DevFW-CICD/ingress-nginx-helm
12
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Resolve conflicts

Browse source
This commit is contained in:
Bo0km4n 2020-06-20 17:13:31 +09:00
commit 7ab0916c92
161 changed files with 2159 additions and 1223 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.github/actions/mkdocs/Dockerfile vendored
View file

@ -1,4 +1,4 @@
FROM squidfunk/mkdocs-material:5.1.0 FROM squidfunk/mkdocs-material:5.2.3
COPY action.sh /action.sh COPY action.sh /action.sh

4
.luacheckrc
View file

@ -1,7 +1,5 @@
std = 'ngx_lua' std = 'ngx_lua'
globals = { max_line_length = 100
'_TEST'
}
exclude_files = {'./rootfs/etc/nginx/lua/test/**/*.lua', './rootfs/etc/nginx/lua/plugins/**/test/**/*.lua'} exclude_files = {'./rootfs/etc/nginx/lua/test/**/*.lua', './rootfs/etc/nginx/lua/plugins/**/test/**/*.lua'}
files["rootfs/etc/nginx/lua/lua_ingress.lua"] = { files["rootfs/etc/nginx/lua/lua_ingress.lua"] = {
ignore = { "122" }, ignore = { "122" },

82
Changelog.md
View file

@ -1,5 +1,87 @@
# Changelog # Changelog
### 0.33.0
**Image:** `quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.33.0`
_New Features:_
- NGINX 1.19.0
- TLSv1.3 is enabled by default
- Experimental support for s390x
- Allow combination of NGINX variables in annotation [upstream-hash-by](https://github.com/kubernetes/ingress-nginx/pull/5571)
- New setting to configure different access logs for http and stream sections: [http-access-log-path](https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#http-access-log-path) and [stream-access-log-path](https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#stream-access-log-path) options in configMap
_Deprecations:_
- Setting [access-log-path](https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#access-log-path) is deprecated and will be removed in 0.35.0. Please use [http-access-log-path](https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#http-access-log-path) and [stream-access-log-path](https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#stream-access-log-path)
_Changes:_
- [X] [#5463](https://github.com/kubernetes/ingress-nginx/pull/5463) Wait before any request to the ingress controller pod
- [X] [#5488](https://github.com/kubernetes/ingress-nginx/pull/5488) Update kind
- [X] [#5491](https://github.com/kubernetes/ingress-nginx/pull/5491) Actually enable TLSv1.3 by default
- [X] [#5494](https://github.com/kubernetes/ingress-nginx/pull/5494) Add configuration option for the runAsUser parameter of the webhook patch job
- [X] [#5503](https://github.com/kubernetes/ingress-nginx/pull/5503) Update job-patchWebhook.yaml
- [X] [#5504](https://github.com/kubernetes/ingress-nginx/pull/5504) Add configuration option for the imagePullSecrets in the webhook jobs
- [X] [#5505](https://github.com/kubernetes/ingress-nginx/pull/5505) Update helm chart
- [X] [#5516](https://github.com/kubernetes/ingress-nginx/pull/5516) build: remove unnecessary tag line in e2e
- [X] [#5522](https://github.com/kubernetes/ingress-nginx/pull/5522) Remove duplicate annotation parsing for annotationAffinityCookieChangeOnFailure
- [X] [#5534](https://github.com/kubernetes/ingress-nginx/pull/5534) Add annotation ssl-prefer-server-ciphers.
- [X] [#5536](https://github.com/kubernetes/ingress-nginx/pull/5536) Fix error setting $service_name NGINX variable
- [X] [#5553](https://github.com/kubernetes/ingress-nginx/pull/5553) Check service If publish-service flag is defined
- [X] [#5571](https://github.com/kubernetes/ingress-nginx/pull/5571) feat: support the combination of Nginx variables for annotation upstream-hash-by.
- [X] [#5572](https://github.com/kubernetes/ingress-nginx/pull/5572) [chart] Add toleration support for admission webhooks
- [X] [#5578](https://github.com/kubernetes/ingress-nginx/pull/5578) Use image promoter to push images to gcr
- [X] [#5582](https://github.com/kubernetes/ingress-nginx/pull/5582) Allow pulling images by digest
- [X] [#5584](https://github.com/kubernetes/ingress-nginx/pull/5584) Add note about initial delay during first start
- [X] [#5586](https://github.com/kubernetes/ingress-nginx/pull/5586) Add MaxMind GeoIP2 Anonymous IP support
- [X] [#5589](https://github.com/kubernetes/ingress-nginx/pull/5589) Do not reload NGINX if master process dies
- [X] [#5596](https://github.com/kubernetes/ingress-nginx/pull/5596) Update go dependencies
- [X] [#5603](https://github.com/kubernetes/ingress-nginx/pull/5603) Update nginx to 1.19.0
- [X] [#5604](https://github.com/kubernetes/ingress-nginx/pull/5604) Update debian-base image
- [X] [#5606](https://github.com/kubernetes/ingress-nginx/pull/5606) Update nginx image and go to 1.14.3
- [X] [#5613](https://github.com/kubernetes/ingress-nginx/pull/5613) fix oauth2-proxy image repository
- [X] [#5614](https://github.com/kubernetes/ingress-nginx/pull/5614) Add support for s390x
- [X] [#5619](https://github.com/kubernetes/ingress-nginx/pull/5619) Use new multi-arch nginx image
- [X] [#5621](https://github.com/kubernetes/ingress-nginx/pull/5621) Update terraform build images
- [X] [#5624](https://github.com/kubernetes/ingress-nginx/pull/5624) feat: add lj-releng tool to check Lua code for finding the potential problems
- [X] [#5625](https://github.com/kubernetes/ingress-nginx/pull/5625) Update nginx image to use alpine 3.12
- [X] [#5626](https://github.com/kubernetes/ingress-nginx/pull/5626) Update nginx image
- [X] [#5629](https://github.com/kubernetes/ingress-nginx/pull/5629) Build multi-arch images by default
- [X] [#5630](https://github.com/kubernetes/ingress-nginx/pull/5630) Fix makefile task names
- [X] [#5631](https://github.com/kubernetes/ingress-nginx/pull/5631) Update e2e image
- [X] [#5632](https://github.com/kubernetes/ingress-nginx/pull/5632) Update buildx progress configuration
- [X] [#5636](https://github.com/kubernetes/ingress-nginx/pull/5636) Enable coredumps for e2e tests
- [X] [#5637](https://github.com/kubernetes/ingress-nginx/pull/5637) Refactor build of docker images
- [X] [#5641](https://github.com/kubernetes/ingress-nginx/pull/5641) Add missing ARCH variable
- [X] [#5642](https://github.com/kubernetes/ingress-nginx/pull/5642) Fix dev-env makefile task
- [X] [#5643](https://github.com/kubernetes/ingress-nginx/pull/5643) Fix build of image on osx
- [X] [#5644](https://github.com/kubernetes/ingress-nginx/pull/5644) Remove copy of binaries and deprecated e2e task
- [X] [#5656](https://github.com/kubernetes/ingress-nginx/pull/5656) feat: add http-access-log-path and stream-access-log-path options in configMap
- [X] [#5659](https://github.com/kubernetes/ingress-nginx/pull/5659) Update cloud-build configuration
- [X] [#5660](https://github.com/kubernetes/ingress-nginx/pull/5660) Set missing USER in cloud-build
- [X] [#5661](https://github.com/kubernetes/ingress-nginx/pull/5661) Add missing REPO_INFO en variable to cloud-build
- [X] [#5662](https://github.com/kubernetes/ingress-nginx/pull/5662) Increase cloud-build timeout
- [X] [#5663](https://github.com/kubernetes/ingress-nginx/pull/5663) Fix cloud-timeout setting
- [X] [#5664](https://github.com/kubernetes/ingress-nginx/pull/5664) fix undefined variable $auth_cookie error due to when location is denied
- [X] [#5665](https://github.com/kubernetes/ingress-nginx/pull/5665) Fix: improve performance
- [X] [#5669](https://github.com/kubernetes/ingress-nginx/pull/5669) Serve correct TLS certificate for requests with uppercase host
- [X] [#5672](https://github.com/kubernetes/ingress-nginx/pull/5672) feat: enable lj-releng tool to lint lua code.
- [X] [#5684](https://github.com/kubernetes/ingress-nginx/pull/5684) Fix proxy_protocol duplication in listen definition
_Documentation:_
- [X] [#5487](https://github.com/kubernetes/ingress-nginx/pull/5487) Add note about firewall ports for admission webhook
- [X] [#5512](https://github.com/kubernetes/ingress-nginx/pull/5512) Wrong filename in documantation example
- [X] [#5563](https://github.com/kubernetes/ingress-nginx/pull/5563) Use ingress-nginx-* naming in docs to match the default deployments
- [X] [#5566](https://github.com/kubernetes/ingress-nginx/pull/5566) Update configmap name in custom-headers/README.md
- [X] [#5639](https://github.com/kubernetes/ingress-nginx/pull/5639) Update timeout to align values
- [X] [#5646](https://github.com/kubernetes/ingress-nginx/pull/5646) Add minor doc fixes to user guide and chart readme
- [X] [#5652](https://github.com/kubernetes/ingress-nginx/pull/5652) Add documentation for loading e2e tests without using minikube
- [X] [#5677](https://github.com/kubernetes/ingress-nginx/pull/5677) Add URL to official grafana dashboards
- [X] [#5682](https://github.com/kubernetes/ingress-nginx/pull/5682) Fix typo
### 0.32.0 ### 0.32.0
**Image:** `quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.32.0` **Image:** `quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.32.0`

104
Makefile
View file

@ -27,7 +27,7 @@ endif
SHELL=/bin/bash -o pipefail -o errexit SHELL=/bin/bash -o pipefail -o errexit
# Use the 0.0 tag for testing, it shouldn't clobber any release builds # Use the 0.0 tag for testing, it shouldn't clobber any release builds
TAG ?= 0.32.0 TAG ?= 0.33.0
# Use docker to run makefile tasks # Use docker to run makefile tasks
USE_DOCKER ?= true USE_DOCKER ?= true
@ -42,7 +42,7 @@ endif
# Allow limiting the scope of the e2e tests. By default run everything # Allow limiting the scope of the e2e tests. By default run everything
FOCUS ?= .* FOCUS ?= .*
# number of parallel test # number of parallel test
E2E_NODES ?= 14 E2E_NODES ?= 10
# slow test only if takes > 50s # slow test only if takes > 50s
SLOW_E2E_THRESHOLD ?= 50 SLOW_E2E_THRESHOLD ?= 50
# run e2e test suite with tests that check for memory leaks? (default is false) # run e2e test suite with tests that check for memory leaks? (default is false)
@ -61,76 +61,30 @@ endif
REGISTRY ?= quay.io/kubernetes-ingress-controller REGISTRY ?= quay.io/kubernetes-ingress-controller
BASE_IMAGE ?= quay.io/kubernetes-ingress-controller/nginx BASE_IMAGE ?= quay.io/kubernetes-ingress-controller/nginx:e3c49c52f4b74fe47ad65d6f3266a02e8b6b622f
BASE_TAG ?= 5d67794f4fbf38ec6575476de46201b068eabf87
GOARCH=$(ARCH) GOARCH=$(ARCH)
GOBUILD_FLAGS := -v
# use vendor directory instead of go modules https://github.com/golang/go/wiki/Modules # use vendor directory instead of go modules https://github.com/golang/go/wiki/Modules
GO111MODULE=off GO111MODULE=off
TEMP_DIR := $(shell mktemp -d)
DOCKERFILE := $(TEMP_DIR)/rootfs/Dockerfile
help: ## Display this help help: ## Display this help
@awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n make \033[36m<target>\033[0m\n"} /^[a-zA-Z_-]+:.*?##/ { printf " \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST) @awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n make \033[36m<target>\033[0m\n"} /^[a-zA-Z_-]+:.*?##/ { printf " \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST)
# internal task .PHONY: image
.PHONY: sub-container-% image: clean-image ## Build image for a particular arch.
sub-container-%:
$(MAKE) ARCH=$* build container
# internal task
.PHONY: sub-push-%
sub-push-%: ## Publish image for a particular arch.
$(MAKE) ARCH=$* push
.PHONY: container
container: clean-container .container-$(ARCH) ## Build image for a particular arch.
# internal task to build image for a particular arch.
.PHONY: .container-$(ARCH)
.container-$(ARCH): init-docker-buildx
mkdir -p $(TEMP_DIR)/rootfs
cp bin/$(ARCH)/nginx-ingress-controller $(TEMP_DIR)/rootfs/nginx-ingress-controller
cp bin/$(ARCH)/dbg $(TEMP_DIR)/rootfs/dbg
cp bin/$(ARCH)/wait-shutdown $(TEMP_DIR)/rootfs/wait-shutdown
cp -RP rootfs/* $(TEMP_DIR)/rootfs
echo "Building docker image ($(ARCH))..." echo "Building docker image ($(ARCH))..."
# buildx assumes images are multi-arch @docker build \
docker buildx build \
--pull \
--load \
--no-cache \ --no-cache \
--progress plain \ --build-arg BASE_IMAGE="$(BASE_IMAGE)" \
--platform linux/$(ARCH) \
--build-arg BASE_IMAGE="$(BASE_IMAGE)-$(ARCH):$(BASE_TAG)" \
--build-arg VERSION="$(TAG)" \ --build-arg VERSION="$(TAG)" \
-t $(REGISTRY)/nginx-ingress-controller-${ARCH}:$(TAG) $(TEMP_DIR)/rootfs --build-arg TARGETARCH="$(ARCH)" \
-t $(REGISTRY)/nginx-ingress-controller:$(TAG) rootfs
.PHONY: clean-container .PHONY: clean-image
clean-container: ## Removes local image clean-image: ## Removes local image
echo "removing old image $(BASE_IMAGE)-$(ARCH):$(TAG)" echo "removing old image $(REGISTRY)/nginx-ingress-controller:$(TAG)"
@docker rmi -f $(BASE_IMAGE)-$(ARCH):$(TAG) || true @docker rmi -f $(REGISTRY)/nginx-ingress-controller:$(TAG) || true
.PHONY: push
push: .push-$(ARCH) ## Publish image for a particular arch.
# internal task
.PHONY: .push-$(ARCH)
.push-$(ARCH):
docker push $(REGISTRY)/nginx-ingress-controller-${ARCH}:$(TAG)
.PHONY: push-manifest
push-manifest:
docker manifest create $(REGISTRY)/nginx-ingress-controller:$(TAG) \
$(REGISTRY)/nginx-ingress-controller-amd64:$(TAG) \
$(REGISTRY)/nginx-ingress-controller-arm:$(TAG) \
$(REGISTRY)/nginx-ingress-controller-arm64:$(TAG)
docker manifest push --purge $(REGISTRY)/nginx-ingress-controller:$(TAG)
.PHONY: build .PHONY: build
build: check-go-version ## Build ingress controller, debug tool and pre-stop hook. build: check-go-version ## Build ingress controller, debug tool and pre-stop hook.
@ -204,10 +158,6 @@ endif
e2e-test: check-go-version ## Run e2e tests (expects access to a working Kubernetes cluster). e2e-test: check-go-version ## Run e2e tests (expects access to a working Kubernetes cluster).
@build/run-e2e-suite.sh @build/run-e2e-suite.sh
.PHONY: e2e-test-image
e2e-test-image: ## Build image for e2e tests.
@make -C test/e2e-image
.PHONY: e2e-test-binary .PHONY: e2e-test-binary
e2e-test-binary: check-go-version ## Build ginkgo binary for e2e tests. e2e-test-binary: check-go-version ## Build ginkgo binary for e2e tests.
ifeq ($(USE_DOCKER), true) ifeq ($(USE_DOCKER), true)
@ -255,7 +205,10 @@ dev-env-stop: ## Deletes local Kubernetes cluster created by kind.
.PHONY: live-docs .PHONY: live-docs
live-docs: ## Build and launch a local copy of the documentation website in http://localhost:3000 live-docs: ## Build and launch a local copy of the documentation website in http://localhost:3000
@docker run --rm -it -p 8000:8000 -v ${PWD}:/docs squidfunk/mkdocs-material:5.1.0 @docker run --rm -it \
-p 8000:8000 \
-v ${PWD}:/docs \
squidfunk/mkdocs-material:5.2.3
.PHONY: misspell .PHONY: misspell
misspell: check-go-version ## Check for spelling errors. misspell: check-go-version ## Check for spelling errors.
@ -292,7 +245,7 @@ ifeq ($(DIND_TASKS),)
ifneq ($(shell docker buildx 2>&1 >/dev/null; echo $?),) ifneq ($(shell docker buildx 2>&1 >/dev/null; echo $?),)
$(error "buildx not available. Docker 19.03 or higher is required with experimental features enabled") $(error "buildx not available. Docker 19.03 or higher is required with experimental features enabled")
endif endif
docker run --rm --privileged docker/binfmt:66f9012c56a8316f9244ffd7622d7c21c1f6f28d docker run --rm --privileged docker/binfmt:a7996909642ee92942dcd6cff44b9b95f08dad64
docker buildx create --name ingress-nginx --use || true docker buildx create --name ingress-nginx --use || true
docker buildx inspect --bootstrap docker buildx inspect --bootstrap
endif endif
@ -300,3 +253,24 @@ endif
.PHONY: show-version .PHONY: show-version
show-version: show-version:
echo -n $(TAG) echo -n $(TAG)
PLATFORMS ?= amd64 arm arm64 s390x
EMPTY :=
SPACE := $(EMPTY) $(EMPTY)
COMMA := ,
.PHONY: release # Build a multi-arch docker image
release: init-docker-buildx clean
echo "Building binaries..."
$(foreach PLATFORM,$(PLATFORMS), echo -n "$(PLATFORM)..."; ARCH=$(PLATFORM) make build;)
echo "Building and pushing ingress-nginx image..."
@docker buildx build \
--no-cache \
--push \
--progress plain \
--platform $(subst $(SPACE),$(COMMA),$(PLATFORMS)) \
--build-arg BASE_IMAGE="$(BASE_IMAGE)" \
--build-arg VERSION="$(TAG)" \
-t $(REGISTRY)/nginx-ingress-controller:$(TAG) rootfs

4
build/build-ingress-controller.sh
View file

@ -38,9 +38,7 @@ if [ ! -f "${ENV_FILE}" ]; then
fi fi
# build local terraform image to build nginx # build local terraform image to build nginx
docker buildx build \ docker build \
--load \
--platform linux/amd64 \
--tag build-ingress-controller-terraform $DIR/images/ingress-controller --tag build-ingress-controller-terraform $DIR/images/ingress-controller
# build nginx and publish docker images to quay.io. # build nginx and publish docker images to quay.io.

7
build/build-nginx-image.sh
View file

@ -37,12 +37,7 @@ if [ ! -f "${ENV_FILE}" ]; then
exit 1 exit 1
fi fi
# build local terraform image to build nginx docker build \
export DOCKER_CLI_EXPERIMENTAL=enabled
docker buildx build \
--load \
--no-cache \
--platform linux/amd64 \
--tag build-nginx-terraform $DIR/images/nginx --tag build-nginx-terraform $DIR/images/nginx
# build nginx and publish docker images to quay.io. # build nginx and publish docker images to quay.io.

10
build/build.sh
View file

@ -47,26 +47,22 @@ export CGO_ENABLED=0
export GOARCH=${ARCH} export GOARCH=${ARCH}
go build \ go build \
"${GOBUILD_FLAGS}" \
-ldflags "-s -w \ -ldflags "-s -w \
-X ${PKG}/version.RELEASE=${TAG} \ -X ${PKG}/version.RELEASE=${TAG} \
-X ${PKG}/version.COMMIT=${GIT_COMMIT} \ -X ${PKG}/version.COMMIT=${GIT_COMMIT} \
-X ${PKG}/version.REPO=${REPO_INFO}" \ -X ${PKG}/version.REPO=${REPO_INFO}" \
-o "bin/${ARCH}/nginx-ingress-controller" "${PKG}/cmd/nginx" -o "rootfs/bin/${ARCH}/nginx-ingress-controller" "${PKG}/cmd/nginx"
go build \ go build \
"${GOBUILD_FLAGS}" \
-ldflags "-s -w \ -ldflags "-s -w \
-X ${PKG}/version.RELEASE=${TAG} \ -X ${PKG}/version.RELEASE=${TAG} \
-X ${PKG}/version.COMMIT=${GIT_COMMIT} \ -X ${PKG}/version.COMMIT=${GIT_COMMIT} \
-X ${PKG}/version.REPO=${REPO_INFO}" \ -X ${PKG}/version.REPO=${REPO_INFO}" \
-o "bin/${ARCH}/dbg" "${PKG}/cmd/dbg" -o "rootfs/bin/${ARCH}/dbg" "${PKG}/cmd/dbg"
go build \ go build \
"${GOBUILD_FLAGS}" \
-ldflags "-s -w \ -ldflags "-s -w \
-X ${PKG}/version.RELEASE=${TAG} \ -X ${PKG}/version.RELEASE=${TAG} \
-X ${PKG}/version.COMMIT=${GIT_COMMIT} \ -X ${PKG}/version.COMMIT=${GIT_COMMIT} \
-X ${PKG}/version.REPO=${REPO_INFO}" \ -X ${PKG}/version.REPO=${REPO_INFO}" \
-o "bin/${ARCH}/wait-shutdown" "${PKG}/cmd/waitshutdown" -o "rootfs/bin/${ARCH}/wait-shutdown" "${PKG}/cmd/waitshutdown"

7
build/dev-env.sh
View file

@ -25,7 +25,6 @@ set -o pipefail
DIR=$(cd $(dirname "${BASH_SOURCE}") && pwd -P) DIR=$(cd $(dirname "${BASH_SOURCE}") && pwd -P)
export TAG=1.0.0-dev export TAG=1.0.0-dev
export ARCH=amd64
export REGISTRY=${REGISTRY:-ingress-controller} export REGISTRY=${REGISTRY:-ingress-controller}
DEV_IMAGE=${REGISTRY}/nginx-ingress-controller:${TAG} DEV_IMAGE=${REGISTRY}/nginx-ingress-controller:${TAG}
@ -57,9 +56,9 @@ if [[ ${KUBE_CLIENT_VERSION} -lt 14 ]]; then
exit 1 exit 1
fi fi
echo "[dev-env] building container" echo "[dev-env] building image"
make build container make build image
docker tag "${REGISTRY}/nginx-ingress-controller-${ARCH}:${TAG}" "${DEV_IMAGE}" docker tag "${REGISTRY}/nginx-ingress-controller:${TAG}" "${DEV_IMAGE}"
export K8S_VERSION=${K8S_VERSION:-v1.18.0@sha256:0e20578828edd939d25eb98496a685c76c98d54084932f76069f886ec315d694} export K8S_VERSION=${K8S_VERSION:-v1.18.0@sha256:0e20578828edd939d25eb98496a685c76c98d54084932f76069f886ec315d694}

8
build/images/ingress-controller/.dockerignore
View file

@ -1 +1,9 @@
*.tfvars *.tfvars
*.tfvars
.terraform*
terraform*
*.tfstate
*.tfstate.backup
id_rsa*
aws.tfvars
env.tfvars

5
build/images/ingress-controller/Dockerfile
View file

@ -1,6 +1,6 @@
FROM k8s.gcr.io/debian-base:v2.0.0 FROM us.gcr.io/k8s-artifacts-prod/build-image/debian-base-amd64:v2.1.0
ENV TERRAFORM_VERSION 0.12.19 ENV TERRAFORM_VERSION 0.12.26
RUN clean-install \ RUN clean-install \
bash \ bash \
@ -8,6 +8,7 @@ RUN clean-install \
ca-certificates \ ca-certificates \
unzip \ unzip \
git \ git \
python3 \
openssh-client openssh-client
RUN curl -sSL -o /terraform.zip "https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_linux_amd64.zip" \ RUN curl -sSL -o /terraform.zip "https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_linux_amd64.zip" \

25
build/images/ingress-controller/build-ingress-controller.sh → build/images/ingress-controller/build.sh
View file

@ -34,16 +34,10 @@ source_tfvars /tmp/env
export DEBIAN_FRONTEND=noninteractive export DEBIAN_FRONTEND=noninteractive
apt -q=3 update apt update
apt dist-upgrade --yes
apt -q=3 dist-upgrade --yes apt install \
add-apt-repository universe --yes
add-apt-repository multiverse --yes
apt -q=3 update
apt -q=3 install \
apt-transport-https \ apt-transport-https \
ca-certificates \ ca-certificates \
curl \ curl \
@ -58,16 +52,15 @@ add-apt-repository \
$(lsb_release -cs) \ $(lsb_release -cs) \
stable" --yes stable" --yes
apt -q=3 update apt update
apt install docker-ce --yes
apt -q=3 install docker-ce --yes
echo ${docker_password} | docker login -u ${docker_username} --password-stdin quay.io echo ${docker_password} | docker login -u ${docker_username} --password-stdin quay.io
curl -sL -o /usr/local/bin/gimme https://raw.githubusercontent.com/travis-ci/gimme/master/gimme curl -sL -o /usr/local/bin/gimme https://raw.githubusercontent.com/travis-ci/gimme/master/gimme
chmod +x /usr/local/bin/gimme chmod +x /usr/local/bin/gimme
eval "$(gimme 1.14.2)" eval "$(gimme 1.14.3)"
export GOPATH="/tmp/go" export GOPATH="/tmp/go"
@ -89,9 +82,9 @@ docker buildx use ingress-nginx --default --global
export DIND_TASKS=0 export DIND_TASKS=0
echo "Building NGINX image..." echo "Building NGINX image..."
ARCH=amd64 make build container push ARCH=amd64 make build image push
ARCH=arm make build container push ARCH=arm make build image push
ARCH=arm64 make build container push ARCH=arm64 make build image push
echo "Creating multi-arch images..." echo "Creating multi-arch images..."
make push-manifest make push-manifest

