DevFW-CICD/ingress-nginx-helm
16
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge branch 'main' into e2e-tests-regex-paths

Browse source
This commit is contained in:
Ricardo Katz 2024-08-22 19:24:05 -03:00 committed by GitHub
commit 4f236d3deb
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
814 changed files with 94452 additions and 75661 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
hack/verify-chart-lint.sh → .ct.yaml Executable file → Normal file
View file

@ -1,6 +1,4 @@
#!/bin/bash # Copyright 2024 The Kubernetes Authors.
# Copyright 2020 The Kubernetes Authors.
# #
# Licensed under the Apache License, Version 2.0 (the "License"); # Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License. # you may not use this file except in compliance with the License.
@ -13,12 +11,16 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and # See the License for the specific language governing permissions and
# limitations under the License. # limitations under the License.
---
remote: origin
target-branch: main
set -o errexit validate-maintainers: false
set -o nounset check-version-increment: false
set -o pipefail
KUBE_ROOT="$( cd "$(dirname "$0")../" >/dev/null 2>&1 ; pwd -P )" chart-repos:
# TODO: This is a temporary workaround while we don't update Helm Chart test - ingress-nginx=https://kubernetes.github.io/ingress-nginx
curl https://raw.githubusercontent.com/helm/chart-testing/v3.7.0/etc/chart_schema.yaml -o /tmp/chart_schema.yaml helm-extra-args: --timeout 800s
ct lint --charts ${KUBE_ROOT}/charts/ingress-nginx --validate-maintainers=false --chart-yaml-schema=/tmp/chart_schema.yaml
chart-dirs:
- charts

0
charts/ingress-nginx/changelog/.gitkeep → .gcloudignore
View file

4
.github/ISSUE_TEMPLATE/bug_report.md vendored
View file

@ -60,7 +60,7 @@ kubectl exec -it $POD_NAME -n $POD_NAMESPACE -- /nginx-ingress-controller --vers
- **How was the ingress-nginx-controller installed**: - **How was the ingress-nginx-controller installed**:
- If helm was used then please show output of `helm ls -A | grep -i ingress` - If helm was used then please show output of `helm ls -A | grep -i ingress`
- If helm was used then please show output of `helm -n <ingresscontrollernamepspace> get values <helmreleasename>` - If helm was used then please show output of `helm -n <ingresscontrollernamespace> get values <helmreleasename>`
- If helm was not used, then copy/paste the complete precise command used to install the controller, along with the flags and options used - If helm was not used, then copy/paste the complete precise command used to install the controller, along with the flags and options used
- if you have more than one instance of the ingress-nginx-controller installed in the same cluster, please provide details for all the instances - if you have more than one instance of the ingress-nginx-controller installed in the same cluster, please provide details for all the instances
@ -71,7 +71,7 @@ kubectl exec -it $POD_NAME -n $POD_NAMESPACE -- /nginx-ingress-controller --vers
- `kubectl -n <ingresscontrollernamespace> describe svc <ingresscontrollerservicename>` - `kubectl -n <ingresscontrollernamespace> describe svc <ingresscontrollerservicename>`
- **Current state of ingress object, if applicable**: - **Current state of ingress object, if applicable**:
- `kubectl -n <appnnamespace> get all,ing -o wide` - `kubectl -n <appnamespace> get all,ing -o wide`
- `kubectl -n <appnamespace> describe ing <ingressname>` - `kubectl -n <appnamespace> describe ing <ingressname>`
- If applicable, then, your complete and exact curl/grpcurl command (redacted if required) and the reponse to the curl/grpcurl command with the -v flag - If applicable, then, your complete and exact curl/grpcurl command (redacted if required) and the reponse to the curl/grpcurl command with the -v flag

3
.github/ISSUE_TEMPLATE/cve_report.md vendored
View file

@ -4,8 +4,9 @@ about: CVE reporting for ingress-nginx
title: '' title: ''
labels: kind/bug labels: kind/bug
assignees: assignees:
- strongjz - Gacko
- rikatz - rikatz
- strongjz
--- ---
<!-- if you found something that impacts directly ingress-nginx and <!-- if you found something that impacts directly ingress-nginx and

10
.github/ISSUE_TEMPLATE/feature_request.md vendored
View file

@ -7,16 +7,6 @@ assignees: ''
--- ---
<!--
With the situation in place today, we think (and decided) that it's time to temporarily pause accepting new features and focus on fixing and stabilizing Ingress NGINX. We understand that some people may need to merge a trivial new feature. Still, we are asking the community to understand that maintaining the project at this pace is becoming hard for the project maintainers. We understand that you waited too long with your PR in the queue, and we are sorry! But it's hard for us as well to keep the project stable.
More details are available here https://youtu.be/UBt4N82ymOE and here https://kubernetes.slack.com/archives/CANQGM8BA/p1656020331133589.
The announcement in the dev mailing list is here https://groups.google.com/a/kubernetes.io/g/dev/c/rxtrKvT_Q8E
Thank you,
Ingress-Nginx maintainer
-->
<!-- What do you want to happen? --> <!-- What do you want to happen? -->
<!-- Is there currently another issue associated with this? --> <!-- Is there currently another issue associated with this? -->

34
.github/PULL_REQUEST_TEMPLATE.md vendored
View file

@ -1,5 +1,6 @@
<!--- Provide a general summary of your changes in the Title above ---> <!--- Provide a general summary of your changes in the Title above --->
<!--- Please don't @-mention people in PR or commit messages (do so in an additional comment). ---> <!--- Please don't @-mention people in PR or commit messages (do so in an additional comment). --->
<!--- Please make sure you title is descriptive, it is used in the Release notes to let others know what it does --->
## What this PR does / why we need it: ## What this PR does / why we need it:
<!--- Why is this change required? What problem does it solve? --> <!--- Why is this change required? What problem does it solve? -->
@ -33,36 +34,3 @@ fixes #
- [ ] I've read the [CONTRIBUTION](https://github.com/kubernetes/ingress-nginx/blob/main/CONTRIBUTING.md) guide - [ ] I've read the [CONTRIBUTION](https://github.com/kubernetes/ingress-nginx/blob/main/CONTRIBUTING.md) guide
- [ ] I have added unit and/or e2e tests to cover my changes. - [ ] I have added unit and/or e2e tests to cover my changes.
- [ ] All new and existing tests passed. - [ ] All new and existing tests passed.
- [ ] Added Release Notes.
## Does my pull request need a release note?
Any user-visible or operator-visible change qualifies for a release note. This could be a:
- CLI change
- API change
- UI change
- configuration schema change
- behavioral change
- change in non-functional attributes such as efficiency or availability, availability of a new platform
- a warning about a deprecation
- fix of a previous Known Issue
- fix of a vulnerability (CVE)
No release notes are required for changes to the following:
- Tests
- Build infrastructure
- Fixes for unreleased bugs
For more tips on writing good release notes, check out the [Release Notes Handbook](https://github.com/kubernetes/sig-release/tree/master/release-team/role-handbooks/release-notes)
<!--
If no, just write "NONE" in the release-note block below.
If yes, a release note is required:
Enter your extended release note in the block below. If the PR requires additional action from users switching to the new release, include the string "action required".
For more information on release notes see: https://git.k8s.io/community/contributors/guide/release-notes.md
-->
```release-note
PLACE RELEASE NOTES HERE
```

4
.github/actions/mkdocs/Dockerfile vendored
View file

@ -1,6 +1,4 @@
FROM squidfunk/mkdocs-material:6.2.4 FROM squidfunk/mkdocs-material:9.4.5
RUN pip install mkdocs-awesome-pages-plugin
COPY action.sh /action.sh COPY action.sh /action.sh

2
.github/actions/mkdocs/action.sh vendored
View file

@ -16,7 +16,7 @@
set -e set -e
REQUIREMENTS="${GITHUB_WORKSPACE}/requirements.txt" REQUIREMENTS="${GITHUB_WORKSPACE}/docs/requirements.txt"
if [ -f "${REQUIREMENTS}" ]; then if [ -f "${REQUIREMENTS}" ]; then
pip install -r "${REQUIREMENTS}" pip install -r "${REQUIREMENTS}"

22
.github/dependabot.yml vendored
View file

@ -9,6 +9,10 @@ updates:
- "area/dependency" - "area/dependency"
- "release-note-none" - "release-note-none"
- "ok-to-test" - "ok-to-test"
groups:
all:
update-types:
- "patch"
- package-ecosystem: "github-actions" - package-ecosystem: "github-actions"
directory: "/" directory: "/"
schedule: schedule:
@ -17,3 +21,21 @@ updates:
- "area/dependency" - "area/dependency"
- "release-note-none" - "release-note-none"
- "ok-to-test" - "ok-to-test"
groups:
all:
update-types:
- "minor"
- "patch"
- package-ecosystem: "docker"
directory: "/images"
schedule:
interval: "weekly"
labels:
- "area/dependency"
- "release-note-none"
- "ok-to-test"
groups:
actions:
update-types:
- "minor"
- "patch"

441
.github/workflows/ci.yaml vendored
View file

@ -7,13 +7,19 @@ on:
paths-ignore: paths-ignore:
- 'docs/**' - 'docs/**'
- 'deploy/**' - 'deploy/**'
- '**.md'
- 'images/**' # Images changes should be tested on their own workflow
- '!images/nginx-1.25/**'
push: push:
branches: branches:
- main - main
- release-*
paths-ignore: paths-ignore:
- 'docs/**' - 'docs/**'
- 'deploy/**' - 'deploy/**'
- '**.md'
- 'images/**' # Images changes should be tested on their own workflow
workflow_dispatch: workflow_dispatch:
inputs: inputs:
@ -22,6 +28,7 @@ on:
required: false required: false
type: boolean type: boolean
permissions: permissions:
contents: read contents: read
@ -35,13 +42,14 @@ jobs:
outputs: outputs:
go: ${{ steps.filter.outputs.go }} go: ${{ steps.filter.outputs.go }}
charts: ${{ steps.filter.outputs.charts }} charts: ${{ steps.filter.outputs.charts }}
baseimage: ${{ steps.filter.outputs.baseimage }}
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1 - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
id: filter id: filter
with: with:
token: ${{ secrets.GITHUB_TOKEN }} token: ${{ secrets.GITHUB_TOKEN }}
@ -58,104 +66,88 @@ jobs:
- 'charts/ingress-nginx/Chart.yaml' - 'charts/ingress-nginx/Chart.yaml'
- 'charts/ingress-nginx/**/*' - 'charts/ingress-nginx/**/*'
- 'NGINX_BASE' - 'NGINX_BASE'
baseimage:
- 'NGINX_BASE'
security: - 'images/nginx-1.25/**'
runs-on: ubuntu-latest docs:
steps: - '**/*.md'
- name: Checkout
uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0
- name: Run Gosec Security Scanner
uses: securego/gosec@1af1d5bb49259b62e45c505db397dd2ada5d74f8 # v2.14.0
with:
# G601 for zz_generated.deepcopy.go
# G306 TODO: Expect WriteFile permissions to be 0600 or less
# G307 TODO: Deferring unsafe method "Close"
args: -exclude=G109,G601,G104,G204,G304,G306,G307 -tests=false -exclude-dir=test -exclude-dir=images/ -exclude-dir=docs/ ./...
lint:
runs-on: ubuntu-latest
needs: changes
if: |
(needs.changes.outputs.go == 'true')
steps:
- name: Checkout
uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0
- name: Set up Go
id: go
uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
with:
go-version: '1.19'
check-latest: true
- name: Run Lint
run: ./hack/verify-golint.sh
gofmt:
runs-on: ubuntu-latest
needs: changes
if: |
(needs.changes.outputs.go == 'true')
steps:
- name: Checkout
uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0
- name: Set up Go
id: go
uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
with:
go-version: '1.19'
check-latest: true
- name: Run go-fmt
run: ./hack/verify-gofmt.sh
test-go: test-go:
runs-on: ubuntu-latest runs-on: ubuntu-latest
needs: changes needs: changes
if: | if: |
(needs.changes.outputs.go == 'true') (needs.changes.outputs.go == 'true') || ${{ github.event.workflow_dispatch.run_e2e == 'true' }}
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Get go version
run: echo "GOLANG_VERSION=$(cat GOLANG_VERSION)" >> $GITHUB_ENV
- name: Set up Go - name: Set up Go
id: go id: go
uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
with: with:
go-version: '1.19' go-version: ${{ env.GOLANG_VERSION }}
check-latest: true check-latest: true
- name: Run test - name: Run test
run: make test run: make test
verify-docs:
name: Verify Doc generation
runs-on: ubuntu-latest
needs: changes
if: |
(needs.changes.outputs.go == 'true') || (needs.changes.outputs.docs == 'true') || ${{ github.event.workflow_dispatch.run_e2e == 'true' }}
steps:
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Get go version
run: echo "GOLANG_VERSION=$(cat GOLANG_VERSION)" >> $GITHUB_ENV
- name: Set up Go
id: go
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
with:
go-version: ${{ env.GOLANG_VERSION }}
check-latest: true
- name: Verify Docs
run: make verify-docs
build: build:
name: Build name: Build
runs-on: ubuntu-latest runs-on: ubuntu-latest
needs: changes needs: changes
outputs:
golangversion: ${{ steps.golangversion.outputs.version }}
if: | if: |
(needs.changes.outputs.go == 'true') || (needs.changes.outputs.charts == 'true') || ${{ inputs.run_e2e }} (needs.changes.outputs.go == 'true') || (needs.changes.outputs.charts == 'true') || (needs.changes.outputs.baseimage == 'true') || ${{ github.event.workflow_dispatch.run_e2e == 'true' }}
env:
PLATFORMS: linux/amd64
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Get go version
id: golangversion
run: |
echo "version=$(cat GOLANG_VERSION)" >> "$GITHUB_OUTPUT"
- name: Set up Go - name: Set up Go
id: go id: go
uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
with: with:
go-version: '1.19' go-version: ${{ steps.golangversion.outputs.version }}
check-latest: true check-latest: true
- name: Set up QEMU - name: Set up QEMU
uses: docker/setup-qemu-action@e81a89b1732b9c48d79cd809d8d81d79c4647a18 # v2.1.0 uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0
- name: Set up Docker Buildx - name: Set up Docker Buildx
id: buildx id: buildx
uses: docker/setup-buildx-action@8c0edbc76e98fa90f69d9a2c020dcb50019dc325 # v2.2.1 uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1
with: with:
version: latest version: latest
@ -164,12 +156,17 @@ jobs:
- name: Prepare Host - name: Prepare Host
run: | run: |
sudo apt-get -qq update || true curl -LO https://dl.k8s.io/release/v1.27.3/bin/linux/amd64/kubectl
sudo apt-get install -y pigz
curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.25.5/bin/linux/amd64/kubectl
chmod +x ./kubectl chmod +x ./kubectl
sudo mv ./kubectl /usr/local/bin/kubectl sudo mv ./kubectl /usr/local/bin/kubectl
- name: Build NGINX Base image
if: |
needs.changes.outputs.baseimage == 'true'
run: |
export TAG=$(cat images/nginx-1.25/TAG)
cd images/nginx-1.25/rootfs && docker buildx build --platform=${{ env.PLATFORMS }} --load -t registry.k8s.io/ingress-nginx/nginx-1.25:${TAG} .
- name: Build images - name: Build images
env: env:
TAG: 1.0.0-dev TAG: 1.0.0-dev
@ -177,7 +174,8 @@ jobs:
REGISTRY: ingress-controller REGISTRY: ingress-controller
run: | run: |
echo "building images..." echo "building images..."
make clean-image build image image-chroot export TAGNGINX=$(cat images/nginx-1.25/TAG)
make BASE_IMAGE=registry.k8s.io/ingress-nginx/nginx-1.25:${TAGNGINX} clean-image build image image-chroot
make -C test/e2e-image image make -C test/e2e-image image
echo "creating images cache..." echo "creating images cache..."
@ -185,45 +183,49 @@ jobs:
nginx-ingress-controller:e2e \ nginx-ingress-controller:e2e \
ingress-controller/controller:1.0.0-dev \ ingress-controller/controller:1.0.0-dev \
ingress-controller/controller-chroot:1.0.0-dev \ ingress-controller/controller-chroot:1.0.0-dev \
| pigz > docker.tar.gz | gzip > docker.tar.gz
- name: cache - name: cache
uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb # v3.1.1 uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6
with: with:
name: docker.tar.gz name: docker.tar.gz
path: docker.tar.gz path: docker.tar.gz
retention-days: 5
helm: helm-lint:
name: Helm chart name: Helm chart lint
runs-on: ubuntu-latest runs-on: ubuntu-latest
needs: needs:
- changes - changes
- build
if: | if: |
(needs.changes.outputs.charts == 'true') || ${{ inputs.run_e2e }} (needs.changes.outputs.charts == 'true') || (needs.changes.outputs.baseimage == 'true') || ${{ github.event.workflow_dispatch.run_e2e == 'true' }}
strategy:
matrix:
k8s: [v1.23.13, v1.24.7, v1.25.3, v1.26.0]
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Setup Go
uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
with: with:
go-version: '1.19' fetch-depth: 0
check-latest: true
- name: cache - name: Set up Helm
uses: actions/download-artifact@9782bd6a9848b53b110e712e20e42d89988822b7 # v3.0.1 uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0
- uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # v5.1.1
with: with:
name: docker.tar.gz python-version: '3.x'
- name: Lint - name: Set up chart-testing
uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1
- name: Install Helm Unit Test Plugin
run: | run: |
./build/run-in-docker.sh ./hack/verify-chart-lint.sh helm plugin install https://github.com/helm-unittest/helm-unittest
- name: Run Helm Unit Tests
run: |
helm unittest charts/ingress-nginx -d
- name: Run chart-testing (lint)
run: ct lint --config ./.ct.yaml
- name: Run helm-docs - name: Run helm-docs
run: | run: |
@ -244,6 +246,35 @@ jobs:
./ah lint -p charts/ingress-nginx || exit 1 ./ah lint -p charts/ingress-nginx || exit 1
rm -f ./ah ./ah_1.5.0_linux_amd64.tar.gz rm -f ./ah ./ah_1.5.0_linux_amd64.tar.gz
helm-test:
name: Helm chart testing
runs-on: ubuntu-latest
needs:
- changes
- build
- helm-lint
if: |
(needs.changes.outputs.charts == 'true') || (needs.changes.outputs.baseimage == 'true') || ${{ github.event.workflow_dispatch.run_e2e == 'true' }}
strategy:
matrix:
k8s: [v1.26.15, v1.27.13, v1.28.9, v1.29.4, v1.30.0]
steps:
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Setup Go
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
with:
go-version: ${{ needs.build.outputs.golangversion }}
check-latest: true
- name: cache
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: docker.tar.gz
- name: fix permissions - name: fix permissions
run: | run: |
sudo mkdir -p $HOME/.kube sudo mkdir -p $HOME/.kube
@ -254,241 +285,61 @@ jobs:
run: | run: |
kind create cluster --image=kindest/node:${{ matrix.k8s }} kind create cluster --image=kindest/node:${{ matrix.k8s }}
- uses: geekyeggo/delete-artifact@54ab544f12cdb7b71613a16a2b5a37a9ade990af # v2.0.0
with:
name: docker.tar.gz
failOnError: false
- name: Load images from cache - name: Load images from cache
run: | run: |
echo "loading docker images..." echo "loading docker images..."
pigz -dc docker.tar.gz | docker load gzip -dc docker.tar.gz | docker load
- name: Test - name: Test
env: env:
KIND_CLUSTER_NAME: kind KIND_CLUSTER_NAME: kind
SKIP_CLUSTER_CREATION: true SKIP_CLUSTER_CREATION: true
SKIP_IMAGE_CREATION: true SKIP_IMAGE_CREATION: true
SKIP_INGRESS_IMAGE_CREATION: true
run: | run: |
kind get kubeconfig > $HOME/.kube/kind-config-kind kind get kubeconfig > $HOME/.kube/kind-config-kind
make kind-e2e-chart-tests make kind-e2e-chart-tests
kubernetes: kubernetes:
name: Kubernetes name: Kubernetes
runs-on: ubuntu-latest
needs: needs:
- changes - changes
- build - build
if: | if: |
(needs.changes.outputs.go == 'true') || ${{ inputs.run_e2e }} (needs.changes.outputs.go == 'true') || (needs.changes.outputs.baseimage == 'true') || ${{ github.event.workflow_dispatch.run_e2e == 'true' }}
strategy: strategy:
matrix: matrix:
k8s: [v1.23.13, v1.24.7, v1.25.3, v1.26.0] k8s: [v1.26.15, v1.27.13, v1.28.9, v1.29.4, v1.30.0]
uses: ./.github/workflows/zz-tmpl-k8s-e2e.yaml
steps:
- name: Checkout
uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0
- name: cache
uses: actions/download-artifact@9782bd6a9848b53b110e712e20e42d89988822b7 # v3.0.1
with: with:
name: docker.tar.gz k8s-version: ${{ matrix.k8s }}
- name: Create Kubernetes ${{ matrix.k8s }} cluster kubernetes-validations:
id: kind name: Kubernetes with Validations
run: | needs:
kind create cluster --image=kindest/node:${{ matrix.k8s }} --config test/e2e/kind.yaml - changes
- build
- uses: geekyeggo/delete-artifact@54ab544f12cdb7b71613a16a2b5a37a9ade990af # v2.0.0 if: |
(needs.changes.outputs.go == 'true') || (needs.changes.outputs.baseimage == 'true') || ${{ github.event.workflow_dispatch.run_e2e == 'true' }}
strategy:
matrix:
k8s: [v1.26.15, v1.27.13, v1.28.9, v1.29.4, v1.30.0]
uses: ./.github/workflows/zz-tmpl-k8s-e2e.yaml
with: with:
name: docker.tar.gz k8s-version: ${{ matrix.k8s }}
failOnError: false variation: "VALIDATIONS"
- name: Load images from cache
run: |
echo "loading docker images..."
pigz -dc docker.tar.gz | docker load
- name: Run e2e tests
env:
KIND_CLUSTER_NAME: kind
SKIP_CLUSTER_CREATION: true
SKIP_IMAGE_CREATION: true
run: |
kind get kubeconfig > $HOME/.kube/kind-config-kind
make kind-e2e-test
- name: Uplaod e2e junit-reports
uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb # v3.1.1
if: success() || failure()
with:
name: e2e-test-reports-${{ matrix.k8s }}
path: 'test/junitreports/report*.xml'
kubernetes-chroot: kubernetes-chroot:
name: Kubernetes chroot name: Kubernetes chroot
runs-on: ubuntu-latest
needs: needs:
- changes - changes
- build - build
if: | if: |
(needs.changes.outputs.go == 'true') || ${{ inputs.run_e2e }} (needs.changes.outputs.go == 'true') || (needs.changes.outputs.baseimage == 'true') || ${{ github.event.workflow_dispatch.run_e2e == 'true' }}
strategy: strategy:
matrix: matrix:
k8s: [v1.23.13, v1.24.7, v1.25.3, v1.26.0] k8s: [v1.26.15, v1.27.13, v1.28.9, v1.29.4, v1.30.0]
uses: ./.github/workflows/zz-tmpl-k8s-e2e.yaml
steps:
- name: Checkout
uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0
- name: cache
uses: actions/download-artifact@9782bd6a9848b53b110e712e20e42d89988822b7 # v3.0.1
with: with:
name: docker.tar.gz k8s-version: ${{ matrix.k8s }}
variation: "CHROOT"
- name: Create Kubernetes ${{ matrix.k8s }} cluster
id: kind
run: |
kind create cluster --image=kindest/node:${{ matrix.k8s }} --config test/e2e/kind.yaml
- uses: geekyeggo/delete-artifact@54ab544f12cdb7b71613a16a2b5a37a9ade990af # v2.0.0
with:
name: docker.tar.gz
failOnError: false
- name: Load images from cache
run: |
echo "loading docker images..."
pigz -dc docker.tar.gz | docker load
- name: Run e2e tests
env:
KIND_CLUSTER_NAME: kind
SKIP_CLUSTER_CREATION: true
SKIP_IMAGE_CREATION: true
IS_CHROOT: true
run: |
kind get kubeconfig > $HOME/.kube/kind-config-kind
make kind-e2e-test
- name: Uplaod e2e junit-reports
uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb # v3.1.1
if: success() || failure()
with:
name: e2e-test-reports-chroot-${{ matrix.k8s }}
path: 'test/junitreports/report*.xml'
test-image-build:
permissions:
contents: read # for dorny/paths-filter to fetch a list of changed files
pull-requests: read # for dorny/paths-filter to read pull requests
runs-on: ubuntu-latest
env:
PLATFORMS: linux/amd64,linux/arm64
steps:
- name: Checkout
uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0
- uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1
id: filter-images
with:
token: ${{ secrets.GITHUB_TOKEN }}
filters: |
custom-error-pages:
- 'images/custom-error-pages/**'
cfssl:
- 'images/cfssl/**'
fastcgi-helloserver:
- 'images/fastcgi-helloserver/**'
echo:
- 'images/echo/**'
go-grpc-greeter-server:
- 'images/go-grpc-greeter-server/**'
httpbin:
- 'images/httpbin/**'
kube-webhook-certgen:
- 'images/kube-webhook-certgen/**'
ext-auth-example-authsvc:
- 'images/ext-auth-example-authsvc/**'
- name: custom-error-pages image build
if: ${{ steps.filter-images.outputs.custom-error-pages == 'true' }}
run: |
cd images/custom-error-pages && make build
- name: cfssl image build
if: ${{ steps.filter-images.outputs.cfssl == 'true' }}
run: |
cd images/cfssl && make build
- name: fastcgi-helloserver
if: ${{ steps.filter-images.outputs.fastcgi-helloserver == 'true' }}
run: |
cd images/fastcgi-helloserver && make build
- name: echo image build
if: ${{ steps.filter-images.outputs.echo == 'true' }}
run: |
cd images/echo && make build
- name: go-grpc-greeter-server image build
if: ${{ steps.filter-images.outputs.go-grpc-greeter-server == 'true' }}
run: |
cd images/go-grpc-greeter-server && make build
- name: httpbin image build
if: ${{ steps.filter-images.outputs.httpbin == 'true' }}
run: |
cd images/httpbin && make build
- name: kube-webhook-certgen image build
if: ${{ steps.filter-images.outputs.kube-webhook-certgen == 'true' }}
run: |
cd images/kube-webhook-certgen && make build
- name: ext-auth-example-authsvc
if: ${{ steps.filter-images.outputs.ext-auth-example-authsvc == 'true' }}
run: |
cd images/ext-auth-example-authsvc && make build
test-image:
permissions:
contents: read # for dorny/paths-filter to fetch a list of changed files
pull-requests: read # for dorny/paths-filter to read pull requests
runs-on: ubuntu-latest
env:
PLATFORMS: linux/amd64
strategy:
matrix:
k8s: [v1.23.13, v1.24.7, v1.25.3, v1.26.0]
steps:
- name: Checkout
uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0
- uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1
id: filter-images
with:
token: ${{ secrets.GITHUB_TOKEN }}
filters: |
kube-webhook-certgen:
- 'images/kube-webhook-certgen/**'
- name: Create Kubernetes cluster
id: kind
if: ${{ steps.filter-images.outputs.kube-webhook-certgen == 'true' }}
run: |
kind create cluster --image=kindest/node:${{ matrix.k8s }}
- name: Set up Go
id: go
if: ${{ steps.filter-images.outputs.kube-webhook-certgen == 'true' }}
uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
with:
go-version: '1.19'
check-latest: true
- name: kube-webhook-certgen image build
if: ${{ steps.filter-images.outputs.kube-webhook-certgen == 'true' }}
run: |
cd images/kube-webhook-certgen && make test test-e2e

4
.github/workflows/depreview.yaml vendored
View file

@ -9,6 +9,6 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: 'Checkout Repository' - name: 'Checkout Repository'
uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: 'Dependency Review' - name: 'Dependency Review'
uses: actions/dependency-review-action@0ff3da6f81b812d4ec3cf37a04e2308c7a723730 # v3.0.2 uses: actions/dependency-review-action@5a2ce3f5b92ee19cbb1541a4984c76d921601d7c # v4.3.4

6
.github/workflows/docs.yaml vendored
View file

@ -23,9 +23,9 @@ jobs:
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1 - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
id: filter id: filter
with: with:
token: ${{ secrets.GITHUB_TOKEN }} token: ${{ secrets.GITHUB_TOKEN }}
@ -47,7 +47,7 @@ jobs:
steps: steps:
- name: Checkout master - name: Checkout master
uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Deploy - name: Deploy
uses: ./.github/actions/mkdocs uses: ./.github/actions/mkdocs

33
.github/workflows/golangci-lint.yml vendored Normal file
View file

@ -0,0 +1,33 @@
name: golangci-lint
on:
pull_request:
paths:
- '**/*.go'
- '.github/workflows/golangci-lint.yml'
permissions:
contents: read
jobs:
golangci:
name: lint
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Get go version
run: echo "GOLANG_VERSION=$(cat GOLANG_VERSION)" >> $GITHUB_ENV
- name: Set up Go
id: go
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
with:
go-version: ${{ env.GOLANG_VERSION }}
check-latest: true
- name: golangci-lint
uses: golangci/golangci-lint-action@aaa42aa0628b4ae2578232a66b541047968fac86 # v6.1.0
with:
version: v1.56

42
.github/workflows/helm.yaml vendored
View file

@ -4,6 +4,9 @@ on:
push: push:
branches: branches:
- main - main
- release-*
workflow_dispatch:
permissions: permissions:
contents: read contents: read
@ -11,21 +14,36 @@ permissions:
jobs: jobs:
changes: changes:
runs-on: ubuntu-latest
permissions: permissions:
contents: read # for dorny/paths-filter to fetch a list of changed files contents: read # for dorny/paths-filter to fetch a list of changed files
pull-requests: read # for dorny/paths-filter to read pull requests
runs-on: ubuntu-latest if: github.repository == 'kubernetes/ingress-nginx'
if: |
(github.repository == 'kubernetes/ingress-nginx')
outputs: outputs:
docs: ${{ steps.filter.outputs.docs }} docs: ${{ steps.filter.outputs.docs }}
charts: ${{ steps.filter.outputs.charts }} charts: ${{ steps.filter.outputs.charts }}
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1 - name: Run Artifact Hub lint
run: |
wget https://github.com/artifacthub/hub/releases/download/v1.5.0/ah_1.5.0_linux_amd64.tar.gz
echo 'ad0e44c6ea058ab6b85dbf582e88bad9fdbc64ded0d1dd4edbac65133e5c87da *ah_1.5.0_linux_amd64.tar.gz' | shasum -c
tar -xzvf ah_1.5.0_linux_amd64.tar.gz ah
./ah lint -p charts/ingress-nginx || exit 1
rm -f ./ah ./ah_1.5.0_linux_amd64.tar.gz
- name: Set up chart-testing
uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1
- name: Run chart-testing (lint)
run: ct lint --target-branch ${{ github.ref_name }} --config ./.ct.yaml
- uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
id: filter id: filter
with: with:
token: ${{ secrets.GITHUB_TOKEN }} token: ${{ secrets.GITHUB_TOKEN }}
@ -43,16 +61,16 @@ jobs:
needs: needs:
- changes - changes
if: |
(github.repository == 'kubernetes/ingress-nginx') && if: ${{ needs.changes.outputs.charts == 'true' }}
(needs.changes.outputs.charts == 'true')
steps: steps:
- name: Checkout master - name: Checkout master
uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with: with:
# Fetch entire history. Required for chart-releaser; see https://github.com/helm/chart-releaser-action/issues/13#issuecomment-602063896 # Fetch entire history. Required for chart-releaser; see https://github.com/helm/chart-releaser-action/issues/13#issuecomment-602063896
fetch-depth: 0 fetch-depth: 0
ref: ${{ github.ref_name }}
- name: Setup - name: Setup
shell: bash shell: bash
@ -61,9 +79,9 @@ jobs:
git config --global user.email "$GITHUB_ACTOR@users.noreply.github.com" git config --global user.email "$GITHUB_ACTOR@users.noreply.github.com"
- name: Helm Chart Releaser - name: Helm Chart Releaser
uses: helm/chart-releaser-action@98bccfd32b0f76149d188912ac8e45ddd3f8695f # v1.4.1 uses: helm/chart-releaser-action@a917fd15b20e8b64b94d9158ad54cd6345335584 # v1.6.0
env: env:
CR_SKIP_EXISTING: "false" CR_SKIP_EXISTING: true
CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
CR_RELEASE_NAME_TEMPLATE: "helm-chart-{{ .Version }}" CR_RELEASE_NAME_TEMPLATE: "helm-chart-{{ .Version }}"
with: with:

215
.github/workflows/images.yaml vendored Normal file
View file

@ -0,0 +1,215 @@
name: Container Images
on:
pull_request:
branches:
- "*"
paths:
- 'images/**'
push:
branches:
- main
paths:
- 'images/**'
permissions:
contents: write
packages: write
env:
PLATFORMS: linux/amd64
jobs:
changes:
permissions:
contents: read # for dorny/paths-filter to fetch a list of changed files
pull-requests: read # for dorny/paths-filter to read pull requests
runs-on: ubuntu-latest
outputs:
custom-error-pages: ${{ steps.filter.outputs.custom-error-pages }}
cfssl: ${{ steps.filter.outputs.cfssl }}
fastcgi-helloserver: ${{ steps.filter.outputs.fastcgi-helloserver }}
e2e-test-echo: ${{ steps.filter.outputs.e2e-test-echo }}
go-grpc-greeter-server: ${{ steps.filter.outputs.go-grpc-greeter-server }}
httpbun: ${{ steps.filter.outputs.httpbun }}
kube-webhook-certgen: ${{ steps.filter.outputs.kube-webhook-certgen }}
ext-auth-example-authsvc: ${{ steps.filter.outputs.ext-auth-example-authsvc }}
nginx: ${{ steps.filter.outputs.nginx }}
nginx125: ${{ steps.filter.outputs.nginx125 }}
opentelemetry: ${{ steps.filter.outputs.opentelemetry }}
steps:
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
id: filter
with:
token: ${{ secrets.GITHUB_TOKEN }}
filters: |
custom-error-pages:
- 'images/custom-error-pages/**'
cfssl:
- 'images/cfssl/**'
fastcgi-helloserver:
- 'images/fastcgi-helloserver/**'
e2e-test-echo:
- 'images/e2e-test-echo/**'
go-grpc-greeter-server:
- 'images/go-grpc-greeter-server/**'
httpbun:
- 'images/httpbun/**'
kube-webhook-certgen:
- 'images/kube-webhook-certgen/**'
ext-auth-example-authsvc:
- 'images/ext-auth-example-authsvc/**'
nginx:
- 'images/nginx/**'
opentelemetry:
- 'images/opentelemetry/**'
nginx125:
- 'images/nginx-1.25/TAG'
#### TODO: Make the below jobs 'less dumb' and use the job name as parameter (the github.job context does not work here)
cfssl:
needs: changes
if: |
(needs.changes.outputs.cfssl == 'true')
uses: ./.github/workflows/zz-tmpl-images.yaml
with:
name: cfssl
secrets: inherit
custom-error-pages:
needs: changes
if: |
(needs.changes.outputs.custom-error-pages == 'true')
uses: ./.github/workflows/zz-tmpl-images.yaml
with:
name: custom-error-pages
secrets: inherit
e2e-test-echo:
needs: changes
if: |
(needs.changes.outputs.e2e-test-echo == 'true')
uses: ./.github/workflows/zz-tmpl-images.yaml
with:
name: e2e-test-echo
secrets: inherit
ext-auth-example-authsvc:
needs: changes
if: |
(needs.changes.outputs.ext-auth-example-authsvc == 'true')
uses: ./.github/workflows/zz-tmpl-images.yaml
with:
name: ext-auth-example-authsvc
secrets: inherit
fastcgi-helloserver:
needs: changes
if: |
(needs.changes.outputs.fastcgi-helloserver == 'true')
uses: ./.github/workflows/zz-tmpl-images.yaml
with:
name: fastcgi-helloserver
secrets: inherit
go-grpc-greeter-server:
needs: changes
if: |
(needs.changes.outputs.go-grpc-greeter-server == 'true')
uses: ./.github/workflows/zz-tmpl-images.yaml
with:
name: go-grpc-greeter-server
secrets: inherit
httpbun:
needs: changes
if: |
(needs.changes.outputs.httpbun == 'true')
uses: ./.github/workflows/zz-tmpl-images.yaml
with:
name: httpbun
secrets: inherit
kube-webhook-certgen:
runs-on: ubuntu-latest
needs: changes
if: |
(needs.changes.outputs.kube-webhook-certgen == 'true')
strategy:
matrix:
k8s: [v1.26.15, v1.27.13, v1.28.9, v1.29.4, v1.30.0]
steps:
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Get go version
run: echo "GOLANG_VERSION=$(cat GOLANG_VERSION)" >> $GITHUB_ENV
- name: Set up Go
id: go
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
with:
go-version: ${{ env.GOLANG_VERSION }}
check-latest: true
- name: image build
run: |
cd images/ && make NAME=kube-webhook-certgen build
- name: Create Kubernetes cluster
id: kind
run: |
kind create cluster --image=kindest/node:${{ matrix.k8s }}
- name: image test
run: |
cd images/ && make NAME=kube-webhook-certgen test test-e2e
opentelemetry:
runs-on: ubuntu-latest
env:
PLATFORMS: linux/amd64,linux/arm,linux/arm64
needs: changes
if: |
(needs.changes.outputs.opentelemetry == 'true')
strategy:
matrix:
nginx: ['1.25.3', '1.21.6']
steps:
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: image build
run: |
cd images/opentelemetry && make NGINX_VERSION=${{ matrix.nginx }} build
nginx125:
permissions:
contents: write
packages: write
runs-on: ubuntu-latest
needs: changes
if: |
(github.event_name == 'push' && github.ref == 'refs/heads/main' && needs.changes.outputs.nginx125 == 'true')
env:
PLATFORMS: linux/amd64,linux/arm,linux/arm64,linux/s390x
steps:
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Set up QEMU
uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1
with:
version: latest
platforms: ${{ env.PLATFORMS }}
- name: Login to GitHub Container Registry
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: build-image
run: |
export TAG=$(cat images/nginx-1.25/TAG)
cd images/nginx-1.25/rootfs && docker buildx build --platform=${{ env.PLATFORMS }} --push -t ingressnginx/nginx-1.25:${TAG} .

