644 --- a/charts/ingress-nginx/Chart.yaml +++ b/charts/ingress-nginx/Chart.yaml @@ -1,12 +1,11 @@ annotations: - artifacthub.io/changes: | - - "Update Ingress-Nginx version controller-v1.8.2" + artifacthub.io/changes: |- + - "Update Ingress-Nginx version controller-v1.9.4" artifacthub.io/prerelease: "false" apiVersion: v2 -appVersion: 1.8.2 +appVersion: 1.9.4 description: Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer -engine: gotpl home: https://github.com/kubernetes/ingress-nginx icon: https://upload.wikimedia.org/wikipedia/commons/thumb/c/c5/Nginx_logo.svg/500px-Nginx_logo.svg.png keywords: @@ -20,4 +19,4 @@ maintainers: name: ingress-nginx sources: - https://github.com/kubernetes/ingress-nginx -version: 4.7.2 +version: 4.8.4 diff --git a/charts/ingress-nginx/README.md b/charts/ingress-nginx/README.md index a9c40e88b..acf1be7bf 100644 --- a/charts/ingress-nginx/README.md +++ b/charts/ingress-nginx/README.md @@ -2,7 +2,7 @@ [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer -![Version: 4.7.2](https://img.shields.io/badge/Version-4.7.2-informational?style=flat-square) ![AppVersion: 1.8.2](https://img.shields.io/badge/AppVersion-1.8.2-informational?style=flat-square) +![Version: 4.8.4](https://img.shields.io/badge/Version-4.8.4-informational?style=flat-square) ![AppVersion: 1.9.4](https://img.shields.io/badge/AppVersion-1.9.4-informational?style=flat-square) To use, add `ingressClassName: nginx` spec field or the `kubernetes.io/ingress.class: nginx` annotation to your Ingress resources. @@ -242,7 +242,7 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu | controller.admissionWebhooks.certificate | string | `"/usr/local/certificates/cert"` | | | controller.admissionWebhooks.createSecretJob.name | string | `"create"` | | | controller.admissionWebhooks.createSecretJob.resources | object | `{}` | | -| controller.admissionWebhooks.createSecretJob.securityContext.allowPrivilegeEscalation | bool | `false` | | +| controller.admissionWebhooks.createSecretJob.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsNonRoot":true,"runAsUser":65532,"seccompProfile":{"type":"RuntimeDefault"}}` | Security context for secret creation containers | | controller.admissionWebhooks.enabled | bool | `true` | | | controller.admissionWebhooks.existingPsp | string | `""` | Use an existing PSP instead of creating one | | controller.admissionWebhooks.extraEnvs | list | `[]` | Additional environment variables to set | @@ -263,13 +263,11 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu | controller.admissionWebhooks.patch.nodeSelector."kubernetes.io/os" | string | `"linux"` | | | controller.admissionWebhooks.patch.podAnnotations | object | `{}` | | | controller.admissionWebhooks.patch.priorityClassName | string | `""` | Provide a priority class name to the webhook patching job # | -| controller.admissionWebhooks.patch.securityContext.fsGroup | int | `2000` | | -| controller.admissionWebhooks.patch.securityContext.runAsNonRoot | bool | `true` | | -| controller.admissionWebhooks.patch.securityContext.runAsUser | int | `2000` | | +| controller.admissionWebhooks.patch.securityContext | object | `{}` | Security context for secret creation & webhook patch pods | | controller.admissionWebhooks.patch.tolerations | list | `[]` | | | controller.admissionWebhooks.patchWebhookJob.name | string | `"patch"` | | | controller.admissionWebhooks.patchWebhookJob.resources | object | `{}` | | -| controller.admissionWebhooks.patchWebhookJob.securityContext.allowPrivilegeEscalation | bool | `false` | | +| controller.admissionWebhooks.patchWebhookJob.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsNonRoot":true,"runAsUser":65532,"seccompProfile":{"type":"RuntimeDefault"}}` | Security context for webhook patch containers | | controller.admissionWebhooks.port | int | `8443` | | | controller.admissionWebhooks.service.annotations | object | `{}` | | | controller.admissionWebhooks.service.externalIPs | list | `[]` | | @@ -292,6 +290,7 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu | controller.configMapNamespace | string | `""` | Allows customization of the configmap / nginx-configmap namespace; defaults to $(POD_NAMESPACE) | | controller.containerName | string | `"controller"` | Configures the controller container name | | controller.containerPort | object | `{"http":80,"https":443}` | Configures the ports that the nginx-controller listens on | +| controller.containerSecurityContext | object | `{}` | Security context for controller containers | | controller.customTemplate.configMapKey | string | `""` | | | controller.customTemplate.configMapName | string | `""` | | | controller.dnsConfig | object | `{}` | Optionally customize the pod dnsConfig. | @@ -316,15 +315,18 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu | controller.hostPort.ports.http | int | `80` | 'hostPort' http port | | controller.hostPort.ports.https | int | `443` | 'hostPort' https port | | controller.hostname | object | `{}` | Optionally customize the pod hostname. | -| controller.image.allowPrivilegeEscalation | bool | `true` | | +| controller.image.allowPrivilegeEscalation | bool | `false` | | | controller.image.chroot | bool | `false` | | -| controller.image.digest | string | `"sha256:74834d3d25b336b62cabeb8bf7f1d788706e2cf1cfd64022de4137ade8881ff2"` | | -| controller.image.digestChroot | string | `"sha256:1317a563219f755a6094d990057c78e5c4dcea5e31f4ce1db8641e732a7d6133"` | | +| controller.image.digest | string | `"sha256:5b161f051d017e55d358435f295f5e9a297e66158f136321d9b04520ec6c48a3"` | | +| controller.image.digestChroot | string | `"sha256:5976b1067cfbca8a21d0ba53d71f83543a73316a61ea7f7e436d6cf84ddf9b26"` | | | controller.image.image | string | `"ingress-nginx/controller"` | | | controller.image.pullPolicy | string | `"IfNotPresent"` | | +| controller.image.readOnlyRootFilesystem | bool | `false` | | | controller.image.registry | string | `"registry.k8s.io"` | | +| controller.image.runAsNonRoot | bool | `true` | | | controller.image.runAsUser | int | `101` | | -| controller.image.tag | string | `"v1.8.2"` | | +| controller.image.seccompProfile.type | string | `"RuntimeDefault"` | | +| controller.image.tag | string | `"v1.9.4"` | | | controller.ingressClass | string | `"nginx"` | For backwards compatibility with ingress.class annotation, use ingressClass. Algorithm is as follows, first ingressClassName is considered, if not present, controller looks for ingress.class annotation | | controller.ingressClassByName | bool | `false` | Process IngressClass per name (additionally as per spec.controller). | | controller.ingressClassResource.controllerValue | string | `"k8s.io/ingress-nginx"` | Controller-value of the controller that is processing this ingressClass | @@ -380,11 +382,22 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu | controller.networkPolicy.enabled | bool | `false` | Enable 'networkPolicy' or not | | controller.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node labels for controller pod assignment # Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ # | | controller.opentelemetry.containerSecurityContext.allowPrivilegeEscalation | bool | `false` | | +| controller.opentelemetry.containerSecurityContext.capabilities.drop[0] | string | `"ALL"` | | +| controller.opentelemetry.containerSecurityContext.readOnlyRootFilesystem | bool | `true` | | +| controller.opentelemetry.containerSecurityContext.runAsNonRoot | bool | `true` | | +| controller.opentelemetry.containerSecurityContext.runAsUser | int | `65532` | The image's default user, inherited from its base image `cgr.dev/chainguard/static`. | +| controller.opentelemetry.containerSecurityContext.seccompProfile.type | string | `"RuntimeDefault"` | | | controller.opentelemetry.enabled | bool | `false` | | -| controller.opentelemetry.image | string | `"registry.k8s.io/ingress-nginx/opentelemetry:v20230721-3e2062ee5@sha256:13bee3f5223883d3ca62fee7309ad02d22ec00ff0d7033e3e9aca7a9f60fd472"` | | +| controller.opentelemetry.image.digest | string | `"sha256:13bee3f5223883d3ca62fee7309ad02d22ec00ff0d7033e3e9aca7a9f60fd472"` | | +| controller.opentelemetry.image.distroless | bool | `true` | | +| controller.opentelemetry.image.image | string | `"ingress-nginx/opentelemetry"` | | +| controller.opentelemetry.image.registry | string | `"registry.k8s.io"` | | +| controller.opentelemetry.image.tag | string | `"v20230721-3e2062ee5"` | | +| controller.opentelemetry.name | string | `"opentelemetry"` | | +| controller.opentelemetry.resources | object | `{}` | | | controller.podAnnotations | object | `{}` | Annotations to be added to controller pods # | | controller.podLabels | object | `{}` | Labels to add to the pod container metadata | -| controller.podSecurityContext | object | `{}` | Security Context policies for controller pods | +| controller.podSecurityContext | object | `{}` | Security context for controller pods | | controller.priorityClassName | string | `""` | | | controller.proxySetHeaders | object | `{}` | Will add custom headers before sending traffic to backends according to https://github.com/kubernetes/ingress-nginx/tree/main/docs/examples/customization/custom-headers | | controller.publishService | object | `{"enabled":true,"pathOverride":""}` | Allows customization of the source of the IP address or FQDN to report in the ingress status field. By default, it reads the information provided by the service. If disable, the status field reports the IP address of the node or nodes where an ingress controller pod is running. | @@ -405,36 +418,52 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu | controller.scope.enabled | bool | `false` | Enable 'scope' or not | | controller.scope.namespace | string | `""` | Namespace to limit the controller to; defaults to $(POD_NAMESPACE) | | controller.scope.namespaceSelector | string | `""` | When scope.enabled == false, instead of watching all namespaces, we watching namespaces whose labels only match with namespaceSelector. Format like foo=bar. Defaults to empty, means watching all namespaces. | -| controller.service.annotations | object | `{}` | Annotations are mandatory for the load balancer to come up. Varies with the cloud service. Values passed through helm tpl engine. | -| controller.service.appProtocol | bool | `true` | If enabled is adding an appProtocol option for Kubernetes service. An appProtocol field replacing annotations that were using for setting a backend protocol. Here is an example for AWS: service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http It allows choosing the protocol for each backend specified in the Kubernetes service. See the following GitHub issue for more details about the purpose: https://github.com/kubernetes/kubernetes/issues/40244 Will be ignored for Kubernetes versions older than 1.20 # | -| controller.service.enableHttp | bool | `true` | | -| controller.service.enableHttps | bool | `true` | | -| controller.service.enabled | bool | `true` | | -| controller.service.external.enabled | bool | `true` | | -| controller.service.externalIPs | list | `[]` | List of IP addresses at which the controller services are available # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips # | -| controller.service.internal.annotations | object | `{}` | Annotations are mandatory for the load balancer to come up. Varies with the cloud service. Values passed through helm tpl engine. | -| controller.service.internal.enabled | bool | `false` | Enables an additional internal load balancer (besides the external one). | -| controller.service.internal.loadBalancerIP | string | `""` | Used by cloud providers to connect the resulting internal LoadBalancer to a pre-existing static IP. Make sure to add to the service the needed annotation to specify the subnet which the static IP belongs to. For instance, `networking.gke.io/internal-load-balancer-subnet` for GCP and `service.beta.kubernetes.io/aws-load-balancer-subnets` for AWS. | -| controller.service.internal.loadBalancerSourceRanges | list | `[]` | Restrict access For LoadBalancer service. Defaults to 0.0.0.0/0. | -| controller.service.internal.ports | object | `{}` | Custom port mapping for internal service | -| controller.service.internal.targetPorts | object | `{}` | Custom target port mapping for internal service | -| controller.service.ipFamilies | list | `["IPv4"]` | List of IP families (e.g. IPv4, IPv6) assigned to the service. This field is usually assigned automatically based on cluster configuration and the ipFamilyPolicy field. # Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/ | -| controller.service.ipFamilyPolicy | string | `"SingleStack"` | Represents the dual-stack-ness requested or required by this Service. Possible values are SingleStack, PreferDualStack or RequireDualStack. The ipFamilies and clusterIPs fields depend on the value of this field. # Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/ | -| controller.service.labels | object | `{}` | | -| controller.service.loadBalancerClass | string | `""` | Used by cloud providers to select a load balancer implementation other than the cloud provider default. https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-class | -| controller.service.loadBalancerIP | string | `""` | Used by cloud providers to connect the resulting `LoadBalancer` to a pre-existing static IP according to https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer | -| controller.service.loadBalancerSourceRanges | list | `[]` | | -| controller.service.nodePorts.http | string | `""` | | -| controller.service.nodePorts.https | string | `""` | | -| controller.service.nodePorts.tcp | object | `{}` | | -| controller.service.nodePorts.udp | object | `{}` | | -| controller.service.ports.http | int | `80` | | -| controller.service.ports.https | int | `443` | | -| controller.service.targetPorts.http | string | `"http"` | | -| controller.service.targetPorts.https | string | `"https"` | | -| controller.service.type | string | `"LoadBalancer"` | | +| controller.service.annotations | object | `{}` | Annotations to be added to the external controller service. See `controller.service.internal.annotations` for annotations to be added to the internal controller service. | +| controller.service.appProtocol | bool | `true` | Declare the app protocol of the external HTTP and HTTPS listeners or not. Supersedes provider-specific annotations for declaring the backend protocol. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#application-protocol | +| controller.service.clusterIP | string | `""` | Pre-defined cluster internal IP address of the external controller service. Take care of collisions with existing services. This value is immutable. Set once, it can not be changed without deleting and re-creating the service. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address | +| controller.service.enableHttp | bool | `true` | Enable the HTTP listener on both controller services or not. | +| controller.service.enableHttps | bool | `true` | Enable the HTTPS listener on both controller services or not. | +| controller.service.enabled | bool | `true` | Enable controller services or not. This does not influence the creation of either the admission webhook or the metrics service. | +| controller.service.external.enabled | bool | `true` | Enable the external controller service or not. Useful for internal-only deployments. | +| controller.service.externalIPs | list | `[]` | List of node IP addresses at which the external controller service is available. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips | +| controller.service.externalTrafficPolicy | string | `""` | External traffic policy of the external controller service. Set to "Local" to preserve source IP on providers supporting it. Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip | +| controller.service.internal.annotations | object | `{}` | Annotations to be added to the internal controller service. Mandatory for the internal controller service to be created. Varies with the cloud service. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer | +| controller.service.internal.appProtocol | bool | `true` | Declare the app protocol of the internal HTTP and HTTPS listeners or not. Supersedes provider-specific annotations for declaring the backend protocol. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#application-protocol | +| controller.service.internal.clusterIP | string | `""` | Pre-defined cluster internal IP address of the internal controller service. Take care of collisions with existing services. This value is immutable. Set once, it can not be changed without deleting and re-creating the service. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address | +| controller.service.internal.enabled | bool | `false` | Enable the internal controller service or not. Remember to configure `controller.service.internal.annotations` when enabling this. | +| controller.service.internal.externalIPs | list | `[]` | List of node IP addresses at which the internal controller service is available. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips | +| controller.service.internal.externalTrafficPolicy | string | `""` | External traffic policy of the internal controller service. Set to "Local" to preserve source IP on providers supporting it. Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip | +| controller.service.internal.ipFamilies | list | `["IPv4"]` | List of IP families (e.g. IPv4, IPv6) assigned to the internal controller service. This field is usually assigned automatically based on cluster configuration and the `ipFamilyPolicy` field. Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services | +| controller.service.internal.ipFamilyPolicy | string | `"SingleStack"` | Represents the dual-stack capabilities of the internal controller service. Possible values are SingleStack, PreferDualStack or RequireDualStack. Fields `ipFamilies` and `clusterIP` depend on the value of this field. Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services | +| controller.service.internal.loadBalancerClass | string | `""` | Load balancer class of the internal controller service. Used by cloud providers to select a load balancer implementation other than the cloud provider default. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-class | +| controller.service.internal.loadBalancerIP | string | `""` | Deprecated: Pre-defined IP address of the internal controller service. Used by cloud providers to connect the resulting load balancer service to a pre-existing static IP. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer | +| controller.service.internal.loadBalancerSourceRanges | list | `[]` | Restrict access to the internal controller service. Values must be CIDRs. Allows any source address by default. | +| controller.service.internal.nodePorts.http | string | `""` | Node port allocated for the internal HTTP listener. If left empty, the service controller allocates one from the configured node port range. | +| controller.service.internal.nodePorts.https | string | `""` | Node port allocated for the internal HTTPS listener. If left empty, the service controller allocates one from the configured node port range. | +| controller.service.internal.nodePorts.tcp | object | `{}` | Node port mapping for internal TCP listeners. If left empty, the service controller allocates them from the configured node port range. Example: tcp: 8080: 30080 | +| controller.service.internal.nodePorts.udp | object | `{}` | Node port mapping for internal UDP listeners. If left empty, the service controller allocates them from the configured node port range. Example: udp: 53: 30053 | +| controller.service.internal.ports | object | `{}` | | +| controller.service.internal.sessionAffinity | string | `""` | Session affinity of the internal controller service. Must be either "None" or "ClientIP" if set. Defaults to "None". Ref: https://kubernetes.io/docs/reference/networking/virtual-ips/#session-affinity | +| controller.service.internal.targetPorts | object | `{}` | | +| controller.service.internal.type | string | `""` | Type of the internal controller service. Defaults to the value of `controller.service.type`. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types | +| controller.service.ipFamilies | list | `["IPv4"]` | List of IP families (e.g. IPv4, IPv6) assigned to the external controller service. This field is usually assigned automatically based on cluster configuration and the `ipFamilyPolicy` field. Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services | +| controller.service.ipFamilyPolicy | string | `"SingleStack"` | Represents the dual-stack capabilities of the external controller service. Possible values are SingleStack, PreferDualStack or RequireDualStack. Fields `ipFamilies` and `clusterIP` depend on the value of this field. Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services | +| controller.service.labels | object | `{}` | Labels to be added to both controller services. | +| controller.service.loadBalancerClass | string | `""` | Load balancer class of the external controller service. Used by cloud providers to select a load balancer implementation other than the cloud provider default. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-class | +| controller.service.loadBalancerIP | string | `""` | Deprecated: Pre-defined IP address of the external controller service. Used by cloud providers to connect the resulting load balancer service to a pre-existing static IP. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer | +| controller.service.loadBalancerSourceRanges | list | `[]` | Restrict access to the external controller service. Values must be CIDRs. Allows any source address by default. | +| controller.service.nodePorts.http | string | `""` | Node port allocated for the external HTTP listener. If left empty, the service controller allocates one from the configured node port range. | +| controller.service.nodePorts.https | string | `""` | Node port allocated for the external HTTPS listener. If left empty, the service controller allocates one from the configured node port range. | +| controller.service.nodePorts.tcp | object | `{}` | Node port mapping for external TCP listeners. If left empty, the service controller allocates them from the configured node port range. Example: tcp: 8080: 30080 | +| controller.service.nodePorts.udp | object | `{}` | Node port mapping for external UDP listeners. If left empty, the service controller allocates them from the configured node port range. Example: udp: 53: 30053 | +| controller.service.ports.http | int | `80` | Port the external HTTP listener is published with. | +| controller.service.ports.https | int | `443` | Port the external HTTPS listener is published with. | +| controller.service.sessionAffinity | string | `""` | Session affinity of the external controller service. Must be either "None" or "ClientIP" if set. Defaults to "None". Ref: https://kubernetes.io/docs/reference/networking/virtual-ips/#session-affinity | +| controller.service.targetPorts.http | string | `"http"` | Port of the ingress controller the external HTTP listener is mapped to. | +| controller.service.targetPorts.https | string | `"https"` | Port of the ingress controller the external HTTPS listener is mapped to. | +| controller.service.type | string | `"LoadBalancer"` | Type of the external controller service. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types | | controller.shareProcessNamespace | bool | `false` | | -| controller.sysctls | object | `{}` | See https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ for notes on enabling and using sysctls | +| controller.sysctls | object | `{}` | sysctls for controller pods # Ref: https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ | | controller.tcp.annotations | object | `{}` | Annotations to be added to the tcp config configmap | | controller.tcp.configMapNamespace | string | `""` | Allows customization of the tcp-services-configmap; defaults to $(POD_NAMESPACE) | | controller.terminationGracePeriodSeconds | int | `300` | `terminationGracePeriodSeconds` to avoid killing pods before we are ready # wait up to five minutes for the drain of connections # | @@ -451,10 +480,11 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu | defaultBackend.autoscaling.minReplicas | int | `1` | | | defaultBackend.autoscaling.targetCPUUtilizationPercentage | int | `50` | | | defaultBackend.autoscaling.targetMemoryUtilizationPercentage | int | `50` | | -| defaultBackend.containerSecurityContext | object | `{}` | Security Context policies for controller main container. See https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ for notes on enabling and using sysctls # | +| defaultBackend.containerSecurityContext | object | `{}` | Security context for default backend containers | | defaultBackend.enabled | bool | `false` | | | defaultBackend.existingPsp | string | `""` | Use an existing PSP instead of creating one | | defaultBackend.extraArgs | object | `{}` | | +| defaultBackend.extraConfigMaps | list | `[]` | | | defaultBackend.extraEnvs | list | `[]` | Additional environment variables to set for defaultBackend pods | | defaultBackend.extraVolumeMounts | list | `[]` | | | defaultBackend.extraVolumes | list | `[]` | | @@ -465,6 +495,7 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu | defaultBackend.image.registry | string | `"registry.k8s.io"` | | | defaultBackend.image.runAsNonRoot | bool | `true` | | | defaultBackend.image.runAsUser | int | `65534` | | +| defaultBackend.image.seccompProfile.type | string | `"RuntimeDefault"` | | | defaultBackend.image.tag | string | `"1.5"` | | | defaultBackend.labels | object | `{}` | Labels to be added to the default backend resources | | defaultBackend.livenessProbe.failureThreshold | int | `3` | | @@ -479,7 +510,7 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu | defaultBackend.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node labels for default backend pod assignment # Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ # | | defaultBackend.podAnnotations | object | `{}` | Annotations to be added to default backend pods # | | defaultBackend.podLabels | object | `{}` | Labels to add to the pod container metadata | -| defaultBackend.podSecurityContext | object | `{}` | Security Context policies for controller pods See https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ for notes on enabling and using sysctls # | +| defaultBackend.podSecurityContext | object | `{}` | Security context for default backend pods | | defaultBackend.port | int | `8080` | | | defaultBackend.priorityClassName | string | `""` | | | defaultBackend.readinessProbe.failureThreshold | int | `6` | | diff --git a/charts/ingress-nginx/changelog/.gitkeep b/charts/ingress-nginx/changelog/.gitkeep deleted file mode 100644 index e69de29bb..000000000 diff --git a/charts/ingress-nginx/changelog/helm-chart-2.10.0.md b/charts/ingress-nginx/changelog/helm-chart-2.10.0.md new file mode 100644 index 000000000..b42d6c28b --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-2.10.0.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 2.10.0 + +* [#5843](https://github.com/kubernetes/ingress-nginx/pull/5843) Update jettech/kube-webhook-certgen image + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-2.9.1...ingress-nginx-2.10.0 diff --git a/charts/ingress-nginx/changelog/helm-chart-2.11.0.md b/charts/ingress-nginx/changelog/helm-chart-2.11.0.md new file mode 100644 index 000000000..e549b3867 --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-2.11.0.md @@ -0,0 +1,10 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 2.11.0 + +* [#5879](https://github.com/kubernetes/ingress-nginx/pull/5879) Update helm chart for v0.34.0 +* [#5671](https://github.com/kubernetes/ingress-nginx/pull/5671) Make liveness probe more fault tolerant than readiness probe + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-2.10.0...ingress-nginx-2.11.0 diff --git a/charts/ingress-nginx/changelog/helm-chart-2.11.1.md b/charts/ingress-nginx/changelog/helm-chart-2.11.1.md new file mode 100644 index 000000000..d910d3bf4 --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-2.11.1.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 2.11.1 + +* [#5900](https://github.com/kubernetes/ingress-nginx/pull/5900) Release helm chart for v0.34.1 + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-2.11.0...ingress-nginx-2.11.1 diff --git a/charts/ingress-nginx/changelog/helm-chart-2.11.2.md b/charts/ingress-nginx/changelog/helm-chart-2.11.2.md new file mode 100644 index 000000000..9f7821005 --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-2.11.2.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 2.11.2 + +* [#5951](https://github.com/kubernetes/ingress-nginx/pull/5951) Bump chart patch version + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-2.11.1...ingress-nginx-2.11.2 diff --git a/charts/ingress-nginx/changelog/helm-chart-2.11.3.md b/charts/ingress-nginx/changelog/helm-chart-2.11.3.md new file mode 100644 index 000000000..344769163 --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-2.11.3.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 2.11.3 + +* [#6038](https://github.com/kubernetes/ingress-nginx/pull/6038) Bump chart version PATCH + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-2.11.2...ingress-nginx-2.11.3 diff --git a/charts/ingress-nginx/changelog/helm-chart-2.12.0.md b/charts/ingress-nginx/changelog/helm-chart-2.12.0.md new file mode 100644 index 000000000..5cb3888aa --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-2.12.0.md @@ -0,0 +1,10 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 2.12.0 + +* [#6039](https://github.com/kubernetes/ingress-nginx/pull/6039) Add configurable serviceMonitor metricRelabelling and targetLabels +* [#6044](https://github.com/kubernetes/ingress-nginx/pull/6044) Fix YAML linting + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-2.11.3...ingress-nginx-2.12.0 diff --git a/charts/ingress-nginx/changelog/helm-chart-2.12.1.md b/charts/ingress-nginx/changelog/helm-chart-2.12.1.md new file mode 100644 index 000000000..94d121db5 --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-2.12.1.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 2.12.1 + +* [#6075](https://github.com/kubernetes/ingress-nginx/pull/6075) Sync helm chart affinity examples + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-2.12.0...ingress-nginx-2.12.1 diff --git a/charts/ingress-nginx/changelog/helm-chart-2.13.0.md b/charts/ingress-nginx/changelog/helm-chart-2.13.0.md new file mode 100644 index 000000000..01fe0b15d --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-2.13.0.md @@ -0,0 +1,10 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 2.13.0 + +* [#6093](https://github.com/kubernetes/ingress-nginx/pull/6093) Release v0.35.0 +* [#6080](https://github.com/kubernetes/ingress-nginx/pull/6080) Switch images to k8s.gcr.io after Vanity Domain Flip + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-2.12.1...ingress-nginx-2.13.0 diff --git a/charts/ingress-nginx/changelog/helm-chart-2.14.0.md b/charts/ingress-nginx/changelog/helm-chart-2.14.0.md new file mode 100644 index 000000000..2fb7a5a76 --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-2.14.0.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 2.14.0 + +* [#6104](https://github.com/kubernetes/ingress-nginx/pull/6104) Misc fixes for nginx-ingress chart for better keel and prometheus-operator integration + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-2.13.0...ingress-nginx-2.14.0 diff --git a/charts/ingress-nginx/changelog/helm-chart-2.15.0.md b/charts/ingress-nginx/changelog/helm-chart-2.15.0.md new file mode 100644 index 000000000..543a55927 --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-2.15.0.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 2.15.0 + +* [#6087](https://github.com/kubernetes/ingress-nginx/pull/6087) Adding parameter for externalTrafficPolicy in internal controller service spec + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-2.14.0...ingress-nginx-2.15.0 diff --git a/charts/ingress-nginx/changelog/helm-chart-2.16.0.md b/charts/ingress-nginx/changelog/helm-chart-2.16.0.md new file mode 100644 index 000000000..996f4489e --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-2.16.0.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 2.16.0 + +* [#6154](https://github.com/kubernetes/ingress-nginx/pull/6154) add `topologySpreadConstraint` to controller + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-2.15.0...ingress-nginx-2.16.0 diff --git a/charts/ingress-nginx/changelog/helm-chart-2.9.0.md b/charts/ingress-nginx/changelog/helm-chart-2.9.0.md new file mode 100644 index 000000000..11c5f5fed --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-2.9.0.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 2.9.0 + +* [#5795](https://github.com/kubernetes/ingress-nginx/pull/5795) Use fully qualified images to avoid cri-o issues + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-TODO...ingress-nginx-2.9.0 diff --git a/charts/ingress-nginx/changelog/helm-chart-2.9.1.md b/charts/ingress-nginx/changelog/helm-chart-2.9.1.md new file mode 100644 index 000000000..7d4314d9c --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-2.9.1.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 2.9.1 + +* [#5823](https://github.com/kubernetes/ingress-nginx/pull/5823) Add quoting to sysctls because numeric values need to be presented as strings (#5823) + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-2.9.0...ingress-nginx-2.9.1 diff --git a/charts/ingress-nginx/changelog/helm-chart-3.0.0.md b/charts/ingress-nginx/changelog/helm-chart-3.0.0.md new file mode 100644 index 000000000..a7d50ee3a --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-3.0.0.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 3.0.0 + +* [#6167](https://github.com/kubernetes/ingress-nginx/pull/6167) Update chart requirements + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-2.16.0...ingress-nginx-3.0.0 diff --git a/charts/ingress-nginx/changelog/helm-chart-3.10.0.md b/charts/ingress-nginx/changelog/helm-chart-3.10.0.md new file mode 100644 index 000000000..3369bed03 --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-3.10.0.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 3.10.0 + +* Fix routing regression introduced in 0.41.0 with PathType Exact + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-3.9.0...ingress-nginx-3.10.0 diff --git a/charts/ingress-nginx/changelog/helm-chart-3.10.1.md b/charts/ingress-nginx/changelog/helm-chart-3.10.1.md new file mode 100644 index 000000000..6ff682e52 --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-3.10.1.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 3.10.1 + +* Fix regression introduced in 0.41.0 with external authentication + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-3.10.0...ingress-nginx-3.10.1 diff --git a/charts/ingress-nginx/changelog/helm-chart-3.11.0.md b/charts/ingress-nginx/changelog/helm-chart-3.11.0.md new file mode 100644 index 000000000..69ba5506b --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-3.11.0.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 3.11.0 + +* Support Keda Autoscaling + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-3.10.1...ingress-nginx-3.11.0 diff --git a/charts/ingress-nginx/changelog/helm-chart-3.11.1.md b/charts/ingress-nginx/changelog/helm-chart-3.11.1.md new file mode 100644 index 000000000..4e81f4b41 --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-3.11.1.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 3.11.1 + +* [#6505](https://github.com/kubernetes/ingress-nginx/pull/6505) Reorder HPA resource list to work with GitOps tooling + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-3.11.0...ingress-nginx-3.11.1 diff --git a/charts/ingress-nginx/changelog/helm-chart-3.12.0.md b/charts/ingress-nginx/changelog/helm-chart-3.12.0.md new file mode 100644 index 000000000..41b9744de --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-3.12.0.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 3.12.0 + +* [#6514](https://github.com/kubernetes/ingress-nginx/pull/6514) Remove helm2 support and update docs + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-3.11.1...ingress-nginx-3.12.0 diff --git a/charts/ingress-nginx/changelog/helm-chart-3.13.0.md b/charts/ingress-nginx/changelog/helm-chart-3.13.0.md new file mode 100644 index 000000000..0855a7913 --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-3.13.0.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 3.13.0 + +* [#6544](https://github.com/kubernetes/ingress-nginx/pull/6544) Fix default backend HPA name variable + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-3.12.0...ingress-nginx-3.13.0 diff --git a/charts/ingress-nginx/changelog/helm-chart-3.14.0.md b/charts/ingress-nginx/changelog/helm-chart-3.14.0.md new file mode 100644 index 000000000..e07880bf4 --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-3.14.0.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 3.14.0 + +* [#6469](https://github.com/kubernetes/ingress-nginx/pull/6469) Allow custom service names for controller and backend + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-3.13.0...ingress-nginx-3.14.0 diff --git a/charts/ingress-nginx/changelog/helm-chart-3.15.0.md b/charts/ingress-nginx/changelog/helm-chart-3.15.0.md new file mode 100644 index 000000000..3053a3548 --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-3.15.0.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 3.15.0 + +* [#6586](https://github.com/kubernetes/ingress-nginx/pull/6586) Fix 'maxmindLicenseKey' location in values.yaml + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-3.14.0...ingress-nginx-3.15.0 diff --git a/charts/ingress-nginx/changelog/helm-chart-3.15.1.md b/charts/ingress-nginx/changelog/helm-chart-3.15.1.md new file mode 100644 index 000000000..f11ee0a76 --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-3.15.1.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 3.15.1 + +* Fix chart-releaser action + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-3.15.0...ingress-nginx-3.15.1 diff --git a/charts/ingress-nginx/changelog/helm-chart-3.16.0.md b/charts/ingress-nginx/changelog/helm-chart-3.16.0.md new file mode 100644 index 000000000..fba30b171 --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-3.16.0.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 3.16.0 + +* [#6646](https://github.com/kubernetes/ingress-nginx/pull/6646) Added LoadBalancerIP value for internal service + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-3.15.1...helm-chart-3.16.0 diff --git a/charts/ingress-nginx/changelog/helm-chart-3.16.1.md b/charts/ingress-nginx/changelog/helm-chart-3.16.1.md new file mode 100644 index 000000000..650d1b8fa --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-3.16.1.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 3.16.1 + +* Fix chart-releaser action + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-3.16.0...helm-chart-3.16.1 diff --git a/charts/ingress-nginx/changelog/helm-chart-3.17.0.md b/charts/ingress-nginx/changelog/helm-chart-3.17.0.md new file mode 100644 index 000000000..175c7a264 --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-3.17.0.