Fix minor typos (#11935)

2024-09-07 00:59:43 +10:00 · 2024-09-07 00:59:43 +10:00 · 4f23049374
commit 4f23049374
parent a647bc1b7a
47 changed files with 125 additions and 125 deletions
--- a/.github/workflows/zz-tmpl-images.yaml
+++ b/.github/workflows/zz-tmpl-images.yaml
@ -1,5 +1,5 @@
 #### THIS IS A TEMPLATE ####
-# This workflow is created to be a template for every time an e2e teest is required,
+# This workflow is created to be a template for every time an e2e test is required,
 on:
  workflow_call:
--- a/.github/workflows/zz-tmpl-k8s-e2e.yaml
+++ b/.github/workflows/zz-tmpl-k8s-e2e.yaml
@ -1,5 +1,5 @@
 #### THIS IS A TEMPLATE ####
-# This workflow is created to be a template for every time an e2e teest is required,
+# This workflow is created to be a template for every time an e2e test is required,
 on:
  workflow_call:
--- a/Changelog.md
+++ b/Changelog.md
@ -356,7 +356,7 @@ Image:
 - k8s.gcr.io/ingress-nginx/controller:v1.2.0@sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185
 - k8s.gcr.io/ingress-nginx/controller-chroot:v1.2.0@sha256:fb17f1700b77d4fcc52ca6f83ffc2821861ae887dbb87149cf5cbc52bea425e5
-This minor version release, introduces 2 breaking changes. For the first time, an option to jail/chroot the nginx process, inside the controller container, is being introduced.. This provides an additional layer of security, for sensitive information like K8S serviceaccounts. This release also brings a special new feature of deep inspection into objects. The inspection is a walk through of all the spec, checking for possible attempts to escape configs. Currently such an inspection only occurs for `networking.Ingress`.  Additionally there are fixes for the recently announced CVEs on busybox & ssl_client. And there is a fix to a recently introduced redirection related bug, that was setting the protocol on URLs to "nil".
+This minor version release, introduces 2 breaking changes. For the first time, an option to jail/chroot the nginx process, inside the controller container, is being introduced. This provides an additional layer of security, for sensitive information like K8S serviceaccounts. This release also brings a special new feature of deep inspection into objects. The inspection is a walk through of all the spec, checking for possible attempts to escape configs. Currently such an inspection only occurs for `networking.Ingress`.  Additionally there are fixes for the recently announced CVEs on busybox & ssl_client. And there is a fix to a recently introduced redirection related bug, that was setting the protocol on URLs to "nil".
 _Changes:_
@ -2193,7 +2193,7 @@ _New Features:_
  If the active connections end before that, the pod will terminate gracefully at that time.
-  To efectively take advantage of this feature, the Configmap feature [worker-shutdown-timeout](https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#worker-shutdown-timeout) new value is `240s` instead of `10s`.
+  To effectively take advantage of this feature, the Configmap feature [worker-shutdown-timeout](https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#worker-shutdown-timeout) new value is `240s` instead of `10s`.
  **IMPORTANT:** this value has a side effect during reloads, consuming more memory until the old NGINX workers are replaced.
@ -2603,7 +2603,7 @@ _New Features:_
 _Breaking changes:_
 - The NGINX server listening in port 18080 was removed. It was replaced by a server using an unix socket as port [#3684](https://github.com/kubernetes/ingress-nginx/pull/3684)
-  This server was internal to the ingress controller. In case this was being acceded from the outside, you can restore the old server using the `http-snipet` feature in the configuration configmap like:
+  This server was internal to the ingress controller. In case this was being acceded from the outside, you can restore the old server using the `http-snippet` feature in the configuration configmap like:
  ```yaml
  http-snippet: |
--- a/MANUAL_RELEASE.md
+++ b/MANUAL_RELEASE.md
@ -177,7 +177,7 @@ Promoting the images basically means that images, that were pushed to staging co
            ```
            - The -L 38 was used for 2 reasons.
              - Default number of results is 30 and there were more than 30 PRs merged while releasing v1.1.1. If you see the current/soon-to-be-old changelog, you can look at the most recent PR number that has been accounted for already, and start from after that last accounted for PR.
-              -  The other reason to use -L 38 was to ommit the 39th, the 40th and the 41st line in the resulting list. These were non-relevant PRs.
+              -  The other reason to use -L 38 was to omit the 39th, the 40th and the 41st line in the resulting list. These were non-relevant PRs.
            - If you save the output of above command to a file called prlist.txt. It looks somewhat like this ;
              ```
@ -191,7 +191,7 @@ Promoting the images basically means that images, that were pushed to staging co
              ....
              ```
              You can delete the lines, that refer to PRs of the release process itself. We only need to list the feature/bugfix PRs. You can also delete the lines that are housekeeping or not really worth mentioning in the changelog.
-          -  you use some easy automation in bash/python/other, to get the PR-List that can be used in the changelog. For example, its possible to use a bash scripty way, seen below, to convert those plaintext PR numbers into clickable links. 
+          -  you use some easy automation in bash/python/other, to get the PR-List that can be used in the changelog. For example, it's possible to use a bash scripty way, seen below, to convert those plaintext PR numbers into clickable links.
            ```
            #!/usr/bin/bash
@ -205,7 +205,7 @@ Promoting the images basically means that images, that were pushed to staging co
            done <$file
            ```
-          - There was a parsing issue and path issue on MacOS, so above scrpt had to be modified and MacOS monterey compatible script is below ;
+          - There was a parsing issue and path issue on MacOS, so above script had to be modified and MacOS monterey compatible script is below ;
            ```
            #!/bin/bash
@ -274,7 +274,7 @@ Promoting the images basically means that images, that were pushed to staging co
 ### h. Update README.md
- Update the table in README.md in the root of the projet to reflect the support matrix. Add the new release version and details in there.