3
.github/workflows/junit-reports.yaml vendored
View file

@ -9,9 +9,10 @@ jobs:
report: report:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: dorny/test-reporter@c9b3d0e2bd2a4e96aaf424dbaa31c46b42318226 # v1.6.0 - uses: dorny/test-reporter@31a54ee7ebcacc03a09ea97a7e5465a47b84aea5 # v1.9.1
with: with:
artifact: /e2e-test-reports-(.*)/ artifact: /e2e-test-reports-(.*)/
name: JEST Tests $1 # Name of the check run which will be created name: JEST Tests $1 # Name of the check run which will be created
path: 'report*.xml' # Path to test results (inside artifact .zip) path: 'report*.xml' # Path to test results (inside artifact .zip)
reporter: jest-junit # Format of test results reporter: jest-junit # Format of test results
fail-on-empty: 'true'

2
.github/workflows/perftest.yaml vendored
View file

@ -19,7 +19,7 @@ jobs:
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Install K6 - name: Install K6
run: | run: |

37
.github/workflows/plugin.yaml vendored
View file

@ -1,13 +1,8 @@
name: kubectl plugin name: kubectl plugin
on: on:
push: release:
branches: types: [published]
- "main"
paths:
- "cmd/plugin/**"
tags:
- "v*"
permissions: permissions:
contents: write # for goreleaser/goreleaser-action contents: write # for goreleaser/goreleaser-action
@ -17,25 +12,39 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with: with:
fetch-depth: 0 fetch-depth: 0
- name: Get go version
run: echo "GOLANG_VERSION=$(cat GOLANG_VERSION)" >> $GITHUB_ENV
- name: Set up Go - name: Set up Go
uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
with: with:
go-version: 1.19 go-version: ${{ env.GOLANG_VERSION }}
check-latest: true check-latest: true
- name: Run GoReleaser - name: Run GoReleaser Snapshot
uses: goreleaser/goreleaser-action@8f67e590f2d095516493f017008adc464e63adb1 # v4.1.0 if: ${{ ! startsWith(github.ref, 'refs/tags/') }}
uses: goreleaser/goreleaser-action@286f3b13b1b49da4ac219696163fb8c1c93e1200 # v6.0.0
with: with:
version: latest version: latest
args: release --rm-dist args: release --snapshot --clean
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Run GoReleaser
if: ${{ startsWith(github.ref, 'refs/tags/') }}
uses: goreleaser/goreleaser-action@286f3b13b1b49da4ac219696163fb8c1c93e1200 # v6.0.0
with:
version: latest
args: release --clean
env: env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Update new version in krew-index - name: Update new version in krew-index
uses: rajatjindal/krew-release-bot@92da038bbf995803124a8e50ebd438b2f37bbbb0 # v0.0.43 if: ${{ startsWith(github.ref, 'refs/tags/') }}
uses: rajatjindal/krew-release-bot@df3eb197549e3568be8b4767eec31c5e8e8e6ad8 # v0.0.46
with: with:
krew_template_file: cmd/plugin/krew.yaml krew_template_file: cmd/plugin/krew.yaml

2
.github/workflows/project.yml vendored
View file

@ -13,7 +13,7 @@ jobs:
repository-projects: write repository-projects: write
issues: write issues: write
steps: steps:
- uses: actions/add-to-project@960fbad431afda394cfcf8743445e741acd19e85 # v0.4.0 - uses: actions/add-to-project@244f685bbc3b7adfa8466e08b698b5577571133e # v1.0.2
with: with:
project-url: https://github.com/orgs/kubernetes/projects/104 project-url: https://github.com/orgs/kubernetes/projects/104
github-token: ${{ secrets.PROJECT_WRITER }} github-token: ${{ secrets.PROJECT_WRITER }}

8
.github/workflows/scorecards.yml vendored
View file

@ -27,12 +27,12 @@ jobs:
steps: steps:
- name: "Checkout code" - name: "Checkout code"
uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with: with:
persist-credentials: false persist-credentials: false
- name: "Run analysis" - name: "Run analysis"
uses: ossf/scorecard-action@e38b1902ae4f44df626f11ba0734b14fb91f8f86 # v2.1.2 uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0
with: with:
results_file: results.sarif results_file: results.sarif
results_format: sarif results_format: sarif
@ -51,7 +51,7 @@ jobs:
# Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
# format to the repository Actions tab. # format to the repository Actions tab.
- name: "Upload artifact" - name: "Upload artifact"
uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb # v3.1.1 uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6
with: with:
name: SARIF file name: SARIF file
path: results.sarif path: results.sarif
@ -59,6 +59,6 @@ jobs:
# Upload the results to GitHub's code scanning dashboard. # Upload the results to GitHub's code scanning dashboard.
- name: "Upload to code-scanning" - name: "Upload to code-scanning"
uses: github/codeql-action/upload-sarif@896079047b4bb059ba6f150a5d87d47dde99e6e5 # v2.1.37 uses: github/codeql-action/upload-sarif@429e1977040da7a23b6822b13c129cd1ba93dbb2 # v3.26.2
with: with:
sarif_file: results.sarif sarif_file: results.sarif

6
.github/workflows/stale.yaml vendored
View file

@ -13,10 +13,10 @@ jobs:
pull-requests: write pull-requests: write
steps: steps:
- uses: actions/stale@6f05e4244c9a0b2ed3401882b05d701dd0a7289b # v7.0.0 - uses: actions/stale@28ca1036281a5e5922ead5184a1bbf96e5fc984e # v9.0.0
with: with:
stale-issue-message: 'This is stale, but we won't close it automatically, just bare in mind the maintainers may be busy with other tasks and will reach your issue ASAP. If you have any question or request to prioritize this, please reach `#ingress-nginx-dev` on Kubernetes Slack.' stale-issue-message: "This is stale, but we won't close it automatically, just bare in mind the maintainers may be busy with other tasks and will reach your issue ASAP. If you have any question or request to prioritize this, please reach `#ingress-nginx-dev` on Kubernetes Slack."
stale-pr-message: 'This is stale, but we won't close it automatically, just bare in mind the maintainers may be busy with other tasks and will reach your issue ASAP. If you have any question or request to prioritize this, please reach `#ingress-nginx-dev` on Kubernetes Slack.' stale-pr-message: "This is stale, but we won't close it automatically, just bare in mind the maintainers may be busy with other tasks and will reach your issue ASAP. If you have any question or request to prioritize this, please reach `#ingress-nginx-dev` on Kubernetes Slack."
stale-issue-label: lifecycle/frozen stale-issue-label: lifecycle/frozen
stale-pr-label: lifecycle/frozen stale-pr-label: lifecycle/frozen
days-before-issue-stale: 30 days-before-issue-stale: 30

10
.github/workflows/vulnerability-scans.yaml vendored
View file

@ -22,7 +22,7 @@ jobs:
versions: ${{ steps.version.outputs.TAGS }} versions: ${{ steps.version.outputs.TAGS }}
steps: steps:
- name: Checkout code - name: Checkout code
uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with: with:
fetch-depth: 0 fetch-depth: 0
@ -42,7 +42,7 @@ jobs:
echo "${SHORT_TAGS[0]},${SHORT_TAGS[1]},${SHORT_TAGS[2]}" echo "${SHORT_TAGS[0]},${SHORT_TAGS[1]},${SHORT_TAGS[2]}"
TAGS_JSON="[\"${SHORT_TAGS[0]}\",\"${SHORT_TAGS[1]}\",\"${SHORT_TAGS[2]}\"]" TAGS_JSON="[\"${SHORT_TAGS[0]}\",\"${SHORT_TAGS[1]}\",\"${SHORT_TAGS[2]}\"]"
echo "${TAGS_JSON}" echo "${TAGS_JSON}"
echo "::set-output name=TAGS::${TAGS_JSON}" echo "TAGS=${TAGS_JSON}" >> $GITHUB_OUTPUT
scan: scan:
runs-on: ubuntu-latest runs-on: ubuntu-latest
@ -52,7 +52,7 @@ jobs:
versions: ${{ fromJSON(needs.version.outputs.versions) }} versions: ${{ fromJSON(needs.version.outputs.versions) }}
steps: steps:
- name: Checkout code - name: Checkout code
uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- shell: bash - shell: bash
id: test id: test
@ -60,7 +60,7 @@ jobs:
- name: Scan image with AquaSec/Trivy - name: Scan image with AquaSec/Trivy
id: scan id: scan
uses: aquasecurity/trivy-action@9ab158e8597f3b310480b9a69402b419bc03dbd5 # v0.8.0 uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 # v0.24.0
with: with:
image-ref: registry.k8s.io/ingress-nginx/controller:${{ matrix.versions }} image-ref: registry.k8s.io/ingress-nginx/controller:${{ matrix.versions }}
format: 'sarif' format: 'sarif'
@ -75,7 +75,7 @@ jobs:
# This step checks out a copy of your repository. # This step checks out a copy of your repository.
- name: Upload SARIF file - name: Upload SARIF file
uses: github/codeql-action/upload-sarif@896079047b4bb059ba6f150a5d87d47dde99e6e5 # v2.1.37 uses: github/codeql-action/upload-sarif@429e1977040da7a23b6822b13c129cd1ba93dbb2 # v3.26.2
with: with:
token: ${{ github.token }} token: ${{ github.token }}
# Path to SARIF file relative to the root of the repository # Path to SARIF file relative to the root of the repository

81
.github/workflows/zz-tmpl-images.yaml vendored Normal file
View file

@ -0,0 +1,81 @@
#### THIS IS A TEMPLATE ####
# This workflow is created to be a template for every time an e2e teest is required,
on:
workflow_call:
inputs:
name:
required: true
type: string
platforms-test:
type: string
default: linux/amd64
platforms-publish:
type: string
default: linux/amd64
env:
PLATFORMS: ${{ inputs.platforms-test }}
permissions:
contents: write
packages: write
jobs:
changestag:
permissions:
contents: read # for dorny/paths-filter to fetch a list of changed files
runs-on: ubuntu-latest
outputs:
tag: ${{ steps.filter.outputs.tag }}
steps:
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
id: filter
with:
token: ${{ secrets.GITHUB_TOKEN }}
filters: |
tag:
- 'images/**/TAG'
image-build:
name: Build
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Build
run: |
cd images/ && make NAME=${{ inputs.name }} build
image-push:
name: Push
needs: changestag
if: |
(github.event_name == 'push' && github.ref == 'refs/heads/main' && github.repository == 'kubernetes/ingress-nginx' && needs.changestag.outputs.tag == 'true')
runs-on: ubuntu-latest
permissions:
contents: write
packages: write
env:
PLATFORMS: ${{ inputs.platforms-publish }}
steps:
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Login to GitHub Container Registry
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Push
run: |
cd images/ && make REGISTRY=ingressnginx NAME=${{ inputs.name }} push

58
.github/workflows/zz-tmpl-k8s-e2e.yaml vendored Normal file
View file

@ -0,0 +1,58 @@
#### THIS IS A TEMPLATE ####
# This workflow is created to be a template for every time an e2e teest is required,
on:
workflow_call:
inputs:
k8s-version:
required: true
type: string
variation:
type: string
permissions:
contents: read
jobs:
kubernetes:
name: Kubernetes ${{ inputs.variation }}
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: cache
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: docker.tar.gz
- name: Create Kubernetes ${{ inputs.k8s-version }} cluster
id: kind
run: |
kind create cluster --image=kindest/node:${{ inputs.k8s-version }} --config test/e2e/kind.yaml
- name: Load images from cache
run: |
echo "loading docker images..."
gzip -dc docker.tar.gz | docker load
- name: Run e2e tests ${{ inputs.variation }}
env:
KIND_CLUSTER_NAME: kind
SKIP_CLUSTER_CREATION: true
SKIP_INGRESS_IMAGE_CREATION: true
SKIP_E2E_IMAGE_CREATION: true
ENABLE_VALIDATIONS: ${{ inputs.variation == 'VALIDATIONS' }}
IS_CHROOT: ${{ inputs.variation == 'CHROOT' }}
run: |
kind get kubeconfig > $HOME/.kube/kind-config-kind
make kind-e2e-test
- name: Upload e2e junit-reports ${{ inputs.variation }}
uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6
if: success() || failure()
with:
name: e2e-test-reports-${{ inputs.k8s-version }}${{ inputs.variation }}
path: 'test/junitreports/report*.xml'

2
.gitignore vendored
View file

@ -60,3 +60,5 @@ cmd/plugin/release/ingress-nginx.yaml
cmd/plugin/release/*.tar.gz cmd/plugin/release/*.tar.gz
cmd/plugin/release/LICENSE cmd/plugin/release/LICENSE
tmp/ tmp/
test/junitreports/
tests/__snapshot__

239
.golangci.yml Normal file
View file

@ -0,0 +1,239 @@
run:
timeout: 10m
allow-parallel-runners: true
# Maximum issues count per one linter. Set to 0 to disable. Default is 50.
max-issues-per-linter: 0
# Maximum count of issues with the same text. Set to 0 to disable. Default is 3.
max-same-issues: 0
linters:
disable-all: true
enable:
- asasalint
- asciicheck
- bidichk
- bodyclose
- contextcheck
- decorder
- dogsled
- dupl
- durationcheck
- errcheck
- errchkjson
- errname
- execinquery
- ginkgolinter
- gocheckcompilerdirectives
- goconst
- gocritic
- gocyclo
- godox
- gofmt
- gofumpt
- goheader
- goimports
- gomoddirectives
- gomodguard
- goprintffuncname
- gosec
- gosimple
- govet
- grouper
- importas
- ineffassign
- loggercheck
- makezero
- misspell
- musttag
- nakedret
- nolintlint
- nosprintfhostport
- prealloc
- predeclared
- promlinter
- reassign
- revive
- rowserrcheck
- sqlclosecheck
- staticcheck
- stylecheck
- tenv
- testableexamples
- typecheck
- unconvert
- unparam
- unused
- usestdlibvars
- whitespace
# - containedctx
# - cyclop
# - dupword
# - errorlint
# - exhaustive
# - exhaustruct
# - exportloopref
# - forbidigo
# - forcetypeassert
# - funlen
# - gci
# - gochecknoglobals
# - gochecknoinits
# - gocognit
# - godot
# - goerr113
# - gomnd
# - interfacebloat
# - ireturn
# - lll
# - maintidx
# - nestif
# - nilerr
# - nilnil
# - nlreturn
# - noctx
# - nonamedreturns
# - paralleltest
# - tagliatelle
# - testpackage
# - thelper
# - tparallel
# - varnamelen
# - wastedassign
# - wrapcheck
# - wsl
linters-settings:
gocyclo:
min-complexity: 40
godox:
keywords:
- BUG
- FIXME
- HACK
errcheck:
check-type-assertions: true
check-blank: true
gocritic:
enabled-checks:
# Diagnostic
- appendAssign
- argOrder
- badCall
- badCond
- badLock
- badRegexp
- badSorting
- builtinShadowDecl
- caseOrder
- codegenComment
- commentedOutCode
- deferInLoop
- deprecatedComment
- dupArg
- dupBranchBody
- dupCase
- dupSubExpr
- dynamicFmtString
- emptyDecl
- evalOrder
- exitAfterDefer
- externalErrorReassign
- filepathJoin
- flagDeref
- flagName
- mapKey
- nilValReturn
- offBy1
- regexpPattern
- returnAfterHttpError
- sloppyReassign
- sloppyTypeAssert
- sortSlice
- sprintfQuotedString
- sqlQuery
- syncMapLoadAndDelete
- truncateCmp
- unnecessaryDefer
- weakCond
# Performance
- appendCombine
- equalFold
- hugeParam
- indexAlloc
- preferDecodeRune
- preferFprint
- preferStringWriter
- preferWriteByte
- rangeExprCopy
- rangeValCopy
- sliceClear
- stringXbytes
# Style
- assignOp
- boolExprSimplify
- captLocal
- commentFormatting
- commentedOutImport
- defaultCaseOrder
- deferUnlambda
- docStub
- dupImport
- elseif
- emptyFallthrough
- emptyStringTest
- exposedSyncMutex
- hexLiteral
- httpNoBody
- ifElseChain
- methodExprCall
- newDeref
- octalLiteral
- preferFilepathJoin
- redundantSprint
- regexpMust
- regexpSimplify
- ruleguard
- singleCaseSwitch
- sloppyLen
- stringConcatSimplify
- stringsCompare
- switchTrue
- timeExprSimplify
- tooManyResultsChecker
- typeAssertChain
- typeDefFirst
- typeSwitchVar
- underef
- unlabelStmt
- unlambda
- unslice
- valSwap
- whyNoLint
- wrapperFunc
- yodaStyleExpr
# Opinionated
- builtinShadow
- importShadow
- initClause
- nestingReduce
- paramTypeCombine
- ptrToRefParam
- typeUnparen
- unnamedResult
- unnecessaryBlock
nolintlint:
# Enable to ensure that nolint directives are all used. Default is true.
allow-unused: false
# Disable to ensure that nolint directives don't have a leading space. Default is true.
# TODO(lint): Enforce machine-readable `nolint` directives
allow-leading-space: true
# Exclude following linters from requiring an explanation. Default is [].
allow-no-explanation: []
# Enable to require an explanation of nonzero length after each nolint directive. Default is false.
# TODO(lint): Enforce explanations for `nolint` directives
require-explanation: false
# Enable to require nolint directives to mention the specific linter being suppressed. Default is false.
require-specific: true

15
Changelog.md.gotmpl
View file

@ -1,15 +0,0 @@
# Changelog
### {{ .Version }}
Images:
{{ with .ControllerImages }}
{{ range . }} * {{ .Registry }}/{{ .Name }}:{{ .Tag}}@{{ .Digest }}
{{ end }} {{ end }}
### All Changes:
{{ with .Updates }}
{{ range . }}* {{ . }}
{{ end }}{{ end }}
### Dependencies updates: {{ with .DepUpdates }}
{{ range . }}* {{ . }}
{{ end }} {{ end }}
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-{{ .PreviousControllerVersion }}...controller-{{ .NewControllerVersion }}

1
GOLANG_VERSION Normal file
View file

@ -0,0 +1 @@
1.22.6

39
Makefile
View file

@ -29,9 +29,14 @@ SHELL=/bin/bash -o pipefail -o errexit
# Use the 0.0 tag for testing, it shouldn't clobber any release builds # Use the 0.0 tag for testing, it shouldn't clobber any release builds
TAG ?= $(shell cat TAG) TAG ?= $(shell cat TAG)
# The env below is called GO_VERSION and not GOLANG_VERSION because
# the gcb image we use to build already defines GOLANG_VERSION and is a
# really old version
GO_VERSION ?= $(shell cat GOLANG_VERSION)
# e2e settings # e2e settings
# Allow limiting the scope of the e2e tests. By default run everything # Allow limiting the scope of the e2e tests. By default run everything
FOCUS ?= .* FOCUS ?=
# number of parallel test # number of parallel test
E2E_NODES ?= 7 E2E_NODES ?= 7
# run e2e test suite with tests that check for memory leaks? (default is false) # run e2e test suite with tests that check for memory leaks? (default is false)
@ -68,7 +73,6 @@ image: clean-image ## Build image for a particular arch.
docker build \ docker build \
${PLATFORM_FLAG} ${PLATFORM} \ ${PLATFORM_FLAG} ${PLATFORM} \
--no-cache \ --no-cache \
--pull \
--build-arg BASE_IMAGE="$(BASE_IMAGE)" \ --build-arg BASE_IMAGE="$(BASE_IMAGE)" \
--build-arg VERSION="$(TAG)" \ --build-arg VERSION="$(TAG)" \
--build-arg TARGETARCH="$(ARCH)" \ --build-arg TARGETARCH="$(ARCH)" \
@ -85,7 +89,6 @@ image-chroot: clean-chroot-image ## Build image for a particular arch.
echo "Building docker image ($(ARCH))..." echo "Building docker image ($(ARCH))..."
docker build \ docker build \
--no-cache \ --no-cache \
--pull \
--build-arg BASE_IMAGE="$(BASE_IMAGE)" \ --build-arg BASE_IMAGE="$(BASE_IMAGE)" \
--build-arg VERSION="$(TAG)" \ --build-arg VERSION="$(TAG)" \
--build-arg TARGETARCH="$(ARCH)" \ --build-arg TARGETARCH="$(ARCH)" \
@ -107,7 +110,7 @@ clean-chroot-image: ## Removes local image
.PHONY: build .PHONY: build
build: ## Build ingress controller, debug tool and pre-stop hook. build: ## Build ingress controller, debug tool and pre-stop hook.
build/run-in-docker.sh \ E2E_IMAGE=golang:$(GO_VERSION)-alpine3.20 USE_SHELL=/bin/sh build/run-in-docker.sh \
MAC_OS=$(MAC_OS) \ MAC_OS=$(MAC_OS) \
PKG=$(PKG) \ PKG=$(PKG) \
ARCH=$(ARCH) \ ARCH=$(ARCH) \
@ -121,6 +124,9 @@ build: ## Build ingress controller, debug tool and pre-stop hook.
clean: ## Remove .gocache directory. clean: ## Remove .gocache directory.
rm -rf bin/ .gocache/ .cache/ rm -rf bin/ .gocache/ .cache/
.PHONY: verify-docs
verify-docs: ## Verify doc generation
hack/verify-annotation-docs.sh
.PHONY: static-check .PHONY: static-check
static-check: ## Run verification script for boilerplate, codegen, gofmt, golint, lualint and chart-lint. static-check: ## Run verification script for boilerplate, codegen, gofmt, golint, lualint and chart-lint.
@ -128,6 +134,12 @@ static-check: ## Run verification script for boilerplate, codegen, gofmt, golint
MAC_OS=$(MAC_OS) \ MAC_OS=$(MAC_OS) \
hack/verify-all.sh hack/verify-all.sh
.PHONY: golint-check
golint-check:
@build/run-in-docker.sh \
MAC_OS=$(MAC_OS) \
hack/verify-golint.sh
############################### ###############################
# Tests for ingress-nginx # Tests for ingress-nginx
############################### ###############################
@ -147,17 +159,16 @@ test: ## Run go unit tests.
.PHONY: lua-test .PHONY: lua-test
lua-test: ## Run lua unit tests. lua-test: ## Run lua unit tests.
@build/run-in-docker.sh \ @build/run-in-docker.sh \
BUSTED_ARGS=$(BUSTED_ARGS) \
MAC_OS=$(MAC_OS) \ MAC_OS=$(MAC_OS) \
test/test-lua.sh test/test-lua.sh
.PHONY: e2e-test .PHONY: e2e-test
e2e-test: ## Run e2e tests (expects access to a working Kubernetes cluster). e2e-test: ## Run e2e tests (expects access to a working Kubernetes cluster).
@build/run-e2e-suite.sh @test/e2e/run-e2e-suite.sh
.PHONY: kind-e2e-test .PHONY: kind-e2e-test
kind-e2e-test: ## Run e2e tests using kind. kind-e2e-test: ## Run e2e tests using kind.
@test/e2e/run.sh @test/e2e/run-kind-e2e.sh
.PHONY: kind-e2e-chart-tests .PHONY: kind-e2e-chart-tests
kind-e2e-chart-tests: ## Run helm chart e2e tests kind-e2e-chart-tests: ## Run helm chart e2e tests
@ -205,8 +216,9 @@ live-docs: ## Build and launch a local copy of the documentation website in http
@docker run ${PLATFORM_FLAG} ${PLATFORM} --rm -it \ @docker run ${PLATFORM_FLAG} ${PLATFORM} --rm -it \
-p 8000:8000 \ -p 8000:8000 \
-v ${PWD}:/docs \ -v ${PWD}:/docs \
--entrypoint mkdocs \ --entrypoint /bin/bash \
ingress-nginx-docs serve --dev-addr=0.0.0.0:8000 ingress-nginx-docs \
-c "pip install -r /docs/docs/requirements.txt && mkdocs serve --dev-addr=0.0.0.0:8000"
.PHONY: misspell .PHONY: misspell
misspell: ## Check for spelling errors. misspell: ## Check for spelling errors.
@ -228,8 +240,8 @@ ensure-buildx:
show-version: show-version:
echo -n $(TAG) echo -n $(TAG)
PLATFORMS ?= amd64 arm arm64 s390x PLATFORMS ?= amd64 arm arm64
BUILDX_PLATFORMS ?= linux/amd64,linux/arm,linux/arm64,linux/s390x BUILDX_PLATFORMS ?= linux/amd64,linux/arm,linux/arm64
.PHONY: release # Build a multi-arch docker image .PHONY: release # Build a multi-arch docker image
release: ensure-buildx clean release: ensure-buildx clean
@ -263,3 +275,8 @@ release: ensure-buildx clean
--build-arg COMMIT_SHA="$(COMMIT_SHA)" \ --build-arg COMMIT_SHA="$(COMMIT_SHA)" \
--build-arg BUILD_ID="$(BUILD_ID)" \ --build-arg BUILD_ID="$(BUILD_ID)" \
-t $(REGISTRY)/controller-chroot:$(TAG) rootfs -f rootfs/Dockerfile-chroot -t $(REGISTRY)/controller-chroot:$(TAG) rootfs -f rootfs/Dockerfile-chroot
.PHONY: build-docs
build-docs:
pip install -r docs/requirements.txt
mkdocs build --config-file mkdocs.yml

2
NGINX_BASE
View file

@ -1 +1 @@
registry.k8s.io/ingress-nginx/nginx:21aa7f55a3325c1c26de0dfb62ede4c0a809a994@sha256:da6b877ed96dada46ed6e379051c2dd461dd5d329af7a7531820ad3e16197e20 registry.k8s.io/ingress-nginx/nginx-1.25:v0.0.12@sha256:2d471b3a34dc43d10c3f3d7f2a6e8a2ecf7654a4197e56374261c1c708b16365

3
OWNERS
View file

@ -1,4 +1,4 @@
# See the OWNERS docs: https://github.com/kubernetes/community/blob/master/contributors/guide/owners.md # See the OWNERS docs: https://www.kubernetes.dev/docs/guide/owners
approvers: approvers:
- ingress-nginx-maintainers - ingress-nginx-maintainers
@ -9,3 +9,4 @@ reviewers:
emeritus_approvers: emeritus_approvers:
- aledbf # 2020-04-02 - aledbf # 2020-04-02
- bowei # 2022-10-12 - bowei # 2022-10-12
- ElvinEfendi # 2023-04-23

19
OWNERS_ALIASES
View file

@ -1,4 +1,4 @@
# See the OWNERS docs: https://git.k8s.io/community/docs/devel/owners.md # See the OWNERS docs: https://www.kubernetes.dev/docs/guide/owners
aliases: aliases:
sig-network-leads: sig-network-leads:
@ -7,33 +7,34 @@ aliases:
- thockin - thockin
ingress-nginx-admins: ingress-nginx-admins:
- Gacko
- rikatz - rikatz
- strongjz - strongjz
ingress-nginx-maintainers: ingress-nginx-maintainers:
- ElvinEfendi - cpanato
- Gacko
- puerco
- rikatz - rikatz
- strongjz - strongjz
- tao12345666333 - tao12345666333
ingress-nginx-reviewers: ingress-nginx-reviewers:
- ElvinEfendi - cpanato
- Gacko
- puerco
- rikatz - rikatz
- strongjz - strongjz
- tao12345666333 - tao12345666333
ingress-nginx-helm-maintainers: ingress-nginx-helm-maintainers:
- ChiefAlexander - ubergesundheit
- cpanato
ingress-nginx-helm-reviewers: ingress-nginx-helm-reviewers:
- ChiefAlexander - ubergesundheit
- cpanato
ingress-nginx-docs-maintainers: ingress-nginx-docs-maintainers:
- IamNoah1
- longwuyuan - longwuyuan
- tao12345666333
ingress-nginx-kube-webhook-certgen-reviewers: ingress-nginx-kube-webhook-certgen-reviewers:
- invidian - invidian