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 3.17.0 + +* Update ingress-nginx v0.42.0 + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-3.16.1...helm-chart-3.17.0 diff --git a/charts/ingress-nginx/changelog/helm-chart-3.18.0.md b/charts/ingress-nginx/changelog/helm-chart-3.18.0.md new file mode 100644 index 000000000..31b815e4e --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-3.18.0.md @@ -0,0 +1,10 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 3.18.0 + +* [#6688](https://github.com/kubernetes/ingress-nginx/pull/6688) Allow volume-type emptyDir in controller podsecuritypolicy +* [#6691](https://github.com/kubernetes/ingress-nginx/pull/6691) Improve parsing of helm parameters + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-3.17.0...helm-chart-3.18.0 diff --git a/charts/ingress-nginx/changelog/helm-chart-3.19.0.md b/charts/ingress-nginx/changelog/helm-chart-3.19.0.md new file mode 100644 index 000000000..0970bf02c --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-3.19.0.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 3.19.0 + +* Update ingress-nginx v0.43.0 + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-3.18.0...helm-chart-3.19.0 diff --git a/charts/ingress-nginx/changelog/helm-chart-3.20.0.md b/charts/ingress-nginx/changelog/helm-chart-3.20.0.md new file mode 100644 index 000000000..4b81ae42f --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-3.20.0.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 3.20.0 + +* [#6730](https://github.com/kubernetes/ingress-nginx/pull/6730) Do not create HPA for defaultBackend if not enabled. + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-3.19.0...helm-chart-3.20.0 diff --git a/charts/ingress-nginx/changelog/helm-chart-3.20.1.md b/charts/ingress-nginx/changelog/helm-chart-3.20.1.md new file mode 100644 index 000000000..952bf2bd3 --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-3.20.1.md @@ -0,0 +1,10 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 3.20.1 + +* Do not create KEDA in case of DaemonSets. +* Fix KEDA v2 definition + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-3.20.0...helm-chart-3.20.1 diff --git a/charts/ingress-nginx/changelog/helm-chart-3.21.0.md b/charts/ingress-nginx/changelog/helm-chart-3.21.0.md new file mode 100644 index 000000000..25edbefd9 --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-3.21.0.md @@ -0,0 +1,12 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 3.21.0 + +* [#6783](https://github.com/kubernetes/ingress-nginx/pull/6783) Add custom annotations to ScaledObject +* [#6761](https://github.com/kubernetes/ingress-nginx/pull/6761) Adding quotes in the serviceAccount name in Helm values +* [#6767](https://github.com/kubernetes/ingress-nginx/pull/6767) Remove ClusterRole when scope option is enabled +* [#6785](https://github.com/kubernetes/ingress-nginx/pull/6785) Update kube-webhook-certgen image to v1.5.1 + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-3.20.1...helm-chart-3.21.0 diff --git a/charts/ingress-nginx/changelog/helm-chart-3.22.0.md b/charts/ingress-nginx/changelog/helm-chart-3.22.0.md new file mode 100644 index 000000000..147d66421 --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-3.22.0.md @@ -0,0 +1,10 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 3.22.0 + +* [#6802](https://github.com/kubernetes/ingress-nginx/pull/6802) Add value for configuring a custom Diffie-Hellman parameters file +* [#6815](https://github.com/kubernetes/ingress-nginx/pull/6815) Allow use of numeric namespaces in helm chart + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-3.21.0...helm-chart-3.22.0 diff --git a/charts/ingress-nginx/changelog/helm-chart-3.23.0.md b/charts/ingress-nginx/changelog/helm-chart-3.23.0.md new file mode 100644 index 000000000..5dcb50fa8 --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-3.23.0.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 3.23.0 + +* Update ingress-nginx v0.44.0 + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-3.22.0...helm-chart-3.23.0 diff --git a/charts/ingress-nginx/changelog/helm-chart-3.24.0.md b/charts/ingress-nginx/changelog/helm-chart-3.24.0.md new file mode 100644 index 000000000..d7db808b1 --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-3.24.0.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 3.24.0 + +* [#6908](https://github.com/kubernetes/ingress-nginx/pull/6908) Add volumes to default-backend deployment + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-3.23.0...helm-chart-3.24.0 diff --git a/charts/ingress-nginx/changelog/helm-chart-3.25.0.md b/charts/ingress-nginx/changelog/helm-chart-3.25.0.md new file mode 100644 index 000000000..f9679a124 --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-3.25.0.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 3.25.0 + +* [#6957](https://github.com/kubernetes/ingress-nginx/pull/6957) Add ability to specify automountServiceAccountToken + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-3.24.0...helm-chart-3.25.0 diff --git a/charts/ingress-nginx/changelog/helm-chart-3.26.0.md b/charts/ingress-nginx/changelog/helm-chart-3.26.0.md new file mode 100644 index 000000000..0c3a1df68 --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-3.26.0.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 3.26.0 + +* [#6979](https://github.com/kubernetes/ingress-nginx/pull/6979) Changed servicePort value for metrics + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-3.25.0...helm-chart-3.26.0 diff --git a/charts/ingress-nginx/changelog/helm-chart-3.27.0.md b/charts/ingress-nginx/changelog/helm-chart-3.27.0.md new file mode 100644 index 000000000..8113d7b9b --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-3.27.0.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 3.27.0 + +* Update ingress-nginx v0.45.0 + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-3.26.0...helm-chart-3.27.0 diff --git a/charts/ingress-nginx/changelog/helm-chart-3.28.0.md b/charts/ingress-nginx/changelog/helm-chart-3.28.0.md new file mode 100644 index 000000000..eee0ccbec --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-3.28.0.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 3.28.0 + +* [#6900](https://github.com/kubernetes/ingress-nginx/pull/6900) Support existing PSPs + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-3.27.0...helm-chart-3.28.0 diff --git a/charts/ingress-nginx/changelog/helm-chart-3.29.0.md b/charts/ingress-nginx/changelog/helm-chart-3.29.0.md new file mode 100644 index 000000000..f0fabdce1 --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-3.29.0.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 3.29.0 + +* [#6945](https://github.com/kubernetes/ingress-nginx/pull/7020) Add option to specify job label for ServiceMonitor + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-3.28.0...helm-chart-3.29.0 diff --git a/charts/ingress-nginx/changelog/helm-chart-3.3.0.md b/charts/ingress-nginx/changelog/helm-chart-3.3.0.md new file mode 100644 index 000000000..09fab3756 --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-3.3.0.md @@ -0,0 +1,12 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 3.3.0 + +* [#6203](https://github.com/kubernetes/ingress-nginx/pull/6203) Refactor parsing of key values +* [#6162](https://github.com/kubernetes/ingress-nginx/pull/6162) Add helm chart options to expose metrics service as NodePort +* [#6180](https://github.com/kubernetes/ingress-nginx/pull/6180) Fix helm chart admissionReviewVersions regression +* [#6169](https://github.com/kubernetes/ingress-nginx/pull/6169) Fix Typo in example prometheus rules + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-3.0.0...ingress-nginx-3.3.0 diff --git a/charts/ingress-nginx/changelog/helm-chart-3.3.1.md b/charts/ingress-nginx/changelog/helm-chart-3.3.1.md new file mode 100644 index 000000000..81f44fdbd --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-3.3.1.md @@ -0,0 +1,12 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 3.3.1 + +* [#6259](https://github.com/kubernetes/ingress-nginx/pull/6259) Release helm chart +* [#6258](https://github.com/kubernetes/ingress-nginx/pull/6258) Fix chart markdown link +* [#6253](https://github.com/kubernetes/ingress-nginx/pull/6253) Release v0.40.0 +* [#6233](https://github.com/kubernetes/ingress-nginx/pull/6233) Add admission controller e2e test + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-3.3.0...ingress-nginx-3.3.1 diff --git a/charts/ingress-nginx/changelog/helm-chart-3.30.0.md b/charts/ingress-nginx/changelog/helm-chart-3.30.0.md new file mode 100644 index 000000000..77ad6b41b --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-3.30.0.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 3.30.0 + +* [#7092](https://github.com/kubernetes/ingress-nginx/pull/7092) Removes the possibility of using localhost in ExternalNames as endpoints + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-3.29.0...helm-chart-3.30.0 diff --git a/charts/ingress-nginx/changelog/helm-chart-3.31.0.md b/charts/ingress-nginx/changelog/helm-chart-3.31.0.md new file mode 100644 index 000000000..bc07fed76 --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-3.31.0.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 3.31.0 + +* [7137] https://github.com/kubernetes/ingress-nginx/pull/7137 Add support for custom probes + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-3.30.0...helm-chart-3.31.0 diff --git a/charts/ingress-nginx/changelog/helm-chart-3.32.0.md b/charts/ingress-nginx/changelog/helm-chart-3.32.0.md new file mode 100644 index 000000000..68f7ed6b2 --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-3.32.0.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 3.32.0 + +* [7117] https://github.com/kubernetes/ingress-nginx/pull/7117 Add annotations for HPA + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-3.31.0...helm-chart-3.32.0 diff --git a/charts/ingress-nginx/changelog/helm-chart-3.33.0.md b/charts/ingress-nginx/changelog/helm-chart-3.33.0.md new file mode 100644 index 000000000..b56c5fc1e --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-3.33.0.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 3.33.0 + +* [7164] https://github.com/kubernetes/ingress-nginx/pull/7164 Update nginx to v1.20.1 + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-3.32.0...helm-chart-3.33.0 diff --git a/charts/ingress-nginx/changelog/helm-chart-3.34.0.md b/charts/ingress-nginx/changelog/helm-chart-3.34.0.md new file mode 100644 index 000000000..a28cd0282 --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-3.34.0.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 3.34.0 + +* [7256] https://github.com/kubernetes/ingress-nginx/pull/7256 Add namespace field in the namespace scoped resource templates + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-3.33.0...helm-chart-3.34.0 diff --git a/charts/ingress-nginx/changelog/helm-chart-3.4.0.md b/charts/ingress-nginx/changelog/helm-chart-3.4.0.md new file mode 100644 index 000000000..3b4ca9353 --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-3.4.0.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 3.4.0 + +* [#6268](https://github.com/kubernetes/ingress-nginx/pull/6268) Update to 0.40.2 in helm chart #6288 + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-3.3.1...ingress-nginx-3.4.0 diff --git a/charts/ingress-nginx/changelog/helm-chart-3.5.0.md b/charts/ingress-nginx/changelog/helm-chart-3.5.0.md new file mode 100644 index 000000000..44991b3bb --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-3.5.0.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 3.5.0 + +* [#6260](https://github.com/kubernetes/ingress-nginx/pull/6260) Allow Helm Chart to customize admission webhook's annotations, timeoutSeconds, namespaceSelector, objectSelector and cert files locations + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-3.4.0...ingress-nginx-3.5.0 diff --git a/charts/ingress-nginx/changelog/helm-chart-3.5.1.md b/charts/ingress-nginx/changelog/helm-chart-3.5.1.md new file mode 100644 index 000000000..740f00c45 --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-3.5.1.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 3.5.1 + +* [#6299](https://github.com/kubernetes/ingress-nginx/pull/6299) Fix helm chart release + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-3.5.0...ingress-nginx-3.5.1 diff --git a/charts/ingress-nginx/changelog/helm-chart-3.6.0.md b/charts/ingress-nginx/changelog/helm-chart-3.6.0.md new file mode 100644 index 000000000..4af7f11a1 --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-3.6.0.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 3.6.0 + +* [#6305](https://github.com/kubernetes/ingress-nginx/pull/6305) Add default linux nodeSelector + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-3.5.1...ingress-nginx-3.6.0 diff --git a/charts/ingress-nginx/changelog/helm-chart-3.7.0.md b/charts/ingress-nginx/changelog/helm-chart-3.7.0.md new file mode 100644 index 000000000..a6b12994b --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-3.7.0.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 3.7.0 + +* [#6316](https://github.com/kubernetes/ingress-nginx/pull/6316) Numerals in podAnnotations in quotes [#6315](https://github.com/kubernetes/ingress-nginx/issues/6315) + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-3.6.0...ingress-nginx-3.7.0 diff --git a/charts/ingress-nginx/changelog/helm-chart-3.7.1.md b/charts/ingress-nginx/changelog/helm-chart-3.7.1.md new file mode 100644 index 000000000..6ba12df91 --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-3.7.1.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 3.7.1 + +* [#6326](https://github.com/kubernetes/ingress-nginx/pull/6326) Fix liveness and readiness probe path in daemonset chart + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-3.7.0...ingress-nginx-3.7.1 diff --git a/charts/ingress-nginx/changelog/helm-chart-3.8.0.md b/charts/ingress-nginx/changelog/helm-chart-3.8.0.md new file mode 100644 index 000000000..8df250a98 --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-3.8.0.md @@ -0,0 +1,13 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 3.8.0 + +* [#6395](https://github.com/kubernetes/ingress-nginx/pull/6395) Update jettech/kube-webhook-certgen image +* [#6377](https://github.com/kubernetes/ingress-nginx/pull/6377) Added loadBalancerSourceRanges for internal lbs +* [#6356](https://github.com/kubernetes/ingress-nginx/pull/6356) Add securitycontext settings on defaultbackend +* [#6401](https://github.com/kubernetes/ingress-nginx/pull/6401) Fix controller service annotations +* [#6403](https://github.com/kubernetes/ingress-nginx/pull/6403) Initial helm chart changelog + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-3.7.1...ingress-nginx-3.8.0 diff --git a/charts/ingress-nginx/changelog/helm-chart-3.9.0.md b/charts/ingress-nginx/changelog/helm-chart-3.9.0.md new file mode 100644 index 000000000..e8c9def51 --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-3.9.0.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 3.9.0 + +* [#6423](https://github.com/kubernetes/ingress-nginx/pull/6423) Add Default backend HPA autoscaling + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-3.8.0...ingress-nginx-3.9.0 diff --git a/charts/ingress-nginx/changelog/helm-chart-4.0.1.md b/charts/ingress-nginx/changelog/helm-chart-4.0.1.md new file mode 100644 index 000000000..7a187b350 --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-4.0.1.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 4.0.1 + +* [7535] https://github.com/kubernetes/ingress-nginx/pull/7535 Release v1.0.0 ingress-nginx + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-3.34.0...helm-chart-4.0.1 diff --git a/charts/ingress-nginx/changelog/helm-chart-4.0.10.md b/charts/ingress-nginx/changelog/helm-chart-4.0.10.md new file mode 100644 index 000000000..c5d651670 --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-4.0.10.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 4.0.10 + +* [7964] https://github.com/kubernetes/ingress-nginx/pull/7964 Update controller version to v1.1.0 + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.0.9...helm-chart-4.0.10 diff --git a/charts/ingress-nginx/changelog/helm-chart-4.0.11.md b/charts/ingress-nginx/changelog/helm-chart-4.0.11.md new file mode 100644 index 000000000..554182355 --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-4.0.11.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 4.0.11 + +* [7873] https://github.com/kubernetes/ingress-nginx/pull/7873 Makes the [appProtocol](https://kubernetes.io/docs/concepts/services-networking/_print/#application-protocol) field optional. + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.0.10...helm-chart-4.0.11 diff --git a/charts/ingress-nginx/changelog/helm-chart-4.0.12.md b/charts/ingress-nginx/changelog/helm-chart-4.0.12.md new file mode 100644 index 000000000..320f6f546 --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-4.0.12.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 4.0.12 + +* [7978] https://github.com/kubernetes/ingress-nginx/pull/7979 Support custom annotations in admissions Jobs + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.0.11...helm-chart-4.0.12 diff --git a/charts/ingress-nginx/changelog/helm-chart-4.0.13.md b/charts/ingress-nginx/changelog/helm-chart-4.0.13.md new file mode 100644 index 000000000..edd922814 --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-4.0.13.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 4.0.13 + +* [8008] https://github.com/kubernetes/ingress-nginx/pull/8008 Add relabelings in controller-servicemonitor.yaml + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.0.12...helm-chart-4.0.13 diff --git a/charts/ingress-nginx/changelog/helm-chart-4.0.14.md b/charts/ingress-nginx/changelog/helm-chart-4.0.14.md new file mode 100644 index 000000000..e92701039 --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-4.0.14.