+- Update the table in README.md in the root of the project to reflect the support matrix. Add the new release version and details in there.
 ## 5. RELEASE new version
@ -291,7 +291,7 @@ Promoting the images basically means that images, that were pushed to staging co
 - `helm repo update`
 - `helm search repo ingress-nginx`
-## 6. Github release
+## 6. GitHub release
 - Release to github
--- a/NEW_CONTRIBUTOR.md
+++ b/NEW_CONTRIBUTOR.md
@ -20,14 +20,14 @@ It all starts with the OSI model...
 ### Approaching the problem
-Not everybody knows everything. But the factors that help are a love/passion for this to begin. But to move forward, its the approach and not the knowledge that sustains prolonged joy, while working on issues. If the approach is simple and powered by good-wishes-for-community, then info & tools are forthcoming and easy.
+Not everybody knows everything. But the factors that help are a love/passion for this to begin. But to move forward, it's the approach and not the knowledge that sustains prolonged joy, while working on issues. If the approach is simple and powered by good-wishes-for-community, then info & tools are forthcoming and easy.
 Here we take a bird's eye-view of the hops in the network plumbing, that a packet takes, from source to destination, when we run `curl`, from a laptop to a nginx webserver process, running in a container, inside a pod, inside a Kubernetes cluster, created using `kind` or `minikube` or any other cluster-management tool.
 ### [Kind](https://kind.sigs.k8s.io/) cluster example on a Linux Host
 #### TL;DR
-The destination of the packet from the curl command, is looked up, in the `routing table`. Based on the route, the the packet first travels to the virtual bridge `172.18.0.1` interface, created by docker, when we created the kind cluster on a laptop. Next the packet is forwarded to `172.18.0.2`(See below on how we got this IP address), within the kind cluster. The `kube-proxy` container creates iptables rules that make sure the packet goes to the correct pod ip in this case `10.244.0.5`
+The destination of the packet from the curl command, is looked up, in the `routing table`. Based on the route, the packet first travels to the virtual bridge `172.18.0.1` interface, created by docker, when we created the kind cluster on a laptop. Next the packet is forwarded to `172.18.0.2`(See below on how we got this IP address), within the kind cluster. The `kube-proxy` container creates iptables rules that make sure the packet goes to the correct pod ip in this case `10.244.0.5`
 Command:
 ```
@ -435,7 +435,7 @@ virbr0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
 ```
 Output Relevance: From the above output you can see there are two Virtual Bridges created by minikube when we created the cluster on the network. Here, `virbr0` is the default NAT network bridge while `virbr2` is a isolated network bridge on which the pods run.
-Minikube creates a Virtual Machine, to enter the virtual machine we can simple do:
+Minikube creates a Virtual Machine, to enter the virtual machine we can simply do:
 ```
 # minikube ssh
 ```
@ -707,7 +707,7 @@ NAME    TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)   AGE
 httpd   ClusterIP   10.104.111.0   <none>        80/TCP    13s
 ```
-Once we have this we can now create a n ingress using the following
+Once we have this we can now create an ingress using the following
 ```
 kubectl -n httpd create ingress httpd --class nginx --rule httpd.dev.leonnunes.com/"*"=httpd:80
 ```
@ -771,7 +771,7 @@ Hypertext Transfer Protocol
    [Response in frame: 6]
 ```
-The above output shows the information that the `httpd` pod recieves. The `curl` command sends the host header, `Host: httpd.dev.leonnunes.com`, to the nginx controller, that then matches the rule and sends the information to the right controller
+The above output shows the information that the `httpd` pod receives. The `curl` command sends the host header, `Host: httpd.dev.leonnunes.com`, to the nginx controller, that then matches the rule and sends the information to the right controller
 The following output shows what is sent via the laptop.
 ```
--- a/build/run-ingress-controller.sh
+++ b/build/run-ingress-controller.sh
@ -49,7 +49,7 @@ fi
 SSL_VOLUME=$(mktemp -d)
 function cleanup {
-    echo -e "${BGREEN}Stoping kubectl proxy${NC}"
+    echo -e "${BGREEN}Stopping kubectl proxy${NC}"
    rm -rf "${SSL_VOLUME}"
    kill "$proxy_pid"
 }
--- a/changelog/controller-1.11.0.md
+++ b/changelog/controller-1.11.0.md
@ -94,7 +94,7 @@ Images:
 * Chart: Improve IngressClass documentation. (#11104)
 * Chart: Deploy `PodDisruptionBudget` with KEDA. (#11032)
 * Undo #11062 since it breaks the nginx config (#11082)
-* [mTLS] Fix acme verfication when mTLS and Client CN verification is enabled (#11062)
+* [mTLS] Fix acme verification when mTLS and Client CN verification is enabled (#11062)
 * golangci-lint update, ci cleanup, group dependabot updates (#11071)
 * bump golang (#11070)