8
build/images/ingress-controller/entrypoint.sh
View file

@ -35,8 +35,14 @@ trap 'catch $? $LINENO' ERR
terraform init terraform init
GET_UNTIL_VALID="
from datetime import datetime, timedelta
two_hours_from_now = datetime.utcnow() + timedelta(hours=2)
print(two_hours_from_now.strftime('%Y-%m-%dT%H:%M:%SZ'))
"
# destroy spot instance after two hours # destroy spot instance after two hours
EC2_VALID_UNTIL=$(date -d "+2 hours" +%Y-%m-%dT%H:%M:%SZ) EC2_VALID_UNTIL=$(python3 -c "$GET_UNTIL_VALID")
terraform plan \ terraform plan \
-var-file /root/aws.tfvars \ -var-file /root/aws.tfvars \

8
build/images/ingress-controller/main.tf
View file

@ -165,8 +165,8 @@ resource "aws_spot_instance_request" "build_worker" {
} }
provisioner "file" { provisioner "file" {
source = "build-ingress-controller.sh" source = "build.sh"
destination = "/tmp/build-ingress-controller.sh" destination = "/tmp/build.sh"
} }
provisioner "file" { provisioner "file" {
@ -177,8 +177,8 @@ resource "aws_spot_instance_request" "build_worker" {
provisioner "remote-exec" { provisioner "remote-exec" {
inline = [ inline = [
"echo Building ingress controller images...", "echo Building ingress controller images...",
"chmod +x /tmp/build-ingress-controller.sh", "chmod +x /tmp/build.sh",
"sudo /tmp/build-ingress-controller.sh", "sudo /tmp/build.sh",
] ]
} }
} }

2
build/images/ingress-controller/variables.tf
View file

@ -44,7 +44,7 @@ variable "ssh_public_key_path" {
variable "instance_type" { variable "instance_type" {
description = "EC2 instance" description = "EC2 instance"
default = "c5.18xlarge" default = "c5.xlarge"
} }
variable "project_tag" { variable "project_tag" {

7
build/images/nginx/.dockerignore
View file

@ -1 +1,8 @@
*.tfvars *.tfvars
.terraform*
terraform*
*.tfstate
*.tfstate.backup
id_rsa*
aws.tfvars
env.tfvars

5
build/images/nginx/Dockerfile
View file

@ -1,6 +1,6 @@
FROM k8s.gcr.io/debian-base:v2.0.0 FROM us.gcr.io/k8s-artifacts-prod/build-image/debian-base-amd64:v2.1.0
ENV TERRAFORM_VERSION 0.12.19 ENV TERRAFORM_VERSION 0.12.26
RUN clean-install \ RUN clean-install \
bash \ bash \
@ -8,6 +8,7 @@ RUN clean-install \
ca-certificates \ ca-certificates \
unzip \ unzip \
git \ git \
python3 \
openssh-client openssh-client
RUN curl -sSL -o /terraform.zip "https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_linux_amd64.zip" \ RUN curl -sSL -o /terraform.zip "https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_linux_amd64.zip" \

25
build/images/nginx/build-nginx.sh → build/images/nginx/build.sh
View file

@ -35,16 +35,11 @@ source_tfvars /tmp/env
export DEBIAN_FRONTEND=noninteractive export DEBIAN_FRONTEND=noninteractive
export AR_FLAGS=cr export AR_FLAGS=cr
apt -q=3 update apt update
apt dist-upgrade --yes
apt update
apt -q=3 dist-upgrade --yes apt install \
add-apt-repository universe --yes
add-apt-repository multiverse --yes
apt -q=3 update
apt -q=3 install \
apt-transport-https \ apt-transport-https \
ca-certificates \ ca-certificates \
curl \ curl \
@ -59,21 +54,15 @@ add-apt-repository \
$(lsb_release -cs) \ $(lsb_release -cs) \
stable" --yes stable" --yes
apt -q=3 update apt update
apt -q=3 install docker-ce --yes apt install docker-ce --yes
export DOCKER_CLI_EXPERIMENTAL=enabled export DOCKER_CLI_EXPERIMENTAL=enabled
echo ${docker_password} | docker login -u ${docker_username} --password-stdin quay.io echo ${docker_password} | docker login -u ${docker_username} --password-stdin quay.io
curl -sL -o /usr/local/bin/gimme https://raw.githubusercontent.com/travis-ci/gimme/master/gimme
chmod +x /usr/local/bin/gimme
eval "$(gimme 1.14.2)"
git clone https://github.com/kubernetes/ingress-nginx git clone https://github.com/kubernetes/ingress-nginx
cd ingress-nginx/images/nginx cd ingress-nginx/images/nginx
export TAG=$(git rev-parse HEAD) export TAG=$(git rev-parse HEAD)
@ -82,4 +71,4 @@ make init-docker-buildx
docker buildx use ingress-nginx --default --global docker buildx use ingress-nginx --default --global
echo "Building NGINX images..." echo "Building NGINX images..."
make release make image

8
build/images/nginx/entrypoint.sh
View file

@ -35,8 +35,14 @@ trap 'catch $? $LINENO' ERR
terraform init terraform init
GET_UNTIL_VALID="
from datetime import datetime, timedelta
two_hours_from_now = datetime.utcnow() + timedelta(hours=2)
print(two_hours_from_now.strftime('%Y-%m-%dT%H:%M:%SZ'))
"
# destroy spot instance after two hours # destroy spot instance after two hours
EC2_VALID_UNTIL=$(date -d "+2 hours" +%Y-%m-%dT%H:%M:%SZ) EC2_VALID_UNTIL=$(python3 -c "$GET_UNTIL_VALID")
terraform plan \ terraform plan \
-var-file /root/aws.tfvars \ -var-file /root/aws.tfvars \

8
build/images/nginx/main.tf
View file

@ -165,8 +165,8 @@ resource "aws_spot_instance_request" "build_worker" {
} }
provisioner "file" { provisioner "file" {
source = "build-nginx.sh" source = "build.sh"
destination = "/tmp/build-nginx.sh" destination = "/tmp/build.sh"
} }
provisioner "file" { provisioner "file" {
@ -177,8 +177,8 @@ resource "aws_spot_instance_request" "build_worker" {
provisioner "remote-exec" { provisioner "remote-exec" {
inline = [ inline = [
"echo Building nginx images...", "echo Building nginx images...",
"chmod +x /tmp/build-nginx.sh", "chmod +x /tmp/build.sh",
"sudo /tmp/build-nginx.sh", "sudo /tmp/build.sh",
] ]
} }
} }

2
build/images/nginx/variables.tf
View file

@ -44,7 +44,7 @@ variable "ssh_public_key_path" {
variable "instance_type" { variable "instance_type" {
description = "EC2 instance" description = "EC2 instance"
default = "c5.18xlarge" default = "c5.24xlarge"
} }
variable "project_tag" { variable "project_tag" {

1
build/run-e2e-suite.sh
View file

@ -74,7 +74,6 @@ echo -e "Starting the e2e test pod"
kubectl run --rm \ kubectl run --rm \
--attach \ --attach \
--restart=Never \ --restart=Never \
--generator=run-pod/v1 \
--env="E2E_NODES=${E2E_NODES}" \ --env="E2E_NODES=${E2E_NODES}" \
--env="FOCUS=${FOCUS}" \ --env="FOCUS=${FOCUS}" \
--env="E2E_CHECK_LEAKS=${E2E_CHECK_LEAKS}" \ --env="E2E_CHECK_LEAKS=${E2E_CHECK_LEAKS}" \

2
build/run-in-docker.sh
View file

@ -34,7 +34,7 @@ function cleanup {
} }
trap cleanup EXIT trap cleanup EXIT
E2E_IMAGE=quay.io/kubernetes-ingress-controller/e2e:v04212020-5d67794f4 E2E_IMAGE=${E2E_IMAGE:-quay.io/kubernetes-ingress-controller/e2e:v05312020-d250b97b4}
DOCKER_OPTS=${DOCKER_OPTS:-} DOCKER_OPTS=${DOCKER_OPTS:-}

2
build/run-ingress-controller.sh
View file

@ -76,7 +76,7 @@ if [[ "${USE_EXISTING_IMAGE}" == "true" ]]; then
docker pull "${IMAGE}-${ARCH}:${TAG}" docker pull "${IMAGE}-${ARCH}:${TAG}"
else else
echo -e "${BGREEN}Building ingress controller image${NC}" echo -e "${BGREEN}Building ingress controller image${NC}"
make -C "${KUBE_ROOT}" build "sub-container-${ARCH}" make -C "${KUBE_ROOT}" build "sub-image-${ARCH}"
fi fi
CONTEXT=$(kubectl config current-context) CONTEXT=$(kubectl config current-context)

4
charts/ingress-nginx/Chart.yaml
View file

@ -1,7 +1,7 @@
apiVersion: v1 apiVersion: v1
name: ingress-nginx name: ingress-nginx
version: 2.1.0 version: 2.7.0
appVersion: 0.32.0 appVersion: 0.33.0
home: https://github.com/kubernetes/ingress-nginx home: https://github.com/kubernetes/ingress-nginx
description: Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer description: Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer
icon: https://upload.wikimedia.org/wikipedia/commons/thumb/c/c5/Nginx_logo.svg/500px-Nginx_logo.svg.png icon: https://upload.wikimedia.org/wikipedia/commons/thumb/c/c5/Nginx_logo.svg/500px-Nginx_logo.svg.png