69
README.md
View file

@ -6,13 +6,12 @@
[![GitHub stars](https://img.shields.io/github/stars/kubernetes/ingress-nginx.svg)](https://github.com/kubernetes/ingress-nginx/stargazers) [![GitHub stars](https://img.shields.io/github/stars/kubernetes/ingress-nginx.svg)](https://github.com/kubernetes/ingress-nginx/stargazers)
[![GitHub stars](https://img.shields.io/badge/contributions-welcome-orange.svg)](https://github.com/kubernetes/ingress-nginx/blob/main/CONTRIBUTING.md) [![GitHub stars](https://img.shields.io/badge/contributions-welcome-orange.svg)](https://github.com/kubernetes/ingress-nginx/blob/main/CONTRIBUTING.md)
## Overview ## Overview
ingress-nginx is an Ingress controller for Kubernetes using [NGINX](https://www.nginx.org/) as a reverse proxy and load ingress-nginx is an Ingress controller for Kubernetes using [NGINX](https://www.nginx.org/) as a reverse proxy and load
balancer. balancer.
[Learn more about Ingress on the main Kubernetes documentation site](https://kubernetes.io/docs/concepts/services-networking/ingress/). [Learn more about Ingress on the Kubernetes documentation site](https://kubernetes.io/docs/concepts/services-networking/ingress/).
## Get started ## Get started
@ -26,37 +25,38 @@ If you encounter issues, review the [troubleshooting docs](docs/troubleshooting.
## Changelog ## Changelog
See [the list of releases](https://github.com/kubernetes/ingress-nginx/releases) to find out about feature changes. See [the list of releases](https://github.com/kubernetes/ingress-nginx/releases) for all changes.
For detailed changes for each release; please check the [Changelog.md](Changelog.md) file. For detailed changes for each release, please check the [changelog-$version.md](./changelog) file for the release version.
For detailed changes on the `ingress-nginx` helm chart, please check the following For detailed changes on the `ingress-nginx` helm chart, please check the changelog folder for a specific version.
[CHANGELOG.md](charts/ingress-nginx/CHANGELOG.md) file. [CHANGELOG-$current-version.md](./charts/ingress-nginx/changelog) file.
### Supported Versions table ### Supported Versions table
Supported versions for the ingress-nginx project mean that we have completed E2E tests, and they are passing for Supported versions for the ingress-nginx project mean that we have completed E2E tests, and they are passing for
the versions listed. Ingress-Nginx versions may work on older versions but the project does not make that guarantee. the versions listed. Ingress-Nginx versions **may** work on older versions, but the project does not make that guarantee.
| Ingress-NGINX version | k8s supported version | Alpine Version | Nginx Version | | Supported | Ingress-NGINX version | k8s supported version | Alpine Version | Nginx Version | Helm Chart Version |
|-----------------------|------------------------------|----------------|---------------| | :-------: | --------------------- | ----------------------------- | -------------- | ------------- | ------------------ |
| v1.5.1 | 1.25, 1.24, 1.23 | 3.16.2 | 1.21.6 | | 🔄 | **v1.11.2** | 1.30, 1.29, 1.28, 1.27, 1.26 | 3.20.0 | 1.25.5 | 4.11.2 |
| v1.4.0 | 1.25, 1.24, 1.23, 1.22 | 3.16.2 | 1.19.10† | | 🔄 | **v1.11.1** | 1.30, 1.29, 1.28, 1.27, 1.26 | 3.20.0 | 1.25.5 | 4.11.1 |
| v1.3.1 | 1.24, 1.23, 1.22, 1.21, 1.20 | 3.16.2 | 1.19.10† | | 🔄 | **v1.11.0** | 1.30, 1.29, 1.28, 1.27, 1.26 | 3.20.0 | 1.25.5 | 4.11.0 |
| v1.3.0 | 1.24, 1.23, 1.22, 1.21, 1.20 | 3.16.0 | 1.19.10† | | 🔄 | **v1.10.4** | 1.30, 1.29, 1.28, 1.27, 1.26 | 3.20.0 | 1.25.5 | 4.10.4 |
| v1.2.1 | 1.23, 1.22, 1.21, 1.20, 1.19 | 3.14.6 | 1.19.10† | | 🔄 | **v1.10.3** | 1.30, 1.29, 1.28, 1.27, 1.26 | 3.20.0 | 1.25.5 | 4.10.3 |
| v1.1.3 | 1.23, 1.22, 1.21, 1.20, 1.19 | 3.14.4 | 1.19.10† | | 🔄 | **v1.10.2** | 1.30, 1.29, 1.28, 1.27, 1.26 | 3.20.0 | 1.25.5 | 4.10.2 |
| v1.1.2 | 1.23, 1.22, 1.21, 1.20, 1.19 | 3.14.2 | 1.19.9† | | 🔄 | **v1.10.1** | 1.30, 1.29, 1.28, 1.27, 1.26 | 3.19.1 | 1.25.3 | 4.10.1 |
| v1.1.1 | 1.23, 1.22, 1.21, 1.20, 1.19 | 3.14.2 | 1.19.9† | | 🔄 | **v1.10.0** | 1.29, 1.28, 1.27, 1.26 | 3.19.1 | 1.25.3 | 4.10.0 |
| v1.1.0 | 1.22, 1.21, 1.20, 1.19 | 3.14.2 | 1.19.9† | | | v1.9.6 | 1.29, 1.28, 1.27, 1.26, 1.25 | 3.19.0 | 1.21.6 | 4.9.1 |
| v1.0.5 | 1.22, 1.21, 1.20, 1.19 | 3.14.2 | 1.19.9† | | | v1.9.5 | 1.28, 1.27, 1.26, 1.25 | 3.18.4 | 1.21.6 | 4.9.0 |
| v1.0.4 | 1.22, 1.21, 1.20, 1.19 | 3.14.2 | 1.19.9† | | | v1.9.4 | 1.28, 1.27, 1.26, 1.25 | 3.18.4 | 1.21.6 | 4.8.3 |
| v1.0.3 | 1.22, 1.21, 1.20, 1.19 | 3.14.2 | 1.19.9† | | | v1.9.3 | 1.28, 1.27, 1.26, 1.25 | 3.18.4 | 1.21.6 | 4.8.* |
| v1.0.2 | 1.22, 1.21, 1.20, 1.19 | 3.14.2 | 1.19.9† | | | v1.9.1 | 1.28, 1.27, 1.26, 1.25 | 3.18.4 | 1.21.6 | 4.8.* |
| v1.0.1 | 1.22, 1.21, 1.20, 1.19 | 3.14.2 | 1.19.9† | | | v1.9.0 | 1.28, 1.27, 1.26, 1.25 | 3.18.2 | 1.21.6 | 4.8.* |
| v1.0.0 | 1.22, 1.21, 1.20, 1.19 | 3.13.5 | 1.20.1 | | | v1.8.4 | 1.27, 1.26, 1.25, 1.24 | 3.18.2 | 1.21.6 | 4.7.* |
| | v1.7.1 | 1.27, 1.26, 1.25, 1.24 | 3.17.2 | 1.21.6 | 4.6.* |
| | v1.6.4 | 1.26, 1.25, 1.24, 1.23 | 3.17.0 | 1.21.6 | 4.5.* |
† _This build is | | v1.5.1 | 1.25, 1.24, 1.23 | 3.16.2 | 1.21.6 | 4.4.* |
[patched against CVE-2021-23017](https://github.com/openresty/openresty/commit/4b5ec7edd78616f544abc194308e0cf4b788725b#diff-42ef841dc27fe0b5aa2d06bd31308bb63a59cdcddcbcddd917248349d22020a3)._ | | v1.4.0 | 1.25, 1.24, 1.23, 1.22 | 3.16.2 | 1.19.10† | 4.3.0 |
| | v1.3.1 | 1.24, 1.23, 1.22, 1.21, 1.20 | 3.16.2 | 1.19.10† | 4.2.5 |
See [this article](https://kubernetes.io/blog/2021/07/26/update-with-ingress-nginx/) if you want upgrade to the stable See [this article](https://kubernetes.io/blog/2021/07/26/update-with-ingress-nginx/) if you want upgrade to the stable
Ingress API. Ingress API.
@ -67,16 +67,19 @@ Thanks for taking the time to join our community and start contributing!
- This project adheres to the [Kubernetes Community Code of Conduct](https://git.k8s.io/community/code-of-conduct.md). - This project adheres to the [Kubernetes Community Code of Conduct](https://git.k8s.io/community/code-of-conduct.md).
By participating in this project, you agree to abide by its terms. By participating in this project, you agree to abide by its terms.
- **Contributing**: Contributions of all kinds are welcome!
- **Contributing**: Contributions of all kind are welcome!
- Read [`CONTRIBUTING.md`](CONTRIBUTING.md) for information about setting up your environment, the workflow that we - Read [`CONTRIBUTING.md`](CONTRIBUTING.md) for information about setting up your environment, the workflow that we
expect, and instructions on the developer certificate of origin that we require. expect, and instructions on the developer certificate of origin that we require.
- Join our Kubernetes Slack channel for developer discussion : [#ingress-nginx-dev](https://kubernetes.slack.com/archives/C021E147ZA4). - Join our Kubernetes Slack channel for developer discussion : [#ingress-nginx-dev](https://kubernetes.slack.com/archives/C021E147ZA4).
- Submit GitHub issues for any feature enhancements, bugs or documentation problems. Please make sure to read the [Issue Reporting Checklist](https://github.com/kubernetes/ingress-nginx/blob/main/CONTRIBUTING.md#issue-reporting-guidelines) before opening an issue. Issues not conforming to the guidelines **may be closed immediately**. - Submit GitHub issues for any feature enhancements, bugs, or documentation problems.
- **Support**: Join the [#ingress-nginx-users](https://kubernetes.slack.com/messages/CANQGM8BA/) channel inside the [Kubernetes Slack](http://slack.kubernetes.io/) to ask questions or get support from the maintainers and other users. - Please make sure to read the [Issue Reporting Checklist](https://github.com/kubernetes/ingress-nginx/blob/main/CONTRIBUTING.md#issue-reporting-guidelines) before opening an issue. Issues not conforming to the guidelines **may be closed immediately**.
- Join our [ingress-nginx-dev mailing list](https://groups.google.com/a/kubernetes.io/g/ingress-nginx-dev/c/ebbBMo-zX-w)
- **Support**:
- Join the [#ingress-nginx-users](https://kubernetes.slack.com/messages/CANQGM8BA/) channel inside the [Kubernetes Slack](http://slack.kubernetes.io/) to ask questions or get support from the maintainers and other users.
- The [GitHub issues](https://github.com/kubernetes/ingress-nginx/issues) in the repository are **exclusively** for bug reports and feature requests. - The [GitHub issues](https://github.com/kubernetes/ingress-nginx/issues) in the repository are **exclusively** for bug reports and feature requests.
- **Discuss**: Tweet using the `#IngressNginx` hashtag. - **Discuss**: Tweet using the `#IngressNginx` hashtag or sharing with us [@IngressNginx](https://twitter.com/IngressNGINX).
## License ## License

2
SECURITY_CONTACTS
View file

@ -9,6 +9,6 @@
# #
# DO NOT REPORT SECURITY VULNERABILITIES DIRECTLY TO THESE NAMES, FOLLOW THE # DO NOT REPORT SECURITY VULNERABILITIES DIRECTLY TO THESE NAMES, FOLLOW THE
# INSTRUCTIONS AT https://kubernetes.io/security/ # INSTRUCTIONS AT https://kubernetes.io/security/
bowei Gacko
rikatz rikatz
strongjz strongjz

1
TAG
View file

@ -1 +0,0 @@
v1.6.0

21
build/build.sh
View file

@ -1,4 +1,4 @@
#!/bin/bash #!/bin/sh
# Copyright 2018 The Kubernetes Authors. # Copyright 2018 The Kubernetes Authors.
# #
@ -25,24 +25,15 @@ set -o errexit
set -o nounset set -o nounset
set -o pipefail set -o pipefail
declare -a mandatory
mandatory=(
PKG
ARCH
COMMIT_SHA
REPO_INFO
TAG
)
for var in "${mandatory[@]}"; do if [ -z "$PKG" ] || [ -z "$ARCH" ] || [ -z "$COMMIT_SHA" ] || [ -z "$REPO_INFO" ] || [ -z "$TAG" ]; then
if [[ -z "${!var:-}" ]]; then echo "Environments PKG, ARCH, COMMIT_SHA, REPO_INFO and TAG are required"
echo "Environment variable $var must be set"
exit 1 exit 1
fi fi
done
export CGO_ENABLED=0 export CGO_ENABLED=0
export GOARCH=${ARCH} export GOARCH="${ARCH}"
TARGETS_DIR="rootfs/bin/${ARCH}" TARGETS_DIR="rootfs/bin/${ARCH}"
echo "Building targets for ${ARCH}, generated targets in ${TARGETS_DIR} directory." echo "Building targets for ${ARCH}, generated targets in ${TARGETS_DIR} directory."

8
build/dev-env.sh
View file

@ -45,14 +45,16 @@ if ! command -v helm &> /dev/null; then
exit 1 exit 1
fi fi
function ver { printf "%d%03d%03d" $(echo "$1" | tr '.' ' '); }
HELM_VERSION=$(helm version 2>&1 | cut -f1 -d"," | grep -oE '[0-9]+\.[0-9]+\.[0-9]+') || true HELM_VERSION=$(helm version 2>&1 | cut -f1 -d"," | grep -oE '[0-9]+\.[0-9]+\.[0-9]+') || true
echo $HELM_VERSION echo $HELM_VERSION
if [[ ${HELM_VERSION} -lt 3.10.0 ]]; then if [[ $(ver $HELM_VERSION) -lt $(ver "3.10.0") ]]; then
echo "Please upgrade helm to v3.10.0 or higher" echo "Please upgrade helm to v3.10.0 or higher"
exit 1 exit 1
fi fi
KUBE_CLIENT_VERSION=$(kubectl version --client --short 2>/dev/null | grep Client | awk '{print $3}' | cut -d. -f2) || true KUBE_CLIENT_VERSION=$(kubectl version --client -oyaml 2>/dev/null | grep "minor:" | awk '{print $2}' | tr -d '"') || true
if [[ ${KUBE_CLIENT_VERSION} -lt 24 ]]; then if [[ ${KUBE_CLIENT_VERSION} -lt 24 ]]; then
echo "Please update kubectl to 1.24.2 or higher" echo "Please update kubectl to 1.24.2 or higher"
exit 1 exit 1
@ -62,7 +64,7 @@ echo "[dev-env] building image"
make build image make build image
docker tag "${REGISTRY}/controller:${TAG}" "${DEV_IMAGE}" docker tag "${REGISTRY}/controller:${TAG}" "${DEV_IMAGE}"
export K8S_VERSION=${K8S_VERSION:-v1.25.2@sha256:9be91e9e9cdf116809841fc77ebdb8845443c4c72fe5218f3ae9eb57fdb4bace} export K8S_VERSION=${K8S_VERSION:-v1.29.2@sha256:51a1434a5397193442f0be2a297b488b6c919ce8a3931be0ce822606ea5ca245}
KIND_CLUSTER_NAME="ingress-nginx-dev" KIND_CLUSTER_NAME="ingress-nginx-dev"

13
build/run-in-docker.sh
View file

@ -44,7 +44,7 @@ function cleanup {
} }
trap cleanup EXIT trap cleanup EXIT
E2E_IMAGE=${E2E_IMAGE:-registry.k8s.io/ingress-nginx/e2e-test-runner:v20221221-controller-v1.5.1-62-g6ffaef32a@sha256:8f025472964cd15ae2d379503aba150565a8d78eb36b41ddfc5f1e3b1ca81a8e} E2E_IMAGE=${E2E_IMAGE:-registry.k8s.io/ingress-nginx/e2e-test-runner:v20240812-3f0129aa@sha256:95c2aaf2a66e8cbbf7a7453046f3b024383c273a0988efab841cd96116afd1a9}
if [[ "$RUNTIME" == podman ]]; then if [[ "$RUNTIME" == podman ]]; then
# Podman does not support both tag and digest # Podman does not support both tag and digest
@ -76,18 +76,13 @@ fi
USER=${USER:-nobody} USER=${USER:-nobody}
#echo "..printing env & other vars to stdout" USE_SHELL=${USE_SHELL:-"/bin/bash"}
#echo "HOSTNAME=`hostname`"
#uname -a
#env
#echo "DIND_ENABLED=$DOCKER_IN_DOCKER_ENABLED"
#echo "done..printing env & other vars to stdout"
if [[ "$DOCKER_IN_DOCKER_ENABLED" == "true" ]]; then if [[ "$DOCKER_IN_DOCKER_ENABLED" == "true" ]]; then
echo "..reached DIND check TRUE block, inside run-in-docker.sh" echo "..reached DIND check TRUE block, inside run-in-docker.sh"
echo "FLAGS=$FLAGS" echo "FLAGS=$FLAGS"
#go env #go env
go install -mod=mod github.com/onsi/ginkgo/v2/ginkgo@v2.6.1 go install -mod=mod github.com/onsi/ginkgo/v2/ginkgo@v2.20.0
find / -type f -name ginkgo 2>/dev/null find / -type f -name ginkgo 2>/dev/null
which ginkgo which ginkgo
/bin/bash -c "${FLAGS}" /bin/bash -c "${FLAGS}"
@ -100,5 +95,5 @@ else
args="$args -v /var/run/docker.sock:/var/run/docker.sock" args="$args -v /var/run/docker.sock:/var/run/docker.sock"
fi fi
${RUNTIME} run $args ${E2E_IMAGE} /bin/bash -c "${FLAGS}" ${RUNTIME} run $args ${E2E_IMAGE} ${USE_SHELL} -c "${FLAGS}"
fi fi

68
changelog/controller-1.10.0.md Normal file
View file

@ -0,0 +1,68 @@
# Changelog
This release is the first using NGINX v1.25.0!
## Breaking changes
* This version does not support chroot image, this will be fixed on a future minor patch release
* This version dropped Opentracing and zipkin modules, just Opentelemetry is supported
* This version dropped support for PodSecurityPolicy
* This version dropped support for GeoIP (legacy). Only GeoIP2 is supported
### controller-v1.10.0
Images:
* registry.k8s.io/ingress-nginx/controller:v1.10.0@sha256:42b3f0e5d0846876b1791cd3afeb5f1cbbe4259d6f35651dcc1b5c980925379c
### All changes:
* Start the release of v1.10.0 (#11038)
* bump nginx and Go, remove tag file and old CI jobs (#11037)
* Fix kubewebhook image tag (#11033)
* add missing backend-protocol annotation option (#9545)
* Update controller-prometheusrules.yaml (#8902)
* Stop reporting interrupted tests (#11027)
* test(gzip): reach ingress (#9541)
* fix datasource, $exported_namespace variable in grafana nginx dashboard (#9092)
* Properly support a TLS-wrapped OCSP responder (#10164)
* Fix print-e2e-suite (#9536)
* chore(deps): upgrade headers-more module to 0.37 (#10991)
* Update ingress-path-matching.md (#11008)
* Update ingress-path-matching.md (#11007)
* E2E Tests: Explicitly enable metrics. (#10962)
* Chart: Set `--enable-metrics` depending on `controller.metrics.enabled`. (#10959)
* Chart: Remove useless `default` from `_params.tpl`. (#10957)
* Fix golang makefile var name (#10932)
* Fixing image push (#10931)
* fix: live-docs script (#10928)
* docs: Add vouch-proxy OAuth example (#10929)
* Add OTEL build test and for NGINX v1.25 (#10889)
* docs: update annotations docs with missing session-cookie section (#10917)
* Release controller 1.9.6 and helm 4.9.1 (#10919)
### Dependency updates:
* Bump kubewebhook certgen (#11034)
* Bump go libraries (#11023)
* Bump modsecurity on nginx 1.25 (#11024)
* Bump grpc and reintroduce OTEL compilation (#11021)
* Bump github/codeql-action from 3.24.0 to 3.24.5 (#11017)
* Bump actions/dependency-review-action from 4.0.0 to 4.1.3 (#11016)
* Bump dorny/paths-filter from 3.0.0 to 3.0.1 (#10994)
* Bump github.com/prometheus/client_model from 0.5.0 to 0.6.0 (#10998)
* Bump actions/upload-artifact from 4.3.0 to 4.3.1 (#10978)
* Bump actions/download-artifact from 4.1.1 to 4.1.2 (#10981)
* Bump aquasecurity/trivy-action from 0.16.1 to 0.17.0 (#10979)
* Bump golangci/golangci-lint-action from 3.7.0 to 4.0.0 (#10980)
* Bump golang.org/x/crypto from 0.18.0 to 0.19.0 (#10976)
* Bump github/codeql-action from 3.23.2 to 3.24.0 (#10971)
* Bump github.com/opencontainers/runc from 1.1.11 to 1.1.12 (#10951)
* Bump google.golang.org/grpc from 1.60.1 to 1.61.0 (#10938)
* Bump actions/upload-artifact from 4.2.0 to 4.3.0 (#10937)
* Bump dorny/test-reporter from 1.7.0 to 1.8.0 (#10936)
* Bump github/codeql-action from 3.23.1 to 3.23.2 (#10935)
* Bump dorny/paths-filter from 2.11.1 to 3.0.0 (#10934)
* Bump alpine to 3.19.1 (#10930)
* Bump go to v1.21.6 and set a single source of truth (#10926)
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-v1.9.6...controller-v1.10.0

57
changelog/controller-1.10.1.md Normal file
View file

@ -0,0 +1,57 @@
# Changelog
### controller-v1.10.1
Images:
* registry.k8s.io/ingress-nginx/controller:v1.10.1@sha256:e24f39d3eed6bcc239a56f20098878845f62baa34b9f2be2fd2c38ce9fb0f29e
* registry.k8s.io/ingress-nginx/controller-chroot:v1.10.1@sha256:c155954116b397163c88afcb3252462771bd7867017e8a17623e83601bab7ac7
### All changes:
* start 1.10.1 build (#11246)
* force nginx rebuild (#11245)
* update k8s version to latest kind release (#11241)
* remove _ssl_expire_time_seconds metric by identifier (#11239)
* update post submit helm ci and clean up (#11221)
* Chart: Add unit tests for default backend & topology spread constraints. (#11219)
* sort default backend hpa metrics (#11217)
* updated certgen image shatag (#11216)
* changed testrunner image sha (#11211)
* bumped certgeimage tag (#11213)
* updated baseimage & deleted a useless file (#11209)
* bump ginkgo to 2-17-1 in testrunner (#11204)
* chunking related faq update (#11205)
* Fix-semver (#11199)
* refactor helm ci tests part I (#11188)
* Proposal: e2e tests for regex patterns (#11185)
* bump ginkgo to v2.17.1 (#11186)
* fixes brotli build issue (#11187)
* fix geoip2 configuration docs (#11151)
* Fix typos in OTel doc (#11081) (#11129)
* Chart: Render `controller.ingressClassResource.parameters` natively. (#11126)
* Fix admission controller logging of `admissionTime` and `testedConfigurationSize` (#11114)
* Chart: Align HPA & KEDA conditions. (#11113)
* Chart: Improve IngressClass documentation. (#11111)
* Chart: Add Gacko to maintainers. Again. (#11112)
* Chart: Deploy `PodDisruptionBudget` with KEDA. (#11105)
* Chores: Pick patches from main. (#11103)
### Dependency updates:
* Bump google.golang.org/grpc from 1.63.0 to 1.63.2 (#11238)
* Bump google.golang.org/grpc from 1.62.1 to 1.63.0 (#11234)
* Bump github.com/prometheus/common from 0.51.1 to 0.52.2 (#11233)
* Bump golang.org/x/crypto from 0.21.0 to 0.22.0 (#11232)
* Bump github.com/prometheus/client_model in the all group (#11231)
* Bump the all group with 3 updates (#11230)
* Bump the all group with 2 updates (#11190)
* Bump actions/add-to-project from 0.6.1 to 1.0.0 (#11189)
* Bump the all group with 3 updates (#11166)
* Bump github.com/prometheus/common from 0.50.0 to 0.51.1 (#11160)
* Bump the all group with 4 updates (#11140)
* Bump the all group with 1 update (#11136)
* Bump google.golang.org/protobuf from 1.32.0 to 1.33.0 in /magefiles (#11127)
* Bump google.golang.org/protobuf in /images/custom-error-pages/rootfs (#11128)
* Bump google.golang.org/protobuf in /images/kube-webhook-certgen/rootfs (#11122)

130
changelog/controller-1.10.2.md Normal file
View file

@ -0,0 +1,130 @@
# Changelog
### controller-v1.10.2
Images:
* registry.k8s.io/ingress-nginx/controller:v1.10.2@sha256:e3311b3d9671bc52d90572bcbfb7ee5b71c985d6d6cffd445c241f1e2703363c
* registry.k8s.io/ingress-nginx/controller-chroot:v1.10.2@sha256:c4395cba98f9721e3381d3c06e7994371bae20f5ab30e457cd7debe44a8c8c54
### All changes:
* update test runner to latest build (#11557)
* add k8s 1.30 to ci build (#11553)
* update test runner go base to 3.20 (#11550)
* tag new test runner image with new nginx base 0.0.8 (#11549)
* bump NGINX_BASE to v0.0.8 (#11543)
* trigger build for NGINX-1.25 v0.0.8 (#11542)
* Upgrade OWASP_MODSECURITY_CRS_VERSION 3.3.5 to 4.4.0 and update docs (#11548)
* [feature] bump nginx to 1.25.5 and add http3 module (#11541)
* add ssl patches to nginx-1.25 image for coroutines to work in lua client hello and cert ssl blocks (#11534)
* bump alpine version to 3.20 to custom-error-pages (#11537)
* fix: Ensure changes in MatchCN annotation are detected (#11528)
* Docs: Add information about HTTP/3 support. (#11525)
* Docs: Specify `ingressClass` for multi-controller setup. (#11520)
* Docs: Improve default certificate usage. (#11519)
* docs: Update Ingress-NGINX v1.10.1 compatibility with Kubernetes v1.30 (#11500)
* Update getting-started.md with new prerequisites (#11487)
* Fix boolean configuration (#11484)
* Chores: Align security contacts & chart maintainers to actual owners. (#11480)
* CI: Bump forgotten Ginkgo versions. (#11469)
* Tests: Replace deprecated `grpc.Dial` by `grpc.NewClient`. (#11468)
* Owners: Promote Gacko to admin. (#11464)
* fixed fastcgi userguide (#11455)
* Remove unnecessary space character (#11451)
* fix for docs issue 11432 (#11446)
* Update index.md (#11445)
* upgrade to alpine 3.20 (#11438)
* update golang to 1.22.4 (#11431)
* Adapt dashboards for Grafana 11 compatibility (#11414)
* Rename variable to fix typo (#11413)
* Fix helm install on cloud provider admonition block (#11412)
* edited helm-install tips (#11411)
* added info for aws helm install (#11410)
* added multiplecontrollers-howto to faq (#11409)
* removed tlsv1 & tlsv1.1 (#11408)
* Docs: Remove opentracing and zipkin from docs (#11405)
* Go: Sync modules from `main`. (#11398)
* add workflow to helm release and update ct for branch (#11317)
* Merge pull request #11277 from strongjz/chart-1.10.1 (#11314)
* Release Helm Chart on branch update (#11306)
* Release controller 1.10.1 (#11298)
* fix path in file changed detected message (#11286)
* chore: fix function names in comment (#11281)
* fix: update kube version requirement to 1.21 (#11279)
* release helm chart from release branch (#11278)
* start 1.10.1 build (#11246)
* force nginx rebuild (#11245)
* update k8s version to latest kind release (#11241)
* remove _ssl_expire_time_seconds metric by identifier (#11239)
* update post submit helm ci and clean up (#11221)
* Chart: Add unit tests for default backend & topology spread constraints. (#11219)
* sort default backend hpa metrics (#11217)
* updated certgen image shatag (#11216)
* changed testrunner image sha (#11211)
* bumped certgeimage tag (#11213)
* updated baseimage & deleted a useless file (#11209)
* bump ginkgo to 2-17-1 in testrunner (#11204)
* chunking related faq update (#11205)
* Fix-semver (#11199)
* refactor helm ci tests part I (#11188)
* Proposal: e2e tests for regex patterns (#11185)
* bump ginkgo to v2.17.1 (#11186)
* fixes brotli build issue (#11187)
* fix geoip2 configuration docs (#11151)
* Fix typos in OTel doc (#11081) (#11129)
* Chart: Render `controller.ingressClassResource.parameters` natively. (#11126)
* Fix admission controller logging of `admissionTime` and `testedConfigurationSize` (#11114)
* Chart: Align HPA & KEDA conditions. (#11113)
* Chart: Improve IngressClass documentation. (#11111)
* Chart: Add Gacko to maintainers. Again. (#11112)
* Chart: Deploy `PodDisruptionBudget` with KEDA. (#11105)
* Chores: Pick patches from main. (#11103)
* Start the release of v1.10.0 (#11038)
### Dependency updates:
* Bump the all group with 2 updates (#11524)
* Bump k8s.io/klog/v2 from 2.130.0 to 2.130.1 in the all group (#11521)
* Bump aquasecurity/trivy-action from 0.22.0 to 0.23.0 in the all group (#11501)
* Bump k8s.io/klog/v2 from 2.120.1 to 2.130.0 (#11479)
* Bump the all group with 3 updates (#11478)
* Bump the all group with 2 updates (#11477)
* Bump golang.org/x/crypto from 0.23.0 to 0.24.0 (#11471)
* Bump sigs.k8s.io/controller-runtime in the all group (#11449)
* Bump github.com/prometheus/common from 0.53.0 to 0.54.0 (#11447)
* Bump the all group with 3 updates (#11450)
* Bump goreleaser/goreleaser-action from 5.1.0 to 6.0.0 (#11448)
* Bump github.com/onsi/ginkgo/v2 from 2.17.2 to 2.19.0 (#11422)
* Bump the all group with 2 updates (#11421)
* Bump google.golang.org/grpc from 1.63.2 to 1.64.0 (#11423)
* Bump the all group across 1 directory with 6 updates (#11407)
* Bump golangci/golangci-lint-action from 5.3.0 to 6.0.1 (#11406)
* Bump the all group with 3 updates (#11404)
* Bump Kubernetes version on images (#11403)
* Bump golangci/golangci-lint-action from 4.0.0 to 5.0.0 (#11402)
* Bump the all group with 4 updates (#11380)
* Bump k8s.io/component-base from 0.29.3 to 0.30.0 (#11301)
* Bump github.com/prometheus/common from 0.52.3 to 0.53.0 (#11300)
* Bump golang.org/x/net from 0.22.0 to 0.23.0 (#11285)
* Bump golang.org/x/net in /images/kube-webhook-certgen/rootfs (#11284)
* Bump the all group with 2 updates (#11266)
* Bump azure/setup-helm from 3.5 to 4 (#11265)
* Bump actions/add-to-project from 1.0.0 to 1.0.1 in the all group (#11264)
* Bump google.golang.org/grpc from 1.63.0 to 1.63.2 (#11238)
* Bump google.golang.org/grpc from 1.62.1 to 1.63.0 (#11234)
* Bump github.com/prometheus/common from 0.51.1 to 0.52.2 (#11233)
* Bump golang.org/x/crypto from 0.21.0 to 0.22.0 (#11232)
* Bump github.com/prometheus/client_model in the all group (#11231)
* Bump the all group with 3 updates (#11230)
* Bump the all group with 2 updates (#11190)
* Bump actions/add-to-project from 0.6.1 to 1.0.0 (#11189)
* Bump the all group with 3 updates (#11166)
* Bump github.com/prometheus/common from 0.50.0 to 0.51.1 (#11160)
* Bump the all group with 4 updates (#11140)
* Bump the all group with 1 update (#11136)
* Bump google.golang.org/protobuf from 1.32.0 to 1.33.0 in /magefiles (#11127)
* Bump google.golang.org/protobuf in /images/custom-error-pages/rootfs (#11128)
* Bump google.golang.org/protobuf in /images/kube-webhook-certgen/rootfs (#11122)
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-v1.10.1...controller-v1.10.2

37
changelog/controller-1.10.3.md Normal file
View file

@ -0,0 +1,37 @@
# Changelog
### controller-v1.10.3
Images:
* registry.k8s.io/ingress-nginx/controller:v1.10.3@sha256:b5a5082f8e508cc1aac1c0ef101dc2f87b63d51598a5747d81d6cf6e7ba058fd
* registry.k8s.io/ingress-nginx/controller-chroot:v1.10.3@sha256:9033e04bd3cd01f92414f8d5999c5095734d4caceb4923942298152a38373d4b
### All changes:
* Images: Trigger `controller` v1.10.3 build. (#11648)
* Tests: Bump `test-runner` to v20240717-1fe74b5f. (#11646)
* Images: Re-run `test-runner` build. (#11643)
* Images: Trigger `test-runner` build. (#11639)
* Images: Bump `NGINX_BASE` to v0.0.10. (#11637)
* Images: Trigger NGINX build. (#11631)
* bump testing runner (#11626)
* remove modsecurity coreruleset test files from nginx image (#11619)
* unskip the ocsp tests and update images to fix cfssl bug (#11615)
* Fix indent in YAML for example pod (#11609)
* Images: Bump `test-runner`. (#11604)
* Images: Bump `NGINX_BASE` to v0.0.9. (#11601)
* revert module upgrade (#11595)
* README: Fix support matrix. (#11593)
* Mage: Stop mutating release notes. (#11582)
* Images: Bump `kube-webhook-certgen`. (#11583)
### Dependency updates:
* Bump github.com/prometheus/common from 0.54.0 to 0.55.0 (#11622)
* Bump the all group with 5 updates (#11613)
* Bump golang.org/x/crypto from 0.24.0 to 0.25.0 (#11579)
* Bump google.golang.org/grpc from 1.64.0 to 1.65.0 (#11577)
* Bump the all group with 4 updates (#11574)
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-v1.10.2...controller-v1.10.3

53
changelog/controller-1.10.4.md Normal file
View file

@ -0,0 +1,53 @@
# Changelog
### controller-v1.10.4
Images:
* registry.k8s.io/ingress-nginx/controller:v1.10.4@sha256:505b9048c02dde3d6c8667bf0b52aba7b36adf7b03da34c47d5fa312d2d4c6fc
* registry.k8s.io/ingress-nginx/controller-chroot:v1.10.4@sha256:bf71acf6e71830a4470e2183e3bc93c4f006b954f8a05fb434242ef0f8a24858
### All changes:
* Chart: Bump Kube Webhook CertGen & OpenTelemetry. (#11811)
* Images: Trigger controller build. (#11808)
* Tests & Docs: Bump images. (#11804)
* Images: Trigger failed builds. (#11801)
* Images: Trigger other builds. (#11797)
* Controller: Fix panic in alternative backend merging. (#11793)
* Tests: Bump `e2e-test-runner` to v20240812-3f0129aa. (#11791)
* Images: Trigger `test-runner` build. (#11786)
* Images: Bump `NGINX_BASE` to v0.0.12. (#11783)
* Images: Trigger NGINX build. (#11780)
* Cloud Build: Add missing config, remove unused ones. (#11776)
* Generate correct output on NumCPU() when using cgroups2 (#11775)
* Cloud Build: Tweak timeouts. (#11762)
* Cloud Build: Fix substitutions. (#11759)
* Cloud Build: Some chores. (#11756)
* Go: Bump to v1.22.6. (#11748)
* Images: Bump `NGINX_BASE` to v0.0.11. (#11744)
* Images: Trigger NGINX build. (#11736)
* docs: update OpenSSL Roadmap link (#11734)
* Go: Bump to v1.22.5. (#11731)
* Docs: Fix typo in AWS LB Controller reference (#11724)
* Perform some cleaning operations on line breaks. (#11722)
* Missing anchors in regular expression. (#11718)
* Docs: Fix `from-to-www` redirect description. (#11715)
* Chart: Remove `isControllerTagValid`. (#11714)
* Tests: Bump `e2e-test-runner` to v20240729-04899b27. (#11704)
* Docs: Clarify `from-to-www` redirect direction. (#11692)
* added real-client-ip faq (#11665)
* Docs: Format NGINX configuration table. (#11660)
### Dependency updates:
* Bump github.com/onsi/ginkgo/v2 from 2.19.1 to 2.20.0 (#11772)
* Bump the all group with 2 updates (#11770)
* Bump golang.org/x/crypto from 0.25.0 to 0.26.0 (#11768)
* Bump the all group with 3 updates (#11729)
* Bump github.com/onsi/ginkgo/v2 from 2.19.0 to 2.19.1 in the all group (#11700)
* Bump the all group with 2 updates (#11697)
* Bump the all group with 4 updates (#11676)
* Bump the all group with 2 updates (#11674)
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-v1.10.3...controller-v1.10.4