 * feature(leader_election): flag to disable leader election feature on controller (#11064)
--- a/changelog/controller-1.6.4.md
+++ b/changelog/controller-1.6.4.md
@ -83,7 +83,7 @@ Images:
 * ModSecurity dependencies update to avoid Memory Leaks (#9330)
 * fix(hpa): deprecated api version, bump to v2 (#9348)
 * fix(typo): pluralize provider (#9346)
-* removed deprecation messsage for ingressClass annotation (#9357)
+* removed deprecation message for ingressClass annotation (#9357)
 * added ginkgo junit reports (#9350)
 * Fix typos found by codespell (#9353)
 * bumped ginkgo to v2.5.1 in testrunner (#9340)
--- a/changelog/controller-1.7.1.md
+++ b/changelog/controller-1.7.1.md
@ -15,7 +15,7 @@ Images:
 * Add support for --container flag (#9703)
 * Fix typo in OpenTelemetry (#9903)
 * ensure make lua-test runs locally (#9902)
-* update k8s.io dependecies to v0.26.4 (#9893)
+* update k8s.io dependencies to v0.26.4 (#9893)
 * Adding resource type to default HPA configuration to resolve issues with Terraform helm chart usage (#9803)
 * I have not been able to fulfill my maintainer responsibilities for a while already, making it official now. (#9883)
 * Update k8s versions (#9879)
--- a/changelog/controller-1.8.0.md
+++ b/changelog/controller-1.8.0.md
@ -39,7 +39,7 @@ on our new [ingress-nginx-dev mailing list](https://groups.google.com/a/kubernet
 * Correct annotations in monitoring docs (#9976)
 * fix: avoid builds and tests for changes to markdown (#9962)
 * Validate path types (#9967)
-* HPA: Use capabilites & align manifests. (#9521)
+* HPA: Use capabilities & align manifests. (#9521)
 * Use dl.k8s.io instead of hardcoded GCS URIs (#9946)
 * add option for annotations in PodDisruptionBudget (#9843)
 * chore: update httpbin to httpbun (#9919)
--- a/changelog/controller-1.9.0-beta.0.md
+++ b/changelog/controller-1.9.0-beta.0.md
@ -26,7 +26,7 @@ Images:
 * Add golangci github action and replace the deprecated golint (#10187)
 * BUGFIX incorrect indentation (#10254)
 * Upgrade OpenTelemetry to v1.11.0 and gRPC to v1.57.0 (#10352)
-* fix: path with sepecial characters warning #10281 #10308 (#10330)
+* fix: path with special characters warning #10281 #10308 (#10330)
 * Fix golangci-lint errors (#10196)
 * chore(build): Fix Run make dev-env syntax error (#10294)
 * Add firewall configuration to quick start documentation (#10357)
--- a/changelog/controller-1.9.0.md
+++ b/changelog/controller-1.9.0.md
@ -26,7 +26,7 @@ Images:
 * Add golangci github action and replace the deprecated golint (#10187)
 * BUGFIX incorrect indentation (#10254)
 * Upgrade OpenTelemetry to v1.11.0 and gRPC to v1.57.0 (#10352)
-* fix: path with sepecial characters warning #10281 #10308 (#10330)
+* fix: path with special characters warning #10281 #10308 (#10330)
 * Fix golangci-lint errors (#10196)
 * chore(build): Fix Run make dev-env syntax error (#10294)
 * Add firewall configuration to quick start documentation (#10357)
--- a/charts/ingress-nginx/changelog/helm-chart-4.1.2.md
+++ b/charts/ingress-nginx/changelog/helm-chart-4.1.2.md
@ -5,7 +5,7 @@ This file documents all notable changes to [ingress-nginx](https://github.com/ku
 ### 4.1.2
 * [8587](https://github.com/kubernetes/ingress-nginx/pull/8587) Add CAP_SYS_CHROOT to DS/PSP when needed
-* [8458](https://github.com/kubernetes/ingress-nginx/pull/8458) Add portNamePreffix Helm chart parameter
+* [8458](https://github.com/kubernetes/ingress-nginx/pull/8458) Add portNamePrefix Helm chart parameter
 * [8522](https://github.com/kubernetes/ingress-nginx/pull/8522) Add documentation for controller.service.loadBalancerIP in Helm chart
 **Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.1.0...helm-chart-4.1.2
--- a/charts/ingress-nginx/changelog/helm-chart-4.7.0.md
+++ b/charts/ingress-nginx/changelog/helm-chart-4.7.0.md
@ -6,7 +6,7 @@ This file documents all notable changes to [ingress-nginx](https://github.com/ku
 * helm: Fix opentelemetry module installation for daemonset (#9792)
 * Update charts/* to keep project name display aligned (#9931)
-* HPA: Use capabilites & align manifests. (#9521)
+* HPA: Use capabilities & align manifests. (#9521)
 * PodDisruptionBudget spec logic update (#9904)
 * add option for annotations in PodDisruptionBudget (#9843)
 * Update Ingress-Nginx version controller-v1.8.0
--- a/cmd/plugin/request/request.go
+++ b/cmd/plugin/request/request.go
@ -131,7 +131,7 @@ func GetIngressDefinitions(flags *genericclioptions.ConfigFlags, namespace strin
 	return pods.Items, nil
 }
-// GetNumEndpoints counts the number of endpointslices adresses for the service with the given name
+// GetNumEndpoints counts the number of endpointslices addresses for the service with the given name
 func GetNumEndpoints(flags *genericclioptions.ConfigFlags, namespace, serviceName string) (*int, error) {
 	epss, err := GetEndpointSlicesByName(flags, namespace, serviceName)
 	if err != nil {
--- a/docs/e2e-tests.md
+++ b/docs/e2e-tests.md
@ -291,7 +291,7 @@ Do not try to edit it manually.
