From 4508493dfe7fb06206109a0a9dcc6025cc335273 Mon Sep 17 00:00:00 2001 From: Ricardo Katz Date: Sun, 21 Aug 2022 18:21:51 -0300 Subject: [PATCH 001/166] Clean old code and move helper functions (#8946) --- internal/ingress/controller/controller.go | 94 +-------- internal/ingress/controller/nginx.go | 88 +------- internal/ingress/controller/nginx_test.go | 112 ----------- internal/k8s/main.go | 3 - pkg/util/ingress/ingress.go | 233 ++++++++++++++++++++++ pkg/util/ingress/ingress_test.go | 132 ++++++++++++ test/e2e/framework/framework.go | 4 - 7 files changed, 374 insertions(+), 292 deletions(-) create mode 100644 pkg/util/ingress/ingress.go create mode 100644 pkg/util/ingress/ingress_test.go diff --git a/internal/ingress/controller/controller.go b/internal/ingress/controller/controller.go index d0f85bb01..bba932d16 100644 --- a/internal/ingress/controller/controller.go +++ b/internal/ingress/controller/controller.go @@ -45,6 +45,7 @@ import ( "k8s.io/ingress-nginx/internal/k8s" "k8s.io/ingress-nginx/internal/nginx" "k8s.io/ingress-nginx/pkg/apis/ingress" + utilingress "k8s.io/ingress-nginx/pkg/util/ingress" "k8s.io/klog/v2" ) @@ -163,7 +164,7 @@ func (n *NGINXController) syncIngress(interface{}) error { n.metricCollector.SetHosts(hosts) - if !n.IsDynamicConfigurationEnough(pcfg) { + if !utilingress.IsDynamicConfigurationEnough(pcfg, n.runningConfig) { klog.InfoS("Configuration changes detected, backend reload required") hash, _ := hashstructure.Hash(pcfg, &hashstructure.HashOptions{ @@ -223,9 +224,9 @@ func (n *NGINXController) syncIngress(interface{}) error { return err } - ri := getRemovedIngresses(n.runningConfig, pcfg) - re := getRemovedHosts(n.runningConfig, pcfg) - rc := getRemovedCertificateSerialNumbers(n.runningConfig, pcfg) + ri := utilingress.GetRemovedIngresses(n.runningConfig, pcfg) + re := utilingress.GetRemovedHosts(n.runningConfig, pcfg) + rc := utilingress.GetRemovedCertificateSerialNumbers(n.runningConfig, pcfg) n.metricCollector.RemoveMetrics(ri, re, rc) n.runningConfig = pcfg @@ -1623,91 +1624,6 @@ func extractTLSSecretName(host string, ing *ingress.Ingress, return "" } -// getRemovedHosts returns a list of the hostnames -// that are not associated anymore to the NGINX configuration. -func getRemovedHosts(rucfg, newcfg *ingress.Configuration) []string { - old := sets.NewString() - new := sets.NewString() - - for _, s := range rucfg.Servers { - if !old.Has(s.Hostname) { - old.Insert(s.Hostname) - } - } - - for _, s := range newcfg.Servers { - if !new.Has(s.Hostname) { - new.Insert(s.Hostname) - } - } - - return old.Difference(new).List() -} - -func getRemovedCertificateSerialNumbers(rucfg, newcfg *ingress.Configuration) []string { - oldCertificates := sets.NewString() - newCertificates := sets.NewString() - - for _, server := range rucfg.Servers { - if server.SSLCert == nil { - continue - } - identifier := server.SSLCert.Identifier() - if identifier != "" { - if !oldCertificates.Has(identifier) { - oldCertificates.Insert(identifier) - } - } - } - - for _, server := range newcfg.Servers { - if server.SSLCert == nil { - continue - } - identifier := server.SSLCert.Identifier() - if identifier != "" { - if !newCertificates.Has(identifier) { - newCertificates.Insert(identifier) - } - } - } - - return oldCertificates.Difference(newCertificates).List() -} - -func getRemovedIngresses(rucfg, newcfg *ingress.Configuration) []string { - oldIngresses := sets.NewString() - newIngresses := sets.NewString() - - for _, server := range rucfg.Servers { - for _, location := range server.Locations { - if location.Ingress == nil { - continue - } - - ingKey := k8s.MetaNamespaceKey(location.Ingress) - if !oldIngresses.Has(ingKey) { - oldIngresses.Insert(ingKey) - } - } - } - - for _, server := range newcfg.Servers { - for _, location := range server.Locations { - if location.Ingress == nil { - continue - } - - ingKey := k8s.MetaNamespaceKey(location.Ingress) - if !newIngresses.Has(ingKey) { - newIngresses.Insert(ingKey) - } - } - } - - return oldIngresses.Difference(newIngresses).List() -} - // checks conditions for whether or not an upstream should be created for a custom default backend func shouldCreateUpstreamForLocationDefaultBackend(upstream *ingress.Backend, location *ingress.Location) bool { return (upstream.Name == location.Backend) && diff --git a/internal/ingress/controller/nginx.go b/internal/ingress/controller/nginx.go index d0f4abe27..4b543ea2f 100644 --- a/internal/ingress/controller/nginx.go +++ b/internal/ingress/controller/nginx.go @@ -39,7 +39,6 @@ import ( "github.com/eapache/channels" apiv1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/util/intstr" - "k8s.io/apimachinery/pkg/util/sets" "k8s.io/client-go/kubernetes/scheme" v1core "k8s.io/client-go/kubernetes/typed/core/v1" "k8s.io/client-go/tools/record" @@ -61,6 +60,8 @@ import ( "k8s.io/ingress-nginx/pkg/apis/ingress" "k8s.io/ingress-nginx/pkg/util/file" + utilingress "k8s.io/ingress-nginx/pkg/util/ingress" + klog "k8s.io/klog/v2" ) @@ -601,10 +602,9 @@ func (n NGINXController) generateTemplate(cfg ngx_config.Configuration, ingressC IsIPV6Enabled: n.isIPV6Enabled && !cfg.DisableIpv6, NginxStatusIpv4Whitelist: cfg.NginxStatusIpv4Whitelist, NginxStatusIpv6Whitelist: cfg.NginxStatusIpv6Whitelist, - RedirectServers: buildRedirects(ingressCfg.Servers), + RedirectServers: utilingress.BuildRedirects(ingressCfg.Servers), IsSSLPassthroughEnabled: n.cfg.EnableSSLPassthrough, ListenPorts: n.cfg.ListenPorts, - PublishService: n.GetPublishService(), EnableMetrics: n.cfg.EnableMetrics, MaxmindEditionFiles: n.cfg.MaxmindEditionFiles, HealthzURI: nginx.HealthPath, @@ -832,24 +832,6 @@ func clearL4serviceEndpoints(config *ingress.Configuration) { config.UDPEndpoints = clearedUDPL4Services } -// IsDynamicConfigurationEnough returns whether a Configuration can be -// dynamically applied, without reloading the backend. -func (n *NGINXController) IsDynamicConfigurationEnough(pcfg *ingress.Configuration) bool { - copyOfRunningConfig := *n.runningConfig - copyOfPcfg := *pcfg - - copyOfRunningConfig.Backends = []*ingress.Backend{} - copyOfPcfg.Backends = []*ingress.Backend{} - - clearL4serviceEndpoints(©OfRunningConfig) - clearL4serviceEndpoints(©OfPcfg) - - clearCertificates(©OfRunningConfig) - clearCertificates(©OfPcfg) - - return copyOfRunningConfig.Equal(©OfPcfg) -} - // configureDynamically encodes new Backends in JSON format and POSTs the // payload to an internal HTTP endpoint handled by Lua. func (n *NGINXController) configureDynamically(pcfg *ingress.Configuration) error { @@ -1019,7 +1001,7 @@ func configureCertificates(rawServers []*ingress.Server) error { } } - redirects := buildRedirects(rawServers) + redirects := utilingress.BuildRedirects(rawServers) for _, redirect := range redirects { configure(redirect.From, redirect.SSLCert) } @@ -1139,65 +1121,3 @@ func cleanTempNginxCfg() error { return nil } - -type redirect struct { - From string - To string - SSLCert *ingress.SSLCert -} - -func buildRedirects(servers []*ingress.Server) []*redirect { - names := sets.String{} - redirectServers := make([]*redirect, 0) - - for _, srv := range servers { - if !srv.RedirectFromToWWW { - continue - } - - to := srv.Hostname - - var from string - if strings.HasPrefix(to, "www.") { - from = strings.TrimPrefix(to, "www.") - } else { - from = fmt.Sprintf("www.%v", to) - } - - if names.Has(to) { - continue - } - - klog.V(3).InfoS("Creating redirect", "from", from, "to", to) - found := false - for _, esrv := range servers { - if esrv.Hostname == from { - found = true - break - } - } - - if found { - klog.Warningf("Already exists an Ingress with %q hostname. Skipping creation of redirection from %q to %q.", from, from, to) - continue - } - - r := &redirect{ - From: from, - To: to, - } - - if srv.SSLCert != nil { - if ssl.IsValidHostname(from, srv.SSLCert.CN) { - r.SSLCert = srv.SSLCert - } else { - klog.Warningf("the server %v has SSL configured but the SSL certificate does not contains a CN for %v. Redirects will not work for HTTPS to HTTPS", from, to) - } - } - - redirectServers = append(redirectServers, r) - names.Insert(to) - } - - return redirectServers -} diff --git a/internal/ingress/controller/nginx_test.go b/internal/ingress/controller/nginx_test.go index c2c71b797..4d3155194 100644 --- a/internal/ingress/controller/nginx_test.go +++ b/internal/ingress/controller/nginx_test.go @@ -36,118 +36,6 @@ import ( "k8s.io/ingress-nginx/pkg/apis/ingress" ) -func TestIsDynamicConfigurationEnough(t *testing.T) { - backends := []*ingress.Backend{{ - Name: "fakenamespace-myapp-80", - Endpoints: []ingress.Endpoint{ - { - Address: "10.0.0.1", - Port: "8080", - }, - { - Address: "10.0.0.2", - Port: "8080", - }, - }, - }} - - servers := []*ingress.Server{{ - Hostname: "myapp.fake", - Locations: []*ingress.Location{ - { - Path: "/", - Backend: "fakenamespace-myapp-80", - }, - }, - SSLCert: &ingress.SSLCert{ - PemCertKey: "fake-certificate", - }, - }} - - commonConfig := &ingress.Configuration{ - Backends: backends, - Servers: servers, - } - - n := &NGINXController{ - runningConfig: &ingress.Configuration{ - Backends: backends, - Servers: servers, - }, - cfg: &Configuration{}, - } - - newConfig := commonConfig - if !n.IsDynamicConfigurationEnough(newConfig) { - t.Errorf("When new config is same as the running config it should be deemed as dynamically configurable") - } - - newConfig = &ingress.Configuration{ - Backends: []*ingress.Backend{{Name: "another-backend-8081"}}, - Servers: []*ingress.Server{{Hostname: "myapp1.fake"}}, - } - if n.IsDynamicConfigurationEnough(newConfig) { - t.Errorf("Expected to not be dynamically configurable when there's more than just backends change") - } - - newConfig = &ingress.Configuration{ - Backends: []*ingress.Backend{{Name: "a-backend-8080"}}, - Servers: servers, - } - - if !n.IsDynamicConfigurationEnough(newConfig) { - t.Errorf("Expected to be dynamically configurable when only backends change") - } - - newServers := []*ingress.Server{{ - Hostname: "myapp1.fake", - Locations: []*ingress.Location{ - { - Path: "/", - Backend: "fakenamespace-myapp-80", - }, - }, - SSLCert: &ingress.SSLCert{ - PemCertKey: "fake-certificate", - }, - }} - - newConfig = &ingress.Configuration{ - Backends: backends, - Servers: newServers, - } - if n.IsDynamicConfigurationEnough(newConfig) { - t.Errorf("Expected to not be dynamically configurable when dynamic certificates is enabled and a non-certificate field in servers is updated") - } - - newServers[0].Hostname = "myapp.fake" - newServers[0].SSLCert.PemCertKey = "new-fake-certificate" - - newConfig = &ingress.Configuration{ - Backends: backends, - Servers: newServers, - } - if !n.IsDynamicConfigurationEnough(newConfig) { - t.Errorf("Expected to be dynamically configurable when only SSLCert changes") - } - - newConfig = &ingress.Configuration{ - Backends: []*ingress.Backend{{Name: "a-backend-8080"}}, - Servers: newServers, - } - if !n.IsDynamicConfigurationEnough(newConfig) { - t.Errorf("Expected to be dynamically configurable when backend and SSLCert changes") - } - - if !n.runningConfig.Equal(commonConfig) { - t.Errorf("Expected running config to not change") - } - - if !newConfig.Equal(&ingress.Configuration{Backends: []*ingress.Backend{{Name: "a-backend-8080"}}, Servers: newServers}) { - t.Errorf("Expected new config to not change") - } -} - func TestConfigureDynamically(t *testing.T) { listener, err := tryListen("tcp", fmt.Sprintf(":%v", nginx.StatusPort)) if err != nil { diff --git a/internal/k8s/main.go b/internal/k8s/main.go index 1487e892a..5332631a7 100644 --- a/internal/k8s/main.go +++ b/internal/k8s/main.go @@ -121,9 +121,6 @@ func MetaNamespaceKey(obj interface{}) string { return key } -// IsIngressV1Ready indicates if the running Kubernetes version is at least v1.19.0 -var IsIngressV1Ready bool - // IngressNGINXController defines the valid value of IngressClass // Controller field for ingress-nginx const IngressNGINXController = "k8s.io/ingress-nginx" diff --git a/pkg/util/ingress/ingress.go b/pkg/util/ingress/ingress.go new file mode 100644 index 000000000..7df2cc114 --- /dev/null +++ b/pkg/util/ingress/ingress.go @@ -0,0 +1,233 @@ +/* +Copyright 2022 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package ingress + +import ( + "fmt" + "strings" + + "k8s.io/apimachinery/pkg/util/sets" + "k8s.io/ingress-nginx/internal/k8s" + "k8s.io/ingress-nginx/internal/net/ssl" + "k8s.io/ingress-nginx/pkg/apis/ingress" + "k8s.io/klog/v2" +) + +func GetRemovedHosts(rucfg, newcfg *ingress.Configuration) []string { + oldSet := sets.NewString() + newSet := sets.NewString() + + for _, s := range rucfg.Servers { + if !oldSet.Has(s.Hostname) { + oldSet.Insert(s.Hostname) + } + } + + for _, s := range newcfg.Servers { + if !newSet.Has(s.Hostname) { + newSet.Insert(s.Hostname) + } + } + + return oldSet.Difference(newSet).List() +} + +// GetRemovedCertificateSerialNumber extracts the difference of certificates between two configurations +func GetRemovedCertificateSerialNumbers(rucfg, newcfg *ingress.Configuration) []string { + oldCertificates := sets.NewString() + newCertificates := sets.NewString() + + for _, server := range rucfg.Servers { + if server.SSLCert == nil { + continue + } + identifier := server.SSLCert.Identifier() + if identifier != "" { + if !oldCertificates.Has(identifier) { + oldCertificates.Insert(identifier) + } + } + } + + for _, server := range newcfg.Servers { + if server.SSLCert == nil { + continue + } + identifier := server.SSLCert.Identifier() + if identifier != "" { + if !newCertificates.Has(identifier) { + newCertificates.Insert(identifier) + } + } + } + + return oldCertificates.Difference(newCertificates).List() +} + +// GetRemovedIngresses extracts the difference of ingresses between two configurations +func GetRemovedIngresses(rucfg, newcfg *ingress.Configuration) []string { + oldIngresses := sets.NewString() + newIngresses := sets.NewString() + + for _, server := range rucfg.Servers { + for _, location := range server.Locations { + if location.Ingress == nil { + continue + } + + ingKey := k8s.MetaNamespaceKey(location.Ingress) + if !oldIngresses.Has(ingKey) { + oldIngresses.Insert(ingKey) + } + } + } + + for _, server := range newcfg.Servers { + for _, location := range server.Locations { + if location.Ingress == nil { + continue + } + + ingKey := k8s.MetaNamespaceKey(location.Ingress) + if !newIngresses.Has(ingKey) { + newIngresses.Insert(ingKey) + } + } + } + + return oldIngresses.Difference(newIngresses).List() +} + +// IsDynamicConfigurationEnough returns whether a Configuration can be +// dynamically applied, without reloading the backend. +func IsDynamicConfigurationEnough(newcfg *ingress.Configuration, oldcfg *ingress.Configuration) bool { + copyOfRunningConfig := *oldcfg + copyOfPcfg := *newcfg + + copyOfRunningConfig.Backends = []*ingress.Backend{} + copyOfPcfg.Backends = []*ingress.Backend{} + + clearL4serviceEndpoints(©OfRunningConfig) + clearL4serviceEndpoints(©OfPcfg) + + clearCertificates(©OfRunningConfig) + clearCertificates(©OfPcfg) + + return copyOfRunningConfig.Equal(©OfPcfg) +} + +// clearL4serviceEndpoints is a helper function to clear endpoints from the ingress configuration since they should be ignored when +// checking if the new configuration changes can be applied dynamically. +func clearL4serviceEndpoints(config *ingress.Configuration) { + var clearedTCPL4Services []ingress.L4Service + var clearedUDPL4Services []ingress.L4Service + for _, service := range config.TCPEndpoints { + copyofService := ingress.L4Service{ + Port: service.Port, + Backend: service.Backend, + Endpoints: []ingress.Endpoint{}, + Service: nil, + } + clearedTCPL4Services = append(clearedTCPL4Services, copyofService) + } + for _, service := range config.UDPEndpoints { + copyofService := ingress.L4Service{ + Port: service.Port, + Backend: service.Backend, + Endpoints: []ingress.Endpoint{}, + Service: nil, + } + clearedUDPL4Services = append(clearedUDPL4Services, copyofService) + } + config.TCPEndpoints = clearedTCPL4Services + config.UDPEndpoints = clearedUDPL4Services +} + +// clearCertificates is a helper function to clear Certificates from the ingress configuration since they should be ignored when +// checking if the new configuration changes can be applied dynamically if dynamic certificates is on +func clearCertificates(config *ingress.Configuration) { + var clearedServers []*ingress.Server + for _, server := range config.Servers { + copyOfServer := *server + copyOfServer.SSLCert = nil + clearedServers = append(clearedServers, ©OfServer) + } + config.Servers = clearedServers +} + +type redirect struct { + From string + To string + SSLCert *ingress.SSLCert +} + +// BuildRedirects build the redirects of servers based on configurations and certificates +func BuildRedirects(servers []*ingress.Server) []*redirect { + names := sets.String{} + redirectServers := make([]*redirect, 0) + + for _, srv := range servers { + if !srv.RedirectFromToWWW { + continue + } + + to := srv.Hostname + + var from string + if strings.HasPrefix(to, "www.") { + from = strings.TrimPrefix(to, "www.") + } else { + from = fmt.Sprintf("www.%v", to) + } + + if names.Has(to) { + continue + } + + klog.V(3).InfoS("Creating redirect", "from", from, "to", to) + found := false + for _, esrv := range servers { + if esrv.Hostname == from { + found = true + break + } + } + + if found { + klog.Warningf("Already exists an Ingress with %q hostname. Skipping creation of redirection from %q to %q.", from, from, to) + continue + } + + r := &redirect{ + From: from, + To: to, + } + + if srv.SSLCert != nil { + if ssl.IsValidHostname(from, srv.SSLCert.CN) { + r.SSLCert = srv.SSLCert + } else { + klog.Warningf("the server %v has SSL configured but the SSL certificate does not contains a CN for %v. Redirects will not work for HTTPS to HTTPS", from, to) + } + } + + redirectServers = append(redirectServers, r) + names.Insert(to) + } + + return redirectServers +} diff --git a/pkg/util/ingress/ingress_test.go b/pkg/util/ingress/ingress_test.go new file mode 100644 index 000000000..24597fb6e --- /dev/null +++ b/pkg/util/ingress/ingress_test.go @@ -0,0 +1,132 @@ +/* +Copyright 2022 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package ingress + +import ( + "testing" + + "k8s.io/ingress-nginx/pkg/apis/ingress" +) + +func TestIsDynamicConfigurationEnough(t *testing.T) { + backends := []*ingress.Backend{{ + Name: "fakenamespace-myapp-80", + Endpoints: []ingress.Endpoint{ + { + Address: "10.0.0.1", + Port: "8080", + }, + { + Address: "10.0.0.2", + Port: "8080", + }, + }, + }} + + servers := []*ingress.Server{{ + Hostname: "myapp.fake", + Locations: []*ingress.Location{ + { + Path: "/", + Backend: "fakenamespace-myapp-80", + }, + }, + SSLCert: &ingress.SSLCert{ + PemCertKey: "fake-certificate", + }, + }} + + commonConfig := &ingress.Configuration{ + Backends: backends, + Servers: servers, + } + + runningConfig := &ingress.Configuration{ + Backends: backends, + Servers: servers, + } + + newConfig := commonConfig + if !IsDynamicConfigurationEnough(newConfig, runningConfig) { + t.Errorf("When new config is same as the running config it should be deemed as dynamically configurable") + } + + newConfig = &ingress.Configuration{ + Backends: []*ingress.Backend{{Name: "another-backend-8081"}}, + Servers: []*ingress.Server{{Hostname: "myapp1.fake"}}, + } + if IsDynamicConfigurationEnough(newConfig, runningConfig) { + t.Errorf("Expected to not be dynamically configurable when there's more than just backends change") + } + + newConfig = &ingress.Configuration{ + Backends: []*ingress.Backend{{Name: "a-backend-8080"}}, + Servers: servers, + } + + if !IsDynamicConfigurationEnough(newConfig, runningConfig) { + t.Errorf("Expected to be dynamically configurable when only backends change") + } + + newServers := []*ingress.Server{{ + Hostname: "myapp1.fake", + Locations: []*ingress.Location{ + { + Path: "/", + Backend: "fakenamespace-myapp-80", + }, + }, + SSLCert: &ingress.SSLCert{ + PemCertKey: "fake-certificate", + }, + }} + + newConfig = &ingress.Configuration{ + Backends: backends, + Servers: newServers, + } + if IsDynamicConfigurationEnough(newConfig, runningConfig) { + t.Errorf("Expected to not be dynamically configurable when dynamic certificates is enabled and a non-certificate field in servers is updated") + } + + newServers[0].Hostname = "myapp.fake" + newServers[0].SSLCert.PemCertKey = "new-fake-certificate" + + newConfig = &ingress.Configuration{ + Backends: backends, + Servers: newServers, + } + if !IsDynamicConfigurationEnough(newConfig, runningConfig) { + t.Errorf("Expected to be dynamically configurable when only SSLCert changes") + } + + newConfig = &ingress.Configuration{ + Backends: []*ingress.Backend{{Name: "a-backend-8080"}}, + Servers: newServers, + } + if !IsDynamicConfigurationEnough(newConfig, runningConfig) { + t.Errorf("Expected to be dynamically configurable when backend and SSLCert changes") + } + + if !runningConfig.Equal(commonConfig) { + t.Errorf("Expected running config to not change") + } + + if !newConfig.Equal(&ingress.Configuration{Backends: []*ingress.Backend{{Name: "a-backend-8080"}}, Servers: newServers}) { + t.Errorf("Expected new config to not change") + } +} diff --git a/test/e2e/framework/framework.go b/test/e2e/framework/framework.go index ff47ffa51..0f01ae3cb 100644 --- a/test/e2e/framework/framework.go +++ b/test/e2e/framework/framework.go @@ -38,7 +38,6 @@ import ( "k8s.io/client-go/kubernetes/scheme" "k8s.io/client-go/rest" restclient "k8s.io/client-go/rest" - "k8s.io/ingress-nginx/internal/k8s" "k8s.io/klog/v2" ) @@ -60,8 +59,6 @@ var ( type Framework struct { BaseName string - IsIngressV1Ready bool - // A Kubernetes and Service Catalog client KubeClientSet kubernetes.Interface KubeConfig *restclient.Config @@ -116,7 +113,6 @@ func (f *Framework) CreateEnvironment() { f.KubeClientSet, err = kubernetes.NewForConfig(f.KubeConfig) assert.Nil(ginkgo.GinkgoT(), err, "creating a kubernetes client") - f.IsIngressV1Ready = k8s.NetworkingIngressAvailable(f.KubeClientSet) } f.Namespace, err = CreateKubeNamespace(f.BaseName, f.KubeClientSet) From 3a450e04689fa472ac9161afef46895639bfb8f3 Mon Sep 17 00:00:00 2001 From: Long Wu Yuan Date: Mon, 22 Aug 2022 23:54:29 +0530 Subject: [PATCH 002/166] updated testrunner and testecho images (#8948) --- build/run-in-docker.sh | 2 +- .../customization/external-auth-headers/echo-service.yaml | 2 +- test/e2e-image/Makefile | 2 +- test/e2e/framework/deployment.go | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/build/run-in-docker.sh b/build/run-in-docker.sh index 7fdc20699..3a1d5a5fa 100755 --- a/build/run-in-docker.sh +++ b/build/run-in-docker.sh @@ -38,7 +38,7 @@ function cleanup { } trap cleanup EXIT -E2E_IMAGE=${E2E_IMAGE:-registry.k8s.io/ingress-nginx/e2e-test-runner:v20220624-g3348cd71e@sha256:2a34e322b7ff89abdfa0b6202f903bf5618578b699ff609a3ddabac0aae239c8} +E2E_IMAGE=${E2E_IMAGE:-registry.k8s.io/ingress-nginx/e2e-test-runner:v20220819-ga98c63787@sha256:608ef1c1e5783e4a0c4fe57d8f85aa30eb0a3d25e5b1492197e8a95382d5e09d} DOCKER_OPTS=${DOCKER_OPTS:-} DOCKER_IN_DOCKER_ENABLED=${DOCKER_IN_DOCKER_ENABLED:-} diff --git a/docs/examples/customization/external-auth-headers/echo-service.yaml b/docs/examples/customization/external-auth-headers/echo-service.yaml index 636aaded1..0fe37be56 100644 --- a/docs/examples/customization/external-auth-headers/echo-service.yaml +++ b/docs/examples/customization/external-auth-headers/echo-service.yaml @@ -18,7 +18,7 @@ spec: terminationGracePeriodSeconds: 60 containers: - name: echo-service - image: gcr.io/k8s-staging-ingress-nginx/e2e-test-echo:v1.0.0 + image: registry.k8s.io/ingress-nginx/e2e-test-echo:v20220819-ga98c63787@sha256:778ac6d1188c8de8ecabeddd3c37b72c8adc8c712bad2bd7a81fb23a3514934c ports: - containerPort: 8080 resources: diff --git a/test/e2e-image/Makefile b/test/e2e-image/Makefile index a9c6db7c5..47eb1521d 100644 --- a/test/e2e-image/Makefile +++ b/test/e2e-image/Makefile @@ -1,6 +1,6 @@ DIR:=$(shell dirname $(realpath $(firstword $(MAKEFILE_LIST)))) -E2E_BASE_IMAGE="registry.k8s.io/ingress-nginx/e2e-test-runner:v20220801-g00ee51f09@sha256:795923c427f6dda855338c654448b4348fb845db152fbcad9cd8d186385d01c4" +E2E_BASE_IMAGE="registry.k8s.io/ingress-nginx/e2e-test-runner:v20220819-ga98c63787@sha256:608ef1c1e5783e4a0c4fe57d8f85aa30eb0a3d25e5b1492197e8a95382d5e09d" image: echo "..entered Makefile in /test/e2e-image" diff --git a/test/e2e/framework/deployment.go b/test/e2e/framework/deployment.go index 7d79f1bff..b37060af1 100644 --- a/test/e2e/framework/deployment.go +++ b/test/e2e/framework/deployment.go @@ -78,7 +78,7 @@ func (f *Framework) NewEchoDeployment(opts ...func(*deploymentOptions)) { o(options) } - deployment := newDeployment(options.name, options.namespace, "registry.k8s.io/ingress-nginx/e2e-test-echo@sha256:f45fb156e1488ae29aa5e98d2faf8731c79bc5a19c2f39a3c4069566ba629a78", 80, int32(options.replicas), + deployment := newDeployment(options.name, options.namespace, "registry.k8s.io/ingress-nginx/e2e-test-echo@sha256:778ac6d1188c8de8ecabeddd3c37b72c8adc8c712bad2bd7a81fb23a3514934c", 80, int32(options.replicas), nil, []corev1.VolumeMount{}, []corev1.Volume{}, From cecd085ef73d20bf9962e036a1c87cdf72d9327e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 22 Aug 2022 15:20:10 -0700 Subject: [PATCH 003/166] Bump github/codeql-action from 2.1.18 to 2.1.19 (#8950) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.18 to 2.1.19. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v2.1.18...f5d217be74900c6ac8fbbe53f3c10376ba4e64da) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/scorecards.yml | 2 +- .github/workflows/vulnerability-scans.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 26271c309..3c7d81687 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -57,6 +57,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@2ca79b6fa8d3ec278944088b4aa5f46912db5d63 # v2.1.14 + uses: github/codeql-action/upload-sarif@f5d217be74900c6ac8fbbe53f3c10376ba4e64da # v2.1.14 with: sarif_file: results.sarif diff --git a/.github/workflows/vulnerability-scans.yaml b/.github/workflows/vulnerability-scans.yaml index 82cc99888..284c1def4 100644 --- a/.github/workflows/vulnerability-scans.yaml +++ b/.github/workflows/vulnerability-scans.yaml @@ -75,7 +75,7 @@ jobs: # This step checks out a copy of your repository. - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@0c670bbf0414f39666df6ce8e718ec5662c21e03 + uses: github/codeql-action/upload-sarif@f5d217be74900c6ac8fbbe53f3c10376ba4e64da with: token: ${{ github.token }} # Path to SARIF file relative to the root of the repository From 2e3eb675a899808c11887acc72c795fba21419a1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 22 Aug 2022 15:22:09 -0700 Subject: [PATCH 004/166] Bump geekyeggo/delete-artifact (#8951) Bumps [geekyeggo/delete-artifact](https://github.com/geekyeggo/delete-artifact) from a6ab43859c960a8b74cbc6291f362c7fb51829ba to 1. This release includes the previously tagged commit. - [Release notes](https://github.com/geekyeggo/delete-artifact/releases) - [Commits](https://github.com/geekyeggo/delete-artifact/compare/a6ab43859c960a8b74cbc6291f362c7fb51829ba...b73cb986740e466292a536d0e32e2666c56fdeb3) --- updated-dependencies: - dependency-name: geekyeggo/delete-artifact dependency-type: direct:production ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 2ca339184..2e73dbbb6 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -177,7 +177,7 @@ jobs: version: v0.14.0 image: kindest/node:v1.21.12 - - uses: geekyeggo/delete-artifact@a6ab43859c960a8b74cbc6291f362c7fb51829ba # v1 + - uses: geekyeggo/delete-artifact@b73cb986740e466292a536d0e32e2666c56fdeb3 # v1 with: name: docker.tar.gz failOnError: false @@ -228,7 +228,7 @@ jobs: config: test/e2e/kind.yaml image: kindest/node:${{ matrix.k8s }} - - uses: geekyeggo/delete-artifact@a6ab43859c960a8b74cbc6291f362c7fb51829ba # v1 + - uses: geekyeggo/delete-artifact@b73cb986740e466292a536d0e32e2666c56fdeb3 # v1 with: name: docker.tar.gz failOnError: false @@ -285,7 +285,7 @@ jobs: config: test/e2e/kind.yaml image: kindest/node:${{ matrix.k8s }} - - uses: geekyeggo/delete-artifact@a6ab43859c960a8b74cbc6291f362c7fb51829ba + - uses: geekyeggo/delete-artifact@b73cb986740e466292a536d0e32e2666c56fdeb3 with: name: docker.tar.gz failOnError: false From 21fab45e9d3ac1609290c53a52748ecaa638b6e6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 22 Aug 2022 15:24:09 -0700 Subject: [PATCH 005/166] Bump securego/gosec (#8952) Bumps [securego/gosec](https://github.com/securego/gosec) from b99b5f7838e43a4104354ad92a6a1774302ee1f9 to 2.13.1. This release includes the previously tagged commit. - [Release notes](https://github.com/securego/gosec/releases) - [Changelog](https://github.com/securego/gosec/blob/master/.goreleaser.yml) - [Commits](https://github.com/securego/gosec/compare/b99b5f7838e43a4104354ad92a6a1774302ee1f9...19fa856badad483cae700ee1213dd7f1a933d6d3) --- updated-dependencies: - dependency-name: securego/gosec dependency-type: direct:production ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 2e73dbbb6..011aa3a5a 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -53,7 +53,7 @@ jobs: uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.2 - name: Run Gosec Security Scanner - uses: securego/gosec@b99b5f7838e43a4104354ad92a6a1774302ee1f9 # master + uses: securego/gosec@19fa856badad483cae700ee1213dd7f1a933d6d3 # master with: # G601 for zz_generated.deepcopy.go # G306 TODO: Expect WriteFile permissions to be 0600 or less From c3fb817985dc0db0ed9b71833c103cc5fb0d2a83 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 22 Aug 2022 15:26:09 -0700 Subject: [PATCH 006/166] Bump aquasecurity/trivy-action from 0.5.1 to 0.7.1 (#8953) Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.5.1 to 0.7.1. - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/0105373003c89c494a3f436bd5efc57f3ac1ca20...d63413b0a4a4482237085319f7f4a1ce99a8f2ac) --- updated-dependencies: - dependency-name: aquasecurity/trivy-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/vulnerability-scans.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/vulnerability-scans.yaml b/.github/workflows/vulnerability-scans.yaml index 284c1def4..633829630 100644 --- a/.github/workflows/vulnerability-scans.yaml +++ b/.github/workflows/vulnerability-scans.yaml @@ -60,7 +60,7 @@ jobs: - name: Scan image with AquaSec/Trivy id: scan - uses: aquasecurity/trivy-action@0105373003c89c494a3f436bd5efc57f3ac1ca20 #v0.5.1 + uses: aquasecurity/trivy-action@d63413b0a4a4482237085319f7f4a1ce99a8f2ac #v0.5.1 with: image-ref: registry.k8s.io/ingress-nginx/controller:${{ matrix.versions }} format: 'sarif' From d7373c91407b11e0b3e4d56c2d37b76afbb72661 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 22 Aug 2022 15:28:08 -0700 Subject: [PATCH 007/166] Bump actions/dependency-review-action from 2.0.4 to 2.1.0 (#8954) Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 2.0.4 to 2.1.0. - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](https://github.com/actions/dependency-review-action/compare/94145f3150bfabdc97540cbd5f7e926306ea7744...23d1ffffb6fa5401173051ec21eba8c35242733f) --- updated-dependencies: - dependency-name: actions/dependency-review-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/depreview.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/depreview.yaml b/.github/workflows/depreview.yaml index 9f32403c5..b16d44681 100644 --- a/.github/workflows/depreview.yaml +++ b/.github/workflows/depreview.yaml @@ -11,4 +11,4 @@ jobs: - name: 'Checkout Repository' uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b #v3.0.2 - name: 'Dependency Review' - uses: actions/dependency-review-action@94145f3150bfabdc97540cbd5f7e926306ea7744 #v2.0.2 + uses: actions/dependency-review-action@23d1ffffb6fa5401173051ec21eba8c35242733f #v2.0.2 From c1b3a5065bf64a441a475ad59fc5eaace4e907e7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 22 Aug 2022 15:30:09 -0700 Subject: [PATCH 008/166] Bump azure/setup-helm from 2.1 to 3.3 (#8956) Bumps [azure/setup-helm](https://github.com/azure/setup-helm) from 2.1 to 3.3. - [Release notes](https://github.com/azure/setup-helm/releases) - [Commits](https://github.com/azure/setup-helm/compare/217bf70cbd2e930ba2e81ba7e1de2f7faecc42ba...b5b231a831f96336bbfeccc1329990f0005c5bb1) --- updated-dependencies: - dependency-name: azure/setup-helm dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 011aa3a5a..d4f9fb4d3 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -234,7 +234,7 @@ jobs: failOnError: false - name: Prepare cluster for testing - uses: azure/setup-helm@217bf70cbd2e930ba2e81ba7e1de2f7faecc42ba #v2.1 + uses: azure/setup-helm@b5b231a831f96336bbfeccc1329990f0005c5bb1 #v2.1 with: version: 'v3.8.0' id: local-path @@ -291,7 +291,7 @@ jobs: failOnError: false - name: Prepare cluster for testing - uses: azure/setup-helm@217bf70cbd2e930ba2e81ba7e1de2f7faecc42ba #v2.1 + uses: azure/setup-helm@b5b231a831f96336bbfeccc1329990f0005c5bb1 #v2.1 with: version: 'v3.8.0' id: local-path From 363a7f7fb23797792628c8064ad910603b47dc35 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 22 Aug 2022 15:32:09 -0700 Subject: [PATCH 009/166] Bump github/codeql-action from 2.1.19 to 2.1.20 (#8957) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.19 to 2.1.20. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/f5d217be74900c6ac8fbbe53f3c10376ba4e64da...7fee4ca032ac341c12486c4c06822c5221c76533) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/scorecards.yml | 2 +- .github/workflows/vulnerability-scans.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 3c7d81687..b045c3fc9 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -57,6 +57,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@f5d217be74900c6ac8fbbe53f3c10376ba4e64da # v2.1.14 + uses: github/codeql-action/upload-sarif@7fee4ca032ac341c12486c4c06822c5221c76533 # v2.1.14 with: sarif_file: results.sarif diff --git a/.github/workflows/vulnerability-scans.yaml b/.github/workflows/vulnerability-scans.yaml index 633829630..ce1840a0a 100644 --- a/.github/workflows/vulnerability-scans.yaml +++ b/.github/workflows/vulnerability-scans.yaml @@ -75,7 +75,7 @@ jobs: # This step checks out a copy of your repository. - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@f5d217be74900c6ac8fbbe53f3c10376ba4e64da + uses: github/codeql-action/upload-sarif@7fee4ca032ac341c12486c4c06822c5221c76533 with: token: ${{ github.token }} # Path to SARIF file relative to the root of the repository From fe09f6d096d3acac25721e29aab0cad25b0b110c Mon Sep 17 00:00:00 2001 From: Christian Date: Tue, 23 Aug 2022 00:38:09 +0200 Subject: [PATCH 010/166] Don't error log when no OCSP responder URL exists (#8881) --- rootfs/etc/nginx/lua/certificate.lua | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/rootfs/etc/nginx/lua/certificate.lua b/rootfs/etc/nginx/lua/certificate.lua index 630462fab..48c8d7134 100644 --- a/rootfs/etc/nginx/lua/certificate.lua +++ b/rootfs/etc/nginx/lua/certificate.lua @@ -120,10 +120,14 @@ end -- While this has no functional implications, it generates extra load on OCSP servers. local function fetch_and_cache_ocsp_response(uid, der_cert) local url, err = ocsp.get_ocsp_responder_from_der_chain(der_cert) - if not url then + if not url and err then ngx.log(ngx.ERR, "could not extract OCSP responder URL: ", err) return end + if not url and not err then + ngx.log(ngx.DEBUG, "no OCSP responder URL returned") + return + end local request request, err = ocsp.create_ocsp_request(der_cert) From 730174f73d8c1c581788f65bac8510c298d6ccd0 Mon Sep 17 00:00:00 2001 From: Jintao Zhang Date: Tue, 23 Aug 2022 06:38:16 +0800 Subject: [PATCH 011/166] feat: using LeaseLock for election (#8921) We removed the use of configmap as an election lock, so we will use the Lease API to complete the election. Before this, we used `MultiLock` to facilitate smooth migration of existing users of ingress-nginx from configmap to LeaseLock. Signed-off-by: Jintao Zhang Signed-off-by: Jintao Zhang --- .../templates/controller-role.yaml | 15 --------------- internal/ingress/controller/status.go | 19 +++++-------------- test/e2e/status/update.go | 6 +++--- 3 files changed, 8 insertions(+), 32 deletions(-) diff --git a/charts/ingress-nginx/templates/controller-role.yaml b/charts/ingress-nginx/templates/controller-role.yaml index 8e5f8a0d7..7a10adb52 100644 --- a/charts/ingress-nginx/templates/controller-role.yaml +++ b/charts/ingress-nginx/templates/controller-role.yaml @@ -58,21 +58,6 @@ rules: - get - list - watch - - apiGroups: - - "" - resources: - - configmaps - resourceNames: - - {{ .Values.controller.electionID }} - verbs: - - get - - update - - apiGroups: - - "" - resources: - - configmaps - verbs: - - create - apiGroups: - coordination.k8s.io resources: diff --git a/internal/ingress/controller/status.go b/internal/ingress/controller/status.go index a56a6b831..3b0a41ab8 100644 --- a/internal/ingress/controller/status.go +++ b/internal/ingress/controller/status.go @@ -99,25 +99,16 @@ func setupLeaderElection(config *leaderElectionConfig) { EventRecorder: recorder, } - // TODO: If we upgrade client-go to v0.24 then we can only use LeaseLock. - // MultiLock is used for lock's migration - lock := resourcelock.MultiLock{ - Primary: &resourcelock.ConfigMapLock{ - ConfigMapMeta: objectMeta, - Client: config.Client.CoreV1(), - LockConfig: resourceLockConfig, - }, - Secondary: &resourcelock.LeaseLock{ - LeaseMeta: objectMeta, - Client: config.Client.CoordinationV1(), - LockConfig: resourceLockConfig, - }, + lock := &resourcelock.LeaseLock{ + LeaseMeta: objectMeta, + Client: config.Client.CoordinationV1(), + LockConfig: resourceLockConfig, } ttl := 30 * time.Second elector, err := leaderelection.NewLeaderElector(leaderelection.LeaderElectionConfig{ - Lock: &lock, + Lock: lock, LeaseDuration: ttl, RenewDeadline: ttl / 2, RetryPeriod: ttl / 4, diff --git a/test/e2e/status/update.go b/test/e2e/status/update.go index b512520f4..c9c6ef333 100644 --- a/test/e2e/status/update.go +++ b/test/e2e/status/update.go @@ -92,10 +92,10 @@ var _ = framework.IngressNginxDescribe("[Status] status update", func() { assert.Nil(ginkgo.GinkgoT(), err, "unexpected error cleaning Ingress status") framework.Sleep(10 * time.Second) - err = f.KubeClientSet.CoreV1(). - ConfigMaps(f.Namespace). + err = f.KubeClientSet.CoordinationV1(). + Leases(f.Namespace). Delete(context.TODO(), "ingress-controller-leader", metav1.DeleteOptions{}) - assert.Nil(ginkgo.GinkgoT(), err, "unexpected error deleting leader election configmap") + assert.Nil(ginkgo.GinkgoT(), err, "unexpected error deleting leader election lease") _, cmd, err = f.KubectlProxy(port) assert.Nil(ginkgo.GinkgoT(), err, "unexpected error starting kubectl proxy") From 1791b62e453846696dc28d65ce082998c6cd09d2 Mon Sep 17 00:00:00 2001 From: Mangirdas Judeikis Date: Tue, 23 Aug 2022 02:08:09 +0300 Subject: [PATCH 012/166] Add NetworkPolicy support (#8928) * Add NetworkPolicy support * add doc for np --- charts/ingress-nginx/README.md | 1 + .../controller-wehbooks-networkpolicy.yaml | 19 +++++++++++++++++++ charts/ingress-nginx/values.yaml | 1 + 3 files changed, 21 insertions(+) create mode 100644 charts/ingress-nginx/templates/controller-wehbooks-networkpolicy.yaml diff --git a/charts/ingress-nginx/README.md b/charts/ingress-nginx/README.md index 212b4f324..d18b3d571 100644 --- a/charts/ingress-nginx/README.md +++ b/charts/ingress-nginx/README.md @@ -249,6 +249,7 @@ Kubernetes: `>=1.20.0-0` | controller.admissionWebhooks.key | string | `"/usr/local/certificates/key"` | | | controller.admissionWebhooks.labels | object | `{}` | Labels to be added to admission webhooks | | controller.admissionWebhooks.namespaceSelector | object | `{}` | | +| controller.admissionWebhooks.networkPolicyEnabled | bool | `false` | | | controller.admissionWebhooks.objectSelector | object | `{}` | | | controller.admissionWebhooks.patch.enabled | bool | `true` | | | controller.admissionWebhooks.patch.fsGroup | int | `2000` | | diff --git a/charts/ingress-nginx/templates/controller-wehbooks-networkpolicy.yaml b/charts/ingress-nginx/templates/controller-wehbooks-networkpolicy.yaml new file mode 100644 index 000000000..f74c2fbf3 --- /dev/null +++ b/charts/ingress-nginx/templates/controller-wehbooks-networkpolicy.yaml @@ -0,0 +1,19 @@ +{{- if .Values.controller.admissionWebhooks.enabled }} +{{- if .Values.controller.admissionWebhooks.networkPolicyEnabled }} + +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: {{ include "ingress-nginx.fullname" . }}-webhooks-allow + namespace: {{ .Release.Namespace }} +spec: + ingress: + - {} + podSelector: + matchLabels: + app.kubernetes.io/name: {{ include "ingress-nginx.name" . }} + policyTypes: + - Ingress + +{{- end }} +{{- end }} diff --git a/charts/ingress-nginx/values.yaml b/charts/ingress-nginx/values.yaml index fed3a5b05..76e3355fe 100644 --- a/charts/ingress-nginx/values.yaml +++ b/charts/ingress-nginx/values.yaml @@ -615,6 +615,7 @@ controller: # -- Use an existing PSP instead of creating one existingPsp: "" + networkPolicyEnabled: false service: annotations: {} From cad575e923a6e7eaae7c0cb5c8d536732517ea54 Mon Sep 17 00:00:00 2001 From: omichels Date: Tue, 23 Aug 2022 01:12:09 +0200 Subject: [PATCH 013/166] securityContext in admission-webhook now configurable e.g. to set seccompProfiles (#8930) * Make securityContext in admission-webhook more configurable e.g. to set seccompProfiles Signed-off-by: Oliver Michels * Make securityContext in admission-webhook more configurable e.g. to set seccompProfiles Signed-off-by: Oliver Michels * Make securityContext in admission-webhook more configurable e.g. to set seccompProfiles Signed-off-by: Oliver Michels * Make securityContext in admission-webhook more configurable e.g. to set seccompProfiles Signed-off-by: Oliver Michels Signed-off-by: Oliver Michels --- charts/ingress-nginx/Chart.yaml | 2 +- charts/ingress-nginx/README.md | 7 ++++--- .../admission-webhooks/job-patch/job-createSecret.yaml | 6 +++--- .../admission-webhooks/job-patch/job-patchWebhook.yaml | 6 +++--- charts/ingress-nginx/values.yaml | 7 +++++-- 5 files changed, 16 insertions(+), 12 deletions(-) diff --git a/charts/ingress-nginx/Chart.yaml b/charts/ingress-nginx/Chart.yaml index 0b5fa4dd1..36df7a3bf 100644 --- a/charts/ingress-nginx/Chart.yaml +++ b/charts/ingress-nginx/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: ingress-nginx # When the version is modified, make sure the artifacthub.io/changes list is updated # Also update CHANGELOG.md -version: 4.2.1 +version: 4.2.2 appVersion: 1.3.0 home: https://github.com/kubernetes/ingress-nginx description: Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer diff --git a/charts/ingress-nginx/README.md b/charts/ingress-nginx/README.md index d18b3d571..a73b71a99 100644 --- a/charts/ingress-nginx/README.md +++ b/charts/ingress-nginx/README.md @@ -2,7 +2,7 @@ [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer -![Version: 4.2.1](https://img.shields.io/badge/Version-4.2.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.3.0](https://img.shields.io/badge/AppVersion-1.3.0-informational?style=flat-square) +![Version: 4.2.2](https://img.shields.io/badge/Version-4.2.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.3.0](https://img.shields.io/badge/AppVersion-1.3.0-informational?style=flat-square) To use, add `ingressClassName: nginx` spec field or the `kubernetes.io/ingress.class: nginx` annotation to your Ingress resources. @@ -252,7 +252,6 @@ Kubernetes: `>=1.20.0-0` | controller.admissionWebhooks.networkPolicyEnabled | bool | `false` | | | controller.admissionWebhooks.objectSelector | object | `{}` | | | controller.admissionWebhooks.patch.enabled | bool | `true` | | -| controller.admissionWebhooks.patch.fsGroup | int | `2000` | | | controller.admissionWebhooks.patch.image.digest | string | `"sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47"` | | | controller.admissionWebhooks.patch.image.image | string | `"ingress-nginx/kube-webhook-certgen"` | | | controller.admissionWebhooks.patch.image.pullPolicy | string | `"IfNotPresent"` | | @@ -262,7 +261,9 @@ Kubernetes: `>=1.20.0-0` | controller.admissionWebhooks.patch.nodeSelector."kubernetes.io/os" | string | `"linux"` | | | controller.admissionWebhooks.patch.podAnnotations | object | `{}` | | | controller.admissionWebhooks.patch.priorityClassName | string | `""` | Provide a priority class name to the webhook patching job | -| controller.admissionWebhooks.patch.runAsUser | int | `2000` | | +| controller.admissionWebhooks.patch.securityContext.fsGroup | int | `2000` | | +| controller.admissionWebhooks.patch.securityContext.runAsNonRoot | bool | `true` | | +| controller.admissionWebhooks.patch.securityContext.runAsUser | int | `2000` | | | controller.admissionWebhooks.patch.tolerations | list | `[]` | | | controller.admissionWebhooks.patchWebhookJob.resources | object | `{}` | | | controller.admissionWebhooks.port | int | `8443` | | diff --git a/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml b/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml index 72c17eae4..7558e0b1a 100644 --- a/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml +++ b/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml @@ -72,8 +72,8 @@ spec: {{- if .Values.controller.admissionWebhooks.patch.tolerations }} tolerations: {{ toYaml .Values.controller.admissionWebhooks.patch.tolerations | nindent 8 }} {{- end }} + {{- if .Values.controller.admissionWebhooks.patch.securityContext }} securityContext: - runAsNonRoot: true - runAsUser: {{ .Values.controller.admissionWebhooks.patch.runAsUser }} - fsGroup: {{ .Values.controller.admissionWebhooks.patch.fsGroup }} + {{- toYaml .Values.controller.admissionWebhooks.patch.securityContext | nindent 8 }} + {{- end }} {{- end }} diff --git a/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml b/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml index 3a1637a64..05282150b 100644 --- a/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml +++ b/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml @@ -74,8 +74,8 @@ spec: {{- if .Values.controller.admissionWebhooks.patch.tolerations }} tolerations: {{ toYaml .Values.controller.admissionWebhooks.patch.tolerations | nindent 8 }} {{- end }} + {{- if .Values.controller.admissionWebhooks.patch.securityContext }} securityContext: - runAsNonRoot: true - runAsUser: {{ .Values.controller.admissionWebhooks.patch.runAsUser }} - fsGroup: {{ .Values.controller.admissionWebhooks.patch.fsGroup }} + {{- toYaml .Values.controller.admissionWebhooks.patch.securityContext | nindent 8 }} + {{- end }} {{- end }} diff --git a/charts/ingress-nginx/values.yaml b/charts/ingress-nginx/values.yaml index 76e3355fe..1889e4901 100644 --- a/charts/ingress-nginx/values.yaml +++ b/charts/ingress-nginx/values.yaml @@ -658,8 +658,11 @@ controller: tolerations: [] # -- Labels to be added to patch job resources labels: {} - runAsUser: 2000 - fsGroup: 2000 + securityContext: + runAsNonRoot: true + runAsUser: 2000 + fsGroup: 2000 + metrics: port: 10254 From 63edd3befd1ec70d9d252efee565befa41487870 Mon Sep 17 00:00:00 2001 From: Edvin N Date: Tue, 23 Aug 2022 01:14:09 +0200 Subject: [PATCH 014/166] Document internal-logger-address cli arg (#8873) Signed-off-by: Edvin Norling Signed-off-by: Edvin Norling --- docs/user-guide/cli-arguments.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/user-guide/cli-arguments.md b/docs/user-guide/cli-arguments.md index ae7c5b3ba..0b710958d 100644 --- a/docs/user-guide/cli-arguments.md +++ b/docs/user-guide/cli-arguments.md @@ -30,6 +30,7 @@ They are set in the container spec of the `ingress-nginx-controller` Deployment | `--https-port` | Port to use for servicing HTTPS traffic. (default 443) | | `--ingress-class` | Name of the ingress class this controller satisfies. The class of an Ingress object is set using the field IngressClassName in Kubernetes clusters version v1.18.0 or higher or the annotation "kubernetes.io/ingress.class" (deprecated). If this parameter is not set, or set to the default value of "nginx", it will handle ingresses with either an empty or "nginx" class name. | | `--ingress-class-by-name` | Define if Ingress Controller should watch for Ingress Class by Name together with Controller Class. (default false) | +| `--internal-logger-address` | Define the internal logger address to use when chroot images is used. (default 127.0.0.1:11514) | | `--kubeconfig` | Path to a kubeconfig file containing authorization and API server information. | | `--log_backtrace_at` | when logging hits line file:N, emit a stack trace (default :0) | | `--log_dir` | If non-empty, write log files in this directory | From adeb84aa38cbccb8dde471ab222b799b7cc439d3 Mon Sep 17 00:00:00 2001 From: Anders Swanson <91502735+anders-swanson@users.noreply.github.com> Date: Mon, 22 Aug 2022 16:20:09 -0700 Subject: [PATCH 015/166] Metrics port name (Helm) (#8665) --- charts/ingress-nginx/templates/controller-daemonset.yaml | 2 +- charts/ingress-nginx/templates/controller-deployment.yaml | 2 +- .../ingress-nginx/templates/controller-service-metrics.yaml | 4 ++-- charts/ingress-nginx/templates/controller-servicemonitor.yaml | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/charts/ingress-nginx/templates/controller-daemonset.yaml b/charts/ingress-nginx/templates/controller-daemonset.yaml index 2dca8e5c1..80c268f7c 100644 --- a/charts/ingress-nginx/templates/controller-daemonset.yaml +++ b/charts/ingress-nginx/templates/controller-daemonset.yaml @@ -114,7 +114,7 @@ spec: {{- end }} {{- end }} {{- if .Values.controller.metrics.enabled }} - - name: metrics + - name: http-metrics containerPort: {{ .Values.controller.metrics.port }} protocol: TCP {{- end }} diff --git a/charts/ingress-nginx/templates/controller-deployment.yaml b/charts/ingress-nginx/templates/controller-deployment.yaml index 5b781f8de..5ad186794 100644 --- a/charts/ingress-nginx/templates/controller-deployment.yaml +++ b/charts/ingress-nginx/templates/controller-deployment.yaml @@ -118,7 +118,7 @@ spec: {{- end }} {{- end }} {{- if .Values.controller.metrics.enabled }} - - name: metrics + - name: http-metrics containerPort: {{ .Values.controller.metrics.port }} protocol: TCP {{- end }} diff --git a/charts/ingress-nginx/templates/controller-service-metrics.yaml b/charts/ingress-nginx/templates/controller-service-metrics.yaml index 0aaf41473..1c1d5bddb 100644 --- a/charts/ingress-nginx/templates/controller-service-metrics.yaml +++ b/charts/ingress-nginx/templates/controller-service-metrics.yaml @@ -31,10 +31,10 @@ spec: externalTrafficPolicy: {{ .Values.controller.metrics.service.externalTrafficPolicy }} {{- end }} ports: - - name: metrics + - name: http-metrics port: {{ .Values.controller.metrics.service.servicePort }} protocol: TCP - targetPort: metrics + targetPort: http-metrics {{- $setNodePorts := (or (eq .Values.controller.metrics.service.type "NodePort") (eq .Values.controller.metrics.service.type "LoadBalancer")) }} {{- if (and $setNodePorts (not (empty .Values.controller.metrics.service.nodePort))) }} nodePort: {{ .Values.controller.metrics.service.nodePort }} diff --git a/charts/ingress-nginx/templates/controller-servicemonitor.yaml b/charts/ingress-nginx/templates/controller-servicemonitor.yaml index 4dbc6da9f..973d36b3e 100644 --- a/charts/ingress-nginx/templates/controller-servicemonitor.yaml +++ b/charts/ingress-nginx/templates/controller-servicemonitor.yaml @@ -14,7 +14,7 @@ metadata: {{- end }} spec: endpoints: - - port: metrics + - port: http-metrics interval: {{ .Values.controller.metrics.serviceMonitor.scrapeInterval }} {{- if .Values.controller.metrics.serviceMonitor.honorLabels }} honorLabels: true From d5893d4a2e0eb9cf16ad1a5c9e93d19c347e6110 Mon Sep 17 00:00:00 2001 From: Zadkiel Aharonian Date: Tue, 23 Aug 2022 01:20:16 +0200 Subject: [PATCH 016/166] fix(controller): typo in catch-all CheckIngress error message (#8905) --- internal/ingress/controller/controller.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/ingress/controller/controller.go b/internal/ingress/controller/controller.go index bba932d16..ab03e5b27 100644 --- a/internal/ingress/controller/controller.go +++ b/internal/ingress/controller/controller.go @@ -265,7 +265,7 @@ func (n *NGINXController) CheckIngress(ing *networking.Ingress) error { } if n.cfg.DisableCatchAll && ing.Spec.DefaultBackend != nil { - return fmt.Errorf("This deployment is trying to create a catch-all ingress while DisableCatchAll flag is set to true. Remove '.spec.backend' or set DisableCatchAll flag to false.") + return fmt.Errorf("This deployment is trying to create a catch-all ingress while DisableCatchAll flag is set to true. Remove '.spec.defaultBackend' or set DisableCatchAll flag to false.") } startRender := time.Now().UnixNano() / 1000000 cfg := n.store.GetBackendConfiguration() From 69318355b167b2cd4eb6a9c90c1fc793200e982c Mon Sep 17 00:00:00 2001 From: Harpreet singh Date: Tue, 23 Aug 2022 07:26:23 +0800 Subject: [PATCH 017/166] Fix defaultServer backend update for Ingress with defaultBackend. (#8825) --- internal/ingress/controller/controller.go | 10 ++++------ test/e2e/ingress/without_host.go | 8 ++++++++ 2 files changed, 12 insertions(+), 6 deletions(-) diff --git a/internal/ingress/controller/controller.go b/internal/ingress/controller/controller.go index ab03e5b27..5287034c6 100644 --- a/internal/ingress/controller/controller.go +++ b/internal/ingress/controller/controller.go @@ -1208,17 +1208,15 @@ func (n *NGINXController) createServers(data []*ingress.Ingress, // use backend specified in Ingress as the default backend for all its rules un = backendUpstream.Name - // special "catch all" case, Ingress with a backend but no rule defLoc := servers[defServerName].Locations[0] - defLoc.Backend = backendUpstream.Name - defLoc.Service = backendUpstream.Service - defLoc.Ingress = ing - if defLoc.IsDefBackend && len(ing.Spec.Rules) == 0 { klog.V(2).Infof("Ingress %q defines a backend but no rule. Using it to configure the catch-all server %q", ingKey, defServerName) defLoc.IsDefBackend = false - + // special "catch all" case, Ingress with a backend but no rule + defLoc.Backend = backendUpstream.Name + defLoc.Service = backendUpstream.Service + defLoc.Ingress = ing // TODO: Redirect and rewrite can affect the catch all behavior, skip for now originalRedirect := defLoc.Redirect originalRewrite := defLoc.Rewrite diff --git a/test/e2e/ingress/without_host.go b/test/e2e/ingress/without_host.go index 6ec7f5bd5..38f89beda 100644 --- a/test/e2e/ingress/without_host.go +++ b/test/e2e/ingress/without_host.go @@ -93,5 +93,13 @@ var _ = framework.IngressNginxDescribe("[Ingress] definition without host", func WithHeader("Host", "only-backend"). Expect(). Status(http.StatusOK) + // Following assertion added with respect to issue https://github.com/kubernetes/ingress-nginx/issues/8823 + // This check ensure that ingress having defaultBackend with rules should only be added as default backend + // for the host mentioned in rule. It should not affect the default catch-all server_name _ block. + f.HTTPTestClient(). + GET("/"). + WithHeader("Host", "only-backend-doesnotexist"). + Expect(). + Status(http.StatusNotFound) }) }) From 45f71d5a164b622e66c54839c6d5e14412a9fc1d Mon Sep 17 00:00:00 2001 From: Ismayil Mirzali Date: Tue, 23 Aug 2022 02:30:28 +0300 Subject: [PATCH 018/166] make keep-alive docs more explicit #8927 (#8944) Signed-off-by: Ismayil Mirzali Signed-off-by: Ismayil Mirzali --- docs/user-guide/nginx-configuration/configmap.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/user-guide/nginx-configuration/configmap.md b/docs/user-guide/nginx-configuration/configmap.md index e5af31cb5..cd25095b0 100755 --- a/docs/user-guide/nginx-configuration/configmap.md +++ b/docs/user-guide/nginx-configuration/configmap.md @@ -431,7 +431,7 @@ Enables or disables the preload attribute in the HSTS feature (when it is enable ## keep-alive -Sets the time during which a keep-alive client connection will stay open on the server side. The zero value disables keep-alive client connections. +Sets the time, in seconds, during which a keep-alive client connection will stay open on the server side. The zero value disables keep-alive client connections. _References:_ [https://nginx.org/en/docs/http/ngx_http_core_module.html#keepalive_timeout](https://nginx.org/en/docs/http/ngx_http_core_module.html#keepalive_timeout) From ffcf13c09b62c9691aaac77a32e21fdef36575e1 Mon Sep 17 00:00:00 2001 From: Jintao Zhang Date: Tue, 23 Aug 2022 15:29:24 +0800 Subject: [PATCH 019/166] revert changes to configmap resource permissions (#8959) Signed-off-by: Jintao Zhang Signed-off-by: Jintao Zhang --- build/run-in-docker.sh | 2 +- charts/ingress-nginx/Chart.yaml | 3 ++- charts/ingress-nginx/README.md | 2 +- .../templates/controller-role.yaml | 20 +++++++++++++++++++ 4 files changed, 24 insertions(+), 3 deletions(-) diff --git a/build/run-in-docker.sh b/build/run-in-docker.sh index 3a1d5a5fa..7fdc20699 100755 --- a/build/run-in-docker.sh +++ b/build/run-in-docker.sh @@ -38,7 +38,7 @@ function cleanup { } trap cleanup EXIT -E2E_IMAGE=${E2E_IMAGE:-registry.k8s.io/ingress-nginx/e2e-test-runner:v20220819-ga98c63787@sha256:608ef1c1e5783e4a0c4fe57d8f85aa30eb0a3d25e5b1492197e8a95382d5e09d} +E2E_IMAGE=${E2E_IMAGE:-registry.k8s.io/ingress-nginx/e2e-test-runner:v20220624-g3348cd71e@sha256:2a34e322b7ff89abdfa0b6202f903bf5618578b699ff609a3ddabac0aae239c8} DOCKER_OPTS=${DOCKER_OPTS:-} DOCKER_IN_DOCKER_ENABLED=${DOCKER_IN_DOCKER_ENABLED:-} diff --git a/charts/ingress-nginx/Chart.yaml b/charts/ingress-nginx/Chart.yaml index 36df7a3bf..8b7f8ca16 100644 --- a/charts/ingress-nginx/Chart.yaml +++ b/charts/ingress-nginx/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: ingress-nginx # When the version is modified, make sure the artifacthub.io/changes list is updated # Also update CHANGELOG.md -version: 4.2.2 +version: 4.2.3 appVersion: 1.3.0 home: https://github.com/kubernetes/ingress-nginx description: Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer @@ -27,3 +27,4 @@ annotations: # https://artifacthub.io/packages/helm/ingress-nginx/ingress-nginx?modal=changelog artifacthub.io/changes: | - "[8896](https://github.com/kubernetes/ingress-nginx/pull/8896) updated to new images built today" + - "fix permissions about configmap" diff --git a/charts/ingress-nginx/README.md b/charts/ingress-nginx/README.md index a73b71a99..8357cab56 100644 --- a/charts/ingress-nginx/README.md +++ b/charts/ingress-nginx/README.md @@ -2,7 +2,7 @@ [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer -![Version: 4.2.2](https://img.shields.io/badge/Version-4.2.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.3.0](https://img.shields.io/badge/AppVersion-1.3.0-informational?style=flat-square) +![Version: 4.2.3](https://img.shields.io/badge/Version-4.2.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.3.0](https://img.shields.io/badge/AppVersion-1.3.0-informational?style=flat-square) To use, add `ingressClassName: nginx` spec field or the `kubernetes.io/ingress.class: nginx` annotation to your Ingress resources. diff --git a/charts/ingress-nginx/templates/controller-role.yaml b/charts/ingress-nginx/templates/controller-role.yaml index 7a10adb52..330be8c86 100644 --- a/charts/ingress-nginx/templates/controller-role.yaml +++ b/charts/ingress-nginx/templates/controller-role.yaml @@ -58,6 +58,26 @@ rules: - get - list - watch + # TODO(Jintao Zhang) + # Once we release a new version of the controller, + # we will be able to remove the configmap related permissions + # We have used the Lease API for selection + # ref: https://github.com/kubernetes/ingress-nginx/pull/8921 + - apiGroups: + - "" + resources: + - configmaps + resourceNames: + - {{ .Values.controller.electionID }} + verbs: + - get + - update + - apiGroups: + - "" + resources: + - configmaps + verbs: + - create - apiGroups: - coordination.k8s.io resources: From e19026fe4eeafcc5ab16c5f73a05de43604b1491 Mon Sep 17 00:00:00 2001 From: Jintao Zhang Date: Tue, 23 Aug 2022 16:05:23 +0800 Subject: [PATCH 020/166] upgrade yamale and yamllint version (#8960) Signed-off-by: Jintao Zhang Signed-off-by: Jintao Zhang --- images/test-runner/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/images/test-runner/Makefile b/images/test-runner/Makefile index 0f2b72bad..7cd0d6251 100644 --- a/images/test-runner/Makefile +++ b/images/test-runner/Makefile @@ -47,8 +47,8 @@ build: ensure-buildx --build-arg LUAROCKS_VERSION=3.8.0 \ --build-arg LUAROCKS_SHA=ab6612ca9ab87c6984871d2712d05525775e8b50172701a0a1cabddf76de2be7 \ --build-arg CHART_TESTING_VERSION=3.0.0 \ - --build-arg YAML_LINT_VERSION=1.13.0 \ - --build-arg YAMALE_VERSION=1.8.0 \ + --build-arg YAML_LINT_VERSION=1.27.1 \ + --build-arg YAMALE_VERSION=4.0.4 \ --build-arg HELM_VERSION=v3.9.0 \ -t $(IMAGE):$(TAG) rootfs From 511f7cd55fb2776927f74c21784798edc56b7d49 Mon Sep 17 00:00:00 2001 From: Long Wu Yuan Date: Wed, 24 Aug 2022 14:28:25 +0530 Subject: [PATCH 021/166] updated to testrunnerimage with updated yamle yamllint (#8967) --- build/run-in-docker.sh | 2 +- test/e2e-image/Makefile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/build/run-in-docker.sh b/build/run-in-docker.sh index 7fdc20699..77e7b7a38 100755 --- a/build/run-in-docker.sh +++ b/build/run-in-docker.sh @@ -38,7 +38,7 @@ function cleanup { } trap cleanup EXIT -E2E_IMAGE=${E2E_IMAGE:-registry.k8s.io/ingress-nginx/e2e-test-runner:v20220624-g3348cd71e@sha256:2a34e322b7ff89abdfa0b6202f903bf5618578b699ff609a3ddabac0aae239c8} +E2E_IMAGE=${E2E_IMAGE:-registry.k8s.io/ingress-nginx/e2e-test-runner:v20220823-ge19026fe4@sha256:038fc60379b6ce9a0134c2ff9134edccad1f8ecbd9c6ebed9660711d05b0ed95} DOCKER_OPTS=${DOCKER_OPTS:-} DOCKER_IN_DOCKER_ENABLED=${DOCKER_IN_DOCKER_ENABLED:-} diff --git a/test/e2e-image/Makefile b/test/e2e-image/Makefile index 47eb1521d..f04307f81 100644 --- a/test/e2e-image/Makefile +++ b/test/e2e-image/Makefile @@ -1,6 +1,6 @@ DIR:=$(shell dirname $(realpath $(firstword $(MAKEFILE_LIST)))) -E2E_BASE_IMAGE="registry.k8s.io/ingress-nginx/e2e-test-runner:v20220819-ga98c63787@sha256:608ef1c1e5783e4a0c4fe57d8f85aa30eb0a3d25e5b1492197e8a95382d5e09d" +E2E_BASE_IMAGE="registry.k8s.io/ingress-nginx/e2e-test-runner:v20220823-ge19026fe4@sha256:038fc60379b6ce9a0134c2ff9134edccad1f8ecbd9c6ebed9660711d05b0ed95" image: echo "..entered Makefile in /test/e2e-image" From f6d04d3e3bb3db11641644962c1a5317cacf6cd8 Mon Sep 17 00:00:00 2001 From: Ismayil Mirzali Date: Wed, 24 Aug 2022 14:54:03 +0300 Subject: [PATCH 022/166] fix: bump k8s dependencies to fix go-restful CVE (#8969) [1] https://nvd.nist.gov/vuln/detail/CVE-2022-1996 [2] https://github.com/kubernetes/ingress-nginx/issues/8745 Signed-off-by: Ismayil Mirzali Signed-off-by: Ismayil Mirzali --- go.mod | 46 +++++++++--------- go.sum | 145 +++++++++++++++++++++++++++++++++++++++------------------ 2 files changed, 123 insertions(+), 68 deletions(-) diff --git a/go.mod b/go.mod index 0dcd77946..ce9ddea9e 100644 --- a/go.mod +++ b/go.mod @@ -25,17 +25,17 @@ require ( github.com/spf13/pflag v1.0.5 github.com/stretchr/testify v1.8.0 github.com/zakjan/cert-chain-resolver v0.0.0-20211122211144-c6b0b792af9a - golang.org/x/crypto v0.0.0-20220214200702-86341886e292 - golang.org/x/net v0.0.0-20220225172249-27dd8689420f + golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd + golang.org/x/net v0.0.0-20220722155237-a158d28d115b google.golang.org/grpc v1.48.0 gopkg.in/go-playground/pool.v3 v3.1.1 gopkg.in/mcuadros/go-syslog.v2 v2.3.0 - k8s.io/api v0.23.6 + k8s.io/api v0.25.0 k8s.io/apiextensions-apiserver v0.23.5 - k8s.io/apimachinery v0.23.6 + k8s.io/apimachinery v0.25.0 k8s.io/apiserver v0.23.5 - k8s.io/cli-runtime v0.23.5 - k8s.io/client-go v0.23.6 + k8s.io/cli-runtime v0.25.0 + k8s.io/client-go v0.25.0 k8s.io/code-generator v0.23.5 k8s.io/component-base v0.23.6 k8s.io/klog/v2 v2.70.1 @@ -45,10 +45,10 @@ require ( ) require ( - cloud.google.com/go v0.81.0 // indirect + cloud.google.com/go v0.97.0 // indirect github.com/Azure/go-autorest v14.2.0+incompatible // indirect - github.com/Azure/go-autorest/autorest v0.11.18 // indirect - github.com/Azure/go-autorest/autorest/adal v0.9.13 // indirect + github.com/Azure/go-autorest/autorest v0.11.27 // indirect + github.com/Azure/go-autorest/autorest/adal v0.9.20 // indirect github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect github.com/Azure/go-autorest/logger v0.2.1 // indirect github.com/Azure/go-autorest/tracing v0.6.0 // indirect @@ -65,27 +65,28 @@ require ( github.com/davecgh/go-spew v1.1.1 // indirect github.com/eapache/queue v1.1.0 // indirect github.com/emicklei/go-restful v2.9.5+incompatible // indirect + github.com/emicklei/go-restful/v3 v3.8.0 // indirect github.com/evanphx/json-patch v4.12.0+incompatible // indirect github.com/fatih/structs v1.0.0 // indirect - github.com/form3tech-oss/jwt-go v3.2.3+incompatible // indirect github.com/fullsailor/pkcs7 v0.0.0-20160414161337-2585af45975b // indirect github.com/go-errors/errors v1.0.1 // indirect - github.com/go-logr/logr v1.2.0 // indirect + github.com/go-logr/logr v1.2.3 // indirect github.com/go-openapi/jsonpointer v0.19.5 // indirect github.com/go-openapi/jsonreference v0.19.5 // indirect github.com/go-openapi/swag v0.19.14 // indirect github.com/godbus/dbus/v5 v5.0.6 // indirect github.com/gogo/protobuf v1.3.2 // indirect + github.com/golang-jwt/jwt/v4 v4.2.0 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect github.com/golang/protobuf v1.5.2 // indirect github.com/gomarkdown/markdown v0.0.0-20210514010506-3b9f47219fe7 // indirect github.com/google/btree v1.0.1 // indirect + github.com/google/gnostic v0.5.7-v3refs // indirect github.com/google/go-cmp v0.5.8 // indirect github.com/google/go-querystring v1.0.0 // indirect github.com/google/gofuzz v1.1.0 // indirect github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect github.com/google/uuid v1.2.0 // indirect - github.com/googleapis/gnostic v0.5.5 // indirect github.com/gorilla/websocket v1.4.2 // indirect github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7 // indirect github.com/imkira/go-interpol v1.0.0 // indirect @@ -100,6 +101,7 @@ require ( github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 // indirect + github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect github.com/ncabatoff/go-seq v0.0.0-20180805175032-b08ef85ed833 // indirect github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417 // indirect github.com/peterbourgon/diskv v2.0.1+incompatible // indirect @@ -112,33 +114,33 @@ require ( github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f // indirect github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect github.com/xeipuuv/gojsonschema v1.1.0 // indirect - github.com/xlab/treeprint v0.0.0-20181112141820-a009c3971eca // indirect + github.com/xlab/treeprint v1.1.0 // indirect github.com/yalp/jsonpath v0.0.0-20180802001716-5cc68e5049a0 // indirect github.com/yudai/gojsondiff v1.0.0 // indirect github.com/yudai/golcs v0.0.0-20170316035057-ecda9a501e82 // indirect go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5 // indirect golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3 // indirect golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b // indirect - golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a // indirect + golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f // indirect golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 // indirect golang.org/x/text v0.3.7 // indirect - golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac // indirect + golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 // indirect golang.org/x/tools v0.1.10 // indirect golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect google.golang.org/appengine v1.6.7 // indirect - google.golang.org/genproto v0.0.0-20210831024726-fe130286e0e2 // indirect + google.golang.org/genproto v0.0.0-20210924002016-3dee208752a0 // indirect google.golang.org/protobuf v1.28.1 // indirect gopkg.in/go-playground/assert.v1 v1.2.1 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c // indirect - k8s.io/kube-openapi v0.0.0-20211115234752-e816edb12b65 // indirect - k8s.io/utils v0.0.0-20211116205334-6203023598ed // indirect + k8s.io/kube-openapi v0.0.0-20220803162953-67bda5d908f1 // indirect + k8s.io/utils v0.0.0-20220728103510-ee6ede2d64ed // indirect moul.io/http2curl v1.0.1-0.20190925090545-5cd742060b0e // indirect - sigs.k8s.io/json v0.0.0-20211020170558-c049b76a60c6 // indirect - sigs.k8s.io/kustomize/api v0.10.1 // indirect - sigs.k8s.io/kustomize/kyaml v0.13.0 // indirect - sigs.k8s.io/structured-merge-diff/v4 v4.2.1 // indirect + sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 // indirect + sigs.k8s.io/kustomize/api v0.12.1 // indirect + sigs.k8s.io/kustomize/kyaml v0.13.9 // indirect + sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect sigs.k8s.io/yaml v1.3.0 // indirect ) diff --git a/go.sum b/go.sum index 4e81b0cd7..fc2d61415 100644 --- a/go.sum +++ b/go.sum @@ -17,8 +17,15 @@ cloud.google.com/go v0.72.0/go.mod h1:M+5Vjvlc2wnp6tjzE102Dw08nGShTscUx2nZMufOKP cloud.google.com/go v0.74.0/go.mod h1:VV1xSbzvo+9QJOxLDaJfTjx5e+MePCpCWwvftOeQmWk= cloud.google.com/go v0.78.0/go.mod h1:QjdrLG0uq+YwhjoVOLsS1t7TW8fs36kLs4XO5R5ECHg= cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb8= -cloud.google.com/go v0.81.0 h1:at8Tk2zUz63cLPR0JPWm5vp77pEZmzxEQBEfRKn1VV8= cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0= +cloud.google.com/go v0.83.0/go.mod h1:Z7MJUsANfY0pYPdw0lbnivPx4/vhy/e2FEkSkF7vAVY= +cloud.google.com/go v0.84.0/go.mod h1:RazrYuxIK6Kb7YrzzhPoLmCVzl7Sup4NrbKPg8KHSUM= +cloud.google.com/go v0.87.0/go.mod h1:TpDYlFy7vuLzZMMZ+B6iRiELaY7z/gJPaqbMx6mlWcY= +cloud.google.com/go v0.90.0/go.mod h1:kRX0mNRHe0e2rC6oNakvwQqzyDmg57xJ+SZU1eT2aDQ= +cloud.google.com/go v0.93.3/go.mod h1:8utlLll2EF5XMAV15woO4lSbWQlk8rer9aLOfLh7+YI= +cloud.google.com/go v0.94.1/go.mod h1:qAlAugsXlC+JWO+Bke5vCtc9ONxjQT3drlTTnAplMW4= +cloud.google.com/go v0.97.0 h1:3DXvAyifywvq64LfkKaMOmkWPS1CikIQdMe2lY9vxU8= +cloud.google.com/go v0.97.0/go.mod h1:GF7l59pYBVlXQIBLx3a761cZ41F9bBH3JUlihCt2Udc= cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE= cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc= @@ -42,14 +49,18 @@ github.com/Azure/go-ansiterm v0.0.0-20210608223527-2377c96fe795/go.mod h1:LmzpDX github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= github.com/Azure/go-autorest v14.2.0+incompatible h1:V5VMDjClD3GiElqLWO7mz2MxNAK/vTfRHdAubSIPRgs= github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= -github.com/Azure/go-autorest/autorest v0.11.18 h1:90Y4srNYrwOtAgVo3ndrQkTYn6kf1Eg/AjTFJ8Is2aM= github.com/Azure/go-autorest/autorest v0.11.18/go.mod h1:dSiJPy22c3u0OtOKDNttNgqpNFY/GeWa7GH/Pz56QRA= -github.com/Azure/go-autorest/autorest/adal v0.9.13 h1:Mp5hbtOePIzM8pJVRa3YLrWWmZtoxRXqUEzCfJt3+/Q= +github.com/Azure/go-autorest/autorest v0.11.27 h1:F3R3q42aWytozkV8ihzcgMO4OA4cuqr3bNlsEuF6//A= +github.com/Azure/go-autorest/autorest v0.11.27/go.mod h1:7l8ybrIdUmGqZMTD0sRtAr8NvbHjfofbf8RSP2q7w7U= github.com/Azure/go-autorest/autorest/adal v0.9.13/go.mod h1:W/MM4U6nLxnIskrw4UwWzlHfGjwUS50aOsc/I3yuU8M= +github.com/Azure/go-autorest/autorest/adal v0.9.18/go.mod h1:XVVeme+LZwABT8K5Lc3hA4nAe8LDBVle26gTrguhhPQ= +github.com/Azure/go-autorest/autorest/adal v0.9.20 h1:gJ3E98kMpFB1MFqQCvA1yFab8vthOeD4VlFRQULxahg= +github.com/Azure/go-autorest/autorest/adal v0.9.20/go.mod h1:XVVeme+LZwABT8K5Lc3hA4nAe8LDBVle26gTrguhhPQ= github.com/Azure/go-autorest/autorest/date v0.3.0 h1:7gUk1U5M/CQbp9WoqinNzJar+8KY+LPI6wiWrP/myHw= github.com/Azure/go-autorest/autorest/date v0.3.0/go.mod h1:BI0uouVdmngYNUzGWeSYnokU+TrmwEsOqdt8Y6sso74= -github.com/Azure/go-autorest/autorest/mocks v0.4.1 h1:K0laFcLE6VLTOwNgSxaGbUcLPuGXlNkbVvq4cW4nIHk= github.com/Azure/go-autorest/autorest/mocks v0.4.1/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k= +github.com/Azure/go-autorest/autorest/mocks v0.4.2 h1:PGN4EDXnuQbojHbU0UWoNvmu9AGVwYHG9/fkDYhtAfw= +github.com/Azure/go-autorest/autorest/mocks v0.4.2/go.mod h1:Vy7OitM9Kei0i1Oj+LvyAWMXJHeKH1MVlzFugfVrmyU= github.com/Azure/go-autorest/logger v0.2.1 h1:IG7i4p/mDa2Ce4TRyAO8IHnVhAVF3RFU+ZtXWSmf4Tg= github.com/Azure/go-autorest/logger v0.2.1/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8= github.com/Azure/go-autorest/tracing v0.6.0 h1:TYi4+3m5t6K48TGI9AUdb+IzbnSxvnvUMfuitfgcfuo= @@ -77,7 +88,6 @@ github.com/andybalholm/brotli v1.0.4/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHG github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= github.com/antlr/antlr4/runtime/Go/antlr v0.0.0-20210826220005-b48c857c3a0e/go.mod h1:F7bn7fEU90QkQ3tnmaTx3LTKLEDqnwWODIYppRQ5hnY= github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o= -github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY= github.com/armon/go-proxyproto v0.0.0-20210323213023-7e956b284f0a h1:AP/vsCIvJZ129pdm9Ek7bH7yutN3hByqsMoNrWAxRQc= github.com/armon/go-proxyproto v0.0.0-20210323213023-7e956b284f0a/go.mod h1:QmP9hvJ91BbJmGVGSbutW19IC0Q9phDCLGaomwTJbgU= @@ -120,10 +130,8 @@ github.com/cockroachdb/errors v1.2.4/go.mod h1:rQD95gz6FARkaKkQXUksEje/d9a6wBJoC github.com/cockroachdb/logtags v0.0.0-20190617123548-eb05cc24525f/go.mod h1:i/u985jwjWRlyHXQbwatDASoW0RMlZ/3i9yJHE2xLkI= github.com/containerd/console v1.0.3/go.mod h1:7LqA/THxQ86k76b8c/EMSiaJ3h1eZkMkXar0TQ1gf3U= github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= -github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= github.com/coreos/go-oidc v2.1.0+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc= -github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= github.com/coreos/go-systemd/v22 v22.3.2 h1:D9/bQk5vlXQFZ6Kwuu6zaiXJ9oTPe68++AzAJc1DzSI= @@ -152,6 +160,8 @@ github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkg github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= github.com/emicklei/go-restful v2.9.5+incompatible h1:spTtZBk5DYEvbxMVutUuTyh1Ao2r4iyvLdACqsl/Ljk= github.com/emicklei/go-restful v2.9.5+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= +github.com/emicklei/go-restful/v3 v3.8.0 h1:eCZ8ulSerjdAiaNpF7GxXIE7ZCMo1moN1qX+S609eVw= +github.com/emicklei/go-restful/v3 v3.8.