164
changelog/controller-1.11.0.md Normal file
View file

@ -0,0 +1,164 @@
# Changelog
### controller-v1.11.0
Images:
* registry.k8s.io/ingress-nginx/controller:v1.11.0@sha256:a886e56d532d1388c77c8340261149d974370edca1093af4c97a96fb1467cb39
* registry.k8s.io/ingress-nginx/controller-chroot:v1.11.0@sha256:f16dfed1c94d216b65e5dcb7508ab46148641a99649c5a700749db6f01a7039e
### All changes:
* update test runner to latest build (#11558)
* add k8s 1.30 to ci build (#11554)
* update test runner go base to 3.20 (#11552)
* tag new test runner image with new nginx base 0.0.8 (#11551)
* bump NGINX_BASE to v0.0.8 (#11544)
* add ssl patches to nginx-1.25 image for coroutines to work in lua client hello and cert ssl blocks (#11535)
* trigger build for NGINX-1.25 v0.0.8 (#11539)
* bump alpine version to 3.20 to custom-error-pages (#11538)
* fix: Ensure changes in MatchCN annotation are detected (#11529)
* Docs: Add information about HTTP/3 support. (#11513)
* Docs: Specify `ingressClass` for multi-controller setup. (#11493)
* Docs: Improve default certificate usage. (#11504)
* Upgrade OWASP_MODSECURITY_CRS_VERSION 3.3.5 to 4.4.0 and update docs (#11511)
* docs: Update Ingress-NGINX v1.10.1 compatibility with Kubernetes v1.30 (#11495)
* Update getting-started.md with new prerequisites (#11486)
* [feature] bump nginx to 1.25.5 and add http3 module (#11470)
* Fix boolean configuration (#11483)
* Chores: Align security contacts & chart maintainers to actual owners. (#11465)
* CI: Bump forgotten Ginkgo versions. (#11467)
* Tests: Replace deprecated `grpc.Dial` by `grpc.NewClient`. (#11462)
* Owners: Promote Gacko to admin. (#11463)
* Chart: Make pod affinity templatable. (#11453)
* fixed fastcgi userguide (#11454)
* Remove unnecessary space character (#11434)
* upgrade to alpine 3.20 (#11428)
* fix for docs issue 11432 (#11433)
* Update index.md (#11437)
* update golang to 1.22.4 (#11427)
* Chart: Fix `IngressClass` annotations. (#11416)
* Chart: Make admission webhook patch job RBAC configurable. (#11376)
* Merge pull request #11277 from strongjz/chart-1.10.1 (#11415)
* Chart: Remove `controller.enableWorkerSerialReloads`. (#11400)
* Adapt dashboards for Grafana 11 compatibility (#11399)
* Rename variable to fix typo (#11395)
* Fix helm install on cloud provider admonition block (#11394)
* edited helm-install tips (#11393)
* added info for aws helm install (#11390)
* added multiplecontrollers-howto to faq (#11389)
* removed tlsv1 & tlsv1.1 (#11343)
* feat: Add grpc timeouts annotations (#11258)
* sfix position of options (#11379)
* add workflow to helm release and update ct for branch (#11378)
* Accept user defined annotations in IngressClass (#11362)
* Docs: Remove opentracing and zipkin from docs (#11361)
* Allow configuring nginx worker reload behaviour, to prevent multiple concurrent worker reloads which can lead to high resource usage and OOMKill (#10884)
* chore(deps): group update k8s.io packages to v0.30.0 (#11344)
* Fix function name in comment (#11296)
* fix path in file changed detected message (#11271)
* chore: fix function names in comment (#11280)
* fix: update kube version requirement to 1.21 (#11275)
* release helm chart from release branch (#11276)
* update k8s version to latest kind release (#11240)
* feat: add annotation to allow to add custom response headers (#9742)
* remove _ssl_expire_time_seconds metric by identifier (#9706)
* update post submit helm ci and clean up (#11220)
* Chart: Add unit tests for default backend & topology spread constraints. (#11218)
* sort default backend hpa metrics (#11215)
* updated certgen image shatag (#11214)
* feature(default_backend): topologySpreadConstraints on default backend (#11197)
* bumped certgeimage tag (#11212)
* changed testrunner image sha (#11207)
* updated baseimage & deleted a useless file (#11208)
* Chart: Make `controller.config` templatable. (#11181)
* chunking related faq update (#11196)
* bump ginkgo to 2-17-1 in testrunner (#11202)
* Owners: Promote Gacko to `ingress-nginx-maintainers` & `ingress-nginx-reviewers`. (#11165)
* Fix-semver (#11193)
* refactor helm ci tests part I (#11178)
* fixes brotli build issue (#10484)
* bump ginkgo to v2.17.1 (#11177)
* Proposal: e2e tests for regex patterns (#11174)
* Controller: Make Leader Election TTL configurable. (#11142)
* Chores: Remove recently added whitespaces. (#11156)
* Add GRPC Buffer Size to the Configmap (#11155)
* fix geoip2 configuration docs (#11150)
* feature(geoip2_autoreload): Enable GeoIP2 auto_reload config (#11079)
* Chart: Add IngressClass aliases. (#11109)
* Fix typos in OTel doc (#11081)
* Chart: Render `controller.ingressClassResource.parameters` natively. (#11108)
* Fix admission controller logging of `admissionTime` and `testedConfigurationSize` (#11089)
* Chart: Align HPA & KEDA conditions. (#11110)
* Chart: Add Gacko to maintainers. Again. (#11107)
* Chart: Improve IngressClass documentation. (#11104)
* Chart: Deploy `PodDisruptionBudget` with KEDA. (#11032)
* Undo #11062 since it breaks the nginx config (#11082)
* [mTLS] Fix acme verfication when mTLS and Client CN verification is enabled (#11062)
* golangci-lint update, ci cleanup, group dependabot updates (#11071)
* bump golang (#11070)
* feature(leader_election): flag to disable leader election feature on controller (#11064)
* docs: update the 404 link to FAQ (#11069)
* Update README.md (#11065)
* quotes around numbers fort ports definitions (#11052)
### Dependency updates:
* Bump the all group with 2 updates (#11523)
* Bump k8s.io/klog/v2 from 2.130.0 to 2.130.1 in the all group (#11499)
* Bump aquasecurity/trivy-action from 0.22.0 to 0.23.0 in the all group (#11497)
* Bump k8s.io/klog/v2 from 2.120.1 to 2.130.0 (#11475)
* Bump the all group with 3 updates (#11474)
* Bump the all group with 2 updates (#11476)
* Bump golang.org/x/crypto from 0.23.0 to 0.24.0 (#11442)
* Bump the all group with 3 updates (#11443)
* Bump sigs.k8s.io/controller-runtime in the all group (#11440)
* Bump goreleaser/goreleaser-action from 5.1.0 to 6.0.0 (#11444)
* Bump github.com/prometheus/common from 0.53.0 to 0.54.0 (#11441)
* Bump the all group with 2 updates (#11419)
* Bump github.com/onsi/ginkgo/v2 from 2.17.2 to 2.19.0 (#11418)
* Bump google.golang.org/grpc from 1.63.2 to 1.64.0 (#11417)
* Bump the all group across 1 directory with 3 updates (#11384)
* Bump the all group across 1 directory with 6 updates (#11383)
* Bump golang.org/x/crypto from 0.22.0 to 0.23.0 (#11357)
* Bump golangci/golangci-lint-action from 5.3.0 to 6.0.1 (#11355)
* Bump the all group with 3 updates (#11348)
* Bump Kubernetes version on images (#11346)
* Bump sigs.k8s.io/controller-runtime from 0.17.3 to 0.18.1 (#11345)
* Bump golangci/golangci-lint-action from 4.0.0 to 5.0.0 (#11328)
* Bump the all group with 4 updates (#11327)
* Bump k8s.io/component-base from 0.29.3 to 0.30.0 (#11291)
* Bump github.com/prometheus/common from 0.52.3 to 0.53.0 (#11290)
* Bump golang.org/x/net from 0.22.0 to 0.23.0 (#11282)
* Bump golang.org/x/net in /images/kube-webhook-certgen/rootfs (#11283)
* Bump the all group with 2 updates (#11261)
* Bump azure/setup-helm from 3.5 to 4 (#11263)
* Bump actions/add-to-project from 1.0.0 to 1.0.1 in the all group (#11262)
* Bump google.golang.org/grpc from 1.63.0 to 1.63.2 (#11237)
* Bump google.golang.org/grpc from 1.62.1 to 1.63.0 (#11228)
* Bump github.com/prometheus/common from 0.51.1 to 0.52.2 (#11227)
* Bump golang.org/x/crypto from 0.21.0 to 0.22.0 (#11229)
* Bump github.com/prometheus/client_model in the all group (#11226)
* Bump the all group with 3 updates (#11225)
* Bump the all group with 2 updates (#11183)
* Bump actions/add-to-project from 0.6.1 to 1.0.0 (#11184)
* Bump the all group with 3 updates (#11157)
* Bump github.com/prometheus/common from 0.50.0 to 0.51.1 (#11159)
* Bump the all group with 4 updates (#11133)
* Bump the all group with 1 update (#11134)
* Bump google.golang.org/protobuf in /images/custom-error-pages/rootfs (#11119)
* Bump google.golang.org/protobuf from 1.32.0 to 1.33.0 in /magefiles (#11121)
* Bump google.golang.org/protobuf in /images/kube-webhook-certgen/rootfs (#11120)
* Bump github.com/onsi/ginkgo/v2 from 2.15.0 to 2.16.0 (#11076)
* Bump the all group with 1 update (#11073)
* Bump the all group with 1 update (#11072)
* Bump github.com/prometheus/common from 0.49.0 to 0.50.0 (#11075)
* Bump actions/download-artifact from 4.1.2 to 4.1.4 (#11059)
* Bump github.com/stretchr/testify from 1.8.4 to 1.9.0 (#11055)
* Bump docker/setup-buildx-action from 3.0.0 to 3.1.0 (#11057)
* Bump github.com/prometheus/common from 0.48.0 to 0.49.0 (#11056)
* Bump github/codeql-action from 3.24.5 to 3.24.6 (#11060)
* Bump aquasecurity/trivy-action from 0.17.0 to 0.18.0 (#11058)
* Bump dorny/paths-filter from 3.0.1 to 3.0.2 (#11061)
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-v1.10.2...controller-v1.11.0

45
changelog/controller-1.11.1.md Normal file
View file

@ -0,0 +1,45 @@
# Changelog
### controller-v1.11.1
Images:
* registry.k8s.io/ingress-nginx/controller:v1.11.1@sha256:e6439a12b52076965928e83b7b56aae6731231677b01e81818bce7fa5c60161a
* registry.k8s.io/ingress-nginx/controller-chroot:v1.11.1@sha256:7cabe4bd7558bfdf5b707976d7be56fd15ffece735d7c90fc238b6eda290fd8d
### All changes:
* Tests: Bump `test-runner` to v20240717-1fe74b5f. (#11647)
* Images: Re-run `test-runner` build. (#11644)
* Images: Trigger `test-runner` build. (#11640)
* Images: Bump `NGINX_BASE` to v0.0.10. (#11638)
* Images: Trigger NGINX build. (#11632)
* bump testing runner (#11627)
* remove modsecurity coreruleset test files from nginx image (#11620)
* unskip the ocsp tests and update images to fix cfssl bug (#11616)
* Fix indent in YAML for example pod (#11610)
* Images: Bump `test-runner`. (#11605)
* Images: Bump `NGINX_BASE` to v0.0.9. (#11602)
* revert module upgrade (#11597)
* Release: Apply changes from `main`. (#11589)
* Mage: Stop mutating release notes. (#11581)
* Images: Bump `kube-webhook-certgen`. (#11584)
* update test runner to latest build (#11558)
* add k8s 1.30 to ci build (#11554)
* update test runner go base to 3.20 (#11552)
* tag new test runner image with new nginx base 0.0.8 (#11551)
* bump NGINX_BASE to v0.0.8 (#11544)
* add ssl patches to nginx-1.25 image for coroutines to work in lua client hello and cert ssl blocks (#11535)
* trigger build for NGINX-1.25 v0.0.8 (#11539)
* bump alpine version to 3.20 to custom-error-pages (#11538)
* fix: Ensure changes in MatchCN annotation are detected (#11529)
### Dependency updates:
* Bump github.com/prometheus/common from 0.54.0 to 0.55.0 (#11621)
* Bump the all group with 5 updates (#11614)
* Bump golang.org/x/crypto from 0.24.0 to 0.25.0 (#11580)
* Bump google.golang.org/grpc from 1.64.0 to 1.65.0 (#11576)
* Bump the all group with 4 updates (#11575)
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-v1.11.0...controller-v1.11.1

54
changelog/controller-1.11.2.md Normal file
View file

@ -0,0 +1,54 @@
# Changelog
### controller-v1.11.2
Images:
* registry.k8s.io/ingress-nginx/controller:v1.11.2@sha256:d5f8217feeac4887cb1ed21f27c2674e58be06bd8f5184cacea2a69abaf78dce
* registry.k8s.io/ingress-nginx/controller-chroot:v1.11.2@sha256:21b55a2f0213a18b91612a8c0850167e00a8e34391fd595139a708f9c047e7a8
### All changes:
* Chart: Bump Kube Webhook CertGen & OpenTelemetry. (#11812)
* Images: Trigger controller build. (#11807)
* Tests & Docs: Bump images. (#11805)
* Images: Trigger failed builds. (#11802)
* Images: Trigger other builds. (#11798)
* Controller: Fix panic in alternative backend merging. (#11794)
* Tests: Bump `e2e-test-runner` to v20240812-3f0129aa. (#11792)
* Images: Trigger `test-runner` build. (#11787)
* Images: Bump `NGINX_BASE` to v0.0.12. (#11784)
* Images: Trigger NGINX build. (#11781)
* Cloud Build: Add missing config, remove unused ones. (#11777)
* Generate correct output on NumCPU() when using cgroups2 (#11778)
* Cloud Build: Tweak timeouts. (#11763)
* Cloud Build: Fix substitutions. (#11760)
* Cloud Build: Some chores. (#11757)
* Go: Bump to v1.22.6. (#11749)
* Images: Bump `NGINX_BASE` to v0.0.11. (#11743)
* Images: Trigger NGINX build. (#11737)
* docs: update OpenSSL Roadmap link (#11733)
* Go: Bump to v1.22.5. (#11732)
* Docs: Fix typo in AWS LB Controller reference (#11725)
* Perform some cleaning operations on line breaks. (#11721)
* Missing anchors in regular expression. (#11719)
* Docs: Fix `from-to-www` redirect description. (#11716)
* Chart: Remove `isControllerTagValid`. (#11713)
* Tests: Bump `e2e-test-runner` to v20240729-04899b27. (#11705)
* Docs: Clarify `from-to-www` redirect direction. (#11693)
* added real-client-ip faq (#11664)
* Docs: Format NGINX configuration table. (#11662)
* Docs: Update version in `deploy/index.md`. (#11652)
### Dependency updates:
* Bump github.com/onsi/ginkgo/v2 from 2.19.1 to 2.20.0 (#11773)
* Bump the all group with 2 updates (#11771)
* Bump golang.org/x/crypto from 0.25.0 to 0.26.0 (#11769)
* Bump the all group with 3 updates (#11728)
* Bump github.com/onsi/ginkgo/v2 from 2.19.0 to 2.19.1 in the all group (#11701)
* Bump the all group with 2 updates (#11698)
* Bump the all group with 4 updates (#11677)
* Bump the all group with 2 updates (#11675)
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-v1.11.1...controller-v1.11.2

109
changelog/Changelog-1.5.2.md → changelog/controller-1.6.4.md
View file

@ -1,14 +1,61 @@
# Changelog # Changelog
### 1.5.2 ### 1.6.4
Images: Images:
<<<<<<< HEAD * registry.k8s.io/controller:controller-v1.6.4@sha256:15be4666c53052484dd2992efacf2f50ea77a78ae8aa21ccd91af6baaa7ea22f
* registry.k8s.io/ingress-nginx/controller:controller-v1.5.2@sha256:3870522ed937c9efb94bfa31a7eb16009831567a0d4cbe01846fc5486d622655 * registry.k8s.io/controller-chroot:controller-v1.6.4@sha256:0de01e2c316c3ca7847ca13b32d077af7910d07f21a4a82f81061839764f8f81
* registry.k8s.io/ingress-nginx/controller-chroot:controller-v1.5.2@sha256:84613555694f2c59a8b2551126d226c9aa648544ebf0cde1e0df942f7dbce42b
### All Changes: ### All changes:
* remove tests and regex path checks (#9626)
* Fix incorrect annotation name in upstream hashing configuration (#9617)
* Release docs for Controller v1.6.3 and Helm v4.5.0 (#9614)
* Revert Implement pathType validation (#9511) (#9607)
* update history and allow to pass a target test (#9605)
* Allow to pass a target test (#9542)
* Replace deprecated command with environment file (#9581)
* build 1.6.2 to fix (#9569)
* add lint on chart before release (#9570)
* tcpproxy: increase buffer size to 16K (#9548)
* Move and spell-check Kubernetes 1.22 migration FAQ (#9544)
* Add CORS template check inside location for externalAuth.SignURL (#8814)
* fix(grafana-dashboard): remove hardcoded namespace references (#9523)
* Replace deprecated command with environment file (#9581)
* add lint on chart before release (#9570)
* Switch logic on path type validation and setting it to false (#9543)
* tcpproxy: increase buffer size to 16K (#9548)
* Move and spell-check Kubernetes 1.22 migration FAQ (#9544)
* Add CORS template check inside location for externalAuth.SignURL (#8814)
* fix(grafana-dashboard): remove hardcoded namespace references (#9523)
* Align default value for keepalive_request with NGINX default (#9518)
* feat(configmap): expose gzip-disable (#9505)
* Values: Add missing `controller.metrics.service.labels`. (#9501)
* Add docs about orphan_ingress metric (#9514)
* Add new prometheus metric for orphaned ingress (#8230)
* Sanitise request metrics in monitoring docs (#9384)
* Change default value of enable-brotli (#9500)
* feat: support topology aware hints (#9165)
* Remove 1.5.2 from readme (#9498)
* Remove nonexistent load flag from docker build commands (#9122)
* added option to disable sync event creation (#8528)
* Add buildResolvers to the stream module (#9184)
* fix: disable auth access logs (#9049)
* Adding ipdenylist annotation (#8795)
* Add update updateStrategy and minReadySeconds for defaultBackend (#8506)
* Fix indentation on serviceAccount annotation (#9129)
* Update monitoring.md (#9269)
* add github actions stale bot (#9439)
* Admission Webhooks/Job: Add `NetworkPolicy`. (#9218)
* update OpenTelemetry image (#9491)
* bump OpenTelemetry (#9489)
* Optional podman support (#9294)
* fix change images (#9463)
* move tests to gh actions (#9461)
* Automated Release Controller 1.5.2 (#9455)
* Add sslpassthrough tests (#9457)
* updated the link in RELEASE.md file (#9456)
* restart 1.5.2 release process (#9450) * restart 1.5.2 release process (#9450)
* Update command line arguments documentation (#9224) * Update command line arguments documentation (#9224)
* start release 1.5.2 (#9445) * start release 1.5.2 (#9445)
@ -20,24 +67,6 @@ Images:
* update the nginx run container for alpine:3.17.0 (#9430) * update the nginx run container for alpine:3.17.0 (#9430)
* cleanup: remove ioutil for new go version (#9427) * cleanup: remove ioutil for new go version (#9427)
* start upgrade to golang 1.19.4 and alpine 3.17.0 (#9417) * start upgrade to golang 1.19.4 and alpine 3.17.0 (#9417)
=======
* registry.k8s.io/controller:controller-v1.5.2@sha256:c1c091b88a6c936a83bd7g098v62f60a87868d12452529bad0d178fb36143346
* registry.k8s.io/controller-chroot:controller-v1.5.2@sha256:c1c091b88a6c936a83bd7b098662760a87868d12452529b350d178fb36147345
### All Changes:
<<<<<<< HEAD
>>>>>>> f4164ae0b (THE CHANGELOG WORKS)
=======
* upgrade nginx base image (#9436)
* test the new e2e test images (#9444)
* avoid builds and tests for non-code changes (#9392)
* CI updates (#9440)
* HPA: Add `controller.autoscaling.annotations` to `values.yaml`. (#9253)
* update the nginx run container for alpine:3.17.0 (#9430)
* cleanup: remove ioutil for new go version (#9427)
* start upgrade to golang 1.19.4 and alpine 3.17.0 (#9417)
>>>>>>> 9ecab7d85 (e2e doc updates work now)
* ci: remove setup-helm step (#9404) * ci: remove setup-helm step (#9404)
* ci: remove setup-kind step (#9401) * ci: remove setup-kind step (#9401)
* Add reporter for all tests (#9395) * Add reporter for all tests (#9395)
@ -62,7 +91,6 @@ Images:
* remove the configmap related permissions (#9310) * remove the configmap related permissions (#9310)
* remove hardcoded datasource from grafana dashboard (#9284) * remove hardcoded datasource from grafana dashboard (#9284)
* update gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b to 3.0.0 (#9277) * update gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b to 3.0.0 (#9277)
* Validate ingress path fields (#9309)
* added SAN to cert create command (#9295) * added SAN to cert create command (#9295)
* Missing controller.ingressClass (#9304) * Missing controller.ingressClass (#9304)
* OpenTelemetry static linking (#9286) * OpenTelemetry static linking (#9286)
@ -72,11 +100,19 @@ Images:
* PDB: Add `maxUnavailable`. (#9278) * PDB: Add `maxUnavailable`. (#9278)
* add containerSecurityContext to extraModules init containers (kubernetes#9016) (#9242) * add containerSecurityContext to extraModules init containers (kubernetes#9016) (#9242)
### Dependencies updates: ### Dependency updates:
<<<<<<< HEAD
<<<<<<< HEAD * Bump google.golang.org/grpc from 1.52.0 to 1.52.3 (#9555)
======= * Bump k8s.io/klog/v2 from 2.80.1 to 2.90.0 (#9553)
>>>>>>> 9ecab7d85 (e2e doc updates work now) * Bump sigs.k8s.io/controller-runtime from 0.13.1 to 0.14.2 (#9552)
* Bump google.golang.org/grpc from 1.51.0 to 1.52.0 (#9512)
* Bump `client-go` to remove dependence on go-autorest dependency (#9488)
* Bump google.golang.org/grpc from 1.52.0 to 1.52.3 (#9555)
* Bump k8s.io/klog/v2 from 2.80.1 to 2.90.0 (#9553)
* Bump sigs.k8s.io/controller-runtime from 0.13.1 to 0.14.2 (#9552)
* Bump google.golang.org/grpc from 1.51.0 to 1.52.0 (#9512)
* Bump `client-go` to remove dependence on go-autorest dependency (#9488)
* Bump golang.org/x/crypto from 0.4.0 to 0.5.0 (#9494)
* Bump golang.org/x/crypto from 0.3.0 to 0.4.0 (#9397) * Bump golang.org/x/crypto from 0.3.0 to 0.4.0 (#9397)
* Bump github.com/onsi/ginkgo/v2 from 2.6.0 to 2.6.1 (#9432) * Bump github.com/onsi/ginkgo/v2 from 2.6.0 to 2.6.1 (#9432)
* Bump github.com/onsi/ginkgo/v2 from 2.6.0 to 2.6.1 (#9421) * Bump github.com/onsi/ginkgo/v2 from 2.6.0 to 2.6.1 (#9421)
@ -85,11 +121,6 @@ Images:
* Bump goreleaser/goreleaser-action from 3.2.0 to 4.1.0 (#9426) * Bump goreleaser/goreleaser-action from 3.2.0 to 4.1.0 (#9426)
* Bump actions/dependency-review-action from 3.0.1 to 3.0.2 (#9424) * Bump actions/dependency-review-action from 3.0.1 to 3.0.2 (#9424)
* Bump ossf/scorecard-action from 2.0.6 to 2.1.0 (#9422) * Bump ossf/scorecard-action from 2.0.6 to 2.1.0 (#9422)
<<<<<<< HEAD
=======
>>>>>>> f4164ae0b (THE CHANGELOG WORKS)
=======
>>>>>>> 9ecab7d85 (e2e doc updates work now)
* Bump github.com/prometheus/common from 0.37.0 to 0.39.0 (#9416) * Bump github.com/prometheus/common from 0.37.0 to 0.39.0 (#9416)
* Bump github.com/onsi/ginkgo/v2 from 2.5.1 to 2.6.0 (#9408) * Bump github.com/onsi/ginkgo/v2 from 2.5.1 to 2.6.0 (#9408)
* Bump github.com/onsi/ginkgo/v2 from 2.5.1 to 2.6.0 (#9398) * Bump github.com/onsi/ginkgo/v2 from 2.5.1 to 2.6.0 (#9398)
@ -104,12 +135,4 @@ Images:
* Bump actions/dependency-review-action from 2.5.1 to 3.0.0 (#9301) * Bump actions/dependency-review-action from 2.5.1 to 3.0.0 (#9301)
* Bump k8s.io/component-base from 0.25.3 to 0.25.4 (#9300) * Bump k8s.io/component-base from 0.25.3 to 0.25.4 (#9300)
<<<<<<< HEAD **Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-controller-v1.5.1...controller-controller-v1.6.4
<<<<<<< HEAD
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-controller-v1.5.1...controller-controller-v1.5.2
=======
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-controller-v1.5.2...controller-controller-v1.5.1
>>>>>>> f4164ae0b (THE CHANGELOG WORKS)
=======
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-controller-v1.5.1...controller-controller-v1.5.2
>>>>>>> 9ecab7d85 (e2e doc updates work now)

80
changelog/controller-1.7.0.md Normal file
View file

@ -0,0 +1,80 @@
# Changelog
### 1.7.0
Images:
* registry.k8s.io/ingress-nginx/controller:v1.7.0@sha256:7612338342a1e7b8090bef78f2a04fffcadd548ccaabe8a47bf7758ff549a5f7
* registry.k8s.io/ingress-nginx/controller-chroot:v1.7.0@sha256:e84ef3b44c8efeefd8b0aa08770a886bfea1f04c53b61b4ba9a7204e9f1a7edc
### All changes:
* kick off 1.7.0 build (#9775)
* Update exposing-tcp-udp-services.md (#9777)
* feat: OpenTelemetry module integration (#9062)
* drop k8s 1.23 support (#9772)
* Fix canary-weight-total annotation ignored in rule backends (#9729)
* fix: controller psp's volume config (#9740)
* Fix several Helm YAML issues with extraModules and extraInitContainers (#9709)
* docs(helm): fix value key in readme for enabling certManager (#9640)
* updated digest and sha for e2e-test-echo (#9760)
* updated digest and sha for e2e-test-fastcgi-helloserver (#9759)
* updated digest and sha for opentelemetry (#9758)
* updated digest and sha for e2e-test-cfssl (#9757)
* updated kube-webhook-certgen digest and tags (#9756)
* updated nginx-error digest and tags (#9755)
* added upgrade ginkgo documentation for contributors (#9753)
* changes Makefile of echo folder to trigger code-build (#9754)
* Chart: Drop `controller.headers`, rework DH param secret. (#9659)
* updated NGINX_BASE image with latest tag (#9747)
* Deployment/DaemonSet: Label pods using `ingress-nginx.labels`. (#9732)
* bumped ginkgo to v2.9.0 (#9722)
* HPA: autoscaling/v2beta1 deprecated, bump apiVersion to v2 for defaultBackend (#9731)
* update to golang 1.20 (#9690)
* Indent values.yaml using 2 instead of 4 spaces (#9656)
* fix some comments (#9688)
* migrate mitchellh/hashstructure to v2 (#9651)
* changed v1.6.3 to v1.6.4 on deploy docs (#9647)
* controller: Don't panic when ready condition in a endpointslice is missing (#9550)
* Rework Ginkgo usage (#9522)
* code clean for fsnotify (#9571)
* Optimize the document for readability (#9551)
* sets.String is deprecated: use generic Set instead. new ways: s1 := Set[string]{} s2 := New[string]() (#9589)
* Adjust the import package order and use http library variables (#9587)
* Optimize the judgment mode to remove redundant transformations (#9588)
* Fix rewrite example (#9633)
* remove tests and regex path checks (#9626)
* Fix incorrect annotation name in upstream hashing configuration (#9617)
* Release docs for Controller v1.6.3 and Helm v4.5.0 (#9614)
### Dependency updates:
* Bump aquasecurity/trivy-action from 0.8.0 to 0.9.2 (#9767)
* Bump k8s.io/component-base from 0.26.2 to 0.26.3 (#9764)
* Bump actions/dependency-review-action from 3.0.3 to 3.0.4 (#9766)
* Bump actions/add-to-project from 0.4.0 to 0.4.1 (#9765)
* Bump actions/dependency-review-action from 3.0.2 to 3.0.3 (#9727)
* Bump github.com/prometheus/common from 0.41.0 to 0.42.0 (#9724)
* Bump golang.org/x/crypto from 0.6.0 to 0.7.0 (#9723)
* Bump actions/download-artifact from 3.0.1 to 3.0.2 (#9721)
* Bump goreleaser/goreleaser-action from 4.1.0 to 4.2.0 (#9718)
* Bump actions/upload-artifact from 3.1.1 to 3.1.2 (#9717)
* Bump docker/setup-buildx-action from 2.2.1 to 2.5.0 (#9719)
* Bump helm/chart-releaser-action from 1.4.1 to 1.5.0 (#9720)
* Bump github.com/onsi/ginkgo/v2 from 2.6.1 to 2.9.0 (#9695)
* Bump k8s.io/klog/v2 from 2.90.0 to 2.90.1 (#9694)
* Bump golang.org/x/crypto in /magefiles (#9691)
* Bump k8s.io/component-base from 0.26.1 to 0.26.2 (#9696)
* Bump github.com/prometheus/common from 0.40.0 to 0.41.0 (#9698)
* Bump sigs.k8s.io/controller-runtime from 0.14.2 to 0.14.5 (#9697)
* Bump golang.org/x/net in /magefiles (#9692)
* Bump golang.org/x/sys in /images/custom-error-pages/rootfs (#9671)
* Bump github.com/stretchr/testify from 1.8.1 to 1.8.2 (#9675)
* Bump github.com/prometheus/common from 0.39.0 to 0.40.0 (#9653)
* Bump golang.org/x/net from 0.6.0 to 0.7.0 (#9646)
* Bump golang.org/x/net in /images/kube-webhook-certgen/rootfs (#9645)
* Bump google.golang.org/grpc from 1.52.3 to 1.53.0 (#9610)
* Bump github.com/prometheus/client_golang (#9630)
* Bump golang.org/x/crypto from 0.5.0 to 0.6.0 (#9609)
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-controller-v1.6.3...controller-controller-v1.7.0

54
changelog/controller-1.7.1.md Normal file
View file

@ -0,0 +1,54 @@
# Changelog
### 1.7.1
Images:
* registry.k8s.io/ingress-nginx/controller:v1.7.1@sha256:7244b95ea47bddcb8267c1e625fb163fc183ef55448855e3ac52a7b260a60407
* registry.k8s.io/ingress-nginx/controller-chroot:v1.7.1@sha256:e35d5ab487861b9d419c570e3530589229224a0762c7b4d2e2222434abb8d988
### All changes:
* Update TAG - 1.7.1 (#9922)
* Update dependabot to watch docker images (#9600)
* [helm] Support custom port configuration for internal service (#9846)
* Add support for --container flag (#9703)
* Fix typo in OpenTelemetry (#9903)
* ensure make lua-test runs locally (#9902)
* update k8s.io dependecies to v0.26.4 (#9893)
* Adding resource type to default HPA configuration to resolve issues with Terraform helm chart usage (#9803)
* I have not been able to fulfill my maintainer responsibilities for a while already, making it official now. (#9883)
* Update k8s versions (#9879)
* README: Update `external-dns` link. (#9866)
* Fastcgi configmap should be on the same namespace of ingress (#9863)
* Deprecate and remove influxdb feature (#9861)
* Remove deprecated annotation secure-upstream (#9862)
* Exclude socket metrics (#9770)
* Chart: Improve `README.md`. (#9831)
* update all container tags with date and sha, upgrade all containers (#9834)
* updated NGINX_BASE image in project (#9829)
* ISO 8601 date format (#9682)
* Values: Fix indention of commented values. (#9812)
* The Ingress-Nginx project recently released version 1.7.0 of the controller, but the deployment documentation still referenced version 1.6.4. This commit updates the documentation to reference the latest version, ensuring that users have access to the most up-to-date information. Fixes#9787 (#9788)
### Dependency updates:
* Bump github.com/opencontainers/runc from 1.1.6 to 1.1.7 (#9912)
* Bump github.com/prometheus/client_golang from 1.14.0 to 1.15.0 (#9868)
* Bump aquasecurity/trivy-action from 0.9.2 to 0.10.0 (#9888)
* Bump github.com/opencontainers/runc from 1.1.5 to 1.1.6 (#9867)
* Bump actions/checkout from 3.5.0 to 3.5.2 (#9870)
* Bump golang.org/x/crypto from 0.7.0 to 0.8.0 (#9838)
* Bump github.com/spf13/cobra from 1.6.1 to 1.7.0 (#9839)
* Bump actions/add-to-project from 0.4.1 to 0.5.0 (#9840)
* Bump actions/checkout from 3.4.0 to 3.5.0 (#9798)
* Bump ossf/scorecard-action from 2.1.2 to 2.1.3 (#9823)
* Bump github.com/opencontainers/runc from 1.1.4 to 1.1.5 (#9806)
* Bump actions/stale from 7.0.0 to 8.0.0 (#9799)
* Bump rajatjindal/krew-release-bot from 0.0.43 to 0.0.46 (#9797)
* Bump actions/setup-go from 3.5.0 to 4.0.0 (#9796)
* Bump github.com/imdario/mergo from 0.3.13 to 0.3.15 (#9795)
* Bump google.golang.org/grpc from 1.53.0 to 1.54.0 (#9794)
* Bump sigs.k8s.io/controller-runtime from 0.14.5 to 0.14.6 (#9822)
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-controller-v1.7.0...controller-controller-v1.7.1

64
changelog/controller-1.8.0.md Normal file
View file

@ -0,0 +1,64 @@
# Changelog
### 1.8.0
Images:
* registry.k8s.io/ingress-nginx/controller:v1.8.0@sha256:744ae2afd433a395eeb13dc03d3313facba92e96ad71d9feaafc85925493fee3
* registry.k8s.io/ingress-nginx/controller-chroot:v1.8.0@sha256:a45e41cd2b7670adf829759878f512d4208d0aec1869dae593a0fecd09a5e49e
### Important changes:
* Validate path types (#9967)
* images: upgrade to Alpine 3.18 (#9997)
* Update documentation to reflect project name; Ingress-Nginx Controller
For improving security, our 1.8.0 release includes a [new, **optional** validation ](https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#strict-validate-path-type) that limits the characters accepted on ".spec paths.path" when pathType=Exact or athType=Prefix, to alphanumeric characters only.
More information can be found on our [Google doc](https://docs.google.com/document/d/1HPvaEwHRuMSkXYkVIJ-w7IpijKdHfNynm_4N2Akt0CQ/edit?usp=sharing), our new [ingress-nginx-dev mailing list](https://groups.google.com/a/kubernetes.io/g/ingress-nginx-dev/c/ebbBMo-zX-w) or in our [docs](https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#strict-validate-path-type)
### Community Updates
We are now posting updates and release to our twitter handle, [@IngressNginx](https://twitter.com/IngressNGINX) and
on our new [ingress-nginx-dev mailing list](https://groups.google.com/a/kubernetes.io/g/ingress-nginx-dev/c/ebbBMo-zX-w)
### All changes:
* Add legacy to OpenTelemetry migration doc (#10011)
* changed tagsha to recent builds (#10001)
* change to alpine318 baseimage (#10000)
* images: upgrade to Alpine 3.18 (#9997)
* openssl CVE fix (#9996)
* PodDisruptionBudget spec logic update (#9904)
* Admission warning (#9975)
* Add OPA examples on pathType restrictions (#9992)
* updated testrunner image tag+sha (#9987)
* bumped ginkgo to v2.9.5 (#9985)
* helm: Fix opentelemetry module installation for daemonset (#9792)
* OpenTelemetry default config (#9978)
* Correct annotations in monitoring docs (#9976)
* fix: avoid builds and tests for changes to markdown (#9962)
* Validate path types (#9967)
* HPA: Use capabilites & align manifests. (#9521)
* Use dl.k8s.io instead of hardcoded GCS URIs (#9946)
* add option for annotations in PodDisruptionBudget (#9843)
* chore: update httpbin to httpbun (#9919)
* image_update (#9942)
* Add geoname id value into $geoip2_*_geoname_id variables (#9527)
* Update annotations.md (#9933)
* Update charts/* to keep project name display aligned (#9931)
* Keep project name display aligned (#9920)
### Dependencies updates:
* Bump github.com/imdario/mergo from 0.3.15 to 0.3.16 (#10008)
* Bump github.com/prometheus/common from 0.43.0 to 0.44.0 (#10007)
* Bump k8s.io/klog/v2 from 2.90.1 to 2.100.1 (#9913)
* Bump github.com/onsi/ginkgo/v2 from 2.9.0 to 2.9.5 (#9980)
* Bump golang.org/x/crypto from 0.8.0 to 0.9.0 (#9982)
* Bump actions/setup-go from 4.0.0 to 4.0.1 (#9984)
* Bump securego/gosec from 2.15.0 to 2.16.0 (#9983)
* Bump github.com/prometheus/common from 0.42.0 to 0.43.0 (#9981)
* Bump github.com/prometheus/client_model from 0.3.0 to 0.4.0 (#9937)
* Bump google.golang.org/grpc from 1.54.0 to 1.55.0 (#9936)
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-controller-v1.7.1...controller-controller-v1.8.0