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 4.0.14 + +* [8061] https://github.com/kubernetes/ingress-nginx/pull/8061 Using helm-docs to populate values table in README.md + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.0.13...helm-chart-4.0.14 diff --git a/charts/ingress-nginx/changelog/helm-chart-4.0.15.md b/charts/ingress-nginx/changelog/helm-chart-4.0.15.md new file mode 100644 index 000000000..d3d14a98d --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-4.0.15.md @@ -0,0 +1,43 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 4.0.15 + +* [8120] https://github.com/kubernetes/ingress-nginx/pull/8120 Update go in runner and release v1.1.1 +* [8119] https://github.com/kubernetes/ingress-nginx/pull/8119 Update to go v1.17.6 +* [8118] https://github.com/kubernetes/ingress-nginx/pull/8118 Remove deprecated libraries, update other libs +* [8117] https://github.com/kubernetes/ingress-nginx/pull/8117 Fix codegen errors +* [8115] https://github.com/kubernetes/ingress-nginx/pull/8115 chart/ghaction: set the correct permission to have access to push a release +* [8098] https://github.com/kubernetes/ingress-nginx/pull/8098 generating SHA for CA only certs in backend_ssl.go + comparison of P… +* [8088] https://github.com/kubernetes/ingress-nginx/pull/8088 Fix Edit this page link to use main branch +* [8072] https://github.com/kubernetes/ingress-nginx/pull/8072 Expose GeoIP2 Continent code as variable +* [8061] https://github.com/kubernetes/ingress-nginx/pull/8061 docs(charts): using helm-docs for chart +* [8058] https://github.com/kubernetes/ingress-nginx/pull/8058 Bump github.com/spf13/cobra from 1.2.1 to 1.3.0 +* [8054] https://github.com/kubernetes/ingress-nginx/pull/8054 Bump google.golang.org/grpc from 1.41.0 to 1.43.0 +* [8051] https://github.com/kubernetes/ingress-nginx/pull/8051 align bug report with feature request regarding kind documentation +* [8046] https://github.com/kubernetes/ingress-nginx/pull/8046 Report expired certificates (#8045) +* [8044] https://github.com/kubernetes/ingress-nginx/pull/8044 remove G109 check till gosec resolves issues +* [8042] https://github.com/kubernetes/ingress-nginx/pull/8042 docs_multiple_instances_one_cluster_ticket_7543 +* [8041] https://github.com/kubernetes/ingress-nginx/pull/8041 docs: fix typo'd executable name +* [8035] https://github.com/kubernetes/ingress-nginx/pull/8035 Comment busy owners +* [8029] https://github.com/kubernetes/ingress-nginx/pull/8029 Add stream-snippet as a ConfigMap and Annotation option +* [8023] https://github.com/kubernetes/ingress-nginx/pull/8023 fix nginx compilation flags +* [8021] https://github.com/kubernetes/ingress-nginx/pull/8021 Disable default modsecurity_rules_file if modsecurity-snippet is specified +* [8019] https://github.com/kubernetes/ingress-nginx/pull/8019 Revise main documentation page +* [8018] https://github.com/kubernetes/ingress-nginx/pull/8018 Preserve order of plugin invocation +* [8015] https://github.com/kubernetes/ingress-nginx/pull/8015 Add newline indenting to admission webhook annotations +* [8014] https://github.com/kubernetes/ingress-nginx/pull/8014 Add link to example error page manifest in docs +* [8009] https://github.com/kubernetes/ingress-nginx/pull/8009 Fix spelling in documentation and top-level files +* [8008] https://github.com/kubernetes/ingress-nginx/pull/8008 Add relabelings in controller-servicemonitor.yaml +* [8003] https://github.com/kubernetes/ingress-nginx/pull/8003 Minor improvements (formatting, consistency) in install guide +* [8001] https://github.com/kubernetes/ingress-nginx/pull/8001 fix: go-grpc Dockerfile +* [7999] https://github.com/kubernetes/ingress-nginx/pull/7999 images: use k8s-staging-test-infra/gcb-docker-gcloud +* [7996] https://github.com/kubernetes/ingress-nginx/pull/7996 doc: improvement +* [7983] https://github.com/kubernetes/ingress-nginx/pull/7983 Fix a couple of misspellings in the annotations documentation. +* [7979] https://github.com/kubernetes/ingress-nginx/pull/7979 allow set annotations for admission Jobs +* [7977] https://github.com/kubernetes/ingress-nginx/pull/7977 Add ssl_reject_handshake to default server +* [7975] https://github.com/kubernetes/ingress-nginx/pull/7975 add legacy version update v0.50.0 to main changelog +* [7972] https://github.com/kubernetes/ingress-nginx/pull/7972 updated service upstream definition + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.0.14...helm-chart-4.0.15 diff --git a/charts/ingress-nginx/changelog/helm-chart-4.0.18.md b/charts/ingress-nginx/changelog/helm-chart-4.0.18.md new file mode 100644 index 000000000..30a8f75c1 --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-4.0.18.md @@ -0,0 +1,40 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 4.0.18 + +* [8291](https://github.com/kubernetes/ingress-nginx/pull/8291) remove git tag env from cloud build +* [8286](https://github.com/kubernetes/ingress-nginx/pull/8286) Fix OpenTelemetry sidecar image build +* [8277](https://github.com/kubernetes/ingress-nginx/pull/8277) Add OpenSSF Best practices badge +* [8273](https://github.com/kubernetes/ingress-nginx/pull/8273) Issue#8241 +* [8267](https://github.com/kubernetes/ingress-nginx/pull/8267) Add fsGroup value to admission-webhooks/job-patch charts +* [8262](https://github.com/kubernetes/ingress-nginx/pull/8262) Updated confusing error +* [8256](https://github.com/kubernetes/ingress-nginx/pull/8256) fix: deny locations with invalid auth-url annotation +* [8253](https://github.com/kubernetes/ingress-nginx/pull/8253) Add a certificate info metric +* [8236](https://github.com/kubernetes/ingress-nginx/pull/8236) webhook: remove useless code. +* [8227](https://github.com/kubernetes/ingress-nginx/pull/8227) Update libraries in webhook image +* [8225](https://github.com/kubernetes/ingress-nginx/pull/8225) fix inconsistent-label-cardinality for prometheus metrics: nginx_ingress_controller_requests +* [8221](https://github.com/kubernetes/ingress-nginx/pull/8221) Do not validate ingresses with unknown ingress class in admission webhook endpoint +* [8210](https://github.com/kubernetes/ingress-nginx/pull/8210) Bump github.com/prometheus/client_golang from 1.11.0 to 1.12.1 +* [8209](https://github.com/kubernetes/ingress-nginx/pull/8209) Bump google.golang.org/grpc from 1.43.0 to 1.44.0 +* [8204](https://github.com/kubernetes/ingress-nginx/pull/8204) Add Artifact Hub lint +* [8203](https://github.com/kubernetes/ingress-nginx/pull/8203) Fix Indentation of example and link to cert-manager tutorial +* [8201](https://github.com/kubernetes/ingress-nginx/pull/8201) feat(metrics): add path and method labels to requests countera +* [8199](https://github.com/kubernetes/ingress-nginx/pull/8199) use functional options to reduce number of methods creating an EchoDeployment +* [8196](https://github.com/kubernetes/ingress-nginx/pull/8196) docs: fix inconsistent controller annotation +* [8191](https://github.com/kubernetes/ingress-nginx/pull/8191) Using Go install for misspell +* [8186](https://github.com/kubernetes/ingress-nginx/pull/8186) prometheus+grafana using servicemonitor +* [8185](https://github.com/kubernetes/ingress-nginx/pull/8185) Append elements on match, instead of removing for cors-annotations +* [8179](https://github.com/kubernetes/ingress-nginx/pull/8179) Bump github.com/opencontainers/runc from 1.0.3 to 1.1.0 +* [8173](https://github.com/kubernetes/ingress-nginx/pull/8173) Adding annotations to the controller service account +* [8163](https://github.com/kubernetes/ingress-nginx/pull/8163) Update the $req_id placeholder description +* [8162](https://github.com/kubernetes/ingress-nginx/pull/8162) Versioned static manifests +* [8159](https://github.com/kubernetes/ingress-nginx/pull/8159) Adding some geoip variables and default values +* [8155](https://github.com/kubernetes/ingress-nginx/pull/8155) #7271 feat: avoid-pdb-creation-when-default-backend-disabled-and-replicas-gt-1 +* [8151](https://github.com/kubernetes/ingress-nginx/pull/8151) Automatically generate helm docs +* [8143](https://github.com/kubernetes/ingress-nginx/pull/8143) Allow to configure delay before controller exits +* [8136](https://github.com/kubernetes/ingress-nginx/pull/8136) add ingressClass option to helm chart - back compatibility with ingress.class annotations +* [8126](https://github.com/kubernetes/ingress-nginx/pull/8126) Example for JWT + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.0.15...helm-chart-4.0.18 diff --git a/charts/ingress-nginx/changelog/helm-chart-4.0.2.md b/charts/ingress-nginx/changelog/helm-chart-4.0.2.md new file mode 100644 index 000000000..9dbd003a9 --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-4.0.2.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 4.0.2 + +* [7681] https://github.com/kubernetes/ingress-nginx/pull/7681 Release v1.0.1 of ingress-nginx + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.0.1...helm-chart-4.0.2 diff --git a/charts/ingress-nginx/changelog/helm-chart-4.0.3.md b/charts/ingress-nginx/changelog/helm-chart-4.0.3.md new file mode 100644 index 000000000..09b89f66c --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-4.0.3.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 4.0.3 + +* [7707] https://github.com/kubernetes/ingress-nginx/pull/7707 Release v1.0.2 of ingress-nginx + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.0.2...helm-chart-4.0.3 diff --git a/charts/ingress-nginx/changelog/helm-chart-4.0.5.md b/charts/ingress-nginx/changelog/helm-chart-4.0.5.md new file mode 100644 index 000000000..be67704ba --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-4.0.5.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 4.0.5 + +* [7740] https://github.com/kubernetes/ingress-nginx/pull/7740 Release v1.0.3 of ingress-nginx + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.0.3...helm-chart-4.0.5 diff --git a/charts/ingress-nginx/changelog/helm-chart-4.0.6.md b/charts/ingress-nginx/changelog/helm-chart-4.0.6.md new file mode 100644 index 000000000..25276e2be --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-4.0.6.md @@ -0,0 +1,12 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 4.0.6 + +* [7804] https://github.com/kubernetes/ingress-nginx/pull/7804 Release v1.0.4 of ingress-nginx +* [7651] https://github.com/kubernetes/ingress-nginx/pull/7651 Support ipFamilyPolicy and ipFamilies fields in Helm Chart +* [7798] https://github.com/kubernetes/ingress-nginx/pull/7798 Exoscale: use HTTP Healthcheck mode +* [7793] https://github.com/kubernetes/ingress-nginx/pull/7793 Update kube-webhook-certgen to v1.1.1 + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.0.5...helm-chart-4.0.6 diff --git a/charts/ingress-nginx/changelog/helm-chart-4.0.7.md b/charts/ingress-nginx/changelog/helm-chart-4.0.7.md new file mode 100644 index 000000000..50fd9227c --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-4.0.7.md @@ -0,0 +1,10 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 4.0.7 + +* [7923] https://github.com/kubernetes/ingress-nginx/pull/7923 Release v1.0.5 of ingress-nginx +* [7806] https://github.com/kubernetes/ingress-nginx/pull/7806 Choice option for internal/external loadbalancer type service + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.0.6...helm-chart-4.0.7 diff --git a/charts/ingress-nginx/changelog/helm-chart-4.0.9.md b/charts/ingress-nginx/changelog/helm-chart-4.0.9.md new file mode 100644 index 000000000..f2f725c93 --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-4.0.9.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 4.0.9 + +* [6992] https://github.com/kubernetes/ingress-nginx/pull/6992 Add ability to specify labels for all resources + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.0.7...helm-chart-4.0.9 diff --git a/charts/ingress-nginx/changelog/helm-chart-4.1.0.md b/charts/ingress-nginx/changelog/helm-chart-4.1.0.md new file mode 100644 index 000000000..24aaf49ae --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-4.1.0.md @@ -0,0 +1,21 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 4.1.0 + +* [8481](https://github.com/kubernetes/ingress-nginx/pull/8481) Fix log creation in chroot script +* [8479](https://github.com/kubernetes/ingress-nginx/pull/8479) changed nginx base img tag to img built with alpine3.14.6 +* [8478](https://github.com/kubernetes/ingress-nginx/pull/8478) update base images and protobuf gomod +* [8468](https://github.com/kubernetes/ingress-nginx/pull/8468) Fallback to ngx.var.scheme for redirectScheme with use-forward-headers when X-Forwarded-Proto is empty +* [8456](https://github.com/kubernetes/ingress-nginx/pull/8456) Implement object deep inspector +* [8455](https://github.com/kubernetes/ingress-nginx/pull/8455) Update dependencies +* [8454](https://github.com/kubernetes/ingress-nginx/pull/8454) Update index.md +* [8447](https://github.com/kubernetes/ingress-nginx/pull/8447) typo fixing +* [8446](https://github.com/kubernetes/ingress-nginx/pull/8446) Fix suggested annotation-value-word-blocklist +* [8444](https://github.com/kubernetes/ingress-nginx/pull/8444) replace deprecated topology key in example with current one +* [8443](https://github.com/kubernetes/ingress-nginx/pull/8443) Add dependency review enforcement +* [8434](https://github.com/kubernetes/ingress-nginx/pull/8434) added new auth-tls-match-cn annotation +* [8426](https://github.com/kubernetes/ingress-nginx/pull/8426) Bump github.com/prometheus/common from 0.32.1 to 0.33.0 + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.0.18...helm-chart-4.1.0 diff --git a/charts/ingress-nginx/changelog/helm-chart-4.1.2.md b/charts/ingress-nginx/changelog/helm-chart-4.1.2.md new file mode 100644 index 000000000..0a1d80cf1 --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-4.1.2.md @@ -0,0 +1,11 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 4.1.2 + +* [8587](https://github.com/kubernetes/ingress-nginx/pull/8587) Add CAP_SYS_CHROOT to DS/PSP when needed +* [8458](https://github.com/kubernetes/ingress-nginx/pull/8458) Add portNamePreffix Helm chart parameter +* [8522](https://github.com/kubernetes/ingress-nginx/pull/8522) Add documentation for controller.service.loadBalancerIP in Helm chart + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.1.0...helm-chart-4.1.2 diff --git a/charts/ingress-nginx/changelog/helm-chart-4.2.0.md b/charts/ingress-nginx/changelog/helm-chart-4.2.0.md new file mode 100644 index 000000000..2074a0953 --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-4.2.0.md @@ -0,0 +1,47 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 4.2.0 + +* Support for Kubernetes v1.19.0 was removed +* [8810](https://github.com/kubernetes/ingress-nginx/pull/8810) Prepare for v1.3.0 +* [8808](https://github.com/kubernetes/ingress-nginx/pull/8808) revert arch var name +* [8805](https://github.com/kubernetes/ingress-nginx/pull/8805) Bump k8s.io/klog/v2 from 2.60.1 to 2.70.1 +* [8803](https://github.com/kubernetes/ingress-nginx/pull/8803) Update to nginx base with alpine v3.16 +* [8802](https://github.com/kubernetes/ingress-nginx/pull/8802) chore: start v1.3.0 release process +* [8798](https://github.com/kubernetes/ingress-nginx/pull/8798) Add v1.24.0 to test matrix +* [8796](https://github.com/kubernetes/ingress-nginx/pull/8796) fix: add MAC_OS variable for static-check +* [8793](https://github.com/kubernetes/ingress-nginx/pull/8793) changed to alpine-v3.16 +* [8781](https://github.com/kubernetes/ingress-nginx/pull/8781) Bump github.com/stretchr/testify from 1.7.5 to 1.8.0 +* [8778](https://github.com/kubernetes/ingress-nginx/pull/8778) chore: remove stable.txt from release process +* [8775](https://github.com/kubernetes/ingress-nginx/pull/8775) Remove stable +* [8773](https://github.com/kubernetes/ingress-nginx/pull/8773) Bump github/codeql-action from 2.1.14 to 2.1.15 +* [8772](https://github.com/kubernetes/ingress-nginx/pull/8772) Bump ossf/scorecard-action from 1.1.1 to 1.1.2 +* [8771](https://github.com/kubernetes/ingress-nginx/pull/8771) fix bullet md format +* [8770](https://github.com/kubernetes/ingress-nginx/pull/8770) Add condition for monitoring.coreos.com/v1 API +* [8769](https://github.com/kubernetes/ingress-nginx/pull/8769) Fix typos and add links to developer guide +* [8767](https://github.com/kubernetes/ingress-nginx/pull/8767) change v1.2.0 to v1.2.1 in deploy doc URLs +* [8765](https://github.com/kubernetes/ingress-nginx/pull/8765) Bump github/codeql-action from 1.0.26 to 2.1.14 +* [8752](https://github.com/kubernetes/ingress-nginx/pull/8752) Bump github.com/spf13/cobra from 1.4.0 to 1.5.0 +* [8751](https://github.com/kubernetes/ingress-nginx/pull/8751) Bump github.com/stretchr/testify from 1.7.2 to 1.7.5 +* [8750](https://github.com/kubernetes/ingress-nginx/pull/8750) added announcement +* [8740](https://github.com/kubernetes/ingress-nginx/pull/8740) change sha e2etestrunner and echoserver +* [8738](https://github.com/kubernetes/ingress-nginx/pull/8738) Update docs to make it easier for noobs to follow step by step +* [8737](https://github.com/kubernetes/ingress-nginx/pull/8737) updated baseimage sha +* [8736](https://github.com/kubernetes/ingress-nginx/pull/8736) set ld-musl-path +* [8733](https://github.com/kubernetes/ingress-nginx/pull/8733) feat: migrate leaderelection lock to leases +* [8726](https://github.com/kubernetes/ingress-nginx/pull/8726) prometheus metric: upstream_latency_seconds +* [8720](https://github.com/kubernetes/ingress-nginx/pull/8720) Ci pin deps +* [8719](https://github.com/kubernetes/ingress-nginx/pull/8719) Working OpenTelemetry sidecar (base nginx image) +* [8714](https://github.com/kubernetes/ingress-nginx/pull/8714) Create Openssf scorecard +* [8708](https://github.com/kubernetes/ingress-nginx/pull/8708) Bump github.com/prometheus/common from 0.34.0 to 0.35.0 +* [8703](https://github.com/kubernetes/ingress-nginx/pull/8703) Bump actions/dependency-review-action from 1 to 2 +* [8701](https://github.com/kubernetes/ingress-nginx/pull/8701) Fix several typos +* [8699](https://github.com/kubernetes/ingress-nginx/pull/8699) fix the gosec test and a make target for it +* [8698](https://github.com/kubernetes/ingress-nginx/pull/8698) Bump actions/upload-artifact from 2.3.1 to 3.1.0 +* [8697](https://github.com/kubernetes/ingress-nginx/pull/8697) Bump actions/setup-go from 2.2.0 to 3.2.0 +* [8695](https://github.com/kubernetes/ingress-nginx/pull/8695) Bump actions/download-artifact from 2 to 3 +* [8694](https://github.com/kubernetes/ingress-nginx/pull/8694) Bump crazy-max/ghaction-docker-buildx from 1.6.2 to 3.3.1 + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.1.2...helm-chart-4.2.0 diff --git a/charts/ingress-nginx/changelog/helm-chart-4.2.1.md b/charts/ingress-nginx/changelog/helm-chart-4.2.1.md new file mode 100644 index 000000000..7965bb1c2 --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-4.2.1.md @@ -0,0 +1,10 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 4.2.1 + +* The sha of kube-webhook-certgen image & the opentelemetry image, in values file, was changed to new images built on alpine-v3.16.1 +* [8896](https://github.com/kubernetes/ingress-nginx/pull/8896) updated to new images built today + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.2.0...helm-chart-4.2.1 diff --git a/charts/ingress-nginx/changelog/helm-chart-4.3.0.md b/charts/ingress-nginx/changelog/helm-chart-4.3.0.md new file mode 100644 index 000000000..f9dca22d9 --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-4.3.0.md @@ -0,0 +1,14 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 4.3.0 + +* Support for Kubernetes v.1.25.0 was added and support for endpoint slices +* Support for Kubernetes v1.20.0 and v1.21.0 was removed +* [8890](https://github.com/kubernetes/ingress-nginx/pull/8890) migrate to endpointslices +* [9059](https://github.com/kubernetes/ingress-nginx/pull/9059) kubewebhookcertgen sha change after go1191 +* [9046](https://github.com/kubernetes/ingress-nginx/pull/9046) Parameterize metrics port name +* [9104](https://github.com/kubernetes/ingress-nginx/pull/9104) Fix yaml formatting error with multiple annotations + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.2.1...helm-chart-4.3.0 diff --git a/charts/ingress-nginx/changelog/helm-chart-4.4.0.md b/charts/ingress-nginx/changelog/helm-chart-4.4.0.md new file mode 100644 index 000000000..20f9e2336 --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-4.4.0.md @@ -0,0 +1,12 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 4.4.0 + +* Adding support for disabling liveness and readiness probes to the Helm chart by @njegosrailic in https://github.com/kubernetes/ingress-nginx/pull/9238 +* add:(admission-webhooks) ability to set securityContext by @ybelMekk in https://github.com/kubernetes/ingress-nginx/pull/9186 +* #7652 - Updated Helm chart to use the fullname for the electionID if not specified. by @FutureMatt in https://github.com/kubernetes/ingress-nginx/pull/9133 +* Rename controller-wehbooks-networkpolicy.yaml. by @Gacko in https://github.com/kubernetes/ingress-nginx/pull/9123 + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.3.0...helm-chart-4.4.0 diff --git a/charts/ingress-nginx/changelog/Changelog-4.5.2.md b/charts/ingress-nginx/changelog/helm-chart-4.5.2.md similarity index 100% rename from charts/ingress-nginx/changelog/Changelog-4.5.2.md rename to charts/ingress-nginx/changelog/helm-chart-4.5.2.md diff --git a/charts/ingress-nginx/changelog/Changelog-4.6.0.md b/charts/ingress-nginx/changelog/helm-chart-4.6.0.md similarity index 100% rename from charts/ingress-nginx/changelog/Changelog-4.6.0.md rename to charts/ingress-nginx/changelog/helm-chart-4.6.0.md diff --git a/charts/ingress-nginx/changelog/Changelog-4.6.1.md b/charts/ingress-nginx/changelog/helm-chart-4.6.1.md similarity index 100% rename from charts/ingress-nginx/changelog/Changelog-4.6.1.md rename to charts/ingress-nginx/changelog/helm-chart-4.6.1.md diff --git a/charts/ingress-nginx/changelog/Changelog-4.7.0.md b/charts/ingress-nginx/changelog/helm-chart-4.7.0.md similarity index 100% rename from charts/ingress-nginx/changelog/Changelog-4.7.0.md rename to charts/ingress-nginx/changelog/helm-chart-4.7.0.md diff --git a/charts/ingress-nginx/changelog/Changelog-4.7.1.md b/charts/ingress-nginx/changelog/helm-chart-4.7.1.md similarity index 100% rename from charts/ingress-nginx/changelog/Changelog-4.7.1.md rename to charts/ingress-nginx/changelog/helm-chart-4.7.1.md diff --git a/charts/ingress-nginx/changelog/Changelog-4.7.2.md b/charts/ingress-nginx/changelog/helm-chart-4.7.2.md similarity index 100% rename from charts/ingress-nginx/changelog/Changelog-4.7.2.md rename to charts/ingress-nginx/changelog/helm-chart-4.7.2.md diff --git a/charts/ingress-nginx/changelog/helm-chart-4.8.0-beta.0.md b/charts/ingress-nginx/changelog/helm-chart-4.8.0-beta.0.md new file mode 100644 index 000000000..9072a75b4 --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-4.8.0-beta.0.md @@ -0,0 +1,13 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 4.8.0-beta.0 + +* ci(helm): fix Helm Chart release action 422 error (#10237) +* helm: Use .Release.Namespace as default for ServiceMonitor namespace (#10249) +* [helm] configure allow to configure hostAliases (#10180) +* [helm] pass service annotations through helm tpl engine (#10084) +* Update Ingress-Nginx version controller-v1.9.0-beta.0 + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.7.2...helm-chart-4.8.0-beta.0 diff --git a/charts/ingress-nginx/changelog/helm-chart-4.8.0.md b/charts/ingress-nginx/changelog/helm-chart-4.8.0.md new file mode 100644 index 000000000..af8f1241f --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-4.8.0.md @@ -0,0 +1,13 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 4.8.0 + +* ci(helm): fix Helm Chart release action 422 error (#10237) +* helm: Use .Release.Namespace as default for ServiceMonitor namespace (#10249) +* [helm] configure allow to configure hostAliases (#10180) +* [helm] pass service annotations through helm tpl engine (#10084) +* Update Ingress-Nginx version controller-v1.9.0 + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.7.2...helm-chart-4.8.0 diff --git a/charts/ingress-nginx/changelog/helm-chart-4.8.1.md b/charts/ingress-nginx/changelog/helm-chart-4.8.1.md new file mode 100644 index 000000000..53a4493de --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-4.8.1.