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= @@ -161,7 +171,6 @@ github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.m github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ= github.com/envoyproxy/go-control-plane v0.10.2-0.20220325020618-49ff273808a1/go.mod h1:KJwIaB5Mv44NWtYuAOFCVOjcI94vtpEz2JU/D2v6IjE= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= -github.com/evanphx/json-patch v4.11.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/evanphx/json-patch v4.12.0+incompatible h1:4onqiflcdA9EOZ4RxV643DvftH5pOlLGNtQ5lPWQu84= github.com/evanphx/json-patch v4.12.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/fasthttp/websocket v1.4.3-rc.6 h1:omHqsl8j+KXpmzRjF8bmzOSYJ8GnS0E3efi1wYT+niY= @@ -171,7 +180,6 @@ github.com/fatih/structs v1.0.0 h1:BrX964Rv5uQ3wwS+KRUAJCBBw5PQmgJfJ6v4yly5QwU= github.com/fatih/structs v1.0.0/go.mod h1:9NiDSp5zOcgEDl+j00MP/WkGVPOlPRLejGD8Ga6PJ7M= github.com/felixge/httpsnoop v1.0.1/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= -github.com/form3tech-oss/jwt-go v3.2.3+incompatible h1:7ZaBxOI7TMoYBfyA3cQHErNNyAWIKUMIwqxEtgHOs5c= github.com/form3tech-oss/jwt-go v3.2.3+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= github.com/frankban/quicktest v1.11.3/go.mod h1:wRf/ReqHper53s+kmmSZizM8NamnL3IM0I9ntUbOk+k= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= @@ -200,8 +208,9 @@ github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG github.com/go-logfmt/logfmt v0.5.1/go.mod h1:WYhtIu8zTZfxdn5+rREduYbwxfcBr/Vr6KEVveWlfTs= github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas= github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU= -github.com/go-logr/logr v1.2.0 h1:QK40JKJyMdUDz+h+xvCsru/bJhvG0UxvePV0ufL/AcE= github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= +github.com/go-logr/logr v1.2.3 h1:2DntVwHkVopvECVRSlL5PSo9eG+cAkDCuckLubN+rq0= +github.com/go-logr/logr v1.2.3/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/zapr v1.2.0 h1:n4JnPI1T3Qq1SFEi/F8rwLrZERp2bso19PJZDB9dayk= github.com/go-logr/zapr v1.2.0/go.mod h1:Qa4Bsj2Vb+FAVeAKsLD8RLQ+YRJB8YDmOAKxaBQf7Ro= github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= @@ -222,6 +231,9 @@ github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zV github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= +github.com/golang-jwt/jwt/v4 v4.0.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg= +github.com/golang-jwt/jwt/v4 v4.2.0 h1:besgBTC8w8HjP6NzQdxwKH9Z5oQMZ24ThTrHp3cZ8eU= +github.com/golang-jwt/jwt/v4 v4.2.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= github.com/golang/glog v1.0.0/go.mod h1:EWib/APOK0SL3dFbYqvxE3UYd8E6s1ouQ7iEp/0LWV4= github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= @@ -238,6 +250,7 @@ github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4= github.com/golang/mock v1.5.0/go.mod h1:CWnOUgYIOo4TcNZ0wHX3YZCqsaM1I1Jvs6v3mP3KVu8= +github.com/golang/mock v1.6.0/go.mod h1:p6yTPP+5HYm5mzsMV8JkE6ZKdX+/wYM6Hr+LicevLPs= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= @@ -265,6 +278,8 @@ github.com/google/btree v1.0.1 h1:gK4Kx5IaGY9CD5sPJ36FHiBJ6ZXl0kilRiiCj+jdYp4= github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9uaxA= github.com/google/cel-go v0.9.0/go.mod h1:U7ayypeSkw23szu4GaQTPJGx66c20mx8JklMSxrmI1w= github.com/google/cel-spec v0.6.0/go.mod h1:Nwjgxy5CbjlPrtCWjeDjUyKMl8w41YBYGjsyDdqk0xA= +github.com/google/gnostic v0.5.7-v3refs h1:FhTMOKj2VhjpouxvWJAV1TL304uMlb9zcDqkl6cEI54= +github.com/google/gnostic v0.5.7-v3refs/go.mod h1:73MKFl6jIHelAJNaBGFzt3SPtZULs9dYrGFt8OiIsHQ= github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= @@ -287,6 +302,7 @@ github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/ github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= github.com/google/martian/v3 v3.1.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= +github.com/google/martian/v3 v3.2.1/go.mod h1:oBOf6HBosgwRXnUGWUB05QECsc6uvmMiJ3+6W4l/CUk= github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= @@ -298,21 +314,22 @@ github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLe github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= +github.com/google/pprof v0.0.0-20210601050228-01bbb1931b22/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= +github.com/google/pprof v0.0.0-20210609004039-a478d1d731e9/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= +github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ= -github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.2.0 h1:qJYtXnJRWmpe7m/3XlyhrsLrEURqHRM2kxzoxXqyUDs= github.com/google/uuid v1.2.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= +github.com/googleapis/gax-go/v2 v2.1.0/go.mod h1:Q3nei7sK6ybPYH7twZdmQpAd1MKb7pfu6SK+H1/DsU0= github.com/googleapis/gnostic v0.5.1/go.mod h1:6U4PtQXGIEt/Z3h5MAT7FNofLnw9vXk2cUuW7uA/OeU= -github.com/googleapis/gnostic v0.5.5 h1:9fHAtK0uDfpveeqqo1hkEZJcFvYXAiCN3UutL8F9xHw= github.com/googleapis/gnostic v0.5.5/go.mod h1:7+EbHbldMins07ALC74bsA81Ovc97DwqyJO1AENw9kA= github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So= -github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ= github.com/gorilla/websocket v1.4.2 h1:+/TMaTYc4QFitKJxsQ7Yye35DkWvkdLcvGKqM+x0Ufc= github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7 h1:pdN6V1QBWetyv/0+wjACpqVH+eVULgEjkurDLq3goeM= @@ -393,12 +410,10 @@ github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0 github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de h1:9TO3cAIGXtEhnIaL+V+BEER86oLrvS+kWobKpbJuye0= github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de/go.mod h1:zAbeS9B/r2mtpb6U+EI2rYA5OAXxsYw6wTamcNW+zcE= -github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= github.com/magiconair/properties v1.8.5/go.mod h1:y3VJvCyxH9uVvJTWEGAELF3aiYNyPKd5NZ3oSwXrF60= github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= -github.com/mailru/easyjson v0.7.0/go.mod h1:KAzv3t3aY1NaHWoQz1+4F1ccyAH66Jk7yos7ldAVICs= github.com/mailru/easyjson v0.7.6 h1:8yTIVnZgCoiM1TgqoeTl+LfU5Jg6/xL3QhGQnimLYnA= github.com/mailru/easyjson v0.7.6/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= @@ -445,6 +460,7 @@ github.com/moul/pb v0.0.0-20220425114252-bca18df4138c h1:1STmblv9zmHLDpru4dbnf1P github.com/moul/pb v0.0.0-20220425114252-bca18df4138c/go.mod h1:jE2HT8eoucYyUPBFJMreiVlC3KPHkDMtN8wn+ef7Y64= github.com/mrunalp/fileutils v0.5.0/go.mod h1:M1WthSahJixYnrXQl/DFQuteStB1weuxD2QJNHXfbSQ= github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= +github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= @@ -558,24 +574,20 @@ github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTd github.com/spf13/afero v1.6.0/go.mod h1:Ai8FlHk4v/PARR026UzYexafAt9roJ7LcLMAmO6Z93I= github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= -github.com/spf13/cobra v1.0.0/go.mod h1:/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHNrgE= github.com/spf13/cobra v1.1.3/go.mod h1:pGADOWyqRD/YMrPZigI/zbliZ2wVD/23d+is3pSWzOo= github.com/spf13/cobra v1.2.1/go.mod h1:ExllRjgxM/piMAM+3tAZvg8fsklGAf3tPfi+i8t68Nk= github.com/spf13/cobra v1.5.0 h1:X+jTBEBqF0bHN+9cSMgmfuvv2VHJ9ezmFNf9Y/XstYU= github.com/spf13/cobra v1.5.0/go.mod h1:dWXEIy2H428czQCjInthrTRUg7yKbok+2Qi/yBIJoUM= github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo= github.com/spf13/jwalterweatherman v1.1.0/go.mod h1:aNWZUN0dPAAO/Ljvb5BEdw96iTZ0EXowPYD95IqWIGo= -github.com/spf13/pflag v0.0.0-20170130214245-9ff6c6923cff/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= -github.com/spf13/viper v1.4.0/go.mod h1:PTJ7Z/lr49W6bUbkmS1V3by4uWynFiR9p7+dSq/yZzE= github.com/spf13/viper v1.7.0/go.mod h1:8WkrPz2fc9jxqZNCJI/76HCieCp4Q8HaLFoCha5qpdg= github.com/spf13/viper v1.8.1/go.mod h1:o0Pch8wJ9BVSWGQMbra6iw0oQ5oktSIBaujf1rJH9Ns= github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= -github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE= github.com/stretchr/objx v0.4.0 h1:M2gUjqZET1qApGOWNSnZ49BAIMX4F/1plDv3+l31EJ4= github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= github.com/stretchr/testify v1.1.3/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= @@ -592,7 +604,6 @@ github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69 github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= github.com/tmc/grpc-websocket-proxy v0.0.0-20201229170055-e5319fda7802/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= -github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc= github.com/urfave/cli v1.17.1-0.20160602030128-01a33823596e/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA= github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6KllzawFIhcdPw= @@ -610,9 +621,8 @@ github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1: github.com/xeipuuv/gojsonschema v1.1.0 h1:ngVtJC9TY/lg0AA/1k48FYhBrhRoFlEmWzsehpNAaZg= github.com/xeipuuv/gojsonschema v1.1.0/go.mod h1:5yf86TLmAcydyeJq5YvxkGPE2fm/u4myDekKRoLuqhs= github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU= -github.com/xlab/treeprint v0.0.0-20181112141820-a009c3971eca h1:1CFlNzQhALwjS9mBAUkycX616GzgsuYUOCHA5+HSlXI= -github.com/xlab/treeprint v0.0.0-20181112141820-a009c3971eca/go.mod h1:ce1O1j6UtZfjr22oyGxGLbauSBp2YVXpARAosm7dHBg= -github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q= +github.com/xlab/treeprint v1.1.0 h1:G/1DjNkPpfZCFt9CSh6b5/nY4VimlbHF3Rh4obvtzDk= +github.com/xlab/treeprint v1.1.0/go.mod h1:gj5Gd3gPdKtR1ikdDK6fnFLdmIS0X30kTTuNd/WEJu0= github.com/yalp/jsonpath v0.0.0-20180802001716-5cc68e5049a0 h1:6fRhSjgLCkTD3JnJxvaJ4Sj+TYblw757bqYgZaOq5ZY= github.com/yalp/jsonpath v0.0.0-20180802001716-5cc68e5049a0/go.mod h1:/LWChgwKmvncFJFHJ7Gvn9wZArjbV5/FppcK2fKk/tI= github.com/yudai/gojsondiff v1.0.0 h1:27cbfqXLVEJ1o8I6v3y9lg8Ydm53EKqHXAOMxEGlCOA= @@ -683,8 +693,11 @@ golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPh golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a/go.mod h1:P+XmwS30IXTQdn5tA2iutPOUgjI07+tq3H3K9MVA1s8= golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.0.0-20220214200702-86341886e292 h1:f+lwQ+GtmgoY+A2YaQxlSOnDjXcQ7ZRLWOHbC6HtRqE= +golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= +golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220214200702-86341886e292/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= +golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd h1:XcWmESyNjXJMLahc3mqVQJcgSTDxFxhETVlfk9uGc38= +golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -735,7 +748,6 @@ golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190522155817-f3200d17e092/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= @@ -767,6 +779,7 @@ golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc= golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= +golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210510120150-4163338589ed/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= @@ -774,8 +787,9 @@ golang.org/x/net v0.0.0-20210825183410-e898025ed96a/go.mod h1:9nx3DQGgdP8bBQD5qx golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211209124913-491a49abca63/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= -golang.org/x/net v0.0.0-20220225172249-27dd8689420f h1:oA4XRj0qtSt8Yo1Zms0CUlsT3KG69V2UGQWPBxujDmc= golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= +golang.org/x/net v0.0.0-20220722155237-a158d28d115b h1:PxfKdU9lEEDYjdIzOtC4qFWgkU2rGHdKlKowJSMN9h0= +golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -789,6 +803,8 @@ golang.org/x/oauth2 v0.0.0-20210220000619-9bb904979d93/go.mod h1:KelEdhl1UZF7XfJ golang.org/x/oauth2 v0.0.0-20210313182246-cd4f82c27b84/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210402161424-2e8d93401602/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= +golang.org/x/oauth2 v0.0.0-20210628180205-a41e5a781914/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= +golang.org/x/oauth2 v0.0.0-20210805134026-6f1e6394065a/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b h1:clP8eMhB30EHdc0bd2Twtq6kgU7yl5ub2cQLSdrv1Dg= golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc= @@ -866,19 +882,24 @@ golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210514084401-e8d321eab015/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210603125802-9665404d3644/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210823070655-63515b42dcdf/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210831042530-f4d43177bf5e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210906170528-6f6e22806c34/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210908233432-aa78b53d3365/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211116061358-0a5406a5449c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220227234510-4e6760a101f9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a h1:dGzPydgVsqGcTRVwiLJ1jVbufYwmzD3LfVPLKsKg+0k= -golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f h1:v4INt8xihDGvnrfjMDVXGxw9wrfxYyCjk0KbXjhR55s= +golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210615171337-6886f2dfbf5b/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 h1:JGgROgKl9N8DuW20oFS5gxc+lE67/N3FcwmBPMe7ArY= @@ -897,8 +918,9 @@ golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxb golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac h1:7zkz7BUtwNFFqcowJ+RIgu2MaV/MapERkDIy+mwPyjs= golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 h1:vVKdlvoWBphwdxWKrFZEuM0kGgGLxUOYcY4U/2Vjg44= +golang.org/x/time v0.0.0-20220210224613-90d013bbcef8/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= @@ -954,7 +976,10 @@ golang.org/x/tools v0.0.0-20201208233053-a543418bbed2/go.mod h1:emZCQorbCU4vsT4f golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= +golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= +golang.org/x/tools v0.1.3/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= +golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.6-0.20210820212750-d4cc65f0b2ff/go.mod h1:YD9qOF0M9xpSpdWTBbzEl5e/RnCefISl8E5Noe10jFM= golang.org/x/tools v0.1.10 h1:QjFRCZxdOhBJ/UNgnBZLbNV13DlbnK0quyivTnXJM20= @@ -987,6 +1012,13 @@ google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjR google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU= google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94= google.golang.org/api v0.44.0/go.mod h1:EBOGZqzyhtvMDoxwS97ctnh0zUmYY6CxqXsc1AvkYD8= +google.golang.org/api v0.47.0/go.mod h1:Wbvgpq1HddcWVtzsVLyfLp8lDg6AA241LmgIL59tHXo= +google.golang.org/api v0.48.0/go.mod h1:71Pr1vy+TAZRPkPs/xlCf5SsU8WjuAWv1Pfjbtukyy4= +google.golang.org/api v0.50.0/go.mod h1:4bNT5pAuq5ji4SRZm+5QIkjny9JAyVD/3gaSihNefaw= +google.golang.org/api v0.51.0/go.mod h1:t4HdrdoNgyN5cbEfm7Lum0lcLDLiise1F8qDKX00sOU= +google.golang.org/api v0.54.0/go.mod h1:7C4bFFOvVDGXjfDTAsgGwDgAxRDeQ4X8NvUedIt6z3k= +google.golang.org/api v0.55.0/go.mod h1:38yMfeP1kfjsl8isn0tliTjIb1rJXcQi4UXlbqivdVE= +google.golang.org/api v0.57.0/go.mod h1:dVPlbZyBo2/OjBpmvNdpn2GRm6rPy75jyU7bmhdrMgI= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -1038,12 +1070,24 @@ google.golang.org/genproto v0.0.0-20210303154014-9728d6b83eeb/go.mod h1:FWY/as6D google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= +google.golang.org/genproto v0.0.0-20210513213006-bf773b8c8384/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0= -google.golang.org/genproto v0.0.0-20210831024726-fe130286e0e2 h1:NHN4wOCScVzKhPenJ2dt+BTs3X/XkBVI/Rh4iDt55T8= +google.golang.org/genproto v0.0.0-20210604141403-392c879c8b08/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0= +google.golang.org/genproto v0.0.0-20210608205507-b6d2f5bf0d7d/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0= +google.golang.org/genproto v0.0.0-20210624195500-8bfb893ecb84/go.mod h1:SzzZ/N+nwJDaO1kznhnlzqS8ocJICar6hYhVyhi++24= +google.golang.org/genproto v0.0.0-20210713002101-d411969a0d9a/go.mod h1:AxrInvYm1dci+enl5hChSFPOmmUF1+uAa/UsgNRWd7k= +google.golang.org/genproto v0.0.0-20210716133855-ce7ef5c701ea/go.mod h1:AxrInvYm1dci+enl5hChSFPOmmUF1+uAa/UsgNRWd7k= +google.golang.org/genproto v0.0.0-20210728212813-7823e685a01f/go.mod h1:ob2IJxKrgPT52GcgX759i1sleT07tiKowYBGbczaW48= +google.golang.org/genproto v0.0.0-20210805201207-89edb61ffb67/go.mod h1:ob2IJxKrgPT52GcgX759i1sleT07tiKowYBGbczaW48= +google.golang.org/genproto v0.0.0-20210813162853-db860fec028c/go.mod h1:cFeNkxwySK631ADgubI+/XFU/xp8FD5KIVV4rj8UC5w= +google.golang.org/genproto v0.0.0-20210821163610-241b8fcbd6c8/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= +google.golang.org/genproto v0.0.0-20210828152312-66f60bf46e71/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= google.golang.org/genproto v0.0.0-20210831024726-fe130286e0e2/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= +google.golang.org/genproto v0.0.0-20210903162649-d08c68adba83/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= +google.golang.org/genproto v0.0.0-20210924002016-3dee208752a0 h1:5Tbluzus3QxoAJx4IefGt1W0HQZW4nuMrVk684jI74Q= +google.golang.org/genproto v0.0.0-20210924002016-3dee208752a0/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= -google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= @@ -1062,10 +1106,14 @@ google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAG google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= google.golang.org/grpc v1.36.1/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= google.golang.org/grpc v1.37.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= +google.golang.org/grpc v1.37.1/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= google.golang.org/grpc v1.38.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= +google.golang.org/grpc v1.39.0/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE= +google.golang.org/grpc v1.39.1/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE= google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34= google.golang.org/grpc v1.48.0 h1:rQOsyJ/8+ufEDJd/Gdsz7HG220Mh9HAhFHRGnIjda0w= google.golang.org/grpc v1.48.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk= +google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= @@ -1131,26 +1179,28 @@ honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= k8s.io/api v0.23.5/go.mod h1:Na4XuKng8PXJ2JsploYYrivXrINeTaycCGcYgF91Xm8= -k8s.io/api v0.23.6 h1:yOK34wbYECH4RsJbQ9sfkFK3O7f/DUHRlzFehkqZyVw= k8s.io/api v0.23.6/go.mod h1:1kFaYxGCFHYp3qd6a85DAj/yW8aVD6XLZMqJclkoi9g= +k8s.io/api v0.25.0 h1:H+Q4ma2U/ww0iGB78ijZx6DRByPz6/733jIuFpX70e0= +k8s.io/api v0.25.0/go.mod h1:ttceV1GyV1i1rnmvzT3BST08N6nGt+dudGrquzVQWPk= k8s.io/apiextensions-apiserver v0.23.5 h1:5SKzdXyvIJKu+zbfPc3kCbWpbxi+O+zdmAJBm26UJqI= k8s.io/apiextensions-apiserver v0.23.5/go.mod h1:ntcPWNXS8ZPKN+zTXuzYMeg731CP0heCTl6gYBxLcuQ= k8s.io/apimachinery v0.23.5/go.mod h1:BEuFMMBaIbcOqVIJqNZJXGFTP4W6AycEpb5+m/97hrM= -k8s.io/apimachinery v0.23.6 h1:RH1UweWJkWNTlFx0D8uxOpaU1tjIOvVVWV/bu5b3/NQ= k8s.io/apimachinery v0.23.6/go.mod h1:BEuFMMBaIbcOqVIJqNZJXGFTP4W6AycEpb5+m/97hrM= +k8s.io/apimachinery v0.25.0 h1:MlP0r6+3XbkUG2itd6vp3oxbtdQLQI94fD5gCS+gnoU= +k8s.io/apimachinery v0.25.0/go.mod h1:qMx9eAk0sZQGsXGu86fab8tZdffHbwUfsvzqKn4mfB0= k8s.io/apiserver v0.23.5 h1:2Ly8oUjz5cnZRn1YwYr+aFgDZzUmEVL9RscXbnIeDSE= k8s.io/apiserver v0.23.5/go.mod h1:7wvMtGJ42VRxzgVI7jkbKvMbuCbVbgsWFT7RyXiRNTw= -k8s.io/cli-runtime v0.23.5 h1:Z7XUpGoJZYZB2uNjQfJjMbyDKyVkoBGye62Ap0sWQHY= -k8s.io/cli-runtime v0.23.5/go.mod h1:oY6QDF2qo9xndSq32tqcmRp2UyXssdGrLfjAVymgbx4= +k8s.io/cli-runtime v0.25.0 h1:XBnTc2Fi+w818jcJGzhiJKQuXl8479sZ4FhtV5hVJ1Q= +k8s.io/cli-runtime v0.25.0/go.mod h1:bHOI5ZZInRHhbq12OdUiYZQN8ml8aKZLwQgt9QlLINw= k8s.io/client-go v0.23.5/go.mod h1:flkeinTO1CirYgzMPRWxUCnV0G4Fbu2vLhYCObnt/r4= -k8s.io/client-go v0.23.6 h1:7h4SctDVQAQbkHQnR4Kzi7EyUyvla5G1pFWf4+Od7hQ= k8s.io/client-go v0.23.6/go.mod h1:Umt5icFOMLV/+qbtZ3PR0D+JA6lvvb3syzodv4irpK4= +k8s.io/client-go v0.25.0 h1:CVWIaCETLMBNiTUta3d5nzRbXvY5Hy9Dpl+VvREpu5E= +k8s.io/client-go v0.25.0/go.mod h1:lxykvypVfKilxhTklov0wz1FoaUZ8X4EwbhS6rpRfN8= k8s.io/code-generator v0.23.5 h1:xn3a6J5pUL49AoH6SPrOFtnB5cvdMl76f/bEY176R3c= k8s.io/code-generator v0.23.5/go.mod h1:S0Q1JVA+kSzTI1oUvbKAxZY/DYbA/ZUb4Uknog12ETk= k8s.io/component-base v0.23.5/go.mod h1:c5Nq44KZyt1aLl0IpHX82fhsn84Sb0jjzwjpcA42bY0= k8s.io/component-base v0.23.6 h1:8dhVZ4VrRcNdV2EGjl8tj8YOHwX6ysgCGMJ2Oyy0NW8= k8s.io/component-base v0.23.6/go.mod h1:FGMPeMrjYu0UZBSAFcfloVDplj9IvU+uRMTOdE23Fj0= -k8s.io/gengo v0.0.0-20200413195148-3a45101e95ac/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c h1:GohjlNKauSai7gN4wsJkeZ3WAJx4Sh+oT/b5IYn5suA= k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE= @@ -1158,12 +1208,13 @@ k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= k8s.io/klog/v2 v2.30.0/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= k8s.io/klog/v2 v2.70.1 h1:7aaoSdahviPmR+XkS7FyxlkkXs6tHISSG03RxleQAVQ= k8s.io/klog/v2 v2.70.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= -k8s.io/kube-openapi v0.0.0-20210421082810-95288971da7e/go.mod h1:vHXdDvt9+2spS2Rx9ql3I8tycm3H9FDfdUoIuKCefvw= -k8s.io/kube-openapi v0.0.0-20211115234752-e816edb12b65 h1:E3J9oCLlaobFUqsjG9DfKbP2BmgwBL2p7pn0A3dG9W4= k8s.io/kube-openapi v0.0.0-20211115234752-e816edb12b65/go.mod h1:sX9MT8g7NVZM5lVL/j8QyCCJe8YSMW30QvGZWaCIDIk= +k8s.io/kube-openapi v0.0.0-20220803162953-67bda5d908f1 h1:MQ8BAZPZlWk3S9K4a9NCkIFQtZShWqoha7snGixVgEA= +k8s.io/kube-openapi v0.0.0-20220803162953-67bda5d908f1/go.mod h1:C/N6wCaBHeBHkHUesQOQy2/MZqGgMAFPqGsGQLdbZBU= k8s.io/utils v0.0.0-20210802155522-efc7438f0176/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= -k8s.io/utils v0.0.0-20211116205334-6203023598ed h1:ck1fRPWPJWsMd8ZRFsWc6mh/zHp5fZ/shhbrgPUxDAE= k8s.io/utils v0.0.0-20211116205334-6203023598ed/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= +k8s.io/utils v0.0.0-20220728103510-ee6ede2d64ed h1:jAne/RjBTyawwAy0utX5eqigAwz/lQhTmy+Hr/Cpue4= +k8s.io/utils v0.0.0-20220728103510-ee6ede2d64ed/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= moul.io/http2curl v1.0.1-0.20190925090545-5cd742060b0e h1:C7q+e9M5nggAvWfVg9Nl66kebKeuJlP3FD58V4RR5wo= moul.io/http2curl v1.0.1-0.20190925090545-5cd742060b0e/go.mod h1:nejbQVfXh96n9dSF6cH3Jsk/QI1Z2oEL7sSI2ifXFNA= pault.ag/go/sniff v0.0.0-20200207005214-cf7e4d167732 h1:SAElp8THCfmBdM+4lmWX5gebiSSkEr7PAYDVF91qpfg= @@ -1174,17 +1225,19 @@ rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.30/go.mod h1:fEO7lRTdivWO2qYVCVG7dEADOMo/MLDCVr8So2g88Uw= sigs.k8s.io/controller-runtime v0.11.2 h1:H5GTxQl0Mc9UjRJhORusqfJCIjBO8UtUxGggCwL1rLA= sigs.k8s.io/controller-runtime v0.11.2/go.mod h1:P6QCzrEjLaZGqHsfd+os7JQ+WFZhvB8MRFsn4dWF7O4= -sigs.k8s.io/json v0.0.0-20211020170558-c049b76a60c6 h1:fD1pz4yfdADVNfFmcP2aBEtudwUQ1AlLnRBALr33v3s= sigs.k8s.io/json v0.0.0-20211020170558-c049b76a60c6/go.mod h1:p4QtZmO4uMYipTQNzagwnNoseA6OxSUutVw05NhYDRs= -sigs.k8s.io/kustomize/api v0.10.1 h1:KgU7hfYoscuqag84kxtzKdEC3mKMb99DPI3a0eaV1d0= -sigs.k8s.io/kustomize/api v0.10.1/go.mod h1:2FigT1QN6xKdcnGS2Ppp1uIWrtWN28Ms8A3OZUZhwr8= -sigs.k8s.io/kustomize/kyaml v0.13.0 h1:9c+ETyNfSrVhxvphs+K2dzT3dh5oVPPEqPOE/cUpScY= -sigs.k8s.io/kustomize/kyaml v0.13.0/go.mod h1:FTJxEZ86ScK184NpGSAQcfEqee0nul8oLCK30D47m4E= +sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 h1:iXTIw73aPyC+oRdyqqvVJuloN1p0AC/kzH07hu3NE+k= +sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= +sigs.k8s.io/kustomize/api v0.12.1 h1:7YM7gW3kYBwtKvoY216ZzY+8hM+lV53LUayghNRJ0vM= +sigs.k8s.io/kustomize/api v0.12.1/go.mod h1:y3JUhimkZkR6sbLNwfJHxvo1TCLwuwm14sCYnkH6S1s= +sigs.k8s.io/kustomize/kyaml v0.13.9 h1:Qz53EAaFFANyNgyOEJbT/yoIHygK40/ZcvU3rgry2Tk= +sigs.k8s.io/kustomize/kyaml v0.13.9/go.mod h1:QsRbD0/KcU+wdk0/L0fIp2KLnohkVzs6fQ85/nOXac4= sigs.k8s.io/mdtoc v1.1.0 h1:q3YtqYzmC2e0hgLXRIOm7/QLuPux1CX3ZHCwlbABxZo= sigs.k8s.io/mdtoc v1.1.0/go.mod h1:QZLVEdHH2iNIR4uHAZyvFRtjloHgVItk8lo/mzCtq3w= sigs.k8s.io/structured-merge-diff/v4 v4.0.2/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw= -sigs.k8s.io/structured-merge-diff/v4 v4.2.1 h1:bKCqE9GvQ5tiVHn5rfn1r+yao3aLQEaLzkkmAkf+A6Y= sigs.k8s.io/structured-merge-diff/v4 v4.2.1/go.mod h1:j/nl6xW8vLS49O8YvXW1ocPhZawJtm+Yrr7PPRQ0Vg4= +sigs.k8s.io/structured-merge-diff/v4 v4.2.3 h1:PRbqxJClWWYMNV1dhaG4NsibJbArud9kFxnAMREiWFE= +sigs.k8s.io/structured-merge-diff/v4 v4.2.3/go.mod h1:qjx8mGObPmV2aSZepjQjbmb2ihdVs8cGKBraizNC69E= sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc= sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo= sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8= From f34769b543153631ad84e70c8eca8c80ae590f20 Mon Sep 17 00:00:00 2001 From: Long Wu Yuan Date: Wed, 24 Aug 2022 19:42:04 +0530 Subject: [PATCH 023/166] added note on digitalocean annotations (#8966) --- docs/deploy/index.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/deploy/index.md b/docs/deploy/index.md index 502e46dda..d5bd5c90d 100644 --- a/docs/deploy/index.md +++ b/docs/deploy/index.md @@ -299,6 +299,8 @@ More information with regard to Azure annotations for ingress controller can be ```console kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.3.0/deploy/static/provider/do/deploy.yaml ``` +- By default the service object of the ingress-nginx-controller for Digital-Ocean, only configures one annotation. Its this one `service.beta.kubernetes.io/do-loadbalancer-enable-proxy-protocol: "true"`. While this makes the service functional, it was reported that the Digital-Ocean LoadBalancer graphs shows `no data`, unless a few other annotations are also configured. Some of these other annotations require values that can not be generic and hence not forced in a out-of-the-box installation. These annotations and a discussion on them is well documented in [this issue](https://github.com/kubernetes/ingress-nginx/issues/8965). Please refer to the issue to add annotations, with values specific to user, to get graphs of the DO-LB populated with data. + #### Scaleway From a171d3f0f2bde9a7658bf9ef0fed50033eb446bf Mon Sep 17 00:00:00 2001 From: James Strong Date: Wed, 24 Aug 2022 22:20:05 -0400 Subject: [PATCH 024/166] adding cve finding and adding release-notes to PR template (#8916) * adding cve finding and adding release-notes to PR template Signed-off-by: James Strong * update cve report with verbiage around open CVEs and not disclosures Signed-off-by: James Strong * fix then assignees Signed-off-by: James Strong Signed-off-by: James Strong --- .github/ISSUE_TEMPLATE/cve_report.md | 20 +++++++++++++ .github/ISSUE_TEMPLATE/feature_request.md | 2 -- .github/PULL_REQUEST_TEMPLATE.md | 36 ++++++++++++++++++++++- 3 files changed, 55 insertions(+), 3 deletions(-) create mode 100644 .github/ISSUE_TEMPLATE/cve_report.md diff --git a/.github/ISSUE_TEMPLATE/cve_report.md b/.github/ISSUE_TEMPLATE/cve_report.md new file mode 100644 index 000000000..b5ecf7ecf --- /dev/null +++ b/.github/ISSUE_TEMPLATE/cve_report.md @@ -0,0 +1,20 @@ +--- +name: CVE Finding Report +about: CVE reporting for ingress-nginx +title: '' +labels: kind/bug +assignees: + - strongjz + - rikatz +--- + + + + + + + + + + diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md index 73df4d20b..0e892d626 100644 --- a/.github/ISSUE_TEMPLATE/feature_request.md +++ b/.github/ISSUE_TEMPLATE/feature_request.md @@ -15,8 +15,6 @@ The announcement in the dev mailing list is here https://groups.google.com/a/kub Thank you, Ingress-Nginx maintainer - - --> diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md index 9bc455303..a14cc7004 100644 --- a/.github/PULL_REQUEST_TEMPLATE.md +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -9,6 +9,7 @@ - [ ] Bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds functionality) +- [ ] CVE Report (Scanner found CVE and adding report) - [ ] Breaking change (fix or feature that would cause existing functionality to change) - [ ] Documentation only @@ -30,5 +31,38 @@ fixes # - [ ] My change requires a change to the documentation. - [ ] I have updated the documentation accordingly. - [ ] I've read the [CONTRIBUTION](https://github.com/kubernetes/ingress-nginx/blob/main/CONTRIBUTING.md) guide -- [ ] I have added tests to cover my changes. +- [ ] I have added unit and/or e2e tests to cover my changes. - [ ] All new and existing tests passed. +- [ ] Added Release Notes. + +## Does my pull request need a release note? +Any user-visible or operator-visible change qualifies for a release note. This could be a: + +- CLI change +- API change +- UI change +- configuration schema change +- behavioral change +- change in non-functional attributes such as efficiency or availability, availability of a new platform +- a warning about a deprecation +- fix of a previous Known Issue +- fix of a vulnerability (CVE) + +No release notes are required for changes to the following: + +- Tests +- Build infrastructure +- Fixes for unreleased bugs + +For more tips on writing good release notes, check out the [Release Notes Handbook](https://github.com/kubernetes/sig-release/tree/master/release-team/role-handbooks/release-notes) + + +```release-note +PLACE RELEASE NOTES HERE +``` From 9b298987466ec8e38426f56f609ac0c559b80772 Mon Sep 17 00:00:00 2001 From: Ismayil Mirzali Date: Fri, 26 Aug 2022 14:36:25 +0300 Subject: [PATCH 025/166] Update apiserver to 0.25 to remove v2 go-restful (#8976) Signed-off-by: Ismayil Mirzali Signed-off-by: Ismayil Mirzali --- go.mod | 14 ++++++-------- go.sum | 30 +++++++++++++++--------------- 2 files changed, 21 insertions(+), 23 deletions(-) diff --git a/go.mod b/go.mod index ce9ddea9e..68162fe5f 100644 --- a/go.mod +++ b/go.mod @@ -33,11 +33,11 @@ require ( k8s.io/api v0.25.0 k8s.io/apiextensions-apiserver v0.23.5 k8s.io/apimachinery v0.25.0 - k8s.io/apiserver v0.23.5 + k8s.io/apiserver v0.25.0 k8s.io/cli-runtime v0.25.0 k8s.io/client-go v0.25.0 k8s.io/code-generator v0.23.5 - k8s.io/component-base v0.23.6 + k8s.io/component-base v0.25.0 k8s.io/klog/v2 v2.70.1 pault.ag/go/sniff v0.0.0-20200207005214-cf7e4d167732 sigs.k8s.io/controller-runtime v0.11.2 @@ -58,13 +58,12 @@ require ( github.com/ajg/form v1.5.1 // indirect github.com/andybalholm/brotli v1.0.4 // indirect github.com/beorn7/perks v1.0.1 // indirect - github.com/blang/semver v3.5.1+incompatible // indirect + github.com/blang/semver/v4 v4.0.0 // indirect github.com/cespare/xxhash/v2 v2.1.2 // indirect github.com/coreos/go-systemd/v22 v22.3.2 // indirect github.com/cyphar/filepath-securejoin v0.2.3 // indirect github.com/davecgh/go-spew v1.1.1 // indirect github.com/eapache/queue v1.1.0 // indirect - github.com/emicklei/go-restful v2.9.5+incompatible // indirect github.com/emicklei/go-restful/v3 v3.8.0 // indirect github.com/evanphx/json-patch v4.12.0+incompatible // indirect github.com/fatih/structs v1.0.0 // indirect @@ -119,16 +118,15 @@ require ( github.com/yudai/gojsondiff v1.0.0 // indirect github.com/yudai/golcs v0.0.0-20170316035057-ecda9a501e82 // indirect go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5 // indirect - golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3 // indirect + golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 // indirect golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b // indirect golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f // indirect golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 // indirect golang.org/x/text v0.3.7 // indirect golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 // indirect - golang.org/x/tools v0.1.10 // indirect - golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect + golang.org/x/tools v0.1.12 // indirect google.golang.org/appengine v1.6.7 // indirect - google.golang.org/genproto v0.0.0-20210924002016-3dee208752a0 // indirect + google.golang.org/genproto v0.0.0-20220502173005-c8bf987b8c21 // indirect google.golang.org/protobuf v1.28.1 // indirect gopkg.in/go-playground/assert.v1 v1.2.1 // indirect gopkg.in/inf.v0 v0.9.1 // indirect diff --git a/go.sum b/go.sum index fc2d61415..b9dcee78f 100644 --- a/go.sum +++ b/go.sum @@ -102,8 +102,9 @@ github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6r github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs= github.com/bketelsen/crypt v0.0.3-0.20200106085610-5cbc8cc4026c/go.mod h1:MKsuJmJgSg28kpZDP6UIiPt0e0Oz0kqKNGyRaWEPv84= github.com/bketelsen/crypt v0.0.4/go.mod h1:aI6NrJ0pMGgvZKL1iVgXLnfIFJtfV+bKCoqOes/6LfM= -github.com/blang/semver v3.5.1+incompatible h1:cQNTCjp13qL8KC3Nbxr/y2Bqb63oX6wdnnjpJbkM4JQ= github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk= +github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM= +github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/certifi/gocertifi v0.0.0-20191021191039-0944d244cd40/go.mod h1:sGbDF6GwGcLpkNXPUTkMRoywsNa/ol15pxFe6ERfguA= github.com/certifi/gocertifi v0.0.0-20200922220541-2c3bb06c6054/go.mod h1:sGbDF6GwGcLpkNXPUTkMRoywsNa/ol15pxFe6ERfguA= @@ -158,7 +159,6 @@ github.com/eapache/queue v1.1.0 h1:YOEu7KNc61ntiQlcEeUIoDTJ2o8mQznoNvUhiigpIqc= github.com/eapache/queue v1.1.0/go.mod h1:6eCeP0CKFpHLu8blIFXhExK/dRa7WDZfr6jVFPTqq+I= github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc= github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= -github.com/emicklei/go-restful v2.9.5+incompatible h1:spTtZBk5DYEvbxMVutUuTyh1Ao2r4iyvLdACqsl/Ljk= github.com/emicklei/go-restful v2.9.5+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= github.com/emicklei/go-restful/v3 v3.8.0 h1:eCZ8ulSerjdAiaNpF7GxXIE7ZCMo1moN1qX+S609eVw= github.com/emicklei/go-restful/v3 v3.8.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= @@ -211,8 +211,8 @@ github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTg github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.2.3 h1:2DntVwHkVopvECVRSlL5PSo9eG+cAkDCuckLubN+rq0= github.com/go-logr/logr v1.2.3/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= -github.com/go-logr/zapr v1.2.0 h1:n4JnPI1T3Qq1SFEi/F8rwLrZERp2bso19PJZDB9dayk= github.com/go-logr/zapr v1.2.0/go.mod h1:Qa4Bsj2Vb+FAVeAKsLD8RLQ+YRJB8YDmOAKxaBQf7Ro= +github.com/go-logr/zapr v1.2.3 h1:a9vnzlIBPQBBkeaR9IuMUfmVOrQlkoC4YfPoFkX3T7A= github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= github.com/go-openapi/jsonpointer v0.19.5 h1:gZr+CIYByUqjcgeLXnQu2gHYQC9o73G2XUeOFYEICuY= github.com/go-openapi/jsonpointer v0.19.5/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= @@ -733,8 +733,8 @@ golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3 h1:kQgndtyPBW/JIYERgdxfwMYh3AVStj88WQTlNDi2a+o= -golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3/go.mod h1:3p9vT2HGsQu2K1YbXdKPJLVgG5VJdoTa1poYQBtP1AY= +golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 h1:6zppjxzCulZykYSLyVDYbneBfbaBIQPYMevg0bEwv2s= +golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -982,12 +982,11 @@ golang.org/x/tools v0.1.3/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.6-0.20210820212750-d4cc65f0b2ff/go.mod h1:YD9qOF0M9xpSpdWTBbzEl5e/RnCefISl8E5Noe10jFM= -golang.org/x/tools v0.1.10 h1:QjFRCZxdOhBJ/UNgnBZLbNV13DlbnK0quyivTnXJM20= -golang.org/x/tools v0.1.10/go.mod h1:Uh6Zz+xoGYZom868N8YTex3t7RhtHDBrE8Gzo9bV56E= +golang.org/x/tools v0.1.12 h1:VveCTK38A2rkS8ZqFY25HIDFscX5X9OoEhJd3quQmXU= +golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= gomodules.xyz/jsonpatch/v2 v2.2.0 h1:4pT439QV83L+G9FkcCriY6EkpcK6r6bK+A5FBUMI7qY= google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= @@ -1084,8 +1083,9 @@ google.golang.org/genproto v0.0.0-20210821163610-241b8fcbd6c8/go.mod h1:eFjDcFEc google.golang.org/genproto v0.0.0-20210828152312-66f60bf46e71/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= google.golang.org/genproto v0.0.0-20210831024726-fe130286e0e2/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= google.golang.org/genproto v0.0.0-20210903162649-d08c68adba83/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= -google.golang.org/genproto v0.0.0-20210924002016-3dee208752a0 h1:5Tbluzus3QxoAJx4IefGt1W0HQZW4nuMrVk684jI74Q= google.golang.org/genproto v0.0.0-20210924002016-3dee208752a0/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= +google.golang.org/genproto v0.0.0-20220502173005-c8bf987b8c21 h1:hrbNEivu7Zn1pxvHk6MBrq9iE22woVILTHqexqBxe6I= +google.golang.org/genproto v0.0.0-20220502173005-c8bf987b8c21/go.mod h1:RAyBrSAP7Fh3Nc84ghnVLDPuV51xc9agzmm4Ph6i0Q4= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= @@ -1111,6 +1111,7 @@ google.golang.org/grpc v1.38.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQ google.golang.org/grpc v1.39.0/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE= google.golang.org/grpc v1.39.1/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE= google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34= +google.golang.org/grpc v1.46.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk= google.golang.org/grpc v1.48.0 h1:rQOsyJ/8+ufEDJd/Gdsz7HG220Mh9HAhFHRGnIjda0w= google.golang.org/grpc v1.48.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk= google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw= @@ -1127,6 +1128,7 @@ google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlba google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= +google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= google.golang.org/protobuf v1.28.1 h1:d0NfwRgPtno5B1Wa6L2DAG+KivqkdutMf1UhdNx175w= google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= @@ -1179,28 +1181,26 @@ honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= k8s.io/api v0.23.5/go.mod h1:Na4XuKng8PXJ2JsploYYrivXrINeTaycCGcYgF91Xm8= -k8s.io/api v0.23.6/go.mod h1:1kFaYxGCFHYp3qd6a85DAj/yW8aVD6XLZMqJclkoi9g= k8s.io/api v0.25.0 h1:H+Q4ma2U/ww0iGB78ijZx6DRByPz6/733jIuFpX70e0= k8s.io/api v0.25.0/go.mod h1:ttceV1GyV1i1rnmvzT3BST08N6nGt+dudGrquzVQWPk= k8s.io/apiextensions-apiserver v0.23.5 h1:5SKzdXyvIJKu+zbfPc3kCbWpbxi+O+zdmAJBm26UJqI= k8s.io/apiextensions-apiserver v0.23.5/go.mod h1:ntcPWNXS8ZPKN+zTXuzYMeg731CP0heCTl6gYBxLcuQ= k8s.io/apimachinery v0.23.5/go.mod h1:BEuFMMBaIbcOqVIJqNZJXGFTP4W6AycEpb5+m/97hrM= -k8s.io/apimachinery v0.23.6/go.mod h1:BEuFMMBaIbcOqVIJqNZJXGFTP4W6AycEpb5+m/97hrM= k8s.io/apimachinery v0.25.0 h1:MlP0r6+3XbkUG2itd6vp3oxbtdQLQI94fD5gCS+gnoU= k8s.io/apimachinery v0.25.0/go.mod h1:qMx9eAk0sZQGsXGu86fab8tZdffHbwUfsvzqKn4mfB0= -k8s.io/apiserver v0.23.5 h1:2Ly8oUjz5cnZRn1YwYr+aFgDZzUmEVL9RscXbnIeDSE= k8s.io/apiserver v0.23.5/go.mod h1:7wvMtGJ42VRxzgVI7jkbKvMbuCbVbgsWFT7RyXiRNTw= +k8s.io/apiserver v0.25.0 h1:8kl2ifbNffD440MyvHtPaIz1mw4mGKVgWqM0nL+oyu4= +k8s.io/apiserver v0.25.0/go.mod h1:BKwsE+PTC+aZK+6OJQDPr0v6uS91/HWxX7evElAH6xo= k8s.io/cli-runtime v0.25.0 h1:XBnTc2Fi+w818jcJGzhiJKQuXl8479sZ4FhtV5hVJ1Q= k8s.io/cli-runtime v0.25.0/go.mod h1:bHOI5ZZInRHhbq12OdUiYZQN8ml8aKZLwQgt9QlLINw= k8s.io/client-go v0.23.5/go.mod h1:flkeinTO1CirYgzMPRWxUCnV0G4Fbu2vLhYCObnt/r4= -k8s.io/client-go v0.23.6/go.mod h1:Umt5icFOMLV/+qbtZ3PR0D+JA6lvvb3syzodv4irpK4= k8s.io/client-go v0.25.0 h1:CVWIaCETLMBNiTUta3d5nzRbXvY5Hy9Dpl+VvREpu5E= k8s.io/client-go v0.25.0/go.mod h1:lxykvypVfKilxhTklov0wz1FoaUZ8X4EwbhS6rpRfN8= k8s.io/code-generator v0.23.5 h1:xn3a6J5pUL49AoH6SPrOFtnB5cvdMl76f/bEY176R3c= k8s.io/code-generator v0.23.5/go.mod h1:S0Q1JVA+kSzTI1oUvbKAxZY/DYbA/ZUb4Uknog12ETk= k8s.io/component-base v0.23.5/go.mod h1:c5Nq44KZyt1aLl0IpHX82fhsn84Sb0jjzwjpcA42bY0= -k8s.io/component-base v0.23.6 h1:8dhVZ4VrRcNdV2EGjl8tj8YOHwX6ysgCGMJ2Oyy0NW8= -k8s.io/component-base v0.23.6/go.mod h1:FGMPeMrjYu0UZBSAFcfloVDplj9IvU+uRMTOdE23Fj0= +k8s.io/component-base v0.25.0 h1:haVKlLkPCFZhkcqB6WCvpVxftrg6+FK5x1ZuaIDaQ5Y= +k8s.io/component-base v0.25.0/go.mod h1:F2Sumv9CnbBlqrpdf7rKZTmmd2meJq0HizeyY/yAFxk= k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c h1:GohjlNKauSai7gN4wsJkeZ3WAJx4Sh+oT/b5IYn5suA= k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE= From 26bc6e4e502de26af6471e06625c9e3f733fd917 Mon Sep 17 00:00:00 2001 From: Ismayil Mirzali Date: Fri, 26 Aug 2022 19:22:25 +0300 Subject: [PATCH 026/166] bump Golang to 1.19 #8932 (#8970) * fix: convert to LF line endings Signed-off-by: Ismayil Mirzali * Pin exact Go bugfix versions for CI jobs Signed-off-by: Ismayil Mirzali * Bump go.mod and Dockerfiles to Go 1.19.0 Signed-off-by: Ismayil Mirzali Signed-off-by: Ismayil Mirzali --- .github/workflows/ci.yaml | 10 ++-- .github/workflows/plugin.yaml | 2 +- go.mod | 2 +- images/custom-error-pages/rootfs/Dockerfile | 2 +- images/custom-error-pages/rootfs/go.mod | 2 +- .../rootfs/Dockerfile | 2 +- images/ext-auth-example-authsvc/rootfs/go.mod | 2 +- images/kube-webhook-certgen/rootfs/Dockerfile | 58 +++++++++---------- images/kube-webhook-certgen/rootfs/go.mod | 2 +- images/test-runner/Makefile | 2 +- 10 files changed, 42 insertions(+), 42 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index d4f9fb4d3..3c4626166 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -70,11 +70,11 @@ jobs: - name: Checkout uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.2 - - name: Set up Go 1.18 + - name: Set up Go 1.19.0 id: go uses: actions/setup-go@84cbf8094393cdc5fe1fe1671ff2647332956b1a # v3.2.0 with: - go-version: '1.18.2' + go-version: '1.19.0' - name: Set up QEMU uses: docker/setup-qemu-action@8b122486cedac8393e77aa9734c3528886e4a1a8 #v2.0.0 @@ -136,7 +136,7 @@ jobs: - name: Setup Go uses: actions/setup-go@84cbf8094393cdc5fe1fe1671ff2647332956b1a # v3.2.0 with: - go-version: '1.18.2' + go-version: '1.19.0' - name: cache uses: actions/download-artifact@fb598a63ae348fa914e94cd0ff38f362e927b741 # v3 @@ -406,12 +406,12 @@ jobs: version: v0.14.0 image: kindest/node:v1.21.12 - - name: Set up Go 1.18 + - name: Set up Go 1.19.0 id: go if: ${{ steps.filter-images.outputs.kube-webhook-certgen == 'true' }} uses: actions/setup-go@84cbf8094393cdc5fe1fe1671ff2647332956b1a # v3.2.0 with: - go-version: '1.18.2' + go-version: '1.19.0' - name: kube-webhook-certgen image build if: ${{ steps.filter-images.outputs.kube-webhook-certgen == 'true' }} diff --git a/.github/workflows/plugin.yaml b/.github/workflows/plugin.yaml index efc9a6f06..a8af1af9e 100644 --- a/.github/workflows/plugin.yaml +++ b/.github/workflows/plugin.yaml @@ -21,7 +21,7 @@ jobs: - name: Set up Go uses: actions/setup-go@b22fbbc2921299758641fab08929b4ac52b32923 # v3.2.0 with: - go-version: 1.18 + go-version: 1.19.0 - name: Run GoReleaser uses: goreleaser/goreleaser-action@68acf3b1adf004ac9c2f0a4259e85c5f66e99bef # v3.0.0 diff --git a/go.mod b/go.mod index 68162fe5f..1fb3c67a2 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module k8s.io/ingress-nginx -go 1.18 +go 1.19 require ( github.com/armon/go-proxyproto v0.0.0-20210323213023-7e956b284f0a diff --git a/images/custom-error-pages/rootfs/Dockerfile b/images/custom-error-pages/rootfs/Dockerfile index d53228201..513354279 100755 --- a/images/custom-error-pages/rootfs/Dockerfile +++ b/images/custom-error-pages/rootfs/Dockerfile @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM golang:1.18.2-alpine as builder +FROM golang:1.19.0-alpine as builder RUN apk add git WORKDIR /go/src/k8s.io/ingress-nginx/images/custom-error-pages diff --git a/images/custom-error-pages/rootfs/go.mod b/images/custom-error-pages/rootfs/go.mod index 05bd45400..b39db8b20 100644 --- a/images/custom-error-pages/rootfs/go.mod +++ b/images/custom-error-pages/rootfs/go.mod @@ -1,6 +1,6 @@ module k8s.io/ingress-nginx/custom-error-pages -go 1.18 +go 1.19 require github.com/prometheus/client_golang v1.11.0 diff --git a/images/ext-auth-example-authsvc/rootfs/Dockerfile b/images/ext-auth-example-authsvc/rootfs/Dockerfile index 9a52919be..2eb010379 100644 --- a/images/ext-auth-example-authsvc/rootfs/Dockerfile +++ b/images/ext-auth-example-authsvc/rootfs/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.18.2-alpine3.15 as builder +FROM golang:1.19.0-alpine3.16 as builder RUN mkdir /authsvc WORKDIR /authsvc COPY . ./ diff --git a/images/ext-auth-example-authsvc/rootfs/go.mod b/images/ext-auth-example-authsvc/rootfs/go.mod index 052d17d6f..0be630b8b 100644 --- a/images/ext-auth-example-authsvc/rootfs/go.mod +++ b/images/ext-auth-example-authsvc/rootfs/go.mod @@ -1,6 +1,6 @@ module example.com/authsvc -go 1.18 +go 1.19 require k8s.io/apimachinery v0.23.1 diff --git a/images/kube-webhook-certgen/rootfs/Dockerfile b/images/kube-webhook-certgen/rootfs/Dockerfile index 4a60ed2ea..1ed714b56 100644 --- a/images/kube-webhook-certgen/rootfs/Dockerfile +++ b/images/kube-webhook-certgen/rootfs/Dockerfile @@ -1,29 +1,29 @@ -# Copyright 2021 The Kubernetes Authors. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -FROM --platform=$BUILDPLATFORM golang:1.18.2 as builder -ARG BUILDPLATFORM -ARG TARGETARCH - -WORKDIR /workspace -COPY . . -RUN CGO_ENABLED=0 GOOS=linux GOARCH=${TARGETARCH} go build -a -o kube-webhook-certgen main.go - -FROM --platform=$BUILDPLATFORM gcr.io/distroless/static:nonroot -ARG BUILDPLATFORM -ARG TARGETARCH -WORKDIR / -COPY --from=builder /workspace/kube-webhook-certgen /kube-webhook-certgen -USER 65532:65532 -ENTRYPOINT ["/kube-webhook-certgen"] +# Copyright 2021 The Kubernetes Authors. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FROM --platform=$BUILDPLATFORM golang:1.19.0 as builder +ARG BUILDPLATFORM +ARG TARGETARCH + +WORKDIR /workspace +COPY . . +RUN CGO_ENABLED=0 GOOS=linux GOARCH=${TARGETARCH} go build -a -o kube-webhook-certgen main.go + +FROM --platform=$BUILDPLATFORM gcr.io/distroless/static:nonroot +ARG BUILDPLATFORM +ARG TARGETARCH +WORKDIR / +COPY --from=builder /workspace/kube-webhook-certgen /kube-webhook-certgen +USER 65532:65532 +ENTRYPOINT ["/kube-webhook-certgen"] diff --git a/images/kube-webhook-certgen/rootfs/go.mod b/images/kube-webhook-certgen/rootfs/go.mod index 3858ae566..5ac181823 100644 --- a/images/kube-webhook-certgen/rootfs/go.mod +++ b/images/kube-webhook-certgen/rootfs/go.mod @@ -1,6 +1,6 @@ module github.com/jet/kube-webhook-certgen -go 1.18 +go 1.19 require ( github.com/onrik/logrus v0.9.0 diff --git a/images/test-runner/Makefile b/images/test-runner/Makefile index 7cd0d6251..4350deb91 100644 --- a/images/test-runner/Makefile +++ b/images/test-runner/Makefile @@ -39,7 +39,7 @@ build: ensure-buildx --progress=$(PROGRESS) \ --pull \ --build-arg BASE_IMAGE=$(NGINX_BASE_IMAGE) \ - --build-arg GOLANG_VERSION=1.18.2 \ + --build-arg GOLANG_VERSION=1.19.0 \ --build-arg ETCD_VERSION=3.4.3-0 \ --build-arg K8S_RELEASE=v1.24.2 \ --build-arg RESTY_CLI_VERSION=0.27 \ From c6b70ec349cc68a627cdd1f71dd6038ce2a0580f Mon Sep 17 00:00:00 2001 From: Long Wu Yuan Date: Sun, 28 Aug 2022 08:34:37 +0530 Subject: [PATCH 027/166] fixed deprecated ginkgo flags (#8984) --- test/e2e-image/e2e.sh | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/test/e2e-image/e2e.sh b/test/e2e-image/e2e.sh index 3a06871cc..24e52bcde 100755 --- a/test/e2e-image/e2e.sh +++ b/test/e2e-image/e2e.sh @@ -19,17 +19,17 @@ set -e NC='\e[0m' BGREEN='\e[32m' -SLOW_E2E_THRESHOLD=${SLOW_E2E_THRESHOLD:-5} +SLOW_E2E_THRESHOLD=${SLOW_E2E_THRESHOLD:-"5s"} FOCUS=${FOCUS:-.*} E2E_NODES=${E2E_NODES:-5} E2E_CHECK_LEAKS=${E2E_CHECK_LEAKS:-""} ginkgo_args=( - "-randomizeAllSpecs" - "-flakeAttempts=2" - "-failFast" + "-randomize-all" + "-flake-attempts=2" + "-fail-fast" "-progress" - "-slowSpecThreshold=${SLOW_E2E_THRESHOLD}" + "-slow-spec-threshold=${SLOW_E2E_THRESHOLD}" "-succinct" "-timeout=75m" ) From 629cc1439c43f8c8ee21c7a43aed07dcf4b72b07 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 28 Aug 2022 07:24:36 -0700 Subject: [PATCH 028/166] Bump actions/setup-go from 3.2.1 to 3.3.0 (#8981) Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3.2.1 to 3.3.0. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](https://github.com/actions/setup-go/compare/v3.2.1...268d8c0ca0432bb2cf416faae41297df9d262d7f) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci.yaml | 6 +++--- .github/workflows/plugin.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 3c4626166..86ba9af4d 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -72,7 +72,7 @@ jobs: - name: Set up Go 1.19.0 id: go - uses: actions/setup-go@84cbf8094393cdc5fe1fe1671ff2647332956b1a # v3.2.0 + uses: actions/setup-go@268d8c0ca0432bb2cf416faae41297df9d262d7f # v3.2.0 with: go-version: '1.19.0' @@ -134,7 +134,7 @@ jobs: uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.2 - name: Setup Go - uses: actions/setup-go@84cbf8094393cdc5fe1fe1671ff2647332956b1a # v3.2.0 + uses: actions/setup-go@268d8c0ca0432bb2cf416faae41297df9d262d7f # v3.2.0 with: go-version: '1.19.0' @@ -409,7 +409,7 @@ jobs: - name: Set up Go 1.19.0 id: go if: ${{ steps.filter-images.outputs.kube-webhook-certgen == 'true' }} - uses: actions/setup-go@84cbf8094393cdc5fe1fe1671ff2647332956b1a # v3.2.0 + uses: actions/setup-go@268d8c0ca0432bb2cf416faae41297df9d262d7f # v3.2.0 with: go-version: '1.19.0' diff --git a/.github/workflows/plugin.yaml b/.github/workflows/plugin.yaml index a8af1af9e..2f45f70b3 100644 --- a/.github/workflows/plugin.yaml +++ b/.github/workflows/plugin.yaml @@ -19,7 +19,7 @@ jobs: fetch-depth: 0 - name: Set up Go - uses: actions/setup-go@b22fbbc2921299758641fab08929b4ac52b32923 # v3.2.0 + uses: actions/setup-go@268d8c0ca0432bb2cf416faae41297df9d262d7f # v3.2.0 with: go-version: 1.19.0 From 2819c0fdf84337b66b444b1e824d3734afef1e4d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 29 Aug 2022 08:24:38 -0700 Subject: [PATCH 029/166] Bump github.com/opencontainers/runc from 1.1.3 to 1.1.4 (#8992) Bumps [github.com/opencontainers/runc](https://github.com/opencontainers/runc) from 1.1.3 to 1.1.4. - [Release notes](https://github.com/opencontainers/runc/releases) - [Changelog](https://github.com/opencontainers/runc/blob/v1.1.4/CHANGELOG.md) - [Commits](https://github.com/opencontainers/runc/compare/v1.1.3...v1.1.4) --- updated-dependencies: - dependency-name: github.com/opencontainers/runc dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 1fb3c67a2..b9024bab5 100644 --- a/go.mod +++ b/go.mod @@ -16,7 +16,7 @@ require ( github.com/moul/pb v0.0.0-20220425114252-bca18df4138c github.com/ncabatoff/process-exporter v0.7.10 github.com/onsi/ginkgo/v2 v2.1.4 - github.com/opencontainers/runc v1.1.3 + github.com/opencontainers/runc v1.1.4 github.com/pmezard/go-difflib v1.0.0 github.com/prometheus/client_golang v1.13.0 github.com/prometheus/client_model v0.2.0 diff --git a/go.sum b/go.sum index b9dcee78f..18e365ba7 100644 --- a/go.sum +++ b/go.sum @@ -487,8 +487,8 @@ github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1Cpa github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= github.com/onsi/gomega v1.19.0 h1:4ieX6qQjPP/BfC3mpsAtIGGlxTWPeA3Inl/7DtXw1tw= -github.com/opencontainers/runc v1.1.3 h1:vIXrkId+0/J2Ymu2m7VjGvbSlAId9XNRPhn2p4b+d8w= -github.com/opencontainers/runc v1.1.3/go.mod h1:1J5XiS+vdZ3wCyZybsuxXZWGrgSr8fFJHLXuG2PsnNg= +github.com/opencontainers/runc v1.1.4 h1:nRCz/8sKg6K6jgYAFLDlXzPeITBZJyX28DBVhWD+5dg= +github.com/opencontainers/runc v1.1.4/go.mod h1:1J5XiS+vdZ3wCyZybsuxXZWGrgSr8fFJHLXuG2PsnNg= github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417 h1:3snG66yBm59tKhhSPQrQ/0bCrv1LQbKt40LnUPiUxdc= github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/selinux v1.10.0/go.mod h1:2i0OySw99QjzBBQByd1Gr9gSjvuho1lHsJxIJ3gGbJI= From 75cf26e15c496b6932942fd54d89a4ebf36ec67b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 29 Aug 2022 08:36:37 -0700 Subject: [PATCH 030/166] Bump goreleaser/goreleaser-action from 3.0.0 to 3.1.0 (#8986) Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) from 3.0.0 to 3.1.0. - [Release notes](https://github.com/goreleaser/goreleaser-action/releases) - [Commits](https://github.com/goreleaser/goreleaser-action/compare/68acf3b1adf004ac9c2f0a4259e85c5f66e99bef...ff11ca24a9b39f2d36796d1fbd7a4e39c182630a) --- updated-dependencies: - dependency-name: goreleaser/goreleaser-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/plugin.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/plugin.yaml b/.github/workflows/plugin.yaml index 2f45f70b3..86a64a797 100644 --- a/.github/workflows/plugin.yaml +++ b/.github/workflows/plugin.yaml @@ -24,7 +24,7 @@ jobs: go-version: 1.19.0 - name: Run GoReleaser - uses: goreleaser/goreleaser-action@68acf3b1adf004ac9c2f0a4259e85c5f66e99bef # v3.0.0 + uses: goreleaser/goreleaser-action@ff11ca24a9b39f2d36796d1fbd7a4e39c182630a # v3.0.0 with: version: latest args: release --rm-dist From b490eb9a4c1e44b27062db55ecb0550ae081cb12 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 30 Aug 2022 06:07:01 -0700 Subject: [PATCH 031/166] Bump github/codeql-action from 2.1.20 to 2.1.21 (#8982) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.20 to 2.1.21. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/7fee4ca032ac341c12486c4c06822c5221c76533...c7f292ea4f542c473194b33813ccd4c207a6c725) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/scorecards.yml | 2 +- .github/workflows/vulnerability-scans.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index b045c3fc9..d9f3a5792 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -57,6 +57,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@7fee4ca032ac341c12486c4c06822c5221c76533 # v2.1.14 + uses: github/codeql-action/upload-sarif@c7f292ea4f542c473194b33813ccd4c207a6c725 # v2.1.14 with: sarif_file: results.sarif diff --git a/.github/workflows/vulnerability-scans.yaml b/.github/workflows/vulnerability-scans.yaml index ce1840a0a..a4b454d90 100644 --- a/.github/workflows/vulnerability-scans.yaml +++ b/.github/workflows/vulnerability-scans.yaml @@ -75,7 +75,7 @@ jobs: # This step checks out a copy of your repository. - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@7fee4ca032ac341c12486c4c06822c5221c76533 + uses: github/codeql-action/upload-sarif@c7f292ea4f542c473194b33813ccd4c207a6c725 with: token: ${{ github.token }} # Path to SARIF file relative to the root of the repository From 542cfb764b3c96d9fc42648c980a6e1a99e86517 Mon Sep 17 00:00:00 2001 From: Alex <93376818+sashashura@users.noreply.github.com> Date: Thu, 1 Sep 2022 14:33:06 +0100 Subject: [PATCH 032/166] Update plugin.yaml (#9001) Signed-off-by: sashashura <93376818+sashashura@users.noreply.github.com> Signed-off-by: sashashura <93376818+sashashura@users.noreply.github.com> --- .github/workflows/plugin.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/plugin.yaml b/.github/workflows/plugin.yaml index 86a64a797..1d5ee2787 100644 --- a/.github/workflows/plugin.yaml +++ b/.github/workflows/plugin.yaml @@ -9,6 +9,9 @@ on: tags: - "v*" +permissions: + contents: write # for goreleaser/goreleaser-action + jobs: release-plugin: runs-on: ubuntu-latest From 9f4c44398a9fe65b75b5f73377717571f1688acf Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 1 Sep 2022 13:33:45 +0000 Subject: [PATCH 033/166] Bump github/codeql-action from 2.1.21 to 2.1.22 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.21 to 2.1.22. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/c7f292ea4f542c473194b33813ccd4c207a6c725...b398f525a5587552e573b247ac661067fafa920b) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/scorecards.yml | 2 +- .github/workflows/vulnerability-scans.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index d9f3a5792..20961611c 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -57,6 +57,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@c7f292ea4f542c473194b33813ccd4c207a6c725 # v2.1.14 + uses: github/codeql-action/upload-sarif@b398f525a5587552e573b247ac661067fafa920b # v2.1.14 with: sarif_file: results.sarif diff --git a/.github/workflows/vulnerability-scans.yaml b/.github/workflows/vulnerability-scans.yaml index a4b454d90..945c7a935 100644 --- a/.github/workflows/vulnerability-scans.yaml +++ b/.github/workflows/vulnerability-scans.yaml @@ -75,7 +75,7 @@ jobs: # This step checks out a copy of your repository. - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@c7f292ea4f542c473194b33813ccd4c207a6c725 + uses: github/codeql-action/upload-sarif@b398f525a5587552e573b247ac661067fafa920b with: token: ${{ github.token }} # Path to SARIF file relative to the root of the repository From 7791d2b449ea00338c545a9a5e99e347bd6e72e9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 2 Sep 2022 10:52:06 -0700 Subject: [PATCH 034/166] Bump google.golang.org/grpc from 1.48.0 to 1.49.0 (#8991) Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.48.0 to 1.49.0. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](https://github.com/grpc/grpc-go/compare/v1.48.0...v1.49.0) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index b9024bab5..c22d330c4 100644 --- a/go.mod +++ b/go.mod @@ -27,7 +27,7 @@ require ( github.com/zakjan/cert-chain-resolver v0.0.0-20211122211144-c6b0b792af9a golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd golang.org/x/net v0.0.0-20220722155237-a158d28d115b - google.golang.org/grpc v1.48.0 + google.golang.org/grpc v1.49.0 gopkg.in/go-playground/pool.v3 v3.1.1 gopkg.in/mcuadros/go-syslog.v2 v2.3.0 k8s.io/api v0.25.0 diff --git a/go.sum b/go.sum index 18e365ba7..0fc0f1b2f 100644 --- a/go.sum +++ b/go.sum @@ -1112,8 +1112,8 @@ google.golang.org/grpc v1.39.0/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnD google.golang.org/grpc v1.39.1/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE= google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34= google.golang.org/grpc v1.46.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk= -google.golang.org/grpc v1.48.0 h1:rQOsyJ/8+ufEDJd/Gdsz7HG220Mh9HAhFHRGnIjda0w= -google.golang.org/grpc v1.48.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk= +google.golang.org/grpc v1.49.0 h1:WTLtQzmQori5FUH25Pq4WT22oCsv8USpQ+F6rqtsmxw= +google.golang.org/grpc v1.49.0/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCDK+GI= google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= From ce3afda3207dac4d66a5666278dd77355a43670e Mon Sep 17 00:00:00 2001 From: James Strong Date: Fri, 2 Sep 2022 13:55:31 -0400 Subject: [PATCH 035/166] start 1.3.1 release Signed-off-by: James Strong --- TAG | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/TAG b/TAG index 18fa8e74f..757407982 100644 --- a/TAG +++ b/TAG @@ -1 +1 @@ -v1.3.0 +v1.3.1 From 6a83cddb0367a70754d96336f4dd7d96398fb25d Mon Sep 17 00:00:00 2001 From: sreelakshminarayananm <111572162+sreelakshminarayananm@users.noreply.github.com> Date: Fri, 2 Sep 2022 23:30:07 +0530 Subject: [PATCH 036/166] issue:8739 fix doc issue (#9006) Signed-off-by: sreelakshminarayananm Signed-off-by: sreelakshminarayananm --- docs/deploy/baremetal.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/docs/deploy/baremetal.md b/docs/deploy/baremetal.md index 55288c322..7d8076147 100644 --- a/docs/deploy/baremetal.md +++ b/docs/deploy/baremetal.md @@ -30,7 +30,8 @@ the traffic for the `ingress-nginx` Service IP. See [Traffic policies][metallb-t yourself by reading the official documentation thoroughly. MetalLB can be deployed either with a simple Kubernetes manifest or with Helm. The rest of this example assumes MetalLB -was deployed following the [Installation][metallb-install] instructions. +was deployed following the [Installation][metallb-install] instructions, and that the NGINX Ingress controller was installed +using the steps described in the [quickstart section of the installation guide][install-quickstart]. MetalLB requires a pool of IP addresses in order to be able to take ownership of the `ingress-nginx` Service. This pool can be defined through `IPAddressPool` objects in the same namespace as the MetalLB controller. This pool of IPs **must** be dedicated to MetalLB's use, you can't reuse the Kubernetes node IPs or IPs handed out by a DHCP server. @@ -257,6 +258,7 @@ for generating redirect URLs that take into account the URL used by external cli ``` [install-baremetal]: ./index.md#bare-metal +[install-quickstart]: ./index.md#quick-start [nodeport-def]: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport [nodeport-nat]: https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-type-nodeport [pod-assign]: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ From 96dc9401d4e5afec6aa989e37ec5591783531737 Mon Sep 17 00:00:00 2001 From: James Strong Date: Fri, 2 Sep 2022 14:48:35 -0400 Subject: [PATCH 037/166] Fix cloud build git error (#9012) * testing the fix Signed-off-by: James Strong * revert 1.3.1 while we fix the build Signed-off-by: James Strong Signed-off-by: James Strong --- TAG | 2 +- build/build.sh | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/TAG b/TAG index 757407982..18fa8e74f 100644 --- a/TAG +++ b/TAG @@ -1 +1 @@ -v1.3.1 +v1.3.0 diff --git a/build/build.sh b/build/build.sh index 3b51d665e..88d53d654 100755 --- a/build/build.sh +++ b/build/build.sh @@ -49,7 +49,8 @@ echo "Building targets for ${ARCH}, generated targets in ${TARGETS_DIR} director echo "Building ${PKG}/cmd/nginx" -git config --add safe.directory /go/src/k8s.io/ingress-nginx +git config --global --add safe.directory /go/src/k8s.io/ingress-nginx + ${GO_BUILD_CMD} \ -trimpath -ldflags="-buildid= -w -s \ -X ${PKG}/version.RELEASE=${TAG} \ @@ -74,4 +75,3 @@ ${GO_BUILD_CMD} \ -X ${PKG}/version.COMMIT=${COMMIT_SHA} \ -X ${PKG}/version.REPO=${REPO_INFO}" \ -o "${TARGETS_DIR}/wait-shutdown" "${PKG}/cmd/waitshutdown" - From 92534fa2ae799b502882c8684db13a25cde68155 Mon Sep 17 00:00:00 2001 From: James Strong Date: Fri, 2 Sep 2022 14:58:46 -0400 Subject: [PATCH 038/166] 1.3.1 for real (#9013) Signed-off-by: James Strong Signed-off-by: James Strong --- TAG | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/TAG b/TAG index 18fa8e74f..757407982 100644 --- a/TAG +++ b/TAG @@ -1 +1 @@ -v1.3.0 +v1.3.1 From bfd44ab83e022cc977c39b747505e77f92171fd2 Mon Sep 17 00:00:00 2001 From: Ricardo Katz Date: Sun, 4 Sep 2022 20:22:36 -0300 Subject: [PATCH 039/166] Add v1.25 test and reduce amount of e2e tests (#9018) --- .github/workflows/ci.yaml | 16 ++++++++-------- build/build.sh | 2 +- rootfs/chroot.sh | 1 + test/e2e/settings/pod_security_policy.go | 17 ++++++++++++++++- .../e2e/settings/pod_security_policy_volumes.go | 17 ++++++++++++++++- 5 files changed, 42 insertions(+), 11 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 86ba9af4d..d469ae959 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -174,8 +174,8 @@ jobs: id: kind uses: engineerd/setup-kind@aa272fe2a7309878ffc2a81c56cfe3ef108ae7d0 #v0.5.0 with: - version: v0.14.0 - image: kindest/node:v1.21.12 + version: v0.15.0 + image: kindest/node:v1.25.0 - uses: geekyeggo/delete-artifact@b73cb986740e466292a536d0e32e2666c56fdeb3 # v1 with: @@ -208,7 +208,7 @@ jobs: strategy: matrix: - k8s: [v1.21.2, v1.22.9, v1.23.6, v1.24.0] + k8s: [v1.23.10, v1.24.4, v1.25.0] steps: @@ -224,7 +224,7 @@ jobs: id: kind uses: engineerd/setup-kind@aa272fe2a7309878ffc2a81c56cfe3ef108ae7d0 #v0.5.0 with: - version: v0.14.0 + version: v0.15.0 config: test/e2e/kind.yaml image: kindest/node:${{ matrix.k8s }} @@ -265,7 +265,7 @@ jobs: strategy: matrix: - k8s: [v1.21.10, v1.22.9, v1.23.6, v1.24.0] + k8s: [v1.24.4, v1.25.0] steps: @@ -281,7 +281,7 @@ jobs: id: kind uses: engineerd/setup-kind@aa272fe2a7309878ffc2a81c56cfe3ef108ae7d0 #v0.5.0 with: - version: v0.14.0 + version: v0.15.0 config: test/e2e/kind.yaml image: kindest/node:${{ matrix.k8s }} @@ -403,8 +403,8 @@ jobs: if: ${{ steps.filter-images.outputs.kube-webhook-certgen == 'true' }} uses: engineerd/setup-kind@aa272fe2a7309878ffc2a81c56cfe3ef108ae7d0 #v0.5.0 with: - version: v0.14.0 - image: kindest/node:v1.21.12 + version: v0.15.0 + image: kindest/node:v1.25.0 - name: Set up Go 1.19.0 id: go diff --git a/build/build.sh b/build/build.sh index 88d53d654..c0372bc25 100755 --- a/build/build.sh +++ b/build/build.sh @@ -49,7 +49,7 @@ echo "Building targets for ${ARCH}, generated targets in ${TARGETS_DIR} director echo "Building ${PKG}/cmd/nginx" -git config --global --add safe.directory /go/src/k8s.io/ingress-nginx +git config --add safe.directory /go/src/k8s.io/ingress-nginx ${GO_BUILD_CMD} \ -trimpath -ldflags="-buildid= -w -s \ diff --git a/rootfs/chroot.sh b/rootfs/chroot.sh index 9f3cbd804..3f64aa63f 100755 --- a/rootfs/chroot.sh +++ b/rootfs/chroot.sh @@ -40,6 +40,7 @@ for dir in "${writeDirs[@]}"; do chown -R www-data.www-data ${dir}; done + mkdir -p /chroot/lib /chroot/proc /chroot/usr /chroot/bin /chroot/dev /chroot/run cp /etc/passwd /etc/group /chroot/etc/ cp -a /usr/* /chroot/usr/ diff --git a/test/e2e/settings/pod_security_policy.go b/test/e2e/settings/pod_security_policy.go index 0e0300829..b21fb870e 100644 --- a/test/e2e/settings/pod_security_policy.go +++ b/test/e2e/settings/pod_security_policy.go @@ -19,6 +19,7 @@ package settings import ( "context" "net/http" + "strconv" "strings" "github.com/onsi/ginkgo/v2" @@ -41,8 +42,22 @@ var _ = framework.IngressNginxDescribe("[Security] Pod Security Policies", func( f := framework.NewDefaultFramework("pod-security-policies") ginkgo.It("should be running with a Pod Security Policy", func() { + k8sversion, err := f.KubeClientSet.Discovery().ServerVersion() + if err != nil { + assert.Nil(ginkgo.GinkgoT(), err, "getting version") + } + + numversion, err := strconv.Atoi(k8sversion.Minor) + if err != nil { + assert.Nil(ginkgo.GinkgoT(), err, "converting version") + } + + if numversion > 24 { + ginkgo.Skip("PSP not supported in this version") + } + psp := createPodSecurityPolicy() - _, err := f.KubeClientSet.PolicyV1beta1().PodSecurityPolicies().Create(context.TODO(), psp, metav1.CreateOptions{}) + _, err = f.KubeClientSet.PolicyV1beta1().PodSecurityPolicies().Create(context.TODO(), psp, metav1.CreateOptions{}) if !k8sErrors.IsAlreadyExists(err) { assert.Nil(ginkgo.GinkgoT(), err, "creating Pod Security Policy") } diff --git a/test/e2e/settings/pod_security_policy_volumes.go b/test/e2e/settings/pod_security_policy_volumes.go index 8af74ea60..dd4df3bd9 100644 --- a/test/e2e/settings/pod_security_policy_volumes.go +++ b/test/e2e/settings/pod_security_policy_volumes.go @@ -19,6 +19,7 @@ package settings import ( "context" "net/http" + "strconv" "strings" "github.com/onsi/ginkgo/v2" @@ -37,8 +38,22 @@ var _ = framework.IngressNginxDescribe("[Security] Pod Security Policies with vo f := framework.NewDefaultFramework("pod-security-policies-volumes") ginkgo.It("should be running with a Pod Security Policy", func() { + + k8sversion, err := f.KubeClientSet.Discovery().ServerVersion() + if err != nil { + assert.Nil(ginkgo.GinkgoT(), err, "getting version") + } + + numversion, err := strconv.Atoi(k8sversion.Minor) + if err != nil { + assert.Nil(ginkgo.GinkgoT(), err, "converting version") + } + + if numversion > 24 { + ginkgo.Skip("PSP not supported in this version") + } psp := createPodSecurityPolicy() - _, err := f.KubeClientSet.PolicyV1beta1().PodSecurityPolicies().Create(context.TODO(), psp, metav1.CreateOptions{}) + _, err = f.KubeClientSet.PolicyV1beta1().PodSecurityPolicies().Create(context.TODO(), psp, metav1.CreateOptions{}) if !k8sErrors.IsAlreadyExists(err) { assert.Nil(ginkgo.GinkgoT(), err, "creating Pod Security Policy") } From 79a311d3be07e039382cac49f16509e126dc2e87 Mon Sep 17 00:00:00 2001 From: "qilong.qiu" Date: Mon, 5 Sep 2022 09:28:36 +0800 Subject: [PATCH 040/166] Bump chart testing from 3.0.0 to 3.7.0 (#9000) --- images/test-runner/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/test-runner/Makefile b/images/test-runner/Makefile index 4350deb91..ad888e5c7 100644 --- a/images/test-runner/Makefile +++ b/images/test-runner/Makefile @@ -46,7 +46,7 @@ build: ensure-buildx --build-arg RESTY_CLI_SHA=e5f4f3128af49ba5c4d039d0554e5ae91bbe05866f60eccfa96d3653274bff90 \ --build-arg LUAROCKS_VERSION=3.8.0 \ --build-arg LUAROCKS_SHA=ab6612ca9ab87c6984871d2712d05525775e8b50172701a0a1cabddf76de2be7 \ - --build-arg CHART_TESTING_VERSION=3.0.0 \ + --build-arg CHART_TESTING_VERSION=3.7.0 \ --build-arg YAML_LINT_VERSION=1.27.1 \ --build-arg YAMALE_VERSION=4.0.4 \ --build-arg HELM_VERSION=v3.9.0 \ From 12c9f009310b8885ea5568ed2feb3508abada01e Mon Sep 17 00:00:00 2001 From: Amim Knabben Date: Mon, 5 Sep 2022 08:02:36 -0300 Subject: [PATCH 041/166] Adding a simpler interface for the HTTP request library. (#8862) --- go.mod | 20 +- go.sum | 56 +--- test/e2e/annotations/affinitymode.go | 4 +- test/e2e/defaultbackend/default_backend.go | 11 +- test/e2e/framework/framework.go | 41 +-- test/e2e/framework/httpexpect/README.md | 1 + test/e2e/framework/httpexpect/array.go | 36 +++ test/e2e/framework/httpexpect/chain.go | 54 ++++ test/e2e/framework/httpexpect/cookie.go | 29 ++ test/e2e/framework/httpexpect/match.go | 37 +++ test/e2e/framework/httpexpect/object.go | 111 +++++++ test/e2e/framework/httpexpect/reporter.go | 48 +++ test/e2e/framework/httpexpect/request.go | 176 +++++++++++ test/e2e/framework/httpexpect/response.go | 273 ++++++++++++++++++ test/e2e/framework/httpexpect/string.go | 120 ++++++++ test/e2e/framework/httpexpect/value.go | 33 +++ .../servicebackend/service_externalname.go | 3 +- .../settings/disable_service_external_name.go | 3 +- 18 files changed, 954 insertions(+), 102 deletions(-) create mode 100644 test/e2e/framework/httpexpect/README.md create mode 100644 test/e2e/framework/httpexpect/array.go create mode 100644 test/e2e/framework/httpexpect/chain.go create mode 100644 test/e2e/framework/httpexpect/cookie.go create mode 100644 test/e2e/framework/httpexpect/match.go create mode 100644 test/e2e/framework/httpexpect/object.go create mode 100644 test/e2e/framework/httpexpect/reporter.go create mode 100644 test/e2e/framework/httpexpect/request.go create mode 100644 test/e2e/framework/httpexpect/response.go create mode 100644 test/e2e/framework/httpexpect/string.go create mode 100644 test/e2e/framework/httpexpect/value.go diff --git a/go.mod b/go.mod index c22d330c4..2c220232e 100644 --- a/go.mod +++ b/go.mod @@ -6,7 +6,6 @@ require ( github.com/armon/go-proxyproto v0.0.0-20210323213023-7e956b284f0a github.com/eapache/channels v1.1.0 github.com/fsnotify/fsnotify v1.5.4 - github.com/gavv/httpexpect/v2 v2.3.1 github.com/imdario/mergo v0.3.13 github.com/json-iterator/go v1.1.12 github.com/kylelemons/godebug v1.1.0 @@ -24,6 +23,7 @@ require ( github.com/spf13/cobra v1.5.0 github.com/spf13/pflag v1.0.5 github.com/stretchr/testify v1.8.0 + github.com/yudai/gojsondiff v1.0.0 github.com/zakjan/cert-chain-resolver v0.0.0-20211122211144-c6b0b792af9a golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd golang.org/x/net v0.0.0-20220722155237-a158d28d115b @@ -55,8 +55,6 @@ require ( github.com/BurntSushi/toml v0.3.1 // indirect github.com/PuerkitoBio/purell v1.1.1 // indirect github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 // indirect - github.com/ajg/form v1.5.1 // indirect - github.com/andybalholm/brotli v1.0.4 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/blang/semver/v4 v4.0.0 // indirect github.com/cespare/xxhash/v2 v2.1.2 // indirect @@ -66,13 +64,13 @@ require ( github.com/eapache/queue v1.1.0 // indirect github.com/emicklei/go-restful/v3 v3.8.0 // indirect github.com/evanphx/json-patch v4.12.0+incompatible // indirect - github.com/fatih/structs v1.0.0 // indirect github.com/fullsailor/pkcs7 v0.0.0-20160414161337-2585af45975b // indirect github.com/go-errors/errors v1.0.1 // indirect github.com/go-logr/logr v1.2.3 // indirect github.com/go-openapi/jsonpointer v0.19.5 // indirect github.com/go-openapi/jsonreference v0.19.5 // indirect github.com/go-openapi/swag v0.19.14 // indirect + github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 // indirect github.com/godbus/dbus/v5 v5.0.6 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/golang-jwt/jwt/v4 v4.2.0 // indirect @@ -82,16 +80,13 @@ require ( github.com/google/btree v1.0.1 // indirect github.com/google/gnostic v0.5.7-v3refs // indirect github.com/google/go-cmp v0.5.8 // indirect - github.com/google/go-querystring v1.0.0 // indirect github.com/google/gofuzz v1.1.0 // indirect + github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 // indirect github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect github.com/google/uuid v1.2.0 // indirect - github.com/gorilla/websocket v1.4.2 // indirect github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7 // indirect - github.com/imkira/go-interpol v1.0.0 // indirect github.com/inconshreveable/mousetrap v1.0.0 // indirect github.com/josharian/intern v1.0.0 // indirect - github.com/klauspost/compress v1.15.7 // indirect github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect github.com/mailru/easyjson v0.7.6 // indirect github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 // indirect @@ -108,15 +103,9 @@ require ( github.com/prometheus/procfs v0.8.0 // indirect github.com/sergi/go-diff v1.1.0 // indirect github.com/sirupsen/logrus v1.8.1 // indirect - github.com/valyala/bytebufferpool v1.0.0 // indirect - github.com/valyala/fasthttp v1.38.0 // indirect - github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f // indirect - github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect - github.com/xeipuuv/gojsonschema v1.1.0 // indirect github.com/xlab/treeprint v1.1.0 // indirect - github.com/yalp/jsonpath v0.0.0-20180802001716-5cc68e5049a0 // indirect - github.com/yudai/gojsondiff v1.0.0 // indirect github.com/yudai/golcs v0.0.0-20170316035057-ecda9a501e82 // indirect + github.com/yudai/pp v2.0.1+incompatible // indirect go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5 // indirect golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 // indirect golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b // indirect @@ -135,7 +124,6 @@ require ( k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c // indirect k8s.io/kube-openapi v0.0.0-20220803162953-67bda5d908f1 // indirect k8s.io/utils v0.0.0-20220728103510-ee6ede2d64ed // indirect - moul.io/http2curl v1.0.1-0.20190925090545-5cd742060b0e // indirect sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 // indirect sigs.k8s.io/kustomize/api v0.12.1 // indirect sigs.k8s.io/kustomize/kyaml v0.13.9 // indirect diff --git a/go.sum b/go.sum index 0fc0f1b2f..92f966d6f 100644 --- a/go.sum +++ b/go.sum @@ -75,16 +75,11 @@ github.com/PuerkitoBio/purell v1.1.1 h1:WEQqlqaGbrPkxLJWfBwQmfEAE1Z7ONdDLqrN38tN github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 h1:d+Bc7a5rLufV/sSk/8dngufqelfh6jnri85riMAaF/M= github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE= -github.com/ajg/form v1.5.1 h1:t9c7v8JUKu/XxOGBU0yjNpaMloxGEJhUkqFRq0ibGeU= -github.com/ajg/form v1.5.1/go.mod h1:uL1WgH+h2mgNtvBq0339dVnzXdBETtL2LeUXaIv25UY= github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho= -github.com/andybalholm/brotli v1.0.2/go.mod h1:loMXtMfwqflxFJPmdbJO0a3KNoPuLBgiu3qAvBg8x/Y= -github.com/andybalholm/brotli v1.0.4 h1:V7DdXeJtZscaqfNuAdSRuRFzuiKlHSC/Zh3zl9qY3JY= -github.com/andybalholm/brotli v1.0.4/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig= github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= github.com/antlr/antlr4/runtime/Go/antlr v0.0.0-20210826220005-b48c857c3a0e/go.mod h1:F7bn7fEU90QkQ3tnmaTx3LTKLEDqnwWODIYppRQ5hnY= github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o= @@ -173,11 +168,7 @@ github.com/envoyproxy/go-control-plane v0.10.2-0.20220325020618-49ff273808a1/go. github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= github.com/evanphx/json-patch v4.12.0+incompatible h1:4onqiflcdA9EOZ4RxV643DvftH5pOlLGNtQ5lPWQu84= github.com/evanphx/json-patch v4.12.