 ### [[Shutdown] Grace period shutdown](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/gracefulshutdown/grace_period.go#L32)
 - [/healthz should return status code 500 during shutdown grace period](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/gracefulshutdown/grace_period.go#L35)
 ### [[Shutdown] ingress controller](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/gracefulshutdown/shutdown.go#L30)
- [should shutdown in less than 60 secons without pending connections](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/gracefulshutdown/shutdown.go#L40)
+- [should shutdown in less than 60 seconds without pending connections](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/gracefulshutdown/shutdown.go#L40)
 ### [[Shutdown] Graceful shutdown with pending request](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/gracefulshutdown/slow_requests.go#L25)
 - [should let slow requests finish before shutting down](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/gracefulshutdown/slow_requests.go#L33)
 ### [[Ingress] DeepInspection](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/ingress/deep_inspection.go#L27)
--- a/docs/examples/index.md
+++ b/docs/examples/index.md
@ -23,7 +23,7 @@ Customization | [External authentication with response header propagation](custo
 Customization | [Sysctl tuning](customization/sysctl/README.md) | TODO | TODO
 Features | [Rewrite](rewrite/README.md) | TODO | TODO
 Features | [Session stickiness](affinity/cookie/README.md) | route requests consistently to the same endpoint | Advanced
-Features | [Canary Deployments](canary/README.md) | weighted canary routing to a seperate deployment | Intermediate
+Features | [Canary Deployments](canary/README.md) | weighted canary routing to a separate deployment | Intermediate
 Scaling | [Static IP](static-ip/README.md) | a single ingress gets a single static IP |  Intermediate
 TLS | [Multi TLS certificate termination](multi-tls/README.md) | TODO | TODO
 TLS | [TLS termination](tls-termination/README.md) | TODO | TODO
--- a/docs/examples/openpolicyagent/README.md
+++ b/docs/examples/openpolicyagent/README.md
@ -19,7 +19,7 @@ It is recommended that the admin modifies this rules to enforce a specific set o
 is allowed, or in ways that best suits their needs.
 First, the `ConstraintTemplate` from [template.yaml](template.yaml) will define a rule that validates if the Ingress object
-is being created on an excempted namespace, and case not, will validate its pathType.
+is being created on an exempted namespace, and case not, will validate its pathType.
 Then, the rule `K8sBlockIngressPathType` contained in [rule.yaml](rule.yaml) will define the parameters: what kind of
-object should be verified (Ingress), what are the excempted namespaces, and what kinds of pathType are blocked.
+object should be verified (Ingress), what are the exempted namespaces, and what kinds of pathType are blocked.
--- a/docs/examples/openpolicyagent/template.yaml
+++ b/docs/examples/openpolicyagent/template.yaml
@ -31,8 +31,8 @@ spec:
        violation[{"msg": msg}] {
          input.review.kind.kind == "Ingress"
          ns := input.review.object.metadata.namespace
-          excemptNS := [good | excempts = input.parameters.namespacesExceptions[_] ; good = excempts == ns]
+          exemptNS := [good | exempts = input.parameters.namespacesExceptions[_] ; good = exempts == ns]
-          not any(excemptNS)
+          not any(exemptNS)
          pathType := object.get(input.review.object.spec.rules[_].http.paths[_], "pathType", "")
          blockedPath := [blocked | blockedTypes = input.parameters.blockedTypes[_] ; blocked = blockedTypes == pathType]
          any(blockedPath)
--- a/docs/user-guide/third-party-addons/opentelemetry.md
+++ b/docs/user-guide/third-party-addons/opentelemetry.md
@ -190,7 +190,7 @@ To install the example and collectors run:
    helm repo add open-telemetry https://open-telemetry.github.io/opentelemetry-helm-charts
    helm repo add grafana https://grafana.github.io/helm-charts
    helm repo update
-    # deply cert-manager needed for OpenTelemetry collector operator
+    # deploy cert-manager needed for OpenTelemetry collector operator
    kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.9.1/cert-manager.yaml
    # create observability namespace
    kubectl apply -f https://raw.githubusercontent.com/esigo/nginx-example/main/observability/namespace.yaml
--- a/images/kube-webhook-certgen/rootfs/pkg/k8s/k8s_test.go
+++ b/images/kube-webhook-certgen/rootfs/pkg/k8s/k8s_test.go
@ -186,7 +186,7 @@ func Test_Patching_objects(t *testing.T) {
 		})
 		// This is to preserve old behavior and log format, it could be improved.
-		t.Run("diffent_non_empty_names_are_specified_for_validating_and_mutating_webhook", func(t *testing.T) {
+		t.Run("different_non_empty_names_are_specified_for_validating_and_mutating_webhook", func(t *testing.T) {
 			t.Parallel()
 			k := testK8sWithUnpatchedObjects()
--- a/internal/admission/controller/server.go
+++ b/internal/admission/controller/server.go
@ -47,7 +47,7 @@ type AdmissionControllerServer struct {
 	AdmissionController AdmissionController
 }
-// NewAdmissionControllerServer instanciates an admission controller server with
+// NewAdmissionControllerServer instantiates an admission controller server with
 // a default codec
 func NewAdmissionControllerServer(ac AdmissionController) *AdmissionControllerServer {
 	return &AdmissionControllerServer{