54
charts/ingress-nginx/README.md
View file

@ -49,6 +49,7 @@ Parameter | Description | Default
--- | --- | --- --- | --- | ---
`controller.image.repository` | controller container image repository | `quay.io/kubernetes-ingress-controller/nginx-ingress-controller` `controller.image.repository` | controller container image repository | `quay.io/kubernetes-ingress-controller/nginx-ingress-controller`
`controller.image.tag` | controller container image tag | `0.30.0` `controller.image.tag` | controller container image tag | `0.30.0`
`controller.image.digest` | controller container image digest | `""`
`controller.image.pullPolicy` | controller container image pull policy | `IfNotPresent` `controller.image.pullPolicy` | controller container image pull policy | `IfNotPresent`
`controller.image.runAsUser` | User ID of the controller process. Value depends on the Linux distribution used inside of the container image. | `101` `controller.image.runAsUser` | User ID of the controller process. Value depends on the Linux distribution used inside of the container image. | `101`
`controller.containerPort.http` | The port that the controller container listens on for http connections. | `80` `controller.containerPort.http` | The port that the controller container listens on for http connections. | `80`
@ -78,6 +79,7 @@ Parameter | Description | Default
`controller.autoscaling.maxReplicas` | If autoscaling enabled, this field sets maximum replica count | `11` `controller.autoscaling.maxReplicas` | If autoscaling enabled, this field sets maximum replica count | `11`
`controller.autoscaling.targetCPUUtilizationPercentage` | Target CPU utilization percentage to scale | `"50"` `controller.autoscaling.targetCPUUtilizationPercentage` | Target CPU utilization percentage to scale | `"50"`
`controller.autoscaling.targetMemoryUtilizationPercentage` | Target memory utilization percentage to scale | `"50"` `controller.autoscaling.targetMemoryUtilizationPercentage` | Target memory utilization percentage to scale | `"50"`
`controller.autoscaling.autoscalingTemplate` | If autoscaling template provided, creates custom autoscaling metric | false
`controller.hostPort.enabled` | This enable `hostPort` for ports defined in TCP/80 and TCP/443 | false `controller.hostPort.enabled` | This enable `hostPort` for ports defined in TCP/80 and TCP/443 | false
`controller.hostPort.ports.http` | If `controller.hostPort.enabled` is `true` and this is non-empty, it sets the hostPort | `"80"` `controller.hostPort.ports.http` | If `controller.hostPort.enabled` is `true` and this is non-empty, it sets the hostPort | `"80"`
`controller.hostPort.ports.https` | If `controller.hostPort.enabled` is `true` and this is non-empty, it sets the hostPort | `"443"` `controller.hostPort.ports.https` | If `controller.hostPort.enabled` is `true` and this is non-empty, it sets the hostPort | `"443"`
@ -89,15 +91,16 @@ Parameter | Description | Default
`controller.podAnnotations` | annotations to be added to pods | `{}` `controller.podAnnotations` | annotations to be added to pods | `{}`
`controller.podLabels` | labels to add to the pod container metadata | `{}` `controller.podLabels` | labels to add to the pod container metadata | `{}`
`controller.podSecurityContext` | Security context policies to add to the controller pod | `{}` `controller.podSecurityContext` | Security context policies to add to the controller pod | `{}`
`controller.sysctls` | Map of optional sysctls to enable in the controller and in the PodSecurityPolicy | `{}`
`controller.replicaCount` | desired number of controller pods | `1` `controller.replicaCount` | desired number of controller pods | `1`
`controller.minAvailable` | minimum number of available controller pods for PodDisruptionBudget | `1` `controller.minAvailable` | minimum number of available controller pods for PodDisruptionBudget | `1`
`controller.resources` | controller pod resource requests & limits | `{}` `controller.resources` | controller pod resource requests & limits | `{}`
`controller.priorityClassName` | controller priorityClassName | `nil` `controller.priorityClassName` | controller priorityClassName | `nil`
`controller.lifecycle` | controller pod lifecycle hooks | `{}` `controller.lifecycle` | controller pod lifecycle hooks | `{}`
`controller.publishService.enabled` | if true, the controller will set the endpoint records on the ingress objects to reflect those on the service | `true`
`controller.publishService.pathOverride` | override of the default publish-service name | `""`
`controller.service.annotations` | annotations for controller service | `{}` `controller.service.annotations` | annotations for controller service | `{}`
`controller.service.labels` | labels for controller service | `{}` `controller.service.labels` | labels for controller service | `{}`
`controller.publishService.enabled` | if true, the controller will set the endpoint records on the ingress objects to reflect those on the service | `false`
`controller.publishService.pathOverride` | override of the default publish-service name | `""`
`controller.service.enabled` | if disabled no service will be created. This is especially useful when `controller.kind` is set to `DaemonSet` and `controller.hostPorts.enabled` is `true` | true `controller.service.enabled` | if disabled no service will be created. This is especially useful when `controller.kind` is set to `DaemonSet` and `controller.hostPorts.enabled` is `true` | true
`controller.service.clusterIP` | internal controller cluster service IP (set to `"-"` to pass an empty value) | `nil` `controller.service.clusterIP` | internal controller cluster service IP (set to `"-"` to pass an empty value) | `nil`
`controller.service.omitClusterIP` | (Deprecated) To omit the `clusterIP` from the controller service | `false` `controller.service.omitClusterIP` | (Deprecated) To omit the `clusterIP` from the controller service | `false`
@ -118,6 +121,8 @@ Parameter | Description | Default
`controller.service.nodePorts.https` | If `controller.service.type` is either `NodePort` or `LoadBalancer` and this is non-empty, it sets the nodePort that maps to the Ingress' port 443 | `""` `controller.service.nodePorts.https` | If `controller.service.type` is either `NodePort` or `LoadBalancer` and this is non-empty, it sets the nodePort that maps to the Ingress' port 443 | `""`
`controller.service.nodePorts.tcp` | Sets the nodePort for an entry referenced by its key from `tcp` | `{}` `controller.service.nodePorts.tcp` | Sets the nodePort for an entry referenced by its key from `tcp` | `{}`
`controller.service.nodePorts.udp` | Sets the nodePort for an entry referenced by its key from `udp` | `{}` `controller.service.nodePorts.udp` | Sets the nodePort for an entry referenced by its key from `udp` | `{}`
`controller.service.internal.enabled` | Enables an (additional) internal load balancer | false
`controller.service.internal.annotations` | Annotations for configuring the additional internal load balancer | `{}`
`controller.livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 10 `controller.livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 10
`controller.livenessProbe.periodSeconds` | How often to perform the probe | 10 `controller.livenessProbe.periodSeconds` | How often to perform the probe | 10
`controller.livenessProbe.timeoutSeconds` | When the probe times out | 5 `controller.livenessProbe.timeoutSeconds` | When the probe times out | 5
@ -164,10 +169,12 @@ Parameter | Description | Default
`controller.admissionWebhooks.patch.enabled` | If true, will use a pre and post install hooks to generate a CA and certificate to use for the prometheus operator tls proxy, and patch the created webhooks with the CA. | `true` `controller.admissionWebhooks.patch.enabled` | If true, will use a pre and post install hooks to generate a CA and certificate to use for the prometheus operator tls proxy, and patch the created webhooks with the CA. | `true`
`controller.admissionWebhooks.patch.image.repository` | Repository to use for the webhook integration jobs | `jettech/kube-webhook-certgen` `controller.admissionWebhooks.patch.image.repository` | Repository to use for the webhook integration jobs | `jettech/kube-webhook-certgen`
`controller.admissionWebhooks.patch.image.tag` | Tag to use for the webhook integration jobs | `v1.2.0` `controller.admissionWebhooks.patch.image.tag` | Tag to use for the webhook integration jobs | `v1.2.0`
`controller.admissionWebhooks.patch.image.digest` | Digest to use for the webhook integration jobs | `""`
`controller.admissionWebhooks.patch.image.pullPolicy` | Image pull policy for the webhook integration jobs | `IfNotPresent` `controller.admissionWebhooks.patch.image.pullPolicy` | Image pull policy for the webhook integration jobs | `IfNotPresent`
`controller.admissionWebhooks.patch.priorityClassName` | Priority class for the webhook integration jobs | `""` `controller.admissionWebhooks.patch.priorityClassName` | Priority class for the webhook integration jobs | `""`
`controller.admissionWebhooks.patch.podAnnotations` | Annotations for the webhook job pods | `{}` `controller.admissionWebhooks.patch.podAnnotations` | Annotations for the webhook job pods | `{}`
`controller.admissionWebhooks.patch.nodeSelector` | Node selector for running admission hook patch jobs | `{}` `controller.admissionWebhooks.patch.nodeSelector` | Node selector for running admission hook patch jobs | `{}`
`controller.admissionWebhooks.patch.tolerations` | Node taints/tolerations for running admission hook patch jobs | `[]`
`controller.customTemplate.configMapName` | configMap containing a custom nginx template | `""` `controller.customTemplate.configMapName` | configMap containing a custom nginx template | `""`
`controller.customTemplate.configMapKey` | configMap key containing the nginx template | `""` `controller.customTemplate.configMapKey` | configMap key containing the nginx template | `""`
`controller.addHeaders` | configMap key:value pairs containing [custom headers](https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#add-headers) added before sending response to the client | `{}` `controller.addHeaders` | configMap key:value pairs containing [custom headers](https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#add-headers) added before sending response to the client | `{}`
@ -182,6 +189,7 @@ Parameter | Description | Default
`defaultBackend.enabled` | Use default backend component | `false` `defaultBackend.enabled` | Use default backend component | `false`
`defaultBackend.image.repository` | default backend container image repository | `k8s.gcr.io/defaultbackend-amd64` `defaultBackend.image.repository` | default backend container image repository | `k8s.gcr.io/defaultbackend-amd64`
`defaultBackend.image.tag` | default backend container image tag | `1.5` `defaultBackend.image.tag` | default backend container image tag | `1.5`
`defaultBackend.image.digest` | default backend container image digest | `""`
`defaultBackend.image.pullPolicy` | default backend container image pull policy | `IfNotPresent` `defaultBackend.image.pullPolicy` | default backend container image pull policy | `IfNotPresent`
`defaultBackend.image.runAsUser` | User ID of the controller process. Value depends on the Linux distribution used inside of the container image. By default uses nobody user. | `65534` `defaultBackend.image.runAsUser` | User ID of the controller process. Value depends on the Linux distribution used inside of the container image. By default uses nobody user. | `65534`
`defaultBackend.extraArgs` | Additional default backend container arguments | `{}` `defaultBackend.extraArgs` | Additional default backend container arguments | `{}`
@ -310,6 +318,48 @@ controller:
domainName: "kubernetes-example.com" domainName: "kubernetes-example.com"
``` ```
## Additional internal load balancer
This setup is useful when you need both external and internal load balancers but don't want to have multiple ingress controllers and multiple ingress objects per application.
By default, the ingress object will point to the external load balancer address, but if correctly configured, you can make use of the internal one if the URL you are looking up resolves to the internal load balancer's URL.
You'll need to set both the following values:
`controller.service.internal.enabled`
`controller.service.internal.annotations`
If one of them is missing the internal load balancer will not be deployed. Example you may have `controller.service.internal.enabled=true` but no annotations set, in this case no action will be taken.
`controller.service.internal.annotations` varies with the cloud service you're using.
Example for AWS
```
controller:
service:
internal:
enabled: true
annotations:
# Create internal ELB
service.beta.kubernetes.io/aws-load-balancer-internal: 0.0.0.0/0
# Any other annotation can be declared here.
```
Example for GCE
```
controller:
service:
internal:
enabled: true
annotations:
# Create internal LB
cloud.google.com/load-balancer-type: "Internal"
# Any other annotation can be declared here.
```
An use case for this scenario is having a split-view DNS setup where the public zone CNAME records point to the external balancer URL while the private zone CNAME records point to the internal balancer URL. This way, you only need one ingress kubernetes object.
## Ingress Admission Webhooks ## Ingress Admission Webhooks
With nginx-ingress-controller version 0.25+, the nginx ingress controller pod exposes an endpoint that will integrate with the `validatingwebhookconfiguration` Kubernetes feature to prevent bad ingress from being added to the cluster. With nginx-ingress-controller version 0.25+, the nginx ingress controller pod exposes an endpoint that will integrate with the `validatingwebhookconfiguration` Kubernetes feature to prevent bad ingress from being added to the cluster.

10
charts/ingress-nginx/ci/daemonset-internal-lb-values.yaml Normal file
View file

@ -0,0 +1,10 @@
controller:
kind: DaemonSet
admissionWebhooks:
enabled: false
service:
type: ClusterIP
internal:
enabled: true
annotations:
service.beta.kubernetes.io/aws-load-balancer-internal: 0.0.0.0/0

9
charts/ingress-nginx/ci/deployment-internal-lb-values.yaml Normal file
View file

@ -0,0 +1,9 @@
controller:
admissionWebhooks:
enabled: false
service:
type: ClusterIP
internal:
enabled: true
annotations:
service.beta.kubernetes.io/aws-load-balancer-internal: 0.0.0.0/0

7
charts/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml
View file

@ -32,7 +32,9 @@ spec:
{{- end }} {{- end }}
containers: containers:
- name: create - name: create
image: {{ .Values.controller.admissionWebhooks.patch.image.repository }}:{{ .Values.controller.admissionWebhooks.patch.image.tag }} {{- with .Values.controller.admissionWebhooks.patch.image }}
image: "{{.repository}}{{- if (.digest) -}} @{{.digest}} {{- else -}} :{{ .tag }} {{- end -}}"
{{- end }}
imagePullPolicy: {{ .Values.controller.admissionWebhooks.patch.image.pullPolicy }} imagePullPolicy: {{ .Values.controller.admissionWebhooks.patch.image.pullPolicy }}
args: args:
- create - create
@ -43,6 +45,9 @@ spec:
serviceAccountName: {{ include "ingress-nginx.fullname" . }}-admission serviceAccountName: {{ include "ingress-nginx.fullname" . }}-admission
{{- if .Values.controller.admissionWebhooks.patch.nodeSelector }} {{- if .Values.controller.admissionWebhooks.patch.nodeSelector }}
nodeSelector: {{ toYaml .Values.controller.admissionWebhooks.patch.nodeSelector | nindent 8 }} nodeSelector: {{ toYaml .Values.controller.admissionWebhooks.patch.nodeSelector | nindent 8 }}
{{- end }}
{{- if .Values.controller.admissionWebhooks.patch.tolerations }}
tolerations: {{ toYaml .Values.controller.admissionWebhooks.patch.tolerations | nindent 8 }}
{{- end }} {{- end }}
securityContext: securityContext:
runAsNonRoot: true runAsNonRoot: true

7
charts/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml
View file

@ -32,7 +32,9 @@ spec:
{{- end }} {{- end }}
containers: containers:
- name: patch - name: patch
image: {{ .Values.controller.admissionWebhooks.patch.image.repository }}:{{ .Values.controller.admissionWebhooks.patch.image.tag }} {{- with .Values.controller.admissionWebhooks.patch.image }}
image: "{{.repository}}{{- if (.digest) -}} @{{.digest}} {{- else -}} :{{ .tag }} {{- end -}}"
{{- end }}
imagePullPolicy: {{ .Values.controller.admissionWebhooks.patch.image.pullPolicy }} imagePullPolicy: {{ .Values.controller.admissionWebhooks.patch.image.pullPolicy }}
args: args:
- patch - patch
@ -45,6 +47,9 @@ spec:
serviceAccountName: {{ include "ingress-nginx.fullname" . }}-admission serviceAccountName: {{ include "ingress-nginx.fullname" . }}-admission
{{- if .Values.controller.admissionWebhooks.patch.nodeSelector }} {{- if .Values.controller.admissionWebhooks.patch.nodeSelector }}
nodeSelector: {{ toYaml .Values.controller.admissionWebhooks.patch.nodeSelector | nindent 8 }} nodeSelector: {{ toYaml .Values.controller.admissionWebhooks.patch.nodeSelector | nindent 8 }}
{{- end }}
{{- if .Values.controller.admissionWebhooks.patch.tolerations }}
tolerations: {{ toYaml .Values.controller.admissionWebhooks.patch.tolerations | nindent 8 }}
{{- end }} {{- end }}
securityContext: securityContext:
runAsNonRoot: true runAsNonRoot: true

16
charts/ingress-nginx/templates/controller-daemonset.yaml
View file

@ -42,12 +42,24 @@ spec:
{{- if .Values.controller.priorityClassName }} {{- if .Values.controller.priorityClassName }}
priorityClassName: {{ .Values.controller.priorityClassName }} priorityClassName: {{ .Values.controller.priorityClassName }}
{{- end }} {{- end }}
{{- if or .Values.controller.podSecurityContext .Values.controller.sysctls }}
securityContext:
{{- end }}
{{- if .Values.controller.podSecurityContext }} {{- if .Values.controller.podSecurityContext }}
securityContext: {{ toYaml .Values.controller.podSecurityContext | nindent 8 }} {{- toYaml .Values.controller.podSecurityContext | nindent 8 }}
{{- end }}
{{- if .Values.controller.sysctls }}
sysctls:
{{- range $sysctl, $value := .Values.controller.sysctls }}
- name: {{ $sysctl }}
value: {{ $value }}
{{- end }}
{{- end }} {{- end }}
containers: containers:
- name: controller - name: controller
image: {{ .Values.controller.image.repository }}:{{ .Values.controller.image.tag }} {{- with .Values.controller.image }}
image: "{{.repository}}{{- if (.digest) -}} @{{.digest}} {{- else -}} :{{ .tag }} {{- end -}}"
{{- end }}
imagePullPolicy: {{ .Values.controller.image.pullPolicy }} imagePullPolicy: {{ .Values.controller.image.pullPolicy }}
{{- if .Values.controller.lifecycle }} {{- if .Values.controller.lifecycle }}
lifecycle: {{ toYaml .Values.controller.lifecycle | nindent 12 }} lifecycle: {{ toYaml .Values.controller.lifecycle | nindent 12 }}

16
charts/ingress-nginx/templates/controller-deployment.yaml
View file

@ -46,12 +46,24 @@ spec:
{{- if .Values.controller.priorityClassName }} {{- if .Values.controller.priorityClassName }}
priorityClassName: {{ .Values.controller.priorityClassName }} priorityClassName: {{ .Values.controller.priorityClassName }}
{{- end }} {{- end }}
{{- if or .Values.controller.podSecurityContext .Values.controller.sysctls }}
securityContext:
{{- end }}
{{- if .Values.controller.podSecurityContext }} {{- if .Values.controller.podSecurityContext }}
securityContext: {{ toYaml .Values.controller.podSecurityContext | nindent 8 }} {{- toYaml .Values.controller.podSecurityContext | nindent 8 }}
{{- end }}
{{- if .Values.controller.sysctls }}
sysctls:
{{- range $sysctl, $value := .Values.controller.sysctls }}
- name: {{ $sysctl }}
value: {{ $value }}
{{- end }}
{{- end }} {{- end }}
containers: containers:
- name: controller - name: controller
image: {{ .Values.controller.image.repository }}:{{ .Values.controller.image.tag }} {{- with .Values.controller.image }}
image: "{{.repository}}{{- if (.digest) -}} @{{.digest}} {{- else -}} :{{ .tag }} {{- end -}}"
{{- end }}
imagePullPolicy: {{ .Values.controller.image.pullPolicy }} imagePullPolicy: {{ .Values.controller.image.pullPolicy }}
{{- if .Values.controller.lifecycle }} {{- if .Values.controller.lifecycle }}
lifecycle: {{ toYaml .Values.controller.lifecycle | nindent 12 }} lifecycle: {{ toYaml .Values.controller.lifecycle | nindent 12 }}

13
charts/ingress-nginx/templates/controller-hpa.yaml
View file

@ -1,5 +1,5 @@
{{- if and .Values.controller.autoscaling.enabled (or (eq .Values.controller.kind "Deployment") (eq .Values.controller.kind "Both")) -}} {{- if and .Values.controller.autoscaling.enabled (or (eq .Values.controller.kind "Deployment") (eq .Values.controller.kind "Both")) -}}
apiVersion: autoscaling/v2beta1 apiVersion: autoscaling/v2beta2
kind: HorizontalPodAutoscaler kind: HorizontalPodAutoscaler
metadata: metadata:
labels: labels:
@ -18,12 +18,19 @@ spec:
- type: Resource - type: Resource
resource: resource:
name: cpu name: cpu
targetAverageUtilization: {{ . }} target:
type: Utilization
averageUtilization: {{ . }}
{{- end }} {{- end }}
{{- with .Values.controller.autoscaling.targetMemoryUtilizationPercentage }} {{- with .Values.controller.autoscaling.targetMemoryUtilizationPercentage }}
- type: Resource - type: Resource
resource: resource:
name: memory name: memory
targetAverageUtilization: {{ . }} target:
type: Utilization
averageUtilization: {{ . }}
{{- end }}
{{- with .Values.controller.autoscalingTemplate }}
{{- toYaml . | nindent 2 }}
{{- end }} {{- end }}
{{- end }} {{- end }}

6
charts/ingress-nginx/templates/controller-psp.yaml
View file

@ -9,6 +9,12 @@ metadata:
spec: spec:
allowedCapabilities: allowedCapabilities:
- NET_BIND_SERVICE - NET_BIND_SERVICE
{{- if .Values.controller.sysctls }}
allowedUnsafeSysctls:
{{- range $sysctl, $value := .Values.controller.sysctls }}
- {{ $sysctl }}
{{- end }}
{{- end }}
privileged: false privileged: false
allowPrivilegeEscalation: true allowPrivilegeEscalation: true
# Allow core volume types. # Allow core volume types.

41
charts/ingress-nginx/templates/controller-service-internal.yaml Normal file
View file

@ -0,0 +1,41 @@
{{- if and .Values.controller.service.enabled .Values.controller.service.internal.enabled .Values.controller.service.internal.annotations}}
apiVersion: v1
kind: Service
metadata:
annotations:
{{- range $key, $value := .Values.controller.service.internal.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
labels:
{{- include "ingress-nginx.labels" . | nindent 4 }}
app.kubernetes.io/component: controller
{{- if .Values.controller.service.labels }}
{{- toYaml .Values.controller.service.labels | nindent 4 }}
{{- end }}
name: {{ include "ingress-nginx.controller.fullname" . }}-internal
spec:
type: "{{ .Values.controller.service.type }}"
ports:
{{- $setNodePorts := (or (eq .Values.controller.service.type "NodePort") (eq .Values.controller.service.type "LoadBalancer")) }}
{{- if .Values.controller.service.enableHttp }}
- name: http
port: {{ .Values.controller.service.ports.http }}
protocol: TCP
targetPort: {{ .Values.controller.service.targetPorts.http }}
{{- if (and $setNodePorts (not (empty .Values.controller.service.nodePorts.http))) }}
nodePort: {{ .Values.controller.service.nodePorts.http }}
{{- end }}
{{- end }}
{{- if .Values.controller.service.enableHttps }}
- name: https
port: {{ .Values.controller.service.ports.https }}
protocol: TCP
targetPort: {{ .Values.controller.service.targetPorts.https }}
{{- if (and $setNodePorts (not (empty .Values.controller.service.nodePorts.https))) }}
nodePort: {{ .Values.controller.service.nodePorts.https }}
{{- end }}
{{- end }}
selector:
{{- include "ingress-nginx.selectorLabels" . | nindent 4 }}
app.kubernetes.io/component: controller
{{- end }}

4
charts/ingress-nginx/templates/default-backend-deployment.yaml
View file

@ -36,7 +36,9 @@ spec:
{{- end }} {{- end }}
containers: containers:
- name: {{ template "ingress-nginx.name" . }}-default-backend - name: {{ template "ingress-nginx.name" . }}-default-backend
image: {{ .Values.defaultBackend.image.repository }}:{{ .Values.defaultBackend.image.tag }} {{- with .Values.defaultBackend.image }}
image: "{{.repository}}{{- if (.digest) -}} @{{.digest}} {{- else -}} :{{ .tag }} {{- end -}}"
{{- end }}
imagePullPolicy: {{ .Values.defaultBackend.image.pullPolicy }} imagePullPolicy: {{ .Values.defaultBackend.image.pullPolicy }}
{{- if .Values.defaultBackend.extraArgs }} {{- if .Values.defaultBackend.extraArgs }}
args: args:

29
charts/ingress-nginx/values.yaml
View file

@ -4,7 +4,7 @@
controller: controller:
image: image:
repository: quay.io/kubernetes-ingress-controller/nginx-ingress-controller repository: quay.io/kubernetes-ingress-controller/nginx-ingress-controller
tag: "0.32.0" tag: "0.33.0"
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
# www-data -> uid 101 # www-data -> uid 101
runAsUser: 101 runAsUser: 101
@ -67,11 +67,16 @@ controller:
# key: value # key: value
## Security Context policies for controller pods ## Security Context policies for controller pods
## See https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ for
## notes on enabling and using sysctls
## ##
podSecurityContext: {} podSecurityContext: {}
## See https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ for
## notes on enabling and using sysctls
###
sysctls: {}
# sysctls:
# "net.core.somaxconn": "8192"
## Allows customization of the source of the IP address or FQDN to report ## Allows customization of the source of the IP address or FQDN to report
## in the ingress status field. By default, it reads the information provided ## in the ingress status field. By default, it reads the information provided
## by the service. If disable, the status field reports the IP address of the ## by the service. If disable, the status field reports the IP address of the
@ -238,6 +243,17 @@ controller:
targetCPUUtilizationPercentage: 50 targetCPUUtilizationPercentage: 50
targetMemoryUtilizationPercentage: 50 targetMemoryUtilizationPercentage: 50
autoscalingTemplate: []
# Custom or additional autoscaling metrics
# ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/#support-for-custom-metrics
# - type: Pods
# pods:
# metric:
# name: nginx_ingress_controller_nginx_process_requests_total
# target:
# type: AverageValue
# averageValue: 10000m
## Enable mimalloc as a drop-in replacement for malloc. ## Enable mimalloc as a drop-in replacement for malloc.
## ref: https://github.com/microsoft/mimalloc ## ref: https://github.com/microsoft/mimalloc
## ##
@ -302,6 +318,12 @@ controller:
tcp: {} tcp: {}
udp: {} udp: {}
## Enables an additional internal load balancer (besides the external one).
## Annotations are mandatory for the load balancer to come up. Varies with the cloud service.
internal:
enabled: false
annotations: {}
extraContainers: [] extraContainers: []
## Additional containers to be added to the controller pod. ## Additional containers to be added to the controller pod.
## See https://github.com/lemonldap-ng-controller/lemonldap-ng-controller as example. ## See https://github.com/lemonldap-ng-controller/lemonldap-ng-controller as example.
@ -367,6 +389,7 @@ controller:
priorityClassName: "" priorityClassName: ""
podAnnotations: {} podAnnotations: {}
nodeSelector: {} nodeSelector: {}
tolerations: []
runAsUser: 2000 runAsUser: 2000
metrics: metrics:

30
cloudbuild.yaml Normal file
View file

@ -0,0 +1,30 @@
# See https://cloud.google.com/cloud-build/docs/build-config
timeout: 1800s
# this prevents errors if you don't use both _GIT_TAG and _PULL_BASE_REF,
# or any new substitutions added in the future.
options:
substitution_option: ALLOW_LOOSE
steps:
- name: 'gcr.io/k8s-testimages/gcb-docker-gcloud:v20200422-b25d964'
entrypoint: bash
env:
- DOCKER_CLI_EXPERIMENTAL=enabled
- TAG=$_GIT_TAG
- BASE_REF=$_PULL_BASE_REF
- REGISTRY=gcr.io/k8s-staging-ingress-nginx
- REPO_INFO=https://github.com/kubernetes/ingress-nginx
- HOME=/root
- USER=root
args:
- -c
- |
gcloud auth configure-docker \
&& make release
substitutions:
# _GIT_TAG will be filled with a git-based tag for the image, of the form vYYYYMMDD-hash, and
# can be used as a substitution
_GIT_TAG: "12345"
# _PULL_BASE_REF will contain the ref that was pushed to to trigger this build -
# a branch like 'master' or 'release-0.2', or a tag like 'v0.2'.
_PULL_BASE_REF: "master"

13
cmd/nginx/main.go
View file

@ -24,6 +24,8 @@ import (
"net/http/pprof" "net/http/pprof"
"os" "os"
"os/signal" "os/signal"
"path/filepath"
"runtime"
"syscall" "syscall"
"time" "time"
@ -199,10 +201,21 @@ func handleSigterm(ngx *controller.NGINXController, exit exiter) {
// the in-cluster config is missing or fails, we fallback to the default config. // the in-cluster config is missing or fails, we fallback to the default config.
func createApiserverClient(apiserverHost, rootCAFile, kubeConfig string) (*kubernetes.Clientset, error) { func createApiserverClient(apiserverHost, rootCAFile, kubeConfig string) (*kubernetes.Clientset, error) {
cfg, err := clientcmd.BuildConfigFromFlags(apiserverHost, kubeConfig) cfg, err := clientcmd.BuildConfigFromFlags(apiserverHost, kubeConfig)
if err != nil { if err != nil {
return nil, err return nil, err
} }
// Configure the User-Agent used for the HTTP requests made to the API server.
cfg.UserAgent = fmt.Sprintf(
"%s/%s (%s/%s) ingress-nginx/%s",
filepath.Base(os.Args[0]),
version.RELEASE,
runtime.GOOS,
runtime.GOARCH,
version.COMMIT,
)
if apiserverHost != "" && rootCAFile != "" { if apiserverHost != "" && rootCAFile != "" {
tlsClientConfig := rest.TLSClientConfig{} tlsClientConfig := rest.TLSClientConfig{}

78
deploy/static/provider/aws/deploy-tls-termination.yaml
View file

@ -13,10 +13,10 @@ apiVersion: v1
kind: ServiceAccount kind: ServiceAccount
metadata: metadata:
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: controller app.kubernetes.io/component: controller
name: ingress-nginx name: ingress-nginx
@ -27,10 +27,10 @@ apiVersion: v1
kind: ConfigMap kind: ConfigMap
metadata: metadata:
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: controller app.kubernetes.io/component: controller
name: ingress-nginx-controller name: ingress-nginx-controller
@ -49,10 +49,10 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole kind: ClusterRole
metadata: metadata:
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
name: ingress-nginx name: ingress-nginx
namespace: ingress-nginx namespace: ingress-nginx
@ -120,10 +120,10 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding kind: ClusterRoleBinding
metadata: metadata:
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
name: ingress-nginx name: ingress-nginx
namespace: ingress-nginx namespace: ingress-nginx
@ -141,10 +141,10 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: Role kind: Role
metadata: metadata:
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: controller app.kubernetes.io/component: controller
name: ingress-nginx name: ingress-nginx
@ -236,10 +236,10 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding kind: RoleBinding
metadata: metadata:
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: controller app.kubernetes.io/component: controller
name: ingress-nginx name: ingress-nginx
@ -258,10 +258,10 @@ apiVersion: v1
kind: Service kind: Service
metadata: metadata:
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: controller app.kubernetes.io/component: controller
name: ingress-nginx-controller-admission name: ingress-nginx-controller-admission
@ -289,10 +289,10 @@ metadata:
service.beta.kubernetes.io/aws-load-balancer-ssl-ports: https service.beta.kubernetes.io/aws-load-balancer-ssl-ports: https
service.beta.kubernetes.io/aws-load-balancer-type: elb service.beta.kubernetes.io/aws-load-balancer-type: elb
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: controller app.kubernetes.io/component: controller
name: ingress-nginx-controller name: ingress-nginx-controller
@ -319,10 +319,10 @@ apiVersion: apps/v1
kind: Deployment kind: Deployment
metadata: metadata:
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: controller app.kubernetes.io/component: controller
name: ingress-nginx-controller name: ingress-nginx-controller
@ -345,7 +345,7 @@ spec:
dnsPolicy: ClusterFirst dnsPolicy: ClusterFirst
containers: containers:
- name: controller - name: controller
image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.32.0 image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.33.0
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
lifecycle: lifecycle:
preStop: preStop:
@ -431,10 +431,10 @@ apiVersion: admissionregistration.k8s.io/v1beta1
kind: ValidatingWebhookConfiguration kind: ValidatingWebhookConfiguration
metadata: metadata:
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: admission-webhook app.kubernetes.io/component: admission-webhook
name: ingress-nginx-admission name: ingress-nginx-admission
@ -468,10 +468,10 @@ metadata:
helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: admission-webhook app.kubernetes.io/component: admission-webhook
namespace: ingress-nginx namespace: ingress-nginx
@ -493,10 +493,10 @@ metadata:
helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: admission-webhook app.kubernetes.io/component: admission-webhook
namespace: ingress-nginx namespace: ingress-nginx
@ -518,10 +518,10 @@ metadata:
helm.sh/hook: pre-install,pre-upgrade helm.sh/hook: pre-install,pre-upgrade
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: admission-webhook app.kubernetes.io/component: admission-webhook
namespace: ingress-nginx namespace: ingress-nginx
@ -530,10 +530,10 @@ spec:
metadata: metadata:
name: ingress-nginx-admission-create name: ingress-nginx-admission-create
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: admission-webhook app.kubernetes.io/component: admission-webhook
spec: spec:
@ -561,10 +561,10 @@ metadata:
helm.sh/hook: post-install,post-upgrade helm.sh/hook: post-install,post-upgrade
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: admission-webhook app.kubernetes.io/component: admission-webhook
namespace: ingress-nginx namespace: ingress-nginx
@ -573,10 +573,10 @@ spec:
metadata: metadata:
name: ingress-nginx-admission-patch name: ingress-nginx-admission-patch
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: admission-webhook app.kubernetes.io/component: admission-webhook
spec: spec:
@ -606,10 +606,10 @@ metadata:
helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: admission-webhook app.kubernetes.io/component: admission-webhook
namespace: ingress-nginx namespace: ingress-nginx
@ -631,10 +631,10 @@ metadata:
helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: admission-webhook app.kubernetes.io/component: admission-webhook
namespace: ingress-nginx namespace: ingress-nginx
@ -656,10 +656,10 @@ metadata:
helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: admission-webhook app.kubernetes.io/component: admission-webhook
namespace: ingress-nginx namespace: ingress-nginx

78
deploy/static/provider/aws/deploy.yaml
View file

@ -13,10 +13,10 @@ apiVersion: v1
kind: ServiceAccount kind: ServiceAccount
metadata: metadata:
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: controller app.kubernetes.io/component: controller
name: ingress-nginx name: ingress-nginx
@ -27,10 +27,10 @@ apiVersion: v1
kind: ConfigMap kind: ConfigMap
metadata: metadata:
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: controller app.kubernetes.io/component: controller
name: ingress-nginx-controller name: ingress-nginx-controller
@ -42,10 +42,10 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole kind: ClusterRole
metadata: metadata:
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
name: ingress-nginx name: ingress-nginx
namespace: ingress-nginx namespace: ingress-nginx
@ -113,10 +113,10 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding kind: ClusterRoleBinding
metadata: metadata:
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
name: ingress-nginx name: ingress-nginx
namespace: ingress-nginx namespace: ingress-nginx
@ -134,10 +134,10 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: Role kind: Role
metadata: metadata:
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: controller app.kubernetes.io/component: controller
name: ingress-nginx name: ingress-nginx
@ -229,10 +229,10 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding kind: RoleBinding
metadata: metadata:
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: controller app.kubernetes.io/component: controller
name: ingress-nginx name: ingress-nginx
@ -251,10 +251,10 @@ apiVersion: v1
kind: Service kind: Service
metadata: metadata:
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: controller app.kubernetes.io/component: controller
name: ingress-nginx-controller-admission name: ingress-nginx-controller-admission
@ -280,10 +280,10 @@ metadata:
service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: 'true' service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: 'true'
service.beta.kubernetes.io/aws-load-balancer-type: nlb service.beta.kubernetes.io/aws-load-balancer-type: nlb
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: controller app.kubernetes.io/component: controller
name: ingress-nginx-controller name: ingress-nginx-controller
@ -310,10 +310,10 @@ apiVersion: apps/v1
kind: Deployment kind: Deployment
metadata: metadata:
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: controller app.kubernetes.io/component: controller
name: ingress-nginx-controller name: ingress-nginx-controller
@ -336,7 +336,7 @@ spec:
dnsPolicy: ClusterFirst dnsPolicy: ClusterFirst
containers: containers:
- name: controller - name: controller
image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.32.0 image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.33.0
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
lifecycle: lifecycle:
preStop: preStop:
@ -419,10 +419,10 @@ apiVersion: admissionregistration.k8s.io/v1beta1
kind: ValidatingWebhookConfiguration kind: ValidatingWebhookConfiguration
metadata: metadata:
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: admission-webhook app.kubernetes.io/component: admission-webhook
name: ingress-nginx-admission name: ingress-nginx-admission
@ -456,10 +456,10 @@ metadata:
helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: admission-webhook app.kubernetes.io/component: admission-webhook
namespace: ingress-nginx namespace: ingress-nginx
@ -481,10 +481,10 @@ metadata:
helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: admission-webhook app.kubernetes.io/component: admission-webhook
namespace: ingress-nginx namespace: ingress-nginx
@ -506,10 +506,10 @@ metadata:
helm.sh/hook: pre-install,pre-upgrade helm.sh/hook: pre-install,pre-upgrade
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: admission-webhook app.kubernetes.io/component: admission-webhook
namespace: ingress-nginx namespace: ingress-nginx
@ -518,10 +518,10 @@ spec:
metadata: metadata:
name: ingress-nginx-admission-create name: ingress-nginx-admission-create
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: admission-webhook app.kubernetes.io/component: admission-webhook
spec: spec:
@ -549,10 +549,10 @@ metadata:
helm.sh/hook: post-install,post-upgrade helm.sh/hook: post-install,post-upgrade
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: admission-webhook app.kubernetes.io/component: admission-webhook
namespace: ingress-nginx namespace: ingress-nginx
@ -561,10 +561,10 @@ spec:
metadata: metadata:
name: ingress-nginx-admission-patch name: ingress-nginx-admission-patch
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: admission-webhook app.kubernetes.io/component: admission-webhook
spec: spec:
@ -594,10 +594,10 @@ metadata:
helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: admission-webhook app.kubernetes.io/component: admission-webhook
namespace: ingress-nginx namespace: ingress-nginx
@ -619,10 +619,10 @@ metadata:
helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: admission-webhook app.kubernetes.io/component: admission-webhook
namespace: ingress-nginx namespace: ingress-nginx
@ -644,10 +644,10 @@ metadata:
helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: admission-webhook app.kubernetes.io/component: admission-webhook
namespace: ingress-nginx namespace: ingress-nginx

78
deploy/static/provider/baremetal/deploy.yaml
View file

@ -13,10 +13,10 @@ apiVersion: v1
kind: ServiceAccount kind: ServiceAccount
metadata: metadata:
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: controller app.kubernetes.io/component: controller
name: ingress-nginx name: ingress-nginx
@ -27,10 +27,10 @@ apiVersion: v1
kind: ConfigMap kind: ConfigMap
metadata: metadata:
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: controller app.kubernetes.io/component: controller
name: ingress-nginx-controller name: ingress-nginx-controller
@ -42,10 +42,10 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole kind: ClusterRole
metadata: metadata:
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
name: ingress-nginx name: ingress-nginx
namespace: ingress-nginx namespace: ingress-nginx
@ -113,10 +113,10 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding kind: ClusterRoleBinding
metadata: metadata:
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
name: ingress-nginx name: ingress-nginx
namespace: ingress-nginx namespace: ingress-nginx
@ -134,10 +134,10 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: Role kind: Role
metadata: metadata:
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: controller app.kubernetes.io/component: controller
name: ingress-nginx name: ingress-nginx
@ -229,10 +229,10 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding kind: RoleBinding
metadata: metadata:
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: controller app.kubernetes.io/component: controller
name: ingress-nginx name: ingress-nginx
@ -251,10 +251,10 @@ apiVersion: v1
kind: Service kind: Service
metadata: metadata:
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: controller app.kubernetes.io/component: controller
name: ingress-nginx-controller-admission name: ingress-nginx-controller-admission
@ -275,10 +275,10 @@ apiVersion: v1
kind: Service kind: Service
metadata: metadata:
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: controller app.kubernetes.io/component: controller
name: ingress-nginx-controller name: ingress-nginx-controller
@ -304,10 +304,10 @@ apiVersion: apps/v1
kind: Deployment kind: Deployment
metadata: metadata:
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: controller app.kubernetes.io/component: controller
name: ingress-nginx-controller name: ingress-nginx-controller
@ -330,7 +330,7 @@ spec:
dnsPolicy: ClusterFirst dnsPolicy: ClusterFirst
containers: containers:
- name: controller - name: controller
image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.32.0 image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.33.0
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
lifecycle: lifecycle:
preStop: preStop:
@ -412,10 +412,10 @@ apiVersion: admissionregistration.k8s.io/v1beta1
kind: ValidatingWebhookConfiguration kind: ValidatingWebhookConfiguration
metadata: metadata:
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: admission-webhook app.kubernetes.io/component: admission-webhook
name: ingress-nginx-admission name: ingress-nginx-admission
@ -449,10 +449,10 @@ metadata:
helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: admission-webhook app.kubernetes.io/component: admission-webhook
namespace: ingress-nginx namespace: ingress-nginx
@ -474,10 +474,10 @@ metadata:
helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: admission-webhook app.kubernetes.io/component: admission-webhook
namespace: ingress-nginx namespace: ingress-nginx
@ -499,10 +499,10 @@ metadata:
helm.sh/hook: pre-install,pre-upgrade helm.sh/hook: pre-install,pre-upgrade
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: admission-webhook app.kubernetes.io/component: admission-webhook
namespace: ingress-nginx namespace: ingress-nginx
@ -511,10 +511,10 @@ spec:
metadata: metadata:
name: ingress-nginx-admission-create name: ingress-nginx-admission-create
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: admission-webhook app.kubernetes.io/component: admission-webhook
spec: spec:
@ -542,10 +542,10 @@ metadata:
helm.sh/hook: post-install,post-upgrade helm.sh/hook: post-install,post-upgrade
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: admission-webhook app.kubernetes.io/component: admission-webhook
namespace: ingress-nginx namespace: ingress-nginx
@ -554,10 +554,10 @@ spec:
metadata: metadata:
name: ingress-nginx-admission-patch name: ingress-nginx-admission-patch
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: admission-webhook app.kubernetes.io/component: admission-webhook
spec: spec:
@ -587,10 +587,10 @@ metadata:
helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: admission-webhook app.kubernetes.io/component: admission-webhook
namespace: ingress-nginx namespace: ingress-nginx
@ -612,10 +612,10 @@ metadata:
helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: admission-webhook app.kubernetes.io/component: admission-webhook
namespace: ingress-nginx namespace: ingress-nginx
@ -637,10 +637,10 @@ metadata:
helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: admission-webhook app.kubernetes.io/component: admission-webhook
namespace: ingress-nginx namespace: ingress-nginx

78
deploy/static/provider/cloud/deploy.yaml
View file

@ -13,10 +13,10 @@ apiVersion: v1
kind: ServiceAccount kind: ServiceAccount
metadata: metadata:
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: controller app.kubernetes.io/component: controller
name: ingress-nginx name: ingress-nginx
@ -27,10 +27,10 @@ apiVersion: v1
kind: ConfigMap kind: ConfigMap
metadata: metadata:
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: controller app.kubernetes.io/component: controller
name: ingress-nginx-controller name: ingress-nginx-controller
@ -42,10 +42,10 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole kind: ClusterRole
metadata: metadata:
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
name: ingress-nginx name: ingress-nginx
namespace: ingress-nginx namespace: ingress-nginx
@ -113,10 +113,10 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding kind: ClusterRoleBinding
metadata: metadata:
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
name: ingress-nginx name: ingress-nginx
namespace: ingress-nginx namespace: ingress-nginx
@ -134,10 +134,10 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: Role kind: Role
metadata: metadata:
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: controller app.kubernetes.io/component: controller
name: ingress-nginx name: ingress-nginx
@ -229,10 +229,10 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding kind: RoleBinding
metadata: metadata:
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: controller app.kubernetes.io/component: controller
name: ingress-nginx name: ingress-nginx
@ -251,10 +251,10 @@ apiVersion: v1
kind: Service kind: Service
metadata: metadata:
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: controller app.kubernetes.io/component: controller
name: ingress-nginx-controller-admission name: ingress-nginx-controller-admission
@ -275,10 +275,10 @@ apiVersion: v1
kind: Service kind: Service
metadata: metadata:
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: controller app.kubernetes.io/component: controller
name: ingress-nginx-controller name: ingress-nginx-controller
@ -305,10 +305,10 @@ apiVersion: apps/v1
kind: Deployment kind: Deployment
metadata: metadata:
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: controller app.kubernetes.io/component: controller
name: ingress-nginx-controller name: ingress-nginx-controller
@ -331,7 +331,7 @@ spec:
dnsPolicy: ClusterFirst dnsPolicy: ClusterFirst
containers: containers:
- name: controller - name: controller
image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.32.0 image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.33.0
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
lifecycle: lifecycle:
preStop: preStop:
@ -414,10 +414,10 @@ apiVersion: admissionregistration.k8s.io/v1beta1
kind: ValidatingWebhookConfiguration kind: ValidatingWebhookConfiguration
metadata: metadata:
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: admission-webhook app.kubernetes.io/component: admission-webhook
name: ingress-nginx-admission name: ingress-nginx-admission
@ -451,10 +451,10 @@ metadata:
helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: admission-webhook app.kubernetes.io/component: admission-webhook
namespace: ingress-nginx namespace: ingress-nginx
@ -476,10 +476,10 @@ metadata:
helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: admission-webhook app.kubernetes.io/component: admission-webhook
namespace: ingress-nginx namespace: ingress-nginx
@ -501,10 +501,10 @@ metadata:
helm.sh/hook: pre-install,pre-upgrade helm.sh/hook: pre-install,pre-upgrade
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: admission-webhook app.kubernetes.io/component: admission-webhook
namespace: ingress-nginx namespace: ingress-nginx
@ -513,10 +513,10 @@ spec:
metadata: metadata:
name: ingress-nginx-admission-create name: ingress-nginx-admission-create
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: admission-webhook app.kubernetes.io/component: admission-webhook
spec: spec:
@ -544,10 +544,10 @@ metadata:
helm.sh/hook: post-install,post-upgrade helm.sh/hook: post-install,post-upgrade
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: admission-webhook app.kubernetes.io/component: admission-webhook
namespace: ingress-nginx namespace: ingress-nginx
@ -556,10 +556,10 @@ spec:
metadata: metadata:
name: ingress-nginx-admission-patch name: ingress-nginx-admission-patch
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: admission-webhook app.kubernetes.io/component: admission-webhook
spec: spec:
@ -589,10 +589,10 @@ metadata:
helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: admission-webhook app.kubernetes.io/component: admission-webhook
namespace: ingress-nginx namespace: ingress-nginx
@ -614,10 +614,10 @@ metadata:
helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: admission-webhook app.kubernetes.io/component: admission-webhook
namespace: ingress-nginx namespace: ingress-nginx
@ -639,10 +639,10 @@ metadata:
helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: admission-webhook app.kubernetes.io/component: admission-webhook
namespace: ingress-nginx namespace: ingress-nginx

78
deploy/static/provider/do/deploy.yaml
View file

@ -13,10 +13,10 @@ apiVersion: v1
kind: ServiceAccount kind: ServiceAccount
metadata: metadata:
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: controller app.kubernetes.io/component: controller
name: ingress-nginx name: ingress-nginx
@ -27,10 +27,10 @@ apiVersion: v1
kind: ConfigMap kind: ConfigMap
metadata: metadata:
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: controller app.kubernetes.io/component: controller
name: ingress-nginx-controller name: ingress-nginx-controller
@ -43,10 +43,10 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole kind: ClusterRole
metadata: metadata:
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
name: ingress-nginx name: ingress-nginx
namespace: ingress-nginx namespace: ingress-nginx
@ -114,10 +114,10 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding kind: ClusterRoleBinding
metadata: metadata:
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
name: ingress-nginx name: ingress-nginx
namespace: ingress-nginx namespace: ingress-nginx
@ -135,10 +135,10 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: Role kind: Role
metadata: metadata:
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: controller app.kubernetes.io/component: controller
name: ingress-nginx name: ingress-nginx
@ -230,10 +230,10 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding kind: RoleBinding
metadata: metadata:
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: controller app.kubernetes.io/component: controller
name: ingress-nginx name: ingress-nginx
@ -252,10 +252,10 @@ apiVersion: v1
kind: Service kind: Service
metadata: metadata:
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: controller app.kubernetes.io/component: controller
name: ingress-nginx-controller-admission name: ingress-nginx-controller-admission
@ -278,10 +278,10 @@ metadata:
annotations: annotations:
service.beta.kubernetes.io/do-loadbalancer-enable-proxy-protocol: 'true' service.beta.kubernetes.io/do-loadbalancer-enable-proxy-protocol: 'true'
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: controller app.kubernetes.io/component: controller
name: ingress-nginx-controller name: ingress-nginx-controller
@ -308,10 +308,10 @@ apiVersion: apps/v1
kind: Deployment kind: Deployment
metadata: metadata:
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: controller app.kubernetes.io/component: controller
name: ingress-nginx-controller name: ingress-nginx-controller
@ -334,7 +334,7 @@ spec:
dnsPolicy: ClusterFirst dnsPolicy: ClusterFirst
containers: containers:
- name: controller - name: controller
image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.32.0 image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.33.0
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
lifecycle: lifecycle:
preStop: preStop:
@ -417,10 +417,10 @@ apiVersion: admissionregistration.k8s.io/v1beta1
kind: ValidatingWebhookConfiguration kind: ValidatingWebhookConfiguration
metadata: metadata:
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: admission-webhook app.kubernetes.io/component: admission-webhook
name: ingress-nginx-admission name: ingress-nginx-admission
@ -454,10 +454,10 @@ metadata:
helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: admission-webhook app.kubernetes.io/component: admission-webhook
namespace: ingress-nginx namespace: ingress-nginx
@ -479,10 +479,10 @@ metadata:
helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: admission-webhook app.kubernetes.io/component: admission-webhook
namespace: ingress-nginx namespace: ingress-nginx
@ -504,10 +504,10 @@ metadata:
helm.sh/hook: pre-install,pre-upgrade helm.sh/hook: pre-install,pre-upgrade
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: admission-webhook app.kubernetes.io/component: admission-webhook
namespace: ingress-nginx namespace: ingress-nginx
@ -516,10 +516,10 @@ spec:
metadata: metadata:
name: ingress-nginx-admission-create name: ingress-nginx-admission-create
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: admission-webhook app.kubernetes.io/component: admission-webhook
spec: spec:
@ -547,10 +547,10 @@ metadata:
helm.sh/hook: post-install,post-upgrade helm.sh/hook: post-install,post-upgrade
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: admission-webhook app.kubernetes.io/component: admission-webhook
namespace: ingress-nginx namespace: ingress-nginx
@ -559,10 +559,10 @@ spec:
metadata: metadata:
name: ingress-nginx-admission-patch name: ingress-nginx-admission-patch
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: admission-webhook app.kubernetes.io/component: admission-webhook
spec: spec:
@ -592,10 +592,10 @@ metadata:
helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: admission-webhook app.kubernetes.io/component: admission-webhook
namespace: ingress-nginx namespace: ingress-nginx
@ -617,10 +617,10 @@ metadata:
helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: admission-webhook app.kubernetes.io/component: admission-webhook
namespace: ingress-nginx namespace: ingress-nginx
@ -642,10 +642,10 @@ metadata:
helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: admission-webhook app.kubernetes.io/component: admission-webhook
namespace: ingress-nginx namespace: ingress-nginx

78
deploy/static/provider/kind/deploy.yaml
View file

@ -13,10 +13,10 @@ apiVersion: v1
kind: ServiceAccount kind: ServiceAccount
metadata: metadata:
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: controller app.kubernetes.io/component: controller
name: ingress-nginx name: ingress-nginx
@ -27,10 +27,10 @@ apiVersion: v1
kind: ConfigMap kind: ConfigMap
metadata: metadata:
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: controller app.kubernetes.io/component: controller
name: ingress-nginx-controller name: ingress-nginx-controller
@ -42,10 +42,10 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole kind: ClusterRole
metadata: metadata:
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
name: ingress-nginx name: ingress-nginx
namespace: ingress-nginx namespace: ingress-nginx
@ -113,10 +113,10 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding kind: ClusterRoleBinding
metadata: metadata:
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
name: ingress-nginx name: ingress-nginx
namespace: ingress-nginx namespace: ingress-nginx
@ -134,10 +134,10 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: Role kind: Role
metadata: metadata:
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: controller app.kubernetes.io/component: controller
name: ingress-nginx name: ingress-nginx
@ -229,10 +229,10 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding kind: RoleBinding
metadata: metadata:
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: controller app.kubernetes.io/component: controller
name: ingress-nginx name: ingress-nginx
@ -251,10 +251,10 @@ apiVersion: v1
kind: Service kind: Service
metadata: metadata:
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: controller app.kubernetes.io/component: controller
name: ingress-nginx-controller-admission name: ingress-nginx-controller-admission
@ -275,10 +275,10 @@ apiVersion: v1
kind: Service kind: Service
metadata: metadata:
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: controller app.kubernetes.io/component: controller
name: ingress-nginx-controller name: ingress-nginx-controller
@ -304,10 +304,10 @@ apiVersion: apps/v1
kind: Deployment kind: Deployment
metadata: metadata:
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: controller app.kubernetes.io/component: controller
name: ingress-nginx-controller name: ingress-nginx-controller
@ -334,7 +334,7 @@ spec:
dnsPolicy: ClusterFirst dnsPolicy: ClusterFirst
containers: containers:
- name: controller - name: controller
image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.32.0 image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.33.0
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
lifecycle: lifecycle:
preStop: preStop:
@ -425,10 +425,10 @@ apiVersion: admissionregistration.k8s.io/v1beta1
kind: ValidatingWebhookConfiguration kind: ValidatingWebhookConfiguration
metadata: metadata:
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: admission-webhook app.kubernetes.io/component: admission-webhook
name: ingress-nginx-admission name: ingress-nginx-admission
@ -462,10 +462,10 @@ metadata:
helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: admission-webhook app.kubernetes.io/component: admission-webhook
namespace: ingress-nginx namespace: ingress-nginx
@ -487,10 +487,10 @@ metadata:
helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: admission-webhook app.kubernetes.io/component: admission-webhook
namespace: ingress-nginx namespace: ingress-nginx
@ -512,10 +512,10 @@ metadata:
helm.sh/hook: pre-install,pre-upgrade helm.sh/hook: pre-install,pre-upgrade
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: admission-webhook app.kubernetes.io/component: admission-webhook
namespace: ingress-nginx namespace: ingress-nginx
@ -524,10 +524,10 @@ spec:
metadata: metadata:
name: ingress-nginx-admission-create name: ingress-nginx-admission-create
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: admission-webhook app.kubernetes.io/component: admission-webhook
spec: spec:
@ -555,10 +555,10 @@ metadata:
helm.sh/hook: post-install,post-upgrade helm.sh/hook: post-install,post-upgrade
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: admission-webhook app.kubernetes.io/component: admission-webhook
namespace: ingress-nginx namespace: ingress-nginx
@ -567,10 +567,10 @@ spec:
metadata: metadata:
name: ingress-nginx-admission-patch name: ingress-nginx-admission-patch
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: admission-webhook app.kubernetes.io/component: admission-webhook
spec: spec:
@ -600,10 +600,10 @@ metadata:
helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: admission-webhook app.kubernetes.io/component: admission-webhook
namespace: ingress-nginx namespace: ingress-nginx
@ -625,10 +625,10 @@ metadata:
helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: admission-webhook app.kubernetes.io/component: admission-webhook
namespace: ingress-nginx namespace: ingress-nginx
@ -650,10 +650,10 @@ metadata:
helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
labels: labels:
helm.sh/chart: ingress-nginx-2.1.0 helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0 app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: admission-webhook app.kubernetes.io/component: admission-webhook
namespace: ingress-nginx namespace: ingress-nginx

32
docs/deploy/index.md
View file

@ -13,6 +13,19 @@
In case [Network policies](https://kubernetes.io/docs/concepts/services-networking/network-policies/) or additional firewalls, please allow access to port `8443`. In case [Network policies](https://kubernetes.io/docs/concepts/services-networking/network-policies/) or additional firewalls, please allow access to port `8443`.
!!! attention
The first time the ingress controller starts, two [Jobs](https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/) create the SSL Certificate used by the admission webhook.
For this reason, there is an initial delay of up to two minutes until it is possible to create and validate Ingress definitions.
You can wait until is ready to running the next command:
```yaml
kubectl wait --namespace ingress-nginx \
--for=condition=ready pod \
--selector=app.kubernetes.io/component=controller \
--timeout=120s
```
## Contents ## Contents
- [Provider Specific Steps](#provider-specific-steps) - [Provider Specific Steps](#provider-specific-steps)
@ -36,7 +49,7 @@ Kubernetes is available in Docker for Mac (from [version 18.06.0-ce](https://doc
[enable]: https://docs.docker.com/docker-for-mac/#kubernetes [enable]: https://docs.docker.com/docker-for-mac/#kubernetes
```console ```console
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-0.32.0/deploy/static/provider/cloud/deploy.yaml kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/provider/cloud/deploy.yaml
``` ```
#### minikube #### minikube
@ -71,7 +84,7 @@ In AWS we use a Network load balancer (NLB) to expose the NGINX Ingress controll
##### Network Load Balancer (NLB) ##### Network Load Balancer (NLB)
```console ```console
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-0.32.0/deploy/static/provider/aws/deploy.yaml kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/provider/aws/deploy.yaml
``` ```
##### TLS termination in AWS Load Balancer (ELB) ##### TLS termination in AWS Load Balancer (ELB)
@ -80,10 +93,10 @@ In some scenarios is required to terminate TLS in the Load Balancer and not in t
For this purpose we provide a template: For this purpose we provide a template:
- Download [deploy-tls-termination.yaml](https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-0.32.0/deploy/static/provider/aws/deploy-tls-termination.yaml) - Download [deploy-tls-termination.yaml](https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/provider/aws/deploy-tls-termination.yaml)
```console ```console
wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-0.32.0/deploy/static/provider/aws/deploy-tls-termination.yaml wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/provider/aws/deploy-tls-termination.yaml
``` ```
- Edit the file and change: - Edit the file and change:
@ -133,7 +146,7 @@ More information with regards to timeouts for can be found in the [official AWS
```console ```console
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-0.32.0/deploy/static/provider/cloud/deploy.yaml kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/provider/cloud/deploy.yaml
``` ```
!!! failure Important !!! failure Important
@ -142,13 +155,13 @@ kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/cont
#### Azure #### Azure
```console ```console
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-0.32.0/deploy/static/provider/cloud/deploy.yaml kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/provider/cloud/deploy.yaml
``` ```
#### Digital Ocean #### Digital Ocean
```console ```console
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-0.32.0/deploy/static/provider/do/deploy.yaml kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/provider/do/deploy.yaml
``` ```
#### Bare-metal #### Bare-metal
@ -156,7 +169,7 @@ kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/cont
Using [NodePort](https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport): Using [NodePort](https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport):
```console ```console
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-0.32.0/deploy/static/provider/baremetal/deploy.yaml kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/provider/baremetal/deploy.yaml
``` ```
!!! tip !!! tip
@ -164,6 +177,9 @@ kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/cont
### Verify installation ### Verify installation
!!! info
In minikube the ingress addon is installed in the namespace **kube-system** instead of ingress-nginx
To check if the ingress controller pods have started, run the following command: To check if the ingress controller pods have started, run the following command:
```console ```console