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= -github.com/fasthttp/websocket v1.4.3-rc.6 h1:omHqsl8j+KXpmzRjF8bmzOSYJ8GnS0E3efi1wYT+niY= -github.com/fasthttp/websocket v1.4.3-rc.6/go.mod h1:43W9OM2T8FeXpCWMsBd9Cb7nE2CACNqNvCqQCoty/Lc= github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= -github.com/fatih/structs v1.0.0 h1:BrX964Rv5uQ3wwS+KRUAJCBBw5PQmgJfJ6v4yly5QwU= -github.com/fatih/structs v1.0.0/go.mod h1:9NiDSp5zOcgEDl+j00MP/WkGVPOlPRLejGD8Ga6PJ7M= github.com/felixge/httpsnoop v1.0.1/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= github.com/form3tech-oss/jwt-go v3.2.3+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= @@ -188,8 +179,6 @@ github.com/fsnotify/fsnotify v1.5.4 h1:jRbGcIw6P2Meqdwuo0H1p6JVLbL5DHKAKlYndzMwV github.com/fsnotify/fsnotify v1.5.4/go.mod h1:OVB6XrOHzAwXMpEM7uPOzcehqUV2UqJxmVXmkdnm1bU= github.com/fullsailor/pkcs7 v0.0.0-20160414161337-2585af45975b h1:074/xhloHUBOpTZwlIzQ28rbPY8pNJvzY7Gcx5KnNOk= github.com/fullsailor/pkcs7 v0.0.0-20160414161337-2585af45975b/go.mod h1:KnogPXtdwXqoenmZCw6S+25EAm2MkxbG0deNDu4cbSA= -github.com/gavv/httpexpect/v2 v2.3.1 h1:sGLlKMn8AuHS9ztK9Sb7AJ7OxIL8v2PcLdyxfKt1Fo4= -github.com/gavv/httpexpect/v2 v2.3.1/go.mod h1:yOE8m/aqFYQDNrgprMeXgq4YynfN9h1NgcE1+1suV64= github.com/getkin/kin-openapi v0.76.0/go.mod h1:660oXbgy5JFMKreazJaQTw7o+X00qeSyhcnluiMv+Xg= github.com/getsentry/raven-go v0.2.0/go.mod h1:KungGk8q33+aIAZUIVWZDr2OfAEBsO49PX4NzFV5kcQ= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= @@ -223,6 +212,8 @@ github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh github.com/go-openapi/swag v0.19.14 h1:gm3vOOXfiuw5i9p5N9xJvfjvuofpyvLA9Wr6QfK5Fng= github.com/go-openapi/swag v0.19.14/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= +github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 h1:p104kn46Q8WdvHunIJ9dAyjPVtrBPhSr3KT2yUst43I= +github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE= github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/godbus/dbus/v5 v5.0.6 h1:mkgN1ofwASrYnJ5W6U/BxG15eXXXjirgZc7CLqkcaro= github.com/godbus/dbus/v5 v5.0.6/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= @@ -294,8 +285,6 @@ github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/ github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.8 h1:e6P7q2lk1O+qJJb4BtCQXlK8vWEO8V1ZeuEdJNOqZyg= github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= -github.com/google/go-querystring v1.0.0 h1:Xkwi/a1rcvNg1PPYe5vI8GbeBY/jrVuDX5ASuANWTrk= -github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.1.0 h1:Hsa8mG0dQ46ij8Sl2AYJDUv1oA9/d6Vk+3LG99Oe02g= github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= @@ -316,6 +305,7 @@ github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLe github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210601050228-01bbb1931b22/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210609004039-a478d1d731e9/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= +github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 h1:K6RDEckDVWvDI9JAJYCmNdQXq6neHJOYx3V6jnqNEec= github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4= @@ -330,7 +320,6 @@ github.com/googleapis/gnostic v0.5.1/go.mod h1:6U4PtQXGIEt/Z3h5MAT7FNofLnw9vXk2c github.com/googleapis/gnostic v0.5.5/go.mod h1:7+EbHbldMins07ALC74bsA81Ovc97DwqyJO1AENw9kA= github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So= -github.com/gorilla/websocket v1.4.2 h1:+/TMaTYc4QFitKJxsQ7Yye35DkWvkdLcvGKqM+x0Ufc= github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7 h1:pdN6V1QBWetyv/0+wjACpqVH+eVULgEjkurDLq3goeM= github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA= @@ -365,8 +354,6 @@ github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1: github.com/imdario/mergo v0.3.5/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= github.com/imdario/mergo v0.3.13 h1:lFzP57bqS/wsqKssCGmtLAb8A0wKjLGrve2q3PPVcBk= github.com/imdario/mergo v0.3.13/go.mod h1:4lJ1jqUDcsbIECGy0RUJAXNIhg+6ocWgb1ALK2O4oXg= -github.com/imkira/go-interpol v1.0.0 h1:HrmLyvOLJyjR0YofMw8QGdCIuYOs4TJUBDNU5sJC09E= -github.com/imkira/go-interpol v1.0.0/go.mod h1:z0h2/2T3XF8kyEPpRgJ3kmNv+C43p+I/CoI+jC3w2iA= github.com/inconshreveable/mousetrap v1.0.0 h1:Z8tu5sraLXCXIcARxBp/8cbvlwVa7Z1NHg9XEKhtSvM= github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo= @@ -384,15 +371,10 @@ github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/X github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU= github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM= -github.com/k0kubun/colorstring v0.0.0-20150214042306-9440f1994b88/go.mod h1:3w7q1U84EfirKl04SVQ/s7nPm1ZPhiXd34z40TNz36k= github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q= github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= -github.com/klauspost/compress v1.12.2/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8eO+e+Dq5Gzg= -github.com/klauspost/compress v1.15.0/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk= -github.com/klauspost/compress v1.15.7 h1:7cgTQxJCU/vy+oP/E3B9RGbQTgbiVzIJWIKOLoAsPok= -github.com/klauspost/compress v1.15.7/go.mod h1:PhcZ0MbTNciWF3rruxRgKxI5NkcHHrHUDtV4Yw2GlzU= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg= @@ -416,12 +398,10 @@ github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= github.com/mailru/easyjson v0.7.6 h1:8yTIVnZgCoiM1TgqoeTl+LfU5Jg6/xL3QhGQnimLYnA= github.com/mailru/easyjson v0.7.6/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= +github.com/mattn/go-colorable v0.0.9 h1:UVL0vNpWh04HeJXV0KLcaT7r06gOH2l4OW6ddYRUIY4= github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= -github.com/mattn/go-colorable v0.1.2 h1:/bC9yWikZXAL9uJdulbSfyVNIR3n3trXl+v8+1sx8mU= -github.com/mattn/go-colorable v0.1.2/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= +github.com/mattn/go-isatty v0.0.3 h1:ns/ykhmWi7G9O+8a448SecJU3nSMBXJfqQkl0upE1jI= github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= -github.com/mattn/go-isatty v0.0.8 h1:HLtExJ+uU2HOZ+wI0Tt5DtUDrx8yhUqDcp7fYERX4CE= -github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 h1:I0XW9+e1XWDxdcEniV4rQAIOPUGDq67JSCiRCgGCZLI= github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= @@ -476,14 +456,12 @@ github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE= github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U= github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= -github.com/onsi/ginkgo v1.10.1/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk= github.com/onsi/ginkgo v1.14.0/go.mod h1:iSB4RoI2tjJc9BBv4NKIKWKya62Rps+oPG/Lv9klQyY= github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= github.com/onsi/ginkgo/v2 v2.1.4 h1:GNapqRSid3zijZ9H77KrgVG4/8KqiyRsxcSxe+7ApXY= github.com/onsi/ginkgo/v2 v2.1.4/go.mod h1:um6tUpWM/cxCK3/FK8BXqEiUMUwRgSM4JXG47RKZmLU= github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= -github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= github.com/onsi/gomega v1.19.0 h1:4ieX6qQjPP/BfC3mpsAtIGGlxTWPeA3Inl/7DtXw1tw= @@ -550,11 +528,8 @@ github.com/rogpeppe/go-internal v1.8.0/go.mod h1:WmiCO8CzOY8rg0OYDC4/i/2WRWAB6po github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= -github.com/savsgio/gotils v0.0.0-20210617111740-97865ed5a873 h1:N3Af8f13ooDKcIhsmFT7Z05CStZWu4C7Md0uDEy4q6o= -github.com/savsgio/gotils v0.0.0-20210617111740-97865ed5a873/go.mod h1:dmPawKuiAeG/aFYVs2i+Dyosoo7FNcm+Pi8iK6ZUrX8= github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc= github.com/seccomp/libseccomp-golang v0.9.2-0.20220502022130-f33da4d89646/go.mod h1:JA8cRccbGaA1s33RQf7Y1+q9gHmZX1yB/z9WDN1C6fg= -github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo= github.com/sergi/go-diff v1.1.0 h1:we8PVUC3FE2uYfodKH/nBHMSetSfHDR6scGdBi+erh0= github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= @@ -606,25 +581,11 @@ github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1 github.com/tmc/grpc-websocket-proxy v0.0.0-20201229170055-e5319fda7802/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= github.com/urfave/cli v1.17.1-0.20160602030128-01a33823596e/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA= github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= -github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6KllzawFIhcdPw= -github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc= -github.com/valyala/fasthttp v1.27.0/go.mod h1:cmWIqlu99AO/RKcp1HWaViTqc57FswJOfYYdPJBl8BA= -github.com/valyala/fasthttp v1.38.0 h1:yTjSSNjuDi2PPvXY2836bIwLmiTS2T4T9p1coQshpco= -github.com/valyala/fasthttp v1.38.0/go.mod h1:t/G+3rLek+CyY9bnIE+YlMRddxVAAGjhxndDB4i4C0I= -github.com/valyala/tcplisten v1.0.0/go.mod h1:T0xQ8SeCZGxckz9qRXTfG43PvQ/mcWh7FwZEA7Ioqkc= github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYppBueQtXaqoE= github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17pCcGlemwknint6hfoeCVQrEMVwxRLRjXpq+BU= -github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f h1:J9EGpcZtP0E/raorCMxlFGSTBrsSlaDGf3jU/qvAE2c= -github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU= -github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 h1:EzJWgHovont7NscjpAxXsDA8S8BMYve8Y5+7cuRE7R0= -github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ= -github.com/xeipuuv/gojsonschema v1.1.0 h1:ngVtJC9TY/lg0AA/1k48FYhBrhRoFlEmWzsehpNAaZg= -github.com/xeipuuv/gojsonschema v1.1.0/go.mod h1:5yf86TLmAcydyeJq5YvxkGPE2fm/u4myDekKRoLuqhs= github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU= github.com/xlab/treeprint v1.1.0 h1:G/1DjNkPpfZCFt9CSh6b5/nY4VimlbHF3Rh4obvtzDk= github.com/xlab/treeprint v1.1.0/go.mod h1:gj5Gd3gPdKtR1ikdDK6fnFLdmIS0X30kTTuNd/WEJu0= -github.com/yalp/jsonpath v0.0.0-20180802001716-5cc68e5049a0 h1:6fRhSjgLCkTD3JnJxvaJ4Sj+TYblw757bqYgZaOq5ZY= -github.com/yalp/jsonpath v0.0.0-20180802001716-5cc68e5049a0/go.mod h1:/LWChgwKmvncFJFHJ7Gvn9wZArjbV5/FppcK2fKk/tI= github.com/yudai/gojsondiff v1.0.0 h1:27cbfqXLVEJ1o8I6v3y9lg8Ydm53EKqHXAOMxEGlCOA= github.com/yudai/gojsondiff v1.0.0/go.mod h1:AY32+k2cwILAkW1fbgxQ5mUmMiZFgLIV+FBNExI05xg= github.com/yudai/golcs v0.0.0-20170316035057-ecda9a501e82 h1:BHyfKlQyqbsFN5p3IfnEUduWvb9is428/nNb5L3U01M= @@ -690,12 +651,10 @@ golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a/go.mod h1:P+XmwS30IXTQdn5tA2iutPOUgjI07+tq3H3K9MVA1s8= golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.0.0-20220214200702-86341886e292/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd h1:XcWmESyNjXJMLahc3mqVQJcgSTDxFxhETVlfk9uGc38= golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= @@ -780,7 +739,6 @@ golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc= golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.0.0-20210510120150-4163338589ed/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210825183410-e898025ed96a/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= @@ -827,7 +785,6 @@ golang.org/x/sys v0.0.0-20181026203630-95b1ffbd15a5/go.mod h1:STP8DvDyc/dI5b8T5h golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -896,7 +853,6 @@ golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20211116061358-0a5406a5449c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220227234510-4e6760a101f9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f h1:v4INt8xihDGvnrfjMDVXGxw9wrfxYyCjk0KbXjhR55s= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= @@ -1215,8 +1171,6 @@ k8s.io/utils v0.0.0-20210802155522-efc7438f0176/go.mod h1:jPW/WVKK9YHAvNhRxK0md/ k8s.io/utils v0.0.0-20211116205334-6203023598ed/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= k8s.io/utils v0.0.0-20220728103510-ee6ede2d64ed h1:jAne/RjBTyawwAy0utX5eqigAwz/lQhTmy+Hr/Cpue4= k8s.io/utils v0.0.0-20220728103510-ee6ede2d64ed/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= -moul.io/http2curl v1.0.1-0.20190925090545-5cd742060b0e h1:C7q+e9M5nggAvWfVg9Nl66kebKeuJlP3FD58V4RR5wo= -moul.io/http2curl v1.0.1-0.20190925090545-5cd742060b0e/go.mod h1:nejbQVfXh96n9dSF6cH3Jsk/QI1Z2oEL7sSI2ifXFNA= pault.ag/go/sniff v0.0.0-20200207005214-cf7e4d167732 h1:SAElp8THCfmBdM+4lmWX5gebiSSkEr7PAYDVF91qpfg= pault.ag/go/sniff v0.0.0-20200207005214-cf7e4d167732/go.mod h1:lpvCfhqEHNJSSpG5R5A2EgsVzG8RTt4RfPoQuRAcDmg= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= diff --git a/test/e2e/annotations/affinitymode.go b/test/e2e/annotations/affinitymode.go index 2b40155d0..cce2b004d 100644 --- a/test/e2e/annotations/affinitymode.go +++ b/test/e2e/annotations/affinitymode.go @@ -42,7 +42,7 @@ var _ = framework.DescribeAnnotation("affinitymode", func() { host := "affinity-mode-balance.com" annotations := make(map[string]string) annotations["nginx.ingress.kubernetes.io/affinity"] = "cookie" - annotations["ginx.ingress.kubernetes.io/session-cookie-name"] = "hello-cookie" + annotations["nginx.ingress.kubernetes.io/session-cookie-name"] = "hello-cookie" annotations["nginx.ingress.kubernetes.io/session-cookie-expires"] = "172800" annotations["nginx.ingress.kubernetes.io/session-cookie-max-age"] = "172800" annotations["nginx.ingress.kubernetes.io/ssl-redirect"] = "false" @@ -75,7 +75,7 @@ var _ = framework.DescribeAnnotation("affinitymode", func() { host := "affinity-mode-persistent.com" annotations := make(map[string]string) annotations["nginx.ingress.kubernetes.io/affinity"] = "cookie" - annotations["ginx.ingress.kubernetes.io/session-cookie-name"] = "hello-cookie" + annotations["nginx.ingress.kubernetes.io/session-cookie-name"] = "hello-cookie" annotations["nginx.ingress.kubernetes.io/session-cookie-expires"] = "172800" annotations["nginx.ingress.kubernetes.io/session-cookie-max-age"] = "172800" annotations["nginx.ingress.kubernetes.io/ssl-redirect"] = "false" diff --git a/test/e2e/defaultbackend/default_backend.go b/test/e2e/defaultbackend/default_backend.go index e418e4687..e589024b4 100644 --- a/test/e2e/defaultbackend/default_backend.go +++ b/test/e2e/defaultbackend/default_backend.go @@ -19,7 +19,8 @@ package defaultbackend import ( "net/http" - "github.com/gavv/httpexpect/v2" + "k8s.io/ingress-nginx/test/e2e/framework/httpexpect" + "github.com/onsi/ginkgo/v2" "github.com/stretchr/testify/assert" @@ -64,15 +65,13 @@ var _ = framework.IngressNginxDescribe("[Default Backend]", func() { for _, test := range testCases { ginkgo.By(test.Name) - var req *httpexpect.Request + var req *httpexpect.HTTPRequest switch test.Scheme { case framework.HTTP: - req = f.HTTPTestClient().Request(test.Method, test.Path) - req.WithURL(f.GetURL(framework.HTTP) + test.Path) + req = f.HTTPTestClient().DoRequest(test.Method, test.Path).WithURL(f.GetURL(framework.HTTP) + test.Path) case framework.HTTPS: - req = f.HTTPTestClient().Request(test.Method, test.Path) - req.WithURL(f.GetURL(framework.HTTPS) + test.Path) + req = f.HTTPTestClient().DoRequest(test.Method, test.Path).WithURL(f.GetURL(framework.HTTPS) + test.Path) default: ginkgo.Fail("Unexpected request scheme") } diff --git a/test/e2e/framework/framework.go b/test/e2e/framework/framework.go index 0f01ae3cb..4946c13b2 100644 --- a/test/e2e/framework/framework.go +++ b/test/e2e/framework/framework.go @@ -22,7 +22,8 @@ import ( "strings" "time" - "github.com/gavv/httpexpect/v2" + "k8s.io/ingress-nginx/test/e2e/framework/httpexpect" + "github.com/onsi/ginkgo/v2" "github.com/stretchr/testify/assert" appsv1 "k8s.io/api/apps/v1" @@ -445,22 +446,22 @@ func (f *Framework) DeleteNGINXPod(grace int64) { } // HTTPDumbTestClient returns a new httpexpect client without BaseURL. -func (f *Framework) HTTPDumbTestClient() *httpexpect.Expect { - return f.newTestClient(nil, false) +func (f *Framework) HTTPDumbTestClient() *httpexpect.HTTPRequest { + return f.newHTTPTestClient(nil, false) } -// HTTPTestClient returns a new httpexpect client for end-to-end HTTP testing. -func (f *Framework) HTTPTestClient() *httpexpect.Expect { - return f.newTestClient(nil, true) +// HTTPTestClient returns a new HTTPRequest client for end-to-end HTTP testing. +func (f *Framework) HTTPTestClient() *httpexpect.HTTPRequest { + return f.newHTTPTestClient(nil, true) } // HTTPTestClientWithTLSConfig returns a new httpexpect client for end-to-end // HTTP testing with a custom TLS configuration. -func (f *Framework) HTTPTestClientWithTLSConfig(config *tls.Config) *httpexpect.Expect { - return f.newTestClient(config, true) +func (f *Framework) HTTPTestClientWithTLSConfig(config *tls.Config) *httpexpect.HTTPRequest { + return f.newHTTPTestClient(config, true) } -func (f *Framework) newTestClient(config *tls.Config, setIngressURL bool) *httpexpect.Expect { +func (f *Framework) newHTTPTestClient(config *tls.Config, setIngressURL bool) *httpexpect.HTTPRequest { if config == nil { config = &tls.Config{ InsecureSkipVerify: true, @@ -471,24 +472,14 @@ func (f *Framework) newTestClient(config *tls.Config, setIngressURL bool) *httpe baseURL = f.GetURL(HTTP) } - return httpexpect.WithConfig(httpexpect.Config{ - BaseURL: baseURL, - Client: &http.Client{ - Transport: &http.Transport{ - TLSClientConfig: config, - }, - CheckRedirect: func(req *http.Request, via []*http.Request) error { - return http.ErrUseLastResponse - }, + return httpexpect.NewRequest(baseURL, &http.Client{ + Transport: &http.Transport{ + TLSClientConfig: config, }, - Reporter: httpexpect.NewAssertReporter( - httpexpect.NewAssertReporter(ginkgo.GinkgoT()), - ), - Printers: []httpexpect.Printer{ - // TODO: enable conditionally? - // httpexpect.NewDebugPrinter(ginkgo.GinkgoT(), false), + CheckRedirect: func(req *http.Request, via []*http.Request) error { + return http.ErrUseLastResponse }, - }) + }, httpexpect.NewAssertReporter()) } // WaitForNginxListening waits until NGINX starts accepting connections on a port diff --git a/test/e2e/framework/httpexpect/README.md b/test/e2e/framework/httpexpect/README.md new file mode 100644 index 000000000..73cfd9dbb --- /dev/null +++ b/test/e2e/framework/httpexpect/README.md @@ -0,0 +1 @@ +This module is based in the deprecated library `github.com/gavv/httpexpect`, and contains slightly adaptations. diff --git a/test/e2e/framework/httpexpect/array.go b/test/e2e/framework/httpexpect/array.go new file mode 100644 index 000000000..432982f4a --- /dev/null +++ b/test/e2e/framework/httpexpect/array.go @@ -0,0 +1,36 @@ +/* +Copyright 2022 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package httpexpect + +// Array provides methods to inspect attached []interface{} object +// (Go representation of JSON array). +type Array struct { + chain chain + value []interface{} +} + +// Iter returns a new slice of Values attached to array elements. +func (a *Array) Iter() []Value { + if a.chain.failed() { + return []Value{} + } + ret := []Value{} + for n := range a.value { + ret = append(ret, Value{a.chain, a.value[n]}) + } + return ret +} diff --git a/test/e2e/framework/httpexpect/chain.go b/test/e2e/framework/httpexpect/chain.go new file mode 100644 index 000000000..79956fb33 --- /dev/null +++ b/test/e2e/framework/httpexpect/chain.go @@ -0,0 +1,54 @@ +/* +Copyright 2022 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package httpexpect + +type chain struct { + reporter Reporter + failbit bool +} + +func makeChain(reporter Reporter) chain { + return chain{reporter, false} +} + +func (c *chain) failed() bool { + return c.failbit +} + +func (c *chain) fail(message string, args ...interface{}) { + if c.failbit { + return + } + c.failbit = true + c.reporter.Errorf(message, args...) +} + +func (c *chain) reset() { + c.failbit = false +} + +func (c *chain) assertFailed(r Reporter) { + if !c.failbit { + r.Errorf("expected chain is failed, but it's ok") + } +} + +func (c *chain) assertOK(r Reporter) { + if c.failbit { + r.Errorf("expected chain is ok, but it's failed") + } +} diff --git a/test/e2e/framework/httpexpect/cookie.go b/test/e2e/framework/httpexpect/cookie.go new file mode 100644 index 000000000..1cd57a6cc --- /dev/null +++ b/test/e2e/framework/httpexpect/cookie.go @@ -0,0 +1,29 @@ +/* +Copyright 2022 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package httpexpect + +import "net/http" + +// Cookie provides methods to inspect attached http.Cookie value. +type Cookie struct { + chain chain + value *http.Cookie +} + +func (c *Cookie) Raw() *http.Cookie { + return c.value +} diff --git a/test/e2e/framework/httpexpect/match.go b/test/e2e/framework/httpexpect/match.go new file mode 100644 index 000000000..b031510c4 --- /dev/null +++ b/test/e2e/framework/httpexpect/match.go @@ -0,0 +1,37 @@ +/* +Copyright 2022 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package httpexpect + +// Match provides methods to inspect attached regexp match results. +type Match struct { + chain chain + submatches []string + names map[string]int +} + +func makeMatch(chain chain, submatches []string, names []string) *Match { + if submatches == nil { + submatches = []string{} + } + namemap := map[string]int{} + for n, name := range names { + if name != "" { + namemap[name] = n + } + } + return &Match{chain, submatches, namemap} +} diff --git a/test/e2e/framework/httpexpect/object.go b/test/e2e/framework/httpexpect/object.go new file mode 100644 index 000000000..f7c27faaf --- /dev/null +++ b/test/e2e/framework/httpexpect/object.go @@ -0,0 +1,111 @@ +/* +Copyright 2022 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package httpexpect + +import ( + "reflect" + + "github.com/yudai/gojsondiff" + "github.com/yudai/gojsondiff/formatter" +) + +// Object provides methods to inspect attached map[string]interface{} object +// (Go representation of JSON object). +type Object struct { + chain chain + value map[string]interface{} +} + +func (o *Object) ValueEqual(key string, value interface{}) *Object { + if !o.containsKey(key) { + o.chain.fail("\nexpected object containing key '%s', but got:\n%s", + key, dumpValue(o.value)) + return o + } + expected, ok := canonValue(&o.chain, value) + if !ok { + return o + } + if !reflect.DeepEqual(expected, o.value[key]) { + o.chain.fail("\nexpected value for key '%s' equal to:\n%s\n\nbut got:\n%s\n\ndiff:\n%s", + key, + dumpValue(expected), + dumpValue(o.value[key]), + diffValues(expected, o.value[key])) + } + return o +} + +func (o *Object) ContainsKey(key string) *Object { + if !o.containsKey(key) { + o.chain.fail("\nexpected object containing key '%s', but got:\n%s", + key, + dumpValue(o.value)) + } + return o +} + +func (o *Object) NotContainsKey(key string) *Object { + if o.containsKey(key) { + o.chain.fail("\nexpected object not containing key '%s', but got:\n%s", + key, dumpValue(o.value)) + } + return o +} + +func (o *Object) containsKey(key string) bool { + for k := range o.value { + if k == key { + return true + } + } + return false +} + +func diffValues(expected, actual interface{}) string { + differ := gojsondiff.New() + + var diff gojsondiff.Diff + + if ve, ok := expected.(map[string]interface{}); ok { + if va, ok := actual.(map[string]interface{}); ok { + diff = differ.CompareObjects(ve, va) + } else { + return " (unavailable)" + } + } else if ve, ok := expected.([]interface{}); ok { + if va, ok := actual.([]interface{}); ok { + diff = differ.CompareArrays(ve, va) + } else { + return " (unavailable)" + } + } else { + return " (unavailable)" + } + + config := formatter.AsciiFormatterConfig{ + ShowArrayIndex: true, + } + f := formatter.NewAsciiFormatter(expected, config) + + str, err := f.Format(diff) + if err != nil { + return " (unavailable)" + } + + return "--- expected\n+++ actual\n" + str +} diff --git a/test/e2e/framework/httpexpect/reporter.go b/test/e2e/framework/httpexpect/reporter.go new file mode 100644 index 000000000..e80234590 --- /dev/null +++ b/test/e2e/framework/httpexpect/reporter.go @@ -0,0 +1,48 @@ +/* +Copyright 2022 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package httpexpect + +import ( + "fmt" + + "github.com/onsi/ginkgo/v2" + "github.com/stretchr/testify/assert" +) + +// Reporter is used to report failures. +// testing.TB, AssertReporter, and RequireReporter implement this interface. +type Reporter interface { + // Errorf reports failure. + // Allowed to return normally or terminate test using t.FailNow(). + Errorf(message string, args ...interface{}) +} + +// AssertReporter implements Reporter interface using `testify/assert' +// package. Failures are non-fatal with this reporter. +type AssertReporter struct { + backend *assert.Assertions +} + +// NewAssertReporter returns a new AssertReporter object. +func NewAssertReporter() *AssertReporter { + return &AssertReporter{assert.New(ginkgo.GinkgoT())} +} + +// Errorf implements Reporter.Errorf. +func (r *AssertReporter) Errorf(message string, args ...interface{}) { + r.backend.Fail(fmt.Sprintf(message, args...)) +} diff --git a/test/e2e/framework/httpexpect/request.go b/test/e2e/framework/httpexpect/request.go new file mode 100644 index 000000000..335e3931e --- /dev/null +++ b/test/e2e/framework/httpexpect/request.go @@ -0,0 +1,176 @@ +/* +Copyright 2022 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package httpexpect + +import ( + "fmt" + "io" + "net/http" + "net/url" + "path" +) + +type HTTPRequest struct { + chain chain + reporter Reporter + baseURL string + client *http.Client + query url.Values + Request *http.Request + HTTPResponse *HTTPResponse +} + +// NewRequest returns an HTTPRequest object. +func NewRequest(baseURL string, client *http.Client, reporter Reporter) *HTTPRequest { + response := NewResponse(reporter) + return &HTTPRequest{ + baseURL: baseURL, + client: client, + reporter: reporter, + chain: makeChain(reporter), + HTTPResponse: response, + } +} + +// GET creates a new HTTP request with GET method. +func (h *HTTPRequest) GET(rpath string) *HTTPRequest { + if h.chain.failed() { + return h + } + return h.DoRequest("GET", rpath) +} + +// DoRequest creates a new HTTP request object. +func (h *HTTPRequest) DoRequest(method, rpath string) *HTTPRequest { + uri, err := url.Parse(h.baseURL) + if err != nil { + h.chain.fail(err.Error()) + } + + var request *http.Request + uri.Path = path.Join(uri.Path, rpath) + if request, err = http.NewRequest(method, uri.String(), nil); err != nil { + h.chain.fail(err.Error()) + } + + h.Request = request + return h +} + +// Expect executes the request and returns an HTTP response. +func (h *HTTPRequest) Expect() *HTTPResponse { + if h.query != nil { + h.Request.URL.RawQuery = h.query.Encode() + } + + response, err := h.client.Do(h.Request) + if err != nil { + h.chain.fail(err.Error()) + } + + h.HTTPResponse.Response = response // set the HTTP response + + var content []byte + if content, err = getContent(response); err != nil { + h.chain.fail(err.Error()) + } + // set content and cookies from HTTPResponse + h.HTTPResponse.content = content + h.HTTPResponse.cookies = h.HTTPResponse.Response.Cookies() + return h.HTTPResponse +} + +// WithURL sets the request URL appending paths when already exist. +func (h *HTTPRequest) WithURL(urlStr string) *HTTPRequest { + if h.chain.failed() { + return h + } + if u, err := url.Parse(urlStr); err != nil { + h.chain.fail(err.Error()) + } else { + u.Path = path.Join(h.Request.URL.Path, u.Path) + h.Request.URL = u + } + return h +} + +// WithHeader adds given header to request. +func (h *HTTPRequest) WithHeader(key, value string) *HTTPRequest { + if h.chain.failed() { + return h + } + switch http.CanonicalHeaderKey(key) { + case "Host": + h.Request.Host = value + default: + h.Request.Header.Add(key, value) + } + return h +} + +// WithCookies adds given cookies to request. +func (h *HTTPRequest) WithCookies(cookies map[string]string) *HTTPRequest { + if h.chain.failed() { + return h + } + for k, v := range cookies { + h.WithCookie(k, v) + } + return h +} + +// WithCookie adds given single cookie to request. +func (h *HTTPRequest) WithCookie(k, v string) *HTTPRequest { + if h.chain.failed() { + return h + } + h.Request.AddCookie(&http.Cookie{Name: k, Value: v}) + return h +} + +// WithBasicAuth sets the request's Authorization header to use HTTP +// Basic Authentication with the provided username and password. +// +// With HTTP Basic Authentication the provided username and password +// are not encrypted. +func (h *HTTPRequest) WithBasicAuth(username, password string) *HTTPRequest { + if h.chain.failed() { + return h + } + h.Request.SetBasicAuth(username, password) + return h +} + +// WithQuery adds query parameter to request URL. +func (h *HTTPRequest) WithQuery(key string, value interface{}) *HTTPRequest { + if h.chain.failed() { + return h + } + if h.query == nil { + h.query = make(url.Values) + } + h.query.Add(key, fmt.Sprint(value)) + return h +} + +// getContent returns the content from the body response. +func getContent(resp *http.Response) ([]byte, error) { + if resp.Body == nil { + return []byte{}, nil + } + return io.ReadAll(resp.Body) +} diff --git a/test/e2e/framework/httpexpect/response.go b/test/e2e/framework/httpexpect/response.go new file mode 100644 index 000000000..1c7624752 --- /dev/null +++ b/test/e2e/framework/httpexpect/response.go @@ -0,0 +1,273 @@ +/* +Copyright 2022 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package httpexpect + +import ( + "encoding/json" + "fmt" + "mime" + "net/http" + "reflect" + "strconv" + "strings" +) + +// StatusRange is enum for response status ranges. +type StatusRange int + +const ( + // Status1xx defines "Informational" status codes. + Status1xx StatusRange = 100 + + // Status2xx defines "Success" status codes. + Status2xx StatusRange = 200 + + // Status3xx defines "Redirection" status codes. + Status3xx StatusRange = 300 + + // Status4xx defines "Client Error" status codes. + Status4xx StatusRange = 400 + + // Status5xx defines "Server Error" status codes. + Status5xx StatusRange = 500 +) + +type HTTPResponse struct { + chain chain + content []byte + cookies []*http.Cookie + Response *http.Response +} + +// NewResponse returns an empty HTTPResponse object. +func NewResponse(reporter Reporter) *HTTPResponse { + return &HTTPResponse{ + chain: makeChain(reporter), + } +} + +// Body returns the body of the response. +func (r *HTTPResponse) Body() *String { + return &String{value: string(r.content)} +} + +// Raw returns the raw http response. +func (r *HTTPResponse) Raw() *http.Response { + return r.Response +} + +// Status compare the actual http response with the expected one raising and error +// if they don't match. +func (r *HTTPResponse) Status(status int) *HTTPResponse { + if r.chain.failed() { + return r + } + r.checkEqual("status", statusCodeText(status), statusCodeText(r.Response.StatusCode)) + return r +} + +// ContentEncoding succeeds if response has exactly given Content-Encoding +func (r *HTTPResponse) ContentEncoding(encoding ...string) *HTTPResponse { + if r.chain.failed() { + return r + } + r.checkEqual("\"Content-Encoding\" header", encoding, r.Response.Header["Content-Encoding"]) + return r +} + +// ContentType succeeds if response contains Content-Type header with given +// media type and charset. +func (r *HTTPResponse) ContentType(mediaType string, charset ...string) *HTTPResponse { + r.checkContentType(mediaType, charset...) + return r +} + +// Cookies returns a new Array object with all cookie names set by this response. +// Returned Array contains a String value for every cookie name. +func (r *HTTPResponse) Cookies() *Array { + if r.chain.failed() { + return &Array{r.chain, nil} + } + names := []interface{}{} + for _, c := range r.cookies { + names = append(names, c.Name) + } + return &Array{r.chain, names} +} + +// Cookie returns a new Cookie object that may be used to inspect given cookie +// set by this response. +func (r *HTTPResponse) Cookie(name string) *Cookie { + if r.chain.failed() { + return &Cookie{r.chain, nil} + } + names := []string{} + for _, c := range r.cookies { + if c.Name == name { + return &Cookie{r.chain, c} + } + names = append(names, c.Name) + } + r.chain.fail("\nexpected response with cookie:\n %q\n\nbut got only cookies:\n%s", name, dumpValue(names)) + return &Cookie{r.chain, nil} +} + +// Headers returns a new Object that may be used to inspect header map. +func (r *HTTPResponse) Headers() *Object { + var value map[string]interface{} + if !r.chain.failed() { + value, _ = canonMap(&r.chain, r.Response.Header) + } + return &Object{r.chain, value} +} + +// Header returns a new String object that may be used to inspect given header. +func (r *HTTPResponse) Header(header string) *String { + return &String{chain: r.chain, value: r.Response.Header.Get(header)} +} + +func canonMap(chain *chain, in interface{}) (map[string]interface{}, bool) { + var out map[string]interface{} + data, ok := canonValue(chain, in) + if ok { + out, ok = data.(map[string]interface{}) + if !ok { + chain.fail("expected map, got %v", out) + } + } + return out, ok +} + +func canonValue(chain *chain, in interface{}) (interface{}, bool) { + b, err := json.Marshal(in) + if err != nil { + chain.fail(err.Error()) + return nil, false + } + + var out interface{} + if err := json.Unmarshal(b, &out); err != nil { + chain.fail(err.Error()) + return nil, false + } + + return out, true +} + +// StatusRange succeeds if response status belongs to given range. +func (r *HTTPResponse) StatusRange(rn StatusRange) *HTTPResponse { + if r.chain.failed() { + return r + } + status := statusCodeText(r.Response.StatusCode) + + actual := statusRangeText(r.Response.StatusCode) + expected := statusRangeText(int(rn)) + + if actual == "" || actual != expected { + if actual == "" { + r.chain.fail("\nexpected status from range:\n %q\n\nbut got:\n %q", + expected, status) + } else { + r.chain.fail("\nexpected status from range:\n %q\n\nbut got:\n %q (%q)", + expected, actual, status) + } + } + return r +} + +func statusCodeText(code int) string { + if s := http.StatusText(code); s != "" { + return strconv.Itoa(code) + " " + s + } + return strconv.Itoa(code) +} + +func statusRangeText(code int) string { + switch { + case code >= 100 && code < 200: + return "1xx Informational" + case code >= 200 && code < 300: + return "2xx Success" + case code >= 300 && code < 400: + return "3xx Redirection" + case code >= 400 && code < 500: + return "4xx Client Error" + case code >= 500 && code < 600: + return "5xx Server Error" + default: + return "" + } +} + +func (r *HTTPResponse) checkContentType(expectedType string, expectedCharset ...string) bool { + if r.chain.failed() { + return false + } + + contentType := r.Response.Header.Get("Content-Type") + + if expectedType == "" && len(expectedCharset) == 0 { + if contentType == "" { + return true + } + } + + mediaType, params, err := mime.ParseMediaType(contentType) + if err != nil { + r.chain.fail("\ngot invalid \"Content-Type\" header %q", contentType) + return false + } + + if mediaType != expectedType { + r.chain.fail("\nexpected \"Content-Type\" header with %q media type,"+ + "\nbut got %q", expectedType, mediaType) + return false + } + + charset := params["charset"] + + if len(expectedCharset) == 0 { + if charset != "" && !strings.EqualFold(charset, "utf-8") { + r.chain.fail("\nexpected \"Content-Type\" header with \"utf-8\" or empty charset,"+ + "\nbut got %q", charset) + return false + } + } else { + if !strings.EqualFold(charset, expectedCharset[0]) { + r.chain.fail("\nexpected \"Content-Type\" header with %q charset,"+ + "\nbut got %q", expectedCharset[0], charset) + return false + } + } + return true +} + +func (r *HTTPResponse) checkEqual(what string, expected, actual interface{}) { + if !reflect.DeepEqual(expected, actual) { + r.chain.fail("\nexpected %s equal to:\n%s\n\nbut got:\n%s", + what, dumpValue(expected), dumpValue(actual)) + } +} + +func dumpValue(value interface{}) string { + b, err := json.MarshalIndent(value, " ", " ") + if err != nil { + return " " + fmt.Sprintf("%#v", value) + } + return " " + string(b) +} diff --git a/test/e2e/framework/httpexpect/string.go b/test/e2e/framework/httpexpect/string.go new file mode 100644 index 000000000..be2ab0f04 --- /dev/null +++ b/test/e2e/framework/httpexpect/string.go @@ -0,0 +1,120 @@ +/* +Copyright 2022 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package httpexpect + +import ( + "regexp" + "strings" +) + +// String provides methods to inspect attached string value +// (Go representation of JSON string). +type String struct { + chain chain + value string +} + +// Raw returns underlying value attached to String. +// This is the value originally passed to NewString. +func (s *String) Raw() string { + return s.value +} + +// Empty succeeds if string is empty. +func (s *String) Empty() *String { + return s.Equal("") +} + +// NotEmpty succeeds if string is non-empty. +func (s *String) NotEmpty() *String { + return s.NotEqual("") +} + +// Equal succeeds if string is equal to given Go string. +func (s *String) Equal(value string) *String { + if !(s.value == value) { + s.chain.fail("\nexpected string equal to:\n %q\n\nbut got:\n %q", value, s.value) + } + return s +} + +// NotEqual succeeds if string is not equal to given Go string. +func (s *String) NotEqual(value string) *String { + if !(s.value != value) { + s.chain.fail("\nexpected string not equal to:\n %q", value) + } + return s +} + +// Contains succeeds if string contains given Go string as a substring. +func (s *String) Contains(value string) *String { + if !strings.Contains(s.value, value) { + s.chain.fail( + "\nexpected string containing substring:\n %q\n\nbut got:\n %q", + value, s.value) + } + return s +} + +// NotContains succeeds if string doesn't contain Go string as a substring. +func (s *String) NotContains(value string) *String { + if strings.Contains(s.value, value) { + s.chain.fail("\nexpected string not containing substring:\n %q\n\nbut got:\n %q", value, s.value) + } + return s +} + +// ContainsFold succeeds if string contains given Go string as a substring after +// applying Unicode case-folding (so it's a case-insensitive match). +func (s *String) ContainsFold(value string) *String { + if !strings.Contains(strings.ToLower(s.value), strings.ToLower(value)) { + s.chain.fail("\nexpected string containing substring (case-insensitive):\n %q"+"\n\nbut got:\n %q", value, s.value) + } + return s +} + +// NotContainsFold succeeds if string doesn't contain given Go string as a substring +// after applying Unicode case-folding (so it's a case-insensitive match). +// +// Example: +// +// str := NewString(t, "Hello") +// str.NotContainsFold("BYE") +func (s *String) NotContainsFold(value string) *String { + if strings.Contains(strings.ToLower(s.value), strings.ToLower(value)) { + s.chain.fail("\nexpected string not containing substring (case-insensitive):\n %q"+"\n\nbut got:\n %q", value, s.value) + } + return s +} + +// Match matches the string with given regexp and returns a new Match object +// with found submatches. +func (s *String) Match(re string) *Match { + r, err := regexp.Compile(re) + if err != nil { + s.chain.fail(err.Error()) + return makeMatch(s.chain, nil, nil) + } + + m := r.FindStringSubmatch(s.value) + if m == nil { + s.chain.fail("\nexpected string matching regexp:\n `%s`\n\nbut got:\n %q", re, s.value) + return makeMatch(s.chain, nil, nil) + } + + return makeMatch(s.chain, m, r.SubexpNames()) +} diff --git a/test/e2e/framework/httpexpect/value.go b/test/e2e/framework/httpexpect/value.go new file mode 100644 index 000000000..fd59091b1 --- /dev/null +++ b/test/e2e/framework/httpexpect/value.go @@ -0,0 +1,33 @@ +/* +Copyright 2022 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package httpexpect + +// Value provides methods to inspect attached interface{} object +// (Go representation of arbitrary JSON value) and cast it to +// concrete type. +type Value struct { + chain chain + value interface{} +} + +func (v *Value) String() *String { + data, ok := v.value.(string) + if !ok { + v.chain.fail("\nexpected string value, but got:\n%s", dumpValue(v.value)) + } + return &String{v.chain, data} +} diff --git a/test/e2e/servicebackend/service_externalname.go b/test/e2e/servicebackend/service_externalname.go index 30c4f6ba0..0d121c671 100644 --- a/test/e2e/servicebackend/service_externalname.go +++ b/test/e2e/servicebackend/service_externalname.go @@ -22,7 +22,8 @@ import ( "net/http" "strings" - "github.com/gavv/httpexpect/v2" + "k8s.io/ingress-nginx/test/e2e/framework/httpexpect" + "github.com/onsi/ginkgo/v2" "github.com/stretchr/testify/assert" corev1 "k8s.io/api/core/v1" diff --git a/test/e2e/settings/disable_service_external_name.go b/test/e2e/settings/disable_service_external_name.go index 03c8020b6..a24cfebde 100644 --- a/test/e2e/settings/disable_service_external_name.go +++ b/test/e2e/settings/disable_service_external_name.go @@ -21,7 +21,8 @@ import ( "net/http" "strings" - "github.com/gavv/httpexpect/v2" + "k8s.io/ingress-nginx/test/e2e/framework/httpexpect" + "github.com/onsi/ginkgo/v2" "github.com/stretchr/testify/assert" appsv1 "k8s.io/api/apps/v1" From db3cdc04e40c5fab51c010902eac2522572e9a3c Mon Sep 17 00:00:00 2001 From: James Strong Date: Mon, 5 Sep 2022 07:28:36 -0400 Subject: [PATCH 042/166] release 1.3.1 (#9014) * release 1.3.1 Signed-off-by: James Strong * fix readme Signed-off-by: James Strong * fix readme Signed-off-by: James Strong * fix readme Signed-off-by: James Strong * Fix chart linter * Fix helm docs * Fix helm docs * fix helm docs * Add warning about lease change * Disable PSP in v1.25 * rollback cluster in helmchart to psp tests Signed-off-by: James Strong Co-authored-by: Ricardo Pchevuzinske Katz --- .github/workflows/ci.yaml | 4 +- Changelog.md | 77 +++++++++++++++++++ README.md | 14 ++-- RELEASE.md | 4 +- build/build.sh | 2 + charts/ingress-nginx/Chart.yaml | 4 +- charts/ingress-nginx/README.md | 64 +++++++-------- .../templates/controller-psp.yaml | 2 + .../templates/default-backend-psp.yaml | 2 + deploy/static/provider/aws/deploy.yaml | 42 +++++----- .../aws/nlb-with-tls-termination/deploy.yaml | 42 +++++----- deploy/static/provider/baremetal/deploy.yaml | 42 +++++----- deploy/static/provider/cloud/deploy.yaml | 42 +++++----- deploy/static/provider/do/deploy.yaml | 42 +++++----- deploy/static/provider/exoscale/deploy.yaml | 42 +++++----- deploy/static/provider/kind/deploy.yaml | 42 +++++----- deploy/static/provider/scw/deploy.yaml | 42 +++++----- docs/deploy/index.md | 20 ++--- hack/verify-chart-lint.sh | 5 +- 19 files changed, 309 insertions(+), 225 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index d469ae959..54a935917 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -149,7 +149,7 @@ jobs: - name: Run helm-docs run: | - GOBIN=$PWD GO111MODULE=on go install github.com/norwoodj/helm-docs/cmd/helm-docs@e91c4c3337d3bf3fdad8de1763999a5c3325567f # v1.8.1 + GOBIN=$PWD GO111MODULE=on go install github.com/norwoodj/helm-docs/cmd/helm-docs@v1.11.0 ./helm-docs --chart-search-root=${GITHUB_WORKSPACE}/charts DIFF=$(git diff ${GITHUB_WORKSPACE}/charts/ingress-nginx/README.md) if [ ! -z "$DIFF" ]; then @@ -175,7 +175,7 @@ jobs: uses: engineerd/setup-kind@aa272fe2a7309878ffc2a81c56cfe3ef108ae7d0 #v0.5.0 with: version: v0.15.0 - image: kindest/node:v1.25.0 + image: kindest/node:v1.24.4 - uses: geekyeggo/delete-artifact@b73cb986740e466292a536d0e32e2666c56fdeb3 # v1 with: diff --git a/Changelog.md b/Changelog.md index d4a6bbcd1..c05911b9f 100644 --- a/Changelog.md +++ b/Changelog.md @@ -1,5 +1,82 @@ # Changelog +### 1.3.1 + +Please fill out our 2022 Ingress-Nginx User Survey and let us know what you want to see in future releases. + +https://www.surveymonkey.com/r/ingressngx2022 + +In v1.3.1 leader elections will be done entirely using the Lease API and no longer using configmaps. +v1.3.0 is a safe transition version, using v1.3.0 can automatically complete the merging of election locks, and then you can safely upgrade to v1.3.1. + +Also, *important note*, with the Release of Kubernetes v1.25 we are dropping support for the legacy branches, +please upgrade to a v1.0.0 and above branch + +## Image: +- registry.k8s.io/ingress-nginx/controller:v1.3.1@sha256:54f7fe2c6c5a9db9a0ebf1131797109bb7a4d91f56b9b362bde2abd237dd1974 +- registry.k8s.io/ingress-nginx/controller-chroot:v1.3.1@sha256:a8466b19c621bd550b1645e27a004a5cc85009c858a9ab19490216735ac432b1 + + +## What's Changed + +_IMPORTANT CHANGES:_ +- Update to golang 1.19 +- Started migration for Data and Control Plane splits +- Upgrade to Alpine 3.16.2 +- New kubectl plugin release workflow +- New CVE findings template + +All other Changes +- [9006](https://github.com/kubernetes/ingress-nginx/pull/9006) issue:8739 fix doc issue +- [9003](https://github.com/kubernetes/ingress-nginx/pull/9003) Bump github/codeql-action from 2.1.21 to 2.1.22 +- [9001](https://github.com/kubernetes/ingress-nginx/pull/9001) GitHub Workflows security hardening +- [8992](https://github.com/kubernetes/ingress-nginx/pull/8992) Bump github.com/opencontainers/runc from 1.1.3 to 1.1.4 +- [8991](https://github.com/kubernetes/ingress-nginx/pull/8991) Bump google.golang.org/grpc from 1.48.0 to 1.49.0 +- [8986](https://github.com/kubernetes/ingress-nginx/pull/8986) Bump goreleaser/goreleaser-action from 3.0.0 to 3.1.0 +- [8984](https://github.com/kubernetes/ingress-nginx/pull/8984) fixed deprecated ginkgo flags +- [8982](https://github.com/kubernetes/ingress-nginx/pull/8982) Bump github/codeql-action from 2.1.20 to 2.1.21 +- [8981](https://github.com/kubernetes/ingress-nginx/pull/8981) Bump actions/setup-go from 3.2.1 to 3.3.0 +- [8976](https://github.com/kubernetes/ingress-nginx/pull/8976) Update apiserver to 0.25 to remove v2 go-restful +- [8970](https://github.com/kubernetes/ingress-nginx/pull/8970) bump Golang to 1.19 #8932 +- [8969](https://github.com/kubernetes/ingress-nginx/pull/8969) fix: go-restful CVE #8745 +- [8967](https://github.com/kubernetes/ingress-nginx/pull/8967) updated to testrunnerimage with updated yamale yamllint +- [8966](https://github.com/kubernetes/ingress-nginx/pull/8966) added note on digitalocean annotations +- [8960](https://github.com/kubernetes/ingress-nginx/pull/8960) upgrade yamale and yamllint version +- [8959](https://github.com/kubernetes/ingress-nginx/pull/8959) revert changes to configmap resource permissions +- [8957](https://github.com/kubernetes/ingress-nginx/pull/8957) Bump github/codeql-action from 2.1.19 to 2.1.20 +- [8956](https://github.com/kubernetes/ingress-nginx/pull/8956) Bump azure/setup-helm from 2.1 to 3.3 +- [8954](https://github.com/kubernetes/ingress-nginx/pull/8954) Bump actions/dependency-review-action from 2.0.4 to 2.1.0 +- [8953](https://github.com/kubernetes/ingress-nginx/pull/8953) Bump aquasecurity/trivy-action from 0.5.1 to 0.7.1 +- [8952](https://github.com/kubernetes/ingress-nginx/pull/8952) Bump securego/gosec from b99b5f7838e43a4104354ad92a6a1774302ee1f9 to 2.13.1 +- [8951](https://github.com/kubernetes/ingress-nginx/pull/8951) Bump geekyeggo/delete-artifact from a6ab43859c960a8b74cbc6291f362c7fb51829ba to 1 +- [8950](https://github.com/kubernetes/ingress-nginx/pull/8950) Bump github/codeql-action from 2.1.18 to 2.1.19 +- [8948](https://github.com/kubernetes/ingress-nginx/pull/8948) updated testrunner and testecho images +- [8946](https://github.com/kubernetes/ingress-nginx/pull/8946) Clean old code and move helper functions +- [8944](https://github.com/kubernetes/ingress-nginx/pull/8944) Make keep-alive documentation more explicit for clarity +- [8939](https://github.com/kubernetes/ingress-nginx/pull/8939) bump baseimage alpine to v3.16.2 for zlib CVE fix + +## New Contributors +* @mtnezm made their first contribution in https://github.com/kubernetes/ingress-nginx/pull/8817 +* @tamcore made their first contribution in https://github.com/kubernetes/ingress-nginx/pull/8821 +* @guilhem made their first contribution in https://github.com/kubernetes/ingress-nginx/pull/8827 +* @lilien1010 made their first contribution in https://github.com/kubernetes/ingress-nginx/pull/8830 +* @qilongqiu made their first contribution in https://github.com/kubernetes/ingress-nginx/pull/8855 +* @dgoffredo made their first contribution in https://github.com/kubernetes/ingress-nginx/pull/8848 +* @Volatus made their first contribution in https://github.com/kubernetes/ingress-nginx/pull/8859 +* @europ made their first contribution in https://github.com/kubernetes/ingress-nginx/pull/8841 +* @mrksngl made their first contribution in https://github.com/kubernetes/ingress-nginx/pull/7892 +* @omichels made their first contribution in https://github.com/kubernetes/ingress-nginx/pull/8895 +* @zeeZ made their first contribution in https://github.com/kubernetes/ingress-nginx/pull/8881 +* @mjudeikis made their first contribution in https://github.com/kubernetes/ingress-nginx/pull/8928 +* @NissesSenap made their first contribution in https://github.com/kubernetes/ingress-nginx/pull/8873 +* @anders-swanson made their first contribution in https://github.com/kubernetes/ingress-nginx/pull/8665 +* @aslafy-z made their first contribution in https://github.com/kubernetes/ingress-nginx/pull/8905 +* @harry1064 made their first contribution in https://github.com/kubernetes/ingress-nginx/pull/8825 +* @sashashura made their first contribution in https://github.com/kubernetes/ingress-nginx/pull/9001 +* @sreelakshminarayananm made their first contribution in https://github.com/kubernetes/ingress-nginx/pull/9006 + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-v1.3.0...controller-v1.3.1 + ### 1.3.0 Image: diff --git a/README.md b/README.md index c8bdcdf86..fce3fbb84 100644 --- a/README.md +++ b/README.md @@ -7,6 +7,10 @@ [![GitHub stars](https://img.shields.io/badge/contributions-welcome-orange.svg)](https://github.com/kubernetes/ingress-nginx/blob/main/CONTRIBUTING.md) [![FOSSA Status](https://app.fossa.io/api/projects/git%2Bgithub.com%2Fkubernetes%2Fingress-nginx.svg?type=shield)](https://app.fossa.io/projects/git%2Bgithub.com%2Fkubernetes%2Fingress-nginx?ref=badge_shield) +Please fill out our 2022 Ingress-Nginx User Survey and let us know what you want to see in future releases. + +https://www.surveymonkey.com/r/ingressngx2022 + ## Overview ingress-nginx is an Ingress controller for Kubernetes using [NGINX](https://www.nginx.org/) as a reverse proxy and load balancer. @@ -31,6 +35,7 @@ For detailed changes on the `ingress-nginx` helm chart, please check the followi | Ingress-NGINX version | k8s supported version | Alpine Version | Nginx Version | |-----------------------|------------------------------|----------------|---------------| +| v1.3.1 | 1.24, 1.23, 1.22, 1.21, 1.20 | 3.16.2 | 1.19.10† | | v1.3.0 | 1.24, 1.23, 1.22, 1.21, 1.20 | 3.16.0 | 1.19.10† | | v1.2.1 | 1.23, 1.22, 1.21, 1.20, 1.19 | 3.14.6 | 1.19.10† | | v1.1.3 | 1.23, 1.22, 1.21, 1.20, 1.19 | 3.14.4 | 1.19.10† | @@ -43,12 +48,7 @@ For detailed changes on the `ingress-nginx` helm chart, please check the followi | v1.0.2 | 1.22, 1.21, 1.20, 1.19 | 3.14.2 | 1.19.9† | | v1.0.1 | 1.22, 1.21, 1.20, 1.19 | 3.14.2 | 1.19.9† | | v1.0.0 | 1.22, 1.21, 1.20, 1.19 | 3.13.5 | 1.20.1 | -| v0.51.0 | 1.21, 1.20, 1.19 | 3.14.4 | 1.19.10† | -| v0.49.3 | 1.21, 1.20, 1.19 | 3.14.2 | 1.19.9† | -| v0.49.2 | 1.21, 1.20, 1.19 | 3.14.2 | 1.19.9† | -| v0.49.1 | 1.21, 1.20, 1.19 | 3.14.2 | 1.19.9† | -| v0.49.0 | 1.21, 1.20, 1.19 | 3.13.5 | 1.20.1 | -| v0.48.1 | 1.21, 1.20, 1.19 | 3.13.5 | 1.20.1 | + † _This build is [patched against CVE-2021-23017](https://github.com/openresty/openresty/commit/4b5ec7edd78616f544abc194308e0cf4b788725b#diff-42ef841dc27fe0b5aa2d06bd31308bb63a59cdcddcbcddd917248349d22020a3)._ @@ -70,7 +70,7 @@ Thanks for taking the time to join our community and start contributing! - **Support**: Join the [#ingress-nginx-users](https://kubernetes.slack.com/messages/CANQGM8BA/) channel inside the [Kubernetes Slack](http://slack.kubernetes.io/) to ask questions or get support from the maintainers and other users. - - The [github issues](https://github.com/kubernetes/ingress-nginx/issues) in the repository are **exclusively** for bug reports and feature requests. + - The [GitHub issues](https://github.com/kubernetes/ingress-nginx/issues) in the repository are **exclusively** for bug reports and feature requests. - **Discuss**: Tweet using the `#IngressNginx` hashtag. diff --git a/RELEASE.md b/RELEASE.md index 8fbc0932f..210277942 100644 --- a/RELEASE.md +++ b/RELEASE.md @@ -173,7 +173,7 @@ Promoting the images basically means that images, that were pushed to staging co - Run the below command and save the output to a txt file ``` - gh pr list -s merged -L 38 -B main | cut -f1,2 | tee ~/Downloads/prlist.txt + gh pr list -R kubernetes/ingress-nginx -s merged -L 38 -B main | cut -f1,2 | tee ~/Downloads/prlist.txt ``` - The -L 38 was used for 2 reasons. - Default number of results is 30 and there were more than 30 PRs merged while releasing v1.1.1. If you see the current/soon-to-be-old changelog, you can look at the most recent PR number that has been accounted for already, and start from after that last accounted for PR. @@ -222,7 +222,7 @@ Promoting the images basically means that images, that were pushed to staging co - If you saved the bash script content above, in a file like `$HOME/bin/prlist_to_changelog.sh`, then you could execute a command like this to get your prlist in a text file called changelog_content.txt;` ``` - prlist_to_changelog.sh ~/Downloads/prlist.txt | tee ~/Downloads//changelog_content.txt` + prlist_to_changelog.sh ~/Downloads/prlist.txt | tee ~/Downloads//changelog_content.txt ``` ### d. Edit the values.yaml and run helm-docs diff --git a/build/build.sh b/build/build.sh index c0372bc25..42bec820b 100755 --- a/build/build.sh +++ b/build/build.sh @@ -49,7 +49,9 @@ echo "Building targets for ${ARCH}, generated targets in ${TARGETS_DIR} director echo "Building ${PKG}/cmd/nginx" +pushd /go/src/k8s.io/ingress-nginx git config --add safe.directory /go/src/k8s.io/ingress-nginx +popd ${GO_BUILD_CMD} \ -trimpath -ldflags="-buildid= -w -s \ diff --git a/charts/ingress-nginx/Chart.yaml b/charts/ingress-nginx/Chart.yaml index 8b7f8ca16..178f7f722 100644 --- a/charts/ingress-nginx/Chart.yaml +++ b/charts/ingress-nginx/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: ingress-nginx # When the version is modified, make sure the artifacthub.io/changes list is updated # Also update CHANGELOG.md -version: 4.2.3 -appVersion: 1.3.0 +version: 4.2.4 +appVersion: 1.3.1 home: https://github.com/kubernetes/ingress-nginx description: Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer icon: https://upload.wikimedia.org/wikipedia/commons/thumb/c/c5/Nginx_logo.svg/500px-Nginx_logo.svg.png diff --git a/charts/ingress-nginx/README.md b/charts/ingress-nginx/README.md index 8357cab56..17743881c 100644 --- a/charts/ingress-nginx/README.md +++ b/charts/ingress-nginx/README.md @@ -2,7 +2,7 @@ [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer -![Version: 4.2.3](https://img.shields.io/badge/Version-4.2.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.3.0](https://img.shields.io/badge/AppVersion-1.3.0-informational?style=flat-square) +![Version: 4.2.4](https://img.shields.io/badge/Version-4.2.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.3.1](https://img.shields.io/badge/AppVersion-1.3.1-informational?style=flat-square) To use, add `ingressClassName: nginx` spec field or the `kubernetes.io/ingress.class: nginx` annotation to your Ingress resources. @@ -260,7 +260,7 @@ Kubernetes: `>=1.20.0-0` | controller.admissionWebhooks.patch.labels | object | `{}` | Labels to be added to patch job resources | | controller.admissionWebhooks.patch.nodeSelector."kubernetes.io/os" | string | `"linux"` | | | controller.admissionWebhooks.patch.podAnnotations | object | `{}` | | -| controller.admissionWebhooks.patch.priorityClassName | string | `""` | Provide a priority class name to the webhook patching job | +| controller.admissionWebhooks.patch.priorityClassName | string | `""` | Provide a priority class name to the webhook patching job # | | controller.admissionWebhooks.patch.securityContext.fsGroup | int | `2000` | | | controller.admissionWebhooks.patch.securityContext.runAsNonRoot | bool | `true` | | | controller.admissionWebhooks.patch.securityContext.runAsUser | int | `2000` | | @@ -272,9 +272,9 @@ Kubernetes: `>=1.20.0-0` | controller.admissionWebhooks.service.loadBalancerSourceRanges | list | `[]` | | | controller.admissionWebhooks.service.servicePort | int | `443` | | | controller.admissionWebhooks.service.type | string | `"ClusterIP"` | | -| controller.affinity | object | `{}` | Affinity and anti-affinity rules for server scheduling to nodes | +| controller.affinity | object | `{}` | Affinity and anti-affinity rules for server scheduling to nodes # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity # | | controller.allowSnippetAnnotations | bool | `true` | This configuration defines if Ingress Controller should allow users to set their own *-snippet annotations, otherwise this is forbidden / dropped when users add those annotations. Global snippets in ConfigMap are still respected | -| controller.annotations | object | `{}` | Annotations to be added to the controller Deployment or DaemonSet | +| controller.annotations | object | `{}` | Annotations to be added to the controller Deployment or DaemonSet # | | controller.autoscaling.behavior | object | `{}` | | | controller.autoscaling.enabled | bool | `false` | | | controller.autoscaling.maxReplicas | int | `11` | | @@ -292,7 +292,7 @@ Kubernetes: `>=1.20.0-0` | controller.dnsConfig | object | `{}` | Optionally customize the pod dnsConfig. | | controller.dnsPolicy | string | `"ClusterFirst"` | Optionally change this to ClusterFirstWithHostNet in case you have 'hostNetwork: true'. By default, while using host network, name resolution uses the host's DNS. If you wish nginx-controller to keep resolving names inside the k8s network, use ClusterFirstWithHostNet. | | controller.electionID | string | `"ingress-controller-leader"` | Election ID to use for status update | -| controller.enableMimalloc | bool | `true` | Enable mimalloc as a drop-in replacement for malloc. | +| controller.enableMimalloc | bool | `true` | Enable mimalloc as a drop-in replacement for malloc. # ref: https://github.com/microsoft/mimalloc # | | controller.existingPsp | string | `""` | Use an existing PSP instead of creating one | | controller.extraArgs | object | `{}` | Additional command line arguments to pass to nginx-ingress-controller E.g. to specify the default SSL certificate you can use | | controller.extraContainers | list | `[]` | Additional containers to be added to the controller pod. See https://github.com/lemonldap-ng-controller/lemonldap-ng-controller as example. | @@ -335,8 +335,8 @@ Kubernetes: `>=1.20.0-0` | controller.keda.scaledObject.annotations | object | `{}` | | | controller.keda.triggers | list | `[]` | | | controller.kind | string | `"Deployment"` | Use a `DaemonSet` or `Deployment` | -| controller.labels | object | `{}` | Labels to be added to the controller Deployment or DaemonSet and other resources that do not have option to specify labels | -| controller.lifecycle | object | `{"preStop":{"exec":{"command":["/wait-shutdown"]}}}` | Improve connection draining when ingress controller pod is deleted using a lifecycle hook: With this new hook, we increased the default terminationGracePeriodSeconds from 30 seconds to 300, allowing the draining of connections up to five minutes. If the active connections end before that, the pod will terminate gracefully at that time. To effectively take advantage of this feature, the Configmap feature worker-shutdown-timeout new value is 240s instead of 10s. | +| controller.labels | object | `{}` | Labels to be added to the controller Deployment or DaemonSet and other resources that do not have option to specify labels # | +| controller.lifecycle | object | `{"preStop":{"exec":{"command":["/wait-shutdown"]}}}` | Improve connection draining when ingress controller pod is deleted using a lifecycle hook: With this new hook, we increased the default terminationGracePeriodSeconds from 30 seconds to 300, allowing the draining of connections up to five minutes. If the active connections end before that, the pod will terminate gracefully at that time. To effectively take advantage of this feature, the Configmap feature worker-shutdown-timeout new value is 240s instead of 10s. # | | controller.livenessProbe.failureThreshold | int | `5` | | | controller.livenessProbe.httpGet.path | string | `"/healthz"` | | | controller.livenessProbe.httpGet.port | int | `10254` | | @@ -345,14 +345,14 @@ Kubernetes: `>=1.20.0-0` | controller.livenessProbe.periodSeconds | int | `10` | | | controller.livenessProbe.successThreshold | int | `1` | | | controller.livenessProbe.timeoutSeconds | int | `1` | | -| controller.maxmindLicenseKey | string | `""` | Maxmind license key to download GeoLite2 Databases. | +| controller.maxmindLicenseKey | string | `""` | Maxmind license key to download GeoLite2 Databases. # https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-geolite2-databases | | controller.metrics.enabled | bool | `false` | | | controller.metrics.port | int | `10254` | | | controller.metrics.prometheusRule.additionalLabels | object | `{}` | | | controller.metrics.prometheusRule.enabled | bool | `false` | | | controller.metrics.prometheusRule.rules | list | `[]` | | | controller.metrics.service.annotations | object | `{}` | | -| controller.metrics.service.externalIPs | list | `[]` | List of IP addresses at which the stats-exporter service is available | +| controller.metrics.service.externalIPs | list | `[]` | List of IP addresses at which the stats-exporter service is available # Ref: https://kubernetes.io/docs/user-guide/services/#external-ips # | | controller.metrics.service.loadBalancerSourceRanges | list | `[]` | | | controller.metrics.service.servicePort | int | `10254` | | | controller.metrics.service.type | string | `"ClusterIP"` | | @@ -365,10 +365,10 @@ Kubernetes: `>=1.20.0-0` | controller.metrics.serviceMonitor.scrapeInterval | string | `"30s"` | | | controller.metrics.serviceMonitor.targetLabels | list | `[]` | | | controller.minAvailable | int | `1` | | -| controller.minReadySeconds | int | `0` | `minReadySeconds` to avoid killing pods before we are ready | +| controller.minReadySeconds | int | `0` | `minReadySeconds` to avoid killing pods before we are ready # | | controller.name | string | `"controller"` | | -| controller.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node labels for controller pod assignment | -| controller.podAnnotations | object | `{}` | Annotations to be added to controller pods | +| controller.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node labels for controller pod assignment # Ref: https://kubernetes.io/docs/user-guide/node-selection/ # | +| controller.podAnnotations | object | `{}` | Annotations to be added to controller pods # | | controller.podLabels | object | `{}` | Labels to add to the pod container metadata | | controller.podSecurityContext | object | `{}` | Security Context policies for controller pods | | controller.priorityClassName | string | `""` | | @@ -392,17 +392,17 @@ Kubernetes: `>=1.20.0-0` | controller.scope.namespace | string | `""` | Namespace to limit the controller to; defaults to $(POD_NAMESPACE) | | controller.scope.namespaceSelector | string | `""` | When scope.enabled == false, instead of watching all namespaces, we watching namespaces whose labels only match with namespaceSelector. Format like foo=bar. Defaults to empty, means watching all namespaces. | | controller.service.annotations | object | `{}` | | -| controller.service.appProtocol | bool | `true` | If enabled is adding an appProtocol option for Kubernetes service. An appProtocol field replacing annotations that were using for setting a backend protocol. Here is an example for AWS: service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http It allows choosing the protocol for each backend specified in the Kubernetes service. See the following GitHub issue for more details about the purpose: https://github.com/kubernetes/kubernetes/issues/40244 Will be ignored for Kubernetes versions older than 1.20 | +| controller.service.appProtocol | bool | `true` | If enabled is adding an appProtocol option for Kubernetes service. An appProtocol field replacing annotations that were using for setting a backend protocol. Here is an example for AWS: service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http It allows choosing the protocol for each backend specified in the Kubernetes service. See the following GitHub issue for more details about the purpose: https://github.com/kubernetes/kubernetes/issues/40244 Will be ignored for Kubernetes versions older than 1.20 # | | controller.service.enableHttp | bool | `true` | | | controller.service.enableHttps | bool | `true` | | | controller.service.enabled | bool | `true` | | | controller.service.external.enabled | bool | `true` | | -| controller.service.externalIPs | list | `[]` | List of IP addresses at which the controller services are available | +| controller.service.externalIPs | list | `[]` | List of IP addresses at which the controller services are available # Ref: https://kubernetes.io/docs/user-guide/services/#external-ips # | | controller.service.internal.annotations | object | `{}` | Annotations are mandatory for the load balancer to come up. Varies with the cloud service. | | controller.service.internal.enabled | bool | `false` | Enables an additional internal load balancer (besides the external one). | | controller.service.internal.loadBalancerSourceRanges | list | `[]` | Restrict access For LoadBalancer service. Defaults to 0.0.0.0/0. | -| controller.service.ipFamilies | list | `["IPv4"]` | List of IP families (e.g. IPv4, IPv6) assigned to the service. This field is usually assigned automatically based on cluster configuration and the ipFamilyPolicy field. | -| controller.service.ipFamilyPolicy | string | `"SingleStack"` | Represents the dual-stack-ness requested or required by this Service. Possible values are SingleStack, PreferDualStack or RequireDualStack. The ipFamilies and clusterIPs fields depend on the value of this field. | +| controller.service.ipFamilies | list | `["IPv4"]` | List of IP families (e.g. IPv4, IPv6) assigned to the service. This field is usually assigned automatically based on cluster configuration and the ipFamilyPolicy field. # Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/ | +| controller.service.ipFamilyPolicy | string | `"SingleStack"` | Represents the dual-stack-ness requested or required by this Service. Possible values are SingleStack, PreferDualStack or RequireDualStack. The ipFamilies and clusterIPs fields depend on the value of this field. # Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/ | | controller.service.labels | object | `{}` | | | controller.service.loadBalancerIP | string | `""` | Used by cloud providers to connect the resulting `LoadBalancer` to a pre-existing static IP according to https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer | | controller.service.loadBalancerSourceRanges | list | `[]` | | @@ -419,12 +419,12 @@ Kubernetes: `>=1.20.0-0` | controller.sysctls | object | `{}` | See https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ for notes on enabling and using sysctls | | controller.tcp.annotations | object | `{}` | Annotations to be added to the tcp config configmap | | controller.tcp.configMapNamespace | string | `""` | Allows customization of the tcp-services-configmap; defaults to $(POD_NAMESPACE) | -| controller.terminationGracePeriodSeconds | int | `300` | `terminationGracePeriodSeconds` to avoid killing pods before we are ready | -| controller.tolerations | list | `[]` | Node tolerations for server scheduling to nodes with taints | -| controller.topologySpreadConstraints | list | `[]` | Topology spread constraints rely on node labels to identify the topology domain(s) that each Node is in. | +| controller.terminationGracePeriodSeconds | int | `300` | `terminationGracePeriodSeconds` to avoid killing pods before we are ready # wait up to five minutes for the drain of connections # | +| controller.tolerations | list | `[]` | Node tolerations for server scheduling to nodes with taints # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ # | +| controller.topologySpreadConstraints | list | `[]` | Topology spread constraints rely on node labels to identify the topology domain(s) that each Node is in. # Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ # | | controller.udp.annotations | object | `{}` | Annotations to be added to the udp config configmap | | controller.udp.configMapNamespace | string | `""` | Allows customization of the udp-services-configmap; defaults to $(POD_NAMESPACE) | -| controller.updateStrategy | object | `{}` | The update strategy to apply to the Deployment or DaemonSet | +| controller.updateStrategy | object | `{}` | The update strategy to apply to the Deployment or DaemonSet # | | controller.watchIngressWithoutClass | bool | `false` | Process Ingress objects without ingressClass annotation/ingressClassName field Overrides value for --watch-ingress-without-class flag of the controller binary Defaults to false | | defaultBackend.affinity | object | `{}` | | | defaultBackend.autoscaling.annotations | object | `{}` | | @@ -433,7 +433,7 @@ Kubernetes: `>=1.20.0-0` | defaultBackend.autoscaling.minReplicas | int | `1` | | | defaultBackend.autoscaling.targetCPUUtilizationPercentage | int | `50` | | | defaultBackend.autoscaling.targetMemoryUtilizationPercentage | int | `50` | | -| defaultBackend.containerSecurityContext | object | `{}` | Security Context policies for controller main container. See https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ for notes on enabling and using sysctls | +| defaultBackend.containerSecurityContext | object | `{}` | Security Context policies for controller main container. See https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ for notes on enabling and using sysctls # | | defaultBackend.enabled | bool | `false` | | | defaultBackend.existingPsp | string | `""` | Use an existing PSP instead of creating one | | defaultBackend.extraArgs | object | `{}` | | @@ -456,10 +456,10 @@ Kubernetes: `>=1.20.0-0` | defaultBackend.livenessProbe.timeoutSeconds | int | `5` | | | defaultBackend.minAvailable | int | `1` | | | defaultBackend.name | string | `"defaultbackend"` | | -| defaultBackend.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node labels for default backend pod assignment | -| defaultBackend.podAnnotations | object | `{}` | Annotations to be added to default backend pods | +| defaultBackend.