--- a/internal/ingress/annotations/loadbalancing/main.go
+++ b/internal/ingress/annotations/loadbalancing/main.go
@ -23,22 +23,22 @@ import (
 	"k8s.io/ingress-nginx/internal/ingress/resolver"
 )
-// LB Alghorithms are defined in https://github.com/kubernetes/ingress-nginx/blob/d3e75b056f77be54e01bdb18675f1bb46caece31/rootfs/etc/nginx/lua/balancer.lua#L28
+// LB Algorithms are defined in https://github.com/kubernetes/ingress-nginx/blob/d3e75b056f77be54e01bdb18675f1bb46caece31/rootfs/etc/nginx/lua/balancer.lua#L28
 const (
-	loadBalanceAlghoritmAnnotation = "load-balance"
+	loadBalanceAlgorithmAnnotation = "load-balance"
 )
-var loadBalanceAlghoritms = []string{"round_robin", "chash", "chashsubset", "sticky_balanced", "sticky_persistent", "ewma"}
+var loadBalanceAlgorithms = []string{"round_robin", "chash", "chashsubset", "sticky_balanced", "sticky_persistent", "ewma"}
 var loadBalanceAnnotations = parser.Annotation{
 	Group: "backend",
 	Annotations: parser.AnnotationFields{
-		loadBalanceAlghoritmAnnotation: {
+		loadBalanceAlgorithmAnnotation: {
-			Validator: parser.ValidateOptions(loadBalanceAlghoritms, true, true),
+			Validator: parser.ValidateOptions(loadBalanceAlgorithms, true, true),
 			Scope:     parser.AnnotationScopeLocation,
 			Risk:      parser.AnnotationRiskLow,
-			Documentation: `This annotation allows setting the load balancing alghorithm that should be used. If none is specified, defaults to 
+			Documentation: `This annotation allows setting the load balancing algorithm that should be used. If none is specified, defaults to
 			the default configured by Ingress admin, otherwise to round_robin`,
 		},
 	},
@ -61,7 +61,7 @@ func NewParser(r resolver.Resolver) parser.IngressAnnotation {
 // used to indicate if the location/s contains a fragment of
 // configuration to be included inside the paths of the rules
 func (a loadbalancing) Parse(ing *networking.Ingress) (interface{}, error) {
-	return parser.GetStringAnnotation(loadBalanceAlghoritmAnnotation, ing, a.annotationConfig.Annotations)
+	return parser.GetStringAnnotation(loadBalanceAlgorithmAnnotation, ing, a.annotationConfig.Annotations)
 }
 func (a loadbalancing) GetDocumentation() parser.AnnotationFields {
--- a/internal/ingress/annotations/mirror/main_test.go
+++ b/internal/ingress/annotations/mirror/main_test.go
@ -90,7 +90,7 @@ func TestParse(t *testing.T) {
 			Target:      "http://some.test.env.com:2121/$someparam=1&$someotherparam=2",
 			Host:        "some.test.env.com",
 		}},
-		{map[string]string{backendURL: "http://some.test.env.com", host: "someInvalidParm.%^&*()_=!@#'\""}, &Config{
+		{map[string]string{backendURL: "http://some.test.env.com", host: "someInvalidParam.%^&*()_=!@#'\""}, &Config{
 			Source:      ngxURI,
 			RequestBody: "on",
 			Target:      "http://some.test.env.com",
--- a/internal/ingress/annotations/serversnippet/main.go
+++ b/internal/ingress/annotations/serversnippet/main.go
@ -33,7 +33,7 @@ var serverSnippetAnnotations = parser.Annotation{
 		serverSnippetAnnotation: {
 			Validator:     parser.ValidateNull,
 			Scope:         parser.AnnotationScopeIngress,
-			Risk:          parser.AnnotationRiskCritical, // Critical, this annotation is not validated at all and allows arbitrary configutations
+			Risk:          parser.AnnotationRiskCritical, // Critical, this annotation is not validated at all and allows arbitrary configurations
 			Documentation: `This annotation allows setting a custom NGINX configuration on a server block. This annotation does not contain any validation and it's usage is not recommended!`,
 		},
 	},
--- a/internal/ingress/annotations/serviceupstream/main.go
+++ b/internal/ingress/annotations/serviceupstream/main.go
@ -34,7 +34,7 @@ var serviceUpstreamAnnotations = parser.Annotation{
 		serviceUpstreamAnnotation: {
 			Validator:     parser.ValidateBool,
 			Scope:         parser.AnnotationScopeIngress,
-			Risk:          parser.AnnotationRiskLow, // Critical, this annotation is not validated at all and allows arbitrary configutations
+			Risk:          parser.AnnotationRiskLow, // Critical, this annotation is not validated at all and allows arbitrary configurations
 			Documentation: `This annotation makes NGINX use Service's Cluster IP and Port instead of Endpoints as the backend endpoints`,
 		},
 	},
--- a/internal/ingress/annotations/snippet/main.go
+++ b/internal/ingress/annotations/snippet/main.go
@ -33,7 +33,7 @@ var configurationSnippetAnnotations = parser.Annotation{
 		configurationSnippetAnnotation: {
 			Validator:     parser.ValidateNull,
 			Scope:         parser.AnnotationScopeLocation,
-			Risk:          parser.AnnotationRiskCritical, // Critical, this annotation is not validated at all and allows arbitrary configutations
+			Risk:          parser.AnnotationRiskCritical, // Critical, this annotation is not validated at all and allows arbitrary configurations
 			Documentation: `This annotation allows setting a custom NGINX configuration on a location block. This annotation does not contain any validation and it's usage is not recommended!`,
 		},
 	},
--- a/internal/ingress/annotations/streamsnippet/main.go
+++ b/internal/ingress/annotations/streamsnippet/main.go
@ -33,7 +33,7 @@ var streamSnippetAnnotations = parser.Annotation{
 		streamSnippetAnnotation: {
 			Validator:     parser.ValidateNull,
 			Scope:         parser.AnnotationScopeIngress,
-			Risk:          parser.AnnotationRiskCritical, // Critical, this annotation is not validated at all and allows arbitrary configutations