2
docs/deploy/upgrade.md
View file

@ -33,7 +33,7 @@ The easiest way to do this is e.g. (do note you may need to change the name para
``` ```
kubectl set image deployment/nginx-ingress-controller \ kubectl set image deployment/nginx-ingress-controller \
nginx-ingress-controller=quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.32.0 nginx-ingress-controller=quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.33.0
``` ```
For interactive editing, use `kubectl edit deployment nginx-ingress-controller`. For interactive editing, use `kubectl edit deployment nginx-ingress-controller`.

26
docs/development.md
View file

@ -29,7 +29,7 @@ $ make dev-env
The nginx controller container image can be rebuilt using: The nginx controller container image can be rebuilt using:
``` ```
$ ARCH=amd64 TAG=dev REGISTRY=$USER/ingress-controller make build container $ ARCH=amd64 TAG=dev REGISTRY=$USER/ingress-controller make build image
``` ```
The image will only be used by pods created after the rebuild. To delete old pods which will cause new ones to spin up: The image will only be used by pods created after the rebuild. To delete old pods which will cause new ones to spin up:
@ -76,16 +76,15 @@ To find the registry simply run: `docker system info | grep Registry`
The e2e test image can also be built through the Makefile. The e2e test image can also be built through the Makefile.
```console ```console
$ make e2e-test-image $ make -C test/e2e-image image
``` ```
You can then make this image available on your minikube host by exporting the image and loading it with the minikube docker context: Then you can load the docker image using kind:
```console ```console
$ docker save nginx-ingress-controller:e2e | (eval $(minikube docker-env) && docker load) $ kind load docker-image --name="ingress-nginx-dev" nginx-ingress-controller:e2e
``` ```
### Nginx Controller ### Nginx Controller
Build a raw server binary Build a raw server binary
@ -98,19 +97,13 @@ $ make build
Build a local container image Build a local container image
```console ```console
$ TAG=<tag> REGISTRY=$USER/ingress-controller make container $ TAG=<tag> REGISTRY=$USER/ingress-controller make image
```
Push the container image to a remote repository
```console
$ TAG=<tag> REGISTRY=$USER/ingress-controller make push
``` ```
## Deploying ## Deploying
There are several ways to deploy the ingress controller onto a cluster. There are several ways to deploy the ingress controller onto a cluster.
Please check the [deployment guide](../deploy/) Please check the [deployment guide](./deploy/)
## Testing ## Testing
@ -125,7 +118,12 @@ If you have access to a Kubernetes cluster, you can also run e2e tests using gin
```console ```console
$ cd $GOPATH/src/k8s.io/ingress-nginx $ cd $GOPATH/src/k8s.io/ingress-nginx
$ make e2e-test $ KIND_CLUSTER_NAME="ingress-nginx-test" make kind-e2e-test
```
To set focus to a particular set of tests, a FOCUS flag can be set.
```console
KIND_CLUSTER_NAME="ingress-nginx-test" FOCUS="no-auth-locations" make kind-e2e-test
``` ```
NOTE: if your e2e pod keeps hanging in an ImagePullBackoff, make sure you've made your e2e nginx-ingress-controller image available to minikube as explained in the **Building the e2e test image** section NOTE: if your e2e pod keeps hanging in an ImagePullBackoff, make sure you've made your e2e nginx-ingress-controller image available to minikube as explained in the **Building the e2e test image** section

2
docs/examples/auth/oauth-external-auth/oauth2-proxy.yaml
View file

@ -31,7 +31,7 @@ spec:
# docker run -ti --rm python:3-alpine python -c 'import secrets,base64; print(base64.b64encode(base64.b64encode(secrets.token_bytes(16))));' # docker run -ti --rm python:3-alpine python -c 'import secrets,base64; print(base64.b64encode(base64.b64encode(secrets.token_bytes(16))));'
- name: OAUTH2_PROXY_COOKIE_SECRET - name: OAUTH2_PROXY_COOKIE_SECRET
value: SECRET value: SECRET
image: quay.io/pusher/oauth2_proxy:latest image: quay.io/oauth2-proxy/oauth2-proxy:latest
imagePullPolicy: Always imagePullPolicy: Always
name: oauth2-proxy name: oauth2-proxy
ports: ports:

4
docs/examples/customization/custom-headers/README.md
View file

@ -10,13 +10,13 @@ server.
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/docs/examples/customization/custom-headers/custom-headers.yaml kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/docs/examples/customization/custom-headers/custom-headers.yaml
``` ```
[configmap.yaml](configmap.yaml) defines a ConfigMap in the `ingress-nginx` namespace named `nginx-configuration`. This controls the [global configuration](../../../user-guide/nginx-configuration/configmap.md) of the ingress controller, and already exists in a standard installation. The key `proxy-set-headers` is set to cite the previously-created `ingress-nginx/custom-headers` ConfigMap. [configmap.yaml](configmap.yaml) defines a ConfigMap in the `ingress-nginx` namespace named `ingress-nginx-controller`. This controls the [global configuration](../../../user-guide/nginx-configuration/configmap.md) of the ingress controller, and already exists in a standard installation. The key `proxy-set-headers` is set to cite the previously-created `ingress-nginx/custom-headers` ConfigMap.
```console ```console
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/docs/examples/customization/custom-headers/configmap.yaml kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/docs/examples/customization/custom-headers/configmap.yaml
``` ```
The nginx ingress controller will read the `ingress-nginx/nginx-configuration` ConfigMap, find the `proxy-set-headers` key, read HTTP headers from the `ingress-nginx/custom-headers` ConfigMap, and include those HTTP headers in all requests flowing from nginx to the backends. The nginx ingress controller will read the `ingress-nginx/ingress-nginx-controller` ConfigMap, find the `proxy-set-headers` key, read HTTP headers from the `ingress-nginx/custom-headers` ConfigMap, and include those HTTP headers in all requests flowing from nginx to the backends.
## Test ## Test

2
docs/examples/static-ip/nginx-ingress-controller.yaml
View file

@ -24,7 +24,7 @@ spec:
# hostNetwork: true # hostNetwork: true
terminationGracePeriodSeconds: 60 terminationGracePeriodSeconds: 60
containers: containers:
- image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.32.0 - image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.33.0
name: nginx-ingress-controller name: nginx-ingress-controller
readinessProbe: readinessProbe:
httpGet: httpGet:

2
docs/troubleshooting.md
View file

@ -165,7 +165,7 @@ Kubernetes Workstation
### Service Account ### Service Account
If using a service account to connect to the API server, Dashboard expects the file If using a service account to connect to the API server, the ingress-controller expects the file
`/var/run/secrets/kubernetes.io/serviceaccount/token` to be present. It provides a secret `/var/run/secrets/kubernetes.io/serviceaccount/token` to be present. It provides a secret
token that is required to authenticate with the API server. token that is required to authenticate with the API server.

2
docs/user-guide/custom-errors.md
View file

@ -5,7 +5,7 @@ that it passes several HTTP headers down to its `default-backend` in case of err
| Header | Value | | Header | Value |
| ---------------- | ------------------------------------------------------------------- | | ---------------- | ------------------------------------------------------------------- |
| `X-Code` | HTTP status code retuned by the request | | `X-Code` | HTTP status code returned by the request |
| `X-Format` | Value of the `Accept` header sent by the client | | `X-Format` | Value of the `Accept` header sent by the client |
| `X-Original-URI` | URI that caused the error | | `X-Original-URI` | URI that caused the error |
| `X-Namespace` | Namespace where the backend Service is located | | `X-Namespace` | Namespace where the backend Service is located |

2
docs/user-guide/monitoring.md
View file

@ -74,6 +74,6 @@ According to the above example, this URL will be http://10.192.0.3:31086
The username and password is `admin` The username and password is `admin`
After the login you can import the Grafana dashboard from _https://github.com/kubernetes/ingress-nginx/tree/master/deploy/grafana/dashboards_ After the login you can import the Grafana dashboard from [official dashboards](https://github.com/kubernetes/ingress-nginx/tree/master/deploy/grafana/dashboards)
![Dashboard](../images/grafana.png) ![Dashboard](../images/grafana.png)

11
docs/user-guide/nginx-configuration/annotations.md
View file

@ -100,6 +100,7 @@ You can add these Kubernetes annotations to specific Ingress objects to customiz
|[nginx.ingress.kubernetes.io/proxy-buffer-size](#proxy-buffer-size)|string| |[nginx.ingress.kubernetes.io/proxy-buffer-size](#proxy-buffer-size)|string|
|[nginx.ingress.kubernetes.io/proxy-max-temp-file-size](#proxy-max-temp-file-size)|string| |[nginx.ingress.kubernetes.io/proxy-max-temp-file-size](#proxy-max-temp-file-size)|string|
|[nginx.ingress.kubernetes.io/ssl-ciphers](#ssl-ciphers)|string| |[nginx.ingress.kubernetes.io/ssl-ciphers](#ssl-ciphers)|string|
|[nginx.ingress.kubernetes.io/ssl-prefer-server-ciphers](#ssl-ciphers)|"true" or "false"|
|[nginx.ingress.kubernetes.io/connection-proxy-header](#connection-proxy-header)|string| |[nginx.ingress.kubernetes.io/connection-proxy-header](#connection-proxy-header)|string|
|[nginx.ingress.kubernetes.io/enable-access-log](#enable-access-log)|"true" or "false"| |[nginx.ingress.kubernetes.io/enable-access-log](#enable-access-log)|"true" or "false"|
|[nginx.ingress.kubernetes.io/enable-opentracing](#enable-opentracing)|"true" or "false"| |[nginx.ingress.kubernetes.io/enable-opentracing](#enable-opentracing)|"true" or "false"|
@ -172,7 +173,7 @@ Use `nginx.ingress.kubernetes.io/session-cookie-samesite` to apply a `SameSite`
### Authentication ### Authentication
Is possible to add authentication adding additional annotations in the Ingress rule. The source of the authentication is a secret that contains usernames and passwords. It is possible to add authentication by adding additional annotations in the Ingress rule. The source of the authentication is a secret that contains usernames and passwords.
The annotations are: The annotations are:
``` ```
@ -212,7 +213,7 @@ There is a special mode of upstream hashing called subset. In this mode, upstrea
To enable consistent hashing for a backend: To enable consistent hashing for a backend:
`nginx.ingress.kubernetes.io/upstream-hash-by`: the nginx variable, text value or any combination thereof to use for consistent hashing. For example `nginx.ingress.kubernetes.io/upstream-hash-by: "$request_uri"` to consistently hash upstream requests by the current request URI. `nginx.ingress.kubernetes.io/upstream-hash-by`: the nginx variable, text value or any combination thereof to use for consistent hashing. For example: `nginx.ingress.kubernetes.io/upstream-hash-by: "$request_uri"` or `nginx.ingress.kubernetes.io/upstream-hash-by: "$request_uri$host"` or `nginx.ingress.kubernetes.io/upstream-hash-by: "${request_uri}-text-value"` to consistently hash upstream requests by the current request URI.
"subset" hashing can be enabled setting `nginx.ingress.kubernetes.io/upstream-hash-by-subset`: "true". This maps requests to subset of nodes instead of a single one. `upstream-hash-by-subset-size` determines the size of each subset (default 3). "subset" hashing can be enabled setting `nginx.ingress.kubernetes.io/upstream-hash-by-subset`: "true". This maps requests to subset of nodes instead of a single one. `upstream-hash-by-subset-size` determines the size of each subset (default 3).
@ -646,6 +647,12 @@ Using this annotation will set the `ssl_ciphers` directive at the server level.
nginx.ingress.kubernetes.io/ssl-ciphers: "ALL:!aNULL:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP" nginx.ingress.kubernetes.io/ssl-ciphers: "ALL:!aNULL:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP"
``` ```
The following annotation will set the `ssl_prefer_server_ciphers` directive at the server level. This configuration specifies that server ciphers should be preferred over client ciphers when using the SSLv3 and TLS protocols.
```yaml
nginx.ingress.kubernetes.io/ssl-prefer-server-ciphers: "true"
```
### Connection proxy header ### Connection proxy header
Using this annotation will override the default connection header set by NGINX. Using this annotation will override the default connection header set by NGINX.

18
docs/user-guide/nginx-configuration/configmap.md
View file

@ -32,6 +32,8 @@ The following table shows a configuration option's name, type, and the default v
|[hide-headers](#hide-headers)|string array|empty| |[hide-headers](#hide-headers)|string array|empty|
|[access-log-params](#access-log-params)|string|""| |[access-log-params](#access-log-params)|string|""|
|[access-log-path](#access-log-path)|string|"/var/log/nginx/access.log"| |[access-log-path](#access-log-path)|string|"/var/log/nginx/access.log"|
|[http-access-log-path](#http-access-log-path)|string|""|
|[stream-access-log-path](#stream-access-log-path)|string|""|
|[enable-access-log-for-default-backend](#enable-access-log-for-default-backend)|bool|"false"| |[enable-access-log-for-default-backend](#enable-access-log-for-default-backend)|bool|"false"|
|[error-log-path](#error-log-path)|string|"/var/log/nginx/error.log"| |[error-log-path](#error-log-path)|string|"/var/log/nginx/error.log"|
|[enable-modsecurity](#enable-modsecurity)|bool|"false"| |[enable-modsecurity](#enable-modsecurity)|bool|"false"|
@ -207,10 +209,24 @@ _References:_
## access-log-path ## access-log-path
Access log path. Goes to `/var/log/nginx/access.log` by default. Access log path for both http and stream context. Goes to `/var/log/nginx/access.log` by default.
__Note:__ the file `/var/log/nginx/access.log` is a symlink to `/dev/stdout` __Note:__ the file `/var/log/nginx/access.log` is a symlink to `/dev/stdout`
## http-access-log-path
Access log path for http context globally.
_**default:**_ ""
__Note:__ If not specified, the `access-log-path` will be used.
## stream-access-log-path
Access log path for stream context globally.
_**default:**_ ""
__Note:__ If not specified, the `access-log-path` will be used.
## enable-access-log-for-default-backend ## enable-access-log-for-default-backend
Enables logging access to default backend. _**default:**_ is disabled. Enables logging access to default backend. _**default:**_ is disabled.

64
go.mod
View file

@ -22,7 +22,7 @@ require (
github.com/moul/pb v0.0.0-20180404114147-54bdd96e6a52 github.com/moul/pb v0.0.0-20180404114147-54bdd96e6a52
github.com/ncabatoff/process-exporter v0.6.0 github.com/ncabatoff/process-exporter v0.6.0
github.com/onsi/ginkgo v1.12.0 github.com/onsi/ginkgo v1.12.0
github.com/opencontainers/runc v1.0.0-rc9 github.com/opencontainers/runc v1.0.0-rc10
github.com/pkg/errors v0.9.1 github.com/pkg/errors v0.9.1
github.com/prometheus/client_golang v1.4.0 github.com/prometheus/client_golang v1.4.0
github.com/prometheus/client_model v0.2.0 github.com/prometheus/client_model v0.2.0
@ -44,40 +44,40 @@ require (
gopkg.in/gavv/httpexpect.v2 v2.0.0 gopkg.in/gavv/httpexpect.v2 v2.0.0
gopkg.in/go-playground/assert.v1 v1.2.1 // indirect gopkg.in/go-playground/assert.v1 v1.2.1 // indirect
gopkg.in/go-playground/pool.v3 v3.1.1 gopkg.in/go-playground/pool.v3 v3.1.1
k8s.io/api v0.18.2 k8s.io/api v0.18.3
k8s.io/apiextensions-apiserver v0.18.2 k8s.io/apiextensions-apiserver v0.18.3
k8s.io/apimachinery v0.18.2 k8s.io/apimachinery v0.18.3
k8s.io/apiserver v0.18.2 k8s.io/apiserver v0.18.3
k8s.io/cli-runtime v0.18.2 k8s.io/cli-runtime v0.18.3
k8s.io/client-go v0.18.2 k8s.io/client-go v0.18.3
k8s.io/code-generator v0.18.2 k8s.io/code-generator v0.18.3
k8s.io/component-base v0.18.2 k8s.io/component-base v0.18.3
k8s.io/klog v1.0.0 k8s.io/klog v1.0.0
k8s.io/kubernetes v1.18.2 k8s.io/kubernetes v1.18.3
pault.ag/go/sniff v0.0.0-20200207005214-cf7e4d167732 pault.ag/go/sniff v0.0.0-20200207005214-cf7e4d167732
sigs.k8s.io/controller-runtime v0.5.1-0.20200327213554-2d4c4877f906 sigs.k8s.io/controller-runtime v0.6.0
) )
replace ( replace (
k8s.io/api => k8s.io/api v0.18.2 k8s.io/api => k8s.io/api v0.18.3
k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.18.2 k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.18.3
k8s.io/apimachinery => k8s.io/apimachinery v0.18.2 k8s.io/apimachinery => k8s.io/apimachinery v0.18.3
k8s.io/apiserver => k8s.io/apiserver v0.18.2 k8s.io/apiserver => k8s.io/apiserver v0.18.3
k8s.io/cli-runtime => k8s.io/cli-runtime v0.18.2 k8s.io/cli-runtime => k8s.io/cli-runtime v0.18.3
k8s.io/client-go => k8s.io/client-go v0.18.2 k8s.io/client-go => k8s.io/client-go v0.18.3
k8s.io/cloud-provider => k8s.io/cloud-provider v0.18.2 k8s.io/cloud-provider => k8s.io/cloud-provider v0.18.3
k8s.io/cluster-bootstrap => k8s.io/cluster-bootstrap v0.18.2 k8s.io/cluster-bootstrap => k8s.io/cluster-bootstrap v0.18.3
k8s.io/code-generator => k8s.io/code-generator v0.18.2 k8s.io/code-generator => k8s.io/code-generator v0.18.3
k8s.io/component-base => k8s.io/component-base v0.18.2 k8s.io/component-base => k8s.io/component-base v0.18.3
k8s.io/cri-api => k8s.io/cri-api v0.18.2 k8s.io/cri-api => k8s.io/cri-api v0.18.3
k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.18.2 k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.18.3
k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.18.2 k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.18.3
k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.18.2 k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.18.3
k8s.io/kube-proxy => k8s.io/kube-proxy v0.18.2 k8s.io/kube-proxy => k8s.io/kube-proxy v0.18.3
k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.18.2 k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.18.3
k8s.io/kubectl => k8s.io/kubectl v0.18.2 k8s.io/kubectl => k8s.io/kubectl v0.18.3
k8s.io/kubelet => k8s.io/kubelet v0.18.2 k8s.io/kubelet => k8s.io/kubelet v0.18.3
k8s.io/legacy-cloud-providers => k8s.io/legacy-cloud-providers v0.18.2 k8s.io/legacy-cloud-providers => k8s.io/legacy-cloud-providers v0.18.3
k8s.io/metrics => k8s.io/metrics v0.18.2 k8s.io/metrics => k8s.io/metrics v0.18.3
k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.18.2 k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.18.3
) )

78
go.sum
View file

@ -132,7 +132,6 @@ github.com/docker/go-units v0.3.3 h1:Xk8S3Xj5sLGlG5g67hJmYMmUgXv5N4PhkjJHHqrwnTk
github.com/docker/go-units v0.3.3/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk= github.com/docker/go-units v0.3.3/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
github.com/docker/go-units v0.4.0 h1:3uh0PgVws3nIA0Q+MwDC8yjEPf9zjRfZZWXZYDct3Tw= github.com/docker/go-units v0.4.0 h1:3uh0PgVws3nIA0Q+MwDC8yjEPf9zjRfZZWXZYDct3Tw=
github.com/docker/go-units v0.4.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk= github.com/docker/go-units v0.4.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
github.com/docker/libnetwork v0.8.0-dev.2.0.20190925143933-c8a5fca4a652/go.mod h1:93m0aTqz6z+g32wla4l4WxTrdtvBRmVzYRkYvasA5Z8=
github.com/docker/spdystream v0.0.0-20160310174837-449fdfce4d96 h1:cenwrSVm+Z7QLSV/BsnenAOcDXdX4cMv4wP0B/5QbPg= github.com/docker/spdystream v0.0.0-20160310174837-449fdfce4d96 h1:cenwrSVm+Z7QLSV/BsnenAOcDXdX4cMv4wP0B/5QbPg=
github.com/docker/spdystream v0.0.0-20160310174837-449fdfce4d96/go.mod h1:Qh8CwZgvJUkLughtfhJv5dyTYa91l1fOUCrgjqmcifM= github.com/docker/spdystream v0.0.0-20160310174837-449fdfce4d96/go.mod h1:Qh8CwZgvJUkLughtfhJv5dyTYa91l1fOUCrgjqmcifM=
github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE= github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE=
@ -524,9 +523,8 @@ github.com/onsi/gomega v1.8.1/go.mod h1:Ho0h+IUsWyvy1OpqCwxlQ/21gkhVunqlU8fDGcoT
github.com/opencontainers/go-digest v1.0.0-rc1 h1:WzifXhOVOEOuFYOJAW6aQqW0TooG2iki3E3Ii+WN7gQ= github.com/opencontainers/go-digest v1.0.0-rc1 h1:WzifXhOVOEOuFYOJAW6aQqW0TooG2iki3E3Ii+WN7gQ=
github.com/opencontainers/go-digest v1.0.0-rc1/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s= github.com/opencontainers/go-digest v1.0.0-rc1/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
github.com/opencontainers/image-spec v1.0.1/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0= github.com/opencontainers/image-spec v1.0.1/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0=
github.com/opencontainers/runc v1.0.0-rc10 h1:AbmCEuSZXVflng0/cboQkpdEOeBsPMjz6tmq4Pv8MZw=
github.com/opencontainers/runc v1.0.0-rc10/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U= github.com/opencontainers/runc v1.0.0-rc10/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U=
github.com/opencontainers/runc v1.0.0-rc9 h1:/k06BMULKF5hidyoZymkoDCzdJzltZpz/UU4LguQVtc=
github.com/opencontainers/runc v1.0.0-rc9/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U=
github.com/opencontainers/runtime-spec v1.0.0 h1:O6L965K88AilqnxeYPks/75HLpp4IG+FjeSCI3cVdRg= github.com/opencontainers/runtime-spec v1.0.0 h1:O6L965K88AilqnxeYPks/75HLpp4IG+FjeSCI3cVdRg=
github.com/opencontainers/runtime-spec v1.0.0/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/runtime-spec v1.0.0/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
github.com/opencontainers/selinux v1.3.1-0.20190929122143-5215b1806f52/go.mod h1:+BLncwf63G4dgOzykXAxcmnFlUaOlkDdmw/CqsW6pjs= github.com/opencontainers/selinux v1.3.1-0.20190929122143-5215b1806f52/go.mod h1:+BLncwf63G4dgOzykXAxcmnFlUaOlkDdmw/CqsW6pjs=
@ -934,28 +932,28 @@ honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWh
honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
honnef.co/go/tools v0.0.1-2019.2.2/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= honnef.co/go/tools v0.0.1-2019.2.2/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
k8s.io/api v0.18.2 h1:wG5g5ZmSVgm5B+eHMIbI9EGATS2L8Z72rda19RIEgY8= k8s.io/api v0.18.3 h1:2AJaUQdgUZLoDZHrun21PW2Nx9+ll6cUzvn3IKhSIn0=
k8s.io/api v0.18.2/go.mod h1:SJCWI7OLzhZSvbY7U8zwNl9UA4o1fizoug34OV/2r78= k8s.io/api v0.18.3/go.mod h1:UOaMwERbqJMfeeeHc8XJKawj4P9TgDRnViIqqBeH2QA=
k8s.io/apiextensions-apiserver v0.18.2 h1:I4v3/jAuQC+89L3Z7dDgAiN4EOjN6sbm6iBqQwHTah8= k8s.io/apiextensions-apiserver v0.18.3 h1:h6oZO+iAgg0HjxmuNnguNdKNB9+wv3O1EBDdDWJViQ0=
k8s.io/apiextensions-apiserver v0.18.2/go.mod h1:q3faSnRGmYimiocj6cHQ1I3WpLqmDgJFlKL37fC4ZvY= k8s.io/apiextensions-apiserver v0.18.3/go.mod h1:TMsNGs7DYpMXd+8MOCX8KzPOCx8fnZMoIGB24m03+JE=
k8s.io/apimachinery v0.18.2 h1:44CmtbmkzVDAhCpRVSiP2R5PPrC2RtlIv/MoB8xpdRA= k8s.io/apimachinery v0.18.3 h1:pOGcbVAhxADgUYnjS08EFXs9QMl8qaH5U4fr5LGUrSk=
k8s.io/apimachinery v0.18.2/go.mod h1:9SnR/e11v5IbyPCGbvJViimtJ0SwHG4nfZFjU77ftcA= k8s.io/apimachinery v0.18.3/go.mod h1:OaXp26zu/5J7p0f92ASynJa1pZo06YlV9fG7BoWbCko=
k8s.io/apiserver v0.18.2 h1:fwKxdTWwwYhxvtjo0UUfX+/fsitsNtfErPNegH2x9ic= k8s.io/apiserver v0.18.3 h1:BVjccwKP/kEqY+ResOyWs0EKs7f4XL0d0E5GkU3uiqI=
k8s.io/apiserver v0.18.2/go.mod h1:Xbh066NqrZO8cbsoenCwyDJ1OSi8Ag8I2lezeHxzwzw= k8s.io/apiserver v0.18.3/go.mod h1:tHQRmthRPLUtwqsOnJJMoI8SW3lnoReZeE861lH8vUw=
k8s.io/cli-runtime v0.18.2 h1:JiTN5RgkFNTiMxHBRyrl6n26yKWAuNRlei1ZJALUmC8= k8s.io/cli-runtime v0.18.3 h1:8IBtaTYmXiXipKdx2FAKotvnQMjcF0kSLvX4szY340c=
k8s.io/cli-runtime v0.18.2/go.mod h1:yfFR2sQQzDsV0VEKGZtrJwEy4hLZ2oj4ZIfodgxAHWQ= k8s.io/cli-runtime v0.18.3/go.mod h1:pqbbi4nqRIQhUWAVzen8uE8DD/zcZLwf+8sQYO4lwLk=
k8s.io/client-go v0.18.2 h1:aLB0iaD4nmwh7arT2wIn+lMnAq7OswjaejkQ8p9bBYE= k8s.io/client-go v0.18.3 h1:QaJzz92tsN67oorwzmoB0a9r9ZVHuD5ryjbCKP0U22k=
k8s.io/client-go v0.18.2/go.mod h1:Xcm5wVGXX9HAA2JJ2sSBUn3tCJ+4SVlCbl2MNNv+CIU= k8s.io/client-go v0.18.3/go.mod h1:4a/dpQEvzAhT1BbuWW09qvIaGw6Gbu1gZYiQZIi1DMw=
k8s.io/cloud-provider v0.18.2 h1:bwVSHGbT6/FP2tf/yOmb+K4w6OR0BsKekwDltKfrVy0= k8s.io/cloud-provider v0.18.3 h1:h3zk/I1+Bkz4Wl5TAcJhK4wT+CYLws5mL1XTxIjkDwE=
k8s.io/cloud-provider v0.18.2/go.mod h1:t1HjnQN2l5wK/fORo/yyu0Q+bZTYuReHYCIpi/qqfms= k8s.io/cloud-provider v0.18.3/go.mod h1:sZelqNhA+TI+FqV6smLvZ84/DQCNdrEUmdQLneZpfC4=
k8s.io/cluster-bootstrap v0.18.2/go.mod h1:lHDOrHDzZi3eQE9bYMFpkwwUuLYiAiBuQuHaAnoGWTk= k8s.io/cluster-bootstrap v0.18.3/go.mod h1:iM3iptIPGNWCvFBvm67JJWaFdYb+7Gzle2bj125ZBy8=
k8s.io/code-generator v0.18.2 h1:C1Nn2JiMf244CvBDKVPX0W2mZFJkVBg54T8OV7/Imso= k8s.io/code-generator v0.18.3 h1:5H57pYEbkMMXCLKD16YQH3yDPAbVLweUsB1M3m70D1c=
k8s.io/code-generator v0.18.2/go.mod h1:+UHX5rSbxmR8kzS+FAv7um6dtYrZokQvjHpDSYRVkTc= k8s.io/code-generator v0.18.3/go.mod h1:TgNEVx9hCyPGpdtCWA34olQYLkh3ok9ar7XfSsr8b6c=
k8s.io/component-base v0.18.2 h1:SJweNZAGcUvsypLGNPNGeJ9UgPZQ6+bW+gEHe8uyh/Y= k8s.io/component-base v0.18.3 h1:QXq+P4lgi4LCIREya1RDr5gTcBaVFhxEcALir3QCSDA=
k8s.io/component-base v0.18.2/go.mod h1:kqLlMuhJNHQ9lz8Z7V5bxUUtjFZnrypArGl58gmDfUM= k8s.io/component-base v0.18.3/go.mod h1:bp5GzGR0aGkYEfTj+eTY0AN/vXTgkJdQXjNTTVUaa3k=
k8s.io/cri-api v0.18.2 h1:bykYbClh5Bnjo2EMjlYbYQ3ksxHjjLcbriKPm831hVk= k8s.io/cri-api v0.18.3 h1:XDR/4XxbEgalHfKkfwNpk+iIYeBT/dZLnpnZYrm1dbY=
k8s.io/cri-api v0.18.2/go.mod h1:OJtpjDvfsKoLGhvcc0qfygved0S0dGX56IJzPbqTG1s= k8s.io/cri-api v0.18.3/go.mod h1:OJtpjDvfsKoLGhvcc0qfygved0S0dGX56IJzPbqTG1s=
k8s.io/csi-translation-lib v0.18.2/go.mod h1:2lyXP0OP6MuzAEde802d4L/Rhzj4teNdNBKGVxVKV78= k8s.io/csi-translation-lib v0.18.3/go.mod h1:4UtVGtxPzhtFdadhRCYBL084NvJLNMouCat3UcTbbu0=
k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
k8s.io/gengo v0.0.0-20200114144118-36b2048a9120 h1:RPscN6KhmG54S33L+lr3GS+oD1jmchIU0ll519K6FA4= k8s.io/gengo v0.0.0-20200114144118-36b2048a9120 h1:RPscN6KhmG54S33L+lr3GS+oD1jmchIU0ll519K6FA4=
k8s.io/gengo v0.0.0-20200114144118-36b2048a9120/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= k8s.io/gengo v0.0.0-20200114144118-36b2048a9120/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
@ -964,20 +962,20 @@ k8s.io/klog v0.0.0-20181102134211-b9b56d5dfc92/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUc
k8s.io/klog v0.3.0/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk= k8s.io/klog v0.3.0/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk=
k8s.io/klog v1.0.0 h1:Pt+yjF5aB1xDSVbau4VsWe+dQNzA0qv1LlXdC2dF6Q8= k8s.io/klog v1.0.0 h1:Pt+yjF5aB1xDSVbau4VsWe+dQNzA0qv1LlXdC2dF6Q8=
k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I= k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I=
k8s.io/kube-aggregator v0.18.2/go.mod h1:ijq6FnNUoKinA6kKbkN6svdTacSoQVNtKqmQ1+XJEYQ= k8s.io/kube-aggregator v0.18.3/go.mod h1:fux0WabUOggW2yAACL4jQGVd6kv7mSgBnJ3GgCXCris=
k8s.io/kube-controller-manager v0.18.2/go.mod h1:v45wCqexTrOltgwj92V4ve7hm5f70GQzi4a47/RQ0HQ= k8s.io/kube-controller-manager v0.18.3/go.mod h1:gKpzON0DWgbn5oNAXrsBJAQR0ztw9GQQ7mBBGVYM7Xk=
k8s.io/kube-openapi v0.0.0-20200121204235-bf4fb3bd569c h1:/KUFqjjqAcY4Us6luF5RDNZ16KJtb49HfR3ZHB9qYXM= k8s.io/kube-openapi v0.0.0-20200410145947-61e04a5be9a6 h1:Oh3Mzx5pJ+yIumsAD0MOECPVeXsVot0UkiaCGVyfGQY=
k8s.io/kube-openapi v0.0.0-20200121204235-bf4fb3bd569c/go.mod h1:GRQhZsXIAJ1xR0C9bd8UpWHZ5plfAS9fzPjJuQ6JL3E= k8s.io/kube-openapi v0.0.0-20200410145947-61e04a5be9a6/go.mod h1:GRQhZsXIAJ1xR0C9bd8UpWHZ5plfAS9fzPjJuQ6JL3E=
k8s.io/kube-proxy v0.18.2/go.mod h1:VTgyDMdylYGgHVqLQo/Nt4yDWkh/LRsSnxRiG8GVgDo= k8s.io/kube-proxy v0.18.3/go.mod h1:Uyqd3mVXhJeNzTmZYW/6N00Bu3kVJ6jzLQQ/T7f8jY0=
k8s.io/kube-scheduler v0.18.2/go.mod h1:dL+C0Hp/ahQOQK3BsgmV8btb3BtMZvz6ONUw/v1N8sk= k8s.io/kube-scheduler v0.18.3/go.mod h1:55V1fgqzVXEDJB/zkBYjVceixZFQVOVWZwfLrnXt3yA=
k8s.io/kubectl v0.18.2/go.mod h1:OdgFa3AlsPKRpFFYE7ICTwulXOcMGXHTc+UKhHKvrb4= k8s.io/kubectl v0.18.3/go.mod h1:k/EpvXBDgEsHBzWr0A44l9+ArvYi3txBBnzXBjQasUQ=
k8s.io/kubelet v0.18.2/go.mod h1:7x/nzlIWJLg7vOfmbQ4lgsYazEB0gOhjiYiHK1Gii4M= k8s.io/kubelet v0.18.3/go.mod h1:KXTAte7pUtoMyIlysam9g6HIY8C+D5Djd4fZvGXqLtg=
k8s.io/kubernetes v1.18.2 h1:37sJPq6p+gx5hEHQSwCWXIiXDc9AajzV1A5UrswnDq0= k8s.io/kubernetes v1.18.3 h1:6qtm8v3z+OwYm2SnsTxYUtGCsIbGBZ/Dh9yER+aNIoI=
k8s.io/kubernetes v1.18.2/go.mod h1:z8xjOOO1Ljz+TaHpOxVGC7cxtF32TesIamoQ+BZrVS0= k8s.io/kubernetes v1.18.3/go.mod h1:Efg82S+Ti02A/Mww53bxroc7IgzX2bgPsf6hT8gAs3M=
k8s.io/legacy-cloud-providers v0.18.2/go.mod h1:zzFRqgDC6cP1SgPl7lMmo1fjILDZ+bsNtTjLnxAfgI0= k8s.io/legacy-cloud-providers v0.18.3/go.mod h1:ZsvkD18BRzT2PUxvlX4ueqDA2+eM35d0N0GZC4Jynl8=
k8s.io/metrics v0.18.2/go.mod h1:qga8E7QfYNR9Q89cSCAjinC9pTZ7yv1XSVGUB0vJypg= k8s.io/metrics v0.18.3/go.mod h1:TkuJE3ezDZ1ym8pYkZoEzJB7HDiFE7qxl+EmExEBoPA=
k8s.io/repo-infra v0.0.1-alpha.1/go.mod h1:wO1t9WaB99V80ljbeENTnayuEEwNZt7gECYh/CEyOJ8= k8s.io/repo-infra v0.0.1-alpha.1/go.mod h1:wO1t9WaB99V80ljbeENTnayuEEwNZt7gECYh/CEyOJ8=
k8s.io/sample-apiserver v0.18.2/go.mod h1:qYk6alcVIlWzmypsSmsWw5Kj4eUNr5jzJZZFJDUXwXE= k8s.io/sample-apiserver v0.18.3/go.mod h1:Un04reJ2OCi73A/ZKrZkMtumJznUl98AM18pfu8bM0g=
k8s.io/system-validators v1.0.4/go.mod h1:HgSgTg4NAGNoYYjKsUyk52gdNi2PVDswQ9Iyn66R7NI= k8s.io/system-validators v1.0.4/go.mod h1:HgSgTg4NAGNoYYjKsUyk52gdNi2PVDswQ9Iyn66R7NI=
k8s.io/utils v0.0.0-20200324210504-a9aa75ae1b89 h1:d4vVOjXm687F1iLSP2q3lyPPuyvTUt3aVoBpi2DqRsU= k8s.io/utils v0.0.0-20200324210504-a9aa75ae1b89 h1:d4vVOjXm687F1iLSP2q3lyPPuyvTUt3aVoBpi2DqRsU=
k8s.io/utils v0.0.0-20200324210504-a9aa75ae1b89/go.mod h1:sZAwmy6armz5eXlNoLmJcl4F1QuKu7sr+mFQ0byX7Ew= k8s.io/utils v0.0.0-20200324210504-a9aa75ae1b89/go.mod h1:sZAwmy6armz5eXlNoLmJcl4F1QuKu7sr+mFQ0byX7Ew=
@ -993,8 +991,8 @@ pault.ag/go/sniff v0.0.0-20200207005214-cf7e4d167732 h1:SAElp8THCfmBdM+4lmWX5geb
pault.ag/go/sniff v0.0.0-20200207005214-cf7e4d167732/go.mod h1:lpvCfhqEHNJSSpG5R5A2EgsVzG8RTt4RfPoQuRAcDmg= pault.ag/go/sniff v0.0.0-20200207005214-cf7e4d167732/go.mod h1:lpvCfhqEHNJSSpG5R5A2EgsVzG8RTt4RfPoQuRAcDmg=
rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4= rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4=
sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.7/go.mod h1:PHgbrJT7lCHcxMU+mDHEm+nx46H4zuuHZkDP6icnhu0= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.7/go.mod h1:PHgbrJT7lCHcxMU+mDHEm+nx46H4zuuHZkDP6icnhu0=
sigs.k8s.io/controller-runtime v0.5.1-0.20200327213554-2d4c4877f906 h1:GmjdjkxJjSpke49jWgDxBsd9uuHFdxEkBntoImFd2D8= sigs.k8s.io/controller-runtime v0.6.0 h1:Fzna3DY7c4BIP6KwfSlrfnj20DJ+SeMBK8HSFvOk9NM=
sigs.k8s.io/controller-runtime v0.5.1-0.20200327213554-2d4c4877f906/go.mod h1:j4echH3Y/UPHRpXS65rxGXujda8iWOheMQvDh1uNgaY= sigs.k8s.io/controller-runtime v0.6.0/go.mod h1:CpYf5pdNY/B352A1TFLAS2JVSlnGQ5O2cftPHndTroo=
sigs.k8s.io/kustomize v2.0.3+incompatible h1:JUufWFNlI44MdtnjUqVnvh29rR37PQFzPbLXqhyOyX0= sigs.k8s.io/kustomize v2.0.3+incompatible h1:JUufWFNlI44MdtnjUqVnvh29rR37PQFzPbLXqhyOyX0=
sigs.k8s.io/kustomize v2.0.3+incompatible/go.mod h1:MkjgH3RdOWrievjo6c9T245dYlB5QeXV4WCbnt/PEpU= sigs.k8s.io/kustomize v2.0.3+incompatible/go.mod h1:MkjgH3RdOWrievjo6c9T245dYlB5QeXV4WCbnt/PEpU=
sigs.k8s.io/structured-merge-diff/v3 v3.0.0-20200116222232-67a7b8c61874/go.mod h1:PlARxl6Hbt/+BC80dRLi1qAmnMqwqDg62YvvVkZjemw= sigs.k8s.io/structured-merge-diff/v3 v3.0.0-20200116222232-67a7b8c61874/go.mod h1:PlARxl6Hbt/+BC80dRLi1qAmnMqwqDg62YvvVkZjemw=

2
hack/verify-lualint.sh
View file

@ -19,3 +19,5 @@ set -o nounset
set -o pipefail set -o pipefail
luacheck --codes -q rootfs/etc/nginx/lua/ luacheck --codes -q rootfs/etc/nginx/lua/
find rootfs/etc/nginx/lua/ -name "*.lua" -not -path "*/test/*" -exec lj-releng -L -s {} + && echo "lj-releng validation is success!"

12
images/cfssl/Makefile
View file

@ -18,16 +18,12 @@
TAG ?= 0.0 TAG ?= 0.0
REGISTRY ?= ingress-controller REGISTRY ?= ingress-controller
DOCKER ?= docker
IMGNAME = cfssl IMAGE = $(REGISTRY)/cfssl
IMAGE = $(REGISTRY)/$(IMGNAME)
container: image:
$(DOCKER) buildx build \ docker build \
--load \
--platform linux/amd64 \
-t $(IMAGE):$(TAG) rootfs -t $(IMAGE):$(TAG) rootfs
clean: clean:
$(DOCKER) rmi -f $(IMAGE):$(TAG) || true docker rmi -f $(IMAGE):$(TAG) || true

2
images/cfssl/rootfs/Dockerfile
View file

@ -12,7 +12,7 @@
# See the License for the specific language governing permissions and # See the License for the specific language governing permissions and
# limitations under the License. # limitations under the License.
FROM alpine:3.11 FROM alpine:3.12
RUN echo "@testing http://nl.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories RUN echo "@testing http://nl.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories
RUN apk add --no-cache \ RUN apk add --no-cache \

32
images/e2e-prow/Makefile
View file

@ -1,22 +1,26 @@
# Copyright 2018 The Kubernetes Authors. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
TAG ?=v$(shell date +%m%d%Y)-$(shell git rev-parse --short HEAD) TAG ?=v$(shell date +%m%d%Y)-$(shell git rev-parse --short HEAD)