69
changelog/controller-1.8.1.md Normal file
View file

@ -0,0 +1,69 @@
# Changelog
### 1.8.1
Images:
* registry.k8s.io/ingress-nginx/controller:v1.8.1@sha256:e5c4824e7375fcf2a393e1c03c293b69759af37a9ca6abdb91b13d78a93da8bd
* registry.k8s.io/ingress-nginx/controller-chroot:v1.8.1@sha256:e0d4121e3c5e39de9122e55e331a32d5ebf8d4d257227cb93ab54a1b912a7627
### All changes:
* netlify: Only trigger preview when there are changes in docs. (#10144)
* changed to updated baseimage and reverted tag (#10143)
* Fix loadBalancerClass value (#10139)
* Added a doc line to the missing helm value service.internal.loadBalancerIP (#9406)
* Set grpc :authority header from request header (#8912)
* bump pinned golang to 1.20.5 (#10127)
* update test runner (#10125)
* chore: remove echo from snippet tests (#10110)
* Update typo in docs for lb scheme (#10117)
* golang 1.20.5 bump (#10120)
* feat(helm): Add loadBalancerClass (#9562)
* chore: remove echo friom canary tests (#10089)
* fix: obsolete warnings (#10029)
* docs: change Dockefile url ref main (#10087)
* Revert "Remove fastcgi feature" (#10081)
* docs: add netlify configuration (#10073)
* add distroless otel init (#10035)
* chore: move httpbun to be part of framework (#9955)
* Remove fastcgi feature (#9864)
* Fix mirror-target values without path separator and port (#9889)
* Adding feature to upgrade Oracle Cloud Infrastructure's Flexible Load Balancer and adjusting Health Check that were critical in the previous configuration (#9961)
* add support for keda fallback settings (#9993)
* unnecessary use of fmt.Sprint (S1039) (#10049)
* chore: pkg imported more than once (#10048)
* tracing: upgrade to dd-opentracing-cpp v1.3.7 (#10031)
* fix: add canary to sidebar in examples (#10068)
* docs: add lua testing documentation (#10060)
* docs: canary weighted deployments example (#10067)
* Update Internal Load Balancer docs (#10062)
* fix broken kubernetes.io/user-guide/ docs links (#10055)
* docs: Updated the content of deploy/rbac.md (#10054)
* ensured hpa mem spec before cpu spec (#10043)
* Fix typo in controller_test (#10034)
* chore(dep): upgrade github.com/emicklei/go-restful/v3 to 3.10 (#10028)
* Upgrade to Golang 1.20.4 (#10016)
* perf: avoid unnecessary byte/string conversion (#10012)
* added note on dns for localtesting (#10021)
* added helmshowvalues example (#10019)
* release controller 1.8.0 and chart 4.7.0 (#10017)
### Dependency updates:
* Bump ossf/scorecard-action from 2.1.3 to 2.2.0 (#10133)
* Bump google.golang.org/grpc from 1.56.0 to 1.56.1 (#10134)
* Bump github.com/prometheus/client_golang from 1.15.1 to 1.16.0 (#10106)
* Bump golang.org/x/crypto from 0.9.0 to 0.10.0 (#10105)
* Bump google.golang.org/grpc from 1.55.0 to 1.56.0 (#10103)
* Bump goreleaser/goreleaser-action from 4.2.0 to 4.3.0 (#10101)
* Bump docker/setup-buildx-action from 2.6.0 to 2.7.0 (#10102)
* Bump actions/checkout from 3.5.2 to 3.5.3 (#10076)
* Bump docker/setup-qemu-action from 2.1.0 to 2.2.0 (#10075)
* Bump aquasecurity/trivy-action from 0.10.0 to 0.11.2 (#10078)
* Bump docker/setup-buildx-action from 2.5.0 to 2.6.0 (#10077)
* Bump actions/dependency-review-action from 3.0.4 to 3.0.6 (#10042)
* Bump github.com/stretchr/testify from 1.8.3 to 1.8.4 (#10041)
* Bump github.com/stretchr/testify from 1.8.2 to 1.8.3 (#10005)
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-controller-v1.8.0...controller-controller-v1.8.1

19
changelog/controller-1.8.2.md Normal file
View file

@ -0,0 +1,19 @@
# Changelog
### 1.8.2
Images:
* registry.k8s.io/ingress-nginx/controller:v1.8.2@sha256:74834d3d25b336b62cabeb8bf7f1d788706e2cf1cfd64022de4137ade8881ff2
* registry.k8s.io/ingress-nginx/controller-chroot:v1.8.2@sha256:1317a563219f755a6094d990057c78e5c4dcea5e31f4ce1db8641e732a7d6133
### All changes:
* Release v1.8.2 and Update Go to v1.21.1 (#10379)
* Making auth access logs optional (#10380)
* [release-1.8] Disable Modsecurity from internal processing which affects large ingresses (#10375)
* promote distroless otel init image (#10270)
* [release-1.8] Update images tags after adding git data in gcloud (#10233)
* [release-1.8] Golang 1.20.6 for test runner (#10231)
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-controller-v1.8.1...controller-controller-v1.8.2

95
changelog/controller-1.9.0-beta.0.md Normal file
View file

@ -0,0 +1,95 @@
# Changelog
### 1.9.0-beta.0
Images:
* registry.k8s.io/ingress-nginx/controller:v1.9.0-beta.0@sha256:531377e4cc9dc62af40d742402222603259673f5a755a64d74122f256dfad8f9
* registry.k8s.io/ingress-nginx/controller-chroot:v1.9.0-beta.0@sha256:60b4c95349ce2a81a3b2a76423ee483b847b89d3fa8cb148468434f606f3fa0c
### All changes:
* Rework mage (#10418)
* Start release of v1.9.0 beta0 (#10407)
* Update k8s versions on CI (#10406)
* Add a flag to enable or disable aio_write (#10394)
* Update external-articles.md - advanced setup with GKE/Cloud Armor/IAP (#10372)
* Fix e2e test suite doc (#10396)
* Disable user snippets per default (#10393)
* Deployment/DaemonSet: Fix templating & value. (#10240)
* Fix deferInLoop error (#10387)
* Remove gofmt (#10385)
* Deployment/DaemonSet: Template `topologySpreadConstraints`. (#10259)
* release notes 1.8.2 (#10389)
* fix: remove curl on base container #9716 (#10306)
* Fix http default backend test (#10382)
* Add golangci github action and replace the deprecated golint (#10187)
* BUGFIX incorrect indentation (#10254)
* Upgrade OpenTelemetry to v1.11.0 and gRPC to v1.57.0 (#10352)
* fix: path with sepecial characters warning #10281 #10308 (#10330)
* Fix golangci-lint errors (#10196)
* chore(build): Fix Run make dev-env syntax error (#10294)
* Add firewall configuration to quick start documentation (#10357)
* Making auth access logs optional (#10335)
* Fix “dev-env” Makefile target to work with kubectl 1.28+ (#10350)
* fix: update action file to auto release plugin #10197 (#10321)
* Use gzip instead of pigz in CI (#10348)
* Disable Modsecurity from internal processing which affects large ingresses (#10316)
* fix: add /etc/mime.types #10309 (#10310)
* Remove curl dependencies in e2e tests #9716 (#10296)
* docs: swap explanation to match example (#10220)
* ci(helm): fix Helm Chart release action 422 error (#10237)
* helm: Use .Release.Namespace as default for ServiceMonitor namespace (#10249)
* Updated index.md - Fix typos (#10256)
* Handle request_id variable correctly in auth requests (#9219)
* test kind updates (#10272)
* promote distroless otel init image (#10257)
* [helm] configure allow to configure hostAliases (#10180)
* Add rolling update strategy to each static deployment file (#10129)
* Implement annotation validation (#9673)
* Golang 1.20.6 for test runner (#10230)
* [helm] pass service annotations through helm tpl engine (#10084)
* Ignore deployment template's replicas if KEDA is enabled (#9534)
* chore: bump OpenResty to v1.21.4.2 (#10219)
* Scanning port 10247 lead to tcp connection 502 error (#9815)
* revise Datadog trace sampling configuration (#10151)
* Clarify TCP/UDP service docs (#10146)
* Exposed continent data as variable in the case of Maxmind city files (#10157)
* Cleanup errcheck code (#10166)
* Fix golang-ci linter errors (#10128)
* Deprecate and remove AJP support (#10158)
* release notes 1.8.1 (#10161)
### Dependency updates:
* Bump github.com/onsi/ginkgo/v2 from 2.9.5 to 2.12.0 (#10355)
* Bump golang.org/x/crypto from 0.12.0 to 0.13.0 (#10399)
* Bump actions/setup-go from 4.0.1 to 4.1.0 (#10403)
* Bump goreleaser/goreleaser-action from 4.4.0 to 4.6.0 (#10402)
* Bump actions/upload-artifact from 3.1.2 to 3.1.3 (#10404)
* Bump golangci/golangci-lint-action from 3.6.0 to 3.7.0 (#10400)
* Bump google.golang.org/grpc from 1.57.0 to 1.58.0 (#10398)
* Bump actions/dependency-review-action from 3.0.8 to 3.1.0 (#10401)
* Bump github.com/cyphar/filepath-securejoin from 0.2.3 to 0.2.4 (#10373)
* Bump github.com/cyphar/filepath-securejoin in /magefiles (#10374)
* Bump Go version to 1.21.1 (#10377)
* Bump Go version to 1.21.1 on testrunner (#10378)
* Bump aquasecurity/trivy-action from 0.11.2 to 0.12.0 (#10365)
* Bump docker/setup-buildx-action from 2.9.1 to 2.10.0 (#10353)
* Bump actions/checkout from 3.5.3 to 3.6.0 (#10354)
* Bump actions/dependency-review-action from 3.0.6 to 3.0.8 (#10333)
* Bump actions/setup-go from 4.0.1 to 4.1.0 (#10313)
* Bump securego/gosec from 2.16.0 to 2.17.0 (#10332)
* Bump goreleaser/goreleaser-action from 4.3.0 to 4.4.0 (#10314)
* Bump github.com/opencontainers/runc from 1.1.8 to 1.1.9 (#10298)
* Bump k8s.io/component-base from 0.26.4 to 0.27.4 (Replace Topology Aware Hints with Topology Aware Routing) (#10282)
* Bump google.golang.org/grpc from 1.56.2 to 1.57.0 (#10258)
* Bump golang.org/x/crypto from 0.11.0 to 0.12.0 (#10280)
* Bump github.com/opencontainers/runc from 1.1.7 to 1.1.8 (#10244)
* Bump google.golang.org/grpc from 1.56.1 to 1.56.2 (#10193)
* Bump docker/setup-buildx-action from 2.9.0 to 2.9.1 (#10207)
* Bump golang.org/x/crypto from 0.10.0 to 0.11.0 (#10192)
* Bump docker/setup-buildx-action from 2.8.0 to 2.9.0 (#10191)
* Bump docker/setup-buildx-action from 2.7.0 to 2.8.0 (#10165)
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-release-1.8...controller-controller-v1.9.0-beta.0

95
changelog/controller-1.9.0.md Normal file
View file

@ -0,0 +1,95 @@
# Changelog
### 1.9.0
Images:
* registry.k8s.io/ingress-nginx/controller:v1.9.0@sha256:c15d1a617858d90fb8f8a2dd60b0676f2bb85c54e3ed11511794b86ec30c8c60
* registry.k8s.io/ingress-nginx/controller-chroot:v1.9.0@sha256:d9fa7a136de2104fb2ecfcf1666978bfab927f4a125b75c0fb471e6104366ab5
### All changes:
* Rework mage (#10418)
* Start release of v1.9.0 beta0 (#10407)
* Update k8s versions on CI (#10406)
* Add a flag to enable or disable aio_write (#10394)
* Update external-articles.md - advanced setup with GKE/Cloud Armor/IAP (#10372)
* Fix e2e test suite doc (#10396)
* Disable user snippets per default (#10393)
* Deployment/DaemonSet: Fix templating & value. (#10240)
* Fix deferInLoop error (#10387)
* Remove gofmt (#10385)
* Deployment/DaemonSet: Template `topologySpreadConstraints`. (#10259)
* release notes 1.8.2 (#10389)
* fix: remove curl on base container #9716 (#10306)
* Fix http default backend test (#10382)
* Add golangci github action and replace the deprecated golint (#10187)
* BUGFIX incorrect indentation (#10254)
* Upgrade OpenTelemetry to v1.11.0 and gRPC to v1.57.0 (#10352)
* fix: path with sepecial characters warning #10281 #10308 (#10330)
* Fix golangci-lint errors (#10196)
* chore(build): Fix Run make dev-env syntax error (#10294)
* Add firewall configuration to quick start documentation (#10357)
* Making auth access logs optional (#10335)
* Fix “dev-env” Makefile target to work with kubectl 1.28+ (#10350)
* fix: update action file to auto release plugin #10197 (#10321)
* Use gzip instead of pigz in CI (#10348)
* Disable Modsecurity from internal processing which affects large ingresses (#10316)
* fix: add /etc/mime.types #10309 (#10310)
* Remove curl dependencies in e2e tests #9716 (#10296)
* docs: swap explanation to match example (#10220)
* ci(helm): fix Helm Chart release action 422 error (#10237)
* helm: Use .Release.Namespace as default for ServiceMonitor namespace (#10249)
* Updated index.md - Fix typos (#10256)
* Handle request_id variable correctly in auth requests (#9219)
* test kind updates (#10272)
* promote distroless otel init image (#10257)
* [helm] configure allow to configure hostAliases (#10180)
* Add rolling update strategy to each static deployment file (#10129)
* Implement annotation validation (#9673)
* Golang 1.20.6 for test runner (#10230)
* [helm] pass service annotations through helm tpl engine (#10084)
* Ignore deployment template's replicas if KEDA is enabled (#9534)
* chore: bump OpenResty to v1.21.4.2 (#10219)
* Scanning port 10247 lead to tcp connection 502 error (#9815)
* revise Datadog trace sampling configuration (#10151)
* Clarify TCP/UDP service docs (#10146)
* Exposed continent data as variable in the case of Maxmind city files (#10157)
* Cleanup errcheck code (#10166)
* Fix golang-ci linter errors (#10128)
* Deprecate and remove AJP support (#10158)
* release notes 1.8.1 (#10161)
### Dependency updates:
* Bump github.com/onsi/ginkgo/v2 from 2.9.5 to 2.12.0 (#10355)
* Bump golang.org/x/crypto from 0.12.0 to 0.13.0 (#10399)
* Bump actions/setup-go from 4.0.1 to 4.1.0 (#10403)
* Bump goreleaser/goreleaser-action from 4.4.0 to 4.6.0 (#10402)
* Bump actions/upload-artifact from 3.1.2 to 3.1.3 (#10404)
* Bump golangci/golangci-lint-action from 3.6.0 to 3.7.0 (#10400)
* Bump google.golang.org/grpc from 1.57.0 to 1.58.0 (#10398)
* Bump actions/dependency-review-action from 3.0.8 to 3.1.0 (#10401)
* Bump github.com/cyphar/filepath-securejoin from 0.2.3 to 0.2.4 (#10373)
* Bump github.com/cyphar/filepath-securejoin in /magefiles (#10374)
* Bump Go version to 1.21.1 (#10377)
* Bump Go version to 1.21.1 on testrunner (#10378)
* Bump aquasecurity/trivy-action from 0.11.2 to 0.12.0 (#10365)
* Bump docker/setup-buildx-action from 2.9.1 to 2.10.0 (#10353)
* Bump actions/checkout from 3.5.3 to 3.6.0 (#10354)
* Bump actions/dependency-review-action from 3.0.6 to 3.0.8 (#10333)
* Bump actions/setup-go from 4.0.1 to 4.1.0 (#10313)
* Bump securego/gosec from 2.16.0 to 2.17.0 (#10332)
* Bump goreleaser/goreleaser-action from 4.3.0 to 4.4.0 (#10314)
* Bump github.com/opencontainers/runc from 1.1.8 to 1.1.9 (#10298)
* Bump k8s.io/component-base from 0.26.4 to 0.27.4 (Replace Topology Aware Hints with Topology Aware Routing) (#10282)
* Bump google.golang.org/grpc from 1.56.2 to 1.57.0 (#10258)
* Bump golang.org/x/crypto from 0.11.0 to 0.12.0 (#10280)
* Bump github.com/opencontainers/runc from 1.1.7 to 1.1.8 (#10244)
* Bump google.golang.org/grpc from 1.56.1 to 1.56.2 (#10193)
* Bump docker/setup-buildx-action from 2.9.0 to 2.9.1 (#10207)
* Bump golang.org/x/crypto from 0.10.0 to 0.11.0 (#10192)
* Bump docker/setup-buildx-action from 2.8.0 to 2.9.0 (#10191)
* Bump docker/setup-buildx-action from 2.7.0 to 2.8.0 (#10165)
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-release-1.8...controller-controller-v1.9.0

21
changelog/controller-1.9.1.md Normal file
View file

@ -0,0 +1,21 @@
# Changelog
### 1.9.1
Images:
* registry.k8s.io/ingress-nginx/controller:v1.9.1@sha256:605a737877de78969493a4b1213b21de4ee425d2926906857b98050f57a95b25
* registry.k8s.io/ingress-nginx/controller-chroot:v1.9.1@sha256:2ac744ef08850ee86ad7162451a6879f47c1a41c6a757f6b6f913c52103b8836
### All changes:
* upgrade owasp modsecurity core rule set to v3.3.5 (#10437)
* Start v1.9.1 release (#10463)
* Accept backend protocol on any case (#10461)
* Chart: Rework network policies. (#10438)
### Dependency updates:
* Bump google.golang.org/grpc from 1.58.0 to 1.58.1 (#10436)
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-controller-v1.9.0...controller-controller-v1.9.1

29
changelog/controller-1.9.3.md Normal file
View file

@ -0,0 +1,29 @@
# Changelog
### 1.9.3
Images:
* registry.k8s.io/ingress-nginx/controller:v1.9.3@sha256:8fd21d59428507671ce0fb47f818b1d859c92d2ad07bb7c947268d433030ba98
* registry.k8s.io/ingress-nginx/controller-chroot:v1.9.3@sha256:df4931fd6859fbf1a71e785f02a44b2f9a16f010ae852c442e9bb779cbefdc86
### All changes:
* update nginx base, httpbun, e2e, helm webhook cert gen (#10506)
* added warning for configuration-snippets usage (#10492)
* Remove legacy GeoIP from controller (#10495)
* add upstream patch for CVE-2023-44487 (#10494)
* Revert "Remove curl from nginx base image (#10477)" (#10479)
* update error and otel to have all the arch we support (#10476)
* Remove curl from nginx base image (#10477)
### Dependency updates:
* Bump x/net (#10514)
* Bump curl and Go version (#10503)
* Bump google.golang.org/grpc from 1.58.2 to 1.58.3 (#10496)
* Bump github.com/prometheus/client_model (#10486)
* Bump ossf/scorecard-action from 2.2.0 to 2.3.0 (#10487)
* Bump golang.org/x/crypto from 0.13.0 to 0.14.0 (#10485)
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-controller-v1.9.1...controller-controller-v1.9.3

14
changelog/controller-1.9.4.md Normal file
View file

@ -0,0 +1,14 @@
# Changelog
### 1.9.4
Images:
* registry.k8s.io/ingress-nginx/controller:v1.9.4@sha256:5b161f051d017e55d358435f295f5e9a297e66158f136321d9b04520ec6c48a3
* registry.k8s.io/ingress-nginx/controller-chroot:v1.9.4@sha256:5976b1067cfbca8a21d0ba53d71f83543a73316a61ea7f7e436d6cf84ddf9b26
### All changes:
* Cherry pick fcgi fix and release v1.9.4 (#10544)
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-controller-v1.9.3...controller-controller-v1.9.4

37
changelog/controller-1.9.5.md Normal file
View file

@ -0,0 +1,37 @@
# Changelog
### controller-v1.9.5
Images:
* registry.k8s.io/ingress-nginx/controller:v1.9.5@sha256:b3aba22b1da80e7acfc52b115cae1d4c687172cbf2b742d5b502419c25ff340e
* registry.k8s.io/ingress-nginx/controller-chroot:v1.9.5@sha256:9a8d7b25a846a6461cd044b9aea9cf6cad972bcf2e64d9fd246c0279979aad2d
### All changes:
* update nginx build (#10781)
* update images from golang upgrade (#10762)
* fix: remove tcpproxy copy error handling (#10715)
* Ignore fake certificate for NGINXCertificateExpiry (#10694)
* Comment NGINXCertificateExpiry alert label matcher (#10692)
* chart: allow setting allocateLoadBalancerNodePorts (#10693)
* [release-1.9] feat(helm): add documentation about metric args (#10695)
* chore(dep): change lua-resty-cookie's repo (#10691)
* annotation validation - extended URLWithNginxVariableRegex from alphaNumericChars to extendedAlphaNumeric (#10656)
* fix: adjust unfulfillable validation check for session-cookie-samesite annotation (#10604)
* fix: Validate x-forwarded-prefix annotation with RegexPathWithCapture (#10603)
* Increase HSTS max-age to default to one year (#10580)
* [release-1.9] update nginx base, httpbun, e2e, helm webhook cert gen (#10507)
* [release-1.9] add upstream patch for CVE-2023-44487 (#10499)
* fix brotli build issues (#10468)
* upgrade owasp modsecurity core rule set to v3.3.5 (#10437)
* Accept backend protocol on any case (#10461)
* Chart: Rework network policies. (#10438)
* Rework mage (#10418)
### Dependency updates:
* Bump x/net (#10517)
* Bump google.golang.org/grpc from 1.58.0 to 1.58.1 (#10436)
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-v1.9.4...controller-v1.9.5

21
changelog/controller-1.9.6.md Normal file
View file

@ -0,0 +1,21 @@
# Changelog
### controller-v1.9.6
Images:
* registry.k8s.io/ingress-nginx/controller:v1.9.6@sha256:1405cc613bd95b2c6edd8b2a152510ae91c7e62aea4698500d23b2145960ab9c
* registry.k8s.io/ingress-nginx/controller-chroot:v1.9.6@sha256:7eb46ff733429e0e46892903c7394aff149ac6d284d92b3946f3baf7ff26a096
### All changes:
* update web hook cert gen to latest release v20231226-1a7112e06
* annotation validation: validate regex in common name annotation (#10880)
* change MODSECURITY_VERSION_LIB to 3.0.11 (#10879)
* Include SECLEVEL and STRENGTH as part of ssl-cipher list validation (#10871)
### Dependency updates:
* Bump github.com/opencontainers/runc from 1.1.10 to 1.1.11 (#10878)
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-v1.9.5...controller-v1.9.6

22
changelog/controller.md.gotmpl Normal file
View file

@ -0,0 +1,22 @@
# Changelog
### {{ .NewControllerVersion }}
{{ with .ControllerImages }}
Images:
{{ range . }}
* {{ .Registry }}/{{ .Name }}:{{ .Tag}}@{{ .Digest }}
{{- end }}
{{ end }}
{{- with .Updates }}
### All changes:
{{ range . }}
* {{ . }}
{{- end }}
{{ end }}
{{- with .DepUpdates }}
### Dependency updates:
{{ range . }}
* {{ . }}
{{- end }}
{{ end }}
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/{{ .PreviousControllerVersion }}...{{ .NewControllerVersion }}