+			Risk:          parser.AnnotationRiskCritical, // Critical, this annotation is not validated at all and allows arbitrary configurations
 			Documentation: `This annotation allows setting a custom NGINX configuration on a stream block. This annotation does not contain any validation and it's usage is not recommended!`,
 		},
 	},
--- a/internal/ingress/controller/config/config.go
+++ b/internal/ingress/controller/config/config.go
@ -119,7 +119,7 @@ type Configuration struct {
 	// By default this is disabled
 	AllowBackendServerHeader bool `json:"allow-backend-server-header"`
-	// AccessLogParams sets additionals params for access_log
+	// AccessLogParams sets additional params for access_log
 	// http://nginx.org/en/docs/http/ngx_http_log_module.html#access_log
 	// By default it's empty
 	AccessLogParams string `json:"access-log-params,omitempty"`
@ -418,7 +418,7 @@ type Configuration struct {
 	// Example '60s'
 	ProxyProtocolHeaderTimeout time.Duration `json:"proxy-protocol-header-timeout,omitempty"`
-	// Enables or disables the directive aio_write that writes files files asynchronously
+	// Enables or disables the directive aio_write that writes files asynchronously
 	// https://nginx.org/en/docs/http/ngx_http_core_module.html#aio_write
 	EnableAioWrite bool `json:"enable-aio-write,omitempty"`
@ -612,7 +612,7 @@ type Configuration struct {
 	// Default: 0.01
 	OtelSamplerRatio float32 `json:"otel-sampler-ratio"`
-	// OtelSamplerParentBased specifies the parent based sampler to be use for any traces created
+	// OtelSamplerParentBased specifies the parent based sampler to be used for any traces created
 	// Default: true
 	OtelSamplerParentBased bool `json:"otel-sampler-parent-based"`
@ -709,7 +709,7 @@ type Configuration struct {
 	DefaultSSLCertificate *ingress.SSLCert `json:"-"`
 	// ProxySSLLocationOnly controls whether the proxy-ssl parameters defined in the
-	// proxy-ssl-* annotations are applied on on location level only in the nginx.conf file
+	// proxy-ssl-* annotations are applied on location level only in the nginx.conf file
 	// Default is that those are applied on server level, too
 	ProxySSLLocationOnly bool `json:"proxy-ssl-location-only"`
--- a/internal/ingress/controller/endpointslices.go
+++ b/internal/ingress/controller/endpointslices.go
@ -115,7 +115,7 @@ func getEndpointsFromSlices(s *corev1.Service, port *corev1.ServicePort, proto c
 		useTopologyHints = false
 		if zoneForHints != emptyZone {
 			useTopologyHints = true
-			// check if all endpointslices has zone hints
+			// check if all endpointslices have zone hints
 			for _, ep := range eps.Endpoints {
 				if ep.Hints == nil || len(ep.Hints.ForZones) == 0 {
 					useTopologyHints = false
--- a/internal/ingress/controller/nginx_test.go
+++ b/internal/ingress/controller/nginx_test.go
@ -410,7 +410,7 @@ func TestCleanTempNginxCfg(t *testing.T) {
 	}
 }
-//nolint:unparam // Ingnore `network` always receives `"tcp"` error
+//nolint:unparam // Ignore `network` always receives `"tcp"` error
 func tryListen(network, address string) (l net.Listener, err error) {
 	condFunc := func() (bool, error) {
 		l, err = net.Listen(network, address)
--- a/internal/ingress/controller/store/endpointslice_test.go
+++ b/internal/ingress/controller/store/endpointslice_test.go
@ -88,7 +88,7 @@ func TestEndpointSliceLister(t *testing.T) {
 		}
 		eps, err := el.MatchByKey(key)
 		if err != nil {
-			t.Errorf("unexpeted error %v", err)
+			t.Errorf("unexpected error %v", err)
 		}
 		if err == nil && len(eps) != 1 {
 			t.Errorf("expected one slice %v, error, got %d slices", endpointSlice, len(eps))
@ -130,7 +130,7 @@ func TestEndpointSliceLister(t *testing.T) {
 		}
 		eps, err := el.MatchByKey(key)
 		if err != nil {
-			t.Errorf("unexpeted error %v", err)
+			t.Errorf("unexpected error %v", err)
 		}
 		if len(eps) != 1 {
 			t.Errorf("expected one slice %v, error, got %d slices", endpointSlice, len(eps))
--- a/internal/ingress/controller/store/store_test.go
+++ b/internal/ingress/controller/store/store_test.go
@ -1208,13 +1208,13 @@ func TestStore(t *testing.T) {
 			}
 		}(updateCh)
-		namesapceSelector, err := labels.Parse("foo=bar")
+		namespaceSelector, err := labels.Parse("foo=bar")
 		if err != nil {
 			t.Errorf("unexpected error: %v", err)
 		}
 		storer := New(
 			ns,
-			namesapceSelector,
+			namespaceSelector,
 			fmt.Sprintf("%v/config", ns),
 			fmt.Sprintf("%v/tcp", ns),
 			fmt.Sprintf("%v/udp", ns),
@ -1274,7 +1274,7 @@ func TestStore(t *testing.T) {
 			t.Errorf("expected 0 events of type Delete but %v occurred", del)
 		}
 	})
-	// test add ingress with secret it doesn't exists and then add secret
+	// test add ingress with secret it doesn't exist and then add secret
 	// check secret is generated on fs
 	// check ocsp
 	// check invalid secret (missing crt)
--- a/internal/ingress/controller/util.go
+++ b/internal/ingress/controller/util.go
@ -129,7 +129,7 @@ func NewNginxCommand() NginxCommand {
 	return command
 }
-// ExecCommand instanciates an exec.Cmd object to call nginx program
+// ExecCommand instantiates an exec.Cmd object to call nginx program
 func (nc NginxCommand) ExecCommand(args ...string) *exec.Cmd {
 	cmdArgs := []string{}
--- a/internal/ingress/metric/collectors/controller.go
+++ b/internal/ingress/metric/collectors/controller.go
@ -225,7 +225,7 @@ func (cm *Controller) IncCheckErrorCount(namespace, name string) {