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 4.8.1 + +* Update Ingress-Nginx version controller-v1.9.1 + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.8.0...helm-chart-4.8.1 diff --git a/charts/ingress-nginx/changelog/helm-chart-4.8.2.md b/charts/ingress-nginx/changelog/helm-chart-4.8.2.md new file mode 100644 index 000000000..9957c1a85 --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-4.8.2.md @@ -0,0 +1,10 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 4.8.2 + +* update nginx base, httpbun, e2e, helm webhook cert gen (#10506) +* Update Ingress-Nginx version controller-v1.9.3 + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.8.1...helm-chart-4.8.2 diff --git a/charts/ingress-nginx/changelog/helm-chart-4.8.3.md b/charts/ingress-nginx/changelog/helm-chart-4.8.3.md new file mode 100644 index 000000000..b8d4d56b3 --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-4.8.3.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 4.8.3 + +* Update Ingress-Nginx version controller-v1.9.4 + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.8.2...helm-chart-4.8.3 diff --git a/charts/ingress-nginx/changelog.md.gotmpl b/charts/ingress-nginx/changelog/helm-chart.md.gotmpl similarity index 83% rename from charts/ingress-nginx/changelog.md.gotmpl rename to charts/ingress-nginx/changelog/helm-chart.md.gotmpl index de9885670..ef5add55d 100644 --- a/charts/ingress-nginx/changelog.md.gotmpl +++ b/charts/ingress-nginx/changelog/helm-chart.md.gotmpl @@ -2,8 +2,10 @@ This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). -### {{ .NewHelmChartVersion }} +### {{ .NewHelmChartVersion }} {{ with .HelmUpdates }} -{{ range . }}* {{ . }} -{{ end }}{{ end }} +{{- range . }} +* {{ . }} +{{- end }} +{{ end }} **Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-{{ .PreviousHelmChartVersion }}...helm-chart-{{ .NewHelmChartVersion }} diff --git a/charts/ingress-nginx/ci/daemonset-extra-modules.yaml b/charts/ingress-nginx/ci/daemonset-extra-modules.yaml index f299dbf1c..52a32fcbd 100644 --- a/charts/ingress-nginx/ci/daemonset-extra-modules.yaml +++ b/charts/ingress-nginx/ci/daemonset-extra-modules.yaml @@ -7,4 +7,7 @@ controller: type: ClusterIP extraModules: - name: opentelemetry - image: busybox + image: + registry: registry.k8s.io + image: busybox + tag: latest diff --git a/charts/ingress-nginx/ci/deployment-extra-modules-default-container-sec-context.yaml b/charts/ingress-nginx/ci/deployment-extra-modules-default-container-sec-context.yaml index 2310c344e..91b1b98a8 100644 --- a/charts/ingress-nginx/ci/deployment-extra-modules-default-container-sec-context.yaml +++ b/charts/ingress-nginx/ci/deployment-extra-modules-default-container-sec-context.yaml @@ -9,4 +9,7 @@ controller: allowPrivilegeEscalation: false extraModules: - name: opentelemetry - image: busybox + image: + registry: registry.k8s.io + image: busybox + tag: latest diff --git a/charts/ingress-nginx/ci/deployment-extra-modules-specific-container-sec-context.yaml b/charts/ingress-nginx/ci/deployment-extra-modules-specific-container-sec-context.yaml index bd2f011cc..b6013c7d0 100644 --- a/charts/ingress-nginx/ci/deployment-extra-modules-specific-container-sec-context.yaml +++ b/charts/ingress-nginx/ci/deployment-extra-modules-specific-container-sec-context.yaml @@ -7,6 +7,9 @@ controller: type: ClusterIP extraModules: - name: opentelemetry - image: busybox + image: + registry: registry.k8s.io + image: busybox + tag: latest containerSecurityContext: allowPrivilegeEscalation: false diff --git a/charts/ingress-nginx/ci/deployment-extra-modules.yaml b/charts/ingress-nginx/ci/deployment-extra-modules.yaml index ec5923548..2fbe1cc01 100644 --- a/charts/ingress-nginx/ci/deployment-extra-modules.yaml +++ b/charts/ingress-nginx/ci/deployment-extra-modules.yaml @@ -7,4 +7,7 @@ controller: type: ClusterIP extraModules: - name: opentelemetry - image: busybox + image: + registry: registry.k8s.io + image: busybox + tag: latest diff --git a/charts/ingress-nginx/ci/deployment-opentelemetry-customregistry-values.yaml b/charts/ingress-nginx/ci/deployment-opentelemetry-customregistry-values.yaml new file mode 100644 index 000000000..fb3ef4446 --- /dev/null +++ b/charts/ingress-nginx/ci/deployment-opentelemetry-customregistry-values.yaml @@ -0,0 +1,9 @@ +controller: + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + service: + type: ClusterIP + opentelemetry: + enabled: true diff --git a/charts/ingress-nginx/templates/NOTES.txt b/charts/ingress-nginx/templates/NOTES.txt index 72267e13f..f4923007e 100644 --- a/charts/ingress-nginx/templates/NOTES.txt +++ b/charts/ingress-nginx/templates/NOTES.txt @@ -6,24 +6,24 @@ Get the application URL by running these commands: {{- if (not (empty .Values.controller.service.nodePorts.http)) }} export HTTP_NODE_PORT={{ .Values.controller.service.nodePorts.http }} {{- else }} - export HTTP_NODE_PORT=$(kubectl --namespace {{ include "ingress-nginx.namespace" . }} get services -o jsonpath="{.spec.ports[0].nodePort}" {{ include "ingress-nginx.controller.fullname" . }}) + export HTTP_NODE_PORT=$(kubectl get service --namespace {{ include "ingress-nginx.namespace" . }} {{ include "ingress-nginx.controller.fullname" . }} --output jsonpath="{.spec.ports[0].nodePort}") {{- end }} {{- if (not (empty .Values.controller.service.nodePorts.https)) }} export HTTPS_NODE_PORT={{ .Values.controller.service.nodePorts.https }} {{- else }} - export HTTPS_NODE_PORT=$(kubectl --namespace {{ include "ingress-nginx.namespace" . }} get services -o jsonpath="{.spec.ports[1].nodePort}" {{ include "ingress-nginx.controller.fullname" . }}) + export HTTPS_NODE_PORT=$(kubectl get service --namespace {{ include "ingress-nginx.namespace" . }} {{ include "ingress-nginx.controller.fullname" . }} --output jsonpath="{.spec.ports[1].nodePort}") {{- end }} - export NODE_IP=$(kubectl --namespace {{ include "ingress-nginx.namespace" . }} get nodes -o jsonpath="{.items[0].status.addresses[1].address}") + export NODE_IP="$(kubectl get nodes --output jsonpath="{.items[0].status.addresses[1].address}")" - echo "Visit http://$NODE_IP:$HTTP_NODE_PORT to access your application via HTTP." - echo "Visit https://$NODE_IP:$HTTPS_NODE_PORT to access your application via HTTPS." + echo "Visit http://${NODE_IP}:${HTTP_NODE_PORT} to access your application via HTTP." + echo "Visit https://${NODE_IP}:${HTTPS_NODE_PORT} to access your application via HTTPS." {{- else if contains "LoadBalancer" .Values.controller.service.type }} -It may take a few minutes for the LoadBalancer IP to be available. -You can watch the status by running 'kubectl --namespace {{ include "ingress-nginx.namespace" . }} get services -o wide -w {{ include "ingress-nginx.controller.fullname" . }}' +It may take a few minutes for the load balancer IP to be available. +You can watch the status by running 'kubectl get service --namespace {{ include "ingress-nginx.namespace" . }} {{ include "ingress-nginx.controller.fullname" . }} --output wide --watch' {{- else if contains "ClusterIP" .Values.controller.service.type }} Get the application URL by running these commands: - export POD_NAME=$(kubectl --namespace {{ include "ingress-nginx.namespace" . }} get pods -o jsonpath="{.items[0].metadata.name}" -l "app={{ template "ingress-nginx.name" . }},component={{ .Values.controller.name }},release={{ .Release.Name }}") - kubectl --namespace {{ include "ingress-nginx.namespace" . }} port-forward $POD_NAME 8080:80 + export POD_NAME="$(kubectl get pods --namespace {{ include "ingress-nginx.namespace" . }} --selector app.kubernetes.io/name={{ include "ingress-nginx.name" . }},app.kubernetes.io/instance={{ .Release.Name }},app.kubernetes.io/component=controller --output jsonpath="{.items[0].metadata.name}")" + kubectl port-forward --namespace {{ include "ingress-nginx.namespace" . }} "${POD_NAME}" 8080:80 echo "Visit http://127.0.0.1:8080 to access your application." {{- end }} diff --git a/charts/ingress-nginx/templates/_helpers.tpl b/charts/ingress-nginx/templates/_helpers.tpl index 3d9b2011a..db1ab2e24 100644 --- a/charts/ingress-nginx/templates/_helpers.tpl +++ b/charts/ingress-nginx/templates/_helpers.tpl @@ -39,23 +39,31 @@ Allows overriding it for multi-namespace deployments in combined charts. {{- end -}} {{/* -Container SecurityContext. +Controller container security context. */}} -{{- define "controller.containerSecurityContext" -}} +{{- define "ingress-nginx.controller.containerSecurityContext" -}} {{- if .Values.controller.containerSecurityContext -}} {{- toYaml .Values.controller.containerSecurityContext -}} {{- else -}} +runAsNonRoot: {{ .Values.controller.image.runAsNonRoot }} +runAsUser: {{ .Values.controller.image.runAsUser }} +allowPrivilegeEscalation: {{ or .Values.controller.image.allowPrivilegeEscalation .Values.controller.image.chroot }} +{{- if .Values.controller.image.seccompProfile }} +seccompProfile: {{ toYaml .Values.controller.image.seccompProfile | nindent 2 }} +{{- end }} capabilities: drop: - ALL add: - NET_BIND_SERVICE {{- if .Values.controller.image.chroot }} + {{- if .Values.controller.image.seccompProfile }} + - SYS_ADMIN + {{- end }} - SYS_CHROOT {{- end }} -runAsUser: {{ .Values.controller.image.runAsUser }} -allowPrivilegeEscalation: {{ .Values.controller.image.allowPrivilegeEscalation }} -{{- end }} +readOnlyRootFilesystem: {{ .Values.controller.image.readOnlyRootFilesystem }} +{{- end -}} {{- end -}} {{/* @@ -116,14 +124,6 @@ Users can provide an override for an explicit service they want bound via `.Valu {{- print $servicePath | trimSuffix "-" -}} {{- end -}} -{{/* -Create a default fully qualified default backend name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "ingress-nginx.defaultBackend.fullname" -}} -{{- printf "%s-%s" (include "ingress-nginx.fullname" .) .Values.defaultBackend.name | trunc 63 | trimSuffix "-" -}} -{{- end -}} - {{/* Common labels */}} @@ -183,6 +183,14 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this {{- printf "%s-%s" (include "ingress-nginx.admissionWebhooks.fullname" .) .Values.controller.admissionWebhooks.patchWebhookJob.name | trunc 63 | trimSuffix "-" -}} {{- end -}} +{{/* +Create a default fully qualified default backend name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "ingress-nginx.defaultBackend.fullname" -}} +{{- printf "%s-%s" (include "ingress-nginx.fullname" .) .Values.defaultBackend.name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + {{/* Create the name of the backend service account to use - only used when podsecuritypolicy is also enabled */}} @@ -194,6 +202,26 @@ Create the name of the backend service account to use - only used when podsecuri {{- end -}} {{- end -}} +{{/* +Default backend container security context. +*/}} +{{- define "ingress-nginx.defaultBackend.containerSecurityContext" -}} +{{- if .Values.defaultBackend.containerSecurityContext -}} +{{- toYaml .Values.defaultBackend.containerSecurityContext -}} +{{- else -}} +runAsNonRoot: {{ .Values.defaultBackend.image.runAsNonRoot }} +runAsUser: {{ .Values.defaultBackend.image.runAsUser }} +allowPrivilegeEscalation: {{ .Values.defaultBackend.image.allowPrivilegeEscalation }} +{{- if .Values.defaultBackend.image.seccompProfile }} +seccompProfile: {{ toYaml .Values.defaultBackend.image.seccompProfile | nindent 2 }} +{{- end }} +capabilities: + drop: + - ALL +readOnlyRootFilesystem: {{ .Values.defaultBackend.image.readOnlyRootFilesystem }} +{{- end -}} +{{- end -}} + {{/* Return the appropriate apiGroup for PodSecurityPolicy. */}} @@ -229,16 +257,24 @@ Extra modules. */}} {{- define "extraModules" -}} - name: {{ .name }} - image: {{ .image }} - {{- if .distroless | default false }} - command: ['/init_module'] + {{- with .image }} + image: {{ if .repository }}{{ .repository }}{{ else }}{{ .registry }}/{{ .image }}{{ end }}:{{ .tag }}{{ if .digest }}@{{ .digest }}{{ end }} + command: + {{- if .distroless }} + - /init_module {{- else }} - command: ['sh', '-c', '/usr/local/bin/init_module.sh'] + - sh + - -c + - /usr/local/bin/init_module.sh + {{- end }} {{- end }} {{- if .containerSecurityContext }} - securityContext: {{ .containerSecurityContext | toYaml | nindent 4 }} + securityContext: {{ toYaml .containerSecurityContext | nindent 4 }} + {{- end }} + {{- if .resources }} + resources: {{ toYaml .resources | nindent 4 }} {{- end }} volumeMounts: - - name: {{ toYaml "modules"}} - mountPath: {{ toYaml "/modules_mount"}} + - name: modules + mountPath: /modules_mount {{- end -}} diff --git a/charts/ingress-nginx/templates/admission-webhooks/job-patch/clusterrole.yaml b/charts/ingress-nginx/templates/admission-webhooks/job-patch/clusterrole.yaml index ec43a3bc1..8271dc404 100644 --- a/charts/ingress-nginx/templates/admission-webhooks/job-patch/clusterrole.yaml +++ b/charts/ingress-nginx/templates/admission-webhooks/job-patch/clusterrole.yaml @@ -21,14 +21,13 @@ rules: - get - update {{- if .Values.podSecurityPolicy.enabled }} - - apiGroups: ['extensions'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: + - apiGroups: [{{ template "podSecurityPolicy.apiGroup" . }}] + resources: ['podsecuritypolicies'] + verbs: ['use'] {{- with .Values.controller.admissionWebhooks.existingPsp }} - - {{ . }} + resourceNames: [{{ . }}] {{- else }} - - {{ include "ingress-nginx.admissionWebhooks.fullname" . }} + resourceNames: [{{ include "ingress-nginx.admissionWebhooks.fullname" . }}] {{- end }} {{- end }} {{- end }} diff --git a/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml b/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml index 1747303c0..0a21f856a 100644 --- a/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml +++ b/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml @@ -43,7 +43,7 @@ spec: containers: - name: create {{- with .Values.controller.admissionWebhooks.patch.image }} - image: "{{- if .repository -}}{{ .repository }}{{ else }}{{ .registry }}/{{ .image }}{{- end -}}:{{ .tag }}{{- if (.digest) -}} @{{.digest}} {{- end -}}" + image: {{ if .repository }}{{ .repository }}{{ else }}{{ .registry }}/{{ .image }}{{ end }}:{{ .tag }}{{ if .digest }}@{{ .digest }}{{ end }} {{- end }} imagePullPolicy: {{ .Values.controller.admissionWebhooks.patch.image.pullPolicy }} args: @@ -73,8 +73,7 @@ spec: {{- if .Values.controller.admissionWebhooks.patch.tolerations }} tolerations: {{ toYaml .Values.controller.admissionWebhooks.patch.tolerations | nindent 8 }} {{- end }} - {{- if .Values.controller.admissionWebhooks.patch.securityContext }} - securityContext: - {{- toYaml .Values.controller.admissionWebhooks.patch.securityContext | nindent 8 }} - {{- end }} + {{- if .Values.controller.admissionWebhooks.patch.securityContext }} + securityContext: {{ toYaml .Values.controller.admissionWebhooks.patch.securityContext | nindent 8 }} + {{- end }} {{- end }} diff --git a/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml b/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml index 64b736d74..ce9985aa5 100644 --- a/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml +++ b/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml @@ -43,7 +43,7 @@ spec: containers: - name: patch {{- with .Values.controller.admissionWebhooks.patch.image }} - image: "{{- if .repository -}}{{ .repository }}{{ else }}{{ .registry }}/{{ .image }}{{- end -}}:{{ .tag }}{{- if (.digest) -}} @{{.digest}} {{- end -}}" + image: {{ if .repository }}{{ .repository }}{{ else }}{{ .registry }}/{{ .image }}{{ end }}:{{ .tag }}{{ if .digest }}@{{ .digest }}{{ end }} {{- end }} imagePullPolicy: {{ .Values.controller.admissionWebhooks.patch.image.pullPolicy }} args: @@ -75,8 +75,7 @@ spec: {{- if .Values.controller.admissionWebhooks.patch.tolerations }} tolerations: {{ toYaml .Values.controller.admissionWebhooks.patch.tolerations | nindent 8 }} {{- end }} - {{- if .Values.controller.admissionWebhooks.patch.securityContext }} - securityContext: - {{- toYaml .Values.controller.admissionWebhooks.patch.securityContext | nindent 8 }} - {{- end }} + {{- if .Values.controller.admissionWebhooks.patch.securityContext }} + securityContext: {{ toYaml .Values.controller.admissionWebhooks.patch.securityContext | nindent 8 }} + {{- end }} {{- end }} diff --git a/charts/ingress-nginx/templates/admission-webhooks/job-patch/psp.yaml b/charts/ingress-nginx/templates/admission-webhooks/job-patch/psp.yaml index ae40dc898..8e5dc72ac 100644 --- a/charts/ingress-nginx/templates/admission-webhooks/job-patch/psp.yaml +++ b/charts/ingress-nginx/templates/admission-webhooks/job-patch/psp.yaml @@ -1,5 +1,5 @@ {{- if (semverCompare "<1.25.0-0" .Capabilities.KubeVersion.Version) }} -{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled .Values.podSecurityPolicy.enabled (empty .Values.controller.admissionWebhooks.existingPsp) -}} +{{- if and .Values.podSecurityPolicy.enabled .