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node labels for default backend pod assignment # Ref: https://kubernetes.io/docs/user-guide/node-selection/ # | +| defaultBackend.podAnnotations | object | `{}` | Annotations to be added to default backend pods # | | defaultBackend.podLabels | object | `{}` | Labels to add to the pod container metadata | -| defaultBackend.podSecurityContext | object | `{}` | Security Context policies for controller pods See https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ for notes on enabling and using sysctls | +| defaultBackend.podSecurityContext | object | `{}` | Security Context policies for controller pods See https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ for notes on enabling and using sysctls # | | defaultBackend.port | int | `8080` | | | defaultBackend.priorityClassName | string | `""` | | | defaultBackend.readinessProbe.failureThreshold | int | `6` | | @@ -470,25 +470,25 @@ Kubernetes: `>=1.20.0-0` | defaultBackend.replicaCount | int | `1` | | | defaultBackend.resources | object | `{}` | | | defaultBackend.service.annotations | object | `{}` | | -| defaultBackend.service.externalIPs | list | `[]` | List of IP addresses at which the default backend service is available | +| defaultBackend.service.externalIPs | list | `[]` | List of IP addresses at which the default backend service is available # Ref: https://kubernetes.io/docs/user-guide/services/#external-ips # | | defaultBackend.service.loadBalancerSourceRanges | list | `[]` | | | defaultBackend.service.servicePort | int | `80` | | | defaultBackend.service.type | string | `"ClusterIP"` | | | defaultBackend.serviceAccount.automountServiceAccountToken | bool | `true` | | | defaultBackend.serviceAccount.create | bool | `true` | | | defaultBackend.serviceAccount.name | string | `""` | | -| defaultBackend.tolerations | list | `[]` | Node tolerations for server scheduling to nodes with taints | -| dhParam | string | `nil` | A base64-encoded Diffie-Hellman parameter. This can be generated with: `openssl dhparam 4096 2> /dev/null | base64` | -| imagePullSecrets | list | `[]` | Optional array of imagePullSecrets containing private registry credentials | +| defaultBackend.tolerations | list | `[]` | Node tolerations for server scheduling to nodes with taints # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ # | +| dhParam | string | `nil` | A base64-encoded Diffie-Hellman parameter. This can be generated with: `openssl dhparam 4096 2> /dev/null | base64` # Ref: https://github.com/kubernetes/ingress-nginx/tree/main/docs/examples/customization/ssl-dh-param | +| imagePullSecrets | list | `[]` | Optional array of imagePullSecrets containing private registry credentials # Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ | | podSecurityPolicy.enabled | bool | `false` | | -| portNamePrefix | string | `""` | Prefix for TCP and UDP ports names in ingress controller service | +| portNamePrefix | string | `""` | Prefix for TCP and UDP ports names in ingress controller service # Some cloud providers, like Yandex Cloud may have a requirements for a port name regex to support cloud load balancer integration | | rbac.create | bool | `true` | | | rbac.scope | bool | `false` | | -| revisionHistoryLimit | int | `10` | Rollback limit | +| revisionHistoryLimit | int | `10` | Rollback limit # | | serviceAccount.annotations | object | `{}` | Annotations for the controller service account | | serviceAccount.automountServiceAccountToken | bool | `true` | | | serviceAccount.create | bool | `true` | | | serviceAccount.name | string | `""` | | -| tcp | object | `{}` | TCP service key-value pairs | -| udp | object | `{}` | UDP service key-value pairs | +| tcp | object | `{}` | TCP service key-value pairs # Ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/exposing-tcp-udp-services.md # | +| udp | object | `{}` | UDP service key-value pairs # Ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/exposing-tcp-udp-services.md # | diff --git a/charts/ingress-nginx/templates/controller-psp.yaml b/charts/ingress-nginx/templates/controller-psp.yaml index fe34408c8..2e0499ce9 100644 --- a/charts/ingress-nginx/templates/controller-psp.yaml +++ b/charts/ingress-nginx/templates/controller-psp.yaml @@ -1,3 +1,4 @@ +{{- if (semverCompare "<1.25.0-0" .Capabilities.KubeVersion.Version) }} {{- if and .Values.podSecurityPolicy.enabled (empty .Values.controller.existingPsp) -}} apiVersion: policy/v1beta1 kind: PodSecurityPolicy @@ -90,3 +91,4 @@ spec: seLinux: rule: 'RunAsAny' {{- end }} +{{- end }} diff --git a/charts/ingress-nginx/templates/default-backend-psp.yaml b/charts/ingress-nginx/templates/default-backend-psp.yaml index 42061c5d3..c144c8fbf 100644 --- a/charts/ingress-nginx/templates/default-backend-psp.yaml +++ b/charts/ingress-nginx/templates/default-backend-psp.yaml @@ -1,3 +1,4 @@ +{{- if (semverCompare "<1.25.0-0" .Capabilities.KubeVersion.Version) }} {{- if and .Values.podSecurityPolicy.enabled .Values.defaultBackend.enabled (empty .Values.defaultBackend.existingPsp) -}} apiVersion: policy/v1beta1 kind: PodSecurityPolicy @@ -34,3 +35,4 @@ spec: - secret - downwardAPI {{- end }} +{{- end }} diff --git a/deploy/static/provider/aws/deploy.yaml b/deploy/static/provider/aws/deploy.yaml index 300ca7b01..cca1474d2 100644 --- a/deploy/static/provider/aws/deploy.yaml +++ b/deploy/static/provider/aws/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx namespace: ingress-nginx rules: @@ -136,7 +136,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -155,7 +155,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx rules: - apiGroups: @@ -229,7 +229,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission rules: - apiGroups: @@ -248,7 +248,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -268,7 +268,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -287,7 +287,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -306,7 +306,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -327,7 +327,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -343,7 +343,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -376,7 +376,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -399,7 +399,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -439,7 +439,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5 + image: registry.k8s.io/ingress-nginx/controller:v1.3.1@sha256:54f7fe2c6c5a9db9a0ebf1131797109bb7a4d91f56b9b362bde2abd237dd1974 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -511,7 +511,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -522,7 +522,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission-create spec: containers: @@ -558,7 +558,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -569,7 +569,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission-patch spec: containers: @@ -607,7 +607,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: nginx spec: controller: k8s.io/ingress-nginx @@ -620,7 +620,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml b/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml index 7e7ce8f22..20f2c665a 100644 --- a/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml +++ b/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx namespace: ingress-nginx rules: @@ -136,7 +136,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -155,7 +155,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx rules: - apiGroups: @@ -229,7 +229,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission rules: - apiGroups: @@ -248,7 +248,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -268,7 +268,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -287,7 +287,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -306,7 +306,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -334,7 +334,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -352,7 +352,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -385,7 +385,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -408,7 +408,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -448,7 +448,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5 + image: registry.k8s.io/ingress-nginx/controller:v1.3.1@sha256:54f7fe2c6c5a9db9a0ebf1131797109bb7a4d91f56b9b362bde2abd237dd1974 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -523,7 +523,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -534,7 +534,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission-create spec: containers: @@ -570,7 +570,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -581,7 +581,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission-patch spec: containers: @@ -619,7 +619,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: nginx spec: controller: k8s.io/ingress-nginx @@ -632,7 +632,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/baremetal/deploy.yaml b/deploy/static/provider/baremetal/deploy.yaml index e23e4b7f3..f2f3d4ac9 100644 --- a/deploy/static/provider/baremetal/deploy.yaml +++ b/deploy/static/provider/baremetal/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx namespace: ingress-nginx rules: @@ -136,7 +136,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -155,7 +155,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx rules: - apiGroups: @@ -229,7 +229,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission rules: - apiGroups: @@ -248,7 +248,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -268,7 +268,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -287,7 +287,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -306,7 +306,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -327,7 +327,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -339,7 +339,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -371,7 +371,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -394,7 +394,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -433,7 +433,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5 + image: registry.k8s.io/ingress-nginx/controller:v1.3.1@sha256:54f7fe2c6c5a9db9a0ebf1131797109bb7a4d91f56b9b362bde2abd237dd1974 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -505,7 +505,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -516,7 +516,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission-create spec: containers: @@ -552,7 +552,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -563,7 +563,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission-patch spec: containers: @@ -601,7 +601,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: nginx spec: controller: k8s.io/ingress-nginx @@ -614,7 +614,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/cloud/deploy.yaml b/deploy/static/provider/cloud/deploy.yaml index 77407e8a9..d7ba531c2 100644 --- a/deploy/static/provider/cloud/deploy.yaml +++ b/deploy/static/provider/cloud/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx namespace: ingress-nginx rules: @@ -136,7 +136,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -155,7 +155,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx rules: - apiGroups: @@ -229,7 +229,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission rules: - apiGroups: @@ -248,7 +248,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -268,7 +268,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -287,7 +287,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -306,7 +306,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -327,7 +327,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -339,7 +339,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -372,7 +372,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -395,7 +395,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -435,7 +435,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5 + image: registry.k8s.io/ingress-nginx/controller:v1.3.1@sha256:54f7fe2c6c5a9db9a0ebf1131797109bb7a4d91f56b9b362bde2abd237dd1974 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -507,7 +507,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -518,7 +518,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission-create spec: containers: @@ -554,7 +554,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -565,7 +565,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission-patch spec: containers: @@ -603,7 +603,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: nginx spec: controller: k8s.io/ingress-nginx @@ -616,7 +616,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/do/deploy.yaml b/deploy/static/provider/do/deploy.yaml index e35d1d7ca..f24648b5e 100644 --- a/deploy/static/provider/do/deploy.yaml +++ b/deploy/static/provider/do/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx namespace: ingress-nginx rules: @@ -136,7 +136,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -155,7 +155,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx rules: - apiGroups: @@ -229,7 +229,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission rules: - apiGroups: @@ -248,7 +248,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -268,7 +268,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -287,7 +287,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -306,7 +306,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -328,7 +328,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -342,7 +342,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -375,7 +375,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -398,7 +398,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -438,7 +438,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5 + image: registry.k8s.io/ingress-nginx/controller:v1.3.1@sha256:54f7fe2c6c5a9db9a0ebf1131797109bb7a4d91f56b9b362bde2abd237dd1974 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -510,7 +510,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -521,7 +521,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission-create spec: containers: @@ -557,7 +557,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -568,7 +568,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission-patch spec: containers: @@ -606,7 +606,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: nginx spec: controller: k8s.io/ingress-nginx @@ -619,7 +619,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/exoscale/deploy.yaml b/deploy/static/provider/exoscale/deploy.yaml index fe9a2de7f..856fbfa8d 100644 --- a/deploy/static/provider/exoscale/deploy.yaml +++ b/deploy/static/provider/exoscale/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx namespace: ingress-nginx rules: @@ -136,7 +136,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -155,7 +155,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx rules: - apiGroups: @@ -229,7 +229,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission rules: - apiGroups: @@ -248,7 +248,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -268,7 +268,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -287,7 +287,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -306,7 +306,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -327,7 +327,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -348,7 +348,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -381,7 +381,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -404,7 +404,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -444,7 +444,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5 + image: registry.k8s.io/ingress-nginx/controller:v1.3.1@sha256:54f7fe2c6c5a9db9a0ebf1131797109bb7a4d91f56b9b362bde2abd237dd1974 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -516,7 +516,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -527,7 +527,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission-create spec: containers: @@ -563,7 +563,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -574,7 +574,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission-patch spec: containers: @@ -612,7 +612,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: nginx spec: controller: k8s.io/ingress-nginx @@ -625,7 +625,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/kind/deploy.yaml b/deploy/static/provider/kind/deploy.yaml index 5ddb9c166..5291d2d33 100644 --- a/deploy/static/provider/kind/deploy.yaml +++ b/deploy/static/provider/kind/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx namespace: ingress-nginx rules: @@ -136,7 +136,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -155,7 +155,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx rules: - apiGroups: @@ -229,7 +229,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission rules: - apiGroups: @@ -248,7 +248,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -268,7 +268,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -287,7 +287,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -306,7 +306,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -327,7 +327,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -339,7 +339,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -371,7 +371,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -394,7 +394,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -439,7 +439,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5 + image: registry.k8s.io/ingress-nginx/controller:v1.3.1@sha256:54f7fe2c6c5a9db9a0ebf1131797109bb7a4d91f56b9b362bde2abd237dd1974 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -521,7 +521,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -532,7 +532,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission-create spec: containers: @@ -568,7 +568,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -579,7 +579,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission-patch spec: containers: @@ -617,7 +617,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: nginx spec: controller: k8s.io/ingress-nginx @@ -630,7 +630,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/scw/deploy.yaml b/deploy/static/provider/scw/deploy.yaml index 2dba2dc51..a43df9de4 100644 --- a/deploy/static/provider/scw/deploy.yaml +++ b/deploy/static/provider/scw/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx namespace: ingress-nginx rules: @@ -136,7 +136,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -155,7 +155,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx rules: - apiGroups: @@ -229,7 +229,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission rules: - apiGroups: @@ -248,7 +248,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -268,7 +268,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -287,7 +287,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -306,7 +306,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -328,7 +328,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -342,7 +342,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -375,7 +375,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -398,7 +398,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -438,7 +438,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5 + image: registry.k8s.io/ingress-nginx/controller:v1.3.1@sha256:54f7fe2c6c5a9db9a0ebf1131797109bb7a4d91f56b9b362bde2abd237dd1974 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -510,7 +510,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -521,7 +521,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission-create spec: containers: @@ -557,7 +557,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -568,7 +568,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission-patch spec: containers: @@ -606,7 +606,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: nginx spec: controller: k8s.io/ingress-nginx @@ -619,7 +619,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.0 + app.kubernetes.io/version: 1.3.1 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/docs/deploy/index.md b/docs/deploy/index.md index d5bd5c90d..d95ca9a33 100644 --- a/docs/deploy/index.md +++ b/docs/deploy/index.md @@ -60,7 +60,7 @@ It will install the controller in the `ingress-nginx` namespace, creating that n **If you don't have Helm** or if you prefer to use a YAML manifest, you can run the following command instead: ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.3.0/deploy/static/provider/cloud/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.3.1/deploy/static/provider/cloud/deploy.yaml ``` !!! info @@ -215,7 +215,7 @@ In AWS, we use a Network load balancer (NLB) to expose the NGINX Ingress control ##### Network Load Balancer (NLB) ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.3.0/deploy/static/provider/aws/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.3.1/deploy/static/provider/aws/deploy.yaml ``` ##### TLS termination in AWS Load Balancer (NLB) @@ -223,10 +223,10 @@ kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/cont By default, TLS is terminated in the ingress controller. But it is also possible to terminate TLS in the Load Balancer. This section explains how to do that on AWS using an NLB. -1. Download the [deploy.yaml](https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.3.0/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml) template +1. Download the [deploy.yaml](https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.3.1/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml) template ```console - wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.3.0/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml + wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.3.1/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml ``` 2. Edit the file and change the VPC CIDR in use for the Kubernetes cluster: @@ -272,7 +272,7 @@ Then, the ingress controller can be installed like this: ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.3.0/deploy/static/provider/cloud/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.3.1/deploy/static/provider/cloud/deploy.yaml ``` !!! warning @@ -289,7 +289,7 @@ Proxy-protocol is supported in GCE check the [Official Documentations on how to #### Azure ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.3.0/deploy/static/provider/cloud/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.3.1/deploy/static/provider/cloud/deploy.yaml ``` More information with regard to Azure annotations for ingress controller can be found in the [official AKS documentation](https://docs.microsoft.com/en-us/azure/aks/ingress-internal-ip#create-an-ingress-controller). @@ -297,7 +297,7 @@ More information with regard to Azure annotations for ingress controller can be #### Digital Ocean ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.3.0/deploy/static/provider/do/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.3.1/deploy/static/provider/do/deploy.yaml ``` - By default the service object of the ingress-nginx-controller for Digital-Ocean, only configures one annotation. Its this one `service.beta.kubernetes.io/do-loadbalancer-enable-proxy-protocol: "true"`. While this makes the service functional, it was reported that the Digital-Ocean LoadBalancer graphs shows `no data`, unless a few other annotations are also configured. Some of these other annotations require values that can not be generic and hence not forced in a out-of-the-box installation. These annotations and a discussion on them is well documented in [this issue](https://github.com/kubernetes/ingress-nginx/issues/8965). Please refer to the issue to add annotations, with values specific to user, to get graphs of the DO-LB populated with data. @@ -305,7 +305,7 @@ kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/cont #### Scaleway ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.3.0/deploy/static/provider/scw/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.3.1/deploy/static/provider/scw/deploy.yaml ``` #### Exoscale @@ -320,7 +320,7 @@ The full list of annotations supported by Exoscale is available in the Exoscale #### Oracle Cloud Infrastructure ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.3.0/deploy/static/provider/cloud/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.3.1/deploy/static/provider/cloud/deploy.yaml ``` A @@ -337,7 +337,7 @@ For quick testing, you can use a This should work on almost every cluster, but it will typically use a port in the range 30000-32767. ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.3.0/deploy/static/provider/baremetal/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.3.1/deploy/static/provider/baremetal/deploy.yaml ``` For more information about bare metal deployments (and how to use port 80 instead of a random port in the 30000-32767 range), diff --git a/hack/verify-chart-lint.sh b/hack/verify-chart-lint.sh index c18caaba2..2d59dadce 100755 --- a/hack/verify-chart-lint.sh +++ b/hack/verify-chart-lint.sh @@ -19,5 +19,6 @@ set -o nounset set -o pipefail KUBE_ROOT="$( cd "$(dirname "$0")../" >/dev/null 2>&1 ; pwd -P )" - -ct lint --charts ${KUBE_ROOT}/charts/ingress-nginx --validate-maintainers=false +# TODO: This is a temporary workaround while we don't update Helm Chart test +curl https://raw.githubusercontent.com/helm/chart-testing/v3.7.0/etc/chart_schema.yaml -o /tmp/chart_schema.yaml +ct lint --charts ${KUBE_ROOT}/charts/ingress-nginx --validate-maintainers=false --chart-yaml-schema=/tmp/chart_schema.yaml From 9a42ded8bac9630a55e20e29d47db4af3ce904e6 Mon Sep 17 00:00:00 2001 From: Ehsan Saei <71217171+esigo@users.noreply.github.com> Date: Mon, 5 Sep 2022 20:16:36 +0200 Subject: [PATCH 043/166] fix LD_LIBRARY_PATH (#9017) --- images/opentelemetry/rootfs/init_module.sh | 2 +- rootfs/Dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/images/opentelemetry/rootfs/init_module.sh b/images/opentelemetry/rootfs/init_module.sh index bac5e64aa..029233f7b 100755 --- a/images/opentelemetry/rootfs/init_module.sh +++ b/images/opentelemetry/rootfs/init_module.sh @@ -19,4 +19,4 @@ set -o nounset set -o pipefail mkdir -p /modules_mount/etc/nginx/modules -cp -R /etc/nginx/modules /modules_mount/etc/nginx/modules +cp -R /etc/nginx/modules/* /modules_mount/etc/nginx/modules/otel diff --git a/rootfs/Dockerfile b/rootfs/Dockerfile index 48c57a74e..75cf3fc65 100644 --- a/rootfs/Dockerfile +++ b/rootfs/Dockerfile @@ -63,7 +63,7 @@ RUN bash -xeu -c ' \ # LD_LIBRARY_PATH does not work so below is needed for opentelemetry/other modules # Put libs of newer modules under `/modules_mount//lib` and add that path below # Could get complicated arch specific paths become a need - && echo "/lib:/usr/lib:/usr/local/lib:/modules_mount/otel/lib" > /etc/ld-musl-x86_64.path + && echo "/lib:/usr/lib:/usr/local/lib:/modules_mount/etc/nginx/modules/otel" > /etc/ld-musl-x86_64.path RUN apk add --no-cache libcap \ From e079486d4dc40387389adbaed7ec9b80d897d810 Mon Sep 17 00:00:00 2001 From: James Strong Date: Mon, 5 Sep 2022 22:10:56 -0400 Subject: [PATCH 044/166] updates for fixing 1.3.1 release (#9023) * updates for fixing 1.3.1 release Signed-off-by: James Strong * update chart readmea Signed-off-by: James Strong * updating chart Signed-off-by: James Strong * supdate wording of legacy drop * supgraded helm docs * one more time Signed-off-by: James Strong Signed-off-by: James Strong --- Changelog.md | 3 ++- charts/ingress-nginx/Chart.yaml | 3 +-- charts/ingress-nginx/README.md | 8 ++++---- charts/ingress-nginx/values.yaml | 6 +++--- 4 files changed, 10 insertions(+), 10 deletions(-) diff --git a/Changelog.md b/Changelog.md index c05911b9f..bcbcfee04 100644 --- a/Changelog.md +++ b/Changelog.md @@ -10,7 +10,8 @@ In v1.3.1 leader elections will be done entirely using the Lease API and no long v1.3.0 is a safe transition version, using v1.3.0 can automatically complete the merging of election locks, and then you can safely upgrade to v1.3.1. Also, *important note*, with the Release of Kubernetes v1.25 we are dropping support for the legacy branches, -please upgrade to a v1.0.0 and above branch +Also, *important note*, with the release of Kubernetes v1.25, we are dropping support for the legacy edition, +that means all version <1.0.0 of the ingress-nginx-controller. ## Image: - registry.k8s.io/ingress-nginx/controller:v1.3.1@sha256:54f7fe2c6c5a9db9a0ebf1131797109bb7a4d91f56b9b362bde2abd237dd1974 diff --git a/charts/ingress-nginx/Chart.yaml b/charts/ingress-nginx/Chart.yaml index 178f7f722..08dcdb6ed 100644 --- a/charts/ingress-nginx/Chart.yaml +++ b/charts/ingress-nginx/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: ingress-nginx # When the version is modified, make sure the artifacthub.io/changes list is updated # Also update CHANGELOG.md -version: 4.2.4 +version: 4.2.5 appVersion: 1.3.1 home: https://github.com/kubernetes/ingress-nginx description: Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer @@ -12,7 +12,6 @@ keywords: - nginx sources: - https://github.com/kubernetes/ingress-nginx -type: application maintainers: - name: rikatz - name: strongjz diff --git a/charts/ingress-nginx/README.md b/charts/ingress-nginx/README.md index 17743881c..4e6a696c6 100644 --- a/charts/ingress-nginx/README.md +++ b/charts/ingress-nginx/README.md @@ -2,7 +2,7 @@ [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer -![Version: 4.2.4](https://img.shields.io/badge/Version-4.2.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.3.1](https://img.shields.io/badge/AppVersion-1.3.1-informational?style=flat-square) +![Version: 4.2.5](https://img.shields.io/badge/Version-4.2.5-informational?style=flat-square) ![AppVersion: 1.3.1](https://img.shields.io/badge/AppVersion-1.3.1-informational?style=flat-square) To use, add `ingressClassName: nginx` spec field or the `kubernetes.io/ingress.class: nginx` annotation to your Ingress resources. @@ -310,13 +310,13 @@ Kubernetes: `>=1.20.0-0` | controller.hostname | object | `{}` | Optionally customize the pod hostname. | | controller.image.allowPrivilegeEscalation | bool | `true` | | | controller.image.chroot | bool | `false` | | -| controller.image.digest | string | `"sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5"` | | -| controller.image.digestChroot | string | `"sha256:0fcb91216a22aae43b374fc2e6a03b8afe9e8c78cbf07a09d75636dc4ea3c191"` | | +| controller.image.digest | string | `"sha256:54f7fe2c6c5a9db9a0ebf1131797109bb7a4d91f56b9b362bde2abd237dd1974"` | | +| controller.image.digestChroot | string | `"sha256:a8466b19c621bd550b1645e27a004a5cc85009c858a9ab19490216735ac432b1"` | | | controller.image.image | string | `"ingress-nginx/controller"` | | | controller.image.pullPolicy | string | `"IfNotPresent"` | | | controller.image.registry | string | `"registry.k8s.io"` | | | controller.image.runAsUser | int | `101` | | -| controller.image.tag | string | `"v1.3.0"` | | +| controller.image.tag | string | `"v1.3.1"` | | | controller.ingressClass | string | `"nginx"` | For backwards compatibility with ingress.class annotation, use ingressClass. Algorithm is as follows, first ingressClassName is considered, if not present, controller looks for ingress.class annotation | | controller.ingressClassByName | bool | `false` | Process IngressClass per name (additionally as per spec.controller). | | controller.ingressClassResource.controllerValue | string | `"k8s.io/ingress-nginx"` | Controller-value of the controller that is processing this ingressClass | diff --git a/charts/ingress-nginx/values.yaml b/charts/ingress-nginx/values.yaml index 1889e4901..9ec174f7e 100644 --- a/charts/ingress-nginx/values.yaml +++ b/charts/ingress-nginx/values.yaml @@ -23,9 +23,9 @@ controller: ## for backwards compatibility consider setting the full image url via the repository value below ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail ## repository: - tag: "v1.3.0" - digest: sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5 - digestChroot: sha256:0fcb91216a22aae43b374fc2e6a03b8afe9e8c78cbf07a09d75636dc4ea3c191 + tag: "v1.3.1" + digest: sha256:54f7fe2c6c5a9db9a0ebf1131797109bb7a4d91f56b9b362bde2abd237dd1974 + digestChroot: sha256:a8466b19c621bd550b1645e27a004a5cc85009c858a9ab19490216735ac432b1 pullPolicy: IfNotPresent # www-data -> uid 101 runAsUser: 101 From 037e0194fa8280fe0515d1909e28780b838c18ec Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 6 Sep 2022 06:32:54 -0700 Subject: [PATCH 045/166] Bump k8s.io/klog/v2 from 2.70.1 to 2.80.0 (#9021) Bumps [k8s.io/klog/v2](https://github.com/kubernetes/klog) from 2.70.1 to 2.80.0. - [Release notes](https://github.com/kubernetes/klog/releases) - [Changelog](https://github.com/kubernetes/klog/blob/main/RELEASE.md) - [Commits](https://github.com/kubernetes/klog/compare/v2.70.1...v2.80.0) --- updated-dependencies: - dependency-name: k8s.io/klog/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 4 +--- go.sum | 7 ++----- 2 files changed, 3 insertions(+), 8 deletions(-) diff --git a/go.mod b/go.mod index 2c220232e..272a529fa 100644 --- a/go.mod +++ b/go.mod @@ -38,7 +38,7 @@ require ( k8s.io/client-go v0.25.0 k8s.io/code-generator v0.23.5 k8s.io/component-base v0.25.0 - k8s.io/klog/v2 v2.70.1 + k8s.io/klog/v2 v2.80.0 pault.ag/go/sniff v0.0.0-20200207005214-cf7e4d167732 sigs.k8s.io/controller-runtime v0.11.2 sigs.k8s.io/mdtoc v1.1.0 @@ -70,7 +70,6 @@ require ( github.com/go-openapi/jsonpointer v0.19.5 // indirect github.com/go-openapi/jsonreference v0.19.5 // indirect github.com/go-openapi/swag v0.19.14 // indirect - github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 // indirect github.com/godbus/dbus/v5 v5.0.6 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/golang-jwt/jwt/v4 v4.2.0 // indirect @@ -81,7 +80,6 @@ require ( github.com/google/gnostic v0.5.7-v3refs // indirect github.com/google/go-cmp v0.5.8 // indirect github.com/google/gofuzz v1.1.0 // indirect - github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 // indirect github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect github.com/google/uuid v1.2.0 // indirect github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7 // indirect diff --git a/go.sum b/go.sum index 92f966d6f..ec3712740 100644 --- a/go.sum +++ b/go.sum @@ -212,8 +212,6 @@ github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh github.com/go-openapi/swag v0.19.14 h1:gm3vOOXfiuw5i9p5N9xJvfjvuofpyvLA9Wr6QfK5Fng= github.com/go-openapi/swag v0.19.14/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= -github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 h1:p104kn46Q8WdvHunIJ9dAyjPVtrBPhSr3KT2yUst43I= -github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE= github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/godbus/dbus/v5 v5.0.6 h1:mkgN1ofwASrYnJ5W6U/BxG15eXXXjirgZc7CLqkcaro= github.com/godbus/dbus/v5 v5.0.6/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= @@ -305,7 +303,6 @@ github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLe github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210601050228-01bbb1931b22/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210609004039-a478d1d731e9/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 h1:K6RDEckDVWvDI9JAJYCmNdQXq6neHJOYx3V6jnqNEec= github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4= @@ -1162,8 +1159,8 @@ k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAE k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE= k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= k8s.io/klog/v2 v2.30.0/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= -k8s.io/klog/v2 v2.70.1 h1:7aaoSdahviPmR+XkS7FyxlkkXs6tHISSG03RxleQAVQ= -k8s.io/klog/v2 v2.70.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= +k8s.io/klog/v2 v2.80.0 h1:lyJt0TWMPaGoODa8B8bUuxgHS3W/m/bNr2cca3brA/g= +k8s.io/klog/v2 v2.80.0/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= k8s.io/kube-openapi v0.0.0-20211115234752-e816edb12b65/go.mod h1:sX9MT8g7NVZM5lVL/j8QyCCJe8YSMW30QvGZWaCIDIk= k8s.io/kube-openapi v0.0.0-20220803162953-67bda5d908f1 h1:MQ8BAZPZlWk3S9K4a9NCkIFQtZShWqoha7snGixVgEA= k8s.io/kube-openapi v0.0.0-20220803162953-67bda5d908f1/go.mod h1:C/N6wCaBHeBHkHUesQOQy2/MZqGgMAFPqGsGQLdbZBU= From f02003457974b223e56e23955dfa42773841a158 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 6 Sep 2022 06:34:55 -0700 Subject: [PATCH 046/166] Bump github.com/onsi/ginkgo/v2 from 2.1.4 to 2.1.6 (#9022) Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.1.4 to 2.1.6. - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/ginkgo/compare/v2.1.4...v2.1.6) --- updated-dependencies: - dependency-name: github.com/onsi/ginkgo/v2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/go.mod b/go.mod index 272a529fa..1f3259c47 100644 --- a/go.mod +++ b/go.mod @@ -14,7 +14,7 @@ require ( github.com/mitchellh/mapstructure v1.5.0 github.com/moul/pb v0.0.0-20220425114252-bca18df4138c github.com/ncabatoff/process-exporter v0.7.10 - github.com/onsi/ginkgo/v2 v2.1.4 + github.com/onsi/ginkgo/v2 v2.1.6 github.com/opencontainers/runc v1.1.4 github.com/pmezard/go-difflib v1.0.0 github.com/prometheus/client_golang v1.13.0 diff --git a/go.sum b/go.sum index ec3712740..fd830d995 100644 --- a/go.sum +++ b/go.sum @@ -456,12 +456,12 @@ github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+W github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk= github.com/onsi/ginkgo v1.14.0/go.mod h1:iSB4RoI2tjJc9BBv4NKIKWKya62Rps+oPG/Lv9klQyY= github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= -github.com/onsi/ginkgo/v2 v2.1.4 h1:GNapqRSid3zijZ9H77KrgVG4/8KqiyRsxcSxe+7ApXY= -github.com/onsi/ginkgo/v2 v2.1.4/go.mod h1:um6tUpWM/cxCK3/FK8BXqEiUMUwRgSM4JXG47RKZmLU= +github.com/onsi/ginkgo/v2 v2.1.6 h1:Fx2POJZfKRQcM1pH49qSZiYeu319wji004qX+GDovrU= +github.com/onsi/ginkgo/v2 v2.1.6/go.mod h1:MEH45j8TBi6u9BMogfbp0stKC5cdGjumZj5Y7AG4VIk= github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= -github.com/onsi/gomega v1.19.0 h1:4ieX6qQjPP/BfC3mpsAtIGGlxTWPeA3Inl/7DtXw1tw= +github.com/onsi/gomega v1.20.1 h1:PA/3qinGoukvymdIDV8pii6tiZgC8kbmJO6Z5+b002Q= github.com/opencontainers/runc v1.1.4 h1:nRCz/8sKg6K6jgYAFLDlXzPeITBZJyX28DBVhWD+5dg= github.com/opencontainers/runc v1.1.4/go.mod h1:1J5XiS+vdZ3wCyZybsuxXZWGrgSr8fFJHLXuG2PsnNg= github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417 h1:3snG66yBm59tKhhSPQrQ/0bCrv1LQbKt40LnUPiUxdc= From 981ce38a7f0455bee35d692af237089ce5a42220 Mon Sep 17 00:00:00 2001 From: Ehsan Saei <71217171+esigo@users.noreply.github.com> Date: Wed, 7 Sep 2022 01:34:23 +0200 Subject: [PATCH 047/166] fix otel init_module (#9028) --- images/opentelemetry/rootfs/init_module.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/opentelemetry/rootfs/init_module.sh b/images/opentelemetry/rootfs/init_module.sh index 029233f7b..5a675aa2b 100755 --- a/images/opentelemetry/rootfs/init_module.sh +++ b/images/opentelemetry/rootfs/init_module.sh @@ -18,5 +18,5 @@ set -o errexit set -o nounset set -o pipefail -mkdir -p /modules_mount/etc/nginx/modules +mkdir -p /modules_mount/etc/nginx/modules/otel cp -R /etc/nginx/modules/* /modules_mount/etc/nginx/modules/otel From b212b5a8b4cf0bdf089406774b8bf4ac34bb992c Mon Sep 17 00:00:00 2001 From: gunamata <59538726+gunamata@users.noreply.github.com> Date: Fri, 9 Sep 2022 18:53:23 +0000 Subject: [PATCH 048/166] Added instructions for Rancher Desktop (#9035) Signed-off-by: Gunasekhar Matamalam Signed-off-by: Gunasekhar Matamalam --- docs/deploy/index.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/docs/deploy/index.md b/docs/deploy/index.md index d95ca9a33..5a0b6bfb8 100644 --- a/docs/deploy/index.md +++ b/docs/deploy/index.md @@ -20,6 +20,7 @@ ingress controller for your particular environment or cloud provider. - [Environment-specific instructions](#environment-specific-instructions) - ... [Docker Desktop](#docker-desktop) + - ... [Rancher Desktop](#rancher-desktop) - ... [minikube](#minikube) - ... [MicroK8s](#microk8s) - ... [AWS](#aws) @@ -186,6 +187,14 @@ will be assigned the `EXTERNAL-IP` of `localhost`, which means that it will be r doesn't work, you might have to fall back to the `kubectl port-forward` method described in the [local testing section](#local-testing). +#### Rancher Desktop + +Rancher Desktop provides Kubernetes and Container Management on the desktop. Kubernetes is enabled by default in Rancher Desktop. + +Rancher Desktop uses K3s under the hood, which in turn uses Traefik as the default ingress controller for the Kubernetes cluster. To use NGINX ingress controller in place of the default Traefik, disable Traefik from Preference > Kubernetes menu. + +Once traefik is disabled, the NGINX ingress controller can be installed on Rancher Desktop using the default [quick start](#quick-start) instructions. Follow the instructions described in the [local testing section](#local-testing) to try a sample. + ### Cloud deployments If the load balancers of your cloud provider do active healthchecks on their backends (most do), you can change the From 6ef73175818918b8506d89b94369f8965b9fde34 Mon Sep 17 00:00:00 2001 From: Anders Swanson <91502735+anders-swanson@users.noreply.github.com> Date: Mon, 12 Sep 2022 07:28:44 -0700 Subject: [PATCH 049/166] Revert "Metrics port name (Helm) (#8665)" This reverts commit adeb84aa38cbccb8dde471ab222b799b7cc439d3. --- charts/ingress-nginx/templates/controller-daemonset.yaml | 2 +- charts/ingress-nginx/templates/controller-deployment.yaml | 2 +- .../ingress-nginx/templates/controller-service-metrics.yaml | 4 ++-- charts/ingress-nginx/templates/controller-servicemonitor.yaml | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/charts/ingress-nginx/templates/controller-daemonset.yaml b/charts/ingress-nginx/templates/controller-daemonset.yaml index 80c268f7c..2dca8e5c1 100644 --- a/charts/ingress-nginx/templates/controller-daemonset.yaml +++ b/charts/ingress-nginx/templates/controller-daemonset.yaml @@ -114,7 +114,7 @@ spec: {{- end }} {{- end }} {{- if .Values.controller.metrics.enabled }} - - name: http-metrics + - name: metrics containerPort: {{ .Values.controller.metrics.port }} protocol: TCP {{- end }} diff --git a/charts/ingress-nginx/templates/controller-deployment.yaml b/charts/ingress-nginx/templates/controller-deployment.yaml index 5ad186794..5b781f8de 100644 --- a/charts/ingress-nginx/templates/controller-deployment.yaml +++ b/charts/ingress-nginx/templates/controller-deployment.yaml @@ -118,7 +118,7 @@ spec: {{- end }} {{- end }} {{- if .Values.controller.metrics.enabled }} - - name: http-metrics + - name: metrics containerPort: {{ .Values.controller.metrics.port }} protocol: TCP {{- end }} diff --git a/charts/ingress-nginx/templates/controller-service-metrics.yaml b/charts/ingress-nginx/templates/controller-service-metrics.yaml index 1c1d5bddb..0aaf41473 100644 --- a/charts/ingress-nginx/templates/controller-service-metrics.yaml +++ b/charts/ingress-nginx/templates/controller-service-metrics.yaml @@ -31,10 +31,10 @@ spec: externalTrafficPolicy: {{ .Values.controller.metrics.service.externalTrafficPolicy }} {{- end }} ports: - - name: http-metrics + - name: metrics port: {{ .Values.controller.metrics.service.servicePort }} protocol: TCP - targetPort: http-metrics + targetPort: metrics {{- $setNodePorts := (or (eq .Values.controller.metrics.service.type "NodePort") (eq .Values.controller.metrics.service.type "LoadBalancer")) }} {{- if (and $setNodePorts (not (empty .Values.controller.metrics.service.nodePort))) }} nodePort: {{ .Values.controller.metrics.service.nodePort }} diff --git a/charts/ingress-nginx/templates/controller-servicemonitor.yaml b/charts/ingress-nginx/templates/controller-servicemonitor.yaml index 973d36b3e..4dbc6da9f 100644 --- a/charts/ingress-nginx/templates/controller-servicemonitor.yaml +++ b/charts/ingress-nginx/templates/controller-servicemonitor.yaml @@ -14,7 +14,7 @@ metadata: {{- end }} spec: endpoints: - - port: http-metrics + - port: metrics interval: {{ .Values.controller.metrics.serviceMonitor.scrapeInterval }} {{- if .Values.controller.metrics.serviceMonitor.honorLabels }} honorLabels: true From e7c793f65dc2faa7611d0e43dccfd8e24c483245 Mon Sep 17 00:00:00 2001 From: Anders Swanson Date: Mon, 12 Sep 2022 12:34:40 -0700 Subject: [PATCH 050/166] parameterize port name --- charts/ingress-nginx/templates/controller-daemonset.yaml | 2 +- charts/ingress-nginx/templates/controller-deployment.yaml | 2 +- .../ingress-nginx/templates/controller-service-metrics.yaml | 4 ++-- charts/ingress-nginx/templates/controller-servicemonitor.yaml | 2 +- charts/ingress-nginx/values.yaml | 1 + 5 files changed, 6 insertions(+), 5 deletions(-) diff --git a/charts/ingress-nginx/templates/controller-daemonset.yaml b/charts/ingress-nginx/templates/controller-daemonset.yaml index 2dca8e5c1..805d2f209 100644 --- a/charts/ingress-nginx/templates/controller-daemonset.yaml +++ b/charts/ingress-nginx/templates/controller-daemonset.yaml @@ -114,7 +114,7 @@ spec: {{- end }} {{- end }} {{- if .Values.controller.metrics.enabled }} - - name: metrics + - name: {{ .Values.controller.metrics.portName }} containerPort: {{ .Values.controller.metrics.port }} protocol: TCP {{- end }} diff --git a/charts/ingress-nginx/templates/controller-deployment.yaml b/charts/ingress-nginx/templates/controller-deployment.yaml index 5b781f8de..4fd6561bd 100644 --- a/charts/ingress-nginx/templates/controller-deployment.yaml +++ b/charts/ingress-nginx/templates/controller-deployment.yaml @@ -118,7 +118,7 @@ spec: {{- end }} {{- end }} {{- if .Values.controller.metrics.enabled }} - - name: metrics + - name: {{ .Values.controller.metrics.portName }} containerPort: {{ .Values.controller.metrics.port }} protocol: TCP {{- end }} diff --git a/charts/ingress-nginx/templates/controller-service-metrics.yaml b/charts/ingress-nginx/templates/controller-service-metrics.yaml index 0aaf41473..b178401c9 100644 --- a/charts/ingress-nginx/templates/controller-service-metrics.yaml +++ b/charts/ingress-nginx/templates/controller-service-metrics.yaml @@ -31,10 +31,10 @@ spec: externalTrafficPolicy: {{ .Values.controller.metrics.service.externalTrafficPolicy }} {{- end }} ports: - - name: metrics + - name: {{ .Values.controller.metrics.portName }} port: {{ .Values.controller.metrics.service.servicePort }} protocol: TCP - targetPort: metrics + targetPort: {{ .Values.controller.metrics.portName }} {{- $setNodePorts := (or (eq .Values.controller.metrics.service.type "NodePort") (eq .Values.controller.metrics.service.type "LoadBalancer")) }} {{- if (and $setNodePorts (not (empty .Values.controller.metrics.service.nodePort))) }} nodePort: {{ .Values.controller.metrics.service.nodePort }} diff --git a/charts/ingress-nginx/templates/controller-servicemonitor.yaml b/charts/ingress-nginx/templates/controller-servicemonitor.yaml index 4dbc6da9f..8ab16f0b2 100644 --- a/charts/ingress-nginx/templates/controller-servicemonitor.yaml +++ b/charts/ingress-nginx/templates/controller-servicemonitor.yaml @@ -14,7 +14,7 @@ metadata: {{- end }} spec: endpoints: - - port: metrics + - port: {{ .Values.controller.metrics.portName }} interval: {{ .Values.controller.metrics.serviceMonitor.scrapeInterval }} {{- if .Values.controller.metrics.serviceMonitor.honorLabels }} honorLabels: true diff --git a/charts/ingress-nginx/values.yaml b/charts/ingress-nginx/values.yaml index 9ec174f7e..e65b61608 100644 --- a/charts/ingress-nginx/values.yaml +++ b/charts/ingress-nginx/values.yaml @@ -666,6 +666,7 @@ controller: metrics: port: 10254 + portName: metrics # if this port is changed, change healthz-port: in extraArgs: accordingly enabled: false From 4bb3b3877c8aed73af963a82c678c80afa669809 Mon Sep 17 00:00:00 2001 From: Anders Swanson Date: Mon, 12 Sep 2022 12:45:54 -0700 Subject: [PATCH 051/166] Document new values key --- charts/ingress-nginx/README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/charts/ingress-nginx/README.md b/charts/ingress-nginx/README.md index 4e6a696c6..62ddfe2ca 100644 --- a/charts/ingress-nginx/README.md +++ b/charts/ingress-nginx/README.md @@ -348,6 +348,7 @@ Kubernetes: `>=1.20.0-0` | controller.maxmindLicenseKey | string | `""` | Maxmind license key to download GeoLite2 Databases. # https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-geolite2-databases | | controller.metrics.enabled | bool | `false` | | | controller.metrics.port | int | `10254` | | +| controller.metrics.portName | string | `metrics` | Port name for metrics service | | controller.metrics.prometheusRule.additionalLabels | object | `{}` | | | controller.metrics.prometheusRule.enabled | bool | `false` | | | controller.metrics.prometheusRule.rules | list | `[]` | | From adb7a9d6ccf85c034aed9b0acc00c8218942e80f Mon Sep 17 00:00:00 2001 From: Anders Swanson Date: Mon, 12 Sep 2022 13:03:54 -0700 Subject: [PATCH 052/166] Fix for Docs check --- charts/ingress-nginx/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/ingress-nginx/README.md b/charts/ingress-nginx/README.md index 62ddfe2ca..53f887a25 100644 --- a/charts/ingress-nginx/README.md +++ b/charts/ingress-nginx/README.md @@ -348,7 +348,7 @@ Kubernetes: `>=1.20.0-0` | controller.maxmindLicenseKey | string | `""` | Maxmind license key to download GeoLite2 Databases. # https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-geolite2-databases | | controller.metrics.enabled | bool | `false` | | | controller.metrics.port | int | `10254` | | -| controller.metrics.portName | string | `metrics` | Port name for metrics service | +| controller.metrics.portName | string | `"metrics"` | | | controller.metrics.prometheusRule.additionalLabels | object | `{}` | | | controller.metrics.prometheusRule.enabled | bool | `false` | | | controller.metrics.prometheusRule.rules | list | `[]` | | From ec4c53f0f32bcfdfd6b5de4b412f5082ea244041 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 15 Sep 2022 06:41:28 -0700 Subject: [PATCH 053/166] Bump ossf/scorecard-action from 1.1.2 to 2.0.2 (#9044) Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 1.1.2 to 2.0.2. - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](https://github.com/ossf/scorecard-action/compare/ce330fde6b1a5c9c75b417e7efc510b822a35564...68bf5b3327e4fd443d2add8ab122280547b4a16d) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/scorecards.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 20961611c..dcb8fc55b 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -30,7 +30,7 @@ jobs: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@ce330fde6b1a5c9c75b417e7efc510b822a35564 # v1.1.1 + uses: ossf/scorecard-action@68bf5b3327e4fd443d2add8ab122280547b4a16d # v1.1.1 with: results_file: results.sarif results_format: sarif From 0b8dc59eaf6cd385584ede2ca28df9b9db58fbb5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 15 Sep 2022 06:43:24 -0700 Subject: [PATCH 054/166] Bump actions/upload-artifact from 3.0.0 to 3.1.0 (#9045) Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 3.0.0 to 3.1.0. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v3...3cea5372237819ed00197afe530f5a7ea3e805c8) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/scorecards.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index dcb8fc55b..8d3900b0b 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -49,7 +49,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 # v3.0.0 + uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # v3.0.0 with: name: SARIF file path: results.sarif From f352f1f70b2aa2c21fa88efb8af05120d854ff81 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 15 Sep 2022 07:17:24 -0700 Subject: [PATCH 055/166] Bump k8s.io/klog/v2 from 2.80.0 to 2.80.1 (#9043) Bumps [k8s.io/klog/v2](https://github.com/kubernetes/klog) from 2.80.0 to 2.80.1. - [Release notes](https://github.com/kubernetes/klog/releases) - [Changelog](https://github.com/kubernetes/klog/blob/main/RELEASE.md) - [Commits](https://github.com/kubernetes/klog/compare/v2.80.0...v2.80.1) --- updated-dependencies: - dependency-name: k8s.io/klog/v2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 1f3259c47..521b58fce 100644 --- a/go.mod +++ b/go.mod @@ -38,7 +38,7 @@ require ( k8s.io/client-go v0.25.0 k8s.io/code-generator v0.23.5 k8s.io/component-base v0.25.0 - k8s.io/klog/v2 v2.80.0 + k8s.io/klog/v2 v2.80.1 pault.ag/go/sniff v0.0.0-20200207005214-cf7e4d167732 sigs.k8s.io/controller-runtime v0.11.2 sigs.k8s.io/mdtoc v1.1.0 diff --git a/go.sum b/go.sum index fd830d995..5a5411fae 100644 --- a/go.sum +++ b/go.sum @@ -1159,8 +1159,8 @@ k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAE k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE= k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= k8s.io/klog/v2 v2.30.0/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= -k8s.io/klog/v2 v2.80.0 h1:lyJt0TWMPaGoODa8B8bUuxgHS3W/m/bNr2cca3brA/g= -k8s.io/klog/v2 v2.80.0/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= +k8s.io/klog/v2 v2.80.1 h1:atnLQ121W371wYYFawwYx1aEY2eUfs4l3J72wtgAwV4= +k8s.io/klog/v2 v2.80.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= k8s.io/kube-openapi v0.0.0-20211115234752-e816edb12b65/go.mod h1:sX9MT8g7NVZM5lVL/j8QyCCJe8YSMW30QvGZWaCIDIk= k8s.io/kube-openapi v0.0.0-20220803162953-67bda5d908f1 h1:MQ8BAZPZlWk3S9K4a9NCkIFQtZShWqoha7snGixVgEA= k8s.io/kube-openapi v0.0.0-20220803162953-67bda5d908f1/go.mod h1:C/N6wCaBHeBHkHUesQOQy2/MZqGgMAFPqGsGQLdbZBU= From 1ce0b55f62208b6c4c1c1b3f41560a714d772b95 Mon Sep 17 00:00:00 2001 From: Ehsan Saei <71217171+esigo@users.noreply.github.com> Date: Thu, 15 Sep 2022 21:37:34 +0200 Subject: [PATCH 056/166] update OpenTelemetry image (#9036) * update OpenTelemetry image * use promoted image --- charts/ingress-nginx/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/ingress-nginx/values.yaml b/charts/ingress-nginx/values.yaml index 9ec174f7e..9c34e7f6f 100644 --- a/charts/ingress-nginx/values.yaml +++ b/charts/ingress-nginx/values.yaml @@ -580,7 +580,7 @@ controller: extraModules: [] ## Modules, which are mounted into the core nginx image # - name: opentelemetry - # image: registry.k8s.io/ingress-nginx/opentelemetry:v20220801-g00ee51f09@sha256:482562feba02ad178411efc284f8eb803a185e3ea5588b6111ccbc20b816b427 + # image: registry.k8s.io/ingress-nginx/opentelemetry:v20220906-g981ce38a7@sha256:aa079daa7efd93aa830e26483a49a6343354518360929494bad1d0ad3303142e # # The image must contain a `/usr/local/bin/init_module.sh` executable, which # will be executed as initContainers, to move its config files within the From e68ab4f39522854dd74f971965db767e6a981e34 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 15 Sep 2022 21:45:17 -0700 Subject: [PATCH 057/166] Bump github/codeql-action from 2.1.22 to 2.1.23 (#9052) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.22 to 2.1.23. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/b398f525a5587552e573b247ac661067fafa920b...6a38b7d4a1af70deb1b561eb77db2b5e5a6a1e69) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/scorecards.yml | 2 +- .github/workflows/vulnerability-scans.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 8d3900b0b..2974012a8 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -57,6 +57,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@b398f525a5587552e573b247ac661067fafa920b # v2.1.14 + uses: github/codeql-action/upload-sarif@6a38b7d4a1af70deb1b561eb77db2b5e5a6a1e69 # v2.1.14 with: sarif_file: results.sarif diff --git a/.github/workflows/vulnerability-scans.yaml b/.github/workflows/vulnerability-scans.yaml index 945c7a935..f47c5d626 100644 --- a/.github/workflows/vulnerability-scans.yaml +++ b/.github/workflows/vulnerability-scans.yaml @@ -75,7 +75,7 @@ jobs: # This step checks out a copy of your repository. - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@b398f525a5587552e573b247ac661067fafa920b + uses: github/codeql-action/upload-sarif@6a38b7d4a1af70deb1b561eb77db2b5e5a6a1e69 with: token: ${{ github.token }} # Path to SARIF file relative to the root of the repository From ca1e8b6d9ec26d2298ed4e3554d84d827f888e8f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 15 Sep 2022 21:47:16 -0700 Subject: [PATCH 058/166] Bump ossf/scorecard-action from 2.0.2 to 2.0.3 (#9053) Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.0.2 to 2.0.3. - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](https://github.com/ossf/scorecard-action/compare/68bf5b3327e4fd443d2add8ab122280547b4a16d...865b4092859256271290c77adbd10a43f4779972) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/scorecards.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 2974012a8..62dafe1f3 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -30,7 +30,7 @@ jobs: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@68bf5b3327e4fd443d2add8ab122280547b4a16d # v1.1.1 + uses: ossf/scorecard-action@865b4092859256271290c77adbd10a43f4779972 # v1.1.1 with: results_file: results.sarif results_format: sarif From d32f8c343922b8ddb2a1a55eac9633a288c3f405 Mon Sep 17 00:00:00 2001 From: Long Wu Yuan Date: Fri, 16 Sep 2022 18:45:18 +0530 Subject: [PATCH 059/166] bump go to v1.19.1 (#9057) --- .github/workflows/ci.yaml | 10 +++++----- .github/workflows/plugin.yaml | 2 +- images/custom-error-pages/rootfs/Dockerfile | 2 +- images/ext-auth-example-authsvc/rootfs/Dockerfile | 2 +- images/kube-webhook-certgen/rootfs/Dockerfile | 2 +- images/test-runner/Makefile | 2 +- 6 files changed, 10 insertions(+), 10 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 54a935917..9d7941ab5 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -70,11 +70,11 @@ jobs: - name: Checkout uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.2 - - name: Set up Go 1.19.0 + - name: Set up Go 1.19.1 id: go uses: actions/setup-go@268d8c0ca0432bb2cf416faae41297df9d262d7f # v3.2.0 with: - go-version: '1.19.0' + go-version: '1.19.1' - name: Set up QEMU uses: docker/setup-qemu-action@8b122486cedac8393e77aa9734c3528886e4a1a8 #v2.0.0 @@ -136,7 +136,7 @@ jobs: - name: Setup Go uses: actions/setup-go@268d8c0ca0432bb2cf416faae41297df9d262d7f # v3.2.0 with: - go-version: '1.19.0' + go-version: '1.19.1' - name: cache uses: actions/download-artifact@fb598a63ae348fa914e94cd0ff38f362e927b741 # v3 @@ -406,12 +406,12 @@ jobs: version: v0.15.0 image: kindest/node:v1.25.0 - - name: Set up Go 1.19.0 + - name: Set up Go 1.19.1 id: go if: ${{ steps.filter-images.outputs.kube-webhook-certgen == 'true' }} uses: actions/setup-go@268d8c0ca0432bb2cf416faae41297df9d262d7f # v3.2.0 with: - go-version: '1.19.0' + go-version: '1.19.1' - name: kube-webhook-certgen image build if: ${{ steps.filter-images.outputs.kube-webhook-certgen == 'true' }} diff --git a/.github/workflows/plugin.yaml b/.github/workflows/plugin.yaml index 1d5ee2787..319055b62 100644 --- a/.github/workflows/plugin.yaml +++ b/.github/workflows/plugin.yaml @@ -24,7 +24,7 @@ jobs: - name: Set up Go uses: actions/setup-go@268d8c0ca0432bb2cf416faae41297df9d262d7f # v3.2.0 with: - go-version: 1.19.0 + go-version: 1.19.1 - name: Run GoReleaser uses: goreleaser/goreleaser-action@ff11ca24a9b39f2d36796d1fbd7a4e39c182630a # v3.0.0 diff --git a/images/custom-error-pages/rootfs/Dockerfile b/images/custom-error-pages/rootfs/Dockerfile index 513354279..768b1e9df 100755 --- a/images/custom-error-pages/rootfs/Dockerfile +++ b/images/custom-error-pages/rootfs/Dockerfile @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM golang:1.19.0-alpine as builder +FROM golang:1.19.1-alpine as builder RUN apk add git WORKDIR /go/src/k8s.io/ingress-nginx/images/custom-error-pages diff --git a/images/ext-auth-example-authsvc/rootfs/Dockerfile b/images/ext-auth-example-authsvc/rootfs/Dockerfile index 2eb010379..c2387d90a 100644 --- a/images/ext-auth-example-authsvc/rootfs/Dockerfile +++ b/images/ext-auth-example-authsvc/rootfs/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.19.0-alpine3.16 as builder +FROM golang:1.19.1-alpine3.16 as builder RUN mkdir /authsvc WORKDIR /authsvc COPY . ./ diff --git a/images/kube-webhook-certgen/rootfs/Dockerfile b/images/kube-webhook-certgen/rootfs/Dockerfile index 1ed714b56..b8e4ef8b1 100644 --- a/images/kube-webhook-certgen/rootfs/Dockerfile +++ b/images/kube-webhook-certgen/rootfs/Dockerfile @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM --platform=$BUILDPLATFORM golang:1.19.0 as builder +FROM --platform=$BUILDPLATFORM golang:1.19.1 as builder ARG BUILDPLATFORM ARG TARGETARCH diff --git a/images/test-runner/Makefile b/images/test-runner/Makefile index ad888e5c7..32e09ca23 100644 --- a/images/test-runner/Makefile +++ b/images/test-runner/Makefile @@ -39,7 +39,7 @@ build: ensure-buildx --progress=$(PROGRESS) \ --pull \ --build-arg BASE_IMAGE=$(NGINX_BASE_IMAGE) \ - --build-arg GOLANG_VERSION=1.19.0 \ + --build-arg GOLANG_VERSION=1.19.1 \ --build-arg ETCD_VERSION=3.4.3-0 \ --build-arg K8S_RELEASE=v1.24.2 \ --build-arg RESTY_CLI_VERSION=0.27 \ From b1edb3e141c2acc3ca941245207a8e93e50a199f Mon Sep 17 00:00:00 2001 From: Long Wu Yuan Date: Sat, 17 Sep 2022 04:06:49 +0530 Subject: [PATCH 060/166] updated testrunner image sha after bump to go1191 (#9058) --- build/run-in-docker.sh | 2 +- .../custom-errors/custom-default-backend.helm.values.yaml | 2 +- .../customization/custom-errors/custom-default-backend.yaml | 2 +- test/e2e-image/Makefile | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/build/run-in-docker.sh b/build/run-in-docker.sh index 77e7b7a38..35ea27819 100755 --- a/build/run-in-docker.sh +++ b/build/run-in-docker.sh @@ -38,7 +38,7 @@ function cleanup { } trap cleanup EXIT -E2E_IMAGE=${E2E_IMAGE:-registry.k8s.io/ingress-nginx/e2e-test-runner:v20220823-ge19026fe4@sha256:038fc60379b6ce9a0134c2ff9134edccad1f8ecbd9c6ebed9660711d05b0ed95} +E2E_IMAGE=${E2E_IMAGE:-registry.k8s.io/ingress-nginx/e2e-test-runner:v20220916-gd32f8c343@sha256:f3f26f1e2aef8b2013b731f041fd69bcd950d3118eecf4429551848f47305c0f} DOCKER_OPTS=${DOCKER_OPTS:-} DOCKER_IN_DOCKER_ENABLED=${DOCKER_IN_DOCKER_ENABLED:-} diff --git a/docs/examples/customization/custom-errors/custom-default-backend.helm.values.yaml b/docs/examples/customization/custom-errors/custom-default-backend.helm.values.yaml index 3d93935e4..670208559 100644 --- a/docs/examples/customization/custom-errors/custom-default-backend.helm.values.yaml +++ b/docs/examples/customization/custom-errors/custom-default-backend.helm.values.yaml @@ -6,7 +6,7 @@ defaultBackend: image: registry: registry.k8s.io image: ingress-nginx/nginx-errors - tag: "1.3.0" + tag: "v20220916-gd32f8c343@sha256:09c421ac743bace19ab77979b82186941c5125c95e62cdb40bdf41293b5c275c" extraVolumes: - name: custom-error-pages configMap: diff --git a/docs/examples/customization/custom-errors/custom-default-backend.yaml b/docs/examples/customization/custom-errors/custom-default-backend.yaml index 318e318f5..072beab3b 100644 --- a/docs/examples/customization/custom-errors/custom-default-backend.yaml +++ b/docs/examples/customization/custom-errors/custom-default-backend.yaml @@ -36,7 +36,7 @@ spec: spec: containers: - name: nginx-error-server - image: registry.k8s.io/ingress-nginx/nginx-errors:1.3.0 + image: registry.k8s.io/ingress-nginx/nginx-errors:v20220916-gd32f8c343@sha256:09c421ac743bace19ab77979b82186941c5125c95e62cdb40bdf41293b5c275c ports: - containerPort: 8080 # Setting the environment variable DEBUG we can see the headers sent diff --git a/test/e2e-image/Makefile b/test/e2e-image/Makefile index f04307f81..d0ed88972 100644 --- a/test/e2e-image/Makefile +++ b/test/e2e-image/Makefile @@ -1,6 +1,6 @@ DIR:=$(shell dirname $(realpath $(firstword $(MAKEFILE_LIST)))) -E2E_BASE_IMAGE="registry.k8s.io/ingress-nginx/e2e-test-runner:v20220823-ge19026fe4@sha256:038fc60379b6ce9a0134c2ff9134edccad1f8ecbd9c6ebed9660711d05b0ed95" +E2E_BASE_IMAGE="registry.k8s.io/ingress-nginx/e2e-test-runner:v20220916-gd32f8c343@sha256:f3f26f1e2aef8b2013b731f041fd69bcd950d3118eecf4429551848f47305c0f" image: echo "..entered Makefile in /test/e2e-image" From b088ee2d7edcc06630563cd7618a413e83331091 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 19 Sep 2022 06:11:23 -0700 Subject: [PATCH 061/166] Bump github/codeql-action from 2.1.23 to 2.1.24 (#9066) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.23 to 2.1.24. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/6a38b7d4a1af70deb1b561eb77db2b5e5a6a1e69...904260d7d935dff982205cbdb42025ce30b7a34f) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/scorecards.yml | 2 +- .github/workflows/vulnerability-scans.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 62dafe1f3..84cc87e1d 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -57,6 +57,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@6a38b7d4a1af70deb1b561eb77db2b5e5a6a1e69 # v2.1.14 + uses: github/codeql-action/upload-sarif@904260d7d935dff982205cbdb42025ce30b7a34f # v2.1.14 with: sarif_file: results.sarif diff --git a/.github/workflows/vulnerability-scans.yaml b/.github/workflows/vulnerability-scans.yaml index f47c5d626..8377b3ad0 100644 --- a/.github/workflows/vulnerability-scans.yaml +++ b/.github/workflows/vulnerability-scans.yaml @@ -75,7 +75,7 @@ jobs: # This step checks out a copy of your repository. - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@6a38b7d4a1af70deb1b561eb77db2b5e5a6a1e69 + uses: github/codeql-action/upload-sarif@904260d7d935dff982205cbdb42025ce30b7a34f with: token: ${{ github.token }} # Path to SARIF file relative to the root of the repository From a559f75e38214b2c9d6d291304db25528f24b6f7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 19 Sep 2022 06:13:23 -0700 Subject: [PATCH 062/166] Bump github.com/onsi/ginkgo/v2 from 2.1.6 to 2.2.0 (#9064) Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.1.6 to 2.2.0. - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/ginkgo/compare/v2.1.6...v2.2.0) --- updated-dependencies: - dependency-name: github.com/onsi/ginkgo/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 521b58fce..bfcba276d 100644 --- a/go.mod +++ b/go.mod @@ -14,7 +14,7 @@ require ( github.com/mitchellh/mapstructure v1.5.0 github.com/moul/pb v0.0.0-20220425114252-bca18df4138c github.com/ncabatoff/process-exporter v0.7.10 - github.com/onsi/ginkgo/v2 v2.1.6 + github.com/onsi/ginkgo/v2 v2.2.0 github.com/opencontainers/runc v1.1.4 github.com/pmezard/go-difflib v1.0.0 github.com/prometheus/client_golang v1.13.0 diff --git a/go.sum b/go.sum index 5a5411fae..0cc37681c 100644 --- a/go.sum +++ b/go.sum @@ -456,8 +456,8 @@ github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+W github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk= github.com/onsi/ginkgo v1.14.0/go.mod h1:iSB4RoI2tjJc9BBv4NKIKWKya62Rps+oPG/Lv9klQyY= github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= -github.com/onsi/ginkgo/v2 v2.1.6 h1:Fx2POJZfKRQcM1pH49qSZiYeu319wji004qX+GDovrU= -github.com/onsi/ginkgo/v2 v2.1.6/go.mod h1:MEH45j8TBi6u9BMogfbp0stKC5cdGjumZj5Y7AG4VIk= +github.com/onsi/ginkgo/v2 v2.2.0 h1:3ZNA3L1c5FYDFTTxbFeVGGD8jYvjYauHD30YgLxVsNI= +github.com/onsi/ginkgo/v2 v2.2.0/go.mod h1:MEH45j8TBi6u9BMogfbp0stKC5cdGjumZj5Y7AG4VIk= github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= From 3ce1f43fc60cf0bcbd43493c2186cc93308046f6 Mon Sep 17 00:00:00 2001 From: "Leon(@mediocreDevops)" Date: Mon, 19 Sep 2022 18:45:23 +0530 Subject: [PATCH 063/166] Tips for new contributors (#8924) This commit adds tips for new contributors along with references and examples Signed-off-by: afro-coder Co-authored-by: Tanisha Banik <26tanishabanik@gmail.com> Signed-off-by: afro-coder Co-authored-by: Tanisha Banik <26tanishabanik@gmail.com> --- CONTRIBUTING.md | 11 +- NEW_CONTRIBUTOR.md | 850 +++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 857 insertions(+), 4 deletions(-) create mode 100644 NEW_CONTRIBUTOR.md diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index e73f49fcd..a11435aef 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -2,7 +2,7 @@ Read the following guide if you're interested in contributing to Ingress. [Make Ingress-Nginx Work for you, and the Community](https://youtu.be/GDm-7BlmPPg) from KubeCon Europe 2018 is a great video to get you started!! -Note that this guide refers to contributing to actual sources of the repository. If you interested in contributing through issue triaging, have a look at [this guide](./ISSUE_TRIAGE.md). +Note that this guide refers to contributing to actual sources of the repository. If you interested in contributing through issue triaging, have a look at [this guide](./ISSUE_TRIAGE.md). ## Contributor License Agreements @@ -19,7 +19,7 @@ Follow either of the two links above to access the appropriate CLA and instructi ## Finding Issues That Need Help -If you're new to the project and want to help, but don't know where to start, we have a semi-curated list of issues that should not need deep knowledge of the system. [Have a look and see if anything sounds interesting](https://github.com/kubernetes/ingress-nginx/issues?utf8=%E2%9C%93&q=is%3Aopen%20is%3Aissue%20label%3A%22help+wanted%22). +If you're new to the project and want to help, but don't know where to start, we have a semi-curated list of issues that should not need deep knowledge of the system. [Have a look and see if anything sounds interesting](https://github.com/kubernetes/ingress-nginx/issues?utf8=%E2%9C%93&q=is%3Aopen%20is%3Aissue%20label%3A%22help+wanted%22). Alternatively, search for the label [`triage-accepted`](https://github.com/kubernetes/ingress-nginx/issues?q=is%3Aopen+is%3Aissue+label%3Atriage%2Faccepted+) if you have some experience with ingress-nginx. Note, that it could make sense to grab issues with higher priority first. @@ -34,9 +34,9 @@ All changes must be code reviewed. Coding conventions and standards are explaine ### Merge Approval -Ingress Nginx collaborators may add "/lgtm" (Looks Good To Me) to indicate that a PR is acceptable. Any change requires at least one LGTM. No pull requests can be merged until at least one Ingress Nginx collaborator signs off with an LGTM. Adding the "/lgtm" comment result in the prow bot adding the `lgtm` label. Note that a pull request still needs an `approve` label from one of the owners. +Ingress Nginx collaborators may add "/lgtm" (Looks Good To Me) to indicate that a PR is acceptable. Any change requires at least one LGTM. No pull requests can be merged until at least one Ingress Nginx collaborator signs off with an LGTM. Adding the "/lgtm" comment result in the prow bot adding the `lgtm` label. Note that a pull request still needs an `approve` label from one of the owners. -Reviewers or members who want to become reviewers according to the [k8s membership ladder](https://github.com/kubernetes/community/blob/master/community-membership.md), could actively search for [pull requests that need a review](https://github.com/kubernetes/ingress-nginx/pulls?q=is%3Aopen+is%3Apr+label%3Atriage%2Faccepted). +Reviewers or members who want to become reviewers according to the [k8s membership ladder](https://github.com/kubernetes/community/blob/master/community-membership.md), could actively search for [pull requests that need a review](https://github.com/kubernetes/ingress-nginx/pulls?q=is%3Aopen+is%3Apr+label%3Atriage%2Faccepted). ## Support Channels @@ -47,3 +47,6 @@ Whether you are a user or contributor, official support channels include: - Post: [Kubernetes Forum](https://discuss.kubernetes.io) Before opening a new issue or submitting a new pull request, it's helpful to search the project - it's likely that another user has already reported the issue you're facing, or it's a known issue that we're already aware of. + +## New Contributor Tips +If you're a new contributor, you can follow the [New Contributor Tips guide](NEW_CONTRIBUTOR.md) diff --git a/NEW_CONTRIBUTOR.md b/NEW_CONTRIBUTOR.md new file mode 100644 index 000000000..816d05778 --- /dev/null +++ b/NEW_CONTRIBUTOR.md @@ -0,0 +1,850 @@ +## New Contributor Tips + +Welcome to the Ingress Nginx new contributor tips. +This guide briefly outlines the necessary knowledge & tools, required to start working on Ingress-NGINX Issues. + +### Prerequisites +- Basic understanding of linux +- Familiarity with the command line on linux +- OSI Model(Links below) + +### Introduction +It all starts with the OSI model... +> The Open Systems Interconnection (OSI) model describes seven layers that computer systems use to communicate over a network. It was the first standard model for network communications, adopted by all major computer and telecommunication companies + +![Describes the 7 Layers of the OSI Model](https://i.imgur.com/qF0KjBq.png) + +#### Reading material for OSI Model +[OSI Model CertificationKits](https://www.certificationkits.com/cisco-certification/cisco-ccna-640-802-exam-certification-guide/cisco-ccna-the-osi-model/) + +### Approaching the problem + + +Not everybody knows everything. But the factors that help are a love/passion for this to begin. But to move forward, its the approach and not the knowledge that sustains prolonged joy, while working on issues. If the approach is simple and powered by good-wishes-for-community, then info & tools are forthcoming and easy. + +Here we take a bird's eye-view of the hops in the network plumbing, that a packet takes, from source to destination, when we run `curl`, from a laptop to a nginx webserver process, running in a container, inside a pod, inside a Kubernetes cluster, created using `kind` or `minikube` or any other cluster-management tool. + +### [Kind](https://kind.sigs.k8s.io/) cluster example on a Linux Host + +#### TL;DR +The destination of the packet from the curl command, is looked up, in the `routing table`. Based on the route, the the packet first travels to the virtual bridge `172.18.0.1` interface, created by docker, when we created the kind cluster on a laptop. Next the packet is forwarded to `172.18.0.2`(See below on how we got this IP address), within the kind cluster. The `kube-proxy` container creates iptables rules that make sure the packet goes to the correct pod ip in this case `10.244.0.5` + +Command: +``` +# docker ps +CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES +230e7246a32c kindest/node:v1.24.1 "/usr/local/bin/entr…" 2 weeks ago Up 54 seconds 127.0.0.1:38143->6443/tcp kind-control-plane + +# docker inspect kind-control-plane -f '{{ .NetworkSettings.Networks.kind.IPAddress }}' +172.18.0.2 + +``` + + + +If this part is confusing, you would first need to understand what a [bridge](https://tldp.org/HOWTO/BRIDGE-STP-HOWTO/what-is-a-bridge.html) is and what [docker network](https://docs.docker.com/network/) is. + + + +#### The journey of a curl packet. +Let's begin with creating a [Kind](https://kind.sigs.k8s.io/docs/user/quick-start/) Cluster on your laptop +``` +# kind create cluster +``` +This will create a cluster called `kind`, to view the clusters type +``` +# kind get clusters    +kind +``` +Kind ships with `kubectl`, so we can use that to communicate with our clusters. +``` +# kubectl get no -o wide    +NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME +kind-control-plane Ready control-plane 5d23h v1.24.1 172.18.0.2 Ubuntu 21.10 5.18.12-arch1-1 containerd://1.6.4 +``` +Kind creates a cluster using docker container as nodes, it does this using [containerd](https://containerd.io/) within the docker container. +The concept of Docker in Docker is very important here. + +To start with simply create a nginx deployment using `kubectl`. +``` +# kubectl create deployment nginx --image nginx:alpine --port=80 +deployment.apps/nginx created +``` +Then we expose this as a NodePort Service. +``` +# kubectl expose deployment/nginx --type=NodePort +service/nginx-new exposed +``` +Command: Now we can see that the service has been exposed. +``` +# kubectl get svc -o wide +NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR +nginx NodePort 10.96.176.241 80:32329/TCP 4d8h app=nginx +``` +Output Relevance: From the above output, we can see that our nginx pod is being exposed as the `NodePort` service type, and now we can curl the Node IP `172.18.0.2` with the exposed port `32329` + +Command: The pod has an IP as shown below +``` +# kubectl get po -o wide   +NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES +nginx-6c8b449b8f-pdvdk 1/1 Running 1 (32h ago) 4d8h 10.244.0.5 kind-control-plane +``` + +Command: We can use `curl` on the laptop to view the nginx container that is running on port `32329`. + +``` +# curl 172.18.0.2:32329 + + + + +Welcome to nginx! + + + +