REGISTRY ?= quay.io/kubernetes-ingress-controller REGISTRY ?= quay.io/kubernetes-ingress-controller
DOCKER ?= docker
IMAGE = $(REGISTRY)/e2e-prow IMAGE = $(REGISTRY)/e2e-prow
all: docker-build docker-push .PHONY: image
image:
docker-build: docker build \
$(DOCKER) buildx build \
--pull \
--load \
--build-arg K8S_RELEASE=v1.17.0 \ --build-arg K8S_RELEASE=v1.17.0 \
--build-arg ETCD_VERSION=v3.3.18 \
--build-arg KIND_VERSION=v0.8.0 \ --build-arg KIND_VERSION=v0.8.0 \
--build-arg GO_VERSION=1.14.2 \ --build-arg GO_VERSION=1.14.2 \
-t $(IMAGE):$(TAG) . -t $(IMAGE):$(TAG) rootfs
docker-push:
$(DOCKER) push $(IMAGE):$(TAG)
$(DOCKER) tag $(IMAGE):$(TAG) $(IMAGE):latest
$(DOCKER) push $(IMAGE):latest

10
images/e2e-prow/Dockerfile → images/e2e-prow/rootfs/Dockerfile
View file

@ -16,6 +16,9 @@
# unit and integration tests # unit and integration tests
FROM gcr.io/k8s-testimages/bootstrap FROM gcr.io/k8s-testimages/bootstrap
FROM k8s.gcr.io/etcd:3.4.3-0 as etcd
COPY --from=etcd /usr/local/bin/etcd /usr/local/bin/etcd
# hint to kubetest that it is in CI # hint to kubetest that it is in CI
ENV KUBETEST_IN_DOCKER="true" ENV KUBETEST_IN_DOCKER="true"
@ -43,7 +46,6 @@ RUN apt-get update \
&& rm -rf /var/lib/apt/lists/* && rm -rf /var/lib/apt/lists/*
ARG K8S_RELEASE ARG K8S_RELEASE
ARG ETCD_VERSION
ARG KIND_VERSION ARG KIND_VERSION
ARG GO_VERSION ARG GO_VERSION
@ -53,12 +55,6 @@ RUN curl -sSL https://storage.googleapis.com/kubernetes-release/release/${K8S_RE
RUN curl -sSL https://storage.googleapis.com/kubernetes-release/release/${K8S_RELEASE}/bin/linux/amd64/kube-apiserver -o /usr/local/bin/kube-apiserver \ RUN curl -sSL https://storage.googleapis.com/kubernetes-release/release/${K8S_RELEASE}/bin/linux/amd64/kube-apiserver -o /usr/local/bin/kube-apiserver \
&& chmod +x /usr/local/bin/kube-apiserver && chmod +x /usr/local/bin/kube-apiserver
RUN curl -sSL https://storage.googleapis.com/etcd/${ETCD_VERSION}/etcd-${ETCD_VERSION}-linux-amd64.tar.gz -o /tmp/etcd-${ETCD_VERSION}-linux-amd64.tar.gz \
&& mkdir -p /tmp/etcd-download \
&& tar xzvf /tmp/etcd-${ETCD_VERSION}-linux-amd64.tar.gz -C /tmp/etcd-download --strip-components=1 \
&& cp /tmp/etcd-download/etcd /usr/local/bin \
&& rm -rf /tmp/etcd-download
RUN curl -sSL https://github.com/kubernetes-sigs/kind/releases/download/${KIND_VERSION}/kind-linux-amd64 -o /usr/local/bin/kind \ RUN curl -sSL https://github.com/kubernetes-sigs/kind/releases/download/${KIND_VERSION}/kind-linux-amd64 -o /usr/local/bin/kind \
&& chmod +x /usr/local/bin/kind && chmod +x /usr/local/bin/kind

145
images/e2e/Dockerfile
View file

@ -1,145 +0,0 @@
# Copyright 2018 The Kubernetes Authors. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
FROM quay.io/kubernetes-ingress-controller/nginx-amd64:5d67794f4fbf38ec6575476de46201b068eabf87
ARG GOLANG_VERSION
ARG GOLANG_SHA
ARG RESTY_CLI_VERSION
ARG RESTY_CLI_SHA
ARG K8S_RELEASE
ARG ETCD_VERSION
ARG CHART_TESTING_VERSION
ENV GOPATH /go
ENV PATH $GOPATH/bin:/usr/local/go/bin:$PATH
RUN mkdir -p "$GOPATH/src" "$GOPATH/bin" && chmod -R 777 "$GOPATH"
RUN [ ! -e /etc/nsswitch.conf ] && echo 'hosts: files dns' > /etc/nsswitch.conf
RUN apk add --no-cache \
bash \
ca-certificates \
wget \
make \
gcc \
git \
musl-dev \
perl \
python \
py-crcmod \
py-pip \
openssl
RUN set -eux; \
apk add --no-cache --virtual .build-deps \
g++ \
pkgconfig \
openssl \
unzip \
go \
; \
export \
# set GOROOT_BOOTSTRAP such that we can actually build Go
GOROOT_BOOTSTRAP="$(go env GOROOT)" \
# ... and set "cross-building" related vars to the installed system's values so that we create a build targeting the proper arch
# (for example, if our build host is GOARCH=amd64, but our build env/image is GOARCH=386, our build needs GOARCH=386)
GOOS="$(go env GOOS)" \
GOARCH="$(go env GOARCH)" \
GOHOSTOS="$(go env GOHOSTOS)" \
GOHOSTARCH="$(go env GOHOSTARCH)" \
; \
# also explicitly set GO386 and GOARM if appropriate
# https://github.com/docker-library/golang/issues/184
apkArch="$(apk --print-arch)"; \
case "$apkArch" in \
armhf) export GOARM='6' ;; \
armv7) export GOARM='7' ;; \
x86) export GO386='387' ;; \
esac; \
\
wget -O go.tgz "https://golang.org/dl/go$GOLANG_VERSION.src.tar.gz"; \
echo "$GOLANG_SHA *go.tgz" | sha256sum -c -; \
tar -C /usr/local -xzf go.tgz; \
rm go.tgz; \
\
cd /usr/local/go/src; \
./make.bash; \
\
rm -rf \
# https://github.com/golang/go/blob/0b30cf534a03618162d3015c8705dd2231e34703/src/cmd/dist/buildtool.go#L121-L125
/usr/local/go/pkg/bootstrap \
# https://golang.org/cl/82095
# https://github.com/golang/build/blob/e3fe1605c30f6a3fd136b561569933312ede8782/cmd/release/releaselet.go#L56
/usr/local/go/pkg/obj \
; \
\
export PATH="/usr/local/go/bin:$PATH"; \
go version \
; \
url="https://github.com/openresty/resty-cli/archive/v${RESTY_CLI_VERSION}.tar.gz"; \
wget -O resty_cli.tgz "$url"; \
echo "${RESTY_CLI_SHA} *resty_cli.tgz" | sha256sum -c -; \
tar -C /tmp -xzf resty_cli.tgz; \
rm resty_cli.tgz; \
mv /tmp/resty-cli-${RESTY_CLI_VERSION}/bin/* /usr/local/bin/; \
resty -V \
; \
luarocks install luacheck; \
luarocks install busted \
; \
go get github.com/onsi/ginkgo/ginkgo; \
go get golang.org/x/lint/golint \
; \
apk del .build-deps;
RUN wget https://storage.googleapis.com/kubernetes-release/release/${K8S_RELEASE}/bin/linux/amd64/kubectl -O /usr/local/bin/kubectl \
&& chmod +x /usr/local/bin/kubectl
RUN wget https://storage.googleapis.com/kubernetes-release/release/${K8S_RELEASE}/bin/linux/amd64/kube-apiserver -O /usr/local/bin/kube-apiserver \
&& chmod +x /usr/local/bin/kube-apiserver
RUN wget https://storage.googleapis.com/etcd/${ETCD_VERSION}/etcd-${ETCD_VERSION}-linux-amd64.tar.gz -O /tmp/etcd-${ETCD_VERSION}-linux-amd64.tar.gz \
&& mkdir -p /tmp/etcd-download \
&& tar xzvf /tmp/etcd-${ETCD_VERSION}-linux-amd64.tar.gz -C /tmp/etcd-download --strip-components=1 \
&& cp /tmp/etcd-download/etcd /usr/local/bin \
&& rm -rf /tmp/etcd-download
# Install a YAML Linter
ARG YAML_LINT_VERSION
RUN pip install "yamllint==$YAML_LINT_VERSION"
# Install Yamale YAML schema validator
ARG YAMALE_VERSION
RUN pip install "yamale==$YAMALE_VERSION"
RUN wget https://github.com/helm/chart-testing/releases/download/v${CHART_TESTING_VERSION}/chart-testing_${CHART_TESTING_VERSION}_linux_amd64.tar.gz \
-O /tmp/ct-${CHART_TESTING_VERSION}-linux-amd64.tar.gz \
&& mkdir -p /tmp/ct-download \
&& tar xzvf /tmp/ct-${CHART_TESTING_VERSION}-linux-amd64.tar.gz -C /tmp/ct-download \
&& cp /tmp/ct-download/ct /usr/local/bin \
&& mkdir -p /etc/ct \
&& cp -R /tmp/ct-download/etc/* /etc/ct \
&& rm -rf /tmp/ct-download
RUN curl -sSL https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 | bash
RUN curl -sSL -o /usr/local/bin/cfssl https://github.com/cloudflare/cfssl/releases/download/v1.4.1/cfssl_1.4.1_linux_amd64 \
&& curl -sSL -o /usr/local/bin/cfssljson https://github.com/cloudflare/cfssl/releases/download/v1.4.1/cfssljson_1.4.1_linux_amd64 \
&& chmod +x /usr/local/bin/cfssl*
WORKDIR $GOPATH

28
images/e2e/Makefile
View file

@ -17,25 +17,25 @@ REGISTRY ?= quay.io/kubernetes-ingress-controller
IMAGE = $(REGISTRY)/e2e IMAGE = $(REGISTRY)/e2e
all: docker-build docker-push HOST_ARCH = $(shell which go >/dev/null 2>&1 && go env GOARCH)
ARCH ?= $(HOST_ARCH)
ifeq ($(ARCH),)
$(error mandatory variable ARCH is empty, either set it when calling the command or make sure 'go env GOARCH' works)
endif
docker-build: .PHONY: image
docker buildx build \ image:
--pull \ docker build \
--load \ --build-arg TARGETARCH="$(ARCH)" \
--progress plain \
--build-arg K8S_RELEASE=v1.15.7 \ --build-arg K8S_RELEASE=v1.15.7 \
--build-arg ETCD_VERSION=v3.3.18 \
--build-arg GOLANG_VERSION=1.14.2 \
--build-arg GOLANG_SHA=98de84e69726a66da7b4e58eac41b99cbe274d7e8906eeb8a5b7eb0aadee7f7c \
--build-arg RESTY_CLI_VERSION=0.25rc2 \ --build-arg RESTY_CLI_VERSION=0.25rc2 \
--build-arg RESTY_CLI_SHA=a38d850441384fa037a5922ca012dcce8708d0e4abe34ad2fe4164a01b28bdfb \ --build-arg RESTY_CLI_SHA=a38d850441384fa037a5922ca012dcce8708d0e4abe34ad2fe4164a01b28bdfb \
--build-arg CHART_TESTING_VERSION=3.0.0-beta.1 \ --build-arg CHART_TESTING_VERSION=3.0.0-beta.1 \
--build-arg YAML_LINT_VERSION=1.13.0 \ --build-arg YAML_LINT_VERSION=1.13.0 \
--build-arg YAMALE_VERSION=1.8.0 \ --build-arg YAMALE_VERSION=1.8.0 \
-t $(IMAGE):$(TAG) . --build-arg HELM_VERSION=v3.2.0 \
-t $(IMAGE):$(TAG) rootfs
docker-push: .PHONY: show-image
docker push $(IMAGE):$(TAG) show-image:
docker tag $(IMAGE):$(TAG) $(IMAGE):latest echo -n $(IMAGE):$(TAG)
docker push $(IMAGE):latest

115
images/e2e/rootfs/Dockerfile Normal file
View file

@ -0,0 +1,115 @@
# Copyright 2018 The Kubernetes Authors. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
FROM golang:1.14.3-alpine3.11 as GO
FROM k8s.gcr.io/etcd:3.4.3-0 as etcd
FROM quay.io/kubernetes-ingress-controller/nginx:e3c49c52f4b74fe47ad65d6f3266a02e8b6b622f
ARG RESTY_CLI_VERSION
ARG RESTY_CLI_SHA
ARG K8S_RELEASE
ARG ETCD_VERSION
ARG CHART_TESTING_VERSION
RUN [ ! -e /etc/nsswitch.conf ] && echo 'hosts: files dns' > /etc/nsswitch.conf
COPY --from=GO /usr/local/go /usr/local/go
COPY --from=etcd /usr/local/bin/etcd /usr/local/bin/etcd
RUN apk add --no-cache \
bash \
ca-certificates \
wget \
make \
gcc \
git \
musl-dev \
perl \
python \
py-crcmod \
py-pip \
unzip \
openssl
ENV GOPATH /go
ENV PATH $GOPATH/bin:/usr/local/go/bin:$PATH
RUN mkdir -p "$GOPATH/src" "$GOPATH/bin" && chmod -R 777 "$GOPATH"
RUN go get github.com/onsi/ginkgo/ginkgo golang.org/x/lint/golint
RUN wget -O /tmp/resty_cli.tgz https://github.com/openresty/resty-cli/archive/v${RESTY_CLI_VERSION}.tar.gz \
&& echo "${RESTY_CLI_SHA} */tmp/resty_cli.tgz" | sha256sum -c - \
&& tar -C /tmp -xzf /tmp/resty_cli.tgz \
&& mv /tmp/resty-cli-${RESTY_CLI_VERSION}/bin/* /usr/local/bin/ \
&& resty -V \
&& rm -rf /tmp/*
RUN wget -O /tmp/luarocks.tgz https://github.com/luarocks/luarocks/archive/v3.3.1.tar.gz \
&& tar -C /tmp -xzf /tmp/luarocks.tgz \
&& cd /tmp/luarocks* \
&& ./configure \
&& make install
RUN luarocks install busted \
&& luarocks install luacheck
ARG BUSTED_VERSION
ARG BUSTED_SHA
ARG TARGETARCH
RUN wget -O /usr/local/bin/kubectl \
https://storage.googleapis.com/kubernetes-release/release/${K8S_RELEASE}/bin/linux/${TARGETARCH}/kubectl \
&& chmod +x /usr/local/bin/kubectl
RUN wget -O /usr/local/bin/kube-apiserver \
https://storage.googleapis.com/kubernetes-release/release/${K8S_RELEASE}/bin/linux/${TARGETARCH}/kube-apiserver \
&& chmod +x /usr/local/bin/kube-apiserver
RUN wget -O /tmp/ct-${CHART_TESTING_VERSION}-linux-amd64.tar.gz \
https://github.com/helm/chart-testing/releases/download/v${CHART_TESTING_VERSION}/chart-testing_${CHART_TESTING_VERSION}_linux_amd64.tar.gz \
&& mkdir -p /tmp/ct-download \
&& tar xzvf /tmp/ct-${CHART_TESTING_VERSION}-linux-amd64.tar.gz -C /tmp/ct-download \
&& rm /tmp/ct-${CHART_TESTING_VERSION}-linux-amd64.tar.gz \
&& cp /tmp/ct-download/ct /usr/local/bin \
&& mkdir -p /etc/ct \
&& cp -R /tmp/ct-download/etc/* /etc/ct \
&& rm -rf /tmp/*
RUN wget https://raw.githubusercontent.com/openresty/openresty-devel-utils/master/lj-releng -O /usr/local/bin/lj-releng \
&& chmod +x /usr/local/bin/lj-releng
ARG HELM_VERSION
RUN wget -O /tmp/helm.tgz https://get.helm.sh/helm-${HELM_VERSION}-linux-${TARGETARCH}.tar.gz \
&& tar -C /tmp -xzf /tmp/helm.tgz \
&& cp /tmp/linux*/helm /usr/local/bin \
&& rm -rf /tmp/*
RUN curl -sSL -o /usr/local/bin/cfssl https://github.com/cloudflare/cfssl/releases/download/v1.4.1/cfssl_1.4.1_linux_${TARGETARCH} \
&& curl -sSL -o /usr/local/bin/cfssljson https://github.com/cloudflare/cfssl/releases/download/v1.4.1/cfssljson_1.4.1_linux_${TARGETARCH} \
&& chmod +x /usr/local/bin/cfssl*
# Install a YAML Linter
ARG YAML_LINT_VERSION
RUN pip install "yamllint==$YAML_LINT_VERSION"
# Install Yamale YAML schema validator
ARG YAMALE_VERSION
RUN pip install "yamale==$YAMALE_VERSION"
WORKDIR $GOPATH

6
images/echo/Dockerfile
View file

@ -1,6 +0,0 @@
FROM openresty/openresty:1.15.8.2-alpine
RUN apk add -U perl curl \
&& opm get bungle/lua-resty-template
COPY nginx.conf /usr/local/openresty/nginx/conf/nginx.conf

14
images/echo/Makefile
View file

@ -18,16 +18,12 @@
TAG ?= 0.0 TAG ?= 0.0
REGISTRY ?= ingress-controller REGISTRY ?= ingress-controller
DOCKER ?= docker
IMGNAME = echo IMAGE = $(REGISTRY)/echo
IMAGE = $(REGISTRY)/$(IMGNAME)
container: image:
$(DOCKER) buildx build \ docker build \
--load \ -t $(IMAGE):$(TAG) rootfs
--platform linux/amd64 \
-t $(IMAGE):$(TAG) .
clean: clean:
$(DOCKER) rmi -f $(IMAGE):$(TAG) || true docker rmi -f $(IMAGE):$(TAG) || true

14
images/echo/rootfs/Dockerfile Normal file
View file

@ -0,0 +1,14 @@
FROM quay.io/kubernetes-ingress-controller/nginx:e3c49c52f4b74fe47ad65d6f3266a02e8b6b622f
RUN apk add -U perl curl make unzip
RUN wget -O /tmp/luarocks.tgz https://github.com/luarocks/luarocks/archive/v3.3.1.tar.gz \
&& tar -C /tmp -xzf /tmp/luarocks.tgz \
&& cd /tmp/luarocks* \
&& ./configure \
&& make install \
&& rm -rf /tmp/*
RUN luarocks install lua-resty-template
COPY nginx.conf /etc/nginx/nginx.conf

2
images/echo/nginx.conf → images/echo/rootfs/nginx.conf
View file

@ -4,8 +4,6 @@ env POD_NAME;
env POD_NAMESPACE; env POD_NAMESPACE;
env POD_IP; env POD_IP;
daemon off;
events { events {
worker_connections 1024; worker_connections 1024;
} }

33
images/fastcgi-helloserver/Makefile
View file

@ -17,24 +17,31 @@
# Use the 0.0 tag for testing, it shouldn't clobber any release builds # Use the 0.0 tag for testing, it shouldn't clobber any release builds
TAG ?= 0.0 TAG ?= 0.0
REGISTRY ?= ingress-controller HOSTARCH := $(shell uname -m | sed -e s/x86_64/amd64/ \
DOCKER ?= docker -e s/s390x/s390x/ \
-e s/armv7l/arm/ \
-e s/aarch64.*/arm64/)
IMGNAME = fastcgi-helloserver ifndef ARCH
IMAGE = $(REGISTRY)/$(IMGNAME) ARCH := $(HOSTARCH)
endif
ifeq ($(ARCH),)
$(error mandatory variable ARCH is empty)
endif
REGISTRY ?= ingress-controller
IMAGE = $(REGISTRY)/fastcgi-helloserver
PKG=k8s.io/ingress-nginx/images/fastcgi-helloserver PKG=k8s.io/ingress-nginx/images/fastcgi-helloserver
container: clean build .PHONY: image
$(DOCKER) buildx build \ image: build
--load \ docker build \
--platform linux/amd64 \
-t $(IMAGE):$(TAG) rootfs -t $(IMAGE):$(TAG) rootfs
build: clean .PHONY: build
CGO_ENABLED=0 go build -a -installsuffix cgo \ build:
GOARCH=$(ARCH) CGO_ENABLED=0 go build -a -installsuffix cgo \
-ldflags "-s -w" \ -ldflags "-s -w" \
-o rootfs/fastcgi-helloserver ${PKG}/... -o rootfs/fastcgi-helloserver ${PKG}/...
clean:
$(DOCKER) rmi -f $(IMAGE):$(TAG) || true

2
images/fastcgi-helloserver/rootfs/Dockerfile
View file

@ -12,7 +12,7 @@
# See the License for the specific language governing permissions and # See the License for the specific language governing permissions and
# limitations under the License. # limitations under the License.
FROM k8s.gcr.io/debian-base:v2.0.0 FROM scratch
COPY . / COPY . /

14
images/httpbin/Makefile
View file

@ -18,16 +18,10 @@
TAG ?= 0.0 TAG ?= 0.0
REGISTRY ?= ingress-controller REGISTRY ?= ingress-controller
DOCKER ?= docker
IMGNAME = httpbin IMAGE = $(REGISTRY)/httpbin
IMAGE = $(REGISTRY)/$(IMGNAME)
container: .PHONY: image
$(DOCKER) buildx build \ image:
--load \ docker build \
--platform linux/amd64 \
-t $(IMAGE):$(TAG) rootfs -t $(IMAGE):$(TAG) rootfs
clean:
$(DOCKER) rmi -f $(IMAGE):$(TAG) || true

8
images/httpbin/rootfs/Dockerfile
View file

@ -12,18 +12,18 @@
# See the License for the specific language governing permissions and # See the License for the specific language governing permissions and
# limitations under the License. # limitations under the License.
FROM alpine:3.11 FROM alpine:3.12
ENV LC_ALL=C.UTF-8 ENV LC_ALL=C.UTF-8
ENV LANG=C.UTF-8 ENV LANG=C.UTF-8
RUN echo "@edge http://nl.alpinelinux.org/alpine/edge/main" >> /etc/apk/repositories \ RUN apk update \
&& apk update \
&& apk add --no-cache \ && apk add --no-cache \
python3 python3-dev \ python3 python3-dev \
musl-dev gcc g++ make \ musl-dev gcc g++ make \
libffi libffi-dev libstdc++ \ libffi libffi-dev libstdc++ \
py3-gevent py3-gunicorn py3-wheel@edge \ py3-gevent py3-gunicorn py3-wheel \
py3-pip \
&& pip3 install httpbin \ && pip3 install httpbin \
&& apk del python3-dev musl-dev gcc g++ make libffi-dev && apk del python3-dev musl-dev gcc g++ make libffi-dev

42
images/nginx/Makefile
View file

@ -12,53 +12,31 @@
# See the License for the specific language governing permissions and # See the License for the specific language governing permissions and
# limitations under the License. # limitations under the License.
.DEFAULT_GOAL:=container .DEFAULT_GOAL:=image
# set default shell # set default shell
SHELL=/bin/bash -o pipefail SHELL=/bin/bash -o pipefail
# 0.0.0 shouldn't clobber any released builds # 0.0.0 shouldn't clobber any released builds
TAG ?= 0.101 TAG ?= 0.103
REGISTRY ?= quay.io/kubernetes-ingress-controller REGISTRY ?= quay.io/kubernetes-ingress-controller
IMGNAME = nginx IMAGE = $(REGISTRY)/nginx
IMAGE = $(REGISTRY)/$(IMGNAME)
PLATFORMS = amd64 arm arm64 .PHONY: image
image:
EMPTY := docker buildx build \
SPACE := $(EMPTY) $(EMPTY) --pull \
COMMA := , --push \
.PHONY: container
container:
DOCKER_CLI_EXPERIMENTAL=enabled docker buildx build \
--progress plain \ --progress plain \
--platform $(subst $(SPACE),$(COMMA),$(PLATFORMS)) \ --platform amd64,arm,arm64,s390x \
--tag $(IMAGE):$(TAG) rootfs --tag $(IMAGE):$(TAG) rootfs
# https://github.com/docker/buildx/issues/59
$(foreach PLATFORM,$(PLATFORMS), \
DOCKER_CLI_EXPERIMENTAL=enabled docker buildx build \
--load \
--progress plain \
--platform $(PLATFORM) \
--tag $(IMAGE)-$(PLATFORM):$(TAG) rootfs;)
.PHONY: push
push: container
$(foreach PLATFORM,$(PLATFORMS), \
docker push $(IMAGE)-$(PLATFORM):$(TAG);)
.PHONY: release
release: push
echo "done"
.PHONY: init-docker-buildx .PHONY: init-docker-buildx
init-docker-buildx: init-docker-buildx:
ifneq ($(shell docker buildx 2>&1 >/dev/null; echo $?),) ifneq ($(shell docker buildx 2>&1 >/dev/null; echo $?),)
$(error "buildx not vailable. Docker 19.03 or higher is required") $(error "buildx not vailable. Docker 19.03 or higher is required")
endif endif
docker run --rm --privileged docker/binfmt:66f9012c56a8316f9244ffd7622d7c21c1f6f28d docker run --rm --privileged docker/binfmt:a7996909642ee92942dcd6cff44b9b95f08dad64
docker buildx create --name ingress-nginx --use || true docker buildx create --name ingress-nginx --use || true
docker buildx inspect --bootstrap docker buildx inspect --bootstrap

2
images/nginx/rc.yaml
View file

@ -38,7 +38,7 @@ spec:
spec: spec:
containers: containers:
- name: nginx - name: nginx
image: quay.io/kubernetes-ingress-controller/nginx:0.97 image: quay.io/kubernetes-ingress-controller/nginx:0.103
ports: ports:
- containerPort: 80 - containerPort: 80
- containerPort: 443 - containerPort: 443

120
images/nginx/rootfs/build.sh
View file

@ -14,14 +14,11 @@
# See the License for the specific language governing permissions and # See the License for the specific language governing permissions and
# limitations under the License. # limitations under the License.
set -o errexit set -o errexit
set -o nounset set -o nounset
set -o pipefail set -o pipefail
export DEBIAN_FRONTEND=noninteractive export NGINX_VERSION=1.19.0
export NGINX_VERSION=1.17.10
export NDK_VERSION=0.3.1rc1 export NDK_VERSION=0.3.1rc1
export SETMISC_VERSION=0.32 export SETMISC_VERSION=0.32
export MORE_HEADERS_VERSION=0.33 export MORE_HEADERS_VERSION=0.33
@ -31,24 +28,29 @@ export NGINX_OPENTRACING_VERSION=0.9.0
export OPENTRACING_CPP_VERSION=1.5.1 export OPENTRACING_CPP_VERSION=1.5.1
export ZIPKIN_CPP_VERSION=0.5.2 export ZIPKIN_CPP_VERSION=0.5.2
export JAEGER_VERSION=0.4.2 export JAEGER_VERSION=0.4.2
export MSGPACK_VERSION=3.2.0 export MSGPACK_VERSION=3.2.1
export DATADOG_CPP_VERSION=1.1.3 export DATADOG_CPP_VERSION=1.1.5
export MODSECURITY_VERSION=1.0.1 export MODSECURITY_VERSION=1.0.1
export MODSECURITY_LIB_VERSION=6624a18a4e7fd9881a7a9b435db3e481e8e986a5 export MODSECURITY_LIB_VERSION=v3.0.4
export OWASP_MODSECURITY_CRS_VERSION=3.2.0 export OWASP_MODSECURITY_CRS_VERSION=v3.2.0
export LUA_NGX_VERSION=0.10.15 export LUA_NGX_VERSION=0.10.15
export LUA_STREAM_NGX_VERSION=0.0.7 export LUA_STREAM_NGX_VERSION=0.0.7
export LUA_UPSTREAM_VERSION=0.07 export LUA_UPSTREAM_VERSION=0.07
export LUA_BRIDGE_TRACER_VERSION=0.1.1 export LUA_BRIDGE_TRACER_VERSION=0.1.1
export LUA_CJSON_VERSION=2.1.0.7
export NGINX_INFLUXDB_VERSION=5b09391cb7b9a889687c0aa67964c06a2d933e8b export NGINX_INFLUXDB_VERSION=5b09391cb7b9a889687c0aa67964c06a2d933e8b
export GEOIP2_VERSION=3.3 export GEOIP2_VERSION=3.3
export NGINX_AJP_VERSION=bf6cd93f2098b59260de8d494f0f4b1f11a84627 export NGINX_AJP_VERSION=bf6cd93f2098b59260de8d494f0f4b1f11a84627
export RESTY_LUAROCKS_VERSION=3.1.3
export LUAJIT_VERSION=33b5f86c1b9ab53ad09c33f9097df42403587bea export LUAJIT_VERSION=31116c4d25c4283a52b2d87fed50101cf20f5b77
export LUA_RESTY_BALANCER=0.03 export LUA_RESTY_BALANCER=0.03
export LUA_RESTY_CACHE=0.10rc1
export LUA_RESTY_CORE=0.1.17 export LUA_RESTY_CORE=0.1.17
export LUA_CJSON_VERSION=2.1.0.7
export LUA_RESTY_COOKIE_VERSION=766ad8c15e498850ac77f5e0265f1d3f30dc4027 export LUA_RESTY_COOKIE_VERSION=766ad8c15e498850ac77f5e0265f1d3f30dc4027
export LUA_RESTY_DNS=0.21
export LUA_RESTY_HTTP=0.15
export LUA_RESTY_LOCK=0.08
export BUILD_PATH=/tmp/build export BUILD_PATH=/tmp/build
@ -92,7 +94,6 @@ apk add \
alpine-sdk \ alpine-sdk \
findutils \ findutils \
curl ca-certificates \ curl ca-certificates \
geoip-dev \
patch \ patch \
libaio-dev \ libaio-dev \
openssl \ openssl \
@ -102,37 +103,21 @@ apk add \
wget \ wget \
curl-dev \ curl-dev \
libprotobuf \ libprotobuf \
git g++ pkgconf flex bison doxygen yajl-dev lmdb-dev libtool autoconf libxml2 pcre-dev libxml2-dev \ git g++ pkgconf flex bison doxygen yajl-dev lmdb-dev libtool autoconf libxml2 libxml2-dev \
python \ python3 \
libmaxminddb-dev \ libmaxminddb-dev \
bc \ bc \
unzip \ unzip \
dos2unix mercurial \ dos2unix \
yaml-cpp yaml-cpp
mkdir -p /etc/nginx mkdir -p /etc/nginx
# Get the GeoIP data
GEOIP_FOLDER=/etc/nginx/geoip
mkdir -p $GEOIP_FOLDER
function geoip2_get {
wget -O $GEOIP_FOLDER/$1.tar.gz $2 || { echo "Could not download $1, exiting." ; exit 1; }
mkdir $GEOIP_FOLDER/$1 \
&& tar xf $GEOIP_FOLDER/$1.tar.gz -C $GEOIP_FOLDER/$1 --strip-components 1 \
&& mv $GEOIP_FOLDER/$1/$1.mmdb $GEOIP_FOLDER/$1.mmdb \
&& rm -rf $GEOIP_FOLDER/$1 \
&& rm -rf $GEOIP_FOLDER/$1.tar.gz
}
#geoip2_get "GeoLite2-City" "http://geolite.maxmind.com/download/geoip/database/GeoLite2-City.tar.gz"
#geoip2_get "GeoLite2-ASN" "http://geolite.maxmind.com/download/geoip/database/GeoLite2-ASN.tar.gz"
mkdir --verbose -p "$BUILD_PATH" mkdir --verbose -p "$BUILD_PATH"
cd "$BUILD_PATH" cd "$BUILD_PATH"
# download, verify and extract the source files # download, verify and extract the source files
get_src a9aa73f19c352a6b166d78e2a664bb3ef1295bbe6d3cc5aa7404bd4664ab4b83 \ get_src 44a616171fcd7d7ad7c6af3e6f3ad0879b54db5a5d21be874cd458b5691e36c8 \
"https://nginx.org/download/nginx-$NGINX_VERSION.tar.gz" "https://nginx.org/download/nginx-$NGINX_VERSION.tar.gz"
get_src 49f50d4cd62b166bc1aaf712febec5e028d9f187cedbc27a610dfd01bdde2d36 \ get_src 49f50d4cd62b166bc1aaf712febec5e028d9f187cedbc27a610dfd01bdde2d36 \
@ -165,7 +150,7 @@ get_src c969a78659bb47c84929de0b9adc1f8c512a51ec9dd3b162cb568ae228d3d59e \
get_src 21257af93a64fee42c04ca6262d292b2e4e0b7b0660c511db357b32fd42ef5d3 \ get_src 21257af93a64fee42c04ca6262d292b2e4e0b7b0660c511db357b32fd42ef5d3 \
"https://github.com/jaegertracing/jaeger-client-cpp/archive/v$JAEGER_VERSION.tar.gz" "https://github.com/jaegertracing/jaeger-client-cpp/archive/v$JAEGER_VERSION.tar.gz"
get_src ff865a36bad5c72b8e7ebc4b7cf5f27a820fce4faff9c571c1791e3728355a39 \ get_src 464f46744a6be778626d11452c4db3c2d09461080c6db42e358e21af19d542f6 \
"https://github.com/msgpack/msgpack-c/archive/cpp-$MSGPACK_VERSION.tar.gz" "https://github.com/msgpack/msgpack-c/archive/cpp-$MSGPACK_VERSION.tar.gz"
get_src 7d5f3439c8df56046d0564b5857fd8a30296ab1bd6df0f048aed7afb56a0a4c2 \ get_src 7d5f3439c8df56046d0564b5857fd8a30296ab1bd6df0f048aed7afb56a0a4c2 \
@ -177,10 +162,10 @@ get_src 99c47c75c159795c9faf76bbb9fa58e5a50b75286c86565ffcec8514b1c74bf9 \
get_src 2a69815e4ae01aa8b170941a8e1a10b6f6a9aab699dee485d58f021dd933829a \ get_src 2a69815e4ae01aa8b170941a8e1a10b6f6a9aab699dee485d58f021dd933829a \
"https://github.com/openresty/lua-upstream-nginx-module/archive/v$LUA_UPSTREAM_VERSION.tar.gz" "https://github.com/openresty/lua-upstream-nginx-module/archive/v$LUA_UPSTREAM_VERSION.tar.gz"
get_src 3b43917a155b81b7d20fdbb3c1be4419626286616195ad426bff1f2f59aa3659 \ get_src 82bf1af1ee89887648b53c9df566f8b52ec10400f1641c051970a7540b7bf06a \
"https://github.com/openresty/luajit2/archive/$LUAJIT_VERSION.tar.gz" "https://github.com/openresty/luajit2/archive/$LUAJIT_VERSION.tar.gz"
get_src 6dc1088ab7f788b6c849fbaa6300517c8fdf88991a70b778be79c284c36857bf \ get_src b84fd2fb0bb0578af4901db31d1c0ae909b532a1016fe6534cbe31a6c3ad6924 \
"https://github.com/DataDog/dd-opentracing-cpp/archive/v$DATADOG_CPP_VERSION.tar.gz" "https://github.com/DataDog/dd-opentracing-cpp/archive/v$DATADOG_CPP_VERSION.tar.gz"
get_src 6faab57557bd9cc9fc38208f6bc304c1c13cf048640779f98812cf1f9567e202 \ get_src 6faab57557bd9cc9fc38208f6bc304c1c13cf048640779f98812cf1f9567e202 \
@ -195,9 +180,6 @@ get_src 41378438c833e313a18869d0c4a72704b4835c30acaf7fd68013ab6732ff78a7 \
get_src 5f629a50ba22347c441421091da70fdc2ac14586619934534e5a0f8a1390a950 \ get_src 5f629a50ba22347c441421091da70fdc2ac14586619934534e5a0f8a1390a950 \
"https://github.com/yaoweibin/nginx_ajp_module/archive/$NGINX_AJP_VERSION.tar.gz" "https://github.com/yaoweibin/nginx_ajp_module/archive/$NGINX_AJP_VERSION.tar.gz"
get_src c573435f495aac159e34eaa0a3847172a2298eb6295fcdc35d565f9f9b990513 \
"https://luarocks.github.io/luarocks/releases/luarocks-${RESTY_LUAROCKS_VERSION}.tar.gz"
get_src 5d16e623d17d4f42cc64ea9cfb69ca960d313e12f5d828f785dd227cc483fcbd \ get_src 5d16e623d17d4f42cc64ea9cfb69ca960d313e12f5d828f785dd227cc483fcbd \
"https://github.com/openresty/lua-resty-upload/archive/v0.10.tar.gz" "https://github.com/openresty/lua-resty-upload/archive/v0.10.tar.gz"
@ -216,6 +198,19 @@ get_src 59d2f18ecadba48be61061004c8664eaed1111a3372cd2567cb24c5a47eb41fe \
get_src f818b5cef0881e5987606f2acda0e491531a0cb0c126d8dca02e2343edf641ef \ get_src f818b5cef0881e5987606f2acda0e491531a0cb0c126d8dca02e2343edf641ef \
"https://github.com/cloudflare/lua-resty-cookie/archive/$LUA_RESTY_COOKIE_VERSION.tar.gz" "https://github.com/cloudflare/lua-resty-cookie/archive/$LUA_RESTY_COOKIE_VERSION.tar.gz"
get_src f6b57d83a937899f97a98372c1e2631dd1ab8f580fc0ffeac0b27b4d42225a99 \
"https://github.com/openresty/lua-resty-lrucache/archive/v$LUA_RESTY_CACHE.tar.gz"
get_src 2b4683f9abe73e18ca00345c65010c9056777970907a311d6e1699f753141de2 \
"https://github.com/openresty/lua-resty-lock/archive/v$LUA_RESTY_LOCK.tar.gz"
get_src 4aca34f324d543754968359672dcf5f856234574ee4da360ce02c778d244572a \
"https://github.com/openresty/lua-resty-dns/archive/v$LUA_RESTY_DNS.tar.gz"
get_src 987d5754a366d3ccbf745d2765f82595dcff5b94ba6c755eeb6d310447996f32 \
"https://github.com/ledgetech/lua-resty-http/archive/v$LUA_RESTY_HTTP.tar.gz"
# improve compilation times # improve compilation times
CORES=$(($(grep -c ^processor /proc/cpuinfo) - 0)) CORES=$(($(grep -c ^processor /proc/cpuinfo) - 0))
@ -233,8 +228,13 @@ cd "$BUILD_PATH/luajit2-$LUAJIT_VERSION"
make CCDEBUG=-g make CCDEBUG=-g
make install make install
ln -s /usr/local/bin/luajit /usr/local/bin/lua
cd "$BUILD_PATH" cd "$BUILD_PATH"
# Git tuning
git config --global --add core.compression -1
# install openresty-gdb-utils # install openresty-gdb-utils
cd / cd /
git clone --depth=1 https://github.com/openresty/openresty-gdb-utils.git git clone --depth=1 https://github.com/openresty/openresty-gdb-utils.git
@ -353,7 +353,7 @@ git submodule init
git submodule update git submodule update
cd "$BUILD_PATH" cd "$BUILD_PATH"
git clone https://github.com/ssdeep-project/ssdeep git clone --depth=1 https://github.com/ssdeep-project/ssdeep
cd ssdeep/ cd ssdeep/
./bootstrap ./bootstrap
@ -364,9 +364,8 @@ make install
# build modsecurity library # build modsecurity library
cd "$BUILD_PATH" cd "$BUILD_PATH"
git clone https://github.com/SpiderLabs/ModSecurity git clone --depth=1 -b $MODSECURITY_LIB_VERSION https://github.com/SpiderLabs/ModSecurity
cd ModSecurity/ cd ModSecurity/
git checkout $MODSECURITY_LIB_VERSION
git submodule init git submodule init
git submodule update git submodule update