1
charts/ingress-nginx/.helmignore
View file

@ -20,3 +20,4 @@
.idea/ .idea/
*.tmproj *.tmproj
.vscode/ .vscode/
__snapshot__

460
charts/ingress-nginx/CHANGELOG.md
View file

@ -1,460 +0,0 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 4.4.0
* Adding support for disabling liveness and readiness probes to the Helm chart by @njegosrailic in https://github.com/kubernetes/ingress-nginx/pull/9238
* add:(admission-webhooks) ability to set securityContext by @ybelMekk in https://github.com/kubernetes/ingress-nginx/pull/9186
* #7652 - Updated Helm chart to use the fullname for the electionID if not specified. by @FutureMatt in https://github.com/kubernetes/ingress-nginx/pull/9133
* Rename controller-wehbooks-networkpolicy.yaml. by @Gacko in https://github.com/kubernetes/ingress-nginx/pull/9123
### 4.3.0
- Support for Kubernetes v.1.25.0 was added and support for endpoint slices
- Support for Kubernetes v1.20.0 and v1.21.0 was removed
- [8890](https://github.com/kubernetes/ingress-nginx/pull/8890) migrate to endpointslices
- [9059](https://github.com/kubernetes/ingress-nginx/pull/9059) kubewebhookcertgen sha change after go1191
- [9046](https://github.com/kubernetes/ingress-nginx/pull/9046) Parameterize metrics port name
- [9104](https://github.com/kubernetes/ingress-nginx/pull/9104) Fix yaml formatting error with multiple annotations
### 4.2.1
- The sha of kube-webhook-certgen image & the opentelemetry image, in values file, was changed to new images built on alpine-v3.16.1
- "[8896](https://github.com/kubernetes/ingress-nginx/pull/8896) updated to new images built today"
### 4.2.0
- Support for Kubernetes v1.19.0 was removed
- "[8810](https://github.com/kubernetes/ingress-nginx/pull/8810) Prepare for v1.3.0"
- "[8808](https://github.com/kubernetes/ingress-nginx/pull/8808) revert arch var name"
- "[8805](https://github.com/kubernetes/ingress-nginx/pull/8805) Bump k8s.io/klog/v2 from 2.60.1 to 2.70.1"
- "[8803](https://github.com/kubernetes/ingress-nginx/pull/8803) Update to nginx base with alpine v3.16"
- "[8802](https://github.com/kubernetes/ingress-nginx/pull/8802) chore: start v1.3.0 release process"
- "[8798](https://github.com/kubernetes/ingress-nginx/pull/8798) Add v1.24.0 to test matrix"
- "[8796](https://github.com/kubernetes/ingress-nginx/pull/8796) fix: add MAC_OS variable for static-check"
- "[8793](https://github.com/kubernetes/ingress-nginx/pull/8793) changed to alpine-v3.16"
- "[8781](https://github.com/kubernetes/ingress-nginx/pull/8781) Bump github.com/stretchr/testify from 1.7.5 to 1.8.0"
- "[8778](https://github.com/kubernetes/ingress-nginx/pull/8778) chore: remove stable.txt from release process"
- "[8775](https://github.com/kubernetes/ingress-nginx/pull/8775) Remove stable"
- "[8773](https://github.com/kubernetes/ingress-nginx/pull/8773) Bump github/codeql-action from 2.1.14 to 2.1.15"
- "[8772](https://github.com/kubernetes/ingress-nginx/pull/8772) Bump ossf/scorecard-action from 1.1.1 to 1.1.2"
- "[8771](https://github.com/kubernetes/ingress-nginx/pull/8771) fix bullet md format"
- "[8770](https://github.com/kubernetes/ingress-nginx/pull/8770) Add condition for monitoring.coreos.com/v1 API"
- "[8769](https://github.com/kubernetes/ingress-nginx/pull/8769) Fix typos and add links to developer guide"
- "[8767](https://github.com/kubernetes/ingress-nginx/pull/8767) change v1.2.0 to v1.2.1 in deploy doc URLs"
- "[8765](https://github.com/kubernetes/ingress-nginx/pull/8765) Bump github/codeql-action from 1.0.26 to 2.1.14"
- "[8752](https://github.com/kubernetes/ingress-nginx/pull/8752) Bump github.com/spf13/cobra from 1.4.0 to 1.5.0"
- "[8751](https://github.com/kubernetes/ingress-nginx/pull/8751) Bump github.com/stretchr/testify from 1.7.2 to 1.7.5"
- "[8750](https://github.com/kubernetes/ingress-nginx/pull/8750) added announcement"
- "[8740](https://github.com/kubernetes/ingress-nginx/pull/8740) change sha e2etestrunner and echoserver"
- "[8738](https://github.com/kubernetes/ingress-nginx/pull/8738) Update docs to make it easier for noobs to follow step by step"
- "[8737](https://github.com/kubernetes/ingress-nginx/pull/8737) updated baseimage sha"
- "[8736](https://github.com/kubernetes/ingress-nginx/pull/8736) set ld-musl-path"
- "[8733](https://github.com/kubernetes/ingress-nginx/pull/8733) feat: migrate leaderelection lock to leases"
- "[8726](https://github.com/kubernetes/ingress-nginx/pull/8726) prometheus metric: upstream_latency_seconds"
- "[8720](https://github.com/kubernetes/ingress-nginx/pull/8720) Ci pin deps"
- "[8719](https://github.com/kubernetes/ingress-nginx/pull/8719) Working OpenTelemetry sidecar (base nginx image)"
- "[8714](https://github.com/kubernetes/ingress-nginx/pull/8714) Create Openssf scorecard"
- "[8708](https://github.com/kubernetes/ingress-nginx/pull/8708) Bump github.com/prometheus/common from 0.34.0 to 0.35.0"
- "[8703](https://github.com/kubernetes/ingress-nginx/pull/8703) Bump actions/dependency-review-action from 1 to 2"
- "[8701](https://github.com/kubernetes/ingress-nginx/pull/8701) Fix several typos"
- "[8699](https://github.com/kubernetes/ingress-nginx/pull/8699) fix the gosec test and a make target for it"
- "[8698](https://github.com/kubernetes/ingress-nginx/pull/8698) Bump actions/upload-artifact from 2.3.1 to 3.1.0"
- "[8697](https://github.com/kubernetes/ingress-nginx/pull/8697) Bump actions/setup-go from 2.2.0 to 3.2.0"
- "[8695](https://github.com/kubernetes/ingress-nginx/pull/8695) Bump actions/download-artifact from 2 to 3"
- "[8694](https://github.com/kubernetes/ingress-nginx/pull/8694) Bump crazy-max/ghaction-docker-buildx from 1.6.2 to 3.3.1"
### 4.1.2
- "[8587](https://github.com/kubernetes/ingress-nginx/pull/8587) Add CAP_SYS_CHROOT to DS/PSP when needed"
- "[8458](https://github.com/kubernetes/ingress-nginx/pull/8458) Add portNamePreffix Helm chart parameter"
- "[8522](https://github.com/kubernetes/ingress-nginx/pull/8522) Add documentation for controller.service.loadBalancerIP in Helm chart"
### 4.1.0
- "[8481](https://github.com/kubernetes/ingress-nginx/pull/8481) Fix log creation in chroot script"
- "[8479](https://github.com/kubernetes/ingress-nginx/pull/8479) changed nginx base img tag to img built with alpine3.14.6"
- "[8478](https://github.com/kubernetes/ingress-nginx/pull/8478) update base images and protobuf gomod"
- "[8468](https://github.com/kubernetes/ingress-nginx/pull/8468) Fallback to ngx.var.scheme for redirectScheme with use-forward-headers when X-Forwarded-Proto is empty"
- "[8456](https://github.com/kubernetes/ingress-nginx/pull/8456) Implement object deep inspector"
- "[8455](https://github.com/kubernetes/ingress-nginx/pull/8455) Update dependencies"
- "[8454](https://github.com/kubernetes/ingress-nginx/pull/8454) Update index.md"
- "[8447](https://github.com/kubernetes/ingress-nginx/pull/8447) typo fixing"
- "[8446](https://github.com/kubernetes/ingress-nginx/pull/8446) Fix suggested annotation-value-word-blocklist"
- "[8444](https://github.com/kubernetes/ingress-nginx/pull/8444) replace deprecated topology key in example with current one"
- "[8443](https://github.com/kubernetes/ingress-nginx/pull/8443) Add dependency review enforcement"
- "[8434](https://github.com/kubernetes/ingress-nginx/pull/8434) added new auth-tls-match-cn annotation"
- "[8426](https://github.com/kubernetes/ingress-nginx/pull/8426) Bump github.com/prometheus/common from 0.32.1 to 0.33.0"
### 4.0.18
- "[8291](https://github.com/kubernetes/ingress-nginx/pull/8291) remove git tag env from cloud build"
- "[8286](https://github.com/kubernetes/ingress-nginx/pull/8286) Fix OpenTelemetry sidecar image build"
- "[8277](https://github.com/kubernetes/ingress-nginx/pull/8277) Add OpenSSF Best practices badge"
- "[8273](https://github.com/kubernetes/ingress-nginx/pull/8273) Issue#8241"
- "[8267](https://github.com/kubernetes/ingress-nginx/pull/8267) Add fsGroup value to admission-webhooks/job-patch charts"
- "[8262](https://github.com/kubernetes/ingress-nginx/pull/8262) Updated confusing error"
- "[8256](https://github.com/kubernetes/ingress-nginx/pull/8256) fix: deny locations with invalid auth-url annotation"
- "[8253](https://github.com/kubernetes/ingress-nginx/pull/8253) Add a certificate info metric"
- "[8236](https://github.com/kubernetes/ingress-nginx/pull/8236) webhook: remove useless code."
- "[8227](https://github.com/kubernetes/ingress-nginx/pull/8227) Update libraries in webhook image"
- "[8225](https://github.com/kubernetes/ingress-nginx/pull/8225) fix inconsistent-label-cardinality for prometheus metrics: nginx_ingress_controller_requests"
- "[8221](https://github.com/kubernetes/ingress-nginx/pull/8221) Do not validate ingresses with unknown ingress class in admission webhook endpoint"
- "[8210](https://github.com/kubernetes/ingress-nginx/pull/8210) Bump github.com/prometheus/client_golang from 1.11.0 to 1.12.1"
- "[8209](https://github.com/kubernetes/ingress-nginx/pull/8209) Bump google.golang.org/grpc from 1.43.0 to 1.44.0"
- "[8204](https://github.com/kubernetes/ingress-nginx/pull/8204) Add Artifact Hub lint"
- "[8203](https://github.com/kubernetes/ingress-nginx/pull/8203) Fix Indentation of example and link to cert-manager tutorial"
- "[8201](https://github.com/kubernetes/ingress-nginx/pull/8201) feat(metrics): add path and method labels to requests countera"
- "[8199](https://github.com/kubernetes/ingress-nginx/pull/8199) use functional options to reduce number of methods creating an EchoDeployment"
- "[8196](https://github.com/kubernetes/ingress-nginx/pull/8196) docs: fix inconsistent controller annotation"
- "[8191](https://github.com/kubernetes/ingress-nginx/pull/8191) Using Go install for misspell"
- "[8186](https://github.com/kubernetes/ingress-nginx/pull/8186) prometheus+grafana using servicemonitor"
- "[8185](https://github.com/kubernetes/ingress-nginx/pull/8185) Append elements on match, instead of removing for cors-annotations"
- "[8179](https://github.com/kubernetes/ingress-nginx/pull/8179) Bump github.com/opencontainers/runc from 1.0.3 to 1.1.0"
- "[8173](https://github.com/kubernetes/ingress-nginx/pull/8173) Adding annotations to the controller service account"
- "[8163](https://github.com/kubernetes/ingress-nginx/pull/8163) Update the $req_id placeholder description"
- "[8162](https://github.com/kubernetes/ingress-nginx/pull/8162) Versioned static manifests"
- "[8159](https://github.com/kubernetes/ingress-nginx/pull/8159) Adding some geoip variables and default values"
- "[8155](https://github.com/kubernetes/ingress-nginx/pull/8155) #7271 feat: avoid-pdb-creation-when-default-backend-disabled-and-replicas-gt-1"
- "[8151](https://github.com/kubernetes/ingress-nginx/pull/8151) Automatically generate helm docs"
- "[8143](https://github.com/kubernetes/ingress-nginx/pull/8143) Allow to configure delay before controller exits"
- "[8136](https://github.com/kubernetes/ingress-nginx/pull/8136) add ingressClass option to helm chart - back compatibility with ingress.class annotations"
- "[8126](https://github.com/kubernetes/ingress-nginx/pull/8126) Example for JWT"
### 4.0.15
- [8120] https://github.com/kubernetes/ingress-nginx/pull/8120 Update go in runner and release v1.1.1
- [8119] https://github.com/kubernetes/ingress-nginx/pull/8119 Update to go v1.17.6
- [8118] https://github.com/kubernetes/ingress-nginx/pull/8118 Remove deprecated libraries, update other libs
- [8117] https://github.com/kubernetes/ingress-nginx/pull/8117 Fix codegen errors
- [8115] https://github.com/kubernetes/ingress-nginx/pull/8115 chart/ghaction: set the correct permission to have access to push a release
- [8098] https://github.com/kubernetes/ingress-nginx/pull/8098 generating SHA for CA only certs in backend_ssl.go + comparison of P…
- [8088] https://github.com/kubernetes/ingress-nginx/pull/8088 Fix Edit this page link to use main branch
- [8072] https://github.com/kubernetes/ingress-nginx/pull/8072 Expose GeoIP2 Continent code as variable
- [8061] https://github.com/kubernetes/ingress-nginx/pull/8061 docs(charts): using helm-docs for chart
- [8058] https://github.com/kubernetes/ingress-nginx/pull/8058 Bump github.com/spf13/cobra from 1.2.1 to 1.3.0
- [8054] https://github.com/kubernetes/ingress-nginx/pull/8054 Bump google.golang.org/grpc from 1.41.0 to 1.43.0
- [8051] https://github.com/kubernetes/ingress-nginx/pull/8051 align bug report with feature request regarding kind documentation
- [8046] https://github.com/kubernetes/ingress-nginx/pull/8046 Report expired certificates (#8045)
- [8044] https://github.com/kubernetes/ingress-nginx/pull/8044 remove G109 check till gosec resolves issues
- [8042] https://github.com/kubernetes/ingress-nginx/pull/8042 docs_multiple_instances_one_cluster_ticket_7543
- [8041] https://github.com/kubernetes/ingress-nginx/pull/8041 docs: fix typo'd executable name
- [8035] https://github.com/kubernetes/ingress-nginx/pull/8035 Comment busy owners
- [8029] https://github.com/kubernetes/ingress-nginx/pull/8029 Add stream-snippet as a ConfigMap and Annotation option
- [8023] https://github.com/kubernetes/ingress-nginx/pull/8023 fix nginx compilation flags
- [8021] https://github.com/kubernetes/ingress-nginx/pull/8021 Disable default modsecurity_rules_file if modsecurity-snippet is specified
- [8019] https://github.com/kubernetes/ingress-nginx/pull/8019 Revise main documentation page
- [8018] https://github.com/kubernetes/ingress-nginx/pull/8018 Preserve order of plugin invocation
- [8015] https://github.com/kubernetes/ingress-nginx/pull/8015 Add newline indenting to admission webhook annotations
- [8014] https://github.com/kubernetes/ingress-nginx/pull/8014 Add link to example error page manifest in docs
- [8009] https://github.com/kubernetes/ingress-nginx/pull/8009 Fix spelling in documentation and top-level files
- [8008] https://github.com/kubernetes/ingress-nginx/pull/8008 Add relabelings in controller-servicemonitor.yaml
- [8003] https://github.com/kubernetes/ingress-nginx/pull/8003 Minor improvements (formatting, consistency) in install guide
- [8001] https://github.com/kubernetes/ingress-nginx/pull/8001 fix: go-grpc Dockerfile
- [7999] https://github.com/kubernetes/ingress-nginx/pull/7999 images: use k8s-staging-test-infra/gcb-docker-gcloud
- [7996] https://github.com/kubernetes/ingress-nginx/pull/7996 doc: improvement
- [7983] https://github.com/kubernetes/ingress-nginx/pull/7983 Fix a couple of misspellings in the annotations documentation.
- [7979] https://github.com/kubernetes/ingress-nginx/pull/7979 allow set annotations for admission Jobs
- [7977] https://github.com/kubernetes/ingress-nginx/pull/7977 Add ssl_reject_handshake to default server
- [7975] https://github.com/kubernetes/ingress-nginx/pull/7975 add legacy version update v0.50.0 to main changelog
- [7972] https://github.com/kubernetes/ingress-nginx/pull/7972 updated service upstream definition
### 4.0.14
- [8061] https://github.com/kubernetes/ingress-nginx/pull/8061 Using helm-docs to populate values table in README.md
### 4.0.13
- [8008] https://github.com/kubernetes/ingress-nginx/pull/8008 Add relabelings in controller-servicemonitor.yaml
### 4.0.12
- [7978] https://github.com/kubernetes/ingress-nginx/pull/7979 Support custom annotations in admissions Jobs
### 4.0.11
- [7873] https://github.com/kubernetes/ingress-nginx/pull/7873 Makes the [appProtocol](https://kubernetes.io/docs/concepts/services-networking/_print/#application-protocol) field optional.
### 4.0.10
- [7964] https://github.com/kubernetes/ingress-nginx/pull/7964 Update controller version to v1.1.0
### 4.0.9
- [6992] https://github.com/kubernetes/ingress-nginx/pull/6992 Add ability to specify labels for all resources
### 4.0.7
- [7923] https://github.com/kubernetes/ingress-nginx/pull/7923 Release v1.0.5 of ingress-nginx
- [7806] https://github.com/kubernetes/ingress-nginx/pull/7806 Choice option for internal/external loadbalancer type service
### 4.0.6
- [7804] https://github.com/kubernetes/ingress-nginx/pull/7804 Release v1.0.4 of ingress-nginx
- [7651] https://github.com/kubernetes/ingress-nginx/pull/7651 Support ipFamilyPolicy and ipFamilies fields in Helm Chart
- [7798] https://github.com/kubernetes/ingress-nginx/pull/7798 Exoscale: use HTTP Healthcheck mode
- [7793] https://github.com/kubernetes/ingress-nginx/pull/7793 Update kube-webhook-certgen to v1.1.1
### 4.0.5
- [7740] https://github.com/kubernetes/ingress-nginx/pull/7740 Release v1.0.3 of ingress-nginx
### 4.0.3
- [7707] https://github.com/kubernetes/ingress-nginx/pull/7707 Release v1.0.2 of ingress-nginx
### 4.0.2
- [7681] https://github.com/kubernetes/ingress-nginx/pull/7681 Release v1.0.1 of ingress-nginx
### 4.0.1
- [7535] https://github.com/kubernetes/ingress-nginx/pull/7535 Release v1.0.0 ingress-nginx
### 3.34.0
- [7256] https://github.com/kubernetes/ingress-nginx/pull/7256 Add namespace field in the namespace scoped resource templates
### 3.33.0
- [7164] https://github.com/kubernetes/ingress-nginx/pull/7164 Update nginx to v1.20.1
### 3.32.0
- [7117] https://github.com/kubernetes/ingress-nginx/pull/7117 Add annotations for HPA
### 3.31.0
- [7137] https://github.com/kubernetes/ingress-nginx/pull/7137 Add support for custom probes
### 3.30.0
- [#7092](https://github.com/kubernetes/ingress-nginx/pull/7092) Removes the possibility of using localhost in ExternalNames as endpoints
### 3.29.0
- [X] [#6945](https://github.com/kubernetes/ingress-nginx/pull/7020) Add option to specify job label for ServiceMonitor
### 3.28.0
- [ ] [#6900](https://github.com/kubernetes/ingress-nginx/pull/6900) Support existing PSPs
### 3.27.0
- Update ingress-nginx v0.45.0
### 3.26.0
- [X] [#6979](https://github.com/kubernetes/ingress-nginx/pull/6979) Changed servicePort value for metrics
### 3.25.0
- [X] [#6957](https://github.com/kubernetes/ingress-nginx/pull/6957) Add ability to specify automountServiceAccountToken
### 3.24.0
- [X] [#6908](https://github.com/kubernetes/ingress-nginx/pull/6908) Add volumes to default-backend deployment
### 3.23.0
- Update ingress-nginx v0.44.0
### 3.22.0
- [X] [#6802](https://github.com/kubernetes/ingress-nginx/pull/6802) Add value for configuring a custom Diffie-Hellman parameters file
- [X] [#6815](https://github.com/kubernetes/ingress-nginx/pull/6815) Allow use of numeric namespaces in helm chart
### 3.21.0
- [X] [#6783](https://github.com/kubernetes/ingress-nginx/pull/6783) Add custom annotations to ScaledObject
- [X] [#6761](https://github.com/kubernetes/ingress-nginx/pull/6761) Adding quotes in the serviceAccount name in Helm values
- [X] [#6767](https://github.com/kubernetes/ingress-nginx/pull/6767) Remove ClusterRole when scope option is enabled
- [X] [#6785](https://github.com/kubernetes/ingress-nginx/pull/6785) Update kube-webhook-certgen image to v1.5.1
### 3.20.1
- Do not create KEDA in case of DaemonSets.
- Fix KEDA v2 definition
### 3.20.0
- [X] [#6730](https://github.com/kubernetes/ingress-nginx/pull/6730) Do not create HPA for defaultBackend if not enabled.
### 3.19.0
- Update ingress-nginx v0.43.0
### 3.18.0
- [X] [#6688](https://github.com/kubernetes/ingress-nginx/pull/6688) Allow volume-type emptyDir in controller podsecuritypolicy
- [X] [#6691](https://github.com/kubernetes/ingress-nginx/pull/6691) Improve parsing of helm parameters
### 3.17.0
- Update ingress-nginx v0.42.0
### 3.16.1
- Fix chart-releaser action
### 3.16.0
- [X] [#6646](https://github.com/kubernetes/ingress-nginx/pull/6646) Added LoadBalancerIP value for internal service
### 3.15.1
- Fix chart-releaser action
### 3.15.0
- [X] [#6586](https://github.com/kubernetes/ingress-nginx/pull/6586) Fix 'maxmindLicenseKey' location in values.yaml
### 3.14.0
- [X] [#6469](https://github.com/kubernetes/ingress-nginx/pull/6469) Allow custom service names for controller and backend
### 3.13.0
- [X] [#6544](https://github.com/kubernetes/ingress-nginx/pull/6544) Fix default backend HPA name variable
### 3.12.0
- [X] [#6514](https://github.com/kubernetes/ingress-nginx/pull/6514) Remove helm2 support and update docs
### 3.11.1
- [X] [#6505](https://github.com/kubernetes/ingress-nginx/pull/6505) Reorder HPA resource list to work with GitOps tooling
### 3.11.0
- Support Keda Autoscaling
### 3.10.1
- Fix regression introduced in 0.41.0 with external authentication
### 3.10.0
- Fix routing regression introduced in 0.41.0 with PathType Exact
### 3.9.0
- [X] [#6423](https://github.com/kubernetes/ingress-nginx/pull/6423) Add Default backend HPA autoscaling
### 3.8.0
- [X] [#6395](https://github.com/kubernetes/ingress-nginx/pull/6395) Update jettech/kube-webhook-certgen image
- [X] [#6377](https://github.com/kubernetes/ingress-nginx/pull/6377) Added loadBalancerSourceRanges for internal lbs
- [X] [#6356](https://github.com/kubernetes/ingress-nginx/pull/6356) Add securitycontext settings on defaultbackend
- [X] [#6401](https://github.com/kubernetes/ingress-nginx/pull/6401) Fix controller service annotations
- [X] [#6403](https://github.com/kubernetes/ingress-nginx/pull/6403) Initial helm chart changelog
### 3.7.1
- [X] [#6326](https://github.com/kubernetes/ingress-nginx/pull/6326) Fix liveness and readiness probe path in daemonset chart
### 3.7.0
- [X] [#6316](https://github.com/kubernetes/ingress-nginx/pull/6316) Numerals in podAnnotations in quotes [#6315](https://github.com/kubernetes/ingress-nginx/issues/6315)
### 3.6.0
- [X] [#6305](https://github.com/kubernetes/ingress-nginx/pull/6305) Add default linux nodeSelector
### 3.5.1
- [X] [#6299](https://github.com/kubernetes/ingress-nginx/pull/6299) Fix helm chart release
### 3.5.0
- [X] [#6260](https://github.com/kubernetes/ingress-nginx/pull/6260) Allow Helm Chart to customize admission webhook's annotations, timeoutSeconds, namespaceSelector, objectSelector and cert files locations
### 3.4.0
- [X] [#6268](https://github.com/kubernetes/ingress-nginx/pull/6268) Update to 0.40.2 in helm chart #6288
### 3.3.1
- [X] [#6259](https://github.com/kubernetes/ingress-nginx/pull/6259) Release helm chart
- [X] [#6258](https://github.com/kubernetes/ingress-nginx/pull/6258) Fix chart markdown link
- [X] [#6253](https://github.com/kubernetes/ingress-nginx/pull/6253) Release v0.40.0
### 3.3.1
- [X] [#6233](https://github.com/kubernetes/ingress-nginx/pull/6233) Add admission controller e2e test
### 3.3.0
- [X] [#6203](https://github.com/kubernetes/ingress-nginx/pull/6203) Refactor parsing of key values
- [X] [#6162](https://github.com/kubernetes/ingress-nginx/pull/6162) Add helm chart options to expose metrics service as NodePort
- [X] [#6180](https://github.com/kubernetes/ingress-nginx/pull/6180) Fix helm chart admissionReviewVersions regression
- [X] [#6169](https://github.com/kubernetes/ingress-nginx/pull/6169) Fix Typo in example prometheus rules
### 3.0.0
- [X] [#6167](https://github.com/kubernetes/ingress-nginx/pull/6167) Update chart requirements
### 2.16.0
- [X] [#6154](https://github.com/kubernetes/ingress-nginx/pull/6154) add `topologySpreadConstraint` to controller
### 2.15.0
- [X] [#6087](https://github.com/kubernetes/ingress-nginx/pull/6087) Adding parameter for externalTrafficPolicy in internal controller service spec
### 2.14.0
- [X] [#6104](https://github.com/kubernetes/ingress-nginx/pull/6104) Misc fixes for nginx-ingress chart for better keel and prometheus-operator integration
### 2.13.0
- [X] [#6093](https://github.com/kubernetes/ingress-nginx/pull/6093) Release v0.35.0
### 2.13.0
- [X] [#6093](https://github.com/kubernetes/ingress-nginx/pull/6093) Release v0.35.0
- [X] [#6080](https://github.com/kubernetes/ingress-nginx/pull/6080) Switch images to k8s.gcr.io after Vanity Domain Flip
### 2.12.1
- [X] [#6075](https://github.com/kubernetes/ingress-nginx/pull/6075) Sync helm chart affinity examples
### 2.12.0
- [X] [#6039](https://github.com/kubernetes/ingress-nginx/pull/6039) Add configurable serviceMonitor metricRelabelling and targetLabels
- [X] [#6044](https://github.com/kubernetes/ingress-nginx/pull/6044) Fix YAML linting
### 2.11.3
- [X] [#6038](https://github.com/kubernetes/ingress-nginx/pull/6038) Bump chart version PATCH
### 2.11.2
- [X] [#5951](https://github.com/kubernetes/ingress-nginx/pull/5951) Bump chart patch version
### 2.11.1
- [X] [#5900](https://github.com/kubernetes/ingress-nginx/pull/5900) Release helm chart for v0.34.1
### 2.11.0
- [X] [#5879](https://github.com/kubernetes/ingress-nginx/pull/5879) Update helm chart for v0.34.0
- [X] [#5671](https://github.com/kubernetes/ingress-nginx/pull/5671) Make liveness probe more fault tolerant than readiness probe
### 2.10.0
- [X] [#5843](https://github.com/kubernetes/ingress-nginx/pull/5843) Update jettech/kube-webhook-certgen image
### 2.9.1
- [X] [#5823](https://github.com/kubernetes/ingress-nginx/pull/5823) Add quoting to sysctls because numeric values need to be presented as strings (#5823)
### 2.9.0
- [X] [#5795](https://github.com/kubernetes/ingress-nginx/pull/5795) Use fully qualified images to avoid cri-o issues
### TODO
Keep building the changelog using *git log charts* checking the tag

46
charts/ingress-nginx/Chart.yaml
View file

@ -1,31 +1,25 @@
annotations:
artifacthub.io/changes: |
- Update Ingress-Nginx version controller-v1.11.2
artifacthub.io/prerelease: "false"
apiVersion: v2 apiVersion: v2
name: ingress-nginx appVersion: 1.11.2
# When the version is modified, make sure the artifacthub.io/changes list is updated description: Ingress controller for Kubernetes using NGINX as a reverse proxy and
# Also update CHANGELOG.md load balancer
version: 4.4.2
appVersion: 1.5.1
home: https://github.com/kubernetes/ingress-nginx home: https://github.com/kubernetes/ingress-nginx
description: Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer
icon: https://upload.wikimedia.org/wikipedia/commons/thumb/c/c5/Nginx_logo.svg/500px-Nginx_logo.svg.png icon: https://upload.wikimedia.org/wikipedia/commons/thumb/c/c5/Nginx_logo.svg/500px-Nginx_logo.svg.png
keywords: keywords:
- ingress - ingress
- nginx - nginx
sources: kubeVersion: '>=1.21.0-0'
- https://github.com/kubernetes/ingress-nginx
maintainers: maintainers:
- name: rikatz - name: cpanato
- name: strongjz - name: Gacko
- name: tao12345666333 - name: puerco
engine: gotpl - name: rikatz
kubeVersion: ">=1.20.0-0" - name: strongjz
annotations: - name: tao12345666333
# Use this annotation to indicate that this chart version is a pre-release. name: ingress-nginx
# https://artifacthub.io/docs/topics/annotations/helm/ sources:
artifacthub.io/prerelease: "false" - https://github.com/kubernetes/ingress-nginx
# List of changes for the release in artifacthub.io version: 4.11.2
# https://artifacthub.io/packages/helm/ingress-nginx/ingress-nginx?modal=changelog
artifacthub.io/changes: |
- Adding support for disabling liveness and readiness probes to the Helm chart
- add:(admission-webhooks) ability to set securityContext
- Updated Helm chart to use the fullname for the electionID if not specified
- Rename controller-wehbooks-networkpolicy.yaml

2
charts/ingress-nginx/OWNERS
View file

@ -1,4 +1,4 @@
# See the OWNERS docs: https://github.com/kubernetes/community/blob/master/contributors/guide/owners.md # See the OWNERS docs: https://www.kubernetes.dev/docs/guide/owners
approvers: approvers:
- ingress-nginx-helm-maintainers - ingress-nginx-helm-maintainers