Welcome to nginx!

+

If you see this page, the nginx web server is successfully installed and +working. Further configuration is required.

+ +

For online documentation and support please refer to +nginx.org.
+Commercial support is available at +nginx.com.

+ +

Thank you for using nginx.

+ + +``` +Now, we can check the ip interfaces as well subnets for our system is connected to: + +``` +$ ifconfig +ethbr0: flags=4163 mtu 1500 + inet 192.168.31.9 netmask 255.255.255.0 broadcast 192.168.31.255 + inet6 fe80::7530:9ae5:3e8d:e45a prefixlen 64 scopeid 0x20 + ether 2e:90:b3:e8:52:5b txqueuelen 1000 (Ethernet) + RX packets 31220566 bytes 44930589084 (41.8 GiB) + RX errors 0 dropped 0 overruns 0 frame 0 + TX packets 18104006 bytes 1757183680 (1.6 GiB) + TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 + +br-2fffe5cd5d9e: flags=4163 mtu 1500 + inet 172.18.0.1 netmask 255.255.0.0 broadcast 172.18.255.255 + inet6 fc00:f853:ccd:e793::1 prefixlen 64 scopeid 0x0 + inet6 fe80::42:12ff:fed3:8fb0 prefixlen 64 scopeid 0x20 + inet6 fe80::1 prefixlen 64 scopeid 0x20 + ether 02:42:12:d3:8f:b0 txqueuelen 0 (Ethernet) + RX packets 3547 bytes 414792 (405.0 KiB) + RX errors 0 dropped 0 overruns 0 frame 0 + TX packets 6267 bytes 8189931 (7.8 MiB) + TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 +docker0: flags=4099 mtu 1500 + inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255 + inet6 fe80::42:a2ff:fe09:5edb prefixlen 64 scopeid 0x20 + ether 02:42:a2:09:5e:db txqueuelen 0 (Ethernet) + RX packets 14 bytes 2143 (2.0 KiB) + RX errors 0 dropped 0 overruns 0 frame 0 + TX packets 40 bytes 6406 (6.2 KiB) + TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 +``` +From the above output we can see that, there are two bridges connected to our systems network interface,one is the docker default bridge`docker0` and the other created by kind +`br-2fffe5cd5d9e`. + +Since kind creates nodes as containers, this is easily accessible via `docker ps`. +``` +$ docker ps + +CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES +230e7246a32c kindest/node:v1.24.1 "/usr/local/bin/entr…" 6 days ago Up 33 hours 127.0.0.1:38143->6443/tcp kind-control-plane +``` +If we do a docker `exec` we can enter the container, we can also see the network interfaces within the container. +``` +# docker exec -it 230e7246a32c bash + +# root@kind-control-plane:/# ip a +1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 + link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 + inet 127.0.0.1/8 scope host lo + valid_lft forever preferred_lft forever + inet6 ::1/128 scope host + valid_lft forever preferred_lft forever +2: vethdb0d1da1@if2: mtu 1500 qdisc noqueue state UP group default + link/ether a2:a1:ce:08:d2:39 brd ff:ff:ff:ff:ff:ff link-netns cni-ddc25710-030a-cc05-c600-5a183fae01f7 + inet 10.244.0.1/32 scope global vethdb0d1da1 + valid_lft forever preferred_lft forever +3: veth4d76603f@if2: mtu 1500 qdisc noqueue state UP group default + link/ether 9a:9b:6b:3e:d1:53 brd ff:ff:ff:ff:ff:ff link-netns cni-f2270000-8fc8-6f89-e56b-4759ae10a084 + inet 10.244.0.1/32 scope global veth4d76603f + valid_lft forever preferred_lft forever +4: vethcc2586d6@if2: mtu 1500 qdisc noqueue state UP group default + link/ether 52:f9:20:63:62:a2 brd ff:ff:ff:ff:ff:ff link-netns cni-97e337cd-1322-c1fa-7523-789af94f397f + inet 10.244.0.1/32 scope global vethcc2586d6 + valid_lft forever preferred_lft forever +5: veth783189a9@if2: mtu 1500 qdisc noqueue state UP group default + link/ether ba:e1:55:1f:6f:12 brd ff:ff:ff:ff:ff:ff link-netns cni-90849001-668a-03d2-7d9e-192de79ccc59 + inet 10.244.0.1/32 scope global veth783189a9 + valid_lft forever preferred_lft forever +6: veth79c98c12@if2: mtu 1500 qdisc noqueue state UP group default + link/ether 22:05:55:c7:86:e9 brd ff:ff:ff:ff:ff:ff link-netns cni-734dfac9-9f70-ab33-265b-21569d90312a + inet 10.244.0.1/32 scope global veth79c98c12 + valid_lft forever preferred_lft forever +7: veth5b221c83@if2: mtu 1500 qdisc noqueue state UP group default + link/ether 92:3f:04:54:72:5a brd ff:ff:ff:ff:ff:ff link-netns cni-d8f6666b-1cfb-ef08-4bf8-237a7fc32da2 + inet 10.244.0.1/32 scope global veth5b221c83 + valid_lft forever preferred_lft forever +8: vethad630fb8@if2: mtu 1500 qdisc noqueue state UP group default + link/ether 32:78:ec:f6:01:ea brd ff:ff:ff:ff:ff:ff link-netns cni-6cb3c179-cb17-3b81-2051-27231c44a3c4 + inet 10.244.0.1/32 scope global vethad630fb8 + valid_lft forever preferred_lft forever +9: veth573a629b@if2: mtu 1500 qdisc noqueue state UP group default + link/ether e2:57:f8:c9:bc:94 brd ff:ff:ff:ff:ff:ff link-netns cni-d2dbb903-8310-57b4-7ba4-9f353dbc79dc + inet 10.244.0.1/32 scope global veth573a629b + valid_lft forever preferred_lft forever +10: eth0@if11: mtu 1500 qdisc noqueue state UP group default + link/ether 02:42:ac:12:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0 + inet 172.18.0.2/16 brd 172.18.255.255 scope global eth0 + valid_lft forever preferred_lft forever + inet6 fc00:f853:ccd:e793::2/64 scope global nodad + valid_lft forever preferred_lft forever + inet6 fe80::42:acff:fe12:2/64 scope link + valid_lft forever preferred_lft forever +11: vethd7368e27@if2: mtu 1500 qdisc noqueue state UP group default + link/ether 8a:74:ec:f6:d6:c9 brd ff:ff:ff:ff:ff:ff link-netns cni-7c7eb9cd-bbb1-65b0-0480-b8f1265f2f36 + inet 10.244.0.1/32 scope global vethd7368e27 + valid_lft forever preferred_lft forever +12: veth7cadbf2b@if2: mtu 1500 qdisc noqueue state UP group default + link/ether 12:48:10:b7:b8:f5 brd ff:ff:ff:ff:ff:ff link-netns cni-b39e37b5-1bc8-626a-a553-a0be2f94a117 + inet 10.244.0.1/32 scope global veth7cadbf2b + valid_lft forever preferred_lft forever + +``` +When we run `curl 172.18.0.2:32329` on the laptop it first needs to figure out where `172.18.0.2`, to do this it refers to the host routing table. +``` +sudo netstat -rn    main  +Kernel IP routing table +Destination Gateway Genmask Flags MSS Window irtt Iface +0.0.0.0 192.168.31.1 0.0.0.0 UG 0 0 0 ethbr0 +172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0 +172.18.0.0 0.0.0.0 255.255.0.0 U 0 0 0 br-2fffe5cd5d9e +172.19.0.0 0.0.0.0 255.255.0.0 U 0 0 0 br-be5b544733a3 +192.168.31.0 0.0.0.0 255.255.255.0 U 0 0 0 ethbr0 +192.168.31.0 0.0.0.0 255.255.255.0 U 0 0 0 ethbr0 +192.168.39.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr2 +192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0 +``` +Output Relevance: From the above output, you can see that the `iface`(Interface) for `172.18.0.0` is `br-2fffe5cd5d9e`, which means traffic that needs to go to `172.18.0.0` will go through `br-2fffe5cd5d9e` which is created by docker for the kind container (this is the node in case of kind cluster). + +Now we need to understand how the packet travels from the container interface to the pod with IP `10.244.0.5`. The component that handles this is called kube-proxy + +So what exactly is [kube-proxy](https://kubernetes.io/docs/concepts/overview/components/#kube-proxy): +> Kube-Proxy is a network proxy that runs on each node in your cluster, implementing part of the Kubernetes Service concept. +kube-proxy maintains network rules on nodes. These network rules allow network communication to your Pods from network sessions inside or outside of your cluster + +So, as we can see that kube proxy handles the network rules required to aid the communication to the pods, we will look at the [iptables](https://linux.die.net/man/8/iptables) +> `iptables` is a command line interface used to set up and maintain tables for the Netfilter firewall for IPv4, included in the Linux kernel. The firewall matches packets with rules defined in these tables and then takes the specified action on a possible match. Tables is the name for a set of chains + +Command: +``` +# iptables -t nat -L PREROUTING -n +Chain PREROUTING (policy ACCEPT) +target prot opt source destination +KUBE-SERVICES all -- 0.0.0.0/0 0.0.0.0/0 /* kubernetes service portals */ +DOCKER_OUTPUT all -- 0.0.0.0/0 172.18.0.1 +CNI-HOSTPORT-DNAT all -- 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCAL +``` + +``` +# iptables-save | grep PREROUTING +-A PREROUTING -m comment --comment "kubernetes service portals" -j KUBE-SERVICES +``` +Output Relevance: +> -A: append new iptable rule +> -j: jump to the target +> KUBE-SERVICES: target + +> The above output appends a new rule for PREROUTING which every network packet will go through first as they try to access any kubernetes service + + +What is `PREROUTING` in iptables? +>PREROUTING: This chain is used to make any routing related decisions before (PRE) sending any packets + +To dig in further we need to go to the target, `KUBE-SERVICES` for our nginx service. +``` +# iptables -t nat -L KUBE-SERVICES -n| grep nginx +KUBE-SVC-2CMXP7HKUVJN7L6M tcp -- 0.0.0.0/0 10.96.176.241 /* default/nginx cluster IP */ tcp dpt:80 +``` +Command: +``` +# iptables -t nat -L KUBE-SVC-2CMXP7HKUVJN7L6M -n +Chain KUBE-SVC-2CMXP7HKUVJN7L6M (2 references) +target prot opt source destination +KUBE-MARK-MASQ tcp -- !10.244.0.0/16 10.96.176.241 /* default/nginx cluster IP */ tcp dpt:80 +KUBE-SEP-4IEO3WJHPKXV3AOH all -- 0.0.0.0/0 0.0.0.0/0 /* default/nginx -> 10.244.0.5:80 */ + +# iptables -t nat -L KUBE-MARK-MASQ -n +Chain KUBE-MARK-MASQ (31 references) +target prot opt source destination +MARK all -- 0.0.0.0/0 0.0.0.0/0 MARK or 0x4000 + +# iptables -t nat -L KUBE-SEP-4IEO3WJHPKXV3AOH -n +Chain KUBE-SEP-4IEO3WJHPKXV3AOH (1 references) +target prot opt source destination +KUBE-MARK-MASQ all -- 10.244.0.5 0.0.0.0/0 /* default/nginx */ +DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 /* default/nginx */ tcp to:10.244.0.5:80 +``` + + +``` +iptables-save | grep 10.96.176.241 + +-A KUBE-SERVICES -d 10.96.176.241/32 -p tcp -m comment --comment "default/nginx cluster IP" -m tcp --dport 80 -j KUBE-SVC-2CMXP7HKUVJN7L6M +-A KUBE-SVC-2CMXP7HKUVJN7L6M ! -s 10.244.0.0/16 -d 10.96.176.241/32 -p tcp -m comment --comment "default/nginx cluster IP" -m tcp --dport 80 -j KUBE-MARK-MASQ +``` + +As you can see the rules added by `kube-proxy` helps the packet reach to the destination service. + +### Minikube KVM VM Example on Linux + +#### TL;DR +Now we look at the curl packet journey on minikube. The `routing table` is looked up to know the destination of the curl packet. The packet then first travels to the virtual bridge `192.168.39.1`, created by minikube kvm2 driver, when we created the minikube cluster, on a linux laptop. Then this packet is forwarded to `192.168.39.57`, within the minikube VM. We have docker containers running in the VM. Among them, the `kube-proxy` container creates iptables rules that make sure the packet goes to the correct pod ip, in this case `172.17.0.4`. + + +To begin with the minikube example, we first need to create a minikube cluster on a linux laptop. In this example I'll be using the `kvm2` driver option for `minikube start` command, as default. + +``` +minikube start +😄 minikube v1.26.0 on Arch "rolling" +🆕 Kubernetes 1.24.2 is now available. If you would like to upgrade, specify: --kubernetes-version=v1.24.2 +✨ Using the kvm2 driver based on existing profile +👍 Starting control plane node minikube in cluster minikube +🏃 Updating the running kvm2 "minikube" VM ... +🐳 Preparing Kubernetes v1.23.3 on Docker 20.10.12 ... + ▪ kubelet.housekeeping-interval=5m +🔎 Verifying Kubernetes components... + ▪ Using image k8s.gcr.io/ingress-nginx/kube-webhook-certgen:v1.1.1 + ▪ Using image k8s.gcr.io/ingress-nginx/kube-webhook-certgen:v1.1.1 + ▪ Using image k8s.gcr.io/ingress-nginx/controller:v1.2.1 + ▪ Using image gcr.io/k8s-minikube/storage-provisioner:v5 +🔎 Verifying ingress addon... +🌟 Enabled addons: ingress, storage-provisioner, default-storageclass +🏄 Done! kubectl is now configured to use "minikube" cluster and "default" namespace by default +``` +**Note**: The KVM driver provides a lot of options on customizing the cluster, however that is currently beyond the scope of this guide. + +Next we will get the Node IP. +``` +$ kubectl get no -o wide   +NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME +minikube Ready control-plane,master 25d v1.23.3 192.168.39.57 Buildroot 2021.02.4 4.19.202 docker://20.10.12 +``` +Minikube creates a Virtual Machine using the KVM2 driver(Other drivers such as Virtualbox do exist see `minikube start --help` for more information ), you should be able to see this with the following output(You may have to use sudo to get this output) + +``` +$ virsh --connect qemu:///system list + Id Name State +-------------------------- + 1 minikube running + + or + + $ sudo virsh list + Id Name State +-------------------------- + 1 minikube running + +``` + +Moving on, simply create a nginx deployment using `kubectl`. +``` +# kubectl create deployment nginx --image nginx:alpine --port=80 +deployment.apps/nginx created +``` +Then we expose this as a NodePort Service. +``` +# kubectl expose deployment/nginx --type=NodePort +service/nginx-new exposed +``` +Command: Now we can see that the service has been exposed. +``` +# kubectl get svc -o wide    main  +NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR +kubernetes ClusterIP 10.96.0.1 443/TCP 25d +nginx-minikube NodePort 10.97.44.4 80:32007/TCP 45h app=nginx-minikube +``` +Output Relevance: From the above output, we can see that our nginx pod is being exposed as the `NodePort` service type, and now we can curl the Node IP `192.168.39.57` with the exposed port `32007` + +Command: The pod has an IP as shown below +``` +# kubectl get po -o wide +NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES +nginx-minikube-7546f79bd8-x88bt 1/1 Running 3 (43m ago) 45h 172.17.0.4 minikube + +``` + +Command: We can use `curl` on the laptop to view the nginx container that is running on port `32007`. +``` +curl 192.168.39.57:32007 + + + +Welcome to nginx! + + + +

Welcome to nginx!

+

If you see this page, the nginx web server is successfully installed and +working. Further configuration is required.

+ +

For online documentation and support please refer to +nginx.org.
+Commercial support is available at +nginx.com.

+ +

Thank you for using nginx.

+ + +``` + +So, how does this packet travel, lets dive in. +We can check the ip interfaces as well subnets for our system is connected to: +``` +$ ifconfig +virbr2: flags=4163 mtu 1500 + inet 192.168.39.1 netmask 255.255.255.0 broadcast 192.168.39.255 + ether 52:54:00:19:29:93 txqueuelen 1000 (Ethernet) + RX packets 5132 bytes 1777099 (1.6 MiB) + RX errors 0 dropped 0 overruns 0 frame 0 + TX packets 6113 bytes 998530 (975.1 KiB) + TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 + +virbr0: flags=4163 mtu 1500 + inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255 + ether 52:54:00:48:ee:35 txqueuelen 1000 (Ethernet) + RX packets 23648 bytes 1265196 (1.2 MiB) + RX errors 0 dropped 0 overruns 0 frame 0 + TX packets 40751 bytes 60265308 (57.4 MiB) + TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 +``` +Output Relevance: From the above output you can see there are two Virtual Bridges created by minikube when we created the cluster on the network. Here, `virbr0` is the default NAT network bridge while `virbr2` is a isolated network bridge on which the pods run. + +Minikube creates a Virtual Machine, to enter the virtual machine we can simple do: +``` +# minikube ssh +``` + +The interfaces within the Virtual Machine are as follows. +``` +docker0 Link encap:Ethernet HWaddr 02:42:03:24:26:78 + inet addr:172.17.0.1 Bcast:172.17.255.255 Mask:255.255.0.0 + UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 + RX packets:31478 errors:0 dropped:0 overruns:0 frame:0 + TX packets:36704 errors:0 dropped:0 overruns:0 carrier:0 + collisions:0 txqueuelen:0 + RX bytes:3264056 (3.1 MiB) TX bytes:14061883 (13.4 MiB) + +eth0 Link encap:Ethernet HWaddr 52:54:00:C9:3A:73 + inet addr:192.168.39.57 Bcast:192.168.39.255 Mask:255.255.255.0 + UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 + RX packets:8245 errors:0 dropped:9 overruns:0 frame:0 + TX packets:3876 errors:0 dropped:0 overruns:0 carrier:0 + collisions:0 txqueuelen:1000 + RX bytes:812006 (792.9 KiB) TX bytes:1044724 (1020.2 KiB) + +eth1 Link encap:Ethernet HWaddr 52:54:00:7B:37:79 + inet addr:192.168.122.35 Bcast:192.168.122.255 Mask:255.255.255.0 + UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 + RX packets:4459 errors:0 dropped:9 overruns:0 frame:0 + TX packets:201 errors:0 dropped:0 overruns:0 carrier:0 + collisions:0 txqueuelen:1000 + RX bytes:298528 (291.5 KiB) TX bytes:25813 (25.2 KiB) + +lo Link encap:Local Loopback + inet addr:127.0.0.1 Mask:255.0.0.0 + UP LOOPBACK RUNNING MTU:65536 Metric:1 + RX packets:946772 errors:0 dropped:0 overruns:0 frame:0 + TX packets:946772 errors:0 dropped:0 overruns:0 carrier:0 + collisions:0 txqueuelen:1000 + RX bytes:213465460 (203.5 MiB) TX bytes:213465460 (203.5 MiB) + +vetha4f1dc5 Link encap:Ethernet HWaddr 3E:1C:FE:C9:75:86 + UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 + RX packets:10 errors:0 dropped:0 overruns:0 frame:0 + TX packets:16 errors:0 dropped:0 overruns:0 carrier:0 + collisions:0 txqueuelen:0 + RX bytes:1413 (1.3 KiB) TX bytes:955 (955.0 B) + +vethbf35613 Link encap:Ethernet HWaddr BA:31:7D:AE:2A:BF + UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 + RX packets:3526 errors:0 dropped:0 overruns:0 frame:0 + TX packets:3934 errors:0 dropped:0 overruns:0 carrier:0 + collisions:0 txqueuelen:0 + RX bytes:342408 (334.3 KiB) TX bytes:380193 (371.2 KiB) + +vethe092a51 Link encap:Ethernet HWaddr 8A:37:D3:D9:D9:0E + UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 + RX packets:9603 errors:0 dropped:0 overruns:0 frame:0 + TX packets:11151 errors:0 dropped:0 overruns:0 carrier:0 + collisions:0 txqueuelen:0 + RX bytes:1199235 (1.1 MiB) TX bytes:5449408 (5.1 MiB) +``` +Output Relevance: Here we have the Virtual Ethernet and we have docker bridges too since docker runs within the Virtual Machine. + +When we do a `curl` to `192.168.39.57:32007` on the laptop the packet first goes to the route table +``` +Destination Gateway Genmask Flags MSS Window irtt Iface +0.0.0.0 192.168.31.1 0.0.0.0 UG 0 0 0 ethbr0 +172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0 +172.18.0.0 0.0.0.0 255.255.0.0 U 0 0 0 br-2fffe5cd5d9e +172.19.0.0 0.0.0.0 255.255.0.0 U 0 0 0 br-be5b544733a3 +192.168.31.0 0.0.0.0 255.255.255.0 U 0 0 0 ethbr0 +192.168.31.0 0.0.0.0 255.255.255.0 U 0 0 0 ethbr0 +192.168.39.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr2 +192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0 +``` +Output Relevance: As you can see multiple routes are defined here, of which our Virtual Machine Node IP(192.168.39.57) is also shown in the table, so the packet now knows where it has to go. + +With that clear we now know how the packet goes from the laptop to the virtual bridge and then enters the Virtual Machine. + +Inside the virtual machine, [kube-proxy](https://kubernetes.io/docs/concepts/overview/components/#kube-proxy) handles the routing using iptables. + +So what exactly is [kube-proxy](https://kubernetes.io/docs/concepts/overview/components/#kube-proxy)(For those who skipped the kind example): +> Kube-Proxy is a network proxy that runs on each node in your cluster, implementing part of the Kubernetes Service concept. +kube-proxy maintains network rules on nodes. These network rules allow network communication to your Pods from network sessions inside or outside of your cluster + +So, as we can see that kube proxy handles the network rules required to aid the communication to the pods, we will look at the [iptables](https://linux.die.net/man/8/iptables) +> `iptables` is a command line interface used to set up and maintain tables for the Netfilter firewall for IPv4, included in the Linux kernel. The firewall matches packets with rules defined in these tables and then takes the specified action on a possible match. Tables is the name for a set of chains + +Command: + +``` +# minikube ssh   + _ _ + _ _ ( ) ( ) + ___ ___ (_) ___ (_)| |/') _ _ | |_ __ +/' _ ` _ `\| |/' _ `\| || , < ( ) ( )| '_`\ /'__`\ +| ( ) ( ) || || ( ) || || |\`\ | (_) || |_) )( ___/ +(_) (_) (_)(_)(_) (_)(_)(_) (_)`\___/'(_,__/'`\____) + +$ sudo iptables -t nat -L PREROUTING -n +Chain PREROUTING (policy ACCEPT) +target prot opt source destination +KUBE-SERVICES all -- 0.0.0.0/0 0.0.0.0/0 /* kubernetes service portals */ +DOCKER all -- 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCAL + +$ iptables-save | grep PREROUTING +-A PREROUTING -m comment --comment "kubernetes service portals" -j KUBE-SERVICES + +``` + +Output Relevance: +> -A: append new iptable rule +> -j: jump to the target +> KUBE-SERVICES: target + +> The above output appends a new rule for PREROUTING which every network packet will go through first as they try to access any kubernetes service + + +What is `PREROUTING` in iptables? +>PREROUTING: This chain is used to make any routing related decisions before (PRE) sending any packets + +To dig in further we need to go to the target, `KUBE-SERVICES` for our nginx service. +``` +# iptables -t nat -L KUBE-SERVICES -n| grep nginx +KUBE-SVC-NRDCJV6H42SDXARP tcp -- 0.0.0.0/0 10.97.44.4 /* default/nginx-minikube cluster IP */ tcp dpt:80 +``` +Command: +``` +$ sudo iptables -t nat -L| grep KUBE-SVC-NRDCJV6H42SDXARP +KUBE-SVC-NRDCJV6H42SDXARP tcp -- 0.0.0.0/0 0.0.0.0/0 /* default/nginx-minikube */ tcp dpt:32007 +KUBE-SVC-NRDCJV6H42SDXARP tcp -- 0.0.0.0/0 10.97.44.4 /* default/nginx-minikube cluster IP */ tcp dpt:80 + +$ sudo iptables -t nat -L KUBE-MARK-MASQ -n +Chain KUBE-MARK-MASQ (19 references) +target prot opt source destination +MARK all -- 0.0.0.0/0 0.0.0.0/0 MARK or 0x4000 + +sudo iptables-save | grep 172.17.0.4 +-A KUBE-SEP-AHQQ7ZFXMEBNX76B -s 172.17.0.4/32 -m comment --comment "default/nginx-minikube" -j KUBE-MARK-MASQ +-A KUBE-SEP-AHQQ7ZFXMEBNX76B -p tcp -m comment --comment "default/nginx-minikube" -m tcp -j DNAT --to-destination 172.17.0.4:80 +``` +As you can see the rules added by kube-proxy helps the packet reach to the destination service. + + +### Connection termination +Connection termination is a type of event that occurs when there are load balancers present, the information for this is quite scarce, however I've found the following article, [IBM - Network Termination](https://www.ibm.com/docs/en/sva/9.0.4?topic=balancer-network-termination) that describes what it means by connection termination between clients(laptop) and server(load balancer) and the various other services. + +### Different types of connection errors. +The following article on [TCP/IP errors](https://www.ibm.com/docs/en/db2/11.1?topic=message-tcpip-errors) has a list of the important tcp timeout errors that we need to know. + + +| Common TCP/IP errors | Meaning | +| -------- | -------- | +| Resource temporarily unavailable.| Self-explanatory. | +| No space is left on a device or system table.|The disk partition is full| +|No route to the host is available.|The routing table doesn't know where to route the packet.| +|Connection was reset by the partner.|This usually means the packet was dropped as soon as it reached the server can be due to a firewall.| +|The connection was timed out.|This indicates the firewall blocking your connection or the connection took too long.| + +## OSI Model Layer 7 (Application Layer) + +[What is layer 7?](https://www.cloudflare.com/learning/ddos/what-is-layer-7/) +#### Summary +Layer 7 refers to the seventh and topmost layer of the Open Systems Interconnect (OSI) Model known as the application layer. This is the highest layer which supports end-user processes and applications. Layer 7 identifies the communicating parties and the quality of service between them, considers privacy and user authentication, as well as identifies any constraints on the data syntax. This layer is wholly application-specific. + + +## Setting up Ingress-Nginx Controller + +Since we are doing this on our local laptop, we are going to use the following tools: +- [Minikube using KVM driver](https://minikube.sigs.k8s.io/docs/start/) - The host is linux-based in our example +- [Metallb](https://metallb.universe.tf/) - Baremetal load-balancer. +- [KVM](https://www.linux-kvm.org/page/Main_Page) / [Oracle VirtualBox](https://www.virtualbox.org/wiki/Downloads) / [VMWare](https://www.vmware.com/in/products/workstation-pro.html) + + +### So let's begin with Metallb and Ingress-Nginx setup. + +For setting up metallb, we are going to follow the below steps: + + - To begin the installation, we will execute: +``` +minikube start +``` +- To install Metallb, one can install it using the [manifest](https://metallb.universe.tf/installation/#installation-by-manifest) or by using [helm](https://metallb.universe.tf/installation/#installation-with-helm), for now we will use the Manifest method: +``` +kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.13.4/config/manifests/metallb-native.yaml +``` + +- We need to now configure Metallb, we are using [Layer 2 configuration](https://metallb.universe.tf/configuration/#announce-the-service-ips), let's head over to the [Metallb Configuration](https://metallb.universe.tf/configuration/) website, here you will see how to setup metallb. +>Layer 2 mode does not require the IPs to be bound to the network interfaces of your worker nodes. It works by responding to ARP requests on your local network directly, to give the machine’s MAC address to clients. +In order to advertise the IP coming from an IPAddressPool, an L2Advertisement instance must be associated to the IPAddressPool. +- We have modified the IP address pool so that our loadbalancer knows which subnet to choose an IP from.Since we have only one minikube IP we need to modify the code given in the documentation. +Save this as `metallb-config.yaml`: +``` +apiVersion: metallb.io/v1beta1 +kind: IPAddressPool +metadata: + name: first-pool + namespace: metallb-system +spec: + addresses: + # The configuration website show's you this + + #- 192.168.10.0/24 + #- 192.168.9.1-192.168.9.5 + #- fc00:f853:0ccd:e799::/124 + + # We are going to change this to `minikube ip` as such + - 192.168.39.57/32 +``` +Now deploy it using `kubectl` +``` +kubectl apply -f metallb-config.yaml +``` +- Now that metallb is setup, let's install [ingress-nginx](https://kubernetes.github.io/ingress-nginx/deploy/#quick-start) on the laptop. +Note: We are using the install by manifest option from the Installation manual +``` +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.3.0/deploy/static/provider/cloud/deploy.yaml +``` +or one can also install it using the minikube addons: +``` +minikube addons enable ingress +``` + - Once your Ingress-Nginx controller is created you can run the following commands to see the output of the setup done. +``` +kubectl get pods -n ingress-nginx +NAME READY STATUS RESTARTS AGE +ingress-nginx-admission-create-65bld 0/1 Completed 0 14m +ingress-nginx-admission-patch-rwq4x 0/1 Completed 0 14m +ingress-nginx-controller-6dc865cd86-7c5zd 1/1 Running 0 14m +``` +The Ingress controller creates a Service with the type LoadBalancer and metallb provides the IP address. + +``` +kubectl -n ingress-nginx get svc + +NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE +ingress-nginx-controller LoadBalancer 10.108.154.53 192.168.39.223 80:30367/TCP,443:31491/TCP 4d15h +ingress-nginx-controller-admission ClusterIP 10.98.54.3 443/TCP 4d15h +``` + +#### Creating an Ingress + +We will deploy a `httpd` service in a `httpd` namespace and create a ingress for it. + +First, let's create a namespace. +``` +kubectl create namespace httpd +``` + +Next we will create a deployment +``` +kubectl create deployment httpd -n httpd --image=httpd:alpine +``` + +Now, In order to create a service, let's expose this deployment +``` +kubectl expose deployment -n httpd httpd --port 80 +``` +Let's check the `pod` that is created + +``` +kubectl get po -n httpd +NAME READY STATUS RESTARTS AGE +httpd-fb7fcdc77-w287c 1/1 Running 0 64s +``` + +Let's list the services in the `httpd` namespace +``` +kubectl get svc -n httpd +NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE +httpd ClusterIP 10.104.111.0 80/TCP 13s +``` + +Once we have this we can now create a n ingress using the following +``` +kubectl -n httpd create ingress httpd --class nginx --rule httpd.dev.leonnunes.com/"*"=httpd:80 +``` +The above output, creates an ingress, for us with the rule to match the service if the host is `httpd.dev.leonnunes.com`. The class here is retrieved from the below command. + +To list the `ingressclasses` use +``` +kubectl get ingressclasses +NAME CONTROLLER PARAMETERS AGE +nginx k8s.io/ingress-nginx 6h49m +``` + +The following command shows the ingress created +``` +$ kubectl get ingress -A -o wide + +NAMESPACE NAME CLASS HOSTS ADDRESS PORTS AGE +httpd httpd nginx httpd.dev.leonnunes.com 192.168.39.223 80 11d +``` + +To test if the rule works we can now do +``` +$ minikube ip +192.168.39.223 + +$ curl --resolve httpd.dev.leonnunes.com:80:192.168.39.223 httpd.dev.leonnunes.com +

It works!

+ +or + +curl -H "Host: httpd.dev.leonnunes.com" 192.168.39.223 +``` + +#### Example of Information found on layer 7 +We have setup `Ingress-Nginx`, using `nginx` as a class and `httpd` for this example. + +In order to display the info on Layer - 7, we have extracted the Layer 7 information from a simple `curl` request, and then using `tcpdump` command within the `httpd` pod we extracted the network packets and opened it using the `Wireshark` utility. + +Below given is the output that is important: +```bash +Frame 4: 391 bytes on wire (3128 bits), 391 bytes captured (3128 bits) +Linux cooked capture v2 +Internet Protocol Version 4, Src: 172.17.0.4, Dst: 172.17.0.3 +Transmission Control Protocol, Src Port: 49074, Dst Port: 80, Seq: 1, Ack: 1, Len: 319 +Hypertext Transfer Protocol + GET / HTTP/1.1\r\n + Host: httpd.dev.leonnunes.com\r\n + X-Request-ID: 6e1a790412a0d1615dc0231358dc9c8b\r\n + X-Real-IP: 172.17.0.1\r\n + X-Forwarded-For: 172.17.0.1\r\n + X-Forwarded-Host: httpd.dev.leonnunes.com\r\n + X-Forwarded-Port: 80\r\n + X-Forwarded-Proto: http\r\n + X-Forwarded-Scheme: http\r\n + X-Scheme: http\r\n + User-Agent: curl/7.84.0\r\n + Accept: */*\r\n + \r\n + [Full request URI: http://httpd.dev.leonnunes.com/] + [HTTP request 1/1] + [Response in frame: 6] + +``` +The above output shows the information that the `httpd` pod recieves. The `curl` command sends the host header, `Host: httpd.dev.leonnunes.com`, to the nginx controller, that then matches the rule and sends the information to the right controller + +The following output shows what is sent via the laptop. +``` +curl --resolve httpd.dev.leonnunes.com:80:192.168.39.57 -H "Host: httpd.dev.leonnunes.com" 192.168.39.57 -vL +* Added httpd.dev.leonnunes.com:80:192.168.39.57 to DNS cache +* Trying 192.168.39.57:80... +* Connected to 192.168.39.57 (192.168.39.57) port 80 (#0) +> GET / HTTP/1.1 +> Host: httpd.dev.leonnunes.com +> User-Agent: curl/7.84.0 +> Accept: */* +> +* Mark bundle as not supporting multiuse +< HTTP/1.1 200 OK +< Date: Mon, 22 Aug 2022 16:05:27 GMT +< Content-Type: text/html +< Content-Length: 45 +< Connection: keep-alive +< Last-Modified: Mon, 11 Jun 2007 18:53:14 GMT +< ETag: "2d-432a5e4a73a80" +< Accept-Ranges: bytes +< +

It works!