 	cm.checkIngressOperationErrors.MustCurryWith(cm.constLabels).With(labels).Inc()
 }
-// IncOrphanIngress sets the the orphaned ingress gauge to one
+// IncOrphanIngress sets the orphaned ingress gauge to one
 func (cm *Controller) IncOrphanIngress(namespace, name, orphanityType string) {
 	labels := prometheus.Labels{
 		"namespace": namespace,
@ -235,7 +235,7 @@ func (cm *Controller) IncOrphanIngress(namespace, name, orphanityType string) {
 	cm.OrphanIngress.MustCurryWith(cm.constLabels).With(labels).Set(1.0)
 }
-// DecOrphanIngress sets the the orphaned ingress gauge to zero (all services has their endpoints)
+// DecOrphanIngress sets the orphaned ingress gauge to zero (all services has their endpoints)
 func (cm *Controller) DecOrphanIngress(namespace, name, orphanityType string) {
 	labels := prometheus.Labels{
 		"namespace": namespace,
@ -311,7 +311,7 @@ func (cm *Controller) SetSSLExpireTime(servers []*ingress.Server) {
 	}
 }
-// SetSSLInfo creates a metric with all certificates informations
+// SetSSLInfo creates a metric with all certificate information
 func (cm *Controller) SetSSLInfo(servers []*ingress.Server) {
 	for _, s := range servers {
 		if s.SSLCert == nil || s.SSLCert.Certificate == nil || s.SSLCert.Certificate.SerialNumber == nil {
--- a/internal/ingress/resolver/main.go
+++ b/internal/ingress/resolver/main.go
@ -29,10 +29,10 @@ type Resolver interface {
 	// GetSecurityConfiguration returns the configuration options from Ingress
 	GetSecurityConfiguration() defaults.SecurityConfiguration
-	// GetConfigMap searches for configmap containing the namespace and name usting the character /
+	// GetConfigMap searches for configmap containing the namespace and name using the character /
 	GetConfigMap(string) (*apiv1.ConfigMap, error)
-	// GetSecret searches for secrets containing the namespace and name using a the character /
+	// GetSecret searches for secrets containing the namespace and name using the character /
 	GetSecret(string) (*apiv1.Secret, error)
 	// GetAuthCertificate resolves a given secret name into an SSL certificate and CRL.
@ -42,7 +42,7 @@ type Resolver interface {
 	//   ca.crl: contains the revocation list used for authentication
 	GetAuthCertificate(string) (*AuthSSLCert, error)
-	// GetService searches for services containing the namespace and name using a the character /
+	// GetService searches for services containing the namespace and name using the character /
 	GetService(string) (*apiv1.Service, error)
 }
--- a/internal/ingress/resolver/mock.go
+++ b/internal/ingress/resolver/mock.go
@ -47,7 +47,7 @@ func (m Mock) GetSecurityConfiguration() defaults.SecurityConfiguration {
 	}
 }
-// GetSecret searches for secrets contenating the namespace and name using a the character /
+// GetSecret searches for secrets containing the namespace and name using the character /
 func (m Mock) GetSecret(string) (*apiv1.Secret, error) {
 	return nil, nil
 }
@ -60,12 +60,12 @@ func (m Mock) GetAuthCertificate(string) (*AuthSSLCert, error) {
 	return nil, nil
 }
-// GetService searches for services contenating the namespace and name using a the character /
+// GetService searches for services containing the namespace and name using the character /
 func (m Mock) GetService(string) (*apiv1.Service, error) {
 	return nil, nil
 }
-// GetConfigMap searches for configMaps contenating the namespace and name using a the character /
+// GetConfigMap searches for configMaps containing the namespace and name using the character /
 func (m Mock) GetConfigMap(name string) (*apiv1.ConfigMap, error) {
 	if v, ok := m.ConfigMaps[name]; ok {
 		return v, nil
--- a/internal/net/ssl/ssl.go
+++ b/internal/net/ssl/ssl.go
@ -442,7 +442,7 @@ func getFakeHostSSLCert(host string) (cert, key []byte) {
 // fullChainCert checks if a certificate file contains issues in the intermediate CA chain
 // Returns a new certificate with the intermediate certificates.
-// If the certificate does not contains issues with the chain it return an empty byte array
+// If the certificate does not contain issues with the chain it returns an empty byte array
 func fullChainCert(in []byte) ([]byte, error) {
 	cert, err := certUtil.DecodeCertificate(in)
 	if err != nil {
@ -523,7 +523,7 @@ func (tl *TLSListener) GetCertificate(*tls.ClientHelloInfo) (*tls.Certificate, e
 	return tl.certificate, tl.err
 }
-// TLSConfig instanciates a TLS configuration, always providing an up to date certificate
+// TLSConfig instantiates a TLS configuration, always providing an up to date certificate
 func (tl *TLSListener) TLSConfig() *tls.Config {
 	return &tls.Config{
 		GetCertificate: tl.GetCertificate,
--- a/pkg/apis/ingress/types.go
+++ b/pkg/apis/ingress/types.go
@ -198,10 +198,10 @@ type Server struct {
 	Aliases []string `json:"aliases,omitempty"`
 	// RedirectFromToWWW returns if a redirect to/from prefix www is required
 	RedirectFromToWWW bool `json:"redirectFromToWWW,omitempty"`
-	// CertificateAuth indicates the this server requires mutual authentication
+	// CertificateAuth indicates this server requires mutual authentication
 	// +optional
 	CertificateAuth authtls.Config `json:"certificateAuth"`
-	// ProxySSL indicates the this server uses client certificate to access backends
+	// ProxySSL indicates this server uses client certificate to access backends
 	// +optional
 	ProxySSL proxyssl.Config `json:"proxySSL"`
 	// ServerSnippet returns the snippet of server
@ -219,7 +219,7 @@ type Server struct {
 // Location describes an URI inside a server.