@ -393,7 +392,7 @@ echo "SecAuditLogStorageDir /var/log/audit/" >> /etc/nginx/modsecurity/modsecuri
# Download owasp modsecurity crs # Download owasp modsecurity crs
cd /etc/nginx/ cd /etc/nginx/
git clone -b v$OWASP_MODSECURITY_CRS_VERSION https://github.com/SpiderLabs/owasp-modsecurity-crs git clone -b $OWASP_MODSECURITY_CRS_VERSION https://github.com/SpiderLabs/owasp-modsecurity-crs
cd owasp-modsecurity-crs cd owasp-modsecurity-crs
mv crs-setup.conf.example crs-setup.conf mv crs-setup.conf.example crs-setup.conf
@ -533,22 +532,6 @@ WITH_MODULES="--add-module=$BUILD_PATH/ngx_devel_kit-$NDK_VERSION \
make make
make install make install
cd "$BUILD_PATH/luarocks-${RESTY_LUAROCKS_VERSION}"
./configure \
--lua-suffix=jit-2.1.0-beta3 \
--with-lua-include=/usr/local/include/luajit-2.1
make
make install
export LUA_INCLUDE_DIR=/usr/local/include/luajit-2.1
ln -s $LUA_INCLUDE_DIR /usr/include/lua5.1
if [[ ${ARCH} != "armv7l" ]]; then
luarocks install lrexlib-pcre 2.7.2-1
fi
cd "$BUILD_PATH/lua-resty-core-$LUA_RESTY_CORE" cd "$BUILD_PATH/lua-resty-core-$LUA_RESTY_CORE"
make install make install
@ -556,6 +539,9 @@ cd "$BUILD_PATH/lua-resty-balancer-$LUA_RESTY_BALANCER"
make all make all
make install make install
export LUA_INCLUDE_DIR=/usr/local/include/luajit-2.1
ln -s $LUA_INCLUDE_DIR /usr/include/lua5.1
cd "$BUILD_PATH/lua-cjson-$LUA_CJSON_VERSION" cd "$BUILD_PATH/lua-cjson-$LUA_CJSON_VERSION"
make all make all
make install make install
@ -564,13 +550,18 @@ cd "$BUILD_PATH/lua-resty-cookie-$LUA_RESTY_COOKIE_VERSION"
make all make all
make install make install
luarocks install lua-resty-iputils 0.3.0-1 cd "$BUILD_PATH/lua-resty-lrucache-$LUA_RESTY_CACHE"
luarocks install lua-resty-lrucache 0.09-2 make install
luarocks install lua-resty-lock 0.08-0
luarocks install lua-resty-dns 0.21-1 cd "$BUILD_PATH/lua-resty-dns-$LUA_RESTY_DNS"
make install
cd "$BUILD_PATH/lua-resty-lock-$LUA_RESTY_LOCK"
make install
# required for OCSP verification # required for OCSP verification
luarocks install lua-resty-http cd "$BUILD_PATH/lua-resty-http-$LUA_RESTY_HTTP"
make install
cd "$BUILD_PATH/lua-resty-upload-0.10" cd "$BUILD_PATH/lua-resty-upload-0.10"
make install make install
@ -588,9 +579,8 @@ make install
# mimalloc # mimalloc
cd "$BUILD_PATH" cd "$BUILD_PATH"
git clone https://github.com/microsoft/mimalloc git clone --depth=1 -b v1.6.3 https://github.com/microsoft/mimalloc
cd mimalloc cd mimalloc
git checkout v1.6.2
mkdir -p out/release mkdir -p out/release
cd out/release cd out/release

4
internal/ingress/annotations/annotations.go
View file

@ -108,7 +108,7 @@ type Ingress struct {
UpstreamVhost string UpstreamVhost string
Whitelist ipwhitelist.SourceRange Whitelist ipwhitelist.SourceRange
XForwardedPrefix string XForwardedPrefix string
SSLCiphers string SSLCipher sslcipher.Config
Logs log.Config Logs log.Config
InfluxDB influxdb.Config InfluxDB influxdb.Config
ModSecurity modsecurity.Config ModSecurity modsecurity.Config
@ -156,7 +156,7 @@ func NewAnnotationExtractor(cfg resolver.Resolver) Extractor {
"UpstreamVhost": upstreamvhost.NewParser(cfg), "UpstreamVhost": upstreamvhost.NewParser(cfg),
"Whitelist": ipwhitelist.NewParser(cfg), "Whitelist": ipwhitelist.NewParser(cfg),
"XForwardedPrefix": xforwardedprefix.NewParser(cfg), "XForwardedPrefix": xforwardedprefix.NewParser(cfg),
"SSLCiphers": sslcipher.NewParser(cfg), "SSLCipher": sslcipher.NewParser(cfg),
"Logs": log.NewParser(cfg), "Logs": log.NewParser(cfg),
"InfluxDB": influxdb.NewParser(cfg), "InfluxDB": influxdb.NewParser(cfg),
"BackendProtocol": backendprotocol.NewParser(cfg), "BackendProtocol": backendprotocol.NewParser(cfg),

27
internal/ingress/annotations/sslcipher/main.go
View file

@ -27,13 +27,36 @@ type sslCipher struct {
r resolver.Resolver r resolver.Resolver
} }
// Config contains the ssl-ciphers & ssl-prefer-server-ciphers configuration
type Config struct {
SSLCiphers string
SSLPreferServerCiphers string
}
// NewParser creates a new sslCipher annotation parser // NewParser creates a new sslCipher annotation parser
func NewParser(r resolver.Resolver) parser.IngressAnnotation { func NewParser(r resolver.Resolver) parser.IngressAnnotation {
return sslCipher{r} return sslCipher{r}
} }
// Parse parses the annotations contained in the ingress rule // Parse parses the annotations contained in the ingress rule
// used to add ssl-ciphers to the server name // used to add ssl-ciphers & ssl-prefer-server-ciphers to the server name
func (sc sslCipher) Parse(ing *networking.Ingress) (interface{}, error) { func (sc sslCipher) Parse(ing *networking.Ingress) (interface{}, error) {
return parser.GetStringAnnotation("ssl-ciphers", ing) config := &Config{}
var err error
var sslPreferServerCiphers bool
sslPreferServerCiphers, err = parser.GetBoolAnnotation("ssl-prefer-server-ciphers", ing)
if err != nil {
config.SSLPreferServerCiphers = ""
} else {
if sslPreferServerCiphers {
config.SSLPreferServerCiphers = "on"
} else {
config.SSLPreferServerCiphers = "off"
}
}
config.SSLCiphers, _ = parser.GetStringAnnotation("ssl-ciphers", ing)
return config, nil
} }

24
internal/ingress/annotations/sslcipher/main_test.go
View file

@ -17,6 +17,7 @@ limitations under the License.
package sslcipher package sslcipher
import ( import (
"reflect"
"testing" "testing"
api "k8s.io/api/core/v1" api "k8s.io/api/core/v1"
@ -27,22 +28,27 @@ import (
) )
func TestParse(t *testing.T) { func TestParse(t *testing.T) {
annotation := parser.GetAnnotationWithPrefix("ssl-ciphers")
ap := NewParser(&resolver.Mock{}) ap := NewParser(&resolver.Mock{})
if ap == nil { if ap == nil {
t.Fatalf("expected a parser.IngressAnnotation but returned nil") t.Fatalf("expected a parser.IngressAnnotation but returned nil")
} }
annotationSSLCiphers := parser.GetAnnotationWithPrefix("ssl-ciphers")
annotationSSLPreferServerCiphers := parser.GetAnnotationWithPrefix("ssl-prefer-server-ciphers")
testCases := []struct { testCases := []struct {
annotations map[string]string annotations map[string]string
expected string expected Config
}{ }{
{map[string]string{annotation: "ALL:!aNULL:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP"}, "ALL:!aNULL:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP"}, {map[string]string{annotationSSLCiphers: "ALL:!aNULL:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP"}, Config{"ALL:!aNULL:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP", ""}},
{map[string]string{annotation: "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256"}, {map[string]string{annotationSSLCiphers: "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256"},
"ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256"}, Config{"ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256", ""}},
{map[string]string{annotation: ""}, ""}, {map[string]string{annotationSSLCiphers: ""}, Config{"", ""}},
{map[string]string{}, ""}, {map[string]string{annotationSSLPreferServerCiphers: "true"}, Config{"", "on"}},
{nil, ""}, {map[string]string{annotationSSLPreferServerCiphers: "false"}, Config{"", "off"}},
{map[string]string{annotationSSLCiphers: "ALL:!aNULL:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP", annotationSSLPreferServerCiphers: "true"}, Config{"ALL:!aNULL:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP", "on"}},
{map[string]string{}, Config{"", ""}},
{nil, Config{"", ""}},
} }
ing := &networking.Ingress{ ing := &networking.Ingress{
@ -56,7 +62,7 @@ func TestParse(t *testing.T) {
for _, testCase := range testCases { for _, testCase := range testCases {
ing.SetAnnotations(testCase.annotations) ing.SetAnnotations(testCase.annotations)
result, _ := ap.Parse(ing) result, _ := ap.Parse(ing)
if result != testCase.expected { if !reflect.DeepEqual(result, &testCase.expected) {
t.Errorf("expected %v but returned %v, annotations: %s", testCase.expected, result, testCase.annotations) t.Errorf("expected %v but returned %v, annotations: %s", testCase.expected, result, testCase.annotations)
} }
} }

1
internal/ingress/annotations/upstreamhashby/main_test.go
View file

@ -39,6 +39,7 @@ func TestParse(t *testing.T) {
expected string expected string
}{ }{
{map[string]string{annotation: "$request_uri"}, "$request_uri"}, {map[string]string{annotation: "$request_uri"}, "$request_uri"},
{map[string]string{annotation: "$request_uri$scheme"}, "$request_uri$scheme"},
{map[string]string{annotation: "false"}, "false"}, {map[string]string{annotation: "false"}, "false"},
{map[string]string{}, ""}, {map[string]string{}, ""},
{nil, ""}, {nil, ""},

11
internal/ingress/controller/config/config.go
View file

@ -111,11 +111,20 @@ type Configuration struct {
// By default this is disabled // By default this is disabled
EnableAccessLogForDefaultBackend bool `json:"enable-access-log-for-default-backend"` EnableAccessLogForDefaultBackend bool `json:"enable-access-log-for-default-backend"`
// AccessLogPath sets the path of the access logs if enabled // AccessLogPath sets the path of the access logs for both http and stream contexts if enabled
// http://nginx.org/en/docs/http/ngx_http_log_module.html#access_log // http://nginx.org/en/docs/http/ngx_http_log_module.html#access_log
// http://nginx.org/en/docs/stream/ngx_stream_log_module.html#access_log
// By default access logs go to /var/log/nginx/access.log // By default access logs go to /var/log/nginx/access.log
AccessLogPath string `json:"access-log-path,omitempty"` AccessLogPath string `json:"access-log-path,omitempty"`
// HttpAccessLogPath sets the path of the access logs for http context globally if enabled
// http://nginx.org/en/docs/http/ngx_http_log_module.html#access_log
HttpAccessLogPath string `json:"http-access-log-path,omitempty"`
// StreamAccessLogPath sets the path of the access logs for stream context globally if enabled
// http://nginx.org/en/docs/stream/ngx_stream_log_module.html#access_log
StreamAccessLogPath string `json:"stream-access-log-path,omitempty"`
// WorkerCPUAffinity bind nginx worker processes to CPUs this will improve response latency // WorkerCPUAffinity bind nginx worker processes to CPUs this will improve response latency
// http://nginx.org/en/docs/ngx_core_module.html#worker_cpu_affinity // http://nginx.org/en/docs/ngx_core_module.html#worker_cpu_affinity
// By default this is disabled // By default this is disabled

12
internal/ingress/controller/controller.go
View file

@ -1054,7 +1054,8 @@ func (n *NGINXController) createServers(data []*ingress.Ingress,
loc, loc,
}, },
SSLPassthrough: anns.SSLPassthrough, SSLPassthrough: anns.SSLPassthrough,
SSLCiphers: anns.SSLCiphers, SSLCiphers: anns.SSLCipher.SSLCiphers,
SSLPreferServerCiphers: anns.SSLCipher.SSLPreferServerCiphers,
} }
} }
} }
@ -1094,8 +1095,13 @@ func (n *NGINXController) createServers(data []*ingress.Ingress,
} }
// only add SSL ciphers if the server does not have them previously configured // only add SSL ciphers if the server does not have them previously configured
if servers[host].SSLCiphers == "" && anns.SSLCiphers != "" { if servers[host].SSLCiphers == "" && anns.SSLCipher.SSLCiphers != "" {
servers[host].SSLCiphers = anns.SSLCiphers servers[host].SSLCiphers = anns.SSLCipher.SSLCiphers
}
// only add SSLPreferServerCiphers if the server does not have them previously configured
if servers[host].SSLPreferServerCiphers == "" && anns.SSLCipher.SSLPreferServerCiphers != "" {
servers[host].SSLPreferServerCiphers = anns.SSLCipher.SSLPreferServerCiphers
} }
// only add a certificate if the server does not have one previously configured // only add a certificate if the server does not have one previously configured

11
internal/ingress/controller/nginx.go
View file

@ -343,17 +343,10 @@ func (n *NGINXController) Start() {
// issues because of this behavior. // issues because of this behavior.
// To avoid this issue we restart nginx in case of errors. // To avoid this issue we restart nginx in case of errors.
if process.IsRespawnIfRequired(err) { if process.IsRespawnIfRequired(err) {
process.WaitUntilPortIsAvailable(n.cfg.ListenPorts.HTTP)
// release command resources // release command resources
cmd.Process.Release() return
// start a new nginx master process if the controller is not being stopped
cmd = n.command.ExecCommand()
cmd.SysProcAttr = &syscall.SysProcAttr{
Setpgid: true,
Pgid: 0,
}
n.start(cmd)
} }
case event := <-n.updateCh.Out(): case event := <-n.updateCh.Out():
if n.isShuttingDown { if n.isShuttingDown {
break break

43
internal/ingress/controller/process/nginx.go
View file

@ -17,14 +17,9 @@ limitations under the License.
package process package process
import ( import (
"fmt"
"net"
"os"
"os/exec" "os/exec"
"syscall" "syscall"
"time"
"github.com/ncabatoff/process-exporter/proc"
"k8s.io/klog" "k8s.io/klog"
) )
@ -43,41 +38,3 @@ NGINX master process died (%v): %v
`, waitStatus.ExitStatus(), err) `, waitStatus.ExitStatus(), err)
return true return true
} }
// WaitUntilPortIsAvailable waits until there is no NGINX master or worker
// process/es listening in a particular port.
func WaitUntilPortIsAvailable(port int) {
// we wait until the workers are killed
for {
conn, err := net.DialTimeout("tcp", fmt.Sprintf("0.0.0.0:%v", port), 1*time.Second)
if err != nil {
break
}
conn.Close()
// kill nginx worker processes
fs, err := proc.NewFS("/proc", false)
if err != nil {
klog.Errorf("unexpected error reading /proc information: %v", err)
continue
}
procs, _ := fs.FS.AllProcs()
for _, p := range procs {
pn, err := p.Comm()
if err != nil {
klog.Errorf("unexpected error obtaining process information: %v", err)
continue
}
if pn == "nginx" {
osp, err := os.FindProcess(p.PID)
if err != nil {
klog.Errorf("unexpected error obtaining process information: %v", err)
continue
}
osp.Signal(syscall.SIGQUIT)
}
}
time.Sleep(100 * time.Millisecond)
}
}

16
internal/ingress/controller/store/store.go
View file

@ -261,10 +261,24 @@ func New(
store.listers.IngressWithAnnotation.Store = cache.NewStore(cache.DeletionHandlingMetaNamespaceKeyFunc) store.listers.IngressWithAnnotation.Store = cache.NewStore(cache.DeletionHandlingMetaNamespaceKeyFunc)
// As we currently do not filter out kubernetes objects we list, we can
// retrieve a huge amount of data from the API server.
// In a cluster using HELM < v3 configmaps are used to store binary data.
// If you happen to have a lot of HELM releases in the cluster it will make
// the memory consumption of nginx-ingress-controller explode.
// In order to avoid that we filter out labels OWNER=TILLER.
tweakListOptionsFunc := func(options *metav1.ListOptions) {
if len(options.LabelSelector) > 0 {
options.LabelSelector += ",OWNER!=TILLER"
} else {
options.LabelSelector = "OWNER!=TILLER"
}
}
// create informers factory, enable and assign required informers // create informers factory, enable and assign required informers
infFactory := informers.NewSharedInformerFactoryWithOptions(client, resyncPeriod, infFactory := informers.NewSharedInformerFactoryWithOptions(client, resyncPeriod,
informers.WithNamespace(namespace), informers.WithNamespace(namespace),
informers.WithTweakListOptions(func(*metav1.ListOptions) {})) informers.WithTweakListOptions(tweakListOptionsFunc))
if k8s.IsNetworkingIngressAvailable { if k8s.IsNetworkingIngressAvailable {
store.informers.Ingress = infFactory.Networking().V1beta1().Ingresses().Informer() store.informers.Ingress = infFactory.Networking().V1beta1().Ingresses().Informer()

42
internal/ingress/controller/template/template.go
View file

@ -1229,18 +1229,17 @@ func commonListenOptions(template config.TemplateConfig, hostname string) string
func httpListener(addresses []string, co string, tc config.TemplateConfig) []string { func httpListener(addresses []string, co string, tc config.TemplateConfig) []string {
out := make([]string, 0) out := make([]string, 0)
for _, address := range addresses { for _, address := range addresses {
l := make([]string, 0) lo := []string{"listen"}
l = append(l, "listen")
if address == "" { if address == "" {
l = append(l, fmt.Sprintf("%v", tc.ListenPorts.HTTP)) lo = append(lo, fmt.Sprintf("%v", tc.ListenPorts.HTTP))
} else { } else {
l = append(l, fmt.Sprintf("%v:%v", address, tc.ListenPorts.HTTP)) lo = append(lo, fmt.Sprintf("%v:%v", address, tc.ListenPorts.HTTP))
} }
l = append(l, co) lo = append(lo, co)
l = append(l, ";") lo = append(lo, ";")
out = append(out, strings.Join(l, " ")) out = append(out, strings.Join(lo, " "))
} }
return out return out
@ -1249,38 +1248,35 @@ func httpListener(addresses []string, co string, tc config.TemplateConfig) []str
func httpsListener(addresses []string, co string, tc config.TemplateConfig) []string { func httpsListener(addresses []string, co string, tc config.TemplateConfig) []string {
out := make([]string, 0) out := make([]string, 0)
for _, address := range addresses { for _, address := range addresses {
l := make([]string, 0) lo := []string{"listen"}
l = append(l, "listen")
if tc.IsSSLPassthroughEnabled { if tc.IsSSLPassthroughEnabled {
if address == "" { if address == "" {
l = append(l, fmt.Sprintf("%v", tc.ListenPorts.SSLProxy)) lo = append(lo, fmt.Sprintf("%v", tc.ListenPorts.SSLProxy))
} else { } else {
l = append(l, fmt.Sprintf("%v:%v", address, tc.ListenPorts.SSLProxy)) lo = append(lo, fmt.Sprintf("%v:%v", address, tc.ListenPorts.SSLProxy))
} }
l = append(l, "proxy_protocol") if !strings.Contains(co, "proxy_protocol") {
lo = append(lo, "proxy_protocol")
}
} else { } else {
if address == "" { if address == "" {
l = append(l, fmt.Sprintf("%v", tc.ListenPorts.HTTPS)) lo = append(lo, fmt.Sprintf("%v", tc.ListenPorts.HTTPS))
} else { } else {
l = append(l, fmt.Sprintf("%v:%v", address, tc.ListenPorts.HTTPS)) lo = append(lo, fmt.Sprintf("%v:%v", address, tc.ListenPorts.HTTPS))
}
if tc.Cfg.UseProxyProtocol {
l = append(l, "proxy_protocol")
} }
} }
l = append(l, co) lo = append(lo, co)
l = append(l, "ssl") lo = append(lo, "ssl")
if tc.Cfg.UseHTTP2 { if tc.Cfg.UseHTTP2 {
l = append(l, "http2") lo = append(lo, "http2")
} }
l = append(l, ";") lo = append(lo, ";")
out = append(out, strings.Join(l, " ")) out = append(out, strings.Join(lo, " "))
} }
return out return out

3
internal/ingress/types.go
View file

@ -200,6 +200,9 @@ type Server struct {
ServerSnippet string `json:"serverSnippet"` ServerSnippet string `json:"serverSnippet"`
// SSLCiphers returns list of ciphers to be enabled // SSLCiphers returns list of ciphers to be enabled
SSLCiphers string `json:"sslCiphers,omitempty"` SSLCiphers string `json:"sslCiphers,omitempty"`
// SSLPreferServerCiphers indicates that server ciphers should be preferred
// over client ciphers when using the SSLv3 and TLS protocols.
SSLPreferServerCiphers string `sslPreferServerCiphers,omitempty`
// AuthTLSError contains the reason why the access to a server should be denied // AuthTLSError contains the reason why the access to a server should be denied
AuthTLSError string `json:"authTLSError,omitempty"` AuthTLSError string `json:"authTLSError,omitempty"`
} }

3
internal/ingress/types_equals.go
View file

@ -308,6 +308,9 @@ func (s1 *Server) Equal(s2 *Server) bool {
if s1.SSLCiphers != s2.SSLCiphers { if s1.SSLCiphers != s2.SSLCiphers {
return false return false
} }
if s1.SSLPreferServerCiphers != s2.SSLPreferServerCiphers {
return false
}
if s1.AuthTLSError != s2.AuthTLSError { if s1.AuthTLSError != s2.AuthTLSError {
return false return false
} }

2
internal/runtime/cpu.go → internal/runtime/cpu_linux.go
View file

@ -1,3 +1,5 @@
// +build linux
/* /*
Copyright 2018 The Kubernetes Authors. Copyright 2018 The Kubernetes Authors.

28
internal/runtime/cpu_notlinux.go Normal file
View file

@ -0,0 +1,28 @@
// +build !linux
/*
Copyright 2018 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package runtime
import (
"runtime"
)
// NumCPU ...
func NumCPU() int {
return runtime.NumCPU()
}

1
mkdocs.yml
View file

@ -1,5 +1,4 @@
site_name: NGINX Ingress Controller site_name: NGINX Ingress Controller
strict: true
repo_name: "kubernetes/ingress-nginx" repo_name: "kubernetes/ingress-nginx"
repo_url: https://github.com/kubernetes/ingress-nginx repo_url: https://github.com/kubernetes/ingress-nginx
site_url: https://kubernetes.github.io/ingress-nginx site_url: https://kubernetes.github.io/ingress-nginx

2
rootfs/.dockerignore Normal file
View file

@ -0,0 +1,2 @@
Dockerfile
.dockerignore

2
rootfs/.gitignore vendored Normal file
View file

@ -0,0 +1,2 @@
bin/*

22
rootfs/Dockerfile
View file

@ -16,6 +16,7 @@ ARG BASE_IMAGE
FROM ${BASE_IMAGE} FROM ${BASE_IMAGE}
ARG TARGETARCH
ARG VERSION ARG VERSION
LABEL org.opencontainers.image.title="NGINX Ingress Controller for Kubernetes" LABEL org.opencontainers.image.title="NGINX Ingress Controller for Kubernetes"
@ -29,12 +30,16 @@ WORKDIR /etc/nginx
RUN apk update \ RUN apk update \
&& apk upgrade \ && apk upgrade \
&& apk add -U --no-cache \ && apk add --no-cache \
diffutils \ diffutils \
libcap \
&& rm -rf /var/cache/apk/* && rm -rf /var/cache/apk/*
COPY --chown=www-data:www-data . / COPY --chown=www-data:www-data etc /etc
COPY --chown=www-data:www-data ingress-controller /ingress-controller
COPY --chown=www-data:www-data bin/${TARGETARCH}/dbg /
COPY --chown=www-data:www-data bin/${TARGETARCH}/nginx-ingress-controller /
COPY --chown=www-data:www-data bin/${TARGETARCH}/wait-shutdown /
# Fix permission during the build to avoid issues at runtime # Fix permission during the build to avoid issues at runtime
# with volumes (custom templates) # with volumes (custom templates)
@ -51,11 +56,12 @@ RUN bash -xeu -c ' \
chown -R www-data.www-data ${dir}; \ chown -R www-data.www-data ${dir}; \
done' done'
RUN setcap cap_net_bind_service=+ep /nginx-ingress-controller \ RUN apk add --no-cache libcap \
&& setcap -v cap_net_bind_service=+ep /nginx-ingress-controller && setcap cap_net_bind_service=+ep /nginx-ingress-controller \
&& setcap -v cap_net_bind_service=+ep /nginx-ingress-controller \
RUN setcap cap_net_bind_service=+ep /usr/local/nginx/sbin/nginx \ && setcap cap_net_bind_service=+ep /usr/local/nginx/sbin/nginx \
&& setcap -v cap_net_bind_service=+ep /usr/local/nginx/sbin/nginx && setcap -v cap_net_bind_service=+ep /usr/local/nginx/sbin/nginx \
&& apk del libcap
USER www-data USER www-data

14
rootfs/etc/nginx/lua/balancer.lua
View file

@ -16,7 +16,7 @@ local getmetatable = getmetatable
local tostring = tostring local tostring = tostring
local pairs = pairs local pairs = pairs
local math = math local math = math
local ngx = ngx
-- measured in seconds -- measured in seconds
-- for an Nginx worker to pick up the new list of upstream peers -- for an Nginx worker to pick up the new list of upstream peers
@ -305,11 +305,11 @@ function _M.log()
balancer:after_balance() balancer:after_balance()
end end
if _TEST then setmetatable(_M, {__index = {
_M.get_implementation = get_implementation get_implementation = get_implementation,
_M.sync_backend = sync_backend sync_backend = sync_backend,
_M.route_to_alternative_balancer = route_to_alternative_balancer route_to_alternative_balancer = route_to_alternative_balancer,
_M.get_balancer = get_balancer get_balancer = get_balancer,
end }})
return _M return _M

13
rootfs/etc/nginx/lua/balancer/chash.lua
View file

@ -1,14 +1,23 @@
local balancer_resty = require("balancer.resty") local balancer_resty = require("balancer.resty")
local resty_chash = require("resty.chash") local resty_chash = require("resty.chash")
local util = require("util") local util = require("util")
local ngx_log = ngx.log
local ngx_ERR = ngx.ERR
local setmetatable = setmetatable
local _M = balancer_resty:new({ factory = resty_chash, name = "chash" }) local _M = balancer_resty:new({ factory = resty_chash, name = "chash" })
function _M.new(self, backend) function _M.new(self, backend)
local nodes = util.get_nodes(backend.endpoints) local nodes = util.get_nodes(backend.endpoints)
local complex_val, err =
util.parse_complex_value(backend["upstreamHashByConfig"]["upstream-hash-by"])
if err ~= nil then
ngx_log(ngx_ERR, "could not parse the value of the upstream-hash-by: ", err)
end
local o = { local o = {
instance = self.factory:new(nodes), instance = self.factory:new(nodes),
hash_by = backend["upstreamHashByConfig"]["upstream-hash-by"], hash_by = complex_val,
traffic_shaping_policy = backend.trafficShapingPolicy, traffic_shaping_policy = backend.trafficShapingPolicy,
alternative_backends = backend.alternativeBackends, alternative_backends = backend.alternativeBackends,
} }
@ -18,7 +27,7 @@ function _M.new(self, backend)
end end
function _M.balance(self) function _M.balance(self)
local key = util.lua_ngx_var(self.hash_by) local key = util.generate_var_value(self.hash_by)
return self.instance:find(key) return self.instance:find(key)
end end

16
rootfs/etc/nginx/lua/balancer/chashsubset.lua
View file

@ -3,6 +3,13 @@
local resty_chash = require("resty.chash") local resty_chash = require("resty.chash")
local util = require("util") local util = require("util")
local ngx_log = ngx.log
local ngx_ERR = ngx.ERR
local setmetatable = setmetatable
local tostring = tostring
local math = math
local table = table
local pairs = pairs
local _M = { name = "chashsubset" } local _M = { name = "chashsubset" }
@ -44,10 +51,15 @@ end
function _M.new(self, backend) function _M.new(self, backend)
local subset_map, subsets = build_subset_map(backend) local subset_map, subsets = build_subset_map(backend)
local complex_val, err =
util.parse_complex_value(backend["upstreamHashByConfig"]["upstream-hash-by"])
if err ~= nil then
ngx_log(ngx_ERR, "could not parse the value of the upstream-hash-by: ", err)
end
local o = { local o = {
instance = resty_chash:new(subset_map), instance = resty_chash:new(subset_map),
hash_by = backend["upstreamHashByConfig"]["upstream-hash-by"], hash_by = complex_val,
subsets = subsets, subsets = subsets,
current_endpoints = backend.endpoints current_endpoints = backend.endpoints
} }
@ -57,7 +69,7 @@ function _M.new(self, backend)
end end
function _M.balance(self) function _M.balance(self)
local key = util.lua_ngx_var(self.hash_by) local key = util.generate_var_value(self.hash_by)
local subset_id = self.instance:find(key) local subset_id = self.instance:find(key)
local endpoints = self.subsets[subset_id] local endpoints = self.subsets[subset_id]
local endpoint = endpoints[math.random(#endpoints)] local endpoint = endpoints[math.random(#endpoints)]

11
rootfs/etc/nginx/lua/balancer/ewma.lua
View file

@ -9,6 +9,14 @@ local resty_lock = require("resty.lock")
local util = require("util") local util = require("util")
local split = require("util.split") local split = require("util.split")
local ngx = ngx
local math = math
local pairs = pairs
local ipairs = ipairs
local tostring = tostring
local string = string
local tonumber = tonumber
local setmetatable = setmetatable
local string_format = string.format local string_format = string.format
local ngx_log = ngx.log local ngx_log = ngx.log
local INFO = ngx.INFO local INFO = ngx.INFO
@ -185,7 +193,8 @@ function _M.after_balance(_)
end end
function _M.sync(self, backend) function _M.sync(self, backend)
local normalized_endpoints_added, normalized_endpoints_removed = util.diff_endpoints(self.peers, backend.endpoints) local normalized_endpoints_added, normalized_endpoints_removed =
util.diff_endpoints(self.peers, backend.endpoints)
if #normalized_endpoints_added == 0 and #normalized_endpoints_removed == 0 then if #normalized_endpoints_added == 0 and #normalized_endpoints_removed == 0 then
ngx.log(ngx.INFO, "endpoints did not change for backend " .. tostring(backend.name)) ngx.log(ngx.INFO, "endpoints did not change for backend " .. tostring(backend.name))

1
rootfs/etc/nginx/lua/balancer/resty.lua
View file

@ -3,6 +3,7 @@ local util = require("util")
local string_format = string.format local string_format = string.format
local ngx_log = ngx.log local ngx_log = ngx.log
local INFO = ngx.INFO local INFO = ngx.INFO
local setmetatable = setmetatable
local _M = {} local _M = {}

2
rootfs/etc/nginx/lua/balancer/round_robin.lua
View file

@ -2,6 +2,8 @@ local balancer_resty = require("balancer.resty")
local resty_roundrobin = require("resty.roundrobin") local resty_roundrobin = require("resty.roundrobin")
local util = require("util") local util = require("util")
local setmetatable = setmetatable
local _M = balancer_resty:new({ factory = resty_roundrobin, name = "round_robin" }) local _M = balancer_resty:new({ factory = resty_roundrobin, name = "round_robin" })
function _M.new(self, backend) function _M.new(self, backend)

Some files were not shown because too many files have changed in this diff Show more