+* Connection #0 to host 192.168.39.57 left intact +``` +As you can see from the above output there are several headers added to the curl output after it reaches the `httpd` pod, these headers are added by the Ingress Nginx Controller. + + +### References +#### Basics of Networking + - https://www.cisco.com/en/US/docs/security/vpn5000/manager/reference/guide/appA.html + - http://web.stanford.edu/class/cs101/ + - https://www.geeksforgeeks.org/basics-computer-networking/ + - Subnetting + - https://www.computernetworkingnotes.com/ccna-study-guide/subnetting-tutorial-subnetting-explained-with-examples.html + +#### Video Links + - https://www.youtube.com/playlist?list=PLhfrWIlLOoKPc2RecyiM_A9nf3fUU3e6g + - https://www.youtube.com/watch?v=S7MNX_UD7vY&list=PLIhvC56v63IJVXv0GJcl9vO5Z6znCVb1P + +### Topics to read about + - Docker in Docker + - [Docker/Containers](https://www.oreilly.com/library/view/docker-deep-dive/9781800565135/) + - Containers + +### Basics of Kubernetes +#### Reading Material +- https://nubenetes.com/kubernetes-tutorials/ +- https://kubernetes.io/docs/concepts/ +#### Video Material +- [Techworld with Nana 101](https://www.youtube.com/playlist?list=PLy7NrYWoggjziYQIDorlXjTvvwweTYoNC) +- [Jeff Geerling Kubernetes 101](https://www.youtube.com/watch?v=IcslsH7OoYo&list=PL2_OBreMn7FoYmfx27iSwocotjiikS5BD) + +#### Hands-On Kubernetes +- https://kube.academy/ +- https://www.civo.com/academy + +### Networking in Kubernetes +- [Kubernetes Networking 101](https://youtu.be/CYnwBIpvSlM?t=284) +- [CNCF Kubernetes 101](https://www.youtube.com/watch?v=cUGXu2tiZMc) + +### Tools/Commands to help with troubleshooting. +- [mtr](https://www.redhat.com/sysadmin/linux-mtr-command) - Tracing the packet from the source to destination +- [tcpdump](https://linuxconfig.org/how-to-use-tcpdump-command-on-linux) - Monitor packets +- [wireshark](https://www.lifewire.com/wireshark-tutorial-4143298) - Read/Sniff packets +- [nslookup](https://phoenixnap.com/kb/nslookup-command) - Lookup Nameservers +- [netstat](https://www.lifewire.com/netstat-command-2618098) - List network details +- [curl](https://linuxhandbook.com/curl-command-examples/) - Curl a website from the command line +- [ifconfig](https://www.tecmint.com/ifconfig-command-examples/)/[ip](https://www.geeksforgeeks.org/ip-command-in-linux-with-examples/) - Show ip address configuration +- [dig](https://www.geeksforgeeks.org/dig-command-in-linux-with-examples/) - Query Nameservers +- [ipcalc](https://www.linux.com/topic/networking/how-calculate-network-addresses-ipcalc/) - Calculate IP addresses +- Advanced Tools for troubleshooting + - [Netshoot](https://github.com/nicolaka/netshoot) - Troubleshoot Networks +- Cluster Creation tools + - [kind](https://kind.sigs.k8s.io/docs/user/quick-start/) + - [minikube](https://minikube.sigs.k8s.io/docs/start/) From fd9d0abb2c311f0549d85a755fe5de7ceda7ee3b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 19 Sep 2022 06:17:22 -0700 Subject: [PATCH 064/166] Bump k8s.io/component-base from 0.25.0 to 0.25.1 (#9065) Bumps [k8s.io/component-base](https://github.com/kubernetes/component-base) from 0.25.0 to 0.25.1. - [Release notes](https://github.com/kubernetes/component-base/releases) - [Commits](https://github.com/kubernetes/component-base/compare/v0.25.0...v0.25.1) --- updated-dependencies: - dependency-name: k8s.io/component-base dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 8 ++++---- go.sum | 16 ++++++++-------- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/go.mod b/go.mod index bfcba276d..ca896babd 100644 --- a/go.mod +++ b/go.mod @@ -30,14 +30,14 @@ require ( google.golang.org/grpc v1.49.0 gopkg.in/go-playground/pool.v3 v3.1.1 gopkg.in/mcuadros/go-syslog.v2 v2.3.0 - k8s.io/api v0.25.0 + k8s.io/api v0.25.1 k8s.io/apiextensions-apiserver v0.23.5 - k8s.io/apimachinery v0.25.0 + k8s.io/apimachinery v0.25.1 k8s.io/apiserver v0.25.0 k8s.io/cli-runtime v0.25.0 - k8s.io/client-go v0.25.0 + k8s.io/client-go v0.25.1 k8s.io/code-generator v0.23.5 - k8s.io/component-base v0.25.0 + k8s.io/component-base v0.25.1 k8s.io/klog/v2 v2.80.1 pault.ag/go/sniff v0.0.0-20200207005214-cf7e4d167732 sigs.k8s.io/controller-runtime v0.11.2 diff --git a/go.sum b/go.sum index 0cc37681c..8127cfbf4 100644 --- a/go.sum +++ b/go.sum @@ -1134,26 +1134,26 @@ honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= k8s.io/api v0.23.5/go.mod h1:Na4XuKng8PXJ2JsploYYrivXrINeTaycCGcYgF91Xm8= -k8s.io/api v0.25.0 h1:H+Q4ma2U/ww0iGB78ijZx6DRByPz6/733jIuFpX70e0= -k8s.io/api v0.25.0/go.mod h1:ttceV1GyV1i1rnmvzT3BST08N6nGt+dudGrquzVQWPk= +k8s.io/api v0.25.1 h1:yL7du50yc93k17nH/Xe9jujAYrcDkI/i5DL1jPz4E3M= +k8s.io/api v0.25.1/go.mod h1:hh4itDvrWSJsmeUc28rIFNri8MatNAAxJjKcQmhX6TU= k8s.io/apiextensions-apiserver v0.23.5 h1:5SKzdXyvIJKu+zbfPc3kCbWpbxi+O+zdmAJBm26UJqI= k8s.io/apiextensions-apiserver v0.23.5/go.mod h1:ntcPWNXS8ZPKN+zTXuzYMeg731CP0heCTl6gYBxLcuQ= k8s.io/apimachinery v0.23.5/go.mod h1:BEuFMMBaIbcOqVIJqNZJXGFTP4W6AycEpb5+m/97hrM= -k8s.io/apimachinery v0.25.0 h1:MlP0r6+3XbkUG2itd6vp3oxbtdQLQI94fD5gCS+gnoU= -k8s.io/apimachinery v0.25.0/go.mod h1:qMx9eAk0sZQGsXGu86fab8tZdffHbwUfsvzqKn4mfB0= +k8s.io/apimachinery v0.25.1 h1:t0XrnmCEHVgJlR2arwO8Awp9ylluDic706WePaYCBTI= +k8s.io/apimachinery v0.25.1/go.mod h1:hqqA1X0bsgsxI6dXsJ4HnNTBOmJNxyPp8dw3u2fSHwA= k8s.io/apiserver v0.23.5/go.mod h1:7wvMtGJ42VRxzgVI7jkbKvMbuCbVbgsWFT7RyXiRNTw= k8s.io/apiserver v0.25.0 h1:8kl2ifbNffD440MyvHtPaIz1mw4mGKVgWqM0nL+oyu4= k8s.io/apiserver v0.25.0/go.mod h1:BKwsE+PTC+aZK+6OJQDPr0v6uS91/HWxX7evElAH6xo= k8s.io/cli-runtime v0.25.0 h1:XBnTc2Fi+w818jcJGzhiJKQuXl8479sZ4FhtV5hVJ1Q= k8s.io/cli-runtime v0.25.0/go.mod h1:bHOI5ZZInRHhbq12OdUiYZQN8ml8aKZLwQgt9QlLINw= k8s.io/client-go v0.23.5/go.mod h1:flkeinTO1CirYgzMPRWxUCnV0G4Fbu2vLhYCObnt/r4= -k8s.io/client-go v0.25.0 h1:CVWIaCETLMBNiTUta3d5nzRbXvY5Hy9Dpl+VvREpu5E= -k8s.io/client-go v0.25.0/go.mod h1:lxykvypVfKilxhTklov0wz1FoaUZ8X4EwbhS6rpRfN8= +k8s.io/client-go v0.25.1 h1:uFj4AJKtE1/ckcSKz8IhgAuZTdRXZDKev8g387ndD58= +k8s.io/client-go v0.25.1/go.mod h1:rdFWTLV/uj2C74zGbQzOsmXPUtMAjSf7ajil4iJUNKo= k8s.io/code-generator v0.23.5 h1:xn3a6J5pUL49AoH6SPrOFtnB5cvdMl76f/bEY176R3c= k8s.io/code-generator v0.23.5/go.mod h1:S0Q1JVA+kSzTI1oUvbKAxZY/DYbA/ZUb4Uknog12ETk= k8s.io/component-base v0.23.5/go.mod h1:c5Nq44KZyt1aLl0IpHX82fhsn84Sb0jjzwjpcA42bY0= -k8s.io/component-base v0.25.0 h1:haVKlLkPCFZhkcqB6WCvpVxftrg6+FK5x1ZuaIDaQ5Y= -k8s.io/component-base v0.25.0/go.mod h1:F2Sumv9CnbBlqrpdf7rKZTmmd2meJq0HizeyY/yAFxk= +k8s.io/component-base v0.25.1 h1:Wmj33QwddVwsJFJWmXlf24Nu8do2bGHLabXHrKz7Org= +k8s.io/component-base v0.25.1/go.mod h1:j78+TFdsKM8RXHfM88oeAdZu2v9qMZdQZOfg0LGW+q4= k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c h1:GohjlNKauSai7gN4wsJkeZ3WAJx4Sh+oT/b5IYn5suA= k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE= From 0f5bf530ae677a2f389d6f06de27b6a5cf910621 Mon Sep 17 00:00:00 2001 From: Kir Shatrov Date: Tue, 20 Sep 2022 07:03:21 -0400 Subject: [PATCH 065/166] Add missing space to error message (#9069) --- rootfs/etc/nginx/lua/balancer.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rootfs/etc/nginx/lua/balancer.lua b/rootfs/etc/nginx/lua/balancer.lua index 2c6a83ae9..00104c89d 100644 --- a/rootfs/etc/nginx/lua/balancer.lua +++ b/rootfs/etc/nginx/lua/balancer.lua @@ -64,7 +64,7 @@ local function get_implementation(backend) local implementation = IMPLEMENTATIONS[name] if not implementation then - ngx.log(ngx.WARN, backend["load-balance"], "is not supported, ", + ngx.log(ngx.WARN, backend["load-balance"], " is not supported, ", "falling back to ", DEFAULT_LB_ALG) implementation = IMPLEMENTATIONS[DEFAULT_LB_ALG] end From 3579ed04870c77979ec5bf18f4cd00c8763615a1 Mon Sep 17 00:00:00 2001 From: Tomas Hulata Date: Fri, 23 Sep 2022 21:38:04 +0200 Subject: [PATCH 066/166] feat: switch from endpoints to endpointslices (#8890) * endpointslices Signed-off-by: tombokombo * cleanup Signed-off-by: tombokombo * fix rbac Signed-off-by: tombokombo * fix comments Signed-off-by: tombokombo * cleanup store, add store tests Signed-off-by: tombokombo * fix copyright date Signed-off-by: tombokombo Signed-off-by: tombokombo --- .../ingress-nginx/templates/clusterrole.yaml | 8 + .../templates/controller-role.yaml | 8 + internal/ingress/controller/controller.go | 13 +- .../ingress/controller/controller_test.go | 3 +- .../{endpoints.go => endpointslices.go} | 96 +++-- ...dpoints_test.go => endpointslices_test.go} | 396 ++++++++++++------ internal/ingress/controller/store/endpoint.go | 39 -- .../ingress/controller/store/endpoint_test.go | 66 --- .../ingress/controller/store/endpointslice.go | 55 +++ .../controller/store/endpointslice_test.go | 94 +++++ internal/ingress/controller/store/store.go | 43 +- 11 files changed, 520 insertions(+), 301 deletions(-) rename internal/ingress/controller/{endpoints.go => endpointslices.go} (55%) rename internal/ingress/controller/{endpoints_test.go => endpointslices_test.go} (50%) delete mode 100644 internal/ingress/controller/store/endpoint.go delete mode 100644 internal/ingress/controller/store/endpoint_test.go create mode 100644 internal/ingress/controller/store/endpointslice.go create mode 100644 internal/ingress/controller/store/endpointslice_test.go diff --git a/charts/ingress-nginx/templates/clusterrole.yaml b/charts/ingress-nginx/templates/clusterrole.yaml index 0e725ec06..51bc5002c 100644 --- a/charts/ingress-nginx/templates/clusterrole.yaml +++ b/charts/ingress-nginx/templates/clusterrole.yaml @@ -89,6 +89,14 @@ rules: - get - list - watch + - apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - list + - watch + - get {{- end }} {{- end }} diff --git a/charts/ingress-nginx/templates/controller-role.yaml b/charts/ingress-nginx/templates/controller-role.yaml index 330be8c86..d6da92ec9 100644 --- a/charts/ingress-nginx/templates/controller-role.yaml +++ b/charts/ingress-nginx/templates/controller-role.yaml @@ -100,6 +100,14 @@ rules: verbs: - create - patch + - apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - list + - watch + - get {{- if .Values.podSecurityPolicy.enabled }} - apiGroups: [{{ template "podSecurityPolicy.apiGroup" . }}] resources: ['podsecuritypolicies'] diff --git a/internal/ingress/controller/controller.go b/internal/ingress/controller/controller.go index 5287034c6..84da5eb30 100644 --- a/internal/ingress/controller/controller.go +++ b/internal/ingress/controller/controller.go @@ -434,7 +434,7 @@ func (n *NGINXController) getStreamServices(configmapName string, proto apiv1.Pr sp := svc.Spec.Ports[i] if sp.Name == svcPort { if sp.Protocol == proto { - endps = getEndpoints(svc, &sp, proto, n.store.GetServiceEndpoints) + endps = getEndpointsFromSlices(svc, &sp, proto, n.store.GetServiceEndpointsSlices) break } } @@ -445,7 +445,7 @@ func (n *NGINXController) getStreamServices(configmapName string, proto apiv1.Pr sp := svc.Spec.Ports[i] if sp.Port == int32(targetPort) { if sp.Protocol == proto { - endps = getEndpoints(svc, &sp, proto, n.store.GetServiceEndpoints) + endps = getEndpointsFromSlices(svc, &sp, proto, n.store.GetServiceEndpointsSlices) break } } @@ -497,7 +497,7 @@ func (n *NGINXController) getDefaultUpstream() *ingress.Backend { return upstream } - endps := getEndpoints(svc, &svc.Spec.Ports[0], apiv1.ProtocolTCP, n.store.GetServiceEndpoints) + endps := getEndpointsFromSlices(svc, &svc.Spec.Ports[0], apiv1.ProtocolTCP, n.store.GetServiceEndpointsSlices) if len(endps) == 0 { klog.Warningf("Service %q does not have any active Endpoint", svcKey) endps = []ingress.Endpoint{n.DefaultEndpoint()} @@ -824,7 +824,7 @@ func (n *NGINXController) getBackendServers(ingresses []*ingress.Ingress) ([]*in } sp := location.DefaultBackend.Spec.Ports[0] - endps := getEndpoints(location.DefaultBackend, &sp, apiv1.ProtocolTCP, n.store.GetServiceEndpoints) + endps := getEndpointsFromSlices(location.DefaultBackend, &sp, apiv1.ProtocolTCP, n.store.GetServiceEndpointsSlices) // custom backend is valid only if contains at least one endpoint if len(endps) > 0 { name := fmt.Sprintf("custom-default-backend-%v-%v", location.DefaultBackend.GetNamespace(), location.DefaultBackend.GetName()) @@ -1082,7 +1082,6 @@ func (n *NGINXController) serviceEndpoints(svcKey, backendPort string) ([]ingres } klog.V(3).Infof("Obtaining ports information for Service %q", svcKey) - // Ingress with an ExternalName Service and no port defined for that Service if svc.Spec.Type == apiv1.ServiceTypeExternalName { if n.cfg.DisableServiceExternalName { @@ -1090,7 +1089,7 @@ func (n *NGINXController) serviceEndpoints(svcKey, backendPort string) ([]ingres return upstreams, nil } servicePort := externalNamePorts(backendPort, svc) - endps := getEndpoints(svc, servicePort, apiv1.ProtocolTCP, n.store.GetServiceEndpoints) + endps := getEndpointsFromSlices(svc, servicePort, apiv1.ProtocolTCP, n.store.GetServiceEndpointsSlices) if len(endps) == 0 { klog.Warningf("Service %q does not have any active Endpoint.", svcKey) return upstreams, nil @@ -1107,7 +1106,7 @@ func (n *NGINXController) serviceEndpoints(svcKey, backendPort string) ([]ingres servicePort.TargetPort.String() == backendPort || servicePort.Name == backendPort { - endps := getEndpoints(svc, &servicePort, apiv1.ProtocolTCP, n.store.GetServiceEndpoints) + endps := getEndpointsFromSlices(svc, &servicePort, apiv1.ProtocolTCP, n.store.GetServiceEndpointsSlices) if len(endps) == 0 { klog.Warningf("Service %q does not have any active Endpoint.", svcKey) } diff --git a/internal/ingress/controller/controller_test.go b/internal/ingress/controller/controller_test.go index f875632e0..da9f10e45 100644 --- a/internal/ingress/controller/controller_test.go +++ b/internal/ingress/controller/controller_test.go @@ -34,6 +34,7 @@ import ( "github.com/eapache/channels" corev1 "k8s.io/api/core/v1" v1 "k8s.io/api/core/v1" + discoveryv1 "k8s.io/api/discovery/v1" networking "k8s.io/api/networking/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/labels" @@ -85,7 +86,7 @@ func (fakeIngressStore) GetService(key string) (*corev1.Service, error) { return nil, fmt.Errorf("test error") } -func (fakeIngressStore) GetServiceEndpoints(key string) (*corev1.Endpoints, error) { +func (fakeIngressStore) GetServiceEndpointsSlices(key string) ([]*discoveryv1.EndpointSlice, error) { return nil, fmt.Errorf("test error") } diff --git a/internal/ingress/controller/endpoints.go b/internal/ingress/controller/endpointslices.go similarity index 55% rename from internal/ingress/controller/endpoints.go rename to internal/ingress/controller/endpointslices.go index 5615fadea..efd2a6afa 100644 --- a/internal/ingress/controller/endpoints.go +++ b/internal/ingress/controller/endpointslices.go @@ -28,14 +28,15 @@ import ( "k8s.io/klog/v2" corev1 "k8s.io/api/core/v1" + discoveryv1 "k8s.io/api/discovery/v1" "k8s.io/ingress-nginx/internal/k8s" "k8s.io/ingress-nginx/pkg/apis/ingress" ) // getEndpoints returns a list of Endpoint structs for a given service/target port combination. -func getEndpoints(s *corev1.Service, port *corev1.ServicePort, proto corev1.Protocol, - getServiceEndpoints func(string) (*corev1.Endpoints, error)) []ingress.Endpoint { +func getEndpointsFromSlices(s *corev1.Service, port *corev1.ServicePort, proto corev1.Protocol, + getServiceEndpointsSlices func(string) ([]*discoveryv1.EndpointSlice, error)) []ingress.Endpoint { upsServers := []ingress.Endpoint{} @@ -74,54 +75,63 @@ func getEndpoints(s *corev1.Service, port *corev1.ServicePort, proto corev1.Prot }) } - klog.V(3).Infof("Getting Endpoints for Service %q and port %v", svcKey, port.String()) - ep, err := getServiceEndpoints(svcKey) + klog.V(3).Infof("Getting Endpoints from endpointSlices for Service %q and port %v", svcKey, port.String()) + epss, err := getServiceEndpointsSlices(svcKey) if err != nil { klog.Warningf("Error obtaining Endpoints for Service %q: %v", svcKey, err) return upsServers } - - for _, ss := range ep.Subsets { - matchedPortNameFound := false - for i, epPort := range ss.Ports { - - if !reflect.DeepEqual(epPort.Protocol, proto) { - continue - } - - var targetPort int32 - - if port.Name == "" { - // port.Name is optional if there is only one port - targetPort = epPort.Port - matchedPortNameFound = true - } else if port.Name == epPort.Name { - targetPort = epPort.Port - matchedPortNameFound = true - } - - if i == len(ss.Ports)-1 && !matchedPortNameFound && port.TargetPort.Type == intstr.Int { - // use service target port if it's a number and no port name matched - // https://github.com/kubernetes/ingress-nginx/issues/7390 - targetPort = port.TargetPort.IntVal - } - - if targetPort <= 0 { - continue - } - - for _, epAddress := range ss.Addresses { - ep := net.JoinHostPort(epAddress.IP, strconv.Itoa(int(targetPort))) - if _, exists := processedUpstreamServers[ep]; exists { + // loop over all endpointSlices generated for service + for _, eps := range epss { + var ports []int32 + if len(eps.Ports) == 0 { + // When ports is empty, it indicates that there are no defined ports, using svc targePort <- this could be wrong + klog.V(3).Infof("No ports found on endpointSlice, using service TargetPort %v for Service %q", port.String(), svcKey) + ports = append(ports, port.TargetPort.IntVal) + } else { + for _, epPort := range eps.Ports { + if !reflect.DeepEqual(*epPort.Protocol, proto) { continue } - ups := ingress.Endpoint{ - Address: epAddress.IP, - Port: fmt.Sprintf("%v", targetPort), - Target: epAddress.TargetRef, + var targetPort int32 = 0 + if port.Name == "" { + // port.Name is optional if there is only one port + targetPort = *epPort.Port + } else if port.Name == *epPort.Name { + targetPort = *epPort.Port + } + if targetPort == 0 && port.TargetPort.Type == intstr.Int { + // use service target port if it's a number and no port name matched + // https://github.com/kubernetes/ingress-nginx/issues/7390 + targetPort = port.TargetPort.IntVal + } + if targetPort == 0 { + continue + } + ports = append(ports, targetPort) + } + } + for _, ep := range eps.Endpoints { + if !(*ep.Conditions.Ready) { + continue + } + + // ep.Hints + + for _, epPort := range ports { + for _, epAddress := range ep.Addresses { + hostPort := net.JoinHostPort(epAddress, strconv.Itoa(int(epPort))) + if _, exists := processedUpstreamServers[hostPort]; exists { + continue + } + ups := ingress.Endpoint{ + Address: epAddress, + Port: fmt.Sprintf("%v", epPort), + Target: ep.TargetRef, + } + upsServers = append(upsServers, ups) + processedUpstreamServers[hostPort] = struct{}{} } - upsServers = append(upsServers, ups) - processedUpstreamServers[ep] = struct{}{} } } } diff --git a/internal/ingress/controller/endpoints_test.go b/internal/ingress/controller/endpointslices_test.go similarity index 50% rename from internal/ingress/controller/endpoints_test.go rename to internal/ingress/controller/endpointslices_test.go index f38ffabe7..e404c4949 100644 --- a/internal/ingress/controller/endpoints_test.go +++ b/internal/ingress/controller/endpointslices_test.go @@ -21,17 +21,19 @@ import ( "testing" corev1 "k8s.io/api/core/v1" + discoveryv1 "k8s.io/api/discovery/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/intstr" "k8s.io/ingress-nginx/pkg/apis/ingress" ) -func TestGetEndpoints(t *testing.T) { +func TestGetEndpointsFromSlices(t *testing.T) { tests := []struct { name string svc *corev1.Service port *corev1.ServicePort proto corev1.Protocol - fn func(string) (*corev1.Endpoints, error) + fn func(string) ([]*discoveryv1.EndpointSlice, error) result []ingress.Endpoint }{ { @@ -39,7 +41,7 @@ func TestGetEndpoints(t *testing.T) { nil, nil, corev1.ProtocolTCP, - func(string) (*corev1.Endpoints, error) { + func(string) ([]*discoveryv1.EndpointSlice, error) { return nil, nil }, []ingress.Endpoint{}, @@ -49,7 +51,7 @@ func TestGetEndpoints(t *testing.T) { &corev1.Service{}, nil, corev1.ProtocolTCP, - func(string) (*corev1.Endpoints, error) { + func(string) ([]*discoveryv1.EndpointSlice, error) { return nil, nil }, []ingress.Endpoint{}, @@ -59,8 +61,8 @@ func TestGetEndpoints(t *testing.T) { &corev1.Service{}, &corev1.ServicePort{Name: "default"}, corev1.ProtocolTCP, - func(string) (*corev1.Endpoints, error) { - return &corev1.Endpoints{}, nil + func(string) ([]*discoveryv1.EndpointSlice, error) { + return []*discoveryv1.EndpointSlice{}, nil }, []ingress.Endpoint{}, }, @@ -73,8 +75,8 @@ func TestGetEndpoints(t *testing.T) { }, &corev1.ServicePort{Name: "default"}, corev1.ProtocolTCP, - func(string) (*corev1.Endpoints, error) { - return &corev1.Endpoints{}, nil + func(string) ([]*discoveryv1.EndpointSlice, error) { + return []*discoveryv1.EndpointSlice{}, nil }, []ingress.Endpoint{}, }, @@ -97,8 +99,8 @@ func TestGetEndpoints(t *testing.T) { TargetPort: intstr.FromInt(80), }, corev1.ProtocolTCP, - func(string) (*corev1.Endpoints, error) { - return &corev1.Endpoints{}, nil + func(string) ([]*discoveryv1.EndpointSlice, error) { + return []*discoveryv1.EndpointSlice{}, nil }, []ingress.Endpoint{}, }, @@ -121,8 +123,8 @@ func TestGetEndpoints(t *testing.T) { TargetPort: intstr.FromInt(80), }, corev1.ProtocolTCP, - func(string) (*corev1.Endpoints, error) { - return &corev1.Endpoints{}, nil + func(string) ([]*discoveryv1.EndpointSlice, error) { + return []*discoveryv1.EndpointSlice{}, nil }, []ingress.Endpoint{}, }, @@ -145,8 +147,8 @@ func TestGetEndpoints(t *testing.T) { TargetPort: intstr.FromInt(80), }, corev1.ProtocolTCP, - func(string) (*corev1.Endpoints, error) { - return &corev1.Endpoints{}, nil + func(string) ([]*discoveryv1.EndpointSlice, error) { + return []*discoveryv1.EndpointSlice{}, nil }, []ingress.Endpoint{ { @@ -174,8 +176,8 @@ func TestGetEndpoints(t *testing.T) { TargetPort: intstr.FromInt(80), }, corev1.ProtocolTCP, - func(string) (*corev1.Endpoints, error) { - return &corev1.Endpoints{}, nil + func(string) ([]*discoveryv1.EndpointSlice, error) { + return []*discoveryv1.EndpointSlice{}, nil }, []ingress.Endpoint{ { @@ -203,8 +205,8 @@ func TestGetEndpoints(t *testing.T) { TargetPort: intstr.FromInt(80), }, corev1.ProtocolTCP, - func(string) (*corev1.Endpoints, error) { - return &corev1.Endpoints{}, nil + func(string) ([]*discoveryv1.EndpointSlice, error) { + return []*discoveryv1.EndpointSlice{}, nil }, []ingress.Endpoint{}, }, @@ -227,7 +229,7 @@ func TestGetEndpoints(t *testing.T) { TargetPort: intstr.FromInt(80), }, corev1.ProtocolTCP, - func(string) (*corev1.Endpoints, error) { + func(string) ([]*discoveryv1.EndpointSlice, error) { return nil, fmt.Errorf("unexpected error") }, []ingress.Endpoint{}, @@ -251,25 +253,27 @@ func TestGetEndpoints(t *testing.T) { TargetPort: intstr.FromInt(80), }, corev1.ProtocolTCP, - func(string) (*corev1.Endpoints, error) { - nodeName := "dummy" - return &corev1.Endpoints{ - Subsets: []corev1.EndpointSubset{ + func(string) ([]*discoveryv1.EndpointSlice, error) { + return []*discoveryv1.EndpointSlice{{ + ObjectMeta: metav1.ObjectMeta{ + Labels: map[string]string{discoveryv1.LabelServiceName: "default"}, + }, + Endpoints: []discoveryv1.Endpoint{ { - Addresses: []corev1.EndpointAddress{ - { - IP: "1.1.1.1", - NodeName: &nodeName, - }, - }, - Ports: []corev1.EndpointPort{ - { - Protocol: corev1.ProtocolUDP, - }, + Addresses: []string{"1.1.1.1"}, + Conditions: discoveryv1.EndpointConditions{ + Ready: &[]bool{true}[0], }, }, }, - }, nil + Ports: []discoveryv1.EndpointPort{ + { + Name: &[]string{""}[0], + Port: &[]int32{80}[0], + Protocol: &[]corev1.Protocol{corev1.ProtocolUDP}[0], + }, + }, + }}, nil }, []ingress.Endpoint{}, }, @@ -292,30 +296,32 @@ func TestGetEndpoints(t *testing.T) { TargetPort: intstr.FromInt(80), }, corev1.ProtocolTCP, - func(string) (*corev1.Endpoints, error) { - nodeName := "dummy" - return &corev1.Endpoints{ - Subsets: []corev1.EndpointSubset{ + func(string) ([]*discoveryv1.EndpointSlice, error) { + return []*discoveryv1.EndpointSlice{{ + ObjectMeta: metav1.ObjectMeta{ + Labels: map[string]string{discoveryv1.LabelServiceName: "default"}, + }, + Endpoints: []discoveryv1.Endpoint{ { - NotReadyAddresses: []corev1.EndpointAddress{ - { - IP: "1.1.1.1", - NodeName: &nodeName, - }, - }, - Ports: []corev1.EndpointPort{ - { - Protocol: corev1.ProtocolUDP, - }, + Addresses: []string{"1.1.1.1"}, + Conditions: discoveryv1.EndpointConditions{ + Ready: &[]bool{false}[0], }, }, }, - }, nil + Ports: []discoveryv1.EndpointPort{ + { + Name: &[]string{""}[0], + Port: &[]int32{80}[0], + Protocol: &[]corev1.Protocol{corev1.ProtocolTCP}[0], + }, + }, + }}, nil }, []ingress.Endpoint{}, }, { - "should return no endpoint when the name of the port name do not match any port in the endpoint Subsets and TargetPort is string", + "should return no endpoint when the name of the port name do not match any port in the endpointPort and TargetPort is string", &corev1.Service{ Spec: corev1.ServiceSpec{ Type: corev1.ServiceTypeClusterIP, @@ -333,32 +339,32 @@ func TestGetEndpoints(t *testing.T) { TargetPort: intstr.FromString("port-1"), }, corev1.ProtocolTCP, - func(string) (*corev1.Endpoints, error) { - nodeName := "dummy" - return &corev1.Endpoints{ - Subsets: []corev1.EndpointSubset{ + func(string) ([]*discoveryv1.EndpointSlice, error) { + return []*discoveryv1.EndpointSlice{{ + ObjectMeta: metav1.ObjectMeta{ + Labels: map[string]string{discoveryv1.LabelServiceName: "default"}, + }, + Endpoints: []discoveryv1.Endpoint{ { - Addresses: []corev1.EndpointAddress{ - { - IP: "1.1.1.1", - NodeName: &nodeName, - }, - }, - Ports: []corev1.EndpointPort{ - { - Protocol: corev1.ProtocolTCP, - Port: int32(80), - Name: "another-name", - }, + Addresses: []string{"1.1.1.1"}, + Conditions: discoveryv1.EndpointConditions{ + Ready: &[]bool{true}[0], }, }, }, - }, nil + Ports: []discoveryv1.EndpointPort{ + { + Protocol: &[]corev1.Protocol{corev1.ProtocolTCP}[0], + Port: &[]int32{80}[0], + Name: &[]string{"another-name"}[0], + }, + }, + }}, nil }, []ingress.Endpoint{}, }, { - "should return one endpoint when the name of the port name do not match any port in the endpoint Subsets and TargetPort is int", + "should return one endpoint when the name of the port name do not match any port in the endpointPort and TargetPort is int", &corev1.Service{ Spec: corev1.ServiceSpec{ Type: corev1.ServiceTypeClusterIP, @@ -376,27 +382,27 @@ func TestGetEndpoints(t *testing.T) { TargetPort: intstr.FromInt(80), }, corev1.ProtocolTCP, - func(string) (*corev1.Endpoints, error) { - nodeName := "dummy" - return &corev1.Endpoints{ - Subsets: []corev1.EndpointSubset{ + func(string) ([]*discoveryv1.EndpointSlice, error) { + return []*discoveryv1.EndpointSlice{{ + ObjectMeta: metav1.ObjectMeta{ + Labels: map[string]string{discoveryv1.LabelServiceName: "default"}, + }, + Endpoints: []discoveryv1.Endpoint{ { - Addresses: []corev1.EndpointAddress{ - { - IP: "1.1.1.1", - NodeName: &nodeName, - }, - }, - Ports: []corev1.EndpointPort{ - { - Protocol: corev1.ProtocolTCP, - Port: int32(80), - Name: "another-name", - }, + Addresses: []string{"1.1.1.1"}, + Conditions: discoveryv1.EndpointConditions{ + Ready: &[]bool{true}[0], }, }, }, - }, nil + Ports: []discoveryv1.EndpointPort{ + { + Protocol: &[]corev1.Protocol{corev1.ProtocolTCP}[0], + Port: &[]int32{80}[0], + Name: &[]string{"another-name"}[0], + }, + }, + }}, nil }, []ingress.Endpoint{ { @@ -406,7 +412,7 @@ func TestGetEndpoints(t *testing.T) { }, }, { - "should return one endpoint when the name of the port name match a port in the endpoint Subsets", + "should return one endpoint when the name of the port name match a port in the endpointPort", &corev1.Service{ Spec: corev1.ServiceSpec{ Type: corev1.ServiceTypeClusterIP, @@ -424,25 +430,169 @@ func TestGetEndpoints(t *testing.T) { TargetPort: intstr.FromInt(80), }, corev1.ProtocolTCP, - func(string) (*corev1.Endpoints, error) { - nodeName := "dummy" - return &corev1.Endpoints{ - Subsets: []corev1.EndpointSubset{ + func(string) ([]*discoveryv1.EndpointSlice, error) { + return []*discoveryv1.EndpointSlice{{ + ObjectMeta: metav1.ObjectMeta{ + Labels: map[string]string{discoveryv1.LabelServiceName: "default"}, + }, + Endpoints: []discoveryv1.Endpoint{ { - Addresses: []corev1.EndpointAddress{ - { - IP: "1.1.1.1", - NodeName: &nodeName, + Addresses: []string{"1.1.1.1"}, + Conditions: discoveryv1.EndpointConditions{ + Ready: &[]bool{true}[0], + }, + }, + }, + Ports: []discoveryv1.EndpointPort{ + { + Protocol: &[]corev1.Protocol{corev1.ProtocolTCP}[0], + Port: &[]int32{80}[0], + Name: &[]string{"default"}[0], + }, + }, + }}, nil + }, + []ingress.Endpoint{ + { + Address: "1.1.1.1", + Port: "80", + }, + }, + }, + { + "should return two endpoints when the name of the port name match a port in the endpointPort", + &corev1.Service{ + Spec: corev1.ServiceSpec{ + Type: corev1.ServiceTypeClusterIP, + ClusterIP: "1.1.1.1", + Ports: []corev1.ServicePort{ + { + Name: "default", + TargetPort: intstr.FromInt(80), + }, + }, + }, + }, + &corev1.ServicePort{ + Name: "default", + TargetPort: intstr.FromString("port-1"), + }, + corev1.ProtocolTCP, + func(string) ([]*discoveryv1.EndpointSlice, error) { + return []*discoveryv1.EndpointSlice{ + { + ObjectMeta: metav1.ObjectMeta{ + Labels: map[string]string{discoveryv1.LabelServiceName: "default"}, + }, + Endpoints: []discoveryv1.Endpoint{ + { + Addresses: []string{"1.1.1.1"}, + Conditions: discoveryv1.EndpointConditions{ + Ready: &[]bool{true}[0], }, }, - Ports: []corev1.EndpointPort{ - { - Protocol: corev1.ProtocolTCP, - Port: int32(80), - Name: "default", + }, + Ports: []discoveryv1.EndpointPort{ + { + Protocol: &[]corev1.Protocol{corev1.ProtocolTCP}[0], + Port: &[]int32{80}[0], + Name: &[]string{"default"}[0], + }, + }, + }, + { + ObjectMeta: metav1.ObjectMeta{ + Labels: map[string]string{discoveryv1.LabelServiceName: "default"}, + }, + Endpoints: []discoveryv1.Endpoint{ + { + Addresses: []string{"2.2.2.2"}, + Conditions: discoveryv1.EndpointConditions{ + Ready: &[]bool{true}[0], }, }, }, + Ports: []discoveryv1.EndpointPort{ + { + Protocol: &[]corev1.Protocol{corev1.ProtocolTCP}[0], + Port: &[]int32{80}[0], + Name: &[]string{"default"}[0], + }, + }, + }, + }, nil + }, + []ingress.Endpoint{ + { + Address: "1.1.1.1", + Port: "80", + }, + { + Address: "2.2.2.2", + Port: "80", + }, + }, + }, + { + "should return one endpoints when the name of the port name match a port in the endpointPort", + &corev1.Service{ + Spec: corev1.ServiceSpec{ + Type: corev1.ServiceTypeClusterIP, + ClusterIP: "1.1.1.1", + Ports: []corev1.ServicePort{ + { + Name: "default", + TargetPort: intstr.FromInt(80), + }, + }, + }, + }, + &corev1.ServicePort{ + Name: "port-1", + TargetPort: intstr.FromString("port-1"), + }, + corev1.ProtocolTCP, + func(string) ([]*discoveryv1.EndpointSlice, error) { + return []*discoveryv1.EndpointSlice{ + { + ObjectMeta: metav1.ObjectMeta{ + Labels: map[string]string{discoveryv1.LabelServiceName: "default"}, + }, + Endpoints: []discoveryv1.Endpoint{ + { + Addresses: []string{"1.1.1.1"}, + Conditions: discoveryv1.EndpointConditions{ + Ready: &[]bool{true}[0], + }, + }, + }, + Ports: []discoveryv1.EndpointPort{ + { + Protocol: &[]corev1.Protocol{corev1.ProtocolTCP}[0], + Port: &[]int32{80}[0], + Name: &[]string{"port-1"}[0], + }, + }, + }, + { + ObjectMeta: metav1.ObjectMeta{ + Labels: map[string]string{discoveryv1.LabelServiceName: "default"}, + }, + Endpoints: []discoveryv1.Endpoint{ + { + Addresses: []string{"2.2.2.2"}, + Conditions: discoveryv1.EndpointConditions{ + Ready: &[]bool{true}[0], + }, + }, + }, + Ports: []discoveryv1.EndpointPort{ + { + Protocol: &[]corev1.Protocol{corev1.ProtocolTCP}[0], + Port: &[]int32{80}[0], + Name: &[]string{"another-name"}[0], + }, + }, }, }, nil }, @@ -454,7 +604,7 @@ func TestGetEndpoints(t *testing.T) { }, }, { - "should return one endpoint when the name of the port name match more than one port in the endpoint Subsets", + "should return one endpoint when the name of the port name match more than one port in the endpointPort", &corev1.Service{ Spec: corev1.ServiceSpec{ Type: corev1.ServiceTypeClusterIP, @@ -472,32 +622,32 @@ func TestGetEndpoints(t *testing.T) { TargetPort: intstr.FromString("port-1"), }, corev1.ProtocolTCP, - func(string) (*corev1.Endpoints, error) { - nodeName := "dummy" - return &corev1.Endpoints{ - Subsets: []corev1.EndpointSubset{ + func(string) ([]*discoveryv1.EndpointSlice, error) { + return []*discoveryv1.EndpointSlice{{ + ObjectMeta: metav1.ObjectMeta{ + Labels: map[string]string{discoveryv1.LabelServiceName: "default"}, + }, + Endpoints: []discoveryv1.Endpoint{ { - Addresses: []corev1.EndpointAddress{ - { - IP: "1.1.1.1", - NodeName: &nodeName, - }, - }, - Ports: []corev1.EndpointPort{ - { - Name: "port-1", - Protocol: corev1.ProtocolTCP, - Port: 80, - }, - { - Name: "port-1", - Protocol: corev1.ProtocolTCP, - Port: 80, - }, + Addresses: []string{"1.1.1.1"}, + Conditions: discoveryv1.EndpointConditions{ + Ready: &[]bool{true}[0], }, }, }, - }, nil + Ports: []discoveryv1.EndpointPort{ + { + Protocol: &[]corev1.Protocol{corev1.ProtocolTCP}[0], + Port: &[]int32{80}[0], + Name: &[]string{"port-1"}[0], + }, + { + Protocol: &[]corev1.Protocol{corev1.ProtocolTCP}[0], + Port: &[]int32{80}[0], + Name: &[]string{"port-2"}[0], + }, + }, + }}, nil }, []ingress.Endpoint{ { @@ -510,7 +660,7 @@ func TestGetEndpoints(t *testing.T) { for _, testCase := range tests { t.Run(testCase.name, func(t *testing.T) { - result := getEndpoints(testCase.svc, testCase.port, testCase.proto, testCase.fn) + result := getEndpointsFromSlices(testCase.svc, testCase.port, testCase.proto, testCase.fn) if len(testCase.result) != len(result) { t.Errorf("Expected %d Endpoints but got %d", len(testCase.result), len(result)) } diff --git a/internal/ingress/controller/store/endpoint.go b/internal/ingress/controller/store/endpoint.go deleted file mode 100644 index ff6fbd715..000000000 --- a/internal/ingress/controller/store/endpoint.go +++ /dev/null @@ -1,39 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package store - -import ( - apiv1 "k8s.io/api/core/v1" - "k8s.io/client-go/tools/cache" -) - -// EndpointLister makes a Store that lists Endpoints. -type EndpointLister struct { - cache.Store -} - -// ByKey returns the Endpoints of the Service matching key in the local Endpoint Store. -func (s *EndpointLister) ByKey(key string) (*apiv1.Endpoints, error) { - eps, exists, err := s.GetByKey(key) - if err != nil { - return nil, err - } - if !exists { - return nil, NotExistsError(key) - } - return eps.(*apiv1.Endpoints), nil -} diff --git a/internal/ingress/controller/store/endpoint_test.go b/internal/ingress/controller/store/endpoint_test.go deleted file mode 100644 index 6c8ae40e2..000000000 --- a/internal/ingress/controller/store/endpoint_test.go +++ /dev/null @@ -1,66 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package store - -import ( - apiv1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/client-go/tools/cache" - "testing" -) - -func newEndpointLister(t *testing.T) *EndpointLister { - t.Helper() - - return &EndpointLister{Store: cache.NewStore(cache.MetaNamespaceKeyFunc)} -} - -func TestEndpointLister(t *testing.T) { - t.Run("the key does not exist", func(t *testing.T) { - el := newEndpointLister(t) - - key := "namespace/endpoint" - _, err := el.ByKey(key) - - if err == nil { - t.Error("expected an error but nothing has been returned") - } - - if _, ok := err.(NotExistsError); !ok { - t.Errorf("expected NotExistsError, got %v", err) - } - }) - - t.Run("the key exists", func(t *testing.T) { - el := newEndpointLister(t) - - key := "namespace/endpoint" - endpoint := &apiv1.Endpoints{ObjectMeta: metav1.ObjectMeta{Namespace: "namespace", Name: "endpoint"}} - - el.Add(endpoint) - - e, err := el.ByKey(key) - - if err != nil { - t.Errorf("unexpeted error %v", err) - } - - if e != endpoint { - t.Errorf("expected %v, error, got %v", e, endpoint) - } - }) -} diff --git a/internal/ingress/controller/store/endpointslice.go b/internal/ingress/controller/store/endpointslice.go new file mode 100644 index 000000000..fdd7374e9 --- /dev/null +++ b/internal/ingress/controller/store/endpointslice.go @@ -0,0 +1,55 @@ +/* +Copyright 2022 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package store + +import ( + "fmt" + "strings" + + discoveryv1 "k8s.io/api/discovery/v1" + "k8s.io/client-go/tools/cache" +) + +// EndpointSliceLister makes a Store that lists Endpoints. +type EndpointSliceLister struct { + cache.Store +} + +// MatchByKey returns the EndpointsSlices of the Service matching key in the local Endpoint Store. +func (s *EndpointSliceLister) MatchByKey(key string) ([]*discoveryv1.EndpointSlice, error) { + var eps []*discoveryv1.EndpointSlice + // filter endpointSlices owned by svc + for _, listKey := range s.ListKeys() { + if !strings.HasPrefix(listKey, key) { + continue + } + epss, exists, err := s.GetByKey(listKey) + if exists && err == nil { + // check for svc owner label + if svcName, ok := epss.(*discoveryv1.EndpointSlice).ObjectMeta.GetLabels()[discoveryv1.LabelServiceName]; ok { + namespace := epss.(*discoveryv1.EndpointSlice).ObjectMeta.GetNamespace() + if key == fmt.Sprintf("%s/%s", namespace, svcName) { + eps = append(eps, epss.(*discoveryv1.EndpointSlice)) + } + } + } + } + if len(eps) == 0 { + return nil, NotExistsError(key) + } + return eps, nil +} diff --git a/internal/ingress/controller/store/endpointslice_test.go b/internal/ingress/controller/store/endpointslice_test.go new file mode 100644 index 000000000..fdc51c0e4 --- /dev/null +++ b/internal/ingress/controller/store/endpointslice_test.go @@ -0,0 +1,94 @@ +/* +Copyright 2017 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package store + +import ( + "testing" + + discoveryv1 "k8s.io/api/discovery/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/cache" +) + +func newEndpointSliceLister(t *testing.T) *EndpointSliceLister { + t.Helper() + + return &EndpointSliceLister{Store: cache.NewStore(cache.MetaNamespaceKeyFunc)} +} + +func TestEndpointSliceLister(t *testing.T) { + t.Run("the key does not exist", func(t *testing.T) { + el := newEndpointSliceLister(t) + + key := "namespace/svcname" + _, err := el.MatchByKey(key) + + if err == nil { + t.Error("expected an error but nothing has been returned") + } + + if _, ok := err.(NotExistsError); !ok { + t.Errorf("expected NotExistsError, got %v", err) + } + }) + t.Run("the key exists", func(t *testing.T) { + el := newEndpointSliceLister(t) + + key := "namespace/svcname" + endpointSlice := &discoveryv1.EndpointSlice{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: "namespace", + Name: "anothername-foo", + Labels: map[string]string{ + discoveryv1.LabelServiceName: "svcname", + }, + }, + } + el.Add(endpointSlice) + endpointSlice = &discoveryv1.EndpointSlice{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: "namespace", + Name: "svcname-bar", + Labels: map[string]string{ + discoveryv1.LabelServiceName: "othersvc", + }, + }, + } + el.Add(endpointSlice) + endpointSlice = &discoveryv1.EndpointSlice{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: "namespace", + Name: "svcname-buz", + Labels: map[string]string{ + discoveryv1.LabelServiceName: "svcname", + }, + }, + } + el.Add(endpointSlice) + eps, err := el.MatchByKey(key) + + if err != nil { + t.Errorf("unexpeted error %v", err) + } + if err == nil && len(eps) != 1 { + t.Errorf("expected one slice %v, error, got %d slices", endpointSlice, len(eps)) + } + if len(eps) > 0 && eps[0].GetName() != endpointSlice.GetName() { + t.Errorf("expected %v, error, got %v", endpointSlice.GetName(), eps[0].GetName()) + } + }) +} diff --git a/internal/ingress/controller/store/store.go b/internal/ingress/controller/store/store.go index 239fbaaf5..7913eb0de 100644 --- a/internal/ingress/controller/store/store.go +++ b/internal/ingress/controller/store/store.go @@ -29,6 +29,7 @@ import ( "github.com/eapache/channels" corev1 "k8s.io/api/core/v1" + discoveryv1 "k8s.io/api/discovery/v1" networkingv1 "k8s.io/api/networking/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/fields" @@ -78,8 +79,8 @@ type Storer interface { // GetService returns the Service matching key. GetService(key string) (*corev1.Service, error) - // GetServiceEndpoints returns the Endpoints of a Service matching key. - GetServiceEndpoints(key string) (*corev1.Endpoints, error) + // GetServiceEndpointsSlices returns the EndpointSlices of a Service matching key. + GetServiceEndpointsSlices(key string) ([]*discoveryv1.EndpointSlice, error) // ListIngresses returns a list of all Ingresses in the store. ListIngresses() []*ingress.Ingress @@ -127,13 +128,13 @@ type Event struct { // Informer defines the required SharedIndexInformers that interact with the API server. type Informer struct { - Ingress cache.SharedIndexInformer - IngressClass cache.SharedIndexInformer - Endpoint cache.SharedIndexInformer - Service cache.SharedIndexInformer - Secret cache.SharedIndexInformer - ConfigMap cache.SharedIndexInformer - Namespace cache.SharedIndexInformer + Ingress cache.SharedIndexInformer + IngressClass cache.SharedIndexInformer + EndpointSlice cache.SharedIndexInformer + Service cache.SharedIndexInformer + Secret cache.SharedIndexInformer + ConfigMap cache.SharedIndexInformer + Namespace cache.SharedIndexInformer } // Lister contains object listers (stores). @@ -141,7 +142,7 @@ type Lister struct { Ingress IngressLister IngressClass IngressClassLister Service ServiceLister - Endpoint EndpointLister + EndpointSlice EndpointSliceLister Secret SecretLister ConfigMap ConfigMapLister Namespace NamespaceLister @@ -159,7 +160,7 @@ func (e NotExistsError) Error() string { // Run initiates the synchronization of the informers against the API server. func (i *Informer) Run(stopCh chan struct{}) { go i.Secret.Run(stopCh) - go i.Endpoint.Run(stopCh) + go i.EndpointSlice.Run(stopCh) if i.IngressClass != nil { go i.IngressClass.Run(stopCh) } @@ -169,7 +170,6 @@ func (i *Informer) Run(stopCh chan struct{}) { // wait for all involved caches to be synced before processing items // from the queue if !cache.WaitForCacheSync(stopCh, - i.Endpoint.HasSynced, i.Service.HasSynced, i.Secret.HasSynced, i.ConfigMap.HasSynced, @@ -330,8 +330,8 @@ func New( store.listers.IngressClass.Store = cache.NewStore(cache.MetaNamespaceKeyFunc) } - store.informers.Endpoint = infFactory.Core().V1().Endpoints().Informer() - store.listers.Endpoint.Store = store.informers.Endpoint.GetStore() + store.informers.EndpointSlice = infFactory.Discovery().V1().EndpointSlices().Informer() + store.listers.EndpointSlice.Store = store.informers.EndpointSlice.GetStore() store.informers.Secret = infFactorySecrets.Core().V1().Secrets().Informer() store.listers.Secret.Store = store.informers.Secret.GetStore() @@ -673,7 +673,7 @@ func New( }, } - epEventHandler := cache.ResourceEventHandlerFuncs{ + epsEventHandler := cache.ResourceEventHandlerFuncs{ AddFunc: func(obj interface{}) { updateCh.In() <- Event{ Type: CreateEvent, @@ -687,9 +687,9 @@ func New( } }, UpdateFunc: func(old, cur interface{}) { - oep := old.(*corev1.Endpoints) - cep := cur.(*corev1.Endpoints) - if !reflect.DeepEqual(cep.Subsets, oep.Subsets) { + oeps := old.(*discoveryv1.EndpointSlice) + ceps := cur.(*discoveryv1.EndpointSlice) + if !reflect.DeepEqual(ceps.Endpoints, oeps.Endpoints) { updateCh.In() <- Event{ Type: UpdateEvent, Obj: cur, @@ -796,7 +796,7 @@ func New( if !icConfig.IgnoreIngressClass { store.informers.IngressClass.AddEventHandler(ingressClassEventHandler) } - store.informers.Endpoint.AddEventHandler(epEventHandler) + store.informers.EndpointSlice.AddEventHandler(epsEventHandler) store.informers.Secret.AddEventHandler(secrEventHandler) store.informers.ConfigMap.AddEventHandler(cmEventHandler) store.informers.Service.AddEventHandler(serviceHandler) @@ -1044,9 +1044,8 @@ func (s *k8sStore) GetConfigMap(key string) (*corev1.ConfigMap, error) { return s.listers.ConfigMap.ByKey(key) } -// GetServiceEndpoints returns the Endpoints of a Service matching key. -func (s *k8sStore) GetServiceEndpoints(key string) (*corev1.Endpoints, error) { - return s.listers.Endpoint.ByKey(key) +func (s *k8sStore) GetServiceEndpointsSlices(key string) ([]*discoveryv1.EndpointSlice, error) { + return s.listers.EndpointSlice.MatchByKey(key) } // GetAuthCertificate is used by the auth-tls annotations to get a cert from a secret From 67f7d3da63ba723c2d5f8f2d1dacd40a72a248c2 Mon Sep 17 00:00:00 2001 From: Wilmar den Ouden Date: Sat, 24 Sep 2022 13:38:05 +0200 Subject: [PATCH 067/166] fix: do not apply job-patch psp on Kubernetes 1.25 and newer (#9074) * fix: do not apply job-patch psp on Kubernetes 1.25 and newer Signed-off-by: wilmarguida * fix: bump kubernetes version for helm chart CI to 1.25.0 Signed-off-by: wilmarguida Signed-off-by: wilmarguida --- .github/workflows/ci.yaml | 2 +- .../templates/admission-webhooks/job-patch/psp.yaml | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 9d7941ab5..fc106b495 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -175,7 +175,7 @@ jobs: uses: engineerd/setup-kind@aa272fe2a7309878ffc2a81c56cfe3ef108ae7d0 #v0.5.0 with: version: v0.15.0 - image: kindest/node:v1.24.4 + image: kindest/node:v1.25.0 - uses: geekyeggo/delete-artifact@b73cb986740e466292a536d0e32e2666c56fdeb3 # v1 with: diff --git a/charts/ingress-nginx/templates/admission-webhooks/job-patch/psp.yaml b/charts/ingress-nginx/templates/admission-webhooks/job-patch/psp.yaml index 70edde334..e19c95572 100644 --- a/charts/ingress-nginx/templates/admission-webhooks/job-patch/psp.yaml +++ b/charts/ingress-nginx/templates/admission-webhooks/job-patch/psp.yaml @@ -1,3 +1,4 @@ +{{- if (semverCompare "<1.25.0-0" .Capabilities.KubeVersion.Version) }} {{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled .Values.podSecurityPolicy.enabled (empty .Values.controller.admissionWebhooks.existingPsp) -}} apiVersion: policy/v1beta1 kind: PodSecurityPolicy @@ -37,3 +38,4 @@ spec: - secret - downwardAPI {{- end }} +{{- end }} From 2af4fec0552064e4462437faa291cfd5e69193f7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 24 Sep 2022 08:02:04 -0700 Subject: [PATCH 068/166] Bump github/codeql-action from 2.1.24 to 2.1.25 (#9083) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.24 to 2.1.25. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/904260d7d935dff982205cbdb42025ce30b7a34f...86f3159a697a097a813ad9bfa0002412d97690a4) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/scorecards.yml | 2 +- .github/workflows/vulnerability-scans.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 84cc87e1d..e903a2783 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -57,6 +57,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@904260d7d935dff982205cbdb42025ce30b7a34f # v2.1.14 + uses: github/codeql-action/upload-sarif@86f3159a697a097a813ad9bfa0002412d97690a4 # v2.1.14 with: sarif_file: results.sarif diff --git a/.github/workflows/vulnerability-scans.yaml b/.github/workflows/vulnerability-scans.yaml index 8377b3ad0..0ef654160 100644 --- a/.github/workflows/vulnerability-scans.yaml +++ b/.github/workflows/vulnerability-scans.yaml @@ -75,7 +75,7 @@ jobs: # This step checks out a copy of your repository. - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@904260d7d935dff982205cbdb42025ce30b7a34f + uses: github/codeql-action/upload-sarif@86f3159a697a097a813ad9bfa0002412d97690a4 with: token: ${{ github.token }} # Path to SARIF file relative to the root of the repository From f192ffe302f060c4357fe8d05c78dc8e77356a97 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 24 Sep 2022 08:04:03 -0700 Subject: [PATCH 069/166] Bump actions/dependency-review-action from 2.1.0 to 2.4.0 (#9085) Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 2.1.0 to 2.4.0. - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](https://github.com/actions/dependency-review-action/compare/23d1ffffb6fa5401173051ec21eba8c35242733f...375c5370086bfff256c37f8beec0f437e2e72ae1) --- updated-dependencies: - dependency-name: actions/dependency-review-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/depreview.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/depreview.yaml b/.github/workflows/depreview.yaml index b16d44681..d69c1a0c8 100644 --- a/.github/workflows/depreview.yaml +++ b/.github/workflows/depreview.yaml @@ -11,4 +11,4 @@ jobs: - name: 'Checkout Repository' uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b #v3.0.2 - name: 'Dependency Review' - uses: actions/dependency-review-action@23d1ffffb6fa5401173051ec21eba8c35242733f #v2.0.2 + uses: actions/dependency-review-action@375c5370086bfff256c37f8beec0f437e2e72ae1 #v2.0.2 From cd151e3db8bd4f884511d229c2134e89f3c22a98 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 24 Sep 2022 17:48:04 -0700 Subject: [PATCH 070/166] Bump actions/checkout from 1 to 3 (#9084) Bumps [actions/checkout](https://github.com/actions/checkout) from 1 to 3. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v1...2541b1294d2704b0964813337f33b291d3f8596b) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/perftest.yaml | 2 +- .github/workflows/scorecards.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/perftest.yaml b/.github/workflows/perftest.yaml index aeda0425e..d498a216a 100644 --- a/.github/workflows/perftest.yaml +++ b/.github/workflows/perftest.yaml @@ -18,7 +18,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v1 + uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b - name: Install K6 run: | diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index e903a2783..2e13deea0 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -25,7 +25,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 # v3.0.0 + uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.0 with: persist-credentials: false From 855bcbce344c5472dacde7ba01276f53366dbb43 Mon Sep 17 00:00:00 2001 From: Nicolas Julian <33948000+nicolasjulian@users.noreply.github.com> Date: Tue, 27 Sep 2022 20:59:51 +0700 Subject: [PATCH 071/166] Update Version ModSecurity and Coreruleset (#9086) This is related to some new bugs that found in LiveHackingEvent 1337up0522. The latest coreruleset need *ModSecurity version 2.9.6 or 3.0.8* - https://terjanq.medium.com/waf-bypasses-via-0days-d4ef1f212ec - https://coreruleset.org/20220920/crs-version-3-3-4-and-3-2-3/ - https://coreruleset.org/20220919/crs-version-3-3-3-and-3-2-2-covering-several-cves/ - https://github.com/coreruleset/coreruleset/releases/tag/v3.3.4 --- images/nginx/rootfs/build.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/images/nginx/rootfs/build.sh b/images/nginx/rootfs/build.sh index f3efb3663..75d765e78 100755 --- a/images/nginx/rootfs/build.sh +++ b/images/nginx/rootfs/build.sh @@ -60,10 +60,10 @@ export DATADOG_CPP_VERSION=1.3.2 export MODSECURITY_VERSION=1.0.2 # Check for recent changes: https://github.com/SpiderLabs/ModSecurity/compare/v3.0.5...v3/master -export MODSECURITY_LIB_VERSION=v3.0.5 +export MODSECURITY_LIB_VERSION=v3.0.8 # Check for recent changes: https://github.com/coreruleset/coreruleset/compare/v3.3.2...v3.3/master -export OWASP_MODSECURITY_CRS_VERSION=v3.3.2 +export OWASP_MODSECURITY_CRS_VERSION=v3.3.4 # Check for recent changes: https://github.com/openresty/lua-nginx-module/compare/v0.10.20...master export LUA_NGX_VERSION=b721656a9127255003b696b42ccc871c7ec18d59 @@ -548,6 +548,7 @@ Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-912-DOS-PROTECTION.conf Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-921-PROTOCOL-ATTACK.conf +Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-922-MULTIPART-ATTACK.conf Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf From a3da90f9f5b6eac6b519c241521c99a04669967c Mon Sep 17 00:00:00 2001 From: "Leon(@mediocreDevops)" Date: Wed, 28 Sep 2022 19:52:35 +0530 Subject: [PATCH 072/166] Added a Link to the New Contributors Tips (#9072) This adds a link to the new contributor tips in the developer guide present on the docs page Signed-off-by: afro-coder Signed-off-by: afro-coder --- docs/developer-guide/getting-started.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/docs/developer-guide/getting-started.md b/docs/developer-guide/getting-started.md index 8d500f147..fbf251790 100644 --- a/docs/developer-guide/getting-started.md +++ b/docs/developer-guide/getting-started.md @@ -88,3 +88,6 @@ and then publish such version with ```console docker push $REGISTRY/controller:$TAG ``` + +### New Contributor Tips +New contributors can refer to the [new contributor tips](https://github.com/kubernetes/ingress-nginx/blob/main/NEW_CONTRIBUTOR.md) which will be updated with examples and tips. From 077c0414aa9a36df6ad57735203df382010e666f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 28 Sep 2022 07:24:36 -0700 Subject: [PATCH 073/166] Bump k8s.io/component-base from 0.25.1 to 0.25.2 (#9089) Bumps [k8s.io/component-base](https://github.com/kubernetes/component-base) from 0.25.1 to 0.25.2. - [Release notes](https://github.com/kubernetes/component-base/releases) - [Commits](https://github.com/kubernetes/component-base/compare/v0.25.1...v0.25.2) --- updated-dependencies: - dependency-name: k8s.io/component-base dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 8 ++++---- go.sum | 16 ++++++++-------- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/go.mod b/go.mod index ca896babd..471e7749e 100644 --- a/go.mod +++ b/go.mod @@ -30,14 +30,14 @@ require ( google.golang.org/grpc v1.49.0 gopkg.in/go-playground/pool.v3 v3.1.1 gopkg.in/mcuadros/go-syslog.v2 v2.3.0 - k8s.io/api v0.25.1 + k8s.io/api v0.25.2 k8s.io/apiextensions-apiserver v0.23.5 - k8s.io/apimachinery v0.25.1 + k8s.io/apimachinery v0.25.2 k8s.io/apiserver v0.25.0 k8s.io/cli-runtime v0.25.0 - k8s.io/client-go v0.25.1 + k8s.io/client-go v0.25.2 k8s.io/code-generator v0.23.5 - k8s.io/component-base v0.25.1 + k8s.io/component-base v0.25.2 k8s.io/klog/v2 v2.80.1 pault.ag/go/sniff v0.0.0-20200207005214-cf7e4d167732 sigs.k8s.io/controller-runtime v0.11.2 diff --git a/go.sum b/go.sum index 8127cfbf4..65fb4ee78 100644 --- a/go.sum +++ b/go.sum @@ -1134,26 +1134,26 @@ honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= k8s.io/api v0.23.5/go.mod h1:Na4XuKng8PXJ2JsploYYrivXrINeTaycCGcYgF91Xm8= -k8s.io/api v0.25.1 h1:yL7du50yc93k17nH/Xe9jujAYrcDkI/i5DL1jPz4E3M= -k8s.io/api v0.25.1/go.mod h1:hh4itDvrWSJsmeUc28rIFNri8MatNAAxJjKcQmhX6TU= +k8s.io/api v0.25.2 h1:v6G8RyFcwf0HR5jQGIAYlvtRNrxMJQG1xJzaSeVnIS8= +k8s.io/api v0.25.2/go.mod h1:qP1Rn4sCVFwx/xIhe+we2cwBLTXNcheRyYXwajonhy0= k8s.io/apiextensions-apiserver v0.23.5 h1:5SKzdXyvIJKu+zbfPc3kCbWpbxi+O+zdmAJBm26UJqI= k8s.io/apiextensions-apiserver v0.23.5/go.mod h1:ntcPWNXS8ZPKN+zTXuzYMeg731CP0heCTl6gYBxLcuQ= k8s.io/apimachinery v0.23.5/go.mod h1:BEuFMMBaIbcOqVIJqNZJXGFTP4W6AycEpb5+m/97hrM= -k8s.io/apimachinery v0.25.1 h1:t0XrnmCEHVgJlR2arwO8Awp9ylluDic706WePaYCBTI= -k8s.io/apimachinery v0.25.1/go.mod h1:hqqA1X0bsgsxI6dXsJ4HnNTBOmJNxyPp8dw3u2fSHwA= +k8s.io/apimachinery v0.25.2 h1:WbxfAjCx+AeN8Ilp9joWnyJ6xu9OMeS/fsfjK/5zaQs= +k8s.io/apimachinery v0.25.2/go.mod h1:hqqA1X0bsgsxI6dXsJ4HnNTBOmJNxyPp8dw3u2fSHwA= k8s.io/apiserver v0.23.5/go.mod h1:7wvMtGJ42VRxzgVI7jkbKvMbuCbVbgsWFT7RyXiRNTw= k8s.io/apiserver v0.25.0 h1:8kl2ifbNffD440MyvHtPaIz1mw4mGKVgWqM0nL+oyu4= k8s.io/apiserver v0.25.0/go.mod h1:BKwsE+PTC+aZK+6OJQDPr0v6uS91/HWxX7evElAH6xo= k8s.io/cli-runtime v0.25.0 h1:XBnTc2Fi+w818jcJGzhiJKQuXl8479sZ4FhtV5hVJ1Q= k8s.io/cli-runtime v0.25.0/go.mod h1:bHOI5ZZInRHhbq12OdUiYZQN8ml8aKZLwQgt9QlLINw= k8s.io/client-go v0.23.5/go.mod h1:flkeinTO1CirYgzMPRWxUCnV0G4Fbu2vLhYCObnt/r4= -k8s.io/client-go v0.25.1 h1:uFj4AJKtE1/ckcSKz8IhgAuZTdRXZDKev8g387ndD58= -k8s.io/client-go v0.25.1/go.mod h1:rdFWTLV/uj2C74zGbQzOsmXPUtMAjSf7ajil4iJUNKo= +k8s.io/client-go v0.25.2 h1:SUPp9p5CwM0yXGQrwYurw9LWz+YtMwhWd0GqOsSiefo= +k8s.io/client-go v0.25.2/go.mod h1:i7cNU7N+yGQmJkewcRD2+Vuj4iz7b30kI8OcL3horQ4= k8s.io/code-generator v0.23.5 h1:xn3a6J5pUL49AoH6SPrOFtnB5cvdMl76f/bEY176R3c= k8s.io/code-generator v0.23.5/go.mod h1:S0Q1JVA+kSzTI1oUvbKAxZY/DYbA/ZUb4Uknog12ETk= k8s.io/component-base v0.23.5/go.mod h1:c5Nq44KZyt1aLl0IpHX82fhsn84Sb0jjzwjpcA42bY0= -k8s.io/component-base v0.25.1 h1:Wmj33QwddVwsJFJWmXlf24Nu8do2bGHLabXHrKz7Org= -k8s.io/component-base v0.25.1/go.mod h1:j78+TFdsKM8RXHfM88oeAdZu2v9qMZdQZOfg0LGW+q4= +k8s.io/component-base v0.25.2 h1:Nve/ZyHLUBHz1rqwkjXm/Re6IniNa5k7KgzxZpTfSQY= +k8s.io/component-base v0.25.2/go.mod h1:90W21YMr+Yjg7MX+DohmZLzjsBtaxQDDwaX4YxDkl60= k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c h1:GohjlNKauSai7gN4wsJkeZ3WAJx4Sh+oT/b5IYn5suA= k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE= From 26fe69cb47295f6677576fa8585afa98d72536e2 Mon Sep 17 00:00:00 2001 From: Matthias Neugebauer Date: Wed, 28 Sep 2022 16:28:37 +0200 Subject: [PATCH 074/166] Add annotation for setting sticky cookie domain (#9088) This adds the new annotation `nginx.ingress.kubernetes.io/session-cookie-domain` for setting the cookie `Domain` attribute of the sticky cookie. Signed-off-by: Matthias Neugebauer Signed-off-by: Matthias Neugebauer --- docs/examples/affinity/cookie/README.md | 1 + .../nginx-configuration/annotations.md | 3 ++ .../annotations/sessionaffinity/main.go | 10 +++++ .../annotations/sessionaffinity/main_test.go | 5 +++ internal/ingress/controller/controller.go | 1 + pkg/apis/ingress/types.go | 1 + pkg/apis/ingress/types_equals.go | 5 ++- rootfs/etc/nginx/lua/balancer/sticky.lua | 4 ++ test/e2e/annotations/affinity.go | 45 +++++++++++++++++++ 9 files changed, 74 insertions(+), 1 deletion(-) diff --git a/docs/examples/affinity/cookie/README.md b/docs/examples/affinity/cookie/README.md index 891f828a2..1920d132b 100644 --- a/docs/examples/affinity/cookie/README.md +++ b/docs/examples/affinity/cookie/README.md @@ -14,6 +14,7 @@ Session affinity can be configured using the following annotations: |nginx.ingress.kubernetes.io/session-cookie-name|Name of the cookie that will be created|string (defaults to `INGRESSCOOKIE`)| |nginx.ingress.kubernetes.io/session-cookie-secure|Set the cookie as secure regardless the protocol of the incoming request|`"true"` or `"false"`| |nginx.ingress.kubernetes.io/session-cookie-path|Path that will be set on the cookie (required if your [Ingress paths][ingress-paths] use regular expressions)|string (defaults to the currently [matched path][ingress-paths])| +|nginx.ingress.kubernetes.io/session-cookie-domain|Domain that will be set on the cookie|string| |nginx.ingress.kubernetes.io/session-cookie-samesite|`SameSite` attribute to apply to the cookie|Browser accepted values are `None`, `Lax`, and `Strict`| |nginx.ingress.kubernetes.io/session-cookie-conditional-samesite-none|Will omit `SameSite=None` attribute for older browsers which reject the more-recently defined `SameSite=None` value|`"true"` or `"false"` |nginx.ingress.kubernetes.io/session-cookie-max-age|Time until the cookie expires, corresponds to the `Max-Age` cookie directive|number of seconds| diff --git a/docs/user-guide/nginx-configuration/annotations.md b/docs/user-guide/nginx-configuration/annotations.md index 199d156be..131320bf7 100755 --- a/docs/user-guide/nginx-configuration/annotations.md +++ b/docs/user-guide/nginx-configuration/annotations.md @@ -98,6 +98,7 @@ You can add these Kubernetes annotations to specific Ingress objects to customiz |[nginx.ingress.kubernetes.io/service-upstream](#service-upstream)|"true" or "false"| |[nginx.ingress.kubernetes.io/session-cookie-name](#cookie-affinity)|string| |[nginx.ingress.kubernetes.io/session-cookie-path](#cookie-affinity)|string| +|[nginx.ingress.kubernetes.io/session-cookie-domain](#cookie-affinity)|string| |[nginx.ingress.kubernetes.io/session-cookie-change-on-failure](#cookie-affinity)|"true" or "false"| |[nginx.ingress.kubernetes.io/session-cookie-samesite](#cookie-affinity)|string| |[nginx.ingress.kubernetes.io/session-cookie-conditional-samesite-none](#cookie-affinity)|"true" or "false"| @@ -189,6 +190,8 @@ If you use the ``cookie`` affinity type you can also specify the name of the coo The NGINX annotation `nginx.ingress.kubernetes.io/session-cookie-path` defines the path that will be set on the cookie. This is optional unless the annotation `nginx.ingress.kubernetes.io/use-regex` is set to true; Session cookie paths do not support regex. +Use `nginx.ingress.kubernetes.io/session-cookie-domain` to set the `Domain` attribute of the sticky cookie. + Use `nginx.ingress.kubernetes.io/session-cookie-samesite` to apply a `SameSite` attribute to the sticky cookie. Browser accepted values are `None`, `Lax`, and `Strict`. Some browsers reject cookies with `SameSite=None`, including those created before the `SameSite=None` specification (e.g. Chrome 5X). Other browsers mistakenly treat `SameSite=None` cookies as `SameSite=Strict` (e.g. Safari running on OSX 14). To omit `SameSite=None` from browsers with these incompatibilities, add the annotation `nginx.ingress.kubernetes.io/session-cookie-conditional-samesite-none: "true"`. ### Authentication diff --git a/internal/ingress/annotations/sessionaffinity/main.go b/internal/ingress/annotations/sessionaffinity/main.go index 9c4d1d2bc..98a0d64f8 100644 --- a/internal/ingress/annotations/sessionaffinity/main.go +++ b/internal/ingress/annotations/sessionaffinity/main.go @@ -52,6 +52,9 @@ const ( // This is used to control the cookie path when use-regex is set to true annotationAffinityCookiePath = "session-cookie-path" + // This is used to control the cookie Domain + annotationAffinityCookieDomain = "session-cookie-domain" + // This is used to control the SameSite attribute of the cookie annotationAffinityCookieSameSite = "session-cookie-samesite" @@ -87,6 +90,8 @@ type Cookie struct { MaxAge string `json:"maxage"` // The path that a cookie will be set on Path string `json:"path"` + // The domain that a cookie will be set on + Domain string `json:"domain"` // Flag that allows cookie regeneration on request failure ChangeOnFailure bool `json:"changeonfailure"` // Secure flag to be set @@ -127,6 +132,11 @@ func (a affinity) cookieAffinityParse(ing *networking.Ingress) *Cookie { klog.V(3).InfoS("Invalid or no annotation value found. Ignoring", "ingress", klog.KObj(ing), "annotation", annotationAffinityCookiePath) } + cookie.Domain, err = parser.GetStringAnnotation(annotationAffinityCookieDomain, ing) + if err != nil { + klog.V(3).InfoS("Invalid or no annotation value found. Ignoring", "ingress", klog.KObj(ing), "annotation", annotationAffinityCookieDomain) + } + cookie.SameSite, err = parser.GetStringAnnotation(annotationAffinityCookieSameSite, ing) if err != nil { klog.V(3).InfoS("Invalid or no annotation value found. Ignoring", "ingress", klog.KObj(ing), "annotation", annotationAffinityCookieSameSite) diff --git a/internal/ingress/annotations/sessionaffinity/main_test.go b/internal/ingress/annotations/sessionaffinity/main_test.go index 65d11ac2d..cffe57fec 100644 --- a/internal/ingress/annotations/sessionaffinity/main_test.go +++ b/internal/ingress/annotations/sessionaffinity/main_test.go @@ -78,6 +78,7 @@ func TestIngressAffinityCookieConfig(t *testing.T) { data[parser.GetAnnotationWithPrefix(annotationAffinityCookieExpires)] = "4500" data[parser.GetAnnotationWithPrefix(annotationAffinityCookieMaxAge)] = "3000" data[parser.GetAnnotationWithPrefix(annotationAffinityCookiePath)] = "/foo" + data[parser.GetAnnotationWithPrefix(annotationAffinityCookieDomain)] = "foo.bar" data[parser.GetAnnotationWithPrefix(annotationAffinityCookieChangeOnFailure)] = "true" data[parser.GetAnnotationWithPrefix(annotationAffinityCookieSecure)] = "true" ing.SetAnnotations(data) @@ -112,6 +113,10 @@ func TestIngressAffinityCookieConfig(t *testing.T) { t.Errorf("expected /foo as session-cookie-path but returned %v", nginxAffinity.Cookie.Path) } + if nginxAffinity.Cookie.Domain != "foo.bar" { + t.Errorf("expected foo.bar as session-cookie-domain but returned %v", nginxAffinity.Cookie.Domain) + } + if !nginxAffinity.Cookie.ChangeOnFailure { t.Errorf("expected change of failure parameter set to true but returned %v", nginxAffinity.Cookie.ChangeOnFailure) } diff --git a/internal/ingress/controller/controller.go b/internal/ingress/controller/controller.go index 84da5eb30..f60f7a053 100644 --- a/internal/ingress/controller/controller.go +++ b/internal/ingress/controller/controller.go @@ -767,6 +767,7 @@ func (n *NGINXController) getBackendServers(ingresses []*ingress.Ingress) ([]*in ups.SessionAffinity.CookieSessionAffinity.MaxAge = anns.SessionAffinity.Cookie.MaxAge ups.SessionAffinity.CookieSessionAffinity.Secure = anns.SessionAffinity.Cookie.Secure ups.SessionAffinity.CookieSessionAffinity.Path = cookiePath + ups.SessionAffinity.CookieSessionAffinity.Domain = anns.SessionAffinity.Cookie.Domain ups.SessionAffinity.CookieSessionAffinity.SameSite = anns.SessionAffinity.Cookie.SameSite ups.SessionAffinity.CookieSessionAffinity.ConditionalSameSiteNone = anns.SessionAffinity.Cookie.ConditionalSameSiteNone ups.SessionAffinity.CookieSessionAffinity.ChangeOnFailure = anns.SessionAffinity.Cookie.ChangeOnFailure diff --git a/pkg/apis/ingress/types.go b/pkg/apis/ingress/types.go index 8460ee684..7c1c825b7 100644 --- a/pkg/apis/ingress/types.go +++ b/pkg/apis/ingress/types.go @@ -159,6 +159,7 @@ type CookieSessionAffinity struct { Locations map[string][]string `json:"locations,omitempty"` Secure bool `json:"secure,omitempty"` Path string `json:"path,omitempty"` + Domain string `json:"domain,omitempty"` SameSite string `json:"samesite,omitempty"` ConditionalSameSiteNone bool `json:"conditional_samesite_none,omitempty"` ChangeOnFailure bool `json:"change_on_failure,omitempty"` diff --git a/pkg/apis/ingress/types_equals.go b/pkg/apis/ingress/types_equals.go index 1ba80d07e..a954a253b 100644 --- a/pkg/apis/ingress/types_equals.go +++ b/pkg/apis/ingress/types_equals.go @@ -173,6 +173,9 @@ func (csa1 *CookieSessionAffinity) Equal(csa2 *CookieSessionAffinity) bool { if csa1.Path != csa2.Path { return false } + if csa1.Domain != csa2.Domain { + return false + } if csa1.Expires != csa2.Expires { return false } @@ -192,7 +195,7 @@ func (csa1 *CookieSessionAffinity) Equal(csa2 *CookieSessionAffinity) bool { return true } -//Equal checks the equality between UpstreamByConfig types +// Equal checks the equality between UpstreamByConfig types func (u1 *UpstreamHashByConfig) Equal(u2 *UpstreamHashByConfig) bool { if u1 == u2 { return true diff --git a/rootfs/etc/nginx/lua/balancer/sticky.lua b/rootfs/etc/nginx/lua/balancer/sticky.lua index 3440d86bd..9d0a54116 100644 --- a/rootfs/etc/nginx/lua/balancer/sticky.lua +++ b/rootfs/etc/nginx/lua/balancer/sticky.lua @@ -110,6 +110,10 @@ function _M.set_cookie(self, value) cookie_data.max_age = tonumber(self.cookie_session_affinity.maxage) end + if self.cookie_session_affinity.domain and self.cookie_session_affinity.domain ~= "" then + cookie_data.domain = self.cookie_session_affinity.domain + end + local ok ok, err = cookie:set(cookie_data) if not ok then diff --git a/test/e2e/annotations/affinity.go b/test/e2e/annotations/affinity.go index 6a0a0bf48..3e1e9e969 100644 --- a/test/e2e/annotations/affinity.go +++ b/test/e2e/annotations/affinity.go @@ -222,6 +222,51 @@ var _ = framework.DescribeAnnotation("affinity session-cookie-name", func() { Header("Set-Cookie").Contains(fmt.Sprintf("Expires=%s", expected)).Contains("Max-Age=259200") }) + ginkgo.It("should set cookie with domain", func() { + host := "cookiedomain.foo.com" + annotations := make(map[string]string) + annotations["nginx.ingress.kubernetes.io/affinity"] = "cookie" + annotations["nginx.ingress.kubernetes.io/session-cookie-name"] = "DomainCookie" + annotations["nginx.ingress.kubernetes.io/session-cookie-domain"] = "foo.bar" + + ing := framework.NewSingleIngress(host, "/", host, f.Namespace, framework.EchoService, 80, annotations) + f.EnsureIngress(ing) + + f.WaitForNginxServer(host, + func(server string) bool { + return strings.Contains(server, fmt.Sprintf("server_name %s ;", host)) + }) + + f.HTTPTestClient(). + GET("/"). + WithHeader("Host", host). + Expect(). + Status(http.StatusOK). + Header("Set-Cookie").Contains("Domain=foo.bar") + }) + + ginkgo.It("should not set cookie without domain annotation", func() { + host := "cookienodomain.foo.com" + annotations := make(map[string]string) + annotations["nginx.ingress.kubernetes.io/affinity"] = "cookie" + annotations["nginx.ingress.kubernetes.io/session-cookie-name"] = "NoDomainCookie" + + ing := framework.NewSingleIngress(host, "/", host, f.Namespace, framework.EchoService, 80, annotations) + f.EnsureIngress(ing) + + f.WaitForNginxServer(host, + func(server string) bool { + return strings.Contains(server, fmt.Sprintf("server_name %s ;", host)) + }) + + f.HTTPTestClient(). + GET("/"). + WithHeader("Host", host). + Expect(). + Status(http.StatusOK). + Header("Set-Cookie").NotContains("; Domain") + }) + ginkgo.It("should work with use-regex annotation and session-cookie-path", func() { host := "useregex.foo.com" annotations := make(map[string]string) From 261ce42517c3f35c302177eb9acc4f355c4736df Mon Sep 17 00:00:00 2001 From: Tomas Hulata Date: Wed, 28 Sep 2022 16:34:36 +0200 Subject: [PATCH 075/166] plugin - endpoints to slices (#9081) Signed-off-by: tombokombo Signed-off-by: tombokombo --- cmd/plugin/request/request.go | 87 +++++++++++++++++++---------------- 1 file changed, 47 insertions(+), 40 deletions(-) diff --git a/cmd/plugin/request/request.go b/cmd/plugin/request/request.go index cae90e9d2..fd47564a9 100644 --- a/cmd/plugin/request/request.go +++ b/cmd/plugin/request/request.go @@ -22,11 +22,13 @@ import ( appsv1 "k8s.io/api/apps/v1" apiv1 "k8s.io/api/core/v1" + discoveryv1 "k8s.io/api/discovery/v1" networking "k8s.io/api/networking/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/cli-runtime/pkg/genericclioptions" appsv1client "k8s.io/client-go/kubernetes/typed/apps/v1" corev1 "k8s.io/client-go/kubernetes/typed/core/v1" + discoveryv1client "k8s.io/client-go/kubernetes/typed/discovery/v1" typednetworking "k8s.io/client-go/kubernetes/typed/networking/v1" "k8s.io/ingress-nginx/cmd/plugin/util" @@ -129,55 +131,61 @@ func GetIngressDefinitions(flags *genericclioptions.ConfigFlags, namespace strin return pods.Items, nil } -// GetNumEndpoints counts the number of endpoints for the service with the given name +// GetNumEndpoints counts the number of endpointslices adresses for the service with the given name func GetNumEndpoints(flags *genericclioptions.ConfigFlags, namespace string, serviceName string) (*int, error) { - endpoints, err := GetEndpointsByName(flags, namespace, serviceName) + epss, err := GetEndpointSlicesByName(flags, namespace, serviceName) if err != nil { return nil, err } - if endpoints == nil { + if len(epss) == 0 { return nil, nil } ret := 0 - for _, subset := range endpoints.Subsets { - ret += len(subset.Addresses) + for _, eps := range epss { + for _, ep := range eps.Endpoints { + ret += len(ep.Addresses) + } } return &ret, nil } -// GetEndpointsByName returns the endpoints for the service with the given name -func GetEndpointsByName(flags *genericclioptions.ConfigFlags, namespace string, name string) (*apiv1.Endpoints, error) { - allEndpoints, err := getEndpoints(flags, namespace) +// GetEndpointSlicesByName returns the endpointSlices for the service with the given name +func GetEndpointSlicesByName(flags *genericclioptions.ConfigFlags, namespace string, name string) ([]discoveryv1.EndpointSlice, error) { + allEndpointsSlices, err := getEndpointSlices(flags, namespace) if err != nil { return nil, err } - - for _, endpoints := range allEndpoints { - if endpoints.Name == name { - return &endpoints, nil + var eps []discoveryv1.EndpointSlice + for _, slice := range allEndpointsSlices { + if svcName, ok := slice.ObjectMeta.GetLabels()[discoveryv1.LabelServiceName]; ok { + if svcName == name { + eps = append(eps, slice) + } } } - return nil, nil + return eps, nil } -var endpointsCache = make(map[string]*[]apiv1.Endpoints) +var endpointSlicesCache = make(map[string]*[]discoveryv1.EndpointSlice) + +func getEndpointSlices(flags *genericclioptions.ConfigFlags, namespace string) ([]discoveryv1.EndpointSlice, error) { + cachedEndpointSlices, ok := endpointSlicesCache[namespace] -func getEndpoints(flags *genericclioptions.ConfigFlags, namespace string) ([]apiv1.Endpoints, error) { - cachedEndpoints, ok := endpointsCache[namespace] if ok { - return *cachedEndpoints, nil + return *cachedEndpointSlices, nil } if namespace != "" { - tryAllNamespacesEndpointsCache(flags) + tryAllNamespacesEndpointSlicesCache(flags) } - cachedEndpoints = tryFilteringEndpointsFromAllNamespacesCache(flags, namespace) - if cachedEndpoints != nil { - return *cachedEndpoints, nil + cachedEndpointSlices = tryFilteringEndpointSlicesFromAllNamespacesCache(flags, namespace) + + if cachedEndpointSlices != nil { + return *cachedEndpointSlices, nil } rawConfig, err := flags.ToRESTConfig() @@ -185,42 +193,41 @@ func getEndpoints(flags *genericclioptions.ConfigFlags, namespace string) ([]api return nil, err } - api, err := corev1.NewForConfig(rawConfig) + api, err := discoveryv1client.NewForConfig(rawConfig) if err != nil { return nil, err } - - endpointsList, err := api.Endpoints(namespace).List(context.TODO(), metav1.ListOptions{}) + endpointSlicesList, err := api.EndpointSlices(namespace).List(context.TODO(), metav1.ListOptions{}) if err != nil { return nil, err } - endpoints := endpointsList.Items + endpointSlices := endpointSlicesList.Items - endpointsCache[namespace] = &endpoints - return endpoints, nil + endpointSlicesCache[namespace] = &endpointSlices + return endpointSlices, nil } -func tryAllNamespacesEndpointsCache(flags *genericclioptions.ConfigFlags) { - _, ok := endpointsCache[""] +func tryAllNamespacesEndpointSlicesCache(flags *genericclioptions.ConfigFlags) { + _, ok := endpointSlicesCache[""] if !ok { - _, err := getEndpoints(flags, "") + _, err := getEndpointSlices(flags, "") if err != nil { - endpointsCache[""] = nil + endpointSlicesCache[""] = nil } } } -func tryFilteringEndpointsFromAllNamespacesCache(flags *genericclioptions.ConfigFlags, namespace string) *[]apiv1.Endpoints { - allEndpoints := endpointsCache[""] - if allEndpoints != nil { - endpoints := make([]apiv1.Endpoints, 0) - for _, thisEndpoints := range *allEndpoints { - if thisEndpoints.Namespace == namespace { - endpoints = append(endpoints, thisEndpoints) +func tryFilteringEndpointSlicesFromAllNamespacesCache(flags *genericclioptions.ConfigFlags, namespace string) *[]discoveryv1.EndpointSlice { + allEndpointSlices := endpointSlicesCache[""] + if allEndpointSlices != nil { + endpointSlices := make([]discoveryv1.EndpointSlice, 0) + for _, slice := range *allEndpointSlices { + if slice.Namespace == namespace { + endpointSlices = append(endpointSlices, slice) } } - endpointsCache[namespace] = &endpoints - return &endpoints + endpointSlicesCache[namespace] = &endpointSlices + return &endpointSlices } return nil } From 1a078af307d3cb52e3ad4c17e6a26bf4ef82581b Mon Sep 17 00:00:00 2001 From: Ehsan Saei <71217171+esigo@users.noreply.github.com> Date: Wed, 28 Sep 2022 23:02:30 +0200 Subject: [PATCH 076/166] fix chroot module mount path (#9090) --- charts/ingress-nginx/templates/controller-deployment.yaml | 4 ++++ rootfs/Dockerfile-chroot | 6 +++++- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/charts/ingress-nginx/templates/controller-deployment.yaml b/charts/ingress-nginx/templates/controller-deployment.yaml index 5ad186794..c193f776c 100644 --- a/charts/ingress-nginx/templates/controller-deployment.yaml +++ b/charts/ingress-nginx/templates/controller-deployment.yaml @@ -147,7 +147,11 @@ spec: volumeMounts: {{- if .Values.controller.extraModules }} - name: modules + {{ if .Values.controller.image.chroot }} + mountPath: /chroot/modules_mount + {{ else }} mountPath: /modules_mount + {{ end }} {{- end }} {{- if .Values.controller.customTemplate.configMapName }} - mountPath: /etc/nginx/template diff --git a/rootfs/Dockerfile-chroot b/rootfs/Dockerfile-chroot index 64b222890..4805909d5 100644 --- a/rootfs/Dockerfile-chroot +++ b/rootfs/Dockerfile-chroot @@ -84,7 +84,7 @@ RUN bash -xeu -c ' \ # LD_LIBRARY_PATH does not work so below is needed for opentelemetry/other modules # Put libs of newer modules under `/modules_mount//lib` and add that path below # Could get complicated arch specific paths become a need - && echo "/lib:/usr/lib:/usr/local/lib:/modules_mount/otel/lib" > /etc/ld-musl-x86_64.path + && echo "/lib:/usr/lib:/usr/local/lib:/modules_mount/etc/nginx/modules/otel" > /chroot/etc/ld-musl-x86_64.path RUN apk add --no-cache libcap \ && setcap cap_sys_chroot,cap_net_bind_service=+ep /nginx-ingress-controller \ @@ -113,6 +113,10 @@ RUN ln -sf /chroot/etc/nginx /etc/nginx \ && mknod -m 0666 /chroot/dev/zero c 1 5 \ && mknod -m 0666 /chroot/dev/tty c 5 0 +RUN mkdir -p /chroot/modules_mount \ + && mkdir -p modules_mount \ + && ln -s /modules_mount /chroot/modules_mount + USER www-data EXPOSE 80 443 From 61be730b910fff455d0c117f7a511097924f8fd6 Mon Sep 17 00:00:00 2001 From: Long Wu Yuan Date: Thu, 29 Sep 2022 21:12:54 +0530 Subject: [PATCH 077/166] kubewebhookcertgen sha change after go1191 (#9059) --- charts/ingress-nginx/README.md | 4 ++-- charts/ingress-nginx/values.yaml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/ingress-nginx/README.md b/charts/ingress-nginx/README.md index 4e6a696c6..d689e3d5f 100644 --- a/charts/ingress-nginx/README.md +++ b/charts/ingress-nginx/README.md @@ -252,11 +252,11 @@ Kubernetes: `>=1.20.0-0` | controller.admissionWebhooks.networkPolicyEnabled | bool | `false` | | | controller.admissionWebhooks.objectSelector | object | `{}` | | | controller.admissionWebhooks.patch.enabled | bool | `true` | | -| controller.admissionWebhooks.patch.image.digest | string | `"sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47"` | | +| controller.admissionWebhooks.patch.image.digest | string | `"sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f"` | | | controller.admissionWebhooks.patch.image.image | string | `"ingress-nginx/kube-webhook-certgen"` | | | controller.admissionWebhooks.patch.image.pullPolicy | string | `"IfNotPresent"` | | | controller.admissionWebhooks.patch.image.registry | string | `"registry.k8s.io"` | | -| controller.admissionWebhooks.patch.image.tag | string | `"v1.3.0"` | | +| controller.admissionWebhooks.patch.image.tag | string | `"v20220916-gd32f8c343"` | | | controller.admissionWebhooks.patch.labels | object | `{}` | Labels to be added to patch job resources | | controller.admissionWebhooks.patch.nodeSelector."kubernetes.io/os" | string | `"linux"` | | | controller.admissionWebhooks.patch.podAnnotations | object | `{}` | | diff --git a/charts/ingress-nginx/values.yaml b/charts/ingress-nginx/values.yaml index 9c34e7f6f..301635701 100644 --- a/charts/ingress-nginx/values.yaml +++ b/charts/ingress-nginx/values.yaml @@ -646,8 +646,8 @@ controller: ## for backwards compatibility consider setting the full image url via the repository value below ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail ## repository: - tag: v1.3.0 - digest: sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 + tag: v20220916-gd32f8c343 + digest: sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f pullPolicy: IfNotPresent # -- Provide a priority class name to the webhook patching job ## From 0b04270517bfa9402d72319812022d3b3f692178 Mon Sep 17 00:00:00 2001 From: Wilmar den Ouden Date: Thu, 29 Sep 2022 19:40:39 +0200 Subject: [PATCH 078/166] expand CI testing for all stable versions of Kubernetes (#9078) * ci: setup version matrix for the helm chart e2e Signed-off-by: wilmarguida * ci: sync all k8s version on CI steps Signed-off-by: wilmarguida * ci: bump all k8s version to latest stable Signed-off-by: wilmarguida Signed-off-by: wilmarguida --- .github/workflows/ci.yaml | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index fc106b495..46e44817c 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -128,6 +128,10 @@ jobs: if: | (needs.changes.outputs.charts == 'true') + strategy: + matrix: + k8s: [v1.23.12, v1.24.6, v1.25.2] + steps: - name: Checkout @@ -170,12 +174,12 @@ jobs: sudo mkdir -p $HOME/.kube sudo chmod -R 777 $HOME/.kube - - name: Create Kubernetes cluster + - name: Create Kubernetes ${{ matrix.k8s }} cluster id: kind uses: engineerd/setup-kind@aa272fe2a7309878ffc2a81c56cfe3ef108ae7d0 #v0.5.0 with: version: v0.15.0 - image: kindest/node:v1.25.0 + image: kindest/node:${{ matrix.k8s }} - uses: geekyeggo/delete-artifact@b73cb986740e466292a536d0e32e2666c56fdeb3 # v1 with: @@ -208,7 +212,7 @@ jobs: strategy: matrix: - k8s: [v1.23.10, v1.24.4, v1.25.0] + k8s: [v1.23.12, v1.24.6, v1.25.2] steps: @@ -265,7 +269,7 @@ jobs: strategy: matrix: - k8s: [v1.24.4, v1.25.0] + k8s: [v1.23.12, v1.24.6, v1.25.2] steps: @@ -404,7 +408,7 @@ jobs: uses: engineerd/setup-kind@aa272fe2a7309878ffc2a81c56cfe3ef108ae7d0 #v0.5.0 with: version: v0.15.0 - image: kindest/node:v1.25.0 + image: kindest/node:v1.25.2 - name: Set up Go 1.19.1 id: go From 7cb91ef9c1b2d281567bb78d56aa704f8c793035 Mon Sep 17 00:00:00 2001 From: Nate Campbell Date: Fri, 30 Sep 2022 11:00:29 -0400 Subject: [PATCH 079/166] Support none keyword in log-format escape (#8692) * Support none keyword in log-format escape ## What this PR does / why we need it: ingress-nginx does not support disabling escaping of special characters in the nginx log. This PR exposes the setting to support that functionality. ## Types of changes - [ ] Bug fix (non-breaking change which fixes an issue) - [x] New feature (non-breaking change which adds functionality) - [ ] Breaking change (fix or feature that would cause existing functionality to change) - [ ] Documentation only ## Which issue/s this PR fixes ## How Has This Been Tested? Followed the [getting-started](https://github.com/kubernetes/ingress-nginx/blob/96b6228a6b65a85e421b8a348a149e99181664d1/docs/developer-guide/getting-started.md) guide. Used ppa:longsleep/golang-backports on WSL Ubuntu to establish a golang-1.18 environment with latest docker and recommended kind. Built the dev-env successfully; had issues with make test, but they are entirely unrelated to anything I touched. Ultimate test was ``` FOCUS=log-format make kind-e2e-test ... Ginkgo ran 1 suite in 6m29.7437865s Test Suite Passed ``` ## Checklist: - [x] My change requires a change to the documentation. - [x] I have updated the documentation accordingly. - [x] I've read the [CONTRIBUTION](https://github.com/kubernetes/ingress-nginx/blob/main/CONTRIBUTING.md) guide - [x] I have added tests to cover my changes. - [x] All new and existing tests passed. I did not update docs/e2e-tests.md. * gofmt -s ./internal/ingress/controller/config/config.go --- .../nginx-configuration/configmap.md | 5 ++ internal/ingress/controller/config/config.go | 4 ++ rootfs/etc/nginx/template/nginx.tmpl | 2 +- test/e2e/settings/log-format.go | 55 ++++++++++++++++--- 4 files changed, 57 insertions(+), 9 deletions(-) diff --git a/docs/user-guide/nginx-configuration/configmap.md b/docs/user-guide/nginx-configuration/configmap.md index cd25095b0..c985d7373 100755 --- a/docs/user-guide/nginx-configuration/configmap.md +++ b/docs/user-guide/nginx-configuration/configmap.md @@ -64,6 +64,7 @@ The following table shows a configuration option's name, type, and the default v |[keep-alive](#keep-alive)|int|75| |[keep-alive-requests](#keep-alive-requests)|int|100| |[large-client-header-buffers](#large-client-header-buffers)|string|"4 8k"| +|[log-format-escape-none](#log-format-escape-none)|bool|"false"| |[log-format-escape-json](#log-format-escape-json)|bool|"false"| |[log-format-upstream](#log-format-upstream)|string|`$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $request_length $request_time [$proxy_upstream_name] [$proxy_alternative_upstream_name] $upstream_addr $upstream_response_length $upstream_response_time $upstream_status $req_id`| |[log-format-stream](#log-format-stream)|string|`[$remote_addr] [$time_local] $protocol $status $bytes_sent $bytes_received $session_time`| @@ -468,6 +469,10 @@ Sets the maximum number and size of buffers used for reading large client reques _References:_ [https://nginx.org/en/docs/http/ngx_http_core_module.html#large_client_header_buffers](https://nginx.org/en/docs/http/ngx_http_core_module.html#large_client_header_buffers) +## log-format-escape-none + +Sets if the escape parameter is disabled entirely for character escaping in variables ("true") or controlled by log-format-escape-json ("false") Sets the nginx [log format](https://nginx.org/en/docs/http/ngx_http_log_module.html#log_format). + ## log-format-escape-json Sets if the escape parameter allows JSON ("true") or default characters escaping in variables ("false") Sets the nginx [log format](https://nginx.org/en/docs/http/ngx_http_log_module.html#log_format). diff --git a/internal/ingress/controller/config/config.go b/internal/ingress/controller/config/config.go index 4ee2df965..8bf71b774 100644 --- a/internal/ingress/controller/config/config.go +++ b/internal/ingress/controller/config/config.go @@ -263,6 +263,10 @@ type Configuration struct { // Default: 4 8k LargeClientHeaderBuffers string `json:"large-client-header-buffers"` + // Disable all escaping + // http://nginx.org/en/docs/http/ngx_http_log_module.html#log_format + LogFormatEscapeNone bool `json:"log-format-escape-none,omitempty"` + // Enable json escaping // http://nginx.org/en/docs/http/ngx_http_log_module.html#log_format LogFormatEscapeJSON bool `json:"log-format-escape-json,omitempty"` diff --git a/rootfs/etc/nginx/template/nginx.tmpl b/rootfs/etc/nginx/template/nginx.tmpl index a04f71f0e..c315e4ee9 100755 --- a/rootfs/etc/nginx/template/nginx.tmpl +++ b/rootfs/etc/nginx/template/nginx.tmpl @@ -361,7 +361,7 @@ http { # $ingress_name # $service_name # $service_port - log_format upstreaminfo {{ if $cfg.LogFormatEscapeJSON }}escape=json {{ end }}'{{ $cfg.LogFormatUpstream }}'; + log_format upstreaminfo {{ if $cfg.LogFormatEscapeNone }}escape=none {{ else if $cfg.LogFormatEscapeJSON }}escape=json {{ end }}'{{ $cfg.LogFormatUpstream }}'; {{/* map urls that should not appear in access.log */}} {{/* http://nginx.org/en/docs/http/ngx_http_log_module.html#access_log */}} diff --git a/test/e2e/settings/log-format.go b/test/e2e/settings/log-format.go index b43fce874..24877818d 100644 --- a/test/e2e/settings/log-format.go +++ b/test/e2e/settings/log-format.go @@ -35,12 +35,12 @@ var _ = framework.DescribeSetting("log-format-*", func() { f.EnsureIngress(framework.NewSingleIngress(host, "/", host, f.Namespace, framework.EchoService, 80, nil)) }) - ginkgo.Context("Check log-format-escape-json", func() { + ginkgo.Context("Check log-format-escape-json and log-format-escape-none", func() { - ginkgo.It("should disable the log-format-escape-json by default", func() { + ginkgo.It("should not configure log-format escape by default", func() { f.WaitForNginxConfiguration( func(cfg string) bool { - return !strings.Contains(cfg, "log_format upstreaminfo escape=json") + return !strings.Contains(cfg, "log_format upstreaminfo escape") }) }) @@ -59,9 +59,25 @@ var _ = framework.DescribeSetting("log-format-*", func() { return !strings.Contains(cfg, "log_format upstreaminfo escape=json") }) }) + + ginkgo.It("should enable the log-format-escape-none", func() { + f.UpdateNginxConfigMapData("log-format-escape-none", "true") + f.WaitForNginxConfiguration( + func(cfg string) bool { + return strings.Contains(cfg, "log_format upstreaminfo escape=none") + }) + }) + + ginkgo.It("should disable the log-format-escape-none", func() { + f.UpdateNginxConfigMapData("log-format-escape-none", "false") + f.WaitForNginxConfiguration( + func(cfg string) bool { + return !strings.Contains(cfg, "log_format upstreaminfo escape=none") + }) + }) }) - ginkgo.Context("Check log-format-upstream with log-format-escape-json", func() { + ginkgo.Context("Check log-format-upstream with log-format-escape-json and log-format-escape-none", func() { ginkgo.It("log-format-escape-json enabled", func() { f.SetNginxConfigMapData(map[string]string{ @@ -86,7 +102,7 @@ var _ = framework.DescribeSetting("log-format-*", func() { assert.Contains(ginkgo.GinkgoT(), logs, `{"my_header1":"Here is \"header1\" with json escape", "my_header2":""}`) }) - ginkgo.It("log-format-escape-json disabled", func() { + ginkgo.It("log-format default escape", func() { f.SetNginxConfigMapData(map[string]string{ "log-format-escape-json": "false", "log-format-upstream": "\"{\"my_header3\":\"$http_header3\", \"my_header4\":\"$http_header4\"}\"", @@ -94,19 +110,42 @@ var _ = framework.DescribeSetting("log-format-*", func() { f.WaitForNginxConfiguration( func(cfg string) bool { - return !strings.Contains(cfg, "log_format upstreaminfo escape=json") + return !strings.Contains(cfg, "log_format upstreaminfo escape") }) f.HTTPTestClient(). GET("/"). WithHeader("Host", host). - WithHeader("header3", `Here is "header3" with json escape`). + WithHeader("header3", `Here is "header3" with default escape`). Expect(). Status(http.StatusOK) logs, err := f.NginxLogs() assert.Nil(ginkgo.GinkgoT(), err, "obtaining nginx logs") - assert.Contains(ginkgo.GinkgoT(), logs, `{"my_header3":"Here is \x22header3\x22 with json escape", "my_header4":"-"}`) + assert.Contains(ginkgo.GinkgoT(), logs, `{"my_header3":"Here is \x22header3\x22 with default escape", "my_header4":"-"}`) + }) + + ginkgo.It("log-format-escape-none enabled", func() { + f.SetNginxConfigMapData(map[string]string{ + "log-format-escape-none": "true", + "log-format-upstream": "\"{\"my_header5\":\"$http_header5\", \"my_header6\":\"$http_header6\"}\"", + }) + + f.WaitForNginxConfiguration( + func(cfg string) bool { + return strings.Contains(cfg, "log_format upstreaminfo escape=none") + }) + + f.HTTPTestClient(). + GET("/"). + WithHeader("Host", host). + WithHeader("header5", `Here is "header5" with none escape`). + Expect(). + Status(http.StatusOK) + + logs, err := f.NginxLogs() + assert.Nil(ginkgo.GinkgoT(), err, "obtaining nginx logs") + assert.Contains(ginkgo.GinkgoT(), logs, `{"my_header5":"Here is "header5" with none escape", "my_header6":""}`) }) }) }) From e6ff97fbbe4efc39ec673a3ecda734a9a0e880b7 Mon Sep 17 00:00:00 2001 From: Dmitry Bashkatov Date: Fri, 30 Sep 2022 18:00:36 +0300 Subject: [PATCH 080/166] Consistent prometheus metric names and documentation (#8728) * clean prometheus metrics - add new histogram metrics with consistent names - deprecate summary metrics with inconsistent names * update prometheus metrics tests * remove ingress_upstream_header_seconds metric It hasn't been released so it is safe. Use header_duration_seconds metric. * add documentation on prometheus metrics --- docs/user-guide/cli-arguments.md | 3 + docs/user-guide/monitoring.md | 197 +++++++++++++++--- internal/ingress/metric/collectors/socket.go | 129 ++++++------ .../ingress/metric/collectors/socket_test.go | 94 +++++++-- 4 files changed, 321 insertions(+), 102 deletions(-) diff --git a/docs/user-guide/cli-arguments.md b/docs/user-guide/cli-arguments.md index 0b710958d..9d7bd9fc6 100644 --- a/docs/user-guide/cli-arguments.md +++ b/docs/user-guide/cli-arguments.md @@ -32,6 +32,7 @@ They are set in the container spec of the `ingress-nginx-controller` Deployment | `--ingress-class-by-name` | Define if Ingress Controller should watch for Ingress Class by Name together with Controller Class. (default false) | | `--internal-logger-address` | Define the internal logger address to use when chroot images is used. (default 127.0.0.1:11514) | | `--kubeconfig` | Path to a kubeconfig file containing authorization and API server information. | +| `--length-buckets` | Set of buckets which will be used for prometheus histogram metrics such as RequestLength, ResponseLength. (default `[10, 20, 30, 40, 50, 60, 70, 80, 90, 100]`) | | `--log_backtrace_at` | when logging hits line file:N, emit a stack trace (default :0) | | `--log_dir` | If non-empty, write log files in this directory | | `--log_file` | If non-empty, use this log file | @@ -52,6 +53,7 @@ They are set in the container spec of the `ingress-nginx-controller` Deployment | `--skip_headers` | If true, avoid header prefixes in the log messages | | `--skip_log_headers` | If true, avoid headers when opening log files | | `--ssl-passthrough-proxy-port` | Port to use internally for SSL Passthrough. (default 442) | +| `--size-buckets` | Set of buckets which will be used for prometheus histogram metrics such as BytesSent. (default `[10, 100, 1000, 10000, 100000, 1e+06, 1e+07]`) | | `--status-port` | Port to use for the lua HTTP endpoint configuration. (default 10246) | | `--status-update-interval` | Time interval in seconds in which the status should check if an update is required. Default is 60 seconds (default 60) | | `--stderrthreshold` | logs at or above this threshold go to stderr (default 2) | @@ -59,6 +61,7 @@ They are set in the container spec of the `ingress-nginx-controller` Deployment | `--sync-period` | Period at which the controller forces the repopulation of its local object stores. Disabled by default. | | `--sync-rate-limit` | Define the sync frequency upper limit (default 0.3) | | `--tcp-services-configmap` | Name of the ConfigMap containing the definition of the TCP services to expose. The key in the map indicates the external port to be used. The value is a reference to a Service in the form "namespace/name:port", where "port" can either be a port number or name. TCP ports 80 and 443 are reserved by the controller for servicing HTTP traffic. | +| `--time-buckets` | Set of buckets which will be used for prometheus histogram metrics such as RequestTime, ResponseTime. (default `[0.005, 0.01, 0.025, 0.05, 0.1, 0.25, 0.5, 1, 2.5, 5, 10]`) | | `--udp-services-configmap` | Name of the ConfigMap containing the definition of the UDP services to expose. The key in the map indicates the external port to be used. The value is a reference to a Service in the form "namespace/name:port", where "port" can either be a port name or number. | | `--update-status` | Update the load-balancer status of Ingress objects this controller satisfies. Requires setting the publish-service parameter to a valid Service reference. (default true) | | `--update-status-on-shutdown` | Update the load-balancer status of Ingress objects when the controller shuts down. Requires the update-status parameter. (default true) | diff --git a/docs/user-guide/monitoring.md b/docs/user-guide/monitoring.md index c59e976e7..5c53213ea 100644 --- a/docs/user-guide/monitoring.md +++ b/docs/user-guide/monitoring.md @@ -1,9 +1,11 @@ -# Prometheus and Grafana installation -Two different methods to install and configure Prometheus and Grafana are described in this doc. -- Prometheus and Grafana installation using Pod Annotations. This installs Prometheus and Grafana in the same namespace as NGINX Ingress -- Prometheus and Grafana installation using Service Monitors. This installs Prometheus and Grafana in two different namespaces. This is the preferred method, and helm charts supports this by default. +# Monitoring + +Two different methods to install and configure Prometheus and Grafana are described in this doc. +* Prometheus and Grafana installation using Pod Annotations. This installs Prometheus and Grafana in the same namespace as NGINX Ingress +* Prometheus and Grafana installation using Service Monitors. This installs Prometheus and Grafana in two different namespaces. This is the preferred method, and helm charts supports this by default. + +## Prometheus and Grafana installation using Pod Annotations -## PROMETHEUS AND GRAFANA INSTALLATION USING POD ANNOTATIONS This tutorial will show you how to install [Prometheus](https://prometheus.io/) and [Grafana](https://grafana.com/) for scraping the metrics of the NGINX Ingress controller. !!! important @@ -168,7 +170,7 @@ According to the above example, this URL will be http://10.192.0.3:31086 - By default request metrics are labeled with the hostname. When you have a wildcard domain ingress, then there will be no metrics for that ingress (to prevent the metrics from exploding in cardinality). To get metrics in this case you need to run the ingress controller with `--metrics-per-host=false` (you will lose labeling by hostname, but still have labeling by ingress). ### Grafana dashboard using ingress resource - - If you want to expose the dashboard for grafana using a ingress resource, then you can : + - If you want to expose the dashboard for grafana using a ingress resource, then you can : - change the service type of the prometheus-server service and the grafana service to "ClusterIP" like this : ``` kubectl -n ingress-nginx edit svc grafana @@ -179,18 +181,18 @@ According to the above example, this URL will be http://10.192.0.3:31086 - create a ingress resource with backend as "grafana" and port as "3000" - Similarly, you can edit the service "prometheus-server" and add a ingress resource. -## PROMETHEUS AND GRAFANA INSTALLATION USING SERVICE MONITORS -This document assumes you're using helm and using the kube-prometheus-stack package to install Prometheus and Grafana. +## Prometheus and Grafana installation using Service Monitors +This document assumes you're using helm and using the kube-prometheus-stack package to install Prometheus and Grafana. ### Verify NGINX Ingress controller is installed - The NGINX Ingress controller should already be deployed according to the deployment instructions [here](../deploy/index.md). -- To check if Ingress controller is deployed, +- To check if Ingress controller is deployed, ``` - kubectl get pods -n ingress-nginx + kubectl get pods -n ingress-nginx ``` -- The result should look something like: +- The result should look something like: ``` NAME READY STATUS RESTARTS AGE ingress-nginx-controller-7c489dc7b7-ccrf6 1/1 Running 0 19h @@ -205,8 +207,8 @@ This document assumes you're using helm and using the kube-prometheus-stack pack ``` ``` NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION - ingress-nginx ingress-nginx 10 2022-01-20 18:08:55.267373 -0800 PST deployed ingress-nginx-4.0.16 1.1.1 - prometheus prometheus 1 2022-01-20 16:07:25.086828 -0800 PST deployed kube-prometheus-stack-30.1.0 0.53.1 + ingress-nginx ingress-nginx 10 2022-01-20 18:08:55.267373 -0800 PST deployed ingress-nginx-4.0.16 1.1.1 + prometheus prometheus 1 2022-01-20 16:07:25.086828 -0800 PST deployed kube-prometheus-stack-30.1.0 0.53.1 ``` - Notice that prometheus is installed in a differenet namespace than ingress-nginx @@ -218,9 +220,9 @@ This document assumes you're using helm and using the kube-prometheus-stack pack ``` controller.metrics.enabled=true controller.metrics.serviceMonitor.enabled=true - controller.metrics.serviceMonitor.additionalLabels.release="prometheus" + controller.metrics.serviceMonitor.additionalLabels.release="prometheus" ``` -- The easiest way of doing this is to helm upgrade +- The easiest way of doing this is to helm upgrade ``` helm upgrade ingress-nginx ingress-nginx/ingress-nginx \ --namespace ingress-nginx \ @@ -248,7 +250,7 @@ This document assumes you're using helm and using the kube-prometheus-stack pack - Since Prometheus is running in a different namespace and not in the ingress-nginx namespace, it would not be able to discover ServiceMonitors in other namespaces when installed. Reconfigure your kube-prometheus-stack Helm installation to set `serviceMonitorSelectorNilUsesHelmValues` flag to false. By default, Prometheus only discovers PodMonitors within its own namespace. This should be disabled by setting `podMonitorSelectorNilUsesHelmValues` to false - The configurations required are: ``` - prometheus.prometheusSpec.podMonitorSelectorNilUsesHelmValues=false + prometheus.prometheusSpec.podMonitorSelectorNilUsesHelmValues=false prometheus.prometheusSpec.serviceMonitorSelectorNilUsesHelmValues=false ``` - The easiest way of doing this is to use `helm upgrade ...` @@ -271,12 +273,12 @@ This document assumes you're using helm and using the kube-prometheus-stack pack ``` ### Connect and view Prometheus dashboard -- Port forward to Prometheus service. Find out the name of the prometheus service by using the following command: +- Port forward to Prometheus service. Find out the name of the prometheus service by using the following command: ``` kubectl get svc -n prometheus ``` - The result of this command would look like: + The result of this command would look like: ``` NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE alertmanager-operated ClusterIP None 9093/TCP,9094/TCP,9094/UDP 7h46m @@ -292,22 +294,22 @@ This document assumes you're using helm and using the kube-prometheus-stack pack ``` kubectl port-forward svc/prometheus-kube-prometheus-prometheus -n prometheus 9090:9090 ``` - When you run the above command, you should see something like: + When you run the above command, you should see something like: ``` Forwarding from 127.0.0.1:9090 -> 9090 Forwarding from [::1]:9090 -> 9090 ``` - Open your browser and visit the following URL http://localhost:{port-forwarded-port} according to the above example it would be, http://localhost:9090 - + ![Prometheus Dashboard](../images/prometheus-dashboard1.png) -### Connect and view Grafana dashboard -- Port forward to Grafana service. Find out the name of the Grafana service by using the following command: +### Connect and view Grafana dashboard +- Port forward to Grafana service. Find out the name of the Grafana service by using the following command: ``` kubectl get svc -n prometheus ``` - The result of this command would look like: + The result of this command would look like: ``` NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE alertmanager-operated ClusterIP None 9093/TCP,9094/TCP,9094/UDP 7h46m @@ -323,7 +325,7 @@ This document assumes you're using helm and using the kube-prometheus-stack pack ``` kubectl port-forward svc/prometheus-grafana 3000:80 -n prometheus ``` - When you run the above command, you should see something like: + When you run the above command, you should see something like: ``` Forwarding from 127.0.0.1:3000 -> 3000 Forwarding from [::1]:3000 -> 3000 @@ -345,4 +347,149 @@ This document assumes you're using helm and using the kube-prometheus-stack pack - Click "Import" ![Grafana Dashboard](../images/grafana-dashboard1.png) - + + +## Exposed metrics + +Prometheus metrics are exposed on port 10254. + +### Request metrics + +* `nginx_ingress_controller_request_duration_seconds` Histogram + + The request processing time in milliseconds (affected by client speed) + + nginx var: `request_time` + +* `nginx_ingress_controller_response_duration_seconds` Histogram + + The time spent on receiving the response from the upstream server (affected by client speed) + + nginx var: `upstream_response_time` + +* `nginx_ingress_controller_header_duration_seconds` Histogram + + The time spent on receiving first header from the upstream server + + nginx var: `upstream_header_time` + +* `nginx_ingress_controller_connect_duration_seconds` Histogram + + The time spent on establishing a connection with the upstream server + + nginx var: `upstream_connect_time` + +* `nginx_ingress_controller_response_size` Histogram + + The response length (including request line, header, and request body) + + nginx var: `bytes_sent` + +* `nginx_ingress_controller_request_size` Histogram + + The request length (including request line, header, and request body) + + nginx var: `request_length` + +* `nginx_ingress_controller_requests` Counter + + The total number of client requests + +* `nginx_ingress_controller_bytes_sent` Histogram + + The number of bytes sent to a client. **Deprecated**, use `nginx_ingress_controller_response_size` + + nginx var: `bytes_sent` + +* `nginx_ingress_controller_ingress_upstream_latency_seconds` Summary + + Upstream service latency per Ingress. **Deprecated**, use `nginx_ingress_controller_connect_duration_seconds` + + nginx var: `upstream_connect_time` + +``` +# HELP nginx_ingress_controller_bytes_sent The number of bytes sent to a client. DEPRECATED! Use nginx_ingress_controller_response_size +# TYPE nginx_ingress_controller_bytes_sent histogram +# HELP nginx_ingress_controller_connect_duration_seconds The time spent on establishing a connection with the upstream server +# TYPE nginx_ingress_controller_connect_duration_seconds nginx_ingress_controller_connect_duration_seconds +* HELP nginx_ingress_controller_header_duration_seconds The time spent on receiving first header from the upstream server +# TYPE nginx_ingress_controller_header_duration_seconds histogram +# HELP nginx_ingress_controller_ingress_upstream_latency_seconds Upstream service latency per Ingress DEPRECATED! Use nginx_ingress_controller_connect_duration_seconds +# TYPE nginx_ingress_controller_ingress_upstream_latency_seconds summary +# HELP nginx_ingress_controller_request_duration_seconds The request processing time in milliseconds +# TYPE nginx_ingress_controller_request_duration_seconds histogram +# HELP nginx_ingress_controller_request_size The request length (including request line, header, and request body) +# TYPE nginx_ingress_controller_request_size histogram +# HELP nginx_ingress_controller_requests The total number of client requests. +# TYPE nginx_ingress_controller_requests counter +# HELP nginx_ingress_controller_response_duration_seconds The time spent on receiving the response from the upstream server +# TYPE nginx_ingress_controller_response_duration_seconds histogram +# HELP nginx_ingress_controller_response_size The response length (including request line, header, and request body) +# TYPE nginx_ingress_controller_response_size histogram +``` + + +### Nginx process metrics +``` +# HELP nginx_ingress_controller_nginx_process_connections current number of client connections with state {active, reading, writing, waiting} +# TYPE nginx_ingress_controller_nginx_process_connections gauge +# HELP nginx_ingress_controller_nginx_process_connections_total total number of connections with state {accepted, handled} +# TYPE nginx_ingress_controller_nginx_process_connections_total counter +# HELP nginx_ingress_controller_nginx_process_cpu_seconds_total Cpu usage in seconds +# TYPE nginx_ingress_controller_nginx_process_cpu_seconds_total counter +# HELP nginx_ingress_controller_nginx_process_num_procs number of processes +# TYPE nginx_ingress_controller_nginx_process_num_procs gauge +# HELP nginx_ingress_controller_nginx_process_oldest_start_time_seconds start time in seconds since 1970/01/01 +# TYPE nginx_ingress_controller_nginx_process_oldest_start_time_seconds gauge +# HELP nginx_ingress_controller_nginx_process_read_bytes_total number of bytes read +# TYPE nginx_ingress_controller_nginx_process_read_bytes_total counter +# HELP nginx_ingress_controller_nginx_process_requests_total total number of client requests +# TYPE nginx_ingress_controller_nginx_process_requests_total counter +# HELP nginx_ingress_controller_nginx_process_resident_memory_bytes number of bytes of memory in use +# TYPE nginx_ingress_controller_nginx_process_resident_memory_bytes gauge +# HELP nginx_ingress_controller_nginx_process_virtual_memory_bytes number of bytes of memory in use +# TYPE nginx_ingress_controller_nginx_process_virtual_memory_bytes gauge +# HELP nginx_ingress_controller_nginx_process_write_bytes_total number of bytes written +# TYPE nginx_ingress_controller_nginx_process_write_bytes_total counter +``` + +### Controller metrics +``` +# HELP nginx_ingress_controller_build_info A metric with a constant '1' labeled with information about the build. +# TYPE nginx_ingress_controller_build_info gauge +# HELP nginx_ingress_controller_check_success Cumulative number of Ingress controller syntax check operations +# TYPE nginx_ingress_controller_check_success counter +# HELP nginx_ingress_controller_config_hash Running configuration hash actually running +# TYPE nginx_ingress_controller_config_hash gauge +# HELP nginx_ingress_controller_config_last_reload_successful Whether the last configuration reload attempt was successful +# TYPE nginx_ingress_controller_config_last_reload_successful gauge +# HELP nginx_ingress_controller_config_last_reload_successful_timestamp_seconds Timestamp of the last successful configuration reload. +# TYPE nginx_ingress_controller_config_last_reload_successful_timestamp_seconds gauge +# HELP nginx_ingress_controller_ssl_certificate_info Hold all labels associated to a certificate +# TYPE nginx_ingress_controller_ssl_certificate_info gauge +# HELP nginx_ingress_controller_success Cumulative number of Ingress controller reload operations +# TYPE nginx_ingress_controller_success counter +``` + +### Admission metrics +``` +# HELP nginx_ingress_controller_admission_config_size The size of the tested configuration +# TYPE nginx_ingress_controller_admission_config_size gauge +# HELP nginx_ingress_controller_admission_render_duration The processing duration of ingresses rendering by the admission controller (float seconds) +# TYPE nginx_ingress_controller_admission_render_duration gauge +# HELP nginx_ingress_controller_admission_render_ingresses The length of ingresses rendered by the admission controller +# TYPE nginx_ingress_controller_admission_render_ingresses gauge +# HELP nginx_ingress_controller_admission_roundtrip_duration The complete duration of the admission controller at the time to process a new event (float seconds) +# TYPE nginx_ingress_controller_admission_roundtrip_duration gauge +# HELP nginx_ingress_controller_admission_tested_duration The processing duration of the admission controller tests (float seconds) +# TYPE nginx_ingress_controller_admission_tested_duration gauge +# HELP nginx_ingress_controller_admission_tested_ingresses The length of ingresses processed by the admission controller +# TYPE nginx_ingress_controller_admission_tested_ingresses gauge +``` + +### Histogram buckets + +You can configure buckets for histogram metrics using these command line options (here are their default values): +* `--time-buckets=[0.005, 0.01, 0.025, 0.05, 0.1, 0.25, 0.5, 1, 2.5, 5, 10]` +* `--length-buckets=[10, 20, 30, 40, 50, 60, 70, 80, 90, 100]` +* `--size-buckets=[10, 100, 1000, 10000, 100000, 1e+06, 1e+07]` diff --git a/internal/ingress/metric/collectors/socket.go b/internal/ingress/metric/collectors/socket.go index 3b87c0ad1..9c0376cd3 100644 --- a/internal/ingress/metric/collectors/socket.go +++ b/internal/ingress/metric/collectors/socket.go @@ -29,14 +29,6 @@ import ( "k8s.io/klog/v2" ) -type upstream struct { - Latency float64 `json:"upstreamLatency"` - HeaderTime float64 `json:"upstreamHeaderTime"` - ResponseLength float64 `json:"upstreamResponseLength"` - ResponseTime float64 `json:"upstreamResponseTime"` - //Status string `json:"upstreamStatus"` -} - type socketData struct { Host string `json:"host"` Status string `json:"status"` @@ -48,7 +40,11 @@ type socketData struct { RequestLength float64 `json:"requestLength"` RequestTime float64 `json:"requestTime"` - upstream + Latency float64 `json:"upstreamLatency"` + HeaderTime float64 `json:"upstreamHeaderTime"` + ResponseTime float64 `json:"upstreamResponseTime"` + //ResponseLength float64 `json:"upstreamResponseLength"` + //Status string `json:"upstreamStatus"` Namespace string `json:"namespace"` Ingress string `json:"ingress"` @@ -68,16 +64,15 @@ type HistogramBuckets struct { type SocketCollector struct { prometheus.Collector - requestTime *prometheus.HistogramVec - requestLength *prometheus.HistogramVec + upstreamLatency *prometheus.SummaryVec // TODO: DEPRECATED, remove + connectTime *prometheus.HistogramVec + headerTime *prometheus.HistogramVec + requestTime *prometheus.HistogramVec + responseTime *prometheus.HistogramVec - responseTime *prometheus.HistogramVec + requestLength *prometheus.HistogramVec responseLength *prometheus.HistogramVec - - upstreamHeaderTime *prometheus.SummaryVec - upstreamLatency *prometheus.SummaryVec - - bytesSent *prometheus.HistogramVec + bytesSent *prometheus.HistogramVec // TODO: DEPRECATED, remove requests *prometheus.CounterVec @@ -89,8 +84,6 @@ type SocketCollector struct { metricsPerHost bool reportStatusClasses bool - - buckets HistogramBuckets } var ( @@ -145,6 +138,26 @@ func NewSocketCollector(pod, namespace, class string, metricsPerHost, reportStat metricsPerHost: metricsPerHost, reportStatusClasses: reportStatusClasses, + connectTime: prometheus.NewHistogramVec( + prometheus.HistogramOpts{ + Name: "connect_duration_seconds", + Help: "The time spent on establishing a connection with the upstream server", + Namespace: PrometheusNamespace, + ConstLabels: constLabels, + Buckets: buckets.TimeBuckets, + }, + requestTags, + ), + headerTime: prometheus.NewHistogramVec( + prometheus.HistogramOpts{ + Name: "header_duration_seconds", + Help: "The time spent on receiving first header from the upstream server", + Namespace: PrometheusNamespace, + ConstLabels: constLabels, + Buckets: buckets.TimeBuckets, + }, + requestTags, + ), responseTime: prometheus.NewHistogramVec( prometheus.HistogramOpts{ Name: "response_duration_seconds", @@ -155,17 +168,6 @@ func NewSocketCollector(pod, namespace, class string, metricsPerHost, reportStat }, requestTags, ), - responseLength: prometheus.NewHistogramVec( - prometheus.HistogramOpts{ - Name: "response_size", - Help: "The response length (including request line, header, and request body)", - Namespace: PrometheusNamespace, - ConstLabels: constLabels, - Buckets: buckets.LengthBuckets, - }, - requestTags, - ), - requestTime: prometheus.NewHistogramVec( prometheus.HistogramOpts{ Name: "request_duration_seconds", @@ -176,6 +178,17 @@ func NewSocketCollector(pod, namespace, class string, metricsPerHost, reportStat }, requestTags, ), + + responseLength: prometheus.NewHistogramVec( + prometheus.HistogramOpts{ + Name: "response_size", + Help: "The response length (including request line, header, and request body)", + Namespace: PrometheusNamespace, + ConstLabels: constLabels, + Buckets: buckets.LengthBuckets, + }, + requestTags, + ), requestLength: prometheus.NewHistogramVec( prometheus.HistogramOpts{ Name: "request_size", @@ -190,7 +203,7 @@ func NewSocketCollector(pod, namespace, class string, metricsPerHost, reportStat requests: prometheus.NewCounterVec( prometheus.CounterOpts{ Name: "requests", - Help: "The total number of client requests.", + Help: "The total number of client requests", Namespace: PrometheusNamespace, ConstLabels: constLabels, }, @@ -200,7 +213,7 @@ func NewSocketCollector(pod, namespace, class string, metricsPerHost, reportStat bytesSent: prometheus.NewHistogramVec( prometheus.HistogramOpts{ Name: "bytes_sent", - Help: "The number of bytes sent to a client", + Help: "DEPRECATED The number of bytes sent to a client", Namespace: PrometheusNamespace, Buckets: buckets.SizeBuckets, ConstLabels: constLabels, @@ -208,21 +221,10 @@ func NewSocketCollector(pod, namespace, class string, metricsPerHost, reportStat requestTags, ), - upstreamHeaderTime: prometheus.NewSummaryVec( - prometheus.SummaryOpts{ - Name: "ingress_upstream_header_seconds", - Help: "The time spent on receiving first header from the upstream server", - Namespace: PrometheusNamespace, - ConstLabels: constLabels, - Objectives: defObjectives, - }, - []string{"ingress", "namespace", "service", "canary"}, - ), - upstreamLatency: prometheus.NewSummaryVec( prometheus.SummaryOpts{ Name: "ingress_upstream_latency_seconds", - Help: "Upstream service latency per Ingress", + Help: "DEPRECATED Upstream service latency per Ingress", Namespace: PrometheusNamespace, ConstLabels: constLabels, Objectives: defObjectives, @@ -232,16 +234,18 @@ func NewSocketCollector(pod, namespace, class string, metricsPerHost, reportStat } sc.metricMapping = map[string]interface{}{ - prometheus.BuildFQName(PrometheusNamespace, "", "requests"): sc.requests, - prometheus.BuildFQName(PrometheusNamespace, "", "request_duration_seconds"): sc.requestTime, - prometheus.BuildFQName(PrometheusNamespace, "", "request_size"): sc.requestLength, + prometheus.BuildFQName(PrometheusNamespace, "", "requests"): sc.requests, + prometheus.BuildFQName(PrometheusNamespace, "", "connect_duration_seconds"): sc.connectTime, + prometheus.BuildFQName(PrometheusNamespace, "", "header_duration_seconds"): sc.headerTime, prometheus.BuildFQName(PrometheusNamespace, "", "response_duration_seconds"): sc.responseTime, - prometheus.BuildFQName(PrometheusNamespace, "", "response_size"): sc.responseLength, + prometheus.BuildFQName(PrometheusNamespace, "", "request_duration_seconds"): sc.requestTime, + + prometheus.BuildFQName(PrometheusNamespace, "", "request_size"): sc.requestLength, + prometheus.BuildFQName(PrometheusNamespace, "", "response_size"): sc.responseLength, prometheus.BuildFQName(PrometheusNamespace, "", "bytes_sent"): sc.bytesSent, - prometheus.BuildFQName(PrometheusNamespace, "", "ingress_upstream_header_seconds"): sc.upstreamHeaderTime, prometheus.BuildFQName(PrometheusNamespace, "", "ingress_upstream_latency_seconds"): sc.upstreamLatency, } @@ -309,6 +313,13 @@ func (sc *SocketCollector) handleMessage(msg []byte) { } if stats.Latency != -1 { + connectTimeMetric, err := sc.connectTime.GetMetricWith(requestLabels) + if err != nil { + klog.ErrorS(err, "Error fetching connect time metric") + } else { + connectTimeMetric.Observe(stats.Latency) + } + latencyMetric, err := sc.upstreamLatency.GetMetricWith(latencyLabels) if err != nil { klog.ErrorS(err, "Error fetching latency metric") @@ -318,7 +329,7 @@ func (sc *SocketCollector) handleMessage(msg []byte) { } if stats.HeaderTime != -1 { - headerTimeMetric, err := sc.upstreamHeaderTime.GetMetricWith(latencyLabels) + headerTimeMetric, err := sc.headerTime.GetMetricWith(requestLabels) if err != nil { klog.ErrorS(err, "Error fetching header time metric") } else { @@ -460,32 +471,34 @@ func (sc *SocketCollector) RemoveMetrics(ingresses []string, registry prometheus // Describe implements prometheus.Collector func (sc SocketCollector) Describe(ch chan<- *prometheus.Desc) { + sc.connectTime.Describe(ch) + sc.headerTime.Describe(ch) + sc.responseTime.Describe(ch) sc.requestTime.Describe(ch) + sc.requestLength.Describe(ch) + sc.responseLength.Describe(ch) sc.requests.Describe(ch) sc.upstreamLatency.Describe(ch) - sc.upstreamHeaderTime.Describe(ch) - - sc.responseTime.Describe(ch) - sc.responseLength.Describe(ch) sc.bytesSent.Describe(ch) } // Collect implements the prometheus.Collector interface. func (sc SocketCollector) Collect(ch chan<- prometheus.Metric) { + sc.connectTime.Collect(ch) + sc.headerTime.Collect(ch) + sc.responseTime.Collect(ch) sc.requestTime.Collect(ch) + sc.requestLength.Collect(ch) + sc.responseLength.Collect(ch) sc.requests.Collect(ch) sc.upstreamLatency.Collect(ch) - sc.upstreamHeaderTime.Collect(ch) - - sc.responseTime.Collect(ch) - sc.responseLength.Collect(ch) sc.bytesSent.Collect(ch) } diff --git a/internal/ingress/metric/collectors/socket_test.go b/internal/ingress/metric/collectors/socket_test.go index 11af7c06d..f175828cc 100644 --- a/internal/ingress/metric/collectors/socket_test.go +++ b/internal/ingress/metric/collectors/socket_test.go @@ -98,6 +98,8 @@ func TestCollector(t *testing.T) { "path":"/admin", "requestLength":300.0, "requestTime":60.0, + "upstreamLatency":1.0, + "upstreamHeaderTime":5.0, "upstreamName":"test-upstream", "upstreamIP":"1.1.1.1:8080", "upstreamResponseTime":200, @@ -122,6 +124,8 @@ func TestCollector(t *testing.T) { "path":"/admin", "requestLength":300.0, "requestTime":60.0, + "upstreamLatency":1.0, + "upstreamHeaderTime":5.0, "upstreamName":"test-upstream", "upstreamIP":"1.1.1.1:8080", "upstreamResponseTime":200, @@ -131,24 +135,60 @@ func TestCollector(t *testing.T) { "service":"test-app", "canary":"" }]`}, - metrics: []string{"nginx_ingress_controller_response_duration_seconds"}, + metrics: []string{ + "nginx_ingress_controller_connect_duration_seconds", + "nginx_ingress_controller_header_duration_seconds", + "nginx_ingress_controller_response_duration_seconds", + }, wantBefore: ` - # HELP nginx_ingress_controller_response_duration_seconds The time spent on receiving the response from the upstream server - # TYPE nginx_ingress_controller_response_duration_seconds histogram - nginx_ingress_controller_response_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200",le="0.005"} 0 - nginx_ingress_controller_response_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200",le="0.01"} 0 - nginx_ingress_controller_response_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200",le="0.025"} 0 - nginx_ingress_controller_response_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200",le="0.05"} 0 - nginx_ingress_controller_response_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200",le="0.1"} 0 - nginx_ingress_controller_response_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200",le="0.25"} 0 - nginx_ingress_controller_response_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200",le="0.5"} 0 - nginx_ingress_controller_response_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200",le="1"} 0 - nginx_ingress_controller_response_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200",le="2.5"} 0 - nginx_ingress_controller_response_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200",le="5"} 0 - nginx_ingress_controller_response_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200",le="10"} 0 - nginx_ingress_controller_response_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200",le="+Inf"} 1 - nginx_ingress_controller_response_duration_seconds_sum{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200"} 200 - nginx_ingress_controller_response_duration_seconds_count{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200"} 1 + # HELP nginx_ingress_controller_connect_duration_seconds The time spent on establishing a connection with the upstream server + # TYPE nginx_ingress_controller_connect_duration_seconds histogram + nginx_ingress_controller_connect_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200",le="0.005"} 0 + nginx_ingress_controller_connect_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200",le="0.01"} 0 + nginx_ingress_controller_connect_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200",le="0.025"} 0 + nginx_ingress_controller_connect_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200",le="0.05"} 0 + nginx_ingress_controller_connect_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200",le="0.1"} 0 + nginx_ingress_controller_connect_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200",le="0.25"} 0 + nginx_ingress_controller_connect_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200",le="0.5"} 0 + nginx_ingress_controller_connect_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200",le="1"} 1 + nginx_ingress_controller_connect_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200",le="2.5"} 1 + nginx_ingress_controller_connect_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200",le="5"} 1 + nginx_ingress_controller_connect_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200",le="10"} 1 + nginx_ingress_controller_connect_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200",le="+Inf"} 1 + nginx_ingress_controller_connect_duration_seconds_sum{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200"} 1 + nginx_ingress_controller_connect_duration_seconds_count{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200"} 1 + # HELP nginx_ingress_controller_header_duration_seconds The time spent on receiving first header from the upstream server + # TYPE nginx_ingress_controller_header_duration_seconds histogram + nginx_ingress_controller_header_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200",le="0.005"} 0 + nginx_ingress_controller_header_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200",le="0.01"} 0 + nginx_ingress_controller_header_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200",le="0.025"} 0 + nginx_ingress_controller_header_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200",le="0.05"} 0 + nginx_ingress_controller_header_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200",le="0.1"} 0 + nginx_ingress_controller_header_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200",le="0.25"} 0 + nginx_ingress_controller_header_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200",le="0.5"} 0 + nginx_ingress_controller_header_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200",le="1"} 0 + nginx_ingress_controller_header_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200",le="2.5"} 0 + nginx_ingress_controller_header_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200",le="5"} 1 + nginx_ingress_controller_header_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200",le="10"} 1 + nginx_ingress_controller_header_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200",le="+Inf"} 1 + nginx_ingress_controller_header_duration_seconds_sum{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200"} 5 + nginx_ingress_controller_header_duration_seconds_count{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200"} 1 + # HELP nginx_ingress_controller_response_duration_seconds The time spent on receiving the response from the upstream server + # TYPE nginx_ingress_controller_response_duration_seconds histogram + nginx_ingress_controller_response_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200",le="0.005"} 0 + nginx_ingress_controller_response_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200",le="0.01"} 0 + nginx_ingress_controller_response_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200",le="0.025"} 0 + nginx_ingress_controller_response_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200",le="0.05"} 0 + nginx_ingress_controller_response_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200",le="0.1"} 0 + nginx_ingress_controller_response_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200",le="0.25"} 0 + nginx_ingress_controller_response_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200",le="0.5"} 0 + nginx_ingress_controller_response_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200",le="1"} 0 + nginx_ingress_controller_response_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200",le="2.5"} 0 + nginx_ingress_controller_response_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200",le="5"} 0 + nginx_ingress_controller_response_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200",le="10"} 0 + nginx_ingress_controller_response_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200",le="+Inf"} 1 + nginx_ingress_controller_response_duration_seconds_sum{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200"} 200 + nginx_ingress_controller_response_duration_seconds_count{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200"} 1 `, removeIngresses: []string{"test-app-production/web-yml"}, wantAfter: ` @@ -164,6 +204,8 @@ func TestCollector(t *testing.T) { "path":"/admin", "requestLength":300.0, "requestTime":60.0, + "upstreamLatency":1.0, + "upstreamHeaderTime":5.0, "upstreamName":"test-upstream", "upstreamIP":"1.1.1.1:8080", "upstreamResponseTime":200, @@ -175,7 +217,7 @@ func TestCollector(t *testing.T) { }]`}, metrics: []string{"nginx_ingress_controller_requests"}, wantBefore: ` - # HELP nginx_ingress_controller_requests The total number of client requests. + # HELP nginx_ingress_controller_requests The total number of client requests # TYPE nginx_ingress_controller_requests counter nginx_ingress_controller_requests{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="200"} 1 `, @@ -193,6 +235,8 @@ func TestCollector(t *testing.T) { "path":"/admin", "requestLength":300.0, "requestTime":60.0, + "upstreamLatency":1.0, + "upstreamHeaderTime":5.0, "upstreamName":"test-upstream", "upstreamIP":"1.1.1.1:8080", "upstreamResponseTime":200, @@ -236,6 +280,8 @@ func TestCollector(t *testing.T) { "path":"/admin", "requestLength":300.0, "requestTime":60.0, + "upstreamLatency":1.0, + "upstreamHeaderTime":5.0, "upstreamName":"test-upstream", "upstreamIP":"1.1.1.1:8080", "upstreamResponseTime":200, @@ -252,6 +298,8 @@ func TestCollector(t *testing.T) { "path":"/admin", "requestLength":300.0, "requestTime":60.0, + "upstreamLatency":1.0, + "upstreamHeaderTime":5.0, "upstreamName":"test-upstream", "upstreamIP":"1.1.1.1:8080", "upstreamResponseTime":200, @@ -268,6 +316,8 @@ func TestCollector(t *testing.T) { "path":"/admin", "requestLength":300.0, "requestTime":60.0, + "upstreamLatency":1.0, + "upstreamHeaderTime":5.0, "upstreamName":"test-upstream", "upstreamIP":"1.1.1.1:8080", "upstreamResponseTime":200, @@ -308,7 +358,7 @@ func TestCollector(t *testing.T) { nginx_ingress_controller_response_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml-qa",method="GET",namespace="test-app-qa",path="/admin",service="test-app-qa",status="200",le="10"} 0 nginx_ingress_controller_response_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml-qa",method="GET",namespace="test-app-qa",path="/admin",service="test-app-qa",status="200",le="+Inf"} 2 nginx_ingress_controller_response_duration_seconds_sum{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml-qa",method="GET",namespace="test-app-qa",path="/admin",service="test-app-qa",status="200"} 400 - nginx_ingress_controller_response_duration_seconds_count{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml-qa",method="GET",namespace="test-app-qa",path="/admin",service="test-app-qa",status="200"} 2 + nginx_ingress_controller_response_duration_seconds_count{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml-qa",method="GET",namespace="test-app-qa",path="/admin",service="test-app-qa",status="200"} 2 `, }, @@ -323,6 +373,8 @@ func TestCollector(t *testing.T) { "path":"/admin", "requestLength":300.0, "requestTime":60.0, + "upstreamLatency":1.0, + "upstreamHeaderTime":5.0, "upstreamName":"test-upstream", "upstreamIP":"1.1.1.1:8080", "upstreamResponseTime":200, @@ -340,6 +392,8 @@ func TestCollector(t *testing.T) { "path":"/admin", "requestLength":300.0, "requestTime":60.0, + "upstreamLatency":1.0, + "upstreamHeaderTime":5.0, "upstreamName":"test-upstream", "upstreamIP":"1.1.1.1:8080", "upstreamResponseTime":100, @@ -382,6 +436,8 @@ func TestCollector(t *testing.T) { "path":"/admin", "requestLength":300.0, "requestTime":60.0, + "upstreamLatency":1.0, + "upstreamHeaderTime":5.0, "upstreamName":"test-upstream", "upstreamIP":"1.1.1.1:8080", "upstreamResponseTime":200, From dacb8da0588f687b9d16a1779f90c6adc6f40e83 Mon Sep 17 00:00:00 2001 From: Matt Lauber Date: Fri, 30 Sep 2022 11:06:29 -0400 Subject: [PATCH 081/166] Fix yaml formatting error with multiple annotations (#9104) When using multiple values for the `serviceAccount.annotations` values, the first line ends up indented 2 further than the following lines, resulting in a invalid yaml --- charts/ingress-nginx/templates/controller-serviceaccount.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/ingress-nginx/templates/controller-serviceaccount.yaml b/charts/ingress-nginx/templates/controller-serviceaccount.yaml index 824b2a124..e31819f7c 100644 --- a/charts/ingress-nginx/templates/controller-serviceaccount.yaml +++ b/charts/ingress-nginx/templates/controller-serviceaccount.yaml @@ -12,7 +12,7 @@ metadata: namespace: {{ .Release.Namespace }} {{- if .Values.serviceAccount.annotations }} annotations: - {{ toYaml .Values.serviceAccount.annotations | indent 4 }} + {{- toYaml .Values.serviceAccount.annotations | indent 4 }} {{- end }} automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} {{- end }} From 8d7286c77ecc97284388020aabac6956cdf4b75a Mon Sep 17 00:00:00 2001 From: James Strong Date: Fri, 30 Sep 2022 11:57:36 -0400 Subject: [PATCH 082/166] tag 1.4.0 to start release Signed-off-by: James Strong --- TAG | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/TAG b/TAG index 757407982..0d0c52f84 100644 --- a/TAG +++ b/TAG @@ -1 +1 @@ -v1.3.1 +v1.4.0 From 3dd08bf2ee5fe658347101957507b0ba48aa34d5 Mon Sep 17 00:00:00 2001 From: James Strong Date: Fri, 30 Sep 2022 12:58:12 -0400 Subject: [PATCH 083/166] remove vcs build and resolve git issues Signed-off-by: James Strong --- TAG | 2 +- build/build.sh | 25 ++++++++++++------------- 2 files changed, 13 insertions(+), 14 deletions(-) diff --git a/TAG b/TAG index 0d0c52f84..757407982 100644 --- a/TAG +++ b/TAG @@ -1 +1 @@ -v1.4.0 +v1.3.1 diff --git a/build/build.sh b/build/build.sh index 42bec820b..f2f1ec2eb 100755 --- a/build/build.sh +++ b/build/build.sh @@ -49,31 +49,30 @@ echo "Building targets for ${ARCH}, generated targets in ${TARGETS_DIR} director echo "Building ${PKG}/cmd/nginx" -pushd /go/src/k8s.io/ingress-nginx -git config --add safe.directory /go/src/k8s.io/ingress-nginx -popd - ${GO_BUILD_CMD} \ -trimpath -ldflags="-buildid= -w -s \ - -X ${PKG}/version.RELEASE=${TAG} \ - -X ${PKG}/version.COMMIT=${COMMIT_SHA} \ - -X ${PKG}/version.REPO=${REPO_INFO}" \ + -X ${PKG}/version.RELEASE=${TAG} \ + -X ${PKG}/version.COMMIT=${COMMIT_SHA} \ + -X ${PKG}/version.REPO=${REPO_INFO}" \ + -buildvcs=false \ -o "${TARGETS_DIR}/nginx-ingress-controller" "${PKG}/cmd/nginx" echo "Building ${PKG}/cmd/dbg" ${GO_BUILD_CMD} \ -trimpath -ldflags="-buildid= -w -s \ - -X ${PKG}/version.RELEASE=${TAG} \ - -X ${PKG}/version.COMMIT=${COMMIT_SHA} \ - -X ${PKG}/version.REPO=${REPO_INFO}" \ + -X ${PKG}/version.RELEASE=${TAG} \ + -X ${PKG}/version.COMMIT=${COMMIT_SHA} \ + -X ${PKG}/version.REPO=${REPO_INFO}" \ + -buildvcs=false \ -o "${TARGETS_DIR}/dbg" "${PKG}/cmd/dbg" echo "Building ${PKG}/cmd/waitshutdown" ${GO_BUILD_CMD} \ -trimpath -ldflags="-buildid= -w -s \ - -X ${PKG}/version.RELEASE=${TAG} \ - -X ${PKG}/version.COMMIT=${COMMIT_SHA} \ - -X ${PKG}/version.REPO=${REPO_INFO}" \ + -X ${PKG}/version.RELEASE=${TAG} \ + -X ${PKG}/version.COMMIT=${COMMIT_SHA} \ + -X ${PKG}/version.REPO=${REPO_INFO}" \ + -buildvcs=false \ -o "${TARGETS_DIR}/wait-shutdown" "${PKG}/cmd/waitshutdown" From 4c24fa29f65e4cd94ac1fe3f3d0bc245db8d84a7 Mon Sep 17 00:00:00 2001 From: James Strong Date: Fri, 30 Sep 2022 13:14:54 -0400 Subject: [PATCH 084/166] update tag to start build Signed-off-by: James Strong --- TAG | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/TAG b/TAG index 757407982..0d0c52f84 100644 --- a/TAG +++ b/TAG @@ -1 +1 @@ -v1.3.1 +v1.4.0 From 5fb3b974afb1cf12fd6e67c6db4c23499087d270 Mon Sep 17 00:00:00 2001 From: Long Wu Yuan Date: Sat, 1 Oct 2022 22:14:13 +0530 Subject: [PATCH 085/166] fixed broken helm version comparision (#9113) --- build/dev-env.sh | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/build/dev-env.sh b/build/dev-env.sh index 68b683350..ae6860726 100755 --- a/build/dev-env.sh +++ b/build/dev-env.sh @@ -45,9 +45,10 @@ if ! command -v helm &> /dev/null; then exit 1 fi -HELM_VERSION=$(helm version 2>&1 | grep -oE 'v[0-9]+\.[0-9]+\.[0-9]+') || true -if [[ ${HELM_VERSION} < "v3.9.0" ]]; then - echo "Please upgrade helm to v3.9.0 or higher" +HELM_VERSION=$(helm version 2>&1 | cut -f1 -d"," | grep -oE '[0-9]+\.[0-9]+\.[0-9]+') || true +echo $HELM_VERSION +if [[ ${HELM_VERSION} -lt 3.10.0 ]]; then + echo "Please upgrade helm to v3.10.0 or higher" exit 1 fi From c4a50ebaa64b975660e25e74faeaee5957f9ec5e Mon Sep 17 00:00:00 2001 From: James Strong Date: Sun, 2 Oct 2022 18:40:46 -0400 Subject: [PATCH 086/166] update for 1.4.0 release Signed-off-by: James Strong --- .github/workflows/ci.yaml | 2 +- Changelog.md | 111 +++++++++++++++++- README.md | 10 +- charts/ingress-nginx/CHANGELOG.md | 8 ++ charts/ingress-nginx/Chart.yaml | 10 +- charts/ingress-nginx/README.md | 8 +- charts/ingress-nginx/values.yaml | 6 +- deploy/static/provider/aws/deploy.yaml | 62 ++++++---- .../aws/nlb-with-tls-termination/deploy.yaml | 62 ++++++---- deploy/static/provider/baremetal/deploy.yaml | 62 ++++++---- deploy/static/provider/cloud/deploy.yaml | 62 ++++++---- deploy/static/provider/do/deploy.yaml | 62 ++++++---- deploy/static/provider/exoscale/deploy.yaml | 62 ++++++---- deploy/static/provider/kind/deploy.yaml | 62 ++++++---- deploy/static/provider/scw/deploy.yaml | 62 ++++++---- docs/deploy/index.md | 20 ++-- 16 files changed, 458 insertions(+), 213 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 46e44817c..07948ef78 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -130,7 +130,7 @@ jobs: strategy: matrix: - k8s: [v1.23.12, v1.24.6, v1.25.2] + k8s: [v1.22.15, v1.23.12, v1.24.6, v1.25.2] steps: diff --git a/Changelog.md b/Changelog.md index bcbcfee04..4fda4aee4 100644 --- a/Changelog.md +++ b/Changelog.md @@ -1,11 +1,114 @@ # Changelog + +### 1.4.0 + +### Community Updates + +We will discuss the results of our Community Survey, progress on the stabilization project, and ideas going +forward with the project at +[Kubecon NA 2022 in Detroit](https://events.linuxfoundation.org/kubecon-cloudnativecon-north-america/). Come join us +and let us hear what you'd like to see in the future for ingress-nginx. + +https://kccncna2022.sched.com/event/18lgl?iframe=no + +[**Kubernetes Registry change notice**](https://twitter.com/BenTheElder/status/1575898507235323904) +The [@kubernetesio](https://twitter.com/kubernetesio) container image host http://k8s.gcr.io is +*actually* getting redirected to the community controlled http://registry.k8s.io starting with a small portion of +traffic on October 3rd. + +If you notice any issues, *please* ping [Ben Elder](https://twitter.com/BenTheElder), +[@thockin](https://twitter.com/thockin), [@ameukam](https://twitter.com/ameukam),or report issues in slack to +[sig-k8s-infra slack channel](https://kubernetes.slack.com/archives/CCK68P2Q2). + +### What's Changed + +* 1.4.0 updates ingress-nginx to use Endpointslices instead of Endpoints. Thank you, @tombokombo, for your work in +[8890](https://github.com/kubernetes/ingress-nginx/pull/8890) +* Update to Prometheus metric names, more information [available here]( https://github.com/kubernetes/ingress-nginx/pull/8728 +) +* Deprecated Kubernetes versions 1.20-1.21, Added support for, 1.25, currently supported versions v1.23, v1.24, v1.25 + +ADDED +* `_request_duration_seconds` Histogram +* `_connect_duration_seconds` Histogram +* `_header_duration_seconds` Histogram +* `_response_duration_seconds` Histogram + +Updated +* `_response_size` Histogram +* `_request_size` Histogram +* `_requests` Counter + +DEPRECATED +* `_bytes_sent` Histogram +* _ingress_upstream_latency_seconds` Summary + +REMOVED +* `ingress_upstream_header_seconds` Summary + +Also upgraded to golang 1.19.1 + + + +Images: + +* registry.k8s.io/ingress-nginx/controller:v1.4.0@sha256:34ee929b111ffc7aa426ffd409af44da48e5a0eea1eb2207994d9e0c0882d143 +* registry.k8s.io/ingress-nginx/controller-chroot:v1.4.0@sha256:b67e889f1db8692de7e41d4d9aef8de56645bf048261f31fa7f8bfc6ea2222a0 + + +### All Changes: + +* [9104](https://github.com/kubernetes/ingress-nginx/pull/9104) Fix yaml formatting error with multiple annotations +* [9090](https://github.com/kubernetes/ingress-nginx/pull/9090) fix chroot module mount path +* [9088](https://github.com/kubernetes/ingress-nginx/pull/9088) Add annotation for setting sticky cookie domain +* [9086](https://github.com/kubernetes/ingress-nginx/pull/9086) Update Version ModSecurity and Coreruleset +* [9081](https://github.com/kubernetes/ingress-nginx/pull/9081) plugin - endpoints to slices +* [9078](https://github.com/kubernetes/ingress-nginx/pull/9078) expand CI testing for all stable versions of Kubernetes +* [9074](https://github.com/kubernetes/ingress-nginx/pull/9074) fix: do not apply job-patch psp on Kubernetes 1.25 and newer +* [9072](https://github.com/kubernetes/ingress-nginx/pull/9072) Added a Link to the New Contributors Tips +* [9069](https://github.com/kubernetes/ingress-nginx/pull/9069) Add missing space to error message +* [9059](https://github.com/kubernetes/ingress-nginx/pull/9059) kubewebhookcertgen sha change after go1191 +* [9058](https://github.com/kubernetes/ingress-nginx/pull/9058) updated testrunner image sha after bump to go1191 +* [9046](https://github.com/kubernetes/ingress-nginx/pull/9046) Parameterize metrics port name +* [9036](https://github.com/kubernetes/ingress-nginx/pull/9036) update OpenTelemetry image +* [9035](https://github.com/kubernetes/ingress-nginx/pull/9035) Added instructions for Rancher Desktop +* [9028](https://github.com/kubernetes/ingress-nginx/pull/9028) fix otel init_module +* [9023](https://github.com/kubernetes/ingress-nginx/pull/9023) updates for fixing 1.3.1 release +* [9018](https://github.com/kubernetes/ingress-nginx/pull/9018) Add v1.25 test and reduce amount of e2e tests +* [9017](https://github.com/kubernetes/ingress-nginx/pull/9017) fix LD_LIBRARY_PATH for opentelemetry + +### Dependencies updates: + +* [9085](https://github.com/kubernetes/ingress-nginx/pull/9085) Bump actions/dependency-review-action from 2.1.0 to 2.4.0 +* [9084](https://github.com/kubernetes/ingress-nginx/pull/9084) Bump actions/checkout from 1 to 3 +* [9083](https://github.com/kubernetes/ingress-nginx/pull/9083) Bump github/codeql-action from 2.1.24 to 2.1.25 +* [9089](https://github.com/kubernetes/ingress-nginx/pull/9089) Bump k8s.io/component-base from 0.25.1 to 0.25.2 +* [9066](https://github.com/kubernetes/ingress-nginx/pull/9066) Bump github/codeql-action from 2.1.23 to 2.1.24 +* [9065](https://github.com/kubernetes/ingress-nginx/pull/9065) Bump k8s.io/component-base from 0.25.0 to 0.25.1 +* [9064](https://github.com/kubernetes/ingress-nginx/pull/9064) Bump github.com/onsi/ginkgo/v2 from 2.1.6 to 2.2.0 +* [9057](https://github.com/kubernetes/ingress-nginx/pull/9057) bump go to v1.19.1 +* [9053](https://github.com/kubernetes/ingress-nginx/pull/9053) Bump ossf/scorecard-action from 2.0.2 to 2.0.3 +* [9052](https://github.com/kubernetes/ingress-nginx/pull/9052) Bump github/codeql-action from 2.1.22 to 2.1.23 +* [9045](https://github.com/kubernetes/ingress-nginx/pull/9045) Bump actions/upload-artifact from 3.0.0 to 3.1.0 +* [9044](https://github.com/kubernetes/ingress-nginx/pull/9044) Bump ossf/scorecard-action from 1.1.2 to 2.0.2 +* [9043](https://github.com/kubernetes/ingress-nginx/pull/9043) Bump k8s.io/klog/v2 from 2.80.0 to 2.80.1 +* [9022](https://github.com/kubernetes/ingress-nginx/pull/9022) Bump github.com/onsi/ginkgo/v2 from 2.1.4 to 2.1.6 +* [9021](https://github.com/kubernetes/ingress-nginx/pull/9021) Bump k8s.io/klog/v2 from 2.70.1 to 2.80.0 + +## New Contributors +* @gunamata made their first contribution in https://github.com/kubernetes/ingress-nginx/pull/9035 +* @afro-coder made their first contribution in https://github.com/kubernetes/ingress-nginx/pull/8924 +* @wilmardo made their first contribution in https://github.com/kubernetes/ingress-nginx/pull/9074 +* @nicolasjulian made their first contribution in https://github.com/kubernetes/ingress-nginx/pull/9086 +* @mtneug made their first contribution in https://github.com/kubernetes/ingress-nginx/pull/9088 +* @knbnnate made their first contribution in https://github.com/kubernetes/ingress-nginx/pull/8692 +* @mklauber made their first contribution in https://github.com/kubernetes/ingress-nginx/pull/9104 + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-v1.3.1...controller-v1.4.0 + ### 1.3.1 -Please fill out our 2022 Ingress-Nginx User Survey and let us know what you want to see in future releases. - -https://www.surveymonkey.com/r/ingressngx2022 - In v1.3.1 leader elections will be done entirely using the Lease API and no longer using configmaps. v1.3.0 is a safe transition version, using v1.3.0 can automatically complete the merging of election locks, and then you can safely upgrade to v1.3.1. diff --git a/README.md b/README.md index fce3fbb84..4cf990559 100644 --- a/README.md +++ b/README.md @@ -5,11 +5,14 @@ [![GitHub license](https://img.shields.io/github/license/kubernetes/ingress-nginx.svg)](https://github.com/kubernetes/ingress-nginx/blob/main/LICENSE) [![GitHub stars](https://img.shields.io/github/stars/kubernetes/ingress-nginx.svg)](https://github.com/kubernetes/ingress-nginx/stargazers) [![GitHub stars](https://img.shields.io/badge/contributions-welcome-orange.svg)](https://github.com/kubernetes/ingress-nginx/blob/main/CONTRIBUTING.md) -[![FOSSA Status](https://app.fossa.io/api/projects/git%2Bgithub.com%2Fkubernetes%2Fingress-nginx.svg?type=shield)](https://app.fossa.io/projects/git%2Bgithub.com%2Fkubernetes%2Fingress-nginx?ref=badge_shield) -Please fill out our 2022 Ingress-Nginx User Survey and let us know what you want to see in future releases. +### Community Update -https://www.surveymonkey.com/r/ingressngx2022 +We will discuss the results of our Community Survey, progress on the stabilization project, and ideas going +forward with the project at [Kubecon NA 2022 in Detroit](https://events.linuxfoundation.org/kubecon-cloudnativecon-north-america/). Come join us and let us hear what you'd like to see in the +future for ingress-nginx. + +https://kccncna2022.sched.com/event/18lgl?iframe=no ## Overview @@ -35,6 +38,7 @@ For detailed changes on the `ingress-nginx` helm chart, please check the followi | Ingress-NGINX version | k8s supported version | Alpine Version | Nginx Version | |-----------------------|------------------------------|----------------|---------------| +| v1.4.0 | 1.25, 1.24, 1.23 | 3.16.2 | 1.19.10† | | v1.3.1 | 1.24, 1.23, 1.22, 1.21, 1.20 | 3.16.2 | 1.19.10† | | v1.3.0 | 1.24, 1.23, 1.22, 1.21, 1.20 | 3.16.0 | 1.19.10† | | v1.2.1 | 1.23, 1.22, 1.21, 1.20, 1.19 | 3.14.6 | 1.19.10† | diff --git a/charts/ingress-nginx/CHANGELOG.md b/charts/ingress-nginx/CHANGELOG.md index 27a52e83a..3c3404ffd 100644 --- a/charts/ingress-nginx/CHANGELOG.md +++ b/charts/ingress-nginx/CHANGELOG.md @@ -2,6 +2,14 @@ This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). +### 4.3.0 +- Support for Kubernetes v.1.25.0 was added and support for endpoint slices +- Support for Kubernetes v1.20.0 was removed +- [8890](https://github.com/kubernetes/ingress-nginx/pull/8890) migrate to endpointslices +- [9059](https://github.com/kubernetes/ingress-nginx/pull/9059) kubewebhookcertgen sha change after go1191 +- [9046](https://github.com/kubernetes/ingress-nginx/pull/9046) Parameterize metrics port name +- [9104](https://github.com/kubernetes/ingress-nginx/pull/9104) Fix yaml formatting error with multiple annotations + ### 4.2.1 - The sha of kube-webhook-certgen image & the opentelemetry image, in values file, was changed to new images built on alpine-v3.16.1 diff --git a/charts/ingress-nginx/Chart.yaml b/charts/ingress-nginx/Chart.yaml index 08dcdb6ed..9cf62ecf9 100644 --- a/charts/ingress-nginx/Chart.yaml +++ b/charts/ingress-nginx/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: ingress-nginx # When the version is modified, make sure the artifacthub.io/changes list is updated # Also update CHANGELOG.md -version: 4.2.5 -appVersion: 1.3.1 +version: 4.3.0 +appVersion: 1.4.0 home: https://github.com/kubernetes/ingress-nginx description: Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer icon: https://upload.wikimedia.org/wikipedia/commons/thumb/c/c5/Nginx_logo.svg/500px-Nginx_logo.svg.png @@ -25,5 +25,7 @@ annotations: # List of changes for the release in artifacthub.io # https://artifacthub.io/packages/helm/ingress-nginx/ingress-nginx?modal=changelog artifacthub.io/changes: | - - "[8896](https://github.com/kubernetes/ingress-nginx/pull/8896) updated to new images built today" - - "fix permissions about configmap" + - "[8890](https://github.com/kubernetes/ingress-nginx/pull/8890) migrate to endpointslices" + - "[9059](https://github.com/kubernetes/ingress-nginx/pull/9059) kubewebhookcertgen sha change after go1191" + - "[9046](https://github.com/kubernetes/ingress-nginx/pull/9046) Parameterize metrics port name" + - "[9104](https://github.com/kubernetes/ingress-nginx/pull/9104) Fix yaml formatting error with multiple annotations" diff --git a/charts/ingress-nginx/README.md b/charts/ingress-nginx/README.md index c9ee6e447..36490474a 100644 --- a/charts/ingress-nginx/README.md +++ b/charts/ingress-nginx/README.md @@ -2,7 +2,7 @@ [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer -![Version: 4.2.5](https://img.shields.io/badge/Version-4.2.5-informational?style=flat-square) ![AppVersion: 1.3.1](https://img.shields.io/badge/AppVersion-1.3.1-informational?style=flat-square) +![Version: 