231
charts/ingress-nginx/README.md
View file

@ -2,16 +2,15 @@
[ingress-nginx](https://github.com/kubernetes/ingress-nginx) Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer
![Version: 4.4.2](https://img.shields.io/badge/Version-4.4.2-informational?style=flat-square) ![AppVersion: 1.5.1](https://img.shields.io/badge/AppVersion-1.5.1-informational?style=flat-square) ![Version: 4.11.2](https://img.shields.io/badge/Version-4.11.2-informational?style=flat-square) ![AppVersion: 1.11.2](https://img.shields.io/badge/AppVersion-1.11.2-informational?style=flat-square)
To use, add `ingressClassName: nginx` spec field or the `kubernetes.io/ingress.class: nginx` annotation to your Ingress resources. To use, add `ingressClassName: nginx` spec field or the `kubernetes.io/ingress.class: nginx` annotation to your Ingress resources.
This chart bootstraps an ingress-nginx deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. This chart bootstraps an ingress-nginx deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
## Prerequisites ## Requirements
- Chart version 3.x.x: Kubernetes v1.16+ Kubernetes: `>=1.21.0-0`
- Chart version 4.x.x and above: Kubernetes v1.19+
## Get Repo Info ## Get Repo Info
@ -52,10 +51,6 @@ helm upgrade [RELEASE_NAME] [CHART] --install
_See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documentation._ _See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documentation._
### Upgrading With Zero Downtime in Production
By default the ingress-nginx controller has service interruptions whenever it's pods are restarted or redeployed. In order to fix that, see the excellent blog post by Lindsay Landry from Codecademy: [Kubernetes: Nginx and Zero Downtime in Production](https://medium.com/codecademy-engineering/kubernetes-nginx-and-zero-downtime-in-production-2c910c6a5ed8).
### Migrating from stable/nginx-ingress ### Migrating from stable/nginx-ingress
There are two main ways to migrate a release from `stable/nginx-ingress` to `ingress-nginx/ingress-nginx` chart: There are two main ways to migrate a release from `stable/nginx-ingress` to `ingress-nginx/ingress-nginx` chart:
@ -66,7 +61,6 @@ There are two main ways to migrate a release from `stable/nginx-ingress` to `ing
1. Redirect your DNS traffic from the old controller to the new controller 1. Redirect your DNS traffic from the old controller to the new controller
1. Log traffic from both controllers during this changeover 1. Log traffic from both controllers during this changeover
1. [Uninstall](#uninstall-chart) the old controller once traffic has fully drained from it 1. [Uninstall](#uninstall-chart) the old controller once traffic has fully drained from it
1. For details on all of these steps see [Upgrading With Zero Downtime in Production](#upgrading-with-zero-downtime-in-production)
Note that there are some different and upgraded configurations between the two charts, described by Rimas Mocevicius from JFrog in the "Upgrading to ingress-nginx Helm chart" section of [Migrating from Helm chart nginx-ingress to ingress-nginx](https://rimusz.net/migrating-to-ingress-nginx). As the `ingress-nginx/ingress-nginx` chart continues to update, you will want to check current differences by running [helm configuration](#configuration) commands on both charts. Note that there are some different and upgraded configurations between the two charts, described by Rimas Mocevicius from JFrog in the "Upgrading to ingress-nginx Helm chart" section of [Migrating from Helm chart nginx-ingress to ingress-nginx](https://rimusz.net/migrating-to-ingress-nginx). As the `ingress-nginx/ingress-nginx` chart continues to update, you will want to check current differences by running [helm configuration](#configuration) commands on both charts.
@ -85,14 +79,14 @@ else it would make it impossible to evacuate a node. See [gh issue #7127](https:
### Prometheus Metrics ### Prometheus Metrics
The Nginx ingress controller can export Prometheus metrics, by setting `controller.metrics.enabled` to `true`. The Ingress-Nginx Controller can export Prometheus metrics, by setting `controller.metrics.enabled` to `true`.
You can add Prometheus annotations to the metrics service using `controller.metrics.service.annotations`. You can add Prometheus annotations to the metrics service using `controller.metrics.service.annotations`.
Alternatively, if you use the Prometheus Operator, you can enable ServiceMonitor creation using `controller.metrics.serviceMonitor.enabled`. And set `controller.metrics.serviceMonitor.additionalLabels.release="prometheus"`. "release=prometheus" should match the label configured in the prometheus servicemonitor ( see `kubectl get servicemonitor prometheus-kube-prom-prometheus -oyaml -n prometheus`) Alternatively, if you use the Prometheus Operator, you can enable ServiceMonitor creation using `controller.metrics.serviceMonitor.enabled`. And set `controller.metrics.serviceMonitor.additionalLabels.release="prometheus"`. "release=prometheus" should match the label configured in the prometheus servicemonitor ( see `kubectl get servicemonitor prometheus-kube-prom-prometheus -oyaml -n prometheus`)
### ingress-nginx nginx\_status page/stats server ### ingress-nginx nginx\_status page/stats server
Previous versions of this chart had a `controller.stats.*` configuration block, which is now obsolete due to the following changes in nginx ingress controller: Previous versions of this chart had a `controller.stats.*` configuration block, which is now obsolete due to the following changes in Ingress-Nginx Controller:
- In [0.16.1](https://github.com/kubernetes/ingress-nginx/blob/main/Changelog.md#0161), the vts (virtual host traffic status) dashboard was removed - In [0.16.1](https://github.com/kubernetes/ingress-nginx/blob/main/Changelog.md#0161), the vts (virtual host traffic status) dashboard was removed
- In [0.23.0](https://github.com/kubernetes/ingress-nginx/blob/main/Changelog.md#0230), the status page at port 18080 is now a unix socket webserver only available at localhost. - In [0.23.0](https://github.com/kubernetes/ingress-nginx/blob/main/Changelog.md#0230), the status page at port 18080 is now a unix socket webserver only available at localhost.
@ -100,7 +94,7 @@ Previous versions of this chart had a `controller.stats.*` configuration block,
### ExternalDNS Service Configuration ### ExternalDNS Service Configuration
Add an [ExternalDNS](https://github.com/kubernetes-incubator/external-dns) annotation to the LoadBalancer service: Add an [ExternalDNS](https://github.com/kubernetes-sigs/external-dns) annotation to the LoadBalancer service:
```yaml ```yaml
controller: controller:
@ -126,19 +120,6 @@ controller:
service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: '3600' service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: '3600'
``` ```
### AWS route53-mapper
To configure the LoadBalancer service with the [route53-mapper addon](https://github.com/kubernetes/kops/blob/be63d4f1a7a46daaf1c4c482527328236850f111/addons/route53-mapper/README.md), add the `domainName` annotation and `dns` label:
```yaml
controller:
service:
labels:
dns: "route53"
annotations:
domainName: "kubernetes-example.com"
```
### Additional Internal Load Balancer ### Additional Internal Load Balancer
This setup is useful when you need both external and internal load balancers but don't want to have multiple ingress controllers and multiple ingress objects per application. This setup is useful when you need both external and internal load balancers but don't want to have multiple ingress controllers and multiple ingress objects per application.
@ -162,8 +143,10 @@ controller:
internal: internal:
enabled: true enabled: true
annotations: annotations:
# Create internal ELB # Create internal NLB
service.beta.kubernetes.io/aws-load-balancer-internal: "true" service.beta.kubernetes.io/aws-load-balancer-scheme: "internal"
# Create internal ELB(Deprecated)
# service.beta.kubernetes.io/aws-load-balancer-internal: "true"
# Any other annotation can be declared here. # Any other annotation can be declared here.
``` ```
@ -206,13 +189,15 @@ controller:
# Any other annotation can be declared here. # Any other annotation can be declared here.
``` ```
The load balancer annotations of more cloud service providers can be found: [Internal load balancer](https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer).
An use case for this scenario is having a split-view DNS setup where the public zone CNAME records point to the external balancer URL while the private zone CNAME records point to the internal balancer URL. This way, you only need one ingress kubernetes object. An use case for this scenario is having a split-view DNS setup where the public zone CNAME records point to the external balancer URL while the private zone CNAME records point to the internal balancer URL. This way, you only need one ingress kubernetes object.
Optionally you can set `controller.service.loadBalancerIP` if you need a static IP for the resulting `LoadBalancer`. Optionally you can set `controller.service.loadBalancerIP` if you need a static IP for the resulting `LoadBalancer`.
### Ingress Admission Webhooks ### Ingress Admission Webhooks
With nginx-ingress-controller version 0.25+, the nginx ingress controller pod exposes an endpoint that will integrate with the `validatingwebhookconfiguration` Kubernetes feature to prevent bad ingress from being added to the cluster. With nginx-ingress-controller version 0.25+, the Ingress-Nginx Controller pod exposes an endpoint that will integrate with the `validatingwebhookconfiguration` Kubernetes feature to prevent bad ingress from being added to the cluster.
**This feature is enabled by default since 0.31.0.** **This feature is enabled by default since 0.31.0.**
With nginx-ingress-controller in 0.25.* work only with kubernetes 1.14+, 0.26 fix [this issue](https://github.com/kubernetes/ingress-nginx/pull/4521) With nginx-ingress-controller in 0.25.* work only with kubernetes 1.14+, 0.26 fix [this issue](https://github.com/kubernetes/ingress-nginx/pull/4521)
@ -221,14 +206,14 @@ With nginx-ingress-controller in 0.25.* work only with kubernetes 1.14+, 0.26 fi
A validating and configuration requires the endpoint to which the request is sent to use TLS. It is possible to set up custom certificates to do this, but in most cases, a self-signed certificate is enough. The setup of this component requires some more complex orchestration when using helm. The steps are created to be idempotent and to allow turning the feature on and off without running into helm quirks. A validating and configuration requires the endpoint to which the request is sent to use TLS. It is possible to set up custom certificates to do this, but in most cases, a self-signed certificate is enough. The setup of this component requires some more complex orchestration when using helm. The steps are created to be idempotent and to allow turning the feature on and off without running into helm quirks.
1. A pre-install hook provisions a certificate into the same namespace using a format compatible with provisioning using end user certificates. If the certificate already exists, the hook exits. 1. A pre-install hook provisions a certificate into the same namespace using a format compatible with provisioning using end user certificates. If the certificate already exists, the hook exits.
2. The ingress nginx controller pod is configured to use a TLS proxy container, which will load that certificate. 2. The Ingress-Nginx Controller pod is configured to use a TLS proxy container, which will load that certificate.
3. Validating and Mutating webhook configurations are created in the cluster. 3. Validating and Mutating webhook configurations are created in the cluster.
4. A post-install hook reads the CA from the secret created by step 1 and patches the Validating and Mutating webhook configurations. This process will allow a custom CA provisioned by some other process to also be patched into the webhook configurations. The chosen failure policy is also patched into the webhook configurations 4. A post-install hook reads the CA from the secret created by step 1 and patches the Validating and Mutating webhook configurations. This process will allow a custom CA provisioned by some other process to also be patched into the webhook configurations. The chosen failure policy is also patched into the webhook configurations
#### Alternatives #### Alternatives
It should be possible to use [cert-manager/cert-manager](https://github.com/cert-manager/cert-manager) if a more complete solution is required. It should be possible to use [cert-manager/cert-manager](https://github.com/cert-manager/cert-manager) if a more complete solution is required.
You can enable automatic self-signed TLS certificate provisioning via cert-manager by setting the `controller.admissionWebhooks.certManager.enable` value to true. You can enable automatic self-signed TLS certificate provisioning via cert-manager by setting the `controller.admissionWebhooks.certManager.enabled` value to true.
Please ensure that cert-manager is correctly installed and configured. Please ensure that cert-manager is correctly installed and configured.
@ -244,10 +229,6 @@ Detail of how and why are in [this issue](https://github.com/helm/charts/pull/13
As of version `1.26.0` of this chart, by simply not providing any clusterIP value, `invalid: spec.clusterIP: Invalid value: "": field is immutable` will no longer occur since `clusterIP: ""` will not be rendered. As of version `1.26.0` of this chart, by simply not providing any clusterIP value, `invalid: spec.clusterIP: Invalid value: "": field is immutable` will no longer occur since `clusterIP: ""` will not be rendered.
## Requirements
Kubernetes: `>=1.20.0-0`
## Values ## Values
| Key | Type | Default | Description | | Key | Type | Default | Description |
@ -259,33 +240,40 @@ Kubernetes: `>=1.20.0-0`
| controller.admissionWebhooks.certManager.enabled | bool | `false` | | | controller.admissionWebhooks.certManager.enabled | bool | `false` | |
| controller.admissionWebhooks.certManager.rootCert.duration | string | `""` | | | controller.admissionWebhooks.certManager.rootCert.duration | string | `""` | |
| controller.admissionWebhooks.certificate | string | `"/usr/local/certificates/cert"` | | | controller.admissionWebhooks.certificate | string | `"/usr/local/certificates/cert"` | |
| controller.admissionWebhooks.createSecretJob.name | string | `"create"` | |
| controller.admissionWebhooks.createSecretJob.resources | object | `{}` | | | controller.admissionWebhooks.createSecretJob.resources | object | `{}` | |
| controller.admissionWebhooks.createSecretJob.securityContext.allowPrivilegeEscalation | bool | `false` | | | controller.admissionWebhooks.createSecretJob.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsGroup":65532,"runAsNonRoot":true,"runAsUser":65532,"seccompProfile":{"type":"RuntimeDefault"}}` | Security context for secret creation containers |
| controller.admissionWebhooks.enabled | bool | `true` | | | controller.admissionWebhooks.enabled | bool | `true` | |
| controller.admissionWebhooks.existingPsp | string | `""` | Use an existing PSP instead of creating one | | controller.admissionWebhooks.existingPsp | string | `""` | Use an existing PSP instead of creating one |
| controller.admissionWebhooks.extraEnvs | list | `[]` | Additional environment variables to set | | controller.admissionWebhooks.extraEnvs | list | `[]` | Additional environment variables to set |
| controller.admissionWebhooks.failurePolicy | string | `"Fail"` | Admission Webhook failure policy to use | | controller.admissionWebhooks.failurePolicy | string | `"Fail"` | Admission Webhook failure policy to use |
| controller.admissionWebhooks.key | string | `"/usr/local/certificates/key"` | | | controller.admissionWebhooks.key | string | `"/usr/local/certificates/key"` | |
| controller.admissionWebhooks.labels | object | `{}` | Labels to be added to admission webhooks | | controller.admissionWebhooks.labels | object | `{}` | Labels to be added to admission webhooks |
| controller.admissionWebhooks.name | string | `"admission"` | |
| controller.admissionWebhooks.namespaceSelector | object | `{}` | | | controller.admissionWebhooks.namespaceSelector | object | `{}` | |
| controller.admissionWebhooks.networkPolicyEnabled | bool | `false` | |
| controller.admissionWebhooks.objectSelector | object | `{}` | | | controller.admissionWebhooks.objectSelector | object | `{}` | |
| controller.admissionWebhooks.patch.enabled | bool | `true` | | | controller.admissionWebhooks.patch.enabled | bool | `true` | |
| controller.admissionWebhooks.patch.image.digest | string | `"sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f"` | | | controller.admissionWebhooks.patch.image.digest | string | `"sha256:a320a50cc91bd15fd2d6fa6de58bd98c1bd64b9a6f926ce23a600d87043455a3"` | |
| controller.admissionWebhooks.patch.image.image | string | `"ingress-nginx/kube-webhook-certgen"` | | | controller.admissionWebhooks.patch.image.image | string | `"ingress-nginx/kube-webhook-certgen"` | |
| controller.admissionWebhooks.patch.image.pullPolicy | string | `"IfNotPresent"` | | | controller.admissionWebhooks.patch.image.pullPolicy | string | `"IfNotPresent"` | |
| controller.admissionWebhooks.patch.image.registry | string | `"registry.k8s.io"` | | | controller.admissionWebhooks.patch.image.registry | string | `"registry.k8s.io"` | |
| controller.admissionWebhooks.patch.image.tag | string | `"v20220916-gd32f8c343"` | | | controller.admissionWebhooks.patch.image.tag | string | `"v1.4.3"` | |
| controller.admissionWebhooks.patch.labels | object | `{}` | Labels to be added to patch job resources | | controller.admissionWebhooks.patch.labels | object | `{}` | Labels to be added to patch job resources |
| controller.admissionWebhooks.patch.networkPolicy.enabled | bool | `false` | Enable 'networkPolicy' or not |
| controller.admissionWebhooks.patch.nodeSelector."kubernetes.io/os" | string | `"linux"` | | | controller.admissionWebhooks.patch.nodeSelector."kubernetes.io/os" | string | `"linux"` | |
| controller.admissionWebhooks.patch.podAnnotations | object | `{}` | | | controller.admissionWebhooks.patch.podAnnotations | object | `{}` | |
| controller.admissionWebhooks.patch.priorityClassName | string | `""` | Provide a priority class name to the webhook patching job # | | controller.admissionWebhooks.patch.priorityClassName | string | `""` | Provide a priority class name to the webhook patching job # |
| controller.admissionWebhooks.patch.securityContext.fsGroup | int | `2000` | | | controller.admissionWebhooks.patch.rbac | object | `{"create":true}` | Admission webhook patch job RBAC |
| controller.admissionWebhooks.patch.securityContext.runAsNonRoot | bool | `true` | | | controller.admissionWebhooks.patch.rbac.create | bool | `true` | Create RBAC or not |
| controller.admissionWebhooks.patch.securityContext.runAsUser | int | `2000` | | | controller.admissionWebhooks.patch.securityContext | object | `{}` | Security context for secret creation & webhook patch pods |
| controller.admissionWebhooks.patch.serviceAccount | object | `{"automountServiceAccountToken":true,"create":true,"name":""}` | Admission webhook patch job service account |
| controller.admissionWebhooks.patch.serviceAccount.automountServiceAccountToken | bool | `true` | Auto-mount service account token or not |
| controller.admissionWebhooks.patch.serviceAccount.create | bool | `true` | Create a service account or not |
| controller.admissionWebhooks.patch.serviceAccount.name | string | `""` | Custom service account name |
| controller.admissionWebhooks.patch.tolerations | list | `[]` | | | controller.admissionWebhooks.patch.tolerations | list | `[]` | |
| controller.admissionWebhooks.patchWebhookJob.name | string | `"patch"` | |
| controller.admissionWebhooks.patchWebhookJob.resources | object | `{}` | | | controller.admissionWebhooks.patchWebhookJob.resources | object | `{}` | |
| controller.admissionWebhooks.patchWebhookJob.securityContext.allowPrivilegeEscalation | bool | `false` | | | controller.admissionWebhooks.patchWebhookJob.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsGroup":65532,"runAsNonRoot":true,"runAsUser":65532,"seccompProfile":{"type":"RuntimeDefault"}}` | Security context for webhook patch containers |
| controller.admissionWebhooks.port | int | `8443` | | | controller.admissionWebhooks.port | int | `8443` | |
| controller.admissionWebhooks.service.annotations | object | `{}` | | | controller.admissionWebhooks.service.annotations | object | `{}` | |
| controller.admissionWebhooks.service.externalIPs | list | `[]` | | | controller.admissionWebhooks.service.externalIPs | list | `[]` | |
@ -293,10 +281,9 @@ Kubernetes: `>=1.20.0-0`
| controller.admissionWebhooks.service.servicePort | int | `443` | | | controller.admissionWebhooks.service.servicePort | int | `443` | |
| controller.admissionWebhooks.service.type | string | `"ClusterIP"` | | | controller.admissionWebhooks.service.type | string | `"ClusterIP"` | |
| controller.affinity | object | `{}` | Affinity and anti-affinity rules for server scheduling to nodes # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity # | | controller.affinity | object | `{}` | Affinity and anti-affinity rules for server scheduling to nodes # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity # |
| controller.allowSnippetAnnotations | bool | `true` | This configuration defines if Ingress Controller should allow users to set their own *-snippet annotations, otherwise this is forbidden / dropped when users add those annotations. Global snippets in ConfigMap are still respected | | controller.allowSnippetAnnotations | bool | `false` | This configuration defines if Ingress Controller should allow users to set their own *-snippet annotations, otherwise this is forbidden / dropped when users add those annotations. Global snippets in ConfigMap are still respected |
| controller.annotations | object | `{}` | Annotations to be added to the controller Deployment or DaemonSet # | | controller.annotations | object | `{}` | Annotations to be added to the controller Deployment or DaemonSet # |
| controller.autoscaling.annotations | object | `{}` | | | controller.autoscaling.annotations | object | `{}` | |
| controller.autoscaling.apiVersion | string | `"autoscaling/v2"` | |
| controller.autoscaling.behavior | object | `{}` | | | controller.autoscaling.behavior | object | `{}` | |
| controller.autoscaling.enabled | bool | `false` | | | controller.autoscaling.enabled | bool | `false` | |
| controller.autoscaling.maxReplicas | int | `11` | | | controller.autoscaling.maxReplicas | int | `11` | |
@ -304,50 +291,61 @@ Kubernetes: `>=1.20.0-0`
| controller.autoscaling.targetCPUUtilizationPercentage | int | `50` | | | controller.autoscaling.targetCPUUtilizationPercentage | int | `50` | |
| controller.autoscaling.targetMemoryUtilizationPercentage | int | `50` | | | controller.autoscaling.targetMemoryUtilizationPercentage | int | `50` | |
| controller.autoscalingTemplate | list | `[]` | | | controller.autoscalingTemplate | list | `[]` | |
| controller.config | object | `{}` | Will add custom configuration options to Nginx https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/ | | controller.config | object | `{}` | Global configuration passed to the ConfigMap consumed by the controller. Values may contain Helm templates. Ref.: https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/ |
| controller.configAnnotations | object | `{}` | Annotations to be added to the controller config configuration configmap. | | controller.configAnnotations | object | `{}` | Annotations to be added to the controller config configuration configmap. |
| controller.configMapNamespace | string | `""` | Allows customization of the configmap / nginx-configmap namespace; defaults to $(POD_NAMESPACE) | | controller.configMapNamespace | string | `""` | Allows customization of the configmap / nginx-configmap namespace; defaults to $(POD_NAMESPACE) |
| controller.containerName | string | `"controller"` | Configures the controller container name | | controller.containerName | string | `"controller"` | Configures the controller container name |
| controller.containerPort | object | `{"http":80,"https":443}` | Configures the ports that the nginx-controller listens on | | controller.containerPort | object | `{"http":80,"https":443}` | Configures the ports that the nginx-controller listens on |
| controller.containerSecurityContext | object | `{}` | Security context for controller containers |
| controller.customTemplate.configMapKey | string | `""` | | | controller.customTemplate.configMapKey | string | `""` | |
| controller.customTemplate.configMapName | string | `""` | | | controller.customTemplate.configMapName | string | `""` | |
| controller.disablePathTypeValidation | bool | `false` | This configuration defines if Ingress Controller should validate pathType. If this is true, special characters will be allowed on paths of any pathType. If false, special characters are only allowed on paths with pathType = ImplementationSpecific | | controller.disableLeaderElection | bool | `false` | This configuration disable Nginx Controller Leader Election |
| controller.dnsConfig | object | `{}` | Optionally customize the pod dnsConfig. | | controller.dnsConfig | object | `{}` | Optionally customize the pod dnsConfig. |
| controller.dnsPolicy | string | `"ClusterFirst"` | Optionally change this to ClusterFirstWithHostNet in case you have 'hostNetwork: true'. By default, while using host network, name resolution uses the host's DNS. If you wish nginx-controller to keep resolving names inside the k8s network, use ClusterFirstWithHostNet. | | controller.dnsPolicy | string | `"ClusterFirst"` | Optionally change this to ClusterFirstWithHostNet in case you have 'hostNetwork: true'. By default, while using host network, name resolution uses the host's DNS. If you wish nginx-controller to keep resolving names inside the k8s network, use ClusterFirstWithHostNet. |
| controller.electionID | string | `""` | Election ID to use for status update, by default it uses the controller name combined with a suffix of 'leader' | | controller.electionID | string | `""` | Election ID to use for status update, by default it uses the controller name combined with a suffix of 'leader' |
| controller.electionTTL | string | `""` | Duration a leader election is valid before it's getting re-elected, e.g. `15s`, `10m` or `1h`. (Default: 30s) |
| controller.enableAnnotationValidations | bool | `false` | |
| controller.enableMimalloc | bool | `true` | Enable mimalloc as a drop-in replacement for malloc. # ref: https://github.com/microsoft/mimalloc # | | controller.enableMimalloc | bool | `true` | Enable mimalloc as a drop-in replacement for malloc. # ref: https://github.com/microsoft/mimalloc # |
| controller.enableTopologyAwareRouting | bool | `false` | This configuration enables Topology Aware Routing feature, used together with service annotation service.kubernetes.io/topology-aware-hints="auto" Defaults to false | | controller.enableTopologyAwareRouting | bool | `false` | This configuration enables Topology Aware Routing feature, used together with service annotation service.kubernetes.io/topology-mode="auto" Defaults to false |
| controller.existingPsp | string | `""` | Use an existing PSP instead of creating one | | controller.existingPsp | string | `""` | Use an existing PSP instead of creating one |
| controller.extraArgs | object | `{}` | Additional command line arguments to pass to nginx-ingress-controller E.g. to specify the default SSL certificate you can use | | controller.extraArgs | object | `{}` | Additional command line arguments to pass to Ingress-Nginx Controller E.g. to specify the default SSL certificate you can use |
| controller.extraContainers | list | `[]` | Additional containers to be added to the controller pod. See https://github.com/lemonldap-ng-controller/lemonldap-ng-controller as example. | | controller.extraContainers | list | `[]` | Additional containers to be added to the controller pod. See https://github.com/lemonldap-ng-controller/lemonldap-ng-controller as example. |
| controller.extraEnvs | list | `[]` | Additional environment variables to set | | controller.extraEnvs | list | `[]` | Additional environment variables to set |
| controller.extraInitContainers | list | `[]` | Containers, which are run before the app containers are started. | | controller.extraInitContainers | list | `[]` | Containers, which are run before the app containers are started. |
| controller.extraModules | list | `[]` | Modules, which are mounted into the core nginx image. See values.yaml for a sample to add opentelemetry module | | controller.extraModules | list | `[]` | Modules, which are mounted into the core nginx image. See values.yaml for a sample to add opentelemetry module |
| controller.extraVolumeMounts | list | `[]` | Additional volumeMounts to the controller main container. | | controller.extraVolumeMounts | list | `[]` | Additional volumeMounts to the controller main container. |
| controller.extraVolumes | list | `[]` | Additional volumes to the controller pod. | | controller.extraVolumes | list | `[]` | Additional volumes to the controller pod. |
| controller.healthCheckHost | string | `""` | Address to bind the health check endpoint. It is better to set this option to the internal node address if the ingress nginx controller is running in the `hostNetwork: true` mode. | | controller.healthCheckHost | string | `""` | Address to bind the health check endpoint. It is better to set this option to the internal node address if the Ingress-Nginx Controller is running in the `hostNetwork: true` mode. |
| controller.healthCheckPath | string | `"/healthz"` | Path of the health check endpoint. All requests received on the port defined by the healthz-port parameter are forwarded internally to this path. | | controller.healthCheckPath | string | `"/healthz"` | Path of the health check endpoint. All requests received on the port defined by the healthz-port parameter are forwarded internally to this path. |
| controller.hostAliases | list | `[]` | Optionally customize the pod hostAliases. |
| controller.hostNetwork | bool | `false` | Required for use with CNI based kubernetes installations (such as ones set up by kubeadm), since CNI and hostport don't mix yet. Can be deprecated once https://github.com/kubernetes/kubernetes/issues/23920 is merged | | controller.hostNetwork | bool | `false` | Required for use with CNI based kubernetes installations (such as ones set up by kubeadm), since CNI and hostport don't mix yet. Can be deprecated once https://github.com/kubernetes/kubernetes/issues/23920 is merged |
| controller.hostPort.enabled | bool | `false` | Enable 'hostPort' or not | | controller.hostPort.enabled | bool | `false` | Enable 'hostPort' or not |
| controller.hostPort.ports.http | int | `80` | 'hostPort' http port | | controller.hostPort.ports.http | int | `80` | 'hostPort' http port |
| controller.hostPort.ports.https | int | `443` | 'hostPort' https port | | controller.hostPort.ports.https | int | `443` | 'hostPort' https port |
| controller.hostname | object | `{}` | Optionally customize the pod hostname. | | controller.hostname | object | `{}` | Optionally customize the pod hostname. |
| controller.image.allowPrivilegeEscalation | bool | `true` | | | controller.image.allowPrivilegeEscalation | bool | `false` | |
| controller.image.chroot | bool | `false` | | | controller.image.chroot | bool | `false` | |
| controller.image.digest | string | `"sha256:4ba73c697770664c1e00e9f968de14e08f606ff961c76e5d7033a4a9c593c629"` | | | controller.image.digest | string | `"sha256:d5f8217feeac4887cb1ed21f27c2674e58be06bd8f5184cacea2a69abaf78dce"` | |
| controller.image.digestChroot | string | `"sha256:c1c091b88a6c936a83bd7b098662760a87868d12452529bad0d178fb36147345"` | | | controller.image.digestChroot | string | `"sha256:21b55a2f0213a18b91612a8c0850167e00a8e34391fd595139a708f9c047e7a8"` | |
| controller.image.image | string | `"ingress-nginx/controller"` | | | controller.image.image | string | `"ingress-nginx/controller"` | |
| controller.image.pullPolicy | string | `"IfNotPresent"` | | | controller.image.pullPolicy | string | `"IfNotPresent"` | |
| controller.image.readOnlyRootFilesystem | bool | `false` | |
| controller.image.registry | string | `"registry.k8s.io"` | | | controller.image.registry | string | `"registry.k8s.io"` | |
| controller.image.runAsUser | int | `101` | | | controller.image.runAsGroup | int | `82` | This value must not be changed using the official image. uid=101(www-data) gid=82(www-data) groups=82(www-data) |
| controller.image.tag | string | `"v1.5.1"` | | | controller.image.runAsNonRoot | bool | `true` | |
| controller.image.runAsUser | int | `101` | This value must not be changed using the official image. uid=101(www-data) gid=82(www-data) groups=82(www-data) |
| controller.image.seccompProfile.type | string | `"RuntimeDefault"` | |
| controller.image.tag | string | `"v1.11.2"` | |
| controller.ingressClass | string | `"nginx"` | For backwards compatibility with ingress.class annotation, use ingressClass. Algorithm is as follows, first ingressClassName is considered, if not present, controller looks for ingress.class annotation | | controller.ingressClass | string | `"nginx"` | For backwards compatibility with ingress.class annotation, use ingressClass. Algorithm is as follows, first ingressClassName is considered, if not present, controller looks for ingress.class annotation |
| controller.ingressClassByName | bool | `false` | Process IngressClass per name (additionally as per spec.controller). | | controller.ingressClassByName | bool | `false` | Process IngressClass per name (additionally as per spec.controller). |
| controller.ingressClassResource.controllerValue | string | `"k8s.io/ingress-nginx"` | Controller-value of the controller that is processing this ingressClass | | controller.ingressClassResource | object | `{"aliases":[],"annotations":{},"controllerValue":"k8s.io/ingress-nginx","default":false,"enabled":true,"name":"nginx","parameters":{}}` | This section refers to the creation of the IngressClass resource. IngressClasses are immutable and cannot be changed after creation. We do not support namespaced IngressClasses, yet, so a ClusterRole and a ClusterRoleBinding is required. |
| controller.ingressClassResource.default | bool | `false` | Is this the default ingressClass for the cluster | | controller.ingressClassResource.aliases | list | `[]` | Aliases of this IngressClass. Creates copies with identical settings but the respective alias as name. Useful for development environments with only one Ingress Controller but production-like Ingress resources. `default` gets enabled on the original IngressClass only. |
| controller.ingressClassResource.enabled | bool | `true` | Is this ingressClass enabled or not | | controller.ingressClassResource.annotations | object | `{}` | Annotations to be added to the IngressClass resource. |
| controller.ingressClassResource.name | string | `"nginx"` | Name of the ingressClass | | controller.ingressClassResource.controllerValue | string | `"k8s.io/ingress-nginx"` | Controller of the IngressClass. An Ingress Controller looks for IngressClasses it should reconcile by this value. This value is also being set as the `--controller-class` argument of this Ingress Controller. Ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class |
| controller.ingressClassResource.parameters | object | `{}` | Parameters is a link to a custom resource containing additional configuration for the controller. This is optional if the controller does not require extra parameters. | | controller.ingressClassResource.default | bool | `false` | If true, Ingresses without `ingressClassName` get assigned to this IngressClass on creation. Ingress creation gets rejected if there are multiple default IngressClasses. Ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#default-ingress-class |
| controller.ingressClassResource.enabled | bool | `true` | Create the IngressClass or not |
| controller.ingressClassResource.name | string | `"nginx"` | Name of the IngressClass |
| controller.ingressClassResource.parameters | object | `{}` | A link to a custom resource containing additional configuration for the controller. This is optional if the controller consuming this IngressClass does not require additional parameters. Ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class |
| controller.keda.apiVersion | string | `"keda.sh/v1alpha1"` | | | controller.keda.apiVersion | string | `"keda.sh/v1alpha1"` | |
| controller.keda.behavior | object | `{}` | | | controller.keda.behavior | object | `{}` | |
| controller.keda.cooldownPeriod | int | `300` | | | controller.keda.cooldownPeriod | int | `300` | |
@ -377,12 +375,13 @@ Kubernetes: `>=1.20.0-0`
| controller.metrics.prometheusRule.enabled | bool | `false` | | | controller.metrics.prometheusRule.enabled | bool | `false` | |
| controller.metrics.prometheusRule.rules | list | `[]` | | | controller.metrics.prometheusRule.rules | list | `[]` | |
| controller.metrics.service.annotations | object | `{}` | | | controller.metrics.service.annotations | object | `{}` | |
| controller.metrics.service.externalIPs | list | `[]` | List of IP addresses at which the stats-exporter service is available # Ref: https://kubernetes.io/docs/user-guide/services/#external-ips # | | controller.metrics.service.externalIPs | list | `[]` | List of IP addresses at which the stats-exporter service is available # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips # |
| controller.metrics.service.labels | object | `{}` | Labels to be added to the metrics service resource | | controller.metrics.service.labels | object | `{}` | Labels to be added to the metrics service resource |
| controller.metrics.service.loadBalancerSourceRanges | list | `[]` | | | controller.metrics.service.loadBalancerSourceRanges | list | `[]` | |
| controller.metrics.service.servicePort | int | `10254` | | | controller.metrics.service.servicePort | int | `10254` | |
| controller.metrics.service.type | string | `"ClusterIP"` | | | controller.metrics.service.type | string | `"ClusterIP"` | |
| controller.metrics.serviceMonitor.additionalLabels | object | `{}` | | | controller.metrics.serviceMonitor.additionalLabels | object | `{}` | |
| controller.metrics.serviceMonitor.annotations | object | `{}` | |
| controller.metrics.serviceMonitor.enabled | bool | `false` | | | controller.metrics.serviceMonitor.enabled | bool | `false` | |
| controller.metrics.serviceMonitor.metricRelabelings | list | `[]` | | | controller.metrics.serviceMonitor.metricRelabelings | list | `[]` | |
| controller.metrics.serviceMonitor.namespace | string | `""` | | | controller.metrics.serviceMonitor.namespace | string | `""` | |
@ -390,16 +389,29 @@ Kubernetes: `>=1.20.0-0`
| controller.metrics.serviceMonitor.relabelings | list | `[]` | | | controller.metrics.serviceMonitor.relabelings | list | `[]` | |
| controller.metrics.serviceMonitor.scrapeInterval | string | `"30s"` | | | controller.metrics.serviceMonitor.scrapeInterval | string | `"30s"` | |
| controller.metrics.serviceMonitor.targetLabels | list | `[]` | | | controller.metrics.serviceMonitor.targetLabels | list | `[]` | |
| controller.minAvailable | int | `1` | Define either 'minAvailable' or 'maxUnavailable', never both. | | controller.minAvailable | int | `1` | Minimum available pods set in PodDisruptionBudget. Define either 'minAvailable' or 'maxUnavailable', never both. |
| controller.minReadySeconds | int | `0` | `minReadySeconds` to avoid killing pods before we are ready # | | controller.minReadySeconds | int | `0` | `minReadySeconds` to avoid killing pods before we are ready # |
| controller.name | string | `"controller"` | | | controller.name | string | `"controller"` | |
| controller.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node labels for controller pod assignment # Ref: https://kubernetes.io/docs/user-guide/node-selection/ # | | controller.networkPolicy.enabled | bool | `false` | Enable 'networkPolicy' or not |
| controller.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node labels for controller pod assignment # Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ # |
| controller.opentelemetry.containerSecurityContext.allowPrivilegeEscalation | bool | `false` | | | controller.opentelemetry.containerSecurityContext.allowPrivilegeEscalation | bool | `false` | |
| controller.opentelemetry.containerSecurityContext.capabilities.drop[0] | string | `"ALL"` | |
| controller.opentelemetry.containerSecurityContext.readOnlyRootFilesystem | bool | `true` | |
| controller.opentelemetry.containerSecurityContext.runAsGroup | int | `65532` | |
| controller.opentelemetry.containerSecurityContext.runAsNonRoot | bool | `true` | |
| controller.opentelemetry.containerSecurityContext.runAsUser | int | `65532` | The image's default user, inherited from its base image `cgr.dev/chainguard/static`. |
| controller.opentelemetry.containerSecurityContext.seccompProfile.type | string | `"RuntimeDefault"` | |
| controller.opentelemetry.enabled | bool | `false` | | | controller.opentelemetry.enabled | bool | `false` | |
| controller.opentelemetry.image | string | `"registry.k8s.io/ingress-nginx/opentelemetry:v20230107-helm-chart-4.4.2-2-g96b3d2165@sha256:331b9bebd6acfcd2d3048abbdd86555f5be76b7e3d0b5af4300b04235c6056c9"` | | | controller.opentelemetry.image.digest | string | `"sha256:f7604ac0547ed64d79b98d92133234e66c2c8aade3c1f4809fed5eec1fb7f922"` | |
| controller.opentelemetry.image.distroless | bool | `true` | |
| controller.opentelemetry.image.image | string | `"ingress-nginx/opentelemetry-1.25.3"` | |
| controller.opentelemetry.image.registry | string | `"registry.k8s.io"` | |
| controller.opentelemetry.image.tag | string | `"v20240813-b933310d"` | |
| controller.opentelemetry.name | string | `"opentelemetry"` | |
| controller.opentelemetry.resources | object | `{}` | |
| controller.podAnnotations | object | `{}` | Annotations to be added to controller pods # | | controller.podAnnotations | object | `{}` | Annotations to be added to controller pods # |
| controller.podLabels | object | `{}` | Labels to add to the pod container metadata | | controller.podLabels | object | `{}` | Labels to add to the pod container metadata |
| controller.podSecurityContext | object | `{}` | Security Context policies for controller pods | | controller.podSecurityContext | object | `{}` | Security context for controller pods |
| controller.priorityClassName | string | `""` | | | controller.priorityClassName | string | `""` | |
| controller.proxySetHeaders | object | `{}` | Will add custom headers before sending traffic to backends according to https://github.com/kubernetes/ingress-nginx/tree/main/docs/examples/customization/custom-headers | | controller.proxySetHeaders | object | `{}` | Will add custom headers before sending traffic to backends according to https://github.com/kubernetes/ingress-nginx/tree/main/docs/examples/customization/custom-headers |
| controller.publishService | object | `{"enabled":true,"pathOverride":""}` | Allows customization of the source of the IP address or FQDN to report in the ingress status field. By default, it reads the information provided by the service. If disable, the status field reports the IP address of the node or nodes where an ingress controller pod is running. | | controller.publishService | object | `{"enabled":true,"pathOverride":""}` | Allows customization of the source of the IP address or FQDN to report in the ingress status field. By default, it reads the information provided by the service. If disable, the status field reports the IP address of the node or nodes where an ingress controller pod is running. |
@ -414,38 +426,58 @@ Kubernetes: `>=1.20.0-0`
| controller.readinessProbe.successThreshold | int | `1` | | | controller.readinessProbe.successThreshold | int | `1` | |
| controller.readinessProbe.timeoutSeconds | int | `1` | | | controller.readinessProbe.timeoutSeconds | int | `1` | |
| controller.replicaCount | int | `1` | | | controller.replicaCount | int | `1` | |
| controller.reportNodeInternalIp | bool | `false` | Bare-metal considerations via the host network https://kubernetes.github.io/ingress-nginx/deploy/baremetal/#via-the-host-network Ingress status was blank because there is no Service exposing the NGINX Ingress controller in a configuration using the host network, the default --publish-service flag used in standard cloud setups does not apply | | controller.reportNodeInternalIp | bool | `false` | Bare-metal considerations via the host network https://kubernetes.github.io/ingress-nginx/deploy/baremetal/#via-the-host-network Ingress status was blank because there is no Service exposing the Ingress-Nginx Controller in a configuration using the host network, the default --publish-service flag used in standard cloud setups does not apply |
| controller.resources.requests.cpu | string | `"100m"` | | | controller.resources.requests.cpu | string | `"100m"` | |
| controller.resources.requests.memory | string | `"90Mi"` | | | controller.resources.requests.memory | string | `"90Mi"` | |
| controller.scope.enabled | bool | `false` | Enable 'scope' or not | | controller.scope.enabled | bool | `false` | Enable 'scope' or not |
| controller.scope.namespace | string | `""` | Namespace to limit the controller to; defaults to $(POD_NAMESPACE) | | controller.scope.namespace | string | `""` | Namespace to limit the controller to; defaults to $(POD_NAMESPACE) |
| controller.scope.namespaceSelector | string | `""` | When scope.enabled == false, instead of watching all namespaces, we watching namespaces whose labels only match with namespaceSelector. Format like foo=bar. Defaults to empty, means watching all namespaces. | | controller.scope.namespaceSelector | string | `""` | When scope.enabled == false, instead of watching all namespaces, we watching namespaces whose labels only match with namespaceSelector. Format like foo=bar. Defaults to empty, means watching all namespaces. |
| controller.service.annotations | object | `{}` | | | controller.service.annotations | object | `{}` | Annotations to be added to the external controller service. See `controller.service.internal.annotations` for annotations to be added to the internal controller service. |
| controller.service.appProtocol | bool | `true` | If enabled is adding an appProtocol option for Kubernetes service. An appProtocol field replacing annotations that were using for setting a backend protocol. Here is an example for AWS: service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http It allows choosing the protocol for each backend specified in the Kubernetes service. See the following GitHub issue for more details about the purpose: https://github.com/kubernetes/kubernetes/issues/40244 Will be ignored for Kubernetes versions older than 1.20 # | | controller.service.appProtocol | bool | `true` | Declare the app protocol of the external HTTP and HTTPS listeners or not. Supersedes provider-specific annotations for declaring the backend protocol. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#application-protocol |
| controller.service.enableHttp | bool | `true` | | | controller.service.clusterIP | string | `""` | Pre-defined cluster internal IP address of the external controller service. Take care of collisions with existing services. This value is immutable. Set once, it can not be changed without deleting and re-creating the service. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address |
| controller.service.enableHttps | bool | `true` | | | controller.service.enableHttp | bool | `true` | Enable the HTTP listener on both controller services or not. |
| controller.service.enabled | bool | `true` | | | controller.service.enableHttps | bool | `true` | Enable the HTTPS listener on both controller services or not. |
| controller.service.external.enabled | bool | `true` | | | controller.service.enabled | bool | `true` | Enable controller services or not. This does not influence the creation of either the admission webhook or the metrics service. |
| controller.service.externalIPs | list | `[]` | List of IP addresses at which the controller services are available # Ref: https://kubernetes.io/docs/user-guide/services/#external-ips # | | controller.service.external.enabled | bool | `true` | Enable the external controller service or not. Useful for internal-only deployments. |
| controller.service.internal.annotations | object | `{}` | Annotations are mandatory for the load balancer to come up. Varies with the cloud service. | | controller.service.externalIPs | list | `[]` | List of node IP addresses at which the external controller service is available. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips |
| controller.service.internal.enabled | bool | `false` | Enables an additional internal load balancer (besides the external one). | | controller.service.externalTrafficPolicy | string | `""` | External traffic policy of the external controller service. Set to "Local" to preserve source IP on providers supporting it. Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip |
| controller.service.internal.loadBalancerSourceRanges | list | `[]` | Restrict access For LoadBalancer service. Defaults to 0.0.0.0/0. | | controller.service.internal.annotations | object | `{}` | Annotations to be added to the internal controller service. Mandatory for the internal controller service to be created. Varies with the cloud service. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer |
| controller.service.ipFamilies | list | `["IPv4"]` | List of IP families (e.g. IPv4, IPv6) assigned to the service. This field is usually assigned automatically based on cluster configuration and the ipFamilyPolicy field. # Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/ | | controller.service.internal.appProtocol | bool | `true` | Declare the app protocol of the internal HTTP and HTTPS listeners or not. Supersedes provider-specific annotations for declaring the backend protocol. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#application-protocol |
| controller.service.ipFamilyPolicy | string | `"SingleStack"` | Represents the dual-stack-ness requested or required by this Service. Possible values are SingleStack, PreferDualStack or RequireDualStack. The ipFamilies and clusterIPs fields depend on the value of this field. # Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/ | | controller.service.internal.clusterIP | string | `""` | Pre-defined cluster internal IP address of the internal controller service. Take care of collisions with existing services. This value is immutable. Set once, it can not be changed without deleting and re-creating the service. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address |
| controller.service.labels | object | `{}` | | | controller.service.internal.enabled | bool | `false` | Enable the internal controller service or not. Remember to configure `controller.service.internal.annotations` when enabling this. |
| controller.service.loadBalancerIP | string | `""` | Used by cloud providers to connect the resulting `LoadBalancer` to a pre-existing static IP according to https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer | | controller.service.internal.externalIPs | list | `[]` | List of node IP addresses at which the internal controller service is available. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips |
| controller.service.loadBalancerSourceRanges | list | `[]` | | | controller.service.internal.externalTrafficPolicy | string | `""` | External traffic policy of the internal controller service. Set to "Local" to preserve source IP on providers supporting it. Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip |
| controller.service.nodePorts.http | string | `""` | | | controller.service.internal.ipFamilies | list | `["IPv4"]` | List of IP families (e.g. IPv4, IPv6) assigned to the internal controller service. This field is usually assigned automatically based on cluster configuration and the `ipFamilyPolicy` field. Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services |
| controller.service.nodePorts.https | string | `""` | | | controller.service.internal.ipFamilyPolicy | string | `"SingleStack"` | Represents the dual-stack capabilities of the internal controller service. Possible values are SingleStack, PreferDualStack or RequireDualStack. Fields `ipFamilies` and `clusterIP` depend on the value of this field. Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services |
| controller.service.nodePorts.tcp | object | `{}` | | | controller.service.internal.loadBalancerClass | string | `""` | Load balancer class of the internal controller service. Used by cloud providers to select a load balancer implementation other than the cloud provider default. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-class |
| controller.service.nodePorts.udp | object | `{}` | | | controller.service.internal.loadBalancerIP | string | `""` | Deprecated: Pre-defined IP address of the internal controller service. Used by cloud providers to connect the resulting load balancer service to a pre-existing static IP. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer |
| controller.service.ports.http | int | `80` | | | controller.service.internal.loadBalancerSourceRanges | list | `[]` | Restrict access to the internal controller service. Values must be CIDRs. Allows any source address by default. |
| controller.service.ports.https | int | `443` | | | controller.service.internal.nodePorts.http | string | `""` | Node port allocated for the internal HTTP listener. If left empty, the service controller allocates one from the configured node port range. |
| controller.service.targetPorts.http | string | `"http"` | | | controller.service.internal.nodePorts.https | string | `""` | Node port allocated for the internal HTTPS listener. If left empty, the service controller allocates one from the configured node port range. |
| controller.service.targetPorts.https | string | `"https"` | | | controller.service.internal.nodePorts.tcp | object | `{}` | Node port mapping for internal TCP listeners. If left empty, the service controller allocates them from the configured node port range. Example: tcp: 8080: 30080 |
| controller.service.type | string | `"LoadBalancer"` | | | controller.service.internal.nodePorts.udp | object | `{}` | Node port mapping for internal UDP listeners. If left empty, the service controller allocates them from the configured node port range. Example: udp: 53: 30053 |
| controller.service.internal.ports | object | `{}` | |
| controller.service.internal.sessionAffinity | string | `""` | Session affinity of the internal controller service. Must be either "None" or "ClientIP" if set. Defaults to "None". Ref: https://kubernetes.io/docs/reference/networking/virtual-ips/#session-affinity |
| controller.service.internal.targetPorts | object | `{}` | |
| controller.service.internal.type | string | `""` | Type of the internal controller service. Defaults to the value of `controller.service.type`. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types |
| controller.service.ipFamilies | list | `["IPv4"]` | List of IP families (e.g. IPv4, IPv6) assigned to the external controller service. This field is usually assigned automatically based on cluster configuration and the `ipFamilyPolicy` field. Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services |
| controller.service.ipFamilyPolicy | string | `"SingleStack"` | Represents the dual-stack capabilities of the external controller service. Possible values are SingleStack, PreferDualStack or RequireDualStack. Fields `ipFamilies` and `clusterIP` depend on the value of this field. Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services |
| controller.service.labels | object | `{}` | Labels to be added to both controller services. |
| controller.service.loadBalancerClass | string | `""` | Load balancer class of the external controller service. Used by cloud providers to select a load balancer implementation other than the cloud provider default. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-class |
| controller.service.loadBalancerIP | string | `""` | Deprecated: Pre-defined IP address of the external controller service. Used by cloud providers to connect the resulting load balancer service to a pre-existing static IP. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer |
| controller.service.loadBalancerSourceRanges | list | `[]` | Restrict access to the external controller service. Values must be CIDRs. Allows any source address by default. |
| controller.service.nodePorts.http | string | `""` | Node port allocated for the external HTTP listener. If left empty, the service controller allocates one from the configured node port range. |
| controller.service.nodePorts.https | string | `""` | Node port allocated for the external HTTPS listener. If left empty, the service controller allocates one from the configured node port range. |
| controller.service.nodePorts.tcp | object | `{}` | Node port mapping for external TCP listeners. If left empty, the service controller allocates them from the configured node port range. Example: tcp: 8080: 30080 |
| controller.service.nodePorts.udp | object | `{}` | Node port mapping for external UDP listeners. If left empty, the service controller allocates them from the configured node port range. Example: udp: 53: 30053 |
| controller.service.ports.http | int | `80` | Port the external HTTP listener is published with. |
| controller.service.ports.https | int | `443` | Port the external HTTPS listener is published with. |
| controller.service.sessionAffinity | string | `""` | Session affinity of the external controller service. Must be either "None" or "ClientIP" if set. Defaults to "None". Ref: https://kubernetes.io/docs/reference/networking/virtual-ips/#session-affinity |
| controller.service.targetPorts.http | string | `"http"` | Port of the ingress controller the external HTTP listener is mapped to. |
| controller.service.targetPorts.https | string | `"https"` | Port of the ingress controller the external HTTPS listener is mapped to. |
| controller.service.type | string | `"LoadBalancer"` | Type of the external controller service. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types |
| controller.shareProcessNamespace | bool | `false` | | | controller.shareProcessNamespace | bool | `false` | |
| controller.sysctls | object | `{}` | See https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ for notes on enabling and using sysctls | | controller.sysctls | object | `{}` | sysctls for controller pods # Ref: https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ |
| controller.tcp.annotations | object | `{}` | Annotations to be added to the tcp config configmap | | controller.tcp.annotations | object | `{}` | Annotations to be added to the tcp config configmap |
| controller.tcp.configMapNamespace | string | `""` | Allows customization of the tcp-services-configmap; defaults to $(POD_NAMESPACE) | | controller.tcp.configMapNamespace | string | `""` | Allows customization of the tcp-services-configmap; defaults to $(POD_NAMESPACE) |
| controller.terminationGracePeriodSeconds | int | `300` | `terminationGracePeriodSeconds` to avoid killing pods before we are ready # wait up to five minutes for the drain of connections # | | controller.terminationGracePeriodSeconds | int | `300` | `terminationGracePeriodSeconds` to avoid killing pods before we are ready # wait up to five minutes for the drain of connections # |
@ -455,17 +487,18 @@ Kubernetes: `>=1.20.0-0`
| controller.udp.configMapNamespace | string | `""` | Allows customization of the udp-services-configmap; defaults to $(POD_NAMESPACE) | | controller.udp.configMapNamespace | string | `""` | Allows customization of the udp-services-configmap; defaults to $(POD_NAMESPACE) |
| controller.updateStrategy | object | `{}` | The update strategy to apply to the Deployment or DaemonSet # | | controller.updateStrategy | object | `{}` | The update strategy to apply to the Deployment or DaemonSet # |
| controller.watchIngressWithoutClass | bool | `false` | Process Ingress objects without ingressClass annotation/ingressClassName field Overrides value for --watch-ingress-without-class flag of the controller binary Defaults to false | | controller.watchIngressWithoutClass | bool | `false` | Process Ingress objects without ingressClass annotation/ingressClassName field Overrides value for --watch-ingress-without-class flag of the controller binary Defaults to false |
| defaultBackend.affinity | object | `{}` | | | defaultBackend.affinity | object | `{}` | Affinity and anti-affinity rules for server scheduling to nodes # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity |
| defaultBackend.autoscaling.annotations | object | `{}` | | | defaultBackend.autoscaling.annotations | object | `{}` | |
| defaultBackend.autoscaling.enabled | bool | `false` | | | defaultBackend.autoscaling.enabled | bool | `false` | |
| defaultBackend.autoscaling.maxReplicas | int | `2` | | | defaultBackend.autoscaling.maxReplicas | int | `2` | |
| defaultBackend.autoscaling.minReplicas | int | `1` | | | defaultBackend.autoscaling.minReplicas | int | `1` | |
| defaultBackend.autoscaling.targetCPUUtilizationPercentage | int | `50` | | | defaultBackend.autoscaling.targetCPUUtilizationPercentage | int | `50` | |
| defaultBackend.autoscaling.targetMemoryUtilizationPercentage | int | `50` | | | defaultBackend.autoscaling.targetMemoryUtilizationPercentage | int | `50` | |
| defaultBackend.containerSecurityContext | object | `{}` | Security Context policies for controller main container. See https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ for notes on enabling and using sysctls # | | defaultBackend.containerSecurityContext | object | `{}` | Security context for default backend containers |
| defaultBackend.enabled | bool | `false` | | | defaultBackend.enabled | bool | `false` | |
| defaultBackend.existingPsp | string | `""` | Use an existing PSP instead of creating one | | defaultBackend.existingPsp | string | `""` | Use an existing PSP instead of creating one |
| defaultBackend.extraArgs | object | `{}` | | | defaultBackend.extraArgs | object | `{}` | |
| defaultBackend.extraConfigMaps | list | `[]` | |
| defaultBackend.extraEnvs | list | `[]` | Additional environment variables to set for defaultBackend pods | | defaultBackend.extraEnvs | list | `[]` | Additional environment variables to set for defaultBackend pods |
| defaultBackend.extraVolumeMounts | list | `[]` | | | defaultBackend.extraVolumeMounts | list | `[]` | |
| defaultBackend.extraVolumes | list | `[]` | | | defaultBackend.extraVolumes | list | `[]` | |
@ -474,8 +507,10 @@ Kubernetes: `>=1.20.0-0`
| defaultBackend.image.pullPolicy | string | `"IfNotPresent"` | | | defaultBackend.image.pullPolicy | string | `"IfNotPresent"` | |
| defaultBackend.image.readOnlyRootFilesystem | bool | `true` | | | defaultBackend.image.readOnlyRootFilesystem | bool | `true` | |
| defaultBackend.image.registry | string | `"registry.k8s.io"` | | | defaultBackend.image.registry | string | `"registry.k8s.io"` | |
| defaultBackend.image.runAsGroup | int | `65534` | |
| defaultBackend.image.runAsNonRoot | bool | `true` | | | defaultBackend.image.runAsNonRoot | bool | `true` | |
| defaultBackend.image.runAsUser | int | `65534` | | | defaultBackend.image.runAsUser | int | `65534` | |
| defaultBackend.image.seccompProfile.type | string | `"RuntimeDefault"` | |
| defaultBackend.image.tag | string | `"1.5"` | | | defaultBackend.image.tag | string | `"1.5"` | |
| defaultBackend.labels | object | `{}` | Labels to be added to the default backend resources | | defaultBackend.labels | object | `{}` | Labels to be added to the default backend resources |
| defaultBackend.livenessProbe.failureThreshold | int | `3` | | | defaultBackend.livenessProbe.failureThreshold | int | `3` | |
@ -486,10 +521,11 @@ Kubernetes: `>=1.20.0-0`
| defaultBackend.minAvailable | int | `1` | | | defaultBackend.minAvailable | int | `1` | |
| defaultBackend.minReadySeconds | int | `0` | `minReadySeconds` to avoid killing pods before we are ready # | | defaultBackend.minReadySeconds | int | `0` | `minReadySeconds` to avoid killing pods before we are ready # |
| defaultBackend.name | string | `"defaultbackend"` | | | defaultBackend.name | string | `"defaultbackend"` | |
| defaultBackend.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node labels for default backend pod assignment # Ref: https://kubernetes.io/docs/user-guide/node-selection/ # | | defaultBackend.networkPolicy.enabled | bool | `false` | Enable 'networkPolicy' or not |
| defaultBackend.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node labels for default backend pod assignment # Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ # |
| defaultBackend.podAnnotations | object | `{}` | Annotations to be added to default backend pods # | | defaultBackend.podAnnotations | object | `{}` | Annotations to be added to default backend pods # |
| defaultBackend.podLabels | object | `{}` | Labels to add to the pod container metadata | | defaultBackend.podLabels | object | `{}` | Labels to add to the pod container metadata |
| defaultBackend.podSecurityContext | object | `{}` | Security Context policies for controller pods See https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ for notes on enabling and using sysctls # | | defaultBackend.podSecurityContext | object | `{}` | Security context for default backend pods |
| defaultBackend.port | int | `8080` | | | defaultBackend.port | int | `8080` | |
| defaultBackend.priorityClassName | string | `""` | | | defaultBackend.priorityClassName | string | `""` | |
| defaultBackend.readinessProbe.failureThreshold | int | `6` | | | defaultBackend.readinessProbe.failureThreshold | int | `6` | |
@ -500,7 +536,7 @@ Kubernetes: `>=1.20.0-0`
| defaultBackend.replicaCount | int | `1` | | | defaultBackend.replicaCount | int | `1` | |
| defaultBackend.resources | object | `{}` | | | defaultBackend.resources | object | `{}` | |
| defaultBackend.service.annotations | object | `{}` | | | defaultBackend.service.annotations | object | `{}` | |
| defaultBackend.service.externalIPs | list | `[]` | List of IP addresses at which the default backend service is available # Ref: https://kubernetes.io/docs/user-guide/services/#external-ips # | | defaultBackend.service.externalIPs | list | `[]` | List of IP addresses at which the default backend service is available # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips # |
| defaultBackend.service.loadBalancerSourceRanges | list | `[]` | | | defaultBackend.service.loadBalancerSourceRanges | list | `[]` | |
| defaultBackend.service.servicePort | int | `80` | | | defaultBackend.service.servicePort | int | `80` | |
| defaultBackend.service.type | string | `"ClusterIP"` | | | defaultBackend.service.type | string | `"ClusterIP"` | |
@ -508,9 +544,11 @@ Kubernetes: `>=1.20.0-0`
| defaultBackend.serviceAccount.create | bool | `true` | | | defaultBackend.serviceAccount.create | bool | `true` | |
| defaultBackend.serviceAccount.name | string | `""` | | | defaultBackend.serviceAccount.name | string | `""` | |
| defaultBackend.tolerations | list | `[]` | Node tolerations for server scheduling to nodes with taints # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ # | | defaultBackend.tolerations | list | `[]` | Node tolerations for server scheduling to nodes with taints # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ # |
| defaultBackend.topologySpreadConstraints | list | `[]` | Topology spread constraints rely on node labels to identify the topology domain(s) that each Node is in. Ref.: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ |
| defaultBackend.updateStrategy | object | `{}` | The update strategy to apply to the Deployment or DaemonSet # | | defaultBackend.updateStrategy | object | `{}` | The update strategy to apply to the Deployment or DaemonSet # |
| dhParam | string | `nil` | A base64-encoded Diffie-Hellman parameter. This can be generated with: `openssl dhparam 4096 2> /dev/null | base64` # Ref: https://github.com/kubernetes/ingress-nginx/tree/main/docs/examples/customization/ssl-dh-param | | dhParam | string | `""` | A base64-encoded Diffie-Hellman parameter. This can be generated with: `openssl dhparam 4096 2> /dev/null | base64` # Ref: https://github.com/kubernetes/ingress-nginx/tree/main/docs/examples/customization/ssl-dh-param |
| imagePullSecrets | list | `[]` | Optional array of imagePullSecrets containing private registry credentials # Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ | | imagePullSecrets | list | `[]` | Optional array of imagePullSecrets containing private registry credentials # Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ |
| namespaceOverride | string | `""` | Override the deployment namespace; defaults to .Release.Namespace |
| podSecurityPolicy.enabled | bool | `false` | | | podSecurityPolicy.enabled | bool | `false` | |
| portNamePrefix | string | `""` | Prefix for TCP and UDP ports names in ingress controller service # Some cloud providers, like Yandex Cloud may have a requirements for a port name regex to support cloud load balancer integration | | portNamePrefix | string | `""` | Prefix for TCP and UDP ports names in ingress controller service # Some cloud providers, like Yandex Cloud may have a requirements for a port name regex to support cloud load balancer integration |
| rbac.create | bool | `true` | | | rbac.create | bool | `true` | |
@ -522,4 +560,3 @@ Kubernetes: `>=1.20.0-0`
| serviceAccount.name | string | `""` | | | serviceAccount.name | string | `""` | |
| tcp | object | `{}` | TCP service key-value pairs # Ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/exposing-tcp-udp-services.md # | | tcp | object | `{}` | TCP service key-value pairs # Ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/exposing-tcp-udp-services.md # |
| udp | object | `{}` | UDP service key-value pairs # Ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/exposing-tcp-udp-services.md # | | udp | object | `{}` | UDP service key-value pairs # Ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/exposing-tcp-udp-services.md # |