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled (empty .Values.controller.admissionWebhooks.existingPsp) -}} apiVersion: policy/v1beta1 kind: PodSecurityPolicy metadata: @@ -7,6 +7,7 @@ metadata: annotations: "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + seccomp.security.alpha.kubernetes.io/allowedProfileNames: "*" labels: {{- include "ingress-nginx.labels" . | nindent 4 }} app.kubernetes.io/component: admission-webhook @@ -14,28 +15,38 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} spec: - allowPrivilegeEscalation: false + privileged: false + hostPID: false + hostIPC: false + hostNetwork: false + volumes: + - configMap + - downwardAPI + - emptyDir + - secret + - projected fsGroup: - ranges: - - max: 65535 - min: 1 rule: MustRunAs - requiredDropCapabilities: - - ALL + ranges: + - min: 1 + max: 65535 + readOnlyRootFilesystem: true runAsUser: rule: MustRunAsNonRoot + runAsGroup: + rule: MustRunAs + ranges: + - min: 1 + max: 65535 + supplementalGroups: + rule: MustRunAs + ranges: + - min: 1 + max: 65535 + allowPrivilegeEscalation: false + requiredDropCapabilities: + - ALL seLinux: rule: RunAsAny - supplementalGroups: - ranges: - - max: 65535 - min: 1 - rule: MustRunAs - volumes: - - configMap - - emptyDir - - projected - - secret - - downwardAPI {{- end }} {{- end }} diff --git a/charts/ingress-nginx/templates/controller-daemonset.yaml b/charts/ingress-nginx/templates/controller-daemonset.yaml index 9238aefab..718e20c52 100644 --- a/charts/ingress-nginx/templates/controller-daemonset.yaml +++ b/charts/ingress-nginx/templates/controller-daemonset.yaml @@ -60,16 +60,16 @@ spec: {{- end }} {{- if or .Values.controller.podSecurityContext .Values.controller.sysctls }} securityContext: - {{- end }} - {{- if .Values.controller.podSecurityContext }} + {{- if .Values.controller.podSecurityContext }} {{- toYaml .Values.controller.podSecurityContext | nindent 8 }} - {{- end }} - {{- if .Values.controller.sysctls }} + {{- end }} + {{- if .Values.controller.sysctls }} sysctls: - {{- range $sysctl, $value := .Values.controller.sysctls }} - - name: {{ $sysctl | quote }} - value: {{ $value | quote }} - {{- end }} + {{- range $sysctl, $value := .Values.controller.sysctls }} + - name: {{ $sysctl | quote }} + value: {{ $value | quote }} + {{- end }} + {{- end }} {{- end }} {{- if .Values.controller.shareProcessNamespace }} shareProcessNamespace: {{ .Values.controller.shareProcessNamespace }} @@ -77,15 +77,14 @@ spec: containers: - name: {{ .Values.controller.containerName }} {{- with .Values.controller.image }} - image: "{{- if .repository -}}{{ .repository }}{{ else }}{{ .registry }}/{{ include "ingress-nginx.image" . }}{{- end -}}:{{ .tag }}{{ include "ingress-nginx.imageDigest" . }}" + image: {{ if .repository }}{{ .repository }}{{ else }}{{ .registry }}/{{ include "ingress-nginx.image" . }}{{ end }}:{{ .tag }}{{ include "ingress-nginx.imageDigest" . }} {{- end }} imagePullPolicy: {{ .Values.controller.image.pullPolicy }} {{- if .Values.controller.lifecycle }} lifecycle: {{ toYaml .Values.controller.lifecycle | nindent 12 }} {{- end }} - args: - {{- include "ingress-nginx.params" . | nindent 12 }} - securityContext: {{ include "controller.containerSecurityContext" . | nindent 12 }} + args: {{ include "ingress-nginx.params" . | nindent 12 }} + securityContext: {{ include "ingress-nginx.controller.containerSecurityContext" . | nindent 12 }} env: - name: POD_NAME valueFrom: @@ -150,11 +149,11 @@ spec: volumeMounts: {{- if (or .Values.controller.extraModules .Values.controller.opentelemetry.enabled) }} - name: modules - {{ if .Values.controller.image.chroot }} + {{- if .Values.controller.image.chroot }} mountPath: /chroot/modules_mount - {{ else }} + {{- else }} mountPath: /modules_mount - {{ end }} + {{- end }} {{- end }} {{- if .Values.controller.customTemplate.configMapName }} - mountPath: /etc/nginx/template @@ -174,23 +173,25 @@ spec: resources: {{ toYaml .Values.controller.resources | nindent 12 }} {{- end }} {{- if .Values.controller.extraContainers }} - {{ toYaml .Values.controller.extraContainers | nindent 8 }} + {{- toYaml .Values.controller.extraContainers | nindent 8 }} {{- end }} {{- if (or .Values.controller.extraInitContainers .Values.controller.extraModules .Values.controller.opentelemetry.enabled) }} initContainers: {{- if .Values.controller.extraInitContainers }} - {{ toYaml .Values.controller.extraInitContainers | nindent 8 }} + {{- toYaml .Values.controller.extraInitContainers | nindent 8 }} {{- end }} {{- if .Values.controller.extraModules }} {{- range .Values.controller.extraModules }} {{- $containerSecurityContext := .containerSecurityContext | default $.Values.controller.containerSecurityContext }} - {{- include "extraModules" (dict "name" .name "image" .image "containerSecurityContext" $containerSecurityContext) | nindent 8 }} + {{- include "extraModules" (dict "name" .name "image" .image "containerSecurityContext" $containerSecurityContext "resources" .resources) | nindent 8 }} + {{- end }} + {{- end }} + {{- if .Values.controller.opentelemetry.enabled }} + {{- with .Values.controller.opentelemetry }} + {{- $containerSecurityContext := .containerSecurityContext | default $.Values.controller.containerSecurityContext }} + {{- include "extraModules" (dict "name" .name "image" .image "containerSecurityContext" $containerSecurityContext "resources" .resources) | nindent 8 }} {{- end }} {{- end }} - {{- if .Values.controller.opentelemetry.enabled}} - {{- $otelContainerSecurityContext := $.Values.controller.opentelemetry.containerSecurityContext | default $.Values.controller.containerSecurityContext }} - {{- include "extraModules" (dict "name" "opentelemetry" "image" .Values.controller.opentelemetry.image "containerSecurityContext" $otelContainerSecurityContext "distroless" true) | nindent 8}} - {{- end}} {{- end }} {{- if .Values.controller.hostNetwork }} hostNetwork: {{ .Values.controller.hostNetwork }} diff --git a/charts/ingress-nginx/templates/controller-deployment.yaml b/charts/ingress-nginx/templates/controller-deployment.yaml index 432f83fbe..5ff45585b 100644 --- a/charts/ingress-nginx/templates/controller-deployment.yaml +++ b/charts/ingress-nginx/templates/controller-deployment.yaml @@ -63,16 +63,16 @@ spec: {{- end }} {{- if or .Values.controller.podSecurityContext .Values.controller.sysctls }} securityContext: - {{- end }} - {{- if .Values.controller.podSecurityContext }} + {{- if .Values.controller.podSecurityContext }} {{- toYaml .Values.controller.podSecurityContext | nindent 8 }} - {{- end }} - {{- if .Values.controller.sysctls }} + {{- end }} + {{- if .Values.controller.sysctls }} sysctls: - {{- range $sysctl, $value := .Values.controller.sysctls }} - - name: {{ $sysctl | quote }} - value: {{ $value | quote }} - {{- end }} + {{- range $sysctl, $value := .Values.controller.sysctls }} + - name: {{ $sysctl | quote }} + value: {{ $value | quote }} + {{- end }} + {{- end }} {{- end }} {{- if .Values.controller.shareProcessNamespace }} shareProcessNamespace: {{ .Values.controller.shareProcessNamespace }} @@ -80,15 +80,14 @@ spec: containers: - name: {{ .Values.controller.containerName }} {{- with .Values.controller.image }} - image: "{{- if .repository -}}{{ .repository }}{{ else }}{{ .registry }}/{{ include "ingress-nginx.image" . }}{{- end -}}:{{ .tag }}{{ include "ingress-nginx.imageDigest" . }}" + image: {{ if .repository }}{{ .repository }}{{ else }}{{ .registry }}/{{ include "ingress-nginx.image" . }}{{ end }}:{{ .tag }}{{ include "ingress-nginx.imageDigest" . }} {{- end }} imagePullPolicy: {{ .Values.controller.image.pullPolicy }} {{- if .Values.controller.lifecycle }} lifecycle: {{ toYaml .Values.controller.lifecycle | nindent 12 }} {{- end }} - args: - {{- include "ingress-nginx.params" . | nindent 12 }} - securityContext: {{ include "controller.containerSecurityContext" . | nindent 12 }} + args: {{ include "ingress-nginx.params" . | nindent 12 }} + securityContext: {{ include "ingress-nginx.controller.containerSecurityContext" . | nindent 12 }} env: - name: POD_NAME valueFrom: @@ -153,11 +152,11 @@ spec: volumeMounts: {{- if (or .Values.controller.extraModules .Values.controller.opentelemetry.enabled) }} - name: modules - {{ if .Values.controller.image.chroot }} + {{- if .Values.controller.image.chroot }} mountPath: /chroot/modules_mount - {{ else }} + {{- else }} mountPath: /modules_mount - {{ end }} + {{- end }} {{- end }} {{- if .Values.controller.customTemplate.configMapName }} - mountPath: /etc/nginx/template @@ -177,23 +176,25 @@ spec: resources: {{ toYaml .Values.controller.resources | nindent 12 }} {{- end }} {{- if .Values.controller.extraContainers }} - {{ toYaml .Values.controller.extraContainers | nindent 8 }} + {{- toYaml .Values.controller.extraContainers | nindent 8 }} {{- end }} {{- if (or .Values.controller.extraInitContainers .Values.controller.extraModules .Values.controller.opentelemetry.enabled) }} initContainers: {{- if .Values.controller.extraInitContainers }} - {{ toYaml .Values.controller.extraInitContainers | nindent 8 }} + {{- toYaml .Values.controller.extraInitContainers | nindent 8 }} {{- end }} {{- if .Values.controller.extraModules }} {{- range .Values.controller.extraModules }} {{- $containerSecurityContext := .containerSecurityContext | default $.Values.controller.containerSecurityContext }} - {{- include "extraModules" (dict "name" .name "image" .image "containerSecurityContext" $containerSecurityContext) | nindent 8 }} + {{- include "extraModules" (dict "name" .name "image" .image "containerSecurityContext" $containerSecurityContext "resources" .resources) | nindent 8 }} + {{- end }} + {{- end }} + {{- if .Values.controller.opentelemetry.enabled }} + {{- with .Values.controller.opentelemetry }} + {{- $containerSecurityContext := .containerSecurityContext | default $.Values.controller.containerSecurityContext }} + {{- include "extraModules" (dict "name" .name "image" .image "containerSecurityContext" $containerSecurityContext "resources" .resources) | nindent 8 }} {{- end }} {{- end }} - {{- if .Values.controller.opentelemetry.enabled}} - {{- $otelContainerSecurityContext := $.Values.controller.opentelemetry.containerSecurityContext | default $.Values.controller.containerSecurityContext }} - {{- include "extraModules" (dict "name" "opentelemetry" "image" .Values.controller.opentelemetry.image "containerSecurityContext" $otelContainerSecurityContext "distroless" true) | nindent 8}} - {{- end}} {{- end }} {{- if .Values.controller.hostNetwork }} hostNetwork: {{ .Values.controller.hostNetwork }} diff --git a/charts/ingress-nginx/templates/controller-psp.yaml b/charts/ingress-nginx/templates/controller-psp.yaml index 3c499b9d4..aad1d2736 100644 --- a/charts/ingress-nginx/templates/controller-psp.yaml +++ b/charts/ingress-nginx/templates/controller-psp.yaml @@ -4,6 +4,8 @@ apiVersion: policy/v1beta1 kind: PodSecurityPolicy metadata: name: {{ include "ingress-nginx.fullname" . }} + annotations: + seccomp.security.alpha.kubernetes.io/allowedProfileNames: "*" labels: {{- include "ingress-nginx.labels" . | nindent 4 }} app.kubernetes.io/component: controller @@ -11,84 +13,88 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} spec: - allowedCapabilities: - - NET_BIND_SERVICE - {{- if .Values.controller.image.chroot }} - - SYS_CHROOT - {{- end }} -{{- if .Values.controller.sysctls }} - allowedUnsafeSysctls: - {{- range $sysctl, $value := .Values.controller.sysctls }} - - {{ $sysctl }} - {{- end }} -{{- end }} privileged: false - allowPrivilegeEscalation: true - # Allow core volume types. - volumes: - - 'configMap' - - 'emptyDir' - - 'projected' - - 'secret' - - 'downwardAPI' -{{- if .Values.controller.hostNetwork }} + hostPID: false + hostIPC: false hostNetwork: {{ .Values.controller.hostNetwork }} -{{- end }} {{- if or .Values.controller.hostNetwork .Values.controller.hostPort.enabled }} hostPorts: -{{- if .Values.controller.hostNetwork }} -{{- range $key, $value := .Values.controller.containerPort }} - # {{ $key }} - - min: {{ $value }} - max: {{ $value }} + {{- if .Values.controller.hostNetwork }} + {{- range $key, $value := .Values.controller.containerPort }} + # controller.containerPort.{{ $key }} + - min: {{ $value }} + max: {{ $value }} + {{- end }} + {{- else if .Values.controller.hostPort.enabled }} + {{- range $key, $value := .Values.controller.hostPort.ports }} + # controller.hostPort.ports.{{ $key }} + - min: {{ $value }} + max: {{ $value }} + {{- end }} + {{- end }} + {{- if .Values.controller.metrics.enabled }} + # controller.metrics.port + - min: {{ .Values.controller.metrics.port }} + max: {{ .Values.controller.metrics.port }} + {{- end }} + {{- if .Values.controller.admissionWebhooks.enabled }} + # controller.admissionWebhooks.port + - min: {{ .Values.controller.admissionWebhooks.port }} + max: {{ .Values.controller.admissionWebhooks.port }} + {{- end }} + {{- range $key, $value := .Values.tcp }} + # tcp.{{ $key }} + - min: {{ $key }} + max: {{ $key }} + {{- end }} + {{- range $key, $value := .Values.udp }} + # udp.{{ $key }} + - min: {{ $key }} + max: {{ $key }} + {{- end }} {{- end }} -{{- else if .Values.controller.hostPort.enabled }} -{{- range $key, $value := .Values.controller.hostPort.ports }} - # {{ $key }} - - min: {{ $value }} - max: {{ $value }} -{{- end }} -{{- end }} -{{- if .Values.controller.metrics.enabled }} - # metrics - - min: {{ .Values.controller.metrics.port }} - max: {{ .Values.controller.metrics.port }} -{{- end }} -{{- if .Values.controller.admissionWebhooks.enabled }} - # admission webhooks - - min: {{ .Values.controller.admissionWebhooks.port }} - max: {{ .Values.controller.admissionWebhooks.port }} -{{- end }} -{{- range $key, $value := .Values.tcp }} - # {{ $key }}-tcp - - min: {{ $key }} - max: {{ $key }} -{{- end }} -{{- range $key, $value := .Values.udp }} - # {{ $key }}-udp - - min: {{ $key }} - max: {{ $key }} -{{- end }} -{{- end }} - hostIPC: false - hostPID: false - runAsUser: - # Require the container to run without root privileges. - rule: 'MustRunAsNonRoot' - supplementalGroups: - rule: 'MustRunAs' - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 + volumes: + - configMap + - downwardAPI + - emptyDir + - secret + - projected fsGroup: - rule: 'MustRunAs' + rule: MustRunAs ranges: - # Forbid adding the root group. - min: 1 max: 65535 readOnlyRootFilesystem: false + runAsUser: + rule: MustRunAsNonRoot + runAsGroup: + rule: MustRunAs + ranges: + - min: 1 + max: 65535 + supplementalGroups: + rule: MustRunAs + ranges: + - min: 1 + max: 65535 + allowPrivilegeEscalation: {{ or .Values.controller.image.allowPrivilegeEscalation .Values.controller.image.chroot }} + requiredDropCapabilities: + - ALL + allowedCapabilities: + - NET_BIND_SERVICE + {{- if .Values.controller.image.chroot }} + {{- if .Values.controller.image.seccompProfile }} + - SYS_ADMIN + {{- end }} + - SYS_CHROOT + {{- end }} seLinux: - rule: 'RunAsAny' + rule: RunAsAny +{{- if .Values.controller.sysctls }} + allowedUnsafeSysctls: + {{- range $sysctl, $value := .Values.controller.sysctls }} + - {{ $sysctl }} + {{- end }} +{{- end }} {{- end }} {{- end }} diff --git a/charts/ingress-nginx/templates/controller-role.yaml b/charts/ingress-nginx/templates/controller-role.yaml index f6217a29a..a94b39978 100644 --- a/charts/ingress-nginx/templates/controller-role.yaml +++ b/charts/ingress-nginx/templates/controller-role.yaml @@ -44,12 +44,15 @@ rules: - get - list - watch + # Omit Ingress status permissions if `--update-status` is disabled. + {{- if ne (index .Values.controller.extraArgs "update-status") "false" }} - apiGroups: - networking.k8s.io resources: - ingresses/status verbs: - update + {{- end }} - apiGroups: - networking.k8s.io resources: diff --git a/charts/ingress-nginx/templates/controller-service-internal.yaml b/charts/ingress-nginx/templates/controller-service-internal.yaml index b69a09f67..950eb8f05 100644 --- a/charts/ingress-nginx/templates/controller-service-internal.yaml +++ b/charts/ingress-nginx/templates/controller-service-internal.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.controller.service.enabled .Values.controller.service.internal.enabled .Values.controller.service.internal.annotations}} +{{- if and .Values.controller.service.enabled .Values.controller.service.internal.enabled .Values.controller.service.internal.annotations -}} apiVersion: v1 kind: Service metadata: @@ -15,9 +15,12 @@ metadata: name: {{ include "ingress-nginx.controller.fullname" . }}-internal namespace: {{ include "ingress-nginx.namespace" . }} spec: - type: "{{ .Values.controller.service.type }}" -{{- if hasKey .Values.controller.service.internal "allocateLoadBalancerNodePorts" }} - allocateLoadBalancerNodePorts: {{ .Values.controller.service.internal.allocateLoadBalancerNodePorts }} + type: {{ .Values.controller.service.internal.type | default .Values.controller.service.type }} +{{- if .Values.controller.service.internal.clusterIP }} + clusterIP: {{ .Values.controller.service.internal.clusterIP }} +{{- end }} +{{- if .Values.controller.service.internal.externalIPs }} + externalIPs: {{ toYaml .Values.controller.service.internal.externalIPs | nindent 4 }} {{- end }} {{- if .Values.controller.service.internal.loadBalancerIP }} loadBalancerIP: {{ .Values.controller.service.internal.loadBalancerIP }} @@ -25,8 +28,28 @@ spec: {{- if .Values.controller.service.internal.loadBalancerSourceRanges }} loadBalancerSourceRanges: {{ toYaml .Values.controller.service.internal.loadBalancerSourceRanges | nindent 4 }} {{- end }} +{{- if .Values.controller.service.internal.loadBalancerClass }} + loadBalancerClass: {{ .Values.controller.service.internal.loadBalancerClass }} +{{- end }} +{{- if hasKey .Values.controller.service.internal "allocateLoadBalancerNodePorts" }} + allocateLoadBalancerNodePorts: {{ .Values.controller.service.internal.allocateLoadBalancerNodePorts }} +{{- end }} {{- if .Values.controller.service.internal.externalTrafficPolicy }} externalTrafficPolicy: {{ .Values.controller.service.internal.externalTrafficPolicy }} +{{- end }} +{{- if .Values.controller.service.internal.sessionAffinity }} + sessionAffinity: {{ .Values.controller.service.internal.sessionAffinity }} +{{- end }} +{{- if .Values.controller.service.internal.healthCheckNodePort }} + healthCheckNodePort: {{ .Values.controller.service.internal.healthCheckNodePort }} +{{- end }} +{{- if semverCompare ">=1.21.0-0" .Capabilities.KubeVersion.Version -}} +{{- if .Values.controller.service.internal.ipFamilyPolicy }} + ipFamilyPolicy: {{ .Values.controller.service.internal.ipFamilyPolicy }} +{{- end }} +{{- if .Values.controller.service.internal.ipFamilies }} + ipFamilies: {{ toYaml .Values.controller.service.internal.ipFamilies | nindent 4 }} +{{- end }} {{- end }} ports: {{- $setNodePorts := (or (eq .Values.controller.service.type "NodePort") (eq .Values.controller.service.type "LoadBalancer")) }} @@ -35,11 +58,11 @@ spec: port: {{ .Values.controller.service.internal.ports.http | default .Values.controller.service.ports.http }} protocol: TCP targetPort: {{ .Values.controller.service.internal.targetPorts.http | default .Values.controller.service.targetPorts.http }} - {{- if semverCompare ">=1.20" .Capabilities.KubeVersion.Version }} + {{- if and (semverCompare ">=1.20" .Capabilities.KubeVersion.Version) (.Values.controller.service.internal.appProtocol) }} appProtocol: http {{- end }} - {{- if (and $setNodePorts (not (empty .Values.controller.service.nodePorts.http))) }} - nodePort: {{ .Values.controller.service.nodePorts.http }} + {{- if (and $setNodePorts (not (empty .Values.controller.service.internal.nodePorts.http))) }} + nodePort: {{ .Values.controller.service.internal.nodePorts.http }} {{- end }} {{- end }} {{- if .Values.controller.service.enableHttps }} @@ -47,11 +70,11 @@ spec: port: {{ .Values.controller.service.internal.ports.https | default .Values.controller.service.ports.https }} protocol: TCP targetPort: {{ .Values.controller.service.internal.targetPorts.https | default .Values.controller.service.targetPorts.https }} - {{- if semverCompare ">=1.20" .Capabilities.KubeVersion.Version }} + {{- if and (semverCompare ">=1.20" .Capabilities.KubeVersion.Version) (.Values.controller.service.internal.appProtocol) }} appProtocol: https {{- end }} - {{- if (and $setNodePorts (not (empty .Values.controller.service.nodePorts.https))) }} - nodePort: {{ .Values.controller.service.nodePorts.https }} + {{- if (and $setNodePorts (not (empty .Values.controller.service.internal.nodePorts.https))) }} + nodePort: {{ .Values.controller.service.internal.nodePorts.https }} {{- end }} {{- end }} {{- range $key, $value := .Values.tcp }} @@ -59,9 +82,9 @@ spec: port: {{ $key }} protocol: TCP targetPort: {{ if $.Values.portNamePrefix }}{{ $.Values.portNamePrefix }}-{{ end }}{{ $key }}-tcp - {{- if $.Values.controller.service.nodePorts.tcp }} - {{- if index $.Values.controller.service.nodePorts.tcp $key }} - nodePort: {{ index $.Values.controller.service.nodePorts.tcp $key }} + {{- if $.Values.controller.service.internal.nodePorts.tcp }} + {{- if index $.Values.controller.service.internal.nodePorts.tcp $key }} + nodePort: {{ index $.Values.controller.service.internal.nodePorts.tcp $key }} {{- end }} {{- end }} {{- end }} @@ -70,9 +93,9 @@ spec: port: {{ $key }} protocol: UDP targetPort: {{ if $.Values.portNamePrefix }}{{ $.Values.portNamePrefix }}-{{ end }}{{ $key }}-udp - {{- if $.Values.controller.service.nodePorts.udp }} - {{- if index $.Values.controller.service.nodePorts.udp $key }} - nodePort: {{ index $.Values.controller.service.nodePorts.udp $key }} + {{- if $.Values.controller.service.internal.nodePorts.udp }} + {{- if index $.Values.controller.service.internal.nodePorts.udp $key }} + nodePort: {{ index $.Values.controller.service.internal.nodePorts.udp $key }} {{- end }} {{- end }} {{- end }} diff --git a/charts/ingress-nginx/templates/controller-service.yaml b/charts/ingress-nginx/templates/controller-service.yaml index d81635014..74f608536 100644 --- a/charts/ingress-nginx/templates/controller-service.yaml +++ b/charts/ingress-nginx/templates/controller-service.yaml @@ -16,9 +16,6 @@ metadata: namespace: {{ include "ingress-nginx.namespace" . }} spec: type: {{ .Values.controller.service.type }} -{{- if hasKey .Values.controller.service "allocateLoadBalancerNodePorts" }} - allocateLoadBalancerNodePorts: {{ .Values.controller.service.allocateLoadBalancerNodePorts }} -{{- end }} {{- if .Values.controller.service.clusterIP }} clusterIP: {{ .Values.controller.service.clusterIP }} {{- end }} @@ -34,6 +31,9 @@ spec: {{- if .Values.controller.service.loadBalancerClass }} loadBalancerClass: {{ .Values.controller.service.loadBalancerClass }} {{- end }} +{{- if hasKey .Values.controller.service "allocateLoadBalancerNodePorts" }} + allocateLoadBalancerNodePorts: {{ .Values.controller.service.allocateLoadBalancerNodePorts }} +{{- end }} {{- if .Values.controller.service.externalTrafficPolicy }} externalTrafficPolicy: {{ .Values.controller.service.externalTrafficPolicy }} {{- end }} @@ -47,8 +47,6 @@ spec: {{- if .Values.controller.service.ipFamilyPolicy }} ipFamilyPolicy: {{ .Values.controller.service.ipFamilyPolicy }} {{- end }} -{{- end }} -{{- if semverCompare ">=1.21.0-0" .Capabilities.KubeVersion.Version -}} {{- if .Values.controller.service.ipFamilies }} ipFamilies: {{ toYaml .Values.controller.service.ipFamilies | nindent 4 }} {{- end }} diff --git a/charts/ingress-nginx/templates/default-backend-deployment.yaml b/charts/ingress-nginx/templates/default-backend-deployment.yaml index 44c3732b0..66c307563 100644 --- a/charts/ingress-nginx/templates/default-backend-deployment.yaml +++ b/charts/ingress-nginx/templates/default-backend-deployment.yaml @@ -51,7 +51,7 @@ spec: containers: - name: {{ template "ingress-nginx.name" . }}-default-backend {{- with .Values.defaultBackend.image }} - image: "{{- if .repository -}}{{ .repository }}{{ else }}{{ .registry }}/{{ .image }}{{- end -}}:{{ .tag }}{{- if (.digest) -}} @{{.digest}} {{- end -}}" + image: {{ if .repository }}{{ .repository }}{{ else }}{{ .registry }}/{{ .image }}{{ end }}:{{ .tag }}{{ if .digest }}@{{ .digest }}{{ end }} {{- end }} imagePullPolicy: {{ .Values.defaultBackend.image.pullPolicy }} {{- if .Values.defaultBackend.extraArgs }} @@ -65,14 +65,7 @@ spec: {{- end }} {{- end }} {{- end }} - securityContext: - capabilities: - drop: - - ALL - runAsUser: {{ .Values.defaultBackend.image.runAsUser }} - runAsNonRoot: {{ .Values.defaultBackend.image.runAsNonRoot }} - allowPrivilegeEscalation: {{ .Values.defaultBackend.image.allowPrivilegeEscalation }} - readOnlyRootFilesystem: {{ .Values.defaultBackend.image.readOnlyRootFilesystem}} + securityContext: {{ include "ingress-nginx.defaultBackend.containerSecurityContext" . | nindent 12 }} {{- if .Values.defaultBackend.extraEnvs }} env: {{ toYaml .Values.defaultBackend.extraEnvs | nindent 12 }} {{- end }} diff --git a/charts/ingress-nginx/templates/default-backend-extra-configmaps.yaml b/charts/ingress-nginx/templates/default-backend-extra-configmaps.yaml new file mode 100644 index 000000000..9af56cf38 --- /dev/null +++ b/charts/ingress-nginx/templates/default-backend-extra-configmaps.yaml @@ -0,0 +1,23 @@ +{{- if .Values.defaultBackend.enabled }} +{{- range .Values.defaultBackend.extraConfigMaps }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + {{- include "ingress-nginx.labels" $ | nindent 4 }} + app.kubernetes.io/component: default-backend + {{- with $.Values.defaultBackend.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + name: {{ .name }} + namespace: {{ include "ingress-nginx.namespace" $ }} +data: + {{- with .data }} + {{- toYaml . | nindent 2 }} + {{- end }} +{{- end }} +{{- end }} diff --git a/charts/ingress-nginx/templates/default-backend-psp.yaml b/charts/ingress-nginx/templates/default-backend-psp.yaml index c144c8fbf..424109109 100644 --- a/charts/ingress-nginx/templates/default-backend-psp.yaml +++ b/charts/ingress-nginx/templates/default-backend-psp.yaml @@ -4,6 +4,8 @@ apiVersion: policy/v1beta1 kind: PodSecurityPolicy metadata: name: {{ include "ingress-nginx.fullname" . }}-backend + annotations: + seccomp.security.alpha.kubernetes.io/allowedProfileNames: "*" labels: {{- include "ingress-nginx.labels" . | nindent 4 }} app.kubernetes.io/component: default-backend @@ -11,28 +13,38 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} spec: - allowPrivilegeEscalation: false + privileged: false + hostPID: false + hostIPC: false + hostNetwork: false + volumes: + - configMap + - downwardAPI + - emptyDir + - secret + - projected fsGroup: - ranges: - - max: 65535 - min: 1 rule: MustRunAs - requiredDropCapabilities: - - ALL + ranges: + - min: 1 + max: 65535 + readOnlyRootFilesystem: true runAsUser: rule: MustRunAsNonRoot + runAsGroup: + rule: MustRunAs + ranges: + - min: 1 + max: 65535 + supplementalGroups: + rule: MustRunAs + ranges: + - min: 1 + max: 65535 + allowPrivilegeEscalation: false + requiredDropCapabilities: + - ALL seLinux: rule: RunAsAny - supplementalGroups: - ranges: - - max: 65535 - min: 1 - rule: MustRunAs - volumes: - - configMap - - emptyDir - - projected - - secret - - downwardAPI {{- end }} {{- end }} diff --git a/charts/ingress-nginx/tests/controller-configmap-addheaders_test.yaml b/charts/ingress-nginx/tests/controller-configmap-addheaders_test.yaml new file mode 100644 index 000000000..e831d50c0 --- /dev/null +++ b/charts/ingress-nginx/tests/controller-configmap-addheaders_test.yaml @@ -0,0 +1,27 @@ +suite: Controller > ConfigMap > Add Headers +templates: + - controller-configmap-addheaders.yaml + +tests: + - it: should not create a ConfigMap if `controller.addHeaders` is not set + set: + controller.addHeaders: null + asserts: + - hasDocuments: + count: 0 + + - it: should create a ConfigMap if `controller.addHeaders` is set + set: + controller.addHeaders: + X-Another-Custom-Header: Value + asserts: + - hasDocuments: + count: 1 + - isKind: + of: ConfigMap + - equal: + path: metadata.name + value: RELEASE-NAME-ingress-nginx-custom-add-headers + - equal: + path: data.X-Another-Custom-Header + value: Value diff --git a/charts/ingress-nginx/tests/controller-configmap-proxyheaders_test.yaml b/charts/ingress-nginx/tests/controller-configmap-proxyheaders_test.yaml new file mode 100644 index 000000000..0634a3739 --- /dev/null +++ b/charts/ingress-nginx/tests/controller-configmap-proxyheaders_test.yaml @@ -0,0 +1,27 @@ +suite: Controller > ConfigMap > Proxy Headers +templates: + - controller-configmap-proxyheaders.yaml + +tests: + - it: should not create a ConfigMap if `controller.proxySetHeaders` is not set + set: + controller.proxySetHeaders: null + asserts: + - hasDocuments: + count: 0 + + - it: should create a ConfigMap if `controller.proxySetHeaders` is set + set: + controller.proxySetHeaders: + X-Custom-Header: Value + asserts: + - hasDocuments: + count: 1 + - isKind: + of: ConfigMap + - equal: + path: metadata.name + value: RELEASE-NAME-ingress-nginx-custom-proxy-headers + - equal: + path: data.X-Custom-Header + value: Value diff --git a/charts/ingress-nginx/tests/controller-configmap_test.yaml b/charts/ingress-nginx/tests/controller-configmap_test.yaml new file mode 100644 index 000000000..038760338 --- /dev/null +++ b/charts/ingress-nginx/tests/controller-configmap_test.yaml @@ -0,0 +1,14 @@ +suite: Controller > ConfigMap +templates: + - controller-configmap.yaml + +tests: + - it: should create a ConfigMap + asserts: + - hasDocuments: + count: 1 + - isKind: + of: ConfigMap + - equal: + path: metadata.name + value: RELEASE-NAME-ingress-nginx-controller diff --git a/charts/ingress-nginx/tests/controller-daemonset_test.yaml b/charts/ingress-nginx/tests/controller-daemonset_test.yaml new file mode 100644 index 000000000..2e85848b6 --- /dev/null +++ b/charts/ingress-nginx/tests/controller-daemonset_test.yaml @@ -0,0 +1,16 @@ +suite: Controller > DaemonSet +templates: + - controller-daemonset.yaml + +tests: + - it: should create a DaemonSet if `controller.kind` is "DaemonSet" + set: + controller.kind: DaemonSet + asserts: + - hasDocuments: + count: 1 + - isKind: + of: DaemonSet + - equal: + path: metadata.name + value: RELEASE-NAME-ingress-nginx-controller diff --git a/charts/ingress-nginx/tests/controller-deployment_test.yaml b/charts/ingress-nginx/tests/controller-deployment_test.yaml new file mode 100644 index 000000000..01844612e --- /dev/null +++ b/charts/ingress-nginx/tests/controller-deployment_test.yaml @@ -0,0 +1,34 @@ +suite: Controller > Deployment +templates: + - controller-deployment.yaml + +tests: + - it: should create a Deployment + asserts: + - hasDocuments: + count: 1 + - isKind: + of: Deployment + - equal: + path: metadata.name + value: RELEASE-NAME-ingress-nginx-controller + + - it: should create a Deployment with 3 replicas if `controller.replicaCount` is 3 + set: + controller.replicaCount: 3 + asserts: + - equal: + path: spec.replicas + value: 3 + + - it: should create a Deployment with resource limits if `controller.resources.limits` is set + set: + controller.resources.limits.cpu: 500m + controller.resources.limits.memory: 512Mi + asserts: + - equal: + path: spec.template.spec.containers[0].resources.limits.cpu + value: 500m + - equal: + path: spec.template.spec.containers[0].resources.limits.memory + value: 512Mi diff --git a/charts/ingress-nginx/tests/controller-hpa_test.yaml b/charts/ingress-nginx/tests/controller-hpa_test.yaml new file mode 100644 index 000000000..7cd668509 --- /dev/null +++ b/charts/ingress-nginx/tests/controller-hpa_test.yaml @@ -0,0 +1,17 @@ +suite: Controller > HPA +templates: + - controller-hpa.yaml + +tests: + - it: should create a HPA if `controller.kind` is "Deployment" and `controller.autoscaling.enabled` is true + set: + controller.kind: Deployment + controller.autoscaling.enabled: true + asserts: + - hasDocuments: + count: 1 + - isKind: + of: HorizontalPodAutoscaler + - equal: + path: metadata.name + value: RELEASE-NAME-ingress-nginx-controller diff --git a/charts/ingress-nginx/tests/controller-keda_test.yaml b/charts/ingress-nginx/tests/controller-keda_test.yaml new file mode 100644 index 000000000..e6ca8dbfe --- /dev/null +++ b/charts/ingress-nginx/tests/controller-keda_test.yaml @@ -0,0 +1,17 @@ +suite: Controller > KEDA +templates: + - controller-keda.yaml + +tests: + - it: should create a ScaledObject if `controller.kind` is "Deployment" and `controller.keda.enabled` is true + set: + controller.kind: Deployment + controller.keda.enabled: true + asserts: + - hasDocuments: + count: 1 + - isKind: + of: ScaledObject + - equal: + path: metadata.name + value: RELEASE-NAME-ingress-nginx-controller diff --git a/charts/ingress-nginx/tests/controller-networkpolicy_test.yaml b/charts/ingress-nginx/tests/controller-networkpolicy_test.yaml new file mode 100644 index 000000000..5de12e9c4 --- /dev/null +++ b/charts/ingress-nginx/tests/controller-networkpolicy_test.yaml @@ -0,0 +1,23 @@ +suite: Controller > NetworkPolicy +templates: + - controller-networkpolicy.yaml + +tests: + - it: should not create a NetworkPolicy if `controller.networkPolicy.enabled` is false + set: + controller.networkPolicy.enabled: false + asserts: + - hasDocuments: + count: 0 + + - it: should create a NetworkPolicy if `controller.networkPolicy.enabled` is true + set: + controller.networkPolicy.enabled: true + asserts: + - hasDocuments: + count: 1 + - isKind: + of: NetworkPolicy + - equal: + path: metadata.name + value: RELEASE-NAME-ingress-nginx-controller diff --git a/charts/ingress-nginx/tests/controller-service-internal_test.yaml b/charts/ingress-nginx/tests/controller-service-internal_test.yaml new file mode 100644 index 000000000..5465e1a2b --- /dev/null +++ b/charts/ingress-nginx/tests/controller-service-internal_test.yaml @@ -0,0 +1,25 @@ +suite: Controller > Service > Internal +templates: + - controller-service-internal.yaml + +tests: + - it: should not create an internal Service if `controller.service.internal.enabled` is false + set: + controller.service.internal.enabled: false + asserts: + - hasDocuments: + count: 0 + + - it: should create an internal Service if `controller.service.internal.enabled` is true and `controller.service.internal.annotations` are set + set: + controller.service.internal.enabled: true + controller.service.internal.annotations: + test.annotation: "true" + asserts: + - hasDocuments: + count: 1 + - isKind: + of: Service + - equal: + path: metadata.name + value: RELEASE-NAME-ingress-nginx-controller-internal diff --git a/charts/ingress-nginx/tests/controller-service-metrics_test.yaml b/charts/ingress-nginx/tests/controller-service-metrics_test.yaml new file mode 100644 index 000000000..afdb94046 --- /dev/null +++ b/charts/ingress-nginx/tests/controller-service-metrics_test.yaml @@ -0,0 +1,23 @@ +suite: Controller > Service > Metrics +templates: + - controller-service-metrics.yaml + +tests: + - it: should not create a metrics Service if `controller.metrics.enabled` is false + set: + controller.metrics.enabled: false + asserts: + - hasDocuments: + count: 0 + + - it: should create a metrics Service if `controller.metrics.enabled` is true + set: + controller.metrics.enabled: true + asserts: + - hasDocuments: + count: 1 + - isKind: + of: Service + - equal: + path: metadata.name + value: RELEASE-NAME-ingress-nginx-controller-metrics diff --git a/charts/ingress-nginx/tests/controller-service_test.yaml b/charts/ingress-nginx/tests/controller-service_test.yaml new file mode 100644 index 000000000..10574f227 --- /dev/null +++ b/charts/ingress-nginx/tests/controller-service_test.yaml @@ -0,0 +1,32 @@ +suite: Controller > Service +templates: + - controller-service.yaml + +tests: + - it: should not create a Service if `controller.service.external.enabled` is false + set: + controller.service.external.enabled: false + asserts: + - hasDocuments: + count: 0 + + - it: should create a Service if `controller.service.external.enabled` is true + set: + controller.service.external.enabled: true + asserts: + - hasDocuments: + count: 1 + - isKind: + of: Service + - equal: + path: metadata.name + value: RELEASE-NAME-ingress-nginx-controller + + - it: should create a Service of type "NodePort" if `controller.service.external.enabled` is true and `controller.service.type` is "NodePort" + set: + controller.service.external.enabled: true + controller.service.type: NodePort + asserts: + - equal: + path: spec.type + value: NodePort diff --git a/charts/ingress-nginx/tests/default-backend-extra-configmaps_test.yaml b/charts/ingress-nginx/tests/default-backend-extra-configmaps_test.yaml new file mode 100644 index 000000000..aa600e749 --- /dev/null +++ b/charts/ingress-nginx/tests/default-backend-extra-configmaps_test.yaml @@ -0,0 +1,50 @@ +suite: Default Backend > Extra ConfigMaps +templates: + - default-backend-extra-configmaps.yaml + +tests: + - it: should not create a ConfigMap if `defaultBackend.extraConfigMaps` is empty + set: + defaultBackend.enabled: true + defaultBackend.extraConfigMaps: [] + asserts: + - hasDocuments: + count: 0 + + - it: should create one ConfigMap if `defaultBackend.extraConfigMaps` has one element + set: + defaultBackend.enabled: true + defaultBackend.extraConfigMaps: + - name: my-configmap-1 + data: + key1: value1 + asserts: + - hasDocuments: + count: 1 + - isKind: + of: ConfigMap + - equal: + path: metadata.name + value: my-configmap-1 + - equal: + path: data.key1 + value: value1 + + - it: should create two ConfigMaps if `defaultBackend.extraConfigMaps` has two elements + set: + defaultBackend.enabled: true + defaultBackend.extraConfigMaps: + - name: my-configmap-1 + data: + key1: value1 + - name: my-configmap-2 + data: + key2: value2 + asserts: + - hasDocuments: + count: 2 + - isKind: + of: ConfigMap + - matchRegex: + path: metadata.name + pattern: my-configmap-(1|2) diff --git a/charts/ingress-nginx/tests/default-backend-service_test.yaml b/charts/ingress-nginx/tests/default-backend-service_test.yaml new file mode 100644 index 000000000..f16904f9f --- /dev/null +++ b/charts/ingress-nginx/tests/default-backend-service_test.yaml @@ -0,0 +1,32 @@ +suite: Default Backend > Service +templates: + - default-backend-service.yaml + +tests: + - it: should not create a Service if `defaultBackend.enabled` is false + set: + defaultBackend.enabled: false + asserts: + - hasDocuments: + count: 0 + + - it: should create a Service if `defaultBackend.enabled` is true + set: + defaultBackend.enabled: true + asserts: + - hasDocuments: + count: 1 + - isKind: + of: Service + - equal: + path: metadata.name + value: RELEASE-NAME-ingress-nginx-defaultbackend + + - it: should create a Service with port 80 if `defaultBackend.service.port` is 80 + set: + defaultBackend.enabled: true + defaultBackend.service.port: 80 + asserts: + - equal: + path: spec.ports[0].port + value: 80 diff --git a/charts/ingress-nginx/values.yaml b/charts/ingress-nginx/values.yaml index 7f633b47a..a73bdca15 100644 --- a/charts/ingress-nginx/values.yaml +++ b/charts/ingress-nginx/values.yaml @@ -27,13 +27,17 @@ controller: ## for backwards compatibility consider setting the full image url via the repository value below ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail ## repository: - tag: "v1.8.2" - digest: sha256:74834d3d25b336b62cabeb8bf7f1d788706e2cf1cfd64022de4137ade8881ff2 - digestChroot: sha256:1317a563219f755a6094d990057c78e5c4dcea5e31f4ce1db8641e732a7d6133 + tag: "v1.9.4" + digest: sha256:5b161f051d017e55d358435f295f5e9a297e66158f136321d9b04520ec6c48a3 + digestChroot: sha256:5976b1067cfbca8a21d0ba53d71f83543a73316a61ea7f7e436d6cf84ddf9b26 pullPolicy: IfNotPresent + runAsNonRoot: true # www-data -> uid 101 runAsUser: 101 - allowPrivilegeEscalation: true + allowPrivilegeEscalation: false + seccompProfile: + type: RuntimeDefault + readOnlyRootFilesystem: false # -- Use an existing PSP instead of creating one existingPsp: "" # -- Configures the controller container name @@ -127,12 +131,15 @@ controller: podLabels: {} # key: value - # -- Security Context policies for controller pods + # -- Security context for controller pods podSecurityContext: {} - # -- See https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ for notes on enabling and using sysctls + # -- sysctls for controller pods + ## Ref: https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ sysctls: {} # sysctls: # "net.core.somaxconn": "8192" + # -- Security context for controller containers + containerSecurityContext: {} # -- Allows customization of the source of the IP address or FQDN to report # in the ingress status field. By default, it reads the information provided @@ -437,103 +444,198 @@ controller: customTemplate: configMapName: "" configMapKey: "" + service: + # -- Enable controller services or not. This does not influence the creation of either the admission webhook or the metrics service. enabled: true - # -- If enabled is adding an appProtocol option for Kubernetes service. An appProtocol field replacing annotations that were - # using for setting a backend protocol. Here is an example for AWS: service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http - # It allows choosing the protocol for each backend specified in the Kubernetes service. - # See the following GitHub issue for more details about the purpose: https://github.com/kubernetes/kubernetes/issues/40244 - # Will be ignored for Kubernetes versions older than 1.20 - ## - appProtocol: true - # -- Annotations are mandatory for the load balancer to come up. Varies with the cloud service. Values passed through helm tpl engine. + + external: + # -- Enable the external controller service or not. Useful for internal-only deployments. + enabled: true + + # -- Annotations to be added to the external controller service. See `controller.service.internal.annotations` for annotations to be added to the internal controller service. annotations: {} + # -- Labels to be added to both controller services. labels: {} - # clusterIP: "" - # -- List of IP addresses at which the controller services are available - ## Ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips - ## + # -- Type of the external controller service. + # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types + type: LoadBalancer + + # -- Pre-defined cluster internal IP address of the external controller service. Take care of collisions with existing services. + # This value is immutable. Set once, it can not be changed without deleting and re-creating the service. + # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address + clusterIP: "" + + # -- List of node IP addresses at which the external controller service is available. + # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips externalIPs: [] - # -- Set to false to disable loadbalancer node port allocation - # See https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-nodeport-allocation - # allocateLoadBalancerNodePorts: true - # -- Used by cloud providers to connect the resulting `LoadBalancer` to a pre-existing static IP according to https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer + + # -- Deprecated: Pre-defined IP address of the external controller service. Used by cloud providers to connect the resulting load balancer service to a pre-existing static IP. + # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer loadBalancerIP: "" + # -- Restrict access to the external controller service. Values must be CIDRs. Allows any source address by default. loadBalancerSourceRanges: [] - # -- Used by cloud providers to select a load balancer implementation other than the cloud provider default. https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-class + # -- Load balancer class of the external controller service. Used by cloud providers to select a load balancer implementation other than the cloud provider default. + # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-class loadBalancerClass: "" - enableHttp: true - enableHttps: true - ## Set external traffic policy to: "Local" to preserve source IP on providers supporting it. - ## Ref: https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-typeloadbalancer - # externalTrafficPolicy: "" - ## Must be either "None" or "ClientIP" if set. Kubernetes will default to "None". - ## Ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - # sessionAffinity: "" + # -- Enable node port allocation for the external controller service or not. Applies to type `LoadBalancer` only. + # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-nodeport-allocation + # allocateLoadBalancerNodePorts: true - ## Specifies the health check node port (numeric port number) for the service. If healthCheckNodePort isn’t specified, - ## the service controller allocates a port from your cluster’s NodePort range. - ## Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + # -- External traffic policy of the external controller service. Set to "Local" to preserve source IP on providers supporting it. + # Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + externalTrafficPolicy: "" + + # -- Session affinity of the external controller service. Must be either "None" or "ClientIP" if set. Defaults to "None". + # Ref: https://kubernetes.io/docs/reference/networking/virtual-ips/#session-affinity + sessionAffinity: "" + + # -- Specifies the health check node port (numeric port number) for the external controller service. + # If not specified, the service controller allocates a port from your cluster's node port range. + # Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip # healthCheckNodePort: 0 - # -- Represents the dual-stack-ness requested or required by this Service. Possible values are - # SingleStack, PreferDualStack or RequireDualStack. - # The ipFamilies and clusterIPs fields depend on the value of this field. - ## Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/ - ipFamilyPolicy: "SingleStack" - # -- List of IP families (e.g. IPv4, IPv6) assigned to the service. This field is usually assigned automatically - # based on cluster configuration and the ipFamilyPolicy field. - ## Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/ + # -- Represents the dual-stack capabilities of the external controller service. Possible values are SingleStack, PreferDualStack or RequireDualStack. + # Fields `ipFamilies` and `clusterIP` depend on the value of this field. + # Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services + ipFamilyPolicy: SingleStack + # -- List of IP families (e.g. IPv4, IPv6) assigned to the external controller service. This field is usually assigned automatically based on cluster configuration and the `ipFamilyPolicy` field. + # Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services ipFamilies: - IPv4 + + # -- Enable the HTTP listener on both controller services or not. + enableHttp: true + # -- Enable the HTTPS listener on both controller services or not. + enableHttps: true + ports: + # -- Port the external HTTP listener is published with. http: 80 + # -- Port the external HTTPS listener is published with. https: 443 + targetPorts: + # -- Port of the ingress controller the external HTTP listener is mapped to. http: http + # -- Port of the ingress controller the external HTTPS listener is mapped to. https: https - type: LoadBalancer - ## type: NodePort - ## nodePorts: - ## http: 32080 - ## https: 32443 - ## tcp: - ## 8080: 32808 + + # -- Declare the app protocol of the external HTTP and HTTPS listeners or not. Supersedes provider-specific annotations for declaring the backend protocol. + # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#application-protocol + appProtocol: true + nodePorts: + # -- Node port allocated for the external HTTP listener. If left empty, the service controller allocates one from the configured node port range. http: "" + # -- Node port allocated for the external HTTPS listener. If left empty, the service controller allocates one from the configured node port range. https: "" + # -- Node port mapping for external TCP listeners. If left empty, the service controller allocates them from the configured node port range. + # Example: + # tcp: + # 8080: 30080 tcp: {} + # -- Node port mapping for external UDP listeners. If left empty, the service controller allocates them from the configured node port range. + # Example: + # udp: + # 53: 30053 udp: {} - external: - enabled: true + internal: - # -- Enables an additional internal load balancer (besides the external one). + # -- Enable the internal controller service or not. Remember to configure `controller.service.internal.annotations` when enabling this. enabled: false - # -- Annotations are mandatory for the load balancer to come up. Varies with the cloud service. Values passed through helm tpl engine. + + # -- Annotations to be added to the internal controller service. Mandatory for the internal controller service to be created. Varies with the cloud service. + # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer annotations: {} - # -- Set to false to disable loadbalancer node port allocation - # See https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-nodeport-allocation - # allocateLoadBalancerNodePorts: true - # -- Used by cloud providers to connect the resulting internal LoadBalancer to a pre-existing static IP. Make sure to add to the service the needed annotation to specify the subnet which the static IP belongs to. For instance, `networking.gke.io/internal-load-balancer-subnet` for GCP and `service.beta.kubernetes.io/aws-load-balancer-subnets` for AWS. + + # -- Type of the internal controller service. + # Defaults to the value of `controller.service.type`. + # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types + type: "" + + # -- Pre-defined cluster internal IP address of the internal controller service. Take care of collisions with existing services. + # This value is immutable. Set once, it can not be changed without deleting and re-creating the service. + # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address + clusterIP: "" + + # -- List of node IP addresses at which the internal controller service is available. + # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips + externalIPs: [] + + # -- Deprecated: Pre-defined IP address of the internal controller service. Used by cloud providers to connect the resulting load balancer service to a pre-existing static IP. + # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer loadBalancerIP: "" - # -- Restrict access For LoadBalancer service. Defaults to 0.0.0.0/0. + # -- Restrict access to the internal controller service. Values must be CIDRs. Allows any source address by default. loadBalancerSourceRanges: [] - ## Set external traffic policy to: "Local" to preserve source IP on - ## providers supporting it - ## Ref: https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-typeloadbalancer - # externalTrafficPolicy: "" + # -- Load balancer class of the internal controller service. Used by cloud providers to select a load balancer implementation other than the cloud provider default. + # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-class + loadBalancerClass: "" + + # -- Enable node port allocation for the internal controller service or not. Applies to type `LoadBalancer` only. + # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-nodeport-allocation + # allocateLoadBalancerNodePorts: true + + # -- External traffic policy of the internal controller service. Set to "Local" to preserve source IP on providers supporting it. + # Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + externalTrafficPolicy: "" + + # -- Session affinity of the internal controller service. Must be either "None" or "ClientIP" if set. Defaults to "None". + # Ref: https://kubernetes.io/docs/reference/networking/virtual-ips/#session-affinity + sessionAffinity: "" + + # -- Specifies the health check node port (numeric port number) for the internal controller service. + # If not specified, the service controller allocates a port from your cluster's node port range. + # Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + # healthCheckNodePort: 0 + + # -- Represents the dual-stack capabilities of the internal controller service. Possible values are SingleStack, PreferDualStack or RequireDualStack. + # Fields `ipFamilies` and `clusterIP` depend on the value of this field. + # Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services + ipFamilyPolicy: SingleStack + # -- List of IP families (e.g. IPv4, IPv6) assigned to the internal controller service. This field is usually assigned automatically based on cluster configuration and the `ipFamilyPolicy` field. + # Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services + ipFamilies: + - IPv4 - # -- Custom port mapping for internal service ports: {} - # http: 80 - # https: 443 + # -- Port the internal HTTP listener is published with. + # Defaults to the value of `controller.service.ports.http`. + # http: 80 + # -- Port the internal HTTPS listener is published with. + # Defaults to the value of `controller.service.ports.https`. + # https: 443 - # -- Custom target port mapping for internal service targetPorts: {} - # http: http - # https: https + # -- Port of the ingress controller the internal HTTP listener is mapped to. + # Defaults to the value of `controller.service.targetPorts.http`. + # http: http + # -- Port of the ingress controller the internal HTTPS listener is mapped to. + # Defaults to the value of `controller.service.targetPorts.https`. + # https: https + + # -- Declare the app protocol of the internal HTTP and HTTPS listeners or not. Supersedes provider-specific annotations for declaring the backend protocol. + # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#application-protocol + appProtocol: true + + nodePorts: + # -- Node port allocated for the internal HTTP listener. If left empty, the service controller allocates one from the configured node port range. + http: "" + # -- Node port allocated for the internal HTTPS listener. If left empty, the service controller allocates one from the configured node port range. + https: "" + # -- Node port mapping for internal TCP listeners. If left empty, the service controller allocates them from the configured node port range. + # Example: + # tcp: + # 8080: 30080 + tcp: {} + # -- Node port mapping for internal UDP listeners. If left empty, the service controller allocates them from the configured node port range. + # Example: + # udp: + # 53: 30053 + udp: {} + # shareProcessNamespace enables process namespace sharing within the pod. # This can be used for example to signal log rotation using `kill -USR1` from a sidecar. shareProcessNamespace: false @@ -580,9 +682,26 @@ controller: # -- Modules, which are mounted into the core nginx image. See values.yaml for a sample to add opentelemetry module extraModules: [] # - name: mytestmodule - # image: registry.k8s.io/ingress-nginx/mytestmodule + # image: + # registry: registry.k8s.io + # image: ingress-nginx/mytestmodule + # ## for backwards compatibility consider setting the full image url via the repository value below + # ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail + # ## repository: + # tag: "v1.0.0" + # digest: "" + # distroless: false # containerSecurityContext: + # runAsNonRoot: true + # runAsUser: # allowPrivilegeEscalation: false + # seccompProfile: + # type: RuntimeDefault + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # resources: {} # # The image must contain a `/usr/local/bin/init_module.sh` executable, which # will be executed as initContainers, to move its config files within the @@ -590,9 +709,28 @@ controller: opentelemetry: enabled: false - image: registry.k8s.io/ingress-nginx/opentelemetry:v20230721-3e2062ee5@sha256:13bee3f5223883d3ca62fee7309ad02d22ec00ff0d7033e3e9aca7a9f60fd472 + name: opentelemetry + image: + registry: registry.k8s.io + image: ingress-nginx/opentelemetry + ## for backwards compatibility consider setting the full image url via the repository value below + ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail + ## repository: + tag: "v20230721-3e2062ee5" + digest: sha256:13bee3f5223883d3ca62fee7309ad02d22ec00ff0d7033e3e9aca7a9f60fd472 + distroless: true containerSecurityContext: + runAsNonRoot: true + # -- The image's default user, inherited from its base image `cgr.dev/chainguard/static`. + runAsUser: 65532 allowPrivilegeEscalation: false + seccompProfile: + type: RuntimeDefault + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + resources: {} admissionWebhooks: name: admission annotations: {} @@ -632,8 +770,17 @@ controller: type: ClusterIP createSecretJob: name: create + # -- Security context for secret creation containers securityContext: + runAsNonRoot: true + runAsUser: 65532 allowPrivilegeEscalation: false + seccompProfile: + type: RuntimeDefault + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true resources: {} # limits: # cpu: 10m @@ -643,8 +790,17 @@ controller: # memory: 20Mi patchWebhookJob: name: patch + # -- Security context for webhook patch containers securityContext: + runAsNonRoot: true + runAsUser: 65532 allowPrivilegeEscalation: false + seccompProfile: + type: RuntimeDefault + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true resources: {} patch: enabled: true @@ -670,10 +826,8 @@ controller: tolerations: [] # -- Labels to be added to patch job resources labels: {} - securityContext: - runAsNonRoot: true - runAsUser: 2000 - fsGroup: 2000 + # -- Security context for secret creation & webhook patch pods + securityContext: {} # Use certmanager to generate webhook certs certManager: enabled: false @@ -799,11 +953,13 @@ defaultBackend: ## repository: tag: "1.5" pullPolicy: IfNotPresent + runAsNonRoot: true # nobody user -> uid 65534 runAsUser: 65534 - runAsNonRoot: true - readOnlyRootFilesystem: true allowPrivilegeEscalation: false + seccompProfile: + type: RuntimeDefault + readOnlyRootFilesystem: true # -- Use an existing PSP instead of creating one existingPsp: "" extraArgs: {} @@ -849,15 +1005,9 @@ defaultBackend: # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)" affinity: {} - # -- Security Context policies for controller pods - # See https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ for - # notes on enabling and using sysctls - ## + # -- Security context for default backend pods podSecurityContext: {} - # -- Security Context policies for controller main container. - # See https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ for - # notes on enabling and using sysctls - ## + # -- Security context for default backend containers containerSecurityContext: {} # -- Labels to add to the pod container metadata podLabels: {} @@ -891,6 +1041,21 @@ defaultBackend: # - name: copy-portal-skins # emptyDir: {} + extraConfigMaps: [] + ## Additional configmaps to the default backend pod. + # - name: my-extra-configmap-1 + # labels: + # type: config-1 + # data: + # extra_file_1.html: | + # + # - name: my-extra-configmap-2 + # labels: + # type: config-2 + # data: + # extra_file_2.html: | + # + autoscaling: annotations: {} enabled: false @@ -898,12 +1063,10 @@ defaultBackend: maxReplicas: 2 targetCPUUtilizationPercentage: 50 targetMemoryUtilizationPercentage: 50 - # NetworkPolicy for default backend component. networkPolicy: # -- Enable 'networkPolicy' or not enabled: false - service: annotations: {} # clusterIP: "" diff --git a/hack/verify-chart-lint.sh b/hack/verify-chart-lint.sh index 9ece681e0..1c661ae2b 100755 --- a/hack/verify-chart-lint.sh +++ b/hack/verify-chart-lint.sh @@ -19,6 +19,4 @@ set -o nounset set -o pipefail KUBE_ROOT="$( cd "$(dirname "$0")../" >/dev/null 2>&1 ; pwd -P )" -# TODO: This is a temporary workaround while we don't update Helm Chart test -curl https://raw.githubusercontent.com/helm/chart-testing/v3.8.0/etc/chart_schema.yaml -o /tmp/chart_schema.yaml -ct lint --charts ${KUBE_ROOT}/charts/ingress-nginx --validate-maintainers=false --chart-yaml-schema=/tmp/chart_schema.yaml +ct lint --charts ${KUBE_ROOT}/charts/ingress-nginx --validate-maintainers=false diff --git a/test/e2e/run-chart-test.sh b/test/e2e/run-chart-test.sh index 6df4fb1e7..2b1ab5a5a 100755 --- a/test/e2e/run-chart-test.sh +++ b/test/e2e/run-chart-test.sh @@ -104,13 +104,12 @@ if [ "${SKIP_CERT_MANAGER_CREATION:-false}" = "false" ]; then fi echo "[dev-env] running helm chart e2e tests..." -# Uses a custom chart-testing image to avoid timeouts waiting for namespace deletion. -# The changes can be found here: https://github.com/aledbf/chart-testing/commit/41fe0ae0733d0c9a538099fb3cec522e888e3d82 docker run --rm --interactive --network host \ --name ct \ --volume $KUBECONFIG:/root/.kube/config \ --volume "${DIR}/../../":/workdir \ --workdir /workdir \ - aledbf/chart-testing:v3.3.1-next ct install \ + registry.k8s.io/ingress-nginx/e2e-test-runner:v20231208-4c39e6acc@sha256:0607184ca9c53c9c24a47b6f52347dd96137b05c6f276efa67051929a39e8f7a \ + ct install \ --charts charts/ingress-nginx \ --helm-extra-args "--timeout 60s"