 // Also contains additional information about annotations in the Ingress.
 //
-// In some cases when more than one annotations is defined a particular order in the execution
+// In some cases when more than one annotation is defined a particular order in the execution
 // is required.
 // The chain in the execution order of annotations should be:
 // - Denylist
@ -342,7 +342,7 @@ type Location struct {
 	// CustomHTTPErrors specifies the error codes that should be intercepted.
 	// +optional
 	CustomHTTPErrors []int `json:"custom-http-errors"`
-	// ProxyInterceptErrors disables error intecepting when using CustomHTTPErrors
+	// ProxyInterceptErrors disables error interception when using CustomHTTPErrors
 	// e.g. custom 404 and 503 when service-a does not exist or is not available
 	// but service-a can return 404 and 503 error codes without intercept
 	// +optional
--- a/rootfs/etc/nginx/lua/test/balancer/sticky_test.lua
+++ b/rootfs/etc/nginx/lua/test/balancer/sticky_test.lua
@ -357,7 +357,7 @@ describe("Sticky", function()
        for _ = 1, 100 do
          local new_upstream = sticky_balancer_instance:balance()
          if change_on_failure == false then
-            -- upstream should be the same inspite of error, if change_on_failure option is false
+            -- upstream should be the same in spite of error, if change_on_failure option is false
            assert.equal(new_upstream, old_upstream)
          else
            -- upstream should change after error, if change_on_failure option is true
--- a/test/e2e/endpointslices/topology.go
+++ b/test/e2e/endpointslices/topology.go
@ -84,7 +84,7 @@ var _ = framework.IngressNginxDescribeSerial("[TopologyHints] topology aware rou
 		}
 		if gotHints {
-			// we have 2 replics, if there is just one backend it means that we are routing according slices hints to same zone as controller is
+			// we have 2 replicas, if there is just one backend it means that we are routing according slices hints to same zone as controller is
 			assert.Equal(ginkgo.GinkgoT(), 1, gotBackends)
 		} else {
 			// two replicas should have two endpoints without topology hints
--- a/test/e2e/framework/deployment.go
+++ b/test/e2e/framework/deployment.go
@ -43,7 +43,7 @@ const HTTPBunService = "httpbun"
 // NipService name of external service using nip.io
 const NIPService = "external-nip"
-// HTTPBunImage is the default image that is used to deploy HTTPBun with the framwork
+// HTTPBunImage is the default image that is used to deploy HTTPBun with the framework
 var HTTPBunImage = os.Getenv("HTTPBUN_IMAGE")
 // EchoImage is the default image to be used by the echo service
--- a/test/e2e/framework/framework.go
+++ b/test/e2e/framework/framework.go
@ -100,7 +100,7 @@ func NewDefaultFramework(baseName string, opts ...func(*Framework)) *Framework {
 }
 // NewSimpleFramework makes a new framework that allows the usage of a namespace
-// for arbitraty tests.
+// for arbitrary tests.
 func NewSimpleFramework(baseName string, opts ...func(*Framework)) *Framework {
 	defer ginkgo.GinkgoRecover()
--- a/test/e2e/gracefulshutdown/shutdown.go
+++ b/test/e2e/gracefulshutdown/shutdown.go
@ -37,7 +37,7 @@ var _ = framework.IngressNginxDescribe("[Shutdown] ingress controller", func() {
 		f.NewSlowEchoDeployment()
 	})
-	ginkgo.It("should shutdown in less than 60 secons without pending connections", func() {
+	ginkgo.It("should shutdown in less than 60 seconds without pending connections", func() {
 		f.EnsureIngress(framework.NewSingleIngress(host, "/", host, f.Namespace, framework.SlowEchoService, 80, nil))
 		f.WaitForNginxServer(host,
--- a/test/e2e/settings/global_external_auth.go
+++ b/test/e2e/settings/global_external_auth.go
@ -32,8 +32,8 @@ import (
 )
 const (
-	disable                = "false"
+	disable               = "false"
-	noAuthLocaltionSetting = "no-auth-locations"
+	noAuthLocationSetting = "no-auth-locations"
 )
 var _ = framework.DescribeSetting("[Security] global-auth-url", func() {
@ -51,7 +51,7 @@ var _ = framework.DescribeSetting("[Security] global-auth-url", func() {
 	fooPath := "/foo"
 	barPath := "/bar"
-	noAuthSetting := noAuthLocaltionSetting
+	noAuthSetting := noAuthLocationSetting
 	noAuthLocations := barPath
 	enableGlobalExternalAuthAnnotation := "nginx.ingress.kubernetes.io/enable-global-auth"
--- a/test/k6/loadtest.js
+++ b/test/k6/loadtest.js
@ -1,6 +1,6 @@
 // This is a loadtest under development
 // Test here is spec'd to have 100virtual-users
-// Other specs currently similar to smoktest
+// Other specs currently similar to smoketest
 // But loadtest needs testplan that likely uses auth & data-transfer
 import http from 'k6/http';
--- a/test/k6/smoketest.js
+++ b/test/k6/smoketest.js
@ -1,4 +1,4 @@
-// smotest.js edited after copy/pasting from https://k6.io docs
+// smoketest.js edited after copy/pasting from https://k6.io docs
 // Using this like loadtest because of limited cpu/memory/other
 import http from 'k6/http';
@ -22,7 +22,7 @@ export const options = {
 };
 export default function () {
-  // docs of k6 say this is how to adds host header
+  // docs of k6 say this is how to add host header
  // needed as ingress is created with this host value
  const params = {
    headers: {'host': 'test.ingress-nginx-controller.ga'},