47
charts/ingress-nginx/README.md.gotmpl
View file

@ -7,10 +7,7 @@ To use, add `ingressClassName: nginx` spec field or the `kubernetes.io/ingress.c
This chart bootstraps an ingress-nginx deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. This chart bootstraps an ingress-nginx deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
## Prerequisites {{ template "chart.requirementsSection" . }}
- Chart version 3.x.x: Kubernetes v1.16+
- Chart version 4.x.x and above: Kubernetes v1.19+
## Get Repo Info ## Get Repo Info
@ -51,10 +48,6 @@ helm upgrade [RELEASE_NAME] [CHART] --install
_See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documentation._ _See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documentation._
### Upgrading With Zero Downtime in Production
By default the ingress-nginx controller has service interruptions whenever it's pods are restarted or redeployed. In order to fix that, see the excellent blog post by Lindsay Landry from Codecademy: [Kubernetes: Nginx and Zero Downtime in Production](https://medium.com/codecademy-engineering/kubernetes-nginx-and-zero-downtime-in-production-2c910c6a5ed8).
### Migrating from stable/nginx-ingress ### Migrating from stable/nginx-ingress
There are two main ways to migrate a release from `stable/nginx-ingress` to `ingress-nginx/ingress-nginx` chart: There are two main ways to migrate a release from `stable/nginx-ingress` to `ingress-nginx/ingress-nginx` chart:
@ -65,7 +58,6 @@ There are two main ways to migrate a release from `stable/nginx-ingress` to `ing
1. Redirect your DNS traffic from the old controller to the new controller 1. Redirect your DNS traffic from the old controller to the new controller
1. Log traffic from both controllers during this changeover 1. Log traffic from both controllers during this changeover
1. [Uninstall](#uninstall-chart) the old controller once traffic has fully drained from it 1. [Uninstall](#uninstall-chart) the old controller once traffic has fully drained from it
1. For details on all of these steps see [Upgrading With Zero Downtime in Production](#upgrading-with-zero-downtime-in-production)
Note that there are some different and upgraded configurations between the two charts, described by Rimas Mocevicius from JFrog in the "Upgrading to ingress-nginx Helm chart" section of [Migrating from Helm chart nginx-ingress to ingress-nginx](https://rimusz.net/migrating-to-ingress-nginx). As the `ingress-nginx/ingress-nginx` chart continues to update, you will want to check current differences by running [helm configuration](#configuration) commands on both charts. Note that there are some different and upgraded configurations between the two charts, described by Rimas Mocevicius from JFrog in the "Upgrading to ingress-nginx Helm chart" section of [Migrating from Helm chart nginx-ingress to ingress-nginx](https://rimusz.net/migrating-to-ingress-nginx). As the `ingress-nginx/ingress-nginx` chart continues to update, you will want to check current differences by running [helm configuration](#configuration) commands on both charts.
@ -84,14 +76,14 @@ else it would make it impossible to evacuate a node. See [gh issue #7127](https:
### Prometheus Metrics ### Prometheus Metrics
The Nginx ingress controller can export Prometheus metrics, by setting `controller.metrics.enabled` to `true`. The Ingress-Nginx Controller can export Prometheus metrics, by setting `controller.metrics.enabled` to `true`.
You can add Prometheus annotations to the metrics service using `controller.metrics.service.annotations`. You can add Prometheus annotations to the metrics service using `controller.metrics.service.annotations`.
Alternatively, if you use the Prometheus Operator, you can enable ServiceMonitor creation using `controller.metrics.serviceMonitor.enabled`. And set `controller.metrics.serviceMonitor.additionalLabels.release="prometheus"`. "release=prometheus" should match the label configured in the prometheus servicemonitor ( see `kubectl get servicemonitor prometheus-kube-prom-prometheus -oyaml -n prometheus`) Alternatively, if you use the Prometheus Operator, you can enable ServiceMonitor creation using `controller.metrics.serviceMonitor.enabled`. And set `controller.metrics.serviceMonitor.additionalLabels.release="prometheus"`. "release=prometheus" should match the label configured in the prometheus servicemonitor ( see `kubectl get servicemonitor prometheus-kube-prom-prometheus -oyaml -n prometheus`)
### ingress-nginx nginx\_status page/stats server ### ingress-nginx nginx\_status page/stats server
Previous versions of this chart had a `controller.stats.*` configuration block, which is now obsolete due to the following changes in nginx ingress controller: Previous versions of this chart had a `controller.stats.*` configuration block, which is now obsolete due to the following changes in Ingress-Nginx Controller:
- In [0.16.1](https://github.com/kubernetes/ingress-nginx/blob/main/Changelog.md#0161), the vts (virtual host traffic status) dashboard was removed - In [0.16.1](https://github.com/kubernetes/ingress-nginx/blob/main/Changelog.md#0161), the vts (virtual host traffic status) dashboard was removed
- In [0.23.0](https://github.com/kubernetes/ingress-nginx/blob/main/Changelog.md#0230), the status page at port 18080 is now a unix socket webserver only available at localhost. - In [0.23.0](https://github.com/kubernetes/ingress-nginx/blob/main/Changelog.md#0230), the status page at port 18080 is now a unix socket webserver only available at localhost.
@ -99,7 +91,7 @@ Previous versions of this chart had a `controller.stats.*` configuration block,
### ExternalDNS Service Configuration ### ExternalDNS Service Configuration
Add an [ExternalDNS](https://github.com/kubernetes-incubator/external-dns) annotation to the LoadBalancer service: Add an [ExternalDNS](https://github.com/kubernetes-sigs/external-dns) annotation to the LoadBalancer service:
```yaml ```yaml
controller: controller:
@ -125,19 +117,6 @@ controller:
service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: '3600' service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: '3600'
``` ```
### AWS route53-mapper
To configure the LoadBalancer service with the [route53-mapper addon](https://github.com/kubernetes/kops/blob/be63d4f1a7a46daaf1c4c482527328236850f111/addons/route53-mapper/README.md), add the `domainName` annotation and `dns` label:
```yaml
controller:
service:
labels:
dns: "route53"
annotations:
domainName: "kubernetes-example.com"
```
### Additional Internal Load Balancer ### Additional Internal Load Balancer
This setup is useful when you need both external and internal load balancers but don't want to have multiple ingress controllers and multiple ingress objects per application. This setup is useful when you need both external and internal load balancers but don't want to have multiple ingress controllers and multiple ingress objects per application.
@ -161,8 +140,10 @@ controller:
internal: internal:
enabled: true enabled: true
annotations: annotations:
# Create internal ELB # Create internal NLB
service.beta.kubernetes.io/aws-load-balancer-internal: "true" service.beta.kubernetes.io/aws-load-balancer-scheme: "internal"
# Create internal ELB(Deprecated)
# service.beta.kubernetes.io/aws-load-balancer-internal: "true"
# Any other annotation can be declared here. # Any other annotation can be declared here.
``` ```
@ -205,13 +186,15 @@ controller:
# Any other annotation can be declared here. # Any other annotation can be declared here.
``` ```
The load balancer annotations of more cloud service providers can be found: [Internal load balancer](https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer).
An use case for this scenario is having a split-view DNS setup where the public zone CNAME records point to the external balancer URL while the private zone CNAME records point to the internal balancer URL. This way, you only need one ingress kubernetes object. An use case for this scenario is having a split-view DNS setup where the public zone CNAME records point to the external balancer URL while the private zone CNAME records point to the internal balancer URL. This way, you only need one ingress kubernetes object.
Optionally you can set `controller.service.loadBalancerIP` if you need a static IP for the resulting `LoadBalancer`. Optionally you can set `controller.service.loadBalancerIP` if you need a static IP for the resulting `LoadBalancer`.
### Ingress Admission Webhooks ### Ingress Admission Webhooks
With nginx-ingress-controller version 0.25+, the nginx ingress controller pod exposes an endpoint that will integrate with the `validatingwebhookconfiguration` Kubernetes feature to prevent bad ingress from being added to the cluster. With nginx-ingress-controller version 0.25+, the Ingress-Nginx Controller pod exposes an endpoint that will integrate with the `validatingwebhookconfiguration` Kubernetes feature to prevent bad ingress from being added to the cluster.
**This feature is enabled by default since 0.31.0.** **This feature is enabled by default since 0.31.0.**
With nginx-ingress-controller in 0.25.* work only with kubernetes 1.14+, 0.26 fix [this issue](https://github.com/kubernetes/ingress-nginx/pull/4521) With nginx-ingress-controller in 0.25.* work only with kubernetes 1.14+, 0.26 fix [this issue](https://github.com/kubernetes/ingress-nginx/pull/4521)
@ -220,14 +203,14 @@ With nginx-ingress-controller in 0.25.* work only with kubernetes 1.14+, 0.26 fi
A validating and configuration requires the endpoint to which the request is sent to use TLS. It is possible to set up custom certificates to do this, but in most cases, a self-signed certificate is enough. The setup of this component requires some more complex orchestration when using helm. The steps are created to be idempotent and to allow turning the feature on and off without running into helm quirks. A validating and configuration requires the endpoint to which the request is sent to use TLS. It is possible to set up custom certificates to do this, but in most cases, a self-signed certificate is enough. The setup of this component requires some more complex orchestration when using helm. The steps are created to be idempotent and to allow turning the feature on and off without running into helm quirks.
1. A pre-install hook provisions a certificate into the same namespace using a format compatible with provisioning using end user certificates. If the certificate already exists, the hook exits. 1. A pre-install hook provisions a certificate into the same namespace using a format compatible with provisioning using end user certificates. If the certificate already exists, the hook exits.
2. The ingress nginx controller pod is configured to use a TLS proxy container, which will load that certificate. 2. The Ingress-Nginx Controller pod is configured to use a TLS proxy container, which will load that certificate.
3. Validating and Mutating webhook configurations are created in the cluster. 3. Validating and Mutating webhook configurations are created in the cluster.
4. A post-install hook reads the CA from the secret created by step 1 and patches the Validating and Mutating webhook configurations. This process will allow a custom CA provisioned by some other process to also be patched into the webhook configurations. The chosen failure policy is also patched into the webhook configurations 4. A post-install hook reads the CA from the secret created by step 1 and patches the Validating and Mutating webhook configurations. This process will allow a custom CA provisioned by some other process to also be patched into the webhook configurations. The chosen failure policy is also patched into the webhook configurations
#### Alternatives #### Alternatives
It should be possible to use [cert-manager/cert-manager](https://github.com/cert-manager/cert-manager) if a more complete solution is required. It should be possible to use [cert-manager/cert-manager](https://github.com/cert-manager/cert-manager) if a more complete solution is required.
You can enable automatic self-signed TLS certificate provisioning via cert-manager by setting the `controller.admissionWebhooks.certManager.enable` value to true. You can enable automatic self-signed TLS certificate provisioning via cert-manager by setting the `controller.admissionWebhooks.certManager.enabled` value to true.
Please ensure that cert-manager is correctly installed and configured. Please ensure that cert-manager is correctly installed and configured.
@ -243,8 +226,4 @@ Detail of how and why are in [this issue](https://github.com/helm/charts/pull/13
As of version `1.26.0` of this chart, by simply not providing any clusterIP value, `invalid: spec.clusterIP: Invalid value: "": field is immutable` will no longer occur since `clusterIP: ""` will not be rendered. As of version `1.26.0` of this chart, by simply not providing any clusterIP value, `invalid: spec.clusterIP: Invalid value: "": field is immutable` will no longer occur since `clusterIP: ""` will not be rendered.
{{ template "chart.requirementsSection" . }}
{{ template "chart.valuesSection" . }} {{ template "chart.valuesSection" . }}
{{ template "helm-docs.versionFooter" . }}

9
charts/ingress-nginx/changelog/helm-chart-2.10.0.md Normal file
View file

@ -0,0 +1,9 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 2.10.0
* [#5843](https://github.com/kubernetes/ingress-nginx/pull/5843) Update jettech/kube-webhook-certgen image
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-2.9.1...ingress-nginx-2.10.0

10
charts/ingress-nginx/changelog/helm-chart-2.11.0.md Normal file
View file

@ -0,0 +1,10 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 2.11.0
* [#5879](https://github.com/kubernetes/ingress-nginx/pull/5879) Update helm chart for v0.34.0
* [#5671](https://github.com/kubernetes/ingress-nginx/pull/5671) Make liveness probe more fault tolerant than readiness probe
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-2.10.0...ingress-nginx-2.11.0

9
charts/ingress-nginx/changelog/helm-chart-2.11.1.md Normal file
View file

@ -0,0 +1,9 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 2.11.1
* [#5900](https://github.com/kubernetes/ingress-nginx/pull/5900) Release helm chart for v0.34.1
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-2.11.0...ingress-nginx-2.11.1

9
charts/ingress-nginx/changelog/helm-chart-2.11.2.md Normal file
View file

@ -0,0 +1,9 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 2.11.2
* [#5951](https://github.com/kubernetes/ingress-nginx/pull/5951) Bump chart patch version
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-2.11.1...ingress-nginx-2.11.2

9
charts/ingress-nginx/changelog/helm-chart-2.11.3.md Normal file
View file

@ -0,0 +1,9 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 2.11.3
* [#6038](https://github.com/kubernetes/ingress-nginx/pull/6038) Bump chart version PATCH
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-2.11.2...ingress-nginx-2.11.3

10
charts/ingress-nginx/changelog/helm-chart-2.12.0.md Normal file
View file

@ -0,0 +1,10 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 2.12.0
* [#6039](https://github.com/kubernetes/ingress-nginx/pull/6039) Add configurable serviceMonitor metricRelabelling and targetLabels
* [#6044](https://github.com/kubernetes/ingress-nginx/pull/6044) Fix YAML linting
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-2.11.3...ingress-nginx-2.12.0

9
charts/ingress-nginx/changelog/helm-chart-2.12.1.md Normal file
View file

@ -0,0 +1,9 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 2.12.1
* [#6075](https://github.com/kubernetes/ingress-nginx/pull/6075) Sync helm chart affinity examples
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-2.12.0...ingress-nginx-2.12.1

10
charts/ingress-nginx/changelog/helm-chart-2.13.0.md Normal file
View file

@ -0,0 +1,10 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 2.13.0
* [#6093](https://github.com/kubernetes/ingress-nginx/pull/6093) Release v0.35.0
* [#6080](https://github.com/kubernetes/ingress-nginx/pull/6080) Switch images to k8s.gcr.io after Vanity Domain Flip
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-2.12.1...ingress-nginx-2.13.0

9
charts/ingress-nginx/changelog/helm-chart-2.14.0.md Normal file
View file

@ -0,0 +1,9 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 2.14.0
* [#6104](https://github.com/kubernetes/ingress-nginx/pull/6104) Misc fixes for nginx-ingress chart for better keel and prometheus-operator integration
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-2.13.0...ingress-nginx-2.14.0

9
charts/ingress-nginx/changelog/helm-chart-2.15.0.md Normal file
View file

@ -0,0 +1,9 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 2.15.0
* [#6087](https://github.com/kubernetes/ingress-nginx/pull/6087) Adding parameter for externalTrafficPolicy in internal controller service spec
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-2.14.0...ingress-nginx-2.15.0

9
charts/ingress-nginx/changelog/helm-chart-2.16.0.md Normal file
View file

@ -0,0 +1,9 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 2.16.0
* [#6154](https://github.com/kubernetes/ingress-nginx/pull/6154) add `topologySpreadConstraint` to controller
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-2.15.0...ingress-nginx-2.16.0

9
charts/ingress-nginx/changelog/helm-chart-2.9.0.md Normal file
View file

@ -0,0 +1,9 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 2.9.0
* [#5795](https://github.com/kubernetes/ingress-nginx/pull/5795) Use fully qualified images to avoid cri-o issues
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-TODO...ingress-nginx-2.9.0

9
charts/ingress-nginx/changelog/helm-chart-2.9.1.md Normal file
View file

@ -0,0 +1,9 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 2.9.1
* [#5823](https://github.com/kubernetes/ingress-nginx/pull/5823) Add quoting to sysctls because numeric values need to be presented as strings (#5823)
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-2.9.0...ingress-nginx-2.9.1

9
charts/ingress-nginx/changelog/helm-chart-3.0.0.md Normal file
View file

@ -0,0 +1,9 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 3.0.0
* [#6167](https://github.com/kubernetes/ingress-nginx/pull/6167) Update chart requirements
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-2.16.0...ingress-nginx-3.0.0

9
charts/ingress-nginx/changelog/helm-chart-3.10.0.md Normal file
View file

@ -0,0 +1,9 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 3.10.0
* Fix routing regression introduced in 0.41.0 with PathType Exact
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-3.9.0...ingress-nginx-3.10.0

9
charts/ingress-nginx/changelog/helm-chart-3.10.1.md Normal file
View file

@ -0,0 +1,9 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 3.10.1
* Fix regression introduced in 0.41.0 with external authentication
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-3.10.0...ingress-nginx-3.10.1

9
charts/ingress-nginx/changelog/helm-chart-3.11.0.md Normal file
View file

@ -0,0 +1,9 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 3.11.0
* Support Keda Autoscaling
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-3.10.1...ingress-nginx-3.11.0

9
charts/ingress-nginx/changelog/helm-chart-3.11.1.md Normal file
View file

@ -0,0 +1,9 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 3.11.1
* [#6505](https://github.com/kubernetes/ingress-nginx/pull/6505) Reorder HPA resource list to work with GitOps tooling
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-3.11.0...ingress-nginx-3.11.1

9
charts/ingress-nginx/changelog/helm-chart-3.12.0.md Normal file
View file

@ -0,0 +1,9 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 3.12.0
* [#6514](https://github.com/kubernetes/ingress-nginx/pull/6514) Remove helm2 support and update docs
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-3.11.1...ingress-nginx-3.12.0

9
charts/ingress-nginx/changelog/helm-chart-3.13.0.md Normal file
View file

@ -0,0 +1,9 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 3.13.0
* [#6544](https://github.com/kubernetes/ingress-nginx/pull/6544) Fix default backend HPA name variable
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-3.12.0...ingress-nginx-3.13.0

9
charts/ingress-nginx/changelog/helm-chart-3.14.0.md Normal file
View file

@ -0,0 +1,9 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 3.14.0
* [#6469](https://github.com/kubernetes/ingress-nginx/pull/6469) Allow custom service names for controller and backend
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-3.13.0...ingress-nginx-3.14.0

9
charts/ingress-nginx/changelog/helm-chart-3.15.0.md Normal file
View file

@ -0,0 +1,9 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 3.15.0
* [#6586](https://github.com/kubernetes/ingress-nginx/pull/6586) Fix 'maxmindLicenseKey' location in values.yaml
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-3.14.0...ingress-nginx-3.15.0

9
charts/ingress-nginx/changelog/helm-chart-3.15.1.md Normal file
View file

@ -0,0 +1,9 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 3.15.1
* Fix chart-releaser action
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-3.15.0...ingress-nginx-3.15.1

9
charts/ingress-nginx/changelog/helm-chart-3.16.0.md Normal file
View file

@ -0,0 +1,9 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 3.16.0
* [#6646](https://github.com/kubernetes/ingress-nginx/pull/6646) Added LoadBalancerIP value for internal service
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-3.15.1...helm-chart-3.16.0

9
charts/ingress-nginx/changelog/helm-chart-3.16.1.md Normal file
View file

@ -0,0 +1,9 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 3.16.1
* Fix chart-releaser action
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-3.16.0...helm-chart-3.16.1

9
charts/ingress-nginx/changelog/helm-chart-3.17.0.md Normal file
View file

@ -0,0 +1,9 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 3.17.0
* Update ingress-nginx v0.42.0
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-3.16.1...helm-chart-3.17.0

10
charts/ingress-nginx/changelog/helm-chart-3.18.0.md Normal file
View file

@ -0,0 +1,10 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 3.18.0
* [#6688](https://github.com/kubernetes/ingress-nginx/pull/6688) Allow volume-type emptyDir in controller podsecuritypolicy
* [#6691](https://github.com/kubernetes/ingress-nginx/pull/6691) Improve parsing of helm parameters
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-3.17.0...helm-chart-3.18.0

9
charts/ingress-nginx/changelog/helm-chart-3.19.0.md Normal file
View file

@ -0,0 +1,9 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 3.19.0
* Update ingress-nginx v0.43.0
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-3.18.0...helm-chart-3.19.0

9
charts/ingress-nginx/changelog/helm-chart-3.20.0.md Normal file
View file

@ -0,0 +1,9 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 3.20.0
* [#6730](https://github.com/kubernetes/ingress-nginx/pull/6730) Do not create HPA for defaultBackend if not enabled.
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-3.19.0...helm-chart-3.20.0

10
charts/ingress-nginx/changelog/helm-chart-3.20.1.md Normal file
View file

@ -0,0 +1,10 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 3.20.1
* Do not create KEDA in case of DaemonSets.
* Fix KEDA v2 definition
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-3.20.0...helm-chart-3.20.1

12
charts/ingress-nginx/changelog/helm-chart-3.21.0.md Normal file
View file

@ -0,0 +1,12 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 3.21.0
* [#6783](https://github.com/kubernetes/ingress-nginx/pull/6783) Add custom annotations to ScaledObject
* [#6761](https://github.com/kubernetes/ingress-nginx/pull/6761) Adding quotes in the serviceAccount name in Helm values
* [#6767](https://github.com/kubernetes/ingress-nginx/pull/6767) Remove ClusterRole when scope option is enabled
* [#6785](https://github.com/kubernetes/ingress-nginx/pull/6785) Update kube-webhook-certgen image to v1.5.1
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-3.20.1...helm-chart-3.21.0

10
charts/ingress-nginx/changelog/helm-chart-3.22.0.md Normal file
View file

@ -0,0 +1,10 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 3.22.0
* [#6802](https://github.com/kubernetes/ingress-nginx/pull/6802) Add value for configuring a custom Diffie-Hellman parameters file
* [#6815](https://github.com/kubernetes/ingress-nginx/pull/6815) Allow use of numeric namespaces in helm chart
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-3.21.0...helm-chart-3.22.0

9
charts/ingress-nginx/changelog/helm-chart-3.23.0.md Normal file
View file

@ -0,0 +1,9 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 3.23.0
* Update ingress-nginx v0.44.0
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-3.22.0...helm-chart-3.23.0

9
charts/ingress-nginx/changelog/helm-chart-3.24.0.md Normal file
View file

@ -0,0 +1,9 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 3.24.0
* [#6908](https://github.com/kubernetes/ingress-nginx/pull/6908) Add volumes to default-backend deployment
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-3.23.0...helm-chart-3.24.0

Some files were not shown because too many files have changed in this diff Show more