4.3.0](https://img.shields.io/badge/Version-4.3.0-informational?style=flat-square) ![AppVersion: 1.4.0](https://img.shields.io/badge/AppVersion-1.4.0-informational?style=flat-square) To use, add `ingressClassName: nginx` spec field or the `kubernetes.io/ingress.class: nginx` annotation to your Ingress resources. @@ -310,13 +310,13 @@ Kubernetes: `>=1.20.0-0` | controller.hostname | object | `{}` | Optionally customize the pod hostname. | | controller.image.allowPrivilegeEscalation | bool | `true` | | | controller.image.chroot | bool | `false` | | -| controller.image.digest | string | `"sha256:54f7fe2c6c5a9db9a0ebf1131797109bb7a4d91f56b9b362bde2abd237dd1974"` | | -| controller.image.digestChroot | string | `"sha256:a8466b19c621bd550b1645e27a004a5cc85009c858a9ab19490216735ac432b1"` | | +| controller.image.digest | string | `"sha256:34ee929b111ffc7aa426ffd409af44da48e5a0eea1eb2207994d9e0c0882d143"` | | +| controller.image.digestChroot | string | `"sha256:b67e889f1db8692de7e41d4d9aef8de56645bf048261f31fa7f8bfc6ea2222a0"` | | | controller.image.image | string | `"ingress-nginx/controller"` | | | controller.image.pullPolicy | string | `"IfNotPresent"` | | | controller.image.registry | string | `"registry.k8s.io"` | | | controller.image.runAsUser | int | `101` | | -| controller.image.tag | string | `"v1.3.1"` | | +| controller.image.tag | string | `"v1.4.0"` | | | controller.ingressClass | string | `"nginx"` | For backwards compatibility with ingress.class annotation, use ingressClass. Algorithm is as follows, first ingressClassName is considered, if not present, controller looks for ingress.class annotation | | controller.ingressClassByName | bool | `false` | Process IngressClass per name (additionally as per spec.controller). | | controller.ingressClassResource.controllerValue | string | `"k8s.io/ingress-nginx"` | Controller-value of the controller that is processing this ingressClass | diff --git a/charts/ingress-nginx/values.yaml b/charts/ingress-nginx/values.yaml index 76d03fd72..a5f6dc776 100644 --- a/charts/ingress-nginx/values.yaml +++ b/charts/ingress-nginx/values.yaml @@ -23,9 +23,9 @@ controller: ## for backwards compatibility consider setting the full image url via the repository value below ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail ## repository: - tag: "v1.3.1" - digest: sha256:54f7fe2c6c5a9db9a0ebf1131797109bb7a4d91f56b9b362bde2abd237dd1974 - digestChroot: sha256:a8466b19c621bd550b1645e27a004a5cc85009c858a9ab19490216735ac432b1 + tag: "v1.4.0" + digest: sha256:34ee929b111ffc7aa426ffd409af44da48e5a0eea1eb2207994d9e0c0882d143 + digestChroot: sha256:b67e889f1db8692de7e41d4d9aef8de56645bf048261f31fa7f8bfc6ea2222a0 pullPolicy: IfNotPresent # www-data -> uid 101 runAsUser: 101 diff --git a/deploy/static/provider/aws/deploy.yaml b/deploy/static/provider/aws/deploy.yaml index cca1474d2..5c656bfae 100644 --- a/deploy/static/provider/aws/deploy.yaml +++ b/deploy/static/provider/aws/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -127,6 +127,14 @@ rules: verbs: - create - patch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - list + - watch + - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role @@ -136,7 +144,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -155,7 +163,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx rules: - apiGroups: @@ -220,6 +228,14 @@ rules: - get - list - watch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - list + - watch + - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -229,7 +245,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission rules: - apiGroups: @@ -248,7 +264,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -268,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -287,7 +303,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -306,7 +322,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -327,7 +343,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -343,7 +359,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -376,7 +392,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -399,7 +415,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -439,7 +455,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.3.1@sha256:54f7fe2c6c5a9db9a0ebf1131797109bb7a4d91f56b9b362bde2abd237dd1974 + image: registry.k8s.io/ingress-nginx/controller:v1.4.0@sha256:34ee929b111ffc7aa426ffd409af44da48e5a0eea1eb2207994d9e0c0882d143 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -511,7 +527,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -522,7 +538,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission-create spec: containers: @@ -536,7 +552,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f imagePullPolicy: IfNotPresent name: create securityContext: @@ -558,7 +574,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -569,7 +585,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission-patch spec: containers: @@ -585,7 +601,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f imagePullPolicy: IfNotPresent name: patch securityContext: @@ -607,7 +623,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -620,7 +636,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml b/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml index 20f2c665a..91886150d 100644 --- a/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml +++ b/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -127,6 +127,14 @@ rules: verbs: - create - patch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - list + - watch + - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role @@ -136,7 +144,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -155,7 +163,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx rules: - apiGroups: @@ -220,6 +228,14 @@ rules: - get - list - watch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - list + - watch + - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -229,7 +245,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission rules: - apiGroups: @@ -248,7 +264,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -268,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -287,7 +303,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -306,7 +322,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -334,7 +350,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -352,7 +368,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -385,7 +401,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -408,7 +424,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -448,7 +464,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.3.1@sha256:54f7fe2c6c5a9db9a0ebf1131797109bb7a4d91f56b9b362bde2abd237dd1974 + image: registry.k8s.io/ingress-nginx/controller:v1.4.0@sha256:34ee929b111ffc7aa426ffd409af44da48e5a0eea1eb2207994d9e0c0882d143 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -523,7 +539,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -534,7 +550,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission-create spec: containers: @@ -548,7 +564,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f imagePullPolicy: IfNotPresent name: create securityContext: @@ -570,7 +586,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -581,7 +597,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission-patch spec: containers: @@ -597,7 +613,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f imagePullPolicy: IfNotPresent name: patch securityContext: @@ -619,7 +635,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -632,7 +648,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/baremetal/deploy.yaml b/deploy/static/provider/baremetal/deploy.yaml index f2f3d4ac9..bb9ce026c 100644 --- a/deploy/static/provider/baremetal/deploy.yaml +++ b/deploy/static/provider/baremetal/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -127,6 +127,14 @@ rules: verbs: - create - patch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - list + - watch + - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role @@ -136,7 +144,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -155,7 +163,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx rules: - apiGroups: @@ -220,6 +228,14 @@ rules: - get - list - watch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - list + - watch + - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -229,7 +245,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission rules: - apiGroups: @@ -248,7 +264,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -268,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -287,7 +303,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -306,7 +322,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -327,7 +343,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -339,7 +355,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -371,7 +387,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -394,7 +410,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -433,7 +449,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.3.1@sha256:54f7fe2c6c5a9db9a0ebf1131797109bb7a4d91f56b9b362bde2abd237dd1974 + image: registry.k8s.io/ingress-nginx/controller:v1.4.0@sha256:34ee929b111ffc7aa426ffd409af44da48e5a0eea1eb2207994d9e0c0882d143 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -505,7 +521,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -516,7 +532,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission-create spec: containers: @@ -530,7 +546,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f imagePullPolicy: IfNotPresent name: create securityContext: @@ -552,7 +568,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -563,7 +579,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission-patch spec: containers: @@ -579,7 +595,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f imagePullPolicy: IfNotPresent name: patch securityContext: @@ -601,7 +617,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -614,7 +630,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/cloud/deploy.yaml b/deploy/static/provider/cloud/deploy.yaml index d7ba531c2..372c71909 100644 --- a/deploy/static/provider/cloud/deploy.yaml +++ b/deploy/static/provider/cloud/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -127,6 +127,14 @@ rules: verbs: - create - patch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - list + - watch + - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role @@ -136,7 +144,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -155,7 +163,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx rules: - apiGroups: @@ -220,6 +228,14 @@ rules: - get - list - watch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - list + - watch + - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -229,7 +245,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission rules: - apiGroups: @@ -248,7 +264,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -268,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -287,7 +303,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -306,7 +322,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -327,7 +343,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -339,7 +355,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -372,7 +388,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -395,7 +411,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -435,7 +451,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.3.1@sha256:54f7fe2c6c5a9db9a0ebf1131797109bb7a4d91f56b9b362bde2abd237dd1974 + image: registry.k8s.io/ingress-nginx/controller:v1.4.0@sha256:34ee929b111ffc7aa426ffd409af44da48e5a0eea1eb2207994d9e0c0882d143 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -507,7 +523,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -518,7 +534,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission-create spec: containers: @@ -532,7 +548,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f imagePullPolicy: IfNotPresent name: create securityContext: @@ -554,7 +570,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -565,7 +581,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission-patch spec: containers: @@ -581,7 +597,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f imagePullPolicy: IfNotPresent name: patch securityContext: @@ -603,7 +619,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -616,7 +632,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/do/deploy.yaml b/deploy/static/provider/do/deploy.yaml index f24648b5e..c7da768ff 100644 --- a/deploy/static/provider/do/deploy.yaml +++ b/deploy/static/provider/do/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -127,6 +127,14 @@ rules: verbs: - create - patch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - list + - watch + - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role @@ -136,7 +144,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -155,7 +163,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx rules: - apiGroups: @@ -220,6 +228,14 @@ rules: - get - list - watch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - list + - watch + - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -229,7 +245,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission rules: - apiGroups: @@ -248,7 +264,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -268,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -287,7 +303,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -306,7 +322,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -328,7 +344,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -342,7 +358,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -375,7 +391,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -398,7 +414,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -438,7 +454,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.3.1@sha256:54f7fe2c6c5a9db9a0ebf1131797109bb7a4d91f56b9b362bde2abd237dd1974 + image: registry.k8s.io/ingress-nginx/controller:v1.4.0@sha256:34ee929b111ffc7aa426ffd409af44da48e5a0eea1eb2207994d9e0c0882d143 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -510,7 +526,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -521,7 +537,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission-create spec: containers: @@ -535,7 +551,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f imagePullPolicy: IfNotPresent name: create securityContext: @@ -557,7 +573,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -568,7 +584,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission-patch spec: containers: @@ -584,7 +600,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f imagePullPolicy: IfNotPresent name: patch securityContext: @@ -606,7 +622,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -619,7 +635,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/exoscale/deploy.yaml b/deploy/static/provider/exoscale/deploy.yaml index 856fbfa8d..dfb0e8f7d 100644 --- a/deploy/static/provider/exoscale/deploy.yaml +++ b/deploy/static/provider/exoscale/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -127,6 +127,14 @@ rules: verbs: - create - patch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - list + - watch + - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role @@ -136,7 +144,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -155,7 +163,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx rules: - apiGroups: @@ -220,6 +228,14 @@ rules: - get - list - watch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - list + - watch + - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -229,7 +245,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission rules: - apiGroups: @@ -248,7 +264,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -268,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -287,7 +303,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -306,7 +322,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -327,7 +343,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -348,7 +364,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -381,7 +397,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -404,7 +420,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -444,7 +460,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.3.1@sha256:54f7fe2c6c5a9db9a0ebf1131797109bb7a4d91f56b9b362bde2abd237dd1974 + image: registry.k8s.io/ingress-nginx/controller:v1.4.0@sha256:34ee929b111ffc7aa426ffd409af44da48e5a0eea1eb2207994d9e0c0882d143 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -516,7 +532,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -527,7 +543,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission-create spec: containers: @@ -541,7 +557,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f imagePullPolicy: IfNotPresent name: create securityContext: @@ -563,7 +579,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -574,7 +590,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission-patch spec: containers: @@ -590,7 +606,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f imagePullPolicy: IfNotPresent name: patch securityContext: @@ -612,7 +628,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -625,7 +641,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/kind/deploy.yaml b/deploy/static/provider/kind/deploy.yaml index 5291d2d33..cde5ece76 100644 --- a/deploy/static/provider/kind/deploy.yaml +++ b/deploy/static/provider/kind/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -127,6 +127,14 @@ rules: verbs: - create - patch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - list + - watch + - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role @@ -136,7 +144,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -155,7 +163,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx rules: - apiGroups: @@ -220,6 +228,14 @@ rules: - get - list - watch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - list + - watch + - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -229,7 +245,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission rules: - apiGroups: @@ -248,7 +264,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -268,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -287,7 +303,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -306,7 +322,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -327,7 +343,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -339,7 +355,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -371,7 +387,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -394,7 +410,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -439,7 +455,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.3.1@sha256:54f7fe2c6c5a9db9a0ebf1131797109bb7a4d91f56b9b362bde2abd237dd1974 + image: registry.k8s.io/ingress-nginx/controller:v1.4.0@sha256:34ee929b111ffc7aa426ffd409af44da48e5a0eea1eb2207994d9e0c0882d143 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -521,7 +537,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -532,7 +548,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission-create spec: containers: @@ -546,7 +562,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f imagePullPolicy: IfNotPresent name: create securityContext: @@ -568,7 +584,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -579,7 +595,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission-patch spec: containers: @@ -595,7 +611,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f imagePullPolicy: IfNotPresent name: patch securityContext: @@ -617,7 +633,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -630,7 +646,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/scw/deploy.yaml b/deploy/static/provider/scw/deploy.yaml index a43df9de4..25880d180 100644 --- a/deploy/static/provider/scw/deploy.yaml +++ b/deploy/static/provider/scw/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -127,6 +127,14 @@ rules: verbs: - create - patch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - list + - watch + - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role @@ -136,7 +144,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -155,7 +163,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx rules: - apiGroups: @@ -220,6 +228,14 @@ rules: - get - list - watch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - list + - watch + - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -229,7 +245,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission rules: - apiGroups: @@ -248,7 +264,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -268,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -287,7 +303,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -306,7 +322,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -328,7 +344,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -342,7 +358,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -375,7 +391,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -398,7 +414,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -438,7 +454,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.3.1@sha256:54f7fe2c6c5a9db9a0ebf1131797109bb7a4d91f56b9b362bde2abd237dd1974 + image: registry.k8s.io/ingress-nginx/controller:v1.4.0@sha256:34ee929b111ffc7aa426ffd409af44da48e5a0eea1eb2207994d9e0c0882d143 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -510,7 +526,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -521,7 +537,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission-create spec: containers: @@ -535,7 +551,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f imagePullPolicy: IfNotPresent name: create securityContext: @@ -557,7 +573,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -568,7 +584,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission-patch spec: containers: @@ -584,7 +600,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f imagePullPolicy: IfNotPresent name: patch securityContext: @@ -606,7 +622,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -619,7 +635,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.3.1 + app.kubernetes.io/version: 1.4.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/docs/deploy/index.md b/docs/deploy/index.md index 5a0b6bfb8..167c700b8 100644 --- a/docs/deploy/index.md +++ b/docs/deploy/index.md @@ -61,7 +61,7 @@ It will install the controller in the `ingress-nginx` namespace, creating that n **If you don't have Helm** or if you prefer to use a YAML manifest, you can run the following command instead: ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.3.1/deploy/static/provider/cloud/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v.1.4.0/deploy/static/provider/cloud/deploy.yaml ``` !!! info @@ -224,7 +224,7 @@ In AWS, we use a Network load balancer (NLB) to expose the NGINX Ingress control ##### Network Load Balancer (NLB) ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.3.1/deploy/static/provider/aws/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v.1.4.0/deploy/static/provider/aws/deploy.yaml ``` ##### TLS termination in AWS Load Balancer (NLB) @@ -232,10 +232,10 @@ kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/cont By default, TLS is terminated in the ingress controller. But it is also possible to terminate TLS in the Load Balancer. This section explains how to do that on AWS using an NLB. -1. Download the [deploy.yaml](https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.3.1/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml) template +1. Download the [deploy.yaml](https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v.1.4.0/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml) template ```console - wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.3.1/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml + wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v.1.4.0/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml ``` 2. Edit the file and change the VPC CIDR in use for the Kubernetes cluster: @@ -281,7 +281,7 @@ Then, the ingress controller can be installed like this: ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.3.1/deploy/static/provider/cloud/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v.1.4.0/deploy/static/provider/cloud/deploy.yaml ``` !!! warning @@ -298,7 +298,7 @@ Proxy-protocol is supported in GCE check the [Official Documentations on how to #### Azure ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.3.1/deploy/static/provider/cloud/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v.1.4.0/deploy/static/provider/cloud/deploy.yaml ``` More information with regard to Azure annotations for ingress controller can be found in the [official AKS documentation](https://docs.microsoft.com/en-us/azure/aks/ingress-internal-ip#create-an-ingress-controller). @@ -306,7 +306,7 @@ More information with regard to Azure annotations for ingress controller can be #### Digital Ocean ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.3.1/deploy/static/provider/do/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v.1.4.0/deploy/static/provider/do/deploy.yaml ``` - By default the service object of the ingress-nginx-controller for Digital-Ocean, only configures one annotation. Its this one `service.beta.kubernetes.io/do-loadbalancer-enable-proxy-protocol: "true"`. While this makes the service functional, it was reported that the Digital-Ocean LoadBalancer graphs shows `no data`, unless a few other annotations are also configured. Some of these other annotations require values that can not be generic and hence not forced in a out-of-the-box installation. These annotations and a discussion on them is well documented in [this issue](https://github.com/kubernetes/ingress-nginx/issues/8965). Please refer to the issue to add annotations, with values specific to user, to get graphs of the DO-LB populated with data. @@ -314,7 +314,7 @@ kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/cont #### Scaleway ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.3.1/deploy/static/provider/scw/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v.1.4.0/deploy/static/provider/scw/deploy.yaml ``` #### Exoscale @@ -329,7 +329,7 @@ The full list of annotations supported by Exoscale is available in the Exoscale #### Oracle Cloud Infrastructure ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.3.1/deploy/static/provider/cloud/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v.1.4.0/deploy/static/provider/cloud/deploy.yaml ``` A @@ -346,7 +346,7 @@ For quick testing, you can use a This should work on almost every cluster, but it will typically use a port in the range 30000-32767. ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.3.1/deploy/static/provider/baremetal/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v.1.4.0/deploy/static/provider/baremetal/deploy.yaml ``` For more information about bare metal deployments (and how to use port 80 instead of a random port in the 30000-32767 range), From fd23ca75a62400c142b53b11c775cea9022c734e Mon Sep 17 00:00:00 2001 From: yutachaos <18604471+yutachaos@users.noreply.github.com> Date: Tue, 4 Oct 2022 02:42:15 +0900 Subject: [PATCH 087/166] Fixed to supported versions (#9117) --- Changelog.md | 2 +- README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Changelog.md b/Changelog.md index 4fda4aee4..34b49e28a 100644 --- a/Changelog.md +++ b/Changelog.md @@ -27,7 +27,7 @@ If you notice any issues, *please* ping [Ben Elder](https://twitter.com/BenTheEl [8890](https://github.com/kubernetes/ingress-nginx/pull/8890) * Update to Prometheus metric names, more information [available here]( https://github.com/kubernetes/ingress-nginx/pull/8728 ) -* Deprecated Kubernetes versions 1.20-1.21, Added support for, 1.25, currently supported versions v1.23, v1.24, v1.25 +* Deprecated Kubernetes versions 1.20-1.21, Added support for, 1.25, currently supported versions v1.22, v1.23, v1.24, v1.25 ADDED * `_request_duration_seconds` Histogram diff --git a/README.md b/README.md index 4cf990559..1af0a6000 100644 --- a/README.md +++ b/README.md @@ -38,7 +38,7 @@ For detailed changes on the `ingress-nginx` helm chart, please check the followi | Ingress-NGINX version | k8s supported version | Alpine Version | Nginx Version | |-----------------------|------------------------------|----------------|---------------| -| v1.4.0 | 1.25, 1.24, 1.23 | 3.16.2 | 1.19.10† | +| v1.4.0 | 1.25, 1.24, 1.23, 1.22 | 3.16.2 | 1.19.10† | | v1.3.1 | 1.24, 1.23, 1.22, 1.21, 1.20 | 3.16.2 | 1.19.10† | | v1.3.0 | 1.24, 1.23, 1.22, 1.21, 1.20 | 3.16.0 | 1.19.10† | | v1.2.1 | 1.23, 1.22, 1.21, 1.20, 1.19 | 3.14.6 | 1.19.10† | From fd7281c70396637640d32932d13e8956a39f0ca2 Mon Sep 17 00:00:00 2001 From: "Leon(@mediocreDevops)" Date: Tue, 4 Oct 2022 14:36:15 +0530 Subject: [PATCH 088/166] Updated incorrect version number in the Installation Guide (#9120) Fixes the incorrect version v.1.4.0 to v1.4.0 Signed-off-by: afro-coder Signed-off-by: afro-coder --- docs/deploy/index.md | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/docs/deploy/index.md b/docs/deploy/index.md index 167c700b8..eed695ac9 100644 --- a/docs/deploy/index.md +++ b/docs/deploy/index.md @@ -61,7 +61,7 @@ It will install the controller in the `ingress-nginx` namespace, creating that n **If you don't have Helm** or if you prefer to use a YAML manifest, you can run the following command instead: ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v.1.4.0/deploy/static/provider/cloud/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.4.0/deploy/static/provider/cloud/deploy.yaml ``` !!! info @@ -224,7 +224,7 @@ In AWS, we use a Network load balancer (NLB) to expose the NGINX Ingress control ##### Network Load Balancer (NLB) ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v.1.4.0/deploy/static/provider/aws/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.4.0/deploy/static/provider/aws/deploy.yaml ``` ##### TLS termination in AWS Load Balancer (NLB) @@ -232,10 +232,10 @@ kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/cont By default, TLS is terminated in the ingress controller. But it is also possible to terminate TLS in the Load Balancer. This section explains how to do that on AWS using an NLB. -1. Download the [deploy.yaml](https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v.1.4.0/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml) template +1. Download the [deploy.yaml](https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.4.0/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml) template ```console - wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v.1.4.0/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml + wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.4.0/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml ``` 2. Edit the file and change the VPC CIDR in use for the Kubernetes cluster: @@ -281,7 +281,7 @@ Then, the ingress controller can be installed like this: ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v.1.4.0/deploy/static/provider/cloud/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.4.0/deploy/static/provider/cloud/deploy.yaml ``` !!! warning @@ -298,7 +298,7 @@ Proxy-protocol is supported in GCE check the [Official Documentations on how to #### Azure ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v.1.4.0/deploy/static/provider/cloud/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.4.0/deploy/static/provider/cloud/deploy.yaml ``` More information with regard to Azure annotations for ingress controller can be found in the [official AKS documentation](https://docs.microsoft.com/en-us/azure/aks/ingress-internal-ip#create-an-ingress-controller). @@ -306,7 +306,7 @@ More information with regard to Azure annotations for ingress controller can be #### Digital Ocean ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v.1.4.0/deploy/static/provider/do/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.4.0/deploy/static/provider/do/deploy.yaml ``` - By default the service object of the ingress-nginx-controller for Digital-Ocean, only configures one annotation. Its this one `service.beta.kubernetes.io/do-loadbalancer-enable-proxy-protocol: "true"`. While this makes the service functional, it was reported that the Digital-Ocean LoadBalancer graphs shows `no data`, unless a few other annotations are also configured. Some of these other annotations require values that can not be generic and hence not forced in a out-of-the-box installation. These annotations and a discussion on them is well documented in [this issue](https://github.com/kubernetes/ingress-nginx/issues/8965). Please refer to the issue to add annotations, with values specific to user, to get graphs of the DO-LB populated with data. @@ -314,7 +314,7 @@ kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/cont #### Scaleway ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v.1.4.0/deploy/static/provider/scw/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.4.0/deploy/static/provider/scw/deploy.yaml ``` #### Exoscale @@ -329,7 +329,7 @@ The full list of annotations supported by Exoscale is available in the Exoscale #### Oracle Cloud Infrastructure ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v.1.4.0/deploy/static/provider/cloud/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.4.0/deploy/static/provider/cloud/deploy.yaml ``` A @@ -346,7 +346,7 @@ For quick testing, you can use a This should work on almost every cluster, but it will typically use a port in the range 30000-32767. ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v.1.4.0/deploy/static/provider/baremetal/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.4.0/deploy/static/provider/baremetal/deploy.yaml ``` For more information about bare metal deployments (and how to use port 80 instead of a random port in the 30000-32767 range), From 172d30239e8eef73b2db85be5ae5990300bed13a Mon Sep 17 00:00:00 2001 From: "Leon(@mediocreDevops)" <8469842+afro-coder@users.noreply.github.com> Date: Tue, 4 Oct 2022 16:12:15 +0530 Subject: [PATCH 089/166] Updated the Developer guide with New Contributor information (#9114) Added more clarity to the docs with regards to the getting-started page for developers. Signed-off-by: afro-coder Signed-off-by: afro-coder --- docs/developer-guide/getting-started.md | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/docs/developer-guide/getting-started.md b/docs/developer-guide/getting-started.md index fbf251790..9f4be8fcc 100644 --- a/docs/developer-guide/getting-started.md +++ b/docs/developer-guide/getting-started.md @@ -1,7 +1,15 @@ -# Developing for NGINX Ingress Controller + Developing for NGINX Ingress Controller This document explains how to get started with developing for NGINX Ingress controller. +For the really new contributors, who want to contribute to the INGRESS-NGINX project, but need help with understanding some basic concepts, +that are needed to work with the Kubernetes ingress resource, here is a link to the [New Contributors Guide](https://github.com/kubernetes/ingress-nginx/blob/main/NEW_CONTRIBUTOR.md). +This guide contains tips on how a http/https request travels, from a browser or a curl command, +to the webserver process running inside a container, in a pod, in a Kubernetes cluster, but enters the cluster via a ingress resource. +For those who are familiar with those basic networking concepts like routing of a packet with regards to a +http request, termination of connection, reverseproxy etc. etc., you can skip this and move on to the sections below. +(or read it anyways just for context and also provide feedbacks if any) + ## Prerequisites Install [Go 1.14](https://golang.org/dl/) or later. @@ -88,6 +96,3 @@ and then publish such version with ```console docker push $REGISTRY/controller:$TAG ``` - -### New Contributor Tips -New contributors can refer to the [new contributor tips](https://github.com/kubernetes/ingress-nginx/blob/main/NEW_CONTRIBUTOR.md) which will be updated with examples and tips. From 2645b5c0e4a44223106ef998c8455ec4a9225c0c Mon Sep 17 00:00:00 2001 From: Ricardo Katz Date: Tue, 4 Oct 2022 12:06:16 -0300 Subject: [PATCH 090/166] Remove deprecated net dependency (#9110) --- TAG | 2 +- go.mod | 2 +- test/e2e/annotations/grpc.go | 3 ++- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/TAG b/TAG index 0d0c52f84..97a3c26fd 100644 --- a/TAG +++ b/TAG @@ -1 +1 @@ -v1.4.0 +v1.4.0-old diff --git a/go.mod b/go.mod index 471e7749e..01efaba68 100644 --- a/go.mod +++ b/go.mod @@ -26,7 +26,6 @@ require ( github.com/yudai/gojsondiff v1.0.0 github.com/zakjan/cert-chain-resolver v0.0.0-20211122211144-c6b0b792af9a golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd - golang.org/x/net v0.0.0-20220722155237-a158d28d115b google.golang.org/grpc v1.49.0 gopkg.in/go-playground/pool.v3 v3.1.1 gopkg.in/mcuadros/go-syslog.v2 v2.3.0 @@ -106,6 +105,7 @@ require ( github.com/yudai/pp v2.0.1+incompatible // indirect go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5 // indirect golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 // indirect + golang.org/x/net v0.0.0-20220722155237-a158d28d115b // indirect golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b // indirect golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f // indirect golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 // indirect diff --git a/test/e2e/annotations/grpc.go b/test/e2e/annotations/grpc.go index dfe8141ee..39349e701 100644 --- a/test/e2e/annotations/grpc.go +++ b/test/e2e/annotations/grpc.go @@ -21,10 +21,11 @@ import ( "fmt" "strings" + "context" + pb "github.com/moul/pb/grpcbin/go-grpc" "github.com/onsi/ginkgo/v2" "github.com/stretchr/testify/assert" - "golang.org/x/net/context" "google.golang.org/grpc" "google.golang.org/grpc/credentials" "google.golang.org/grpc/metadata" From 2cc2ec85fc03e6c48820cf81a27cac8b4d202a10 Mon Sep 17 00:00:00 2001 From: yutachaos <18604471+yutachaos@users.noreply.github.com> Date: Wed, 5 Oct 2022 01:18:16 +0900 Subject: [PATCH 091/166] Fixed docs helm-docs version (#9121) --- RELEASE.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/RELEASE.md b/RELEASE.md index 210277942..589b9ee7f 100644 --- a/RELEASE.md +++ b/RELEASE.md @@ -233,7 +233,7 @@ Promoting the images basically means that images, that were pushed to staging co - [helm-docs](https://github.com/norwoodj/helm-docs) is a tool that generates the README.md for a helm-chart automatically. In the CI pipeline workflow of github actions (/.github/workflows/ci.yaml), you can see how helm-docs is used. But the CI pipeline is not designed to make commits back into the project. So we need to run helm-docs manually, and check in the resulting autogenerated README.md at the path /charts/ingress-nginx/README.md ``` - GOBIN=$PWD GO111MODULE=on go install github.com/norwoodj/helm-docs/cmd/helm-docs@v1.6.0 + GOBIN=$PWD GO111MODULE=on go install github.com/norwoodj/helm-docs/cmd/helm-docs@v1.11.0 ./helm-docs --chart-search-root=${GITHUB_WORKSPACE}/charts git diff --exit-code rm -f ./helm-docs From 00f86f7f342730ee27fbdb651fd874a2962f4120 Mon Sep 17 00:00:00 2001 From: James Strong Date: Tue, 4 Oct 2022 14:08:17 -0400 Subject: [PATCH 092/166] update x/net to remove vul CVE-2022-27664 (#9109) Signed-off-by: James Strong Signed-off-by: James Strong --- .github/workflows/ci.yaml | 1 + .github/workflows/perftest.yaml | 9 +++++---- TAG | 2 +- go.mod | 4 ++-- go.sum | 8 ++++---- 5 files changed, 13 insertions(+), 11 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 07948ef78..45e1cd981 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -165,6 +165,7 @@ jobs: - name: Run Artifact Hub lint run: | wget https://github.com/artifacthub/hub/releases/download/v1.5.0/ah_1.5.0_linux_amd64.tar.gz + echo 'ad0e44c6ea058ab6b85dbf582e88bad9fdbc64ded0d1dd4edbac65133e5c87da *ah_1.5.0_linux_amd64.tar.gz' | shasum -c tar -xzvf ah_1.5.0_linux_amd64.tar.gz ah ./ah lint -p charts/ingress-nginx || exit 1 rm -f ./ah ./ah_1.5.0_linux_amd64.tar.gz diff --git a/.github/workflows/perftest.yaml b/.github/workflows/perftest.yaml index d498a216a..3d848ecfe 100644 --- a/.github/workflows/perftest.yaml +++ b/.github/workflows/perftest.yaml @@ -1,13 +1,13 @@ name: Performance Test -on: +on: workflow_dispatch: inputs: logLevel: - description: 'Log level' + description: 'Log level' required: true default: 'warning' tags: - description: 'K6 Load Test' + description: 'K6 Load Test' permissions: contents: read @@ -19,10 +19,11 @@ jobs: steps: - name: Checkout uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b - + - name: Install K6 run: | wget https://github.com/grafana/k6/releases/download/v0.38.2/k6-v0.38.2-linux-amd64.tar.gz + echo '7c9e5a26aaa2c638c042f6dfda7416161b8d2e0d4cb930721a38083b8be109ab *k6-v0.38.2-linux-amd64.tar.gz' | shasum -c tar -xvf k6-v0.38.2-linux-amd64.tar.gz k6-v0.38.2-linux-amd64/k6 mv k6-v0.38.2-linux-amd64/k6 . ./k6 diff --git a/TAG b/TAG index 97a3c26fd..a5b25f766 100644 --- a/TAG +++ b/TAG @@ -1 +1 @@ -v1.4.0-old +v1.4.0q diff --git a/go.mod b/go.mod index 01efaba68..8430764e5 100644 --- a/go.mod +++ b/go.mod @@ -105,9 +105,9 @@ require ( github.com/yudai/pp v2.0.1+incompatible // indirect go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5 // indirect golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 // indirect - golang.org/x/net v0.0.0-20220722155237-a158d28d115b // indirect + golang.org/x/net v0.0.0-20220906165146-f3363e06e74c // indirect golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b // indirect - golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f // indirect + golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10 // indirect golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 // indirect golang.org/x/text v0.3.7 // indirect golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 // indirect diff --git a/go.sum b/go.sum index 65fb4ee78..fb6d6741e 100644 --- a/go.sum +++ b/go.sum @@ -743,8 +743,8 @@ golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qx golang.org/x/net v0.0.0-20211209124913-491a49abca63/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= -golang.org/x/net v0.0.0-20220722155237-a158d28d115b h1:PxfKdU9lEEDYjdIzOtC4qFWgkU2rGHdKlKowJSMN9h0= -golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= +golang.org/x/net v0.0.0-20220906165146-f3363e06e74c h1:yKufUcDwucU5urd+50/Opbt4AYpqthk7wHpHok8f1lo= +golang.org/x/net v0.0.0-20220906165146-f3363e06e74c/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -851,8 +851,8 @@ golang.org/x/sys v0.0.0-20211116061358-0a5406a5449c/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f h1:v4INt8xihDGvnrfjMDVXGxw9wrfxYyCjk0KbXjhR55s= -golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10 h1:WIoqL4EROvwiPdUtaip4VcDdpZ4kha7wBWZrbVKCIZg= +golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210615171337-6886f2dfbf5b/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 h1:JGgROgKl9N8DuW20oFS5gxc+lE67/N3FcwmBPMe7ArY= From c211aa83d3fee9d1d9e3b631cbecb7035b8fefa8 Mon Sep 17 00:00:00 2001 From: James Strong Date: Wed, 5 Oct 2022 09:01:32 -0600 Subject: [PATCH 093/166] fix wrong tag --- TAG | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/TAG b/TAG index a5b25f766..0d0c52f84 100644 --- a/TAG +++ b/TAG @@ -1 +1 @@ -v1.4.0q +v1.4.0 From 83aa9e472fa7dbca1b371db117b2a582d55ac6d3 Mon Sep 17 00:00:00 2001 From: Marco Ebert Date: Wed, 5 Oct 2022 18:14:05 +0200 Subject: [PATCH 094/166] Rename controller-wehbooks-networkpolicy.yaml -> controller-webhooks-networkpolicy.yaml. (#9123) --- ...-networkpolicy.yaml => controller-webhooks-networkpolicy.yaml} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename charts/ingress-nginx/templates/{controller-wehbooks-networkpolicy.yaml => controller-webhooks-networkpolicy.yaml} (100%) diff --git a/charts/ingress-nginx/templates/controller-wehbooks-networkpolicy.yaml b/charts/ingress-nginx/templates/controller-webhooks-networkpolicy.yaml similarity index 100% rename from charts/ingress-nginx/templates/controller-wehbooks-networkpolicy.yaml rename to charts/ingress-nginx/templates/controller-webhooks-networkpolicy.yaml From 796cdf734e880a34b921f0d6c69994e67b5320bf Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 10 Oct 2022 06:23:22 -0700 Subject: [PATCH 095/166] Bump helm/chart-releaser-action from 1.4.0 to 1.4.1 (#9136) Bumps [helm/chart-releaser-action](https://github.com/helm/chart-releaser-action) from 1.4.0 to 1.4.1. - [Release notes](https://github.com/helm/chart-releaser-action/releases) - [Commits](https://github.com/helm/chart-releaser-action/compare/v1.4.0...v1.4.1) --- updated-dependencies: - dependency-name: helm/chart-releaser-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/helm.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/helm.yaml b/.github/workflows/helm.yaml index 49ef6acd4..0be3841da 100644 --- a/.github/workflows/helm.yaml +++ b/.github/workflows/helm.yaml @@ -64,7 +64,7 @@ jobs: git config --global user.email "$GITHUB_ACTOR@users.noreply.github.com" - name: Helm Chart Releaser - uses: helm/chart-releaser-action@v1.4.0 + uses: helm/chart-releaser-action@v1.4.1 env: CR_SKIP_EXISTING: "false" CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" From aaa336f207f3b830dfc2cdc49b01fecc19bf4b87 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 10 Oct 2022 06:25:23 -0700 Subject: [PATCH 096/166] Bump github/codeql-action from 2.1.25 to 2.1.27 (#9137) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.25 to 2.1.27. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/86f3159a697a097a813ad9bfa0002412d97690a4...807578363a7869ca324a79039e6db9c843e0e100) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/scorecards.yml | 2 +- .github/workflows/vulnerability-scans.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 2e13deea0..5a93a5d49 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -57,6 +57,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@86f3159a697a097a813ad9bfa0002412d97690a4 # v2.1.14 + uses: github/codeql-action/upload-sarif@807578363a7869ca324a79039e6db9c843e0e100 # v2.1.14 with: sarif_file: results.sarif diff --git a/.github/workflows/vulnerability-scans.yaml b/.github/workflows/vulnerability-scans.yaml index 0ef654160..130391a8a 100644 --- a/.github/workflows/vulnerability-scans.yaml +++ b/.github/workflows/vulnerability-scans.yaml @@ -75,7 +75,7 @@ jobs: # This step checks out a copy of your repository. - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@86f3159a697a097a813ad9bfa0002412d97690a4 + uses: github/codeql-action/upload-sarif@807578363a7869ca324a79039e6db9c843e0e100 with: token: ${{ github.token }} # Path to SARIF file relative to the root of the repository From 3f40eb02cd470bae572abe090b0aebaf5363cadc Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 10 Oct 2022 06:31:21 -0700 Subject: [PATCH 097/166] Bump ossf/scorecard-action from 2.0.3 to 2.0.4 (#9138) Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.0.3 to 2.0.4. - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](https://github.com/ossf/scorecard-action/compare/865b4092859256271290c77adbd10a43f4779972...e363bfca00e752f91de7b7d2a77340e2e523cb18) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/scorecards.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 5a93a5d49..d57f7c99d 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -30,7 +30,7 @@ jobs: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@865b4092859256271290c77adbd10a43f4779972 # v1.1.1 + uses: ossf/scorecard-action@e363bfca00e752f91de7b7d2a77340e2e523cb18 # v1.1.1 with: results_file: results.sarif results_format: sarif From c42b68eeadc57d2e8ec9e8daee4d4920ead6c181 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 12 Oct 2022 12:33:01 -0700 Subject: [PATCH 098/166] Bump google.golang.org/grpc from 1.49.0 to 1.50.0 (#9134) Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.49.0 to 1.50.0. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](https://github.com/grpc/grpc-go/compare/v1.49.0...v1.50.0) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 8430764e5..378ef56e8 100644 --- a/go.mod +++ b/go.mod @@ -26,7 +26,7 @@ require ( github.com/yudai/gojsondiff v1.0.0 github.com/zakjan/cert-chain-resolver v0.0.0-20211122211144-c6b0b792af9a golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd - google.golang.org/grpc v1.49.0 + google.golang.org/grpc v1.50.0 gopkg.in/go-playground/pool.v3 v3.1.1 gopkg.in/mcuadros/go-syslog.v2 v2.3.0 k8s.io/api v0.25.2 diff --git a/go.sum b/go.sum index fb6d6741e..ada03d47a 100644 --- a/go.sum +++ b/go.sum @@ -1065,8 +1065,8 @@ google.golang.org/grpc v1.39.0/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnD google.golang.org/grpc v1.39.1/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE= google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34= google.golang.org/grpc v1.46.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk= -google.golang.org/grpc v1.49.0 h1:WTLtQzmQori5FUH25Pq4WT22oCsv8USpQ+F6rqtsmxw= -google.golang.org/grpc v1.49.0/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCDK+GI= +google.golang.org/grpc v1.50.0 h1:fPVVDxY9w++VjTZsYvXWqEf9Rqar/e+9zYfxKK+W+YU= +google.golang.org/grpc v1.50.0/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCDK+GI= google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= From ea254fbcb15b9614961074cba63b52a5d6d06f03 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 12 Oct 2022 12:35:02 -0700 Subject: [PATCH 099/166] Bump actions/checkout from 3.0.2 to 3.1.0 (#9135) Bumps [actions/checkout](https://github.com/actions/checkout) from 3.0.2 to 3.1.0. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/2541b1294d2704b0964813337f33b291d3f8596b...93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci.yaml | 16 ++++++++-------- .github/workflows/depreview.yaml | 2 +- .github/workflows/docs.yaml | 4 ++-- .github/workflows/helm.yaml | 4 ++-- .github/workflows/perftest.yaml | 2 +- .github/workflows/plugin.yaml | 2 +- .github/workflows/scorecards.yml | 2 +- .github/workflows/vulnerability-scans.yaml | 4 ++-- 8 files changed, 18 insertions(+), 18 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 45e1cd981..8b29a85d6 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -26,7 +26,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.2 + uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.0.2 - uses: dorny/paths-filter@b2feaf19c27470162a626bd6fa8438ae5b263721 # v2.10.2 id: filter @@ -50,7 +50,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.2 + uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.0.2 - name: Run Gosec Security Scanner uses: securego/gosec@19fa856badad483cae700ee1213dd7f1a933d6d3 # master @@ -68,7 +68,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.2 + uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.0.2 - name: Set up Go 1.19.1 id: go @@ -135,7 +135,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.2 + uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.0.2 - name: Setup Go uses: actions/setup-go@268d8c0ca0432bb2cf416faae41297df9d262d7f # v3.2.0 @@ -218,7 +218,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.2 + uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.0.2 - name: cache uses: actions/download-artifact@fb598a63ae348fa914e94cd0ff38f362e927b741 # v2 @@ -275,7 +275,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.2 + uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.0.2 - name: cache uses: actions/download-artifact@fb598a63ae348fa914e94cd0ff38f362e927b741 @@ -326,7 +326,7 @@ jobs: PLATFORMS: linux/amd64,linux/arm64 steps: - name: Checkout - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.2 + uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.0.2 - uses: dorny/paths-filter@b2feaf19c27470162a626bd6fa8438ae5b263721 # v2.10.2 id: filter-images @@ -393,7 +393,7 @@ jobs: PLATFORMS: linux/amd64 steps: - name: Checkout - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.2 + uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.0.2 - uses: dorny/paths-filter@b2feaf19c27470162a626bd6fa8438ae5b263721 # v2.10.2 id: filter-images diff --git a/.github/workflows/depreview.yaml b/.github/workflows/depreview.yaml index d69c1a0c8..1809c531c 100644 --- a/.github/workflows/depreview.yaml +++ b/.github/workflows/depreview.yaml @@ -9,6 +9,6 @@ jobs: runs-on: ubuntu-latest steps: - name: 'Checkout Repository' - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b #v3.0.2 + uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 #v3.0.2 - name: 'Dependency Review' uses: actions/dependency-review-action@375c5370086bfff256c37f8beec0f437e2e72ae1 #v2.0.2 diff --git a/.github/workflows/docs.yaml b/.github/workflows/docs.yaml index 834859aa0..cb183577a 100644 --- a/.github/workflows/docs.yaml +++ b/.github/workflows/docs.yaml @@ -24,7 +24,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b #v3.0.2 + uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 #v3.0.2 - uses: dorny/paths-filter@b2feaf19c27470162a626bd6fa8438ae5b263721 # v2.10.2 id: filter @@ -49,7 +49,7 @@ jobs: steps: - name: Checkout master - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b #v3.0.2 + uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 #v3.0.2 - name: Deploy uses: ./.github/actions/mkdocs diff --git a/.github/workflows/helm.yaml b/.github/workflows/helm.yaml index 0be3841da..abfdda1c8 100644 --- a/.github/workflows/helm.yaml +++ b/.github/workflows/helm.yaml @@ -25,7 +25,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.2 + uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.0.2 - uses: dorny/paths-filter@b2feaf19c27470162a626bd6fa8438ae5b263721 # v2.10.2 id: filter @@ -52,7 +52,7 @@ jobs: steps: - name: Checkout master - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.2 + uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.0.2 with: # Fetch entire history. Required for chart-releaser; see https://github.com/helm/chart-releaser-action/issues/13#issuecomment-602063896 fetch-depth: 0 diff --git a/.github/workflows/perftest.yaml b/.github/workflows/perftest.yaml index 3d848ecfe..a9206d9ef 100644 --- a/.github/workflows/perftest.yaml +++ b/.github/workflows/perftest.yaml @@ -18,7 +18,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b + uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 - name: Install K6 run: | diff --git a/.github/workflows/plugin.yaml b/.github/workflows/plugin.yaml index 319055b62..42b7f043b 100644 --- a/.github/workflows/plugin.yaml +++ b/.github/workflows/plugin.yaml @@ -17,7 +17,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.2 + uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.0.2 with: fetch-depth: 0 diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index d57f7c99d..c06db13ca 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -25,7 +25,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.0 + uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.0.0 with: persist-credentials: false diff --git a/.github/workflows/vulnerability-scans.yaml b/.github/workflows/vulnerability-scans.yaml index 130391a8a..0cfdb6375 100644 --- a/.github/workflows/vulnerability-scans.yaml +++ b/.github/workflows/vulnerability-scans.yaml @@ -22,7 +22,7 @@ jobs: versions: ${{ steps.version.outputs.TAGS }} steps: - name: Checkout code - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b + uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 with: fetch-depth: 0 @@ -52,7 +52,7 @@ jobs: versions: ${{ fromJSON(needs.version.outputs.versions) }} steps: - name: Checkout code - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b + uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 - shell: bash id: test From 93df796767929ffd9dce2b8e65de376e9e0ab90e Mon Sep 17 00:00:00 2001 From: James Strong Date: Wed, 12 Oct 2022 15:39:00 -0400 Subject: [PATCH 100/166] upgrade to golang 1.19.2 (#9124) * upgrade to golang 1.19.2 Signed-off-by: James Strong * update e2e testing to 1.25 kind Signed-off-by: James Strong Signed-off-by: James Strong --- .github/workflows/ci.yaml | 10 ++++---- .github/workflows/plugin.yaml | 2 +- Makefile | 10 -------- build/dev-env.sh | 25 +++---------------- build/kind.yaml | 18 +++++++++++++ build/run-in-docker.sh | 10 -------- .../rootfs/Dockerfile | 2 +- images/kube-webhook-certgen/rootfs/Dockerfile | 2 +- images/test-runner/Makefile | 2 +- test/e2e/run.sh | 2 +- 10 files changed, 31 insertions(+), 52 deletions(-) create mode 100644 build/kind.yaml diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 8b29a85d6..8e8eb6631 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -70,11 +70,11 @@ jobs: - name: Checkout uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.0.2 - - name: Set up Go 1.19.1 + - name: Set up Go 1.19.2 id: go uses: actions/setup-go@268d8c0ca0432bb2cf416faae41297df9d262d7f # v3.2.0 with: - go-version: '1.19.1' + go-version: '1.19.2' - name: Set up QEMU uses: docker/setup-qemu-action@8b122486cedac8393e77aa9734c3528886e4a1a8 #v2.0.0 @@ -140,7 +140,7 @@ jobs: - name: Setup Go uses: actions/setup-go@268d8c0ca0432bb2cf416faae41297df9d262d7f # v3.2.0 with: - go-version: '1.19.1' + go-version: '1.19.2' - name: cache uses: actions/download-artifact@fb598a63ae348fa914e94cd0ff38f362e927b741 # v3 @@ -411,12 +411,12 @@ jobs: version: v0.15.0 image: kindest/node:v1.25.2 - - name: Set up Go 1.19.1 + - name: Set up Go 1.19.2 id: go if: ${{ steps.filter-images.outputs.kube-webhook-certgen == 'true' }} uses: actions/setup-go@268d8c0ca0432bb2cf416faae41297df9d262d7f # v3.2.0 with: - go-version: '1.19.1' + go-version: '1.19.2' - name: kube-webhook-certgen image build if: ${{ steps.filter-images.outputs.kube-webhook-certgen == 'true' }} diff --git a/.github/workflows/plugin.yaml b/.github/workflows/plugin.yaml index 42b7f043b..ff11b713c 100644 --- a/.github/workflows/plugin.yaml +++ b/.github/workflows/plugin.yaml @@ -24,7 +24,7 @@ jobs: - name: Set up Go uses: actions/setup-go@268d8c0ca0432bb2cf416faae41297df9d262d7f # v3.2.0 with: - go-version: 1.19.1 + go-version: 1.19.2 - name: Run GoReleaser uses: goreleaser/goreleaser-action@ff11ca24a9b39f2d36796d1fbd7a4e39c182630a # v3.0.0 diff --git a/Makefile b/Makefile index 7a62d6f61..8204a2087 100644 --- a/Makefile +++ b/Makefile @@ -53,14 +53,6 @@ ifneq ($(PLATFORM),) PLATFORM_FLAG="--platform" endif -MAC_OS = $(shell uname -s) - -ifeq ($(MAC_OS), Darwin) - MAC_DOCKER_FLAGS="--load" -else - MAC_DOCKER_FLAGS= -endif - REGISTRY ?= gcr.io/k8s-staging-ingress-nginx BASE_IMAGE ?= $(shell cat NGINX_BASE) @@ -76,7 +68,6 @@ image: clean-image ## Build image for a particular arch. docker build \ ${PLATFORM_FLAG} ${PLATFORM} \ --no-cache \ - $(MAC_DOCKER_FLAGS) \ --pull \ --build-arg BASE_IMAGE="$(BASE_IMAGE)" \ --build-arg VERSION="$(TAG)" \ @@ -94,7 +85,6 @@ image-chroot: clean-chroot-image ## Build image for a particular arch. echo "Building docker image ($(ARCH))..." docker build \ --no-cache \ - $(MAC_DOCKER_FLAGS) \ --pull \ --build-arg BASE_IMAGE="$(BASE_IMAGE)" \ --build-arg VERSION="$(TAG)" \ diff --git a/build/dev-env.sh b/build/dev-env.sh index ae6860726..09609367a 100755 --- a/build/dev-env.sh +++ b/build/dev-env.sh @@ -62,32 +62,13 @@ echo "[dev-env] building image" make build image docker tag "${REGISTRY}/controller:${TAG}" "${DEV_IMAGE}" -export K8S_VERSION=${K8S_VERSION:-v1.24.2@sha256:1f0cee2282f43150b52dc7933183ed96abdcfc8d293f30ec07082495874876f1} +export K8S_VERSION=${K8S_VERSION:-v1.25.2@sha256:9be91e9e9cdf116809841fc77ebdb8845443c4c72fe5218f3ae9eb57fdb4bace} KIND_CLUSTER_NAME="ingress-nginx-dev" if ! kind get clusters -q | grep -q ${KIND_CLUSTER_NAME}; then -echo "[dev-env] creating Kubernetes cluster with kind" -cat < Date: Thu, 13 Oct 2022 03:45:02 +0800 Subject: [PATCH 101/166] fix e2e resource leak when ginkgo exit before clear resource (#9103) --- test/e2e/framework/framework.go | 16 ++++++---------- 1 file changed, 6 insertions(+), 10 deletions(-) diff --git a/test/e2e/framework/framework.go b/test/e2e/framework/framework.go index 4946c13b2..662cd0879 100644 --- a/test/e2e/framework/framework.go +++ b/test/e2e/framework/framework.go @@ -121,11 +121,9 @@ func (f *Framework) CreateEnvironment() { } func (f *Framework) DestroyEnvironment() { - go func() { - defer ginkgo.GinkgoRecover() - err := DeleteKubeNamespace(f.KubeClientSet, f.Namespace) - assert.Nil(ginkgo.GinkgoT(), err, "deleting namespace %v", f.Namespace) - }() + defer ginkgo.GinkgoRecover() + err := DeleteKubeNamespace(f.KubeClientSet, f.Namespace) + assert.Nil(ginkgo.GinkgoT(), err, "deleting namespace %v", f.Namespace) } // BeforeEach gets a client and makes a namespace. @@ -151,11 +149,9 @@ func (f *Framework) AfterEach() { defer f.DestroyEnvironment() defer func(kubeClient kubernetes.Interface, ingressclass string) { - go func() { - defer ginkgo.GinkgoRecover() - err := deleteIngressClass(kubeClient, ingressclass) - assert.Nil(ginkgo.GinkgoT(), err, "deleting IngressClass") - }() + defer ginkgo.GinkgoRecover() + err := deleteIngressClass(kubeClient, ingressclass) + assert.Nil(ginkgo.GinkgoT(), err, "deleting IngressClass") }(f.KubeClientSet, f.IngressClass) if !ginkgo.CurrentSpecReport().Failed() { From 6aac00648b6353d25e455594c525d07cf6d80960 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Johannes=20W=C3=BCrbach?= Date: Thu, 13 Oct 2022 00:41:04 +0200 Subject: [PATCH 102/166] fix: handle 401 and 403 by external auth (#9131) --- rootfs/etc/nginx/template/nginx.tmpl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rootfs/etc/nginx/template/nginx.tmpl b/rootfs/etc/nginx/template/nginx.tmpl index c315e4ee9..92d2c9706 100755 --- a/rootfs/etc/nginx/template/nginx.tmpl +++ b/rootfs/etc/nginx/template/nginx.tmpl @@ -957,7 +957,7 @@ stream { set $proxy_upstream_name "-"; {{ if not ( empty $server.CertificateAuth.MatchCN ) }} - {{ if gt (len $server.CertificateAuth.MatchCN) 0 }} + {{ if gt (len $server.CertificateAuth.MatchCN) 0 }} if ( $ssl_client_s_dn !~ {{ $server.CertificateAuth.MatchCN }} ) { return 403 "client certificate unauthorized"; } @@ -1288,7 +1288,7 @@ stream { {{- end }} return end - if res.status == ngx.HTTP_FORBIDDEN then + if res.status == ngx.HTTP_UNAUTHORIZED or res.status == ngx.HTTP_FORBIDDEN then ngx.exit(res.status) end ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR) From e53d19ceb695f880d4886effc2444abf1e04ff41 Mon Sep 17 00:00:00 2001 From: Ricardo Katz Date: Wed, 12 Oct 2022 20:31:03 -0300 Subject: [PATCH 103/166] Move bowei to emeritus owner (#9150) --- OWNERS | 1 + OWNERS_ALIASES | 1 - 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/OWNERS b/OWNERS index 20082fb1f..71f3328f1 100644 --- a/OWNERS +++ b/OWNERS @@ -8,3 +8,4 @@ reviewers: emeritus_approvers: - aledbf # 2020-04-02 +- bowei # 2022-10-12 diff --git a/OWNERS_ALIASES b/OWNERS_ALIASES index 04b495b6b..49806abdb 100644 --- a/OWNERS_ALIASES +++ b/OWNERS_ALIASES @@ -7,7 +7,6 @@ aliases: - thockin ingress-nginx-admins: - - bowei - rikatz - strongjz From 499dbf57af5d0d7eb2fdb298cc89b5f4bf179854 Mon Sep 17 00:00:00 2001 From: Tomas Hulata Date: Thu, 13 Oct 2022 02:11:00 +0200 Subject: [PATCH 104/166] fix ports (#9149) --- internal/ingress/controller/endpointslices.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/internal/ingress/controller/endpointslices.go b/internal/ingress/controller/endpointslices.go index efd2a6afa..5a24c3880 100644 --- a/internal/ingress/controller/endpointslices.go +++ b/internal/ingress/controller/endpointslices.go @@ -84,8 +84,8 @@ func getEndpointsFromSlices(s *corev1.Service, port *corev1.ServicePort, proto c // loop over all endpointSlices generated for service for _, eps := range epss { var ports []int32 - if len(eps.Ports) == 0 { - // When ports is empty, it indicates that there are no defined ports, using svc targePort <- this could be wrong + if len(eps.Ports) == 0 && port.TargetPort.Type == intstr.Int { + // When ports is empty, it indicates that there are no defined ports, using svc targePort if it's a number klog.V(3).Infof("No ports found on endpointSlice, using service TargetPort %v for Service %q", port.String(), svcKey) ports = append(ports, port.TargetPort.IntVal) } else { From 249780737c862a7cf690058511ee7126ddd0d788 Mon Sep 17 00:00:00 2001 From: FutureMatt <43476243+FutureMatt@users.noreply.github.com> Date: Thu, 13 Oct 2022 15:37:01 +0100 Subject: [PATCH 105/166] #7652 - Updated Helm chart to use the fullname for the electionID if not specified. (#9133) * Automatically generate electionID from the fullname or use the set value. * Updated the chart readme to include the new empty default. * Rebuilt the Helm readme with helm-docs. --- charts/ingress-nginx/README.md | 2 +- charts/ingress-nginx/templates/_helpers.tpl | 10 ++++++++++ charts/ingress-nginx/templates/_params.tpl | 2 +- charts/ingress-nginx/templates/controller-role.yaml | 4 ++-- charts/ingress-nginx/values.yaml | 4 ++-- 5 files changed, 16 insertions(+), 6 deletions(-) diff --git a/charts/ingress-nginx/README.md b/charts/ingress-nginx/README.md index 36490474a..06db4d991 100644 --- a/charts/ingress-nginx/README.md +++ b/charts/ingress-nginx/README.md @@ -291,7 +291,7 @@ Kubernetes: `>=1.20.0-0` | controller.customTemplate.configMapName | string | `""` | | | controller.dnsConfig | object | `{}` | Optionally customize the pod dnsConfig. | | controller.dnsPolicy | string | `"ClusterFirst"` | Optionally change this to ClusterFirstWithHostNet in case you have 'hostNetwork: true'. By default, while using host network, name resolution uses the host's DNS. If you wish nginx-controller to keep resolving names inside the k8s network, use ClusterFirstWithHostNet. | -| controller.electionID | string | `"ingress-controller-leader"` | Election ID to use for status update | +| controller.electionID | string | `""` | Election ID to use for status update, by default it uses the controller name combined with a suffix of 'leader' | | controller.enableMimalloc | bool | `true` | Enable mimalloc as a drop-in replacement for malloc. # ref: https://github.com/microsoft/mimalloc # | | controller.existingPsp | string | `""` | Use an existing PSP instead of creating one | | controller.extraArgs | object | `{}` | Additional command line arguments to pass to nginx-ingress-controller E.g. to specify the default SSL certificate you can use | diff --git a/charts/ingress-nginx/templates/_helpers.tpl b/charts/ingress-nginx/templates/_helpers.tpl index e69de0c41..790a19350 100644 --- a/charts/ingress-nginx/templates/_helpers.tpl +++ b/charts/ingress-nginx/templates/_helpers.tpl @@ -85,6 +85,16 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this {{- printf "%s-%s" (include "ingress-nginx.fullname" .) .Values.controller.name | trunc 63 | trimSuffix "-" -}} {{- end -}} +{{/* +Construct a unique electionID. +Users can provide an override for an explicit electionID if they want via `.Values.controller.electionID` +*/}} +{{- define "ingress-nginx.controller.electionID" -}} +{{- $defElectionID := printf "%s-leader" (include "ingress-nginx.fullname" .) -}} +{{- $electionID := default $defElectionID .Values.controller.electionID -}} +{{- print $electionID -}} +{{- end -}} + {{/* Construct the path for the publish-service. diff --git a/charts/ingress-nginx/templates/_params.tpl b/charts/ingress-nginx/templates/_params.tpl index 305ce0dd2..66c581fa6 100644 --- a/charts/ingress-nginx/templates/_params.tpl +++ b/charts/ingress-nginx/templates/_params.tpl @@ -10,7 +10,7 @@ - --publish-service={{ template "ingress-nginx.controller.publishServicePath" . }}-internal {{- end }} {{- end }} -- --election-id={{ .Values.controller.electionID }} +- --election-id={{ include "ingress-nginx.controller.electionID" . }} - --controller-class={{ .Values.controller.ingressClassResource.controllerValue }} {{- if .Values.controller.ingressClass }} - --ingress-class={{ .Values.controller.ingressClass }} diff --git a/charts/ingress-nginx/templates/controller-role.yaml b/charts/ingress-nginx/templates/controller-role.yaml index d6da92ec9..395c88e10 100644 --- a/charts/ingress-nginx/templates/controller-role.yaml +++ b/charts/ingress-nginx/templates/controller-role.yaml @@ -68,7 +68,7 @@ rules: resources: - configmaps resourceNames: - - {{ .Values.controller.electionID }} + - {{ include "ingress-nginx.controller.electionID" . }} verbs: - get - update @@ -83,7 +83,7 @@ rules: resources: - leases resourceNames: - - {{ .Values.controller.electionID }} + - {{ include "ingress-nginx.controller.electionID" . }} verbs: - get - update diff --git a/charts/ingress-nginx/values.yaml b/charts/ingress-nginx/values.yaml index a5f6dc776..622244a11 100644 --- a/charts/ingress-nginx/values.yaml +++ b/charts/ingress-nginx/values.yaml @@ -99,8 +99,8 @@ controller: # -- 'hostPort' https port https: 443 - # -- Election ID to use for status update - electionID: ingress-controller-leader + # -- Election ID to use for status update, by default it uses the controller name combined with a suffix of 'leader' + electionID: "" ## This section refers to the creation of the IngressClass resource ## IngressClass resources are supported since k8s >= 1.18 and required since k8s >= 1.19 From f89bd6d3288a0a76851ff947ab1f0eb4fadcea77 Mon Sep 17 00:00:00 2001 From: Sanghamitra-PERSONAL <78498010+Sanghamitra-PERSONAL@users.noreply.github.com> Date: Thu, 13 Oct 2022 22:01:05 +0200 Subject: [PATCH 106/166] Documentation added for implemented redirection in the proxy to ensure image pulling (#9098) * Documentation added for redirection in the proxy to ensure image pulling * Update troubleshooting.md * Update troubleshooting.md * Update troubleshooting.md --- docs/troubleshooting.md | 49 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) diff --git a/docs/troubleshooting.md b/docs/troubleshooting.md index 1e2e57c49..f2f5da47b 100644 --- a/docs/troubleshooting.md +++ b/docs/troubleshooting.md @@ -316,3 +316,52 @@ Note: The below is based on the nginx [documentation](https://docs.nginx.com/ngi ```console cat nginx_conf.txt ``` + +## Image related issues faced on Nginx 4.2.5 or other versions (Helm chart versions) + +1. Incase you face below error while installing Nginx using helm chart (either by helm commands or helm_release terraform provider ) +``` +Warning Failed 5m5s (x4 over 6m34s) kubelet Failed to pull image "registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47": rpc error: code = Unknown desc = failed to pull and unpack image "registry.k8s.io/ingress-nginx/kube-webhook-certgen@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47": failed to resolve reference "registry.k8s.io/ingress-nginx/kube-webhook-certgen@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47": failed to do request: Head "https://eu.gcr.io/v2/k8s-artifacts-prod/ingress-nginx/kube-webhook-certgen/manifests/sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47": EOF +``` + Then please follow the below steps. + +2. During troubleshooting you can also execute the below commands to test the connectivities from you local machines and repositories details + + a. curl registry.k8s.io/ingress-nginx/kube-webhook-certgen@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 > /dev/null + ``` + (⎈ |myprompt)➜ ~ curl registry.k8s.io/ingress-nginx/kube-webhook-certgen@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 > /dev/null + % Total % Received % Xferd Average Speed Time Time Time Current + Dload Upload Total Spent Left Speed + 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 + (⎈ |myprompt)➜ ~ + ``` + b. curl -I https://eu.gcr.io/v2/k8s-artifacts-prod/ingress-nginx/kube-webhook-certgen/manifests/sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 + ``` + (⎈ |myprompt)➜ ~ curl -I https://eu.gcr.io/v2/k8s-artifacts-prod/ingress-nginx/kube-webhook-certgen/manifests/sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 + HTTP/2 200 + docker-distribution-api-version: registry/2.0 + content-type: application/vnd.docker.distribution.manifest.list.v2+json + docker-content-digest: sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 + content-length: 1384 + date: Wed, 28 Sep 2022 16:46:28 GMT + server: Docker Registry + x-xss-protection: 0 + x-frame-options: SAMEORIGIN + alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" + + (⎈ |myprompt)➜ ~ + ``` + Redirection in the proxy is implemented to ensure the pulling of the images. + +3. This is the solution recommended to whitelist the below image repositories : + ``` + *.appspot.com + *.k8s.io + *.pkg.dev + *.gcr.io + + ``` + More details about the above repos : + a. *.k8s.io -> To ensure you can pull any images from registry.k8s.io + b. *.gcr.io -> GCP services are used for image hosting. This is part of the domains suggested by GCP to allow and ensure users can pull images from their container registry services. + c. *.appspot.com -> This a Google domain. part of the domain used for GCR. From 739e85ce7cf2dbc13b710036a5c3fc465425c6e2 Mon Sep 17 00:00:00 2001 From: James Strong Date: Fri, 14 Oct 2022 00:10:46 -0400 Subject: [PATCH 107/166] updating runner with golang 1.19.2 (#9158) Signed-off-by: James Strong Signed-off-by: James Strong --- build/run-in-docker.sh | 2 +- test/e2e-image/Makefile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/build/run-in-docker.sh b/build/run-in-docker.sh index 21d3f2548..b0377f455 100755 --- a/build/run-in-docker.sh +++ b/build/run-in-docker.sh @@ -38,7 +38,7 @@ function cleanup { } trap cleanup EXIT -E2E_IMAGE=${E2E_IMAGE:-registry.k8s.io/ingress-nginx/e2e-test-runner:v20220916-gd32f8c343@sha256:f3f26f1e2aef8b2013b731f041fd69bcd950d3118eecf4429551848f47305c0f} +E2E_IMAGE=${E2E_IMAGE:-registry.k8s.io/ingress-nginx/e2e-test-runner:v20221012-controller-v1.4.0-14-g93df79676@sha256:9ab6a412b0ea6ae77abc80309608976ec15141e146fa91ef4352400cb9051086} DOCKER_OPTS=${DOCKER_OPTS:-} DOCKER_IN_DOCKER_ENABLED=${DOCKER_IN_DOCKER_ENABLED:-} diff --git a/test/e2e-image/Makefile b/test/e2e-image/Makefile index d0ed88972..ce46b93ab 100644 --- a/test/e2e-image/Makefile +++ b/test/e2e-image/Makefile @@ -1,6 +1,6 @@ DIR:=$(shell dirname $(realpath $(firstword $(MAKEFILE_LIST)))) -E2E_BASE_IMAGE="registry.k8s.io/ingress-nginx/e2e-test-runner:v20220916-gd32f8c343@sha256:f3f26f1e2aef8b2013b731f041fd69bcd950d3118eecf4429551848f47305c0f" +E2E_BASE_IMAGE="registry.k8s.io/ingress-nginx/e2e-test-runner:v20221012-controller-v1.4.0-14-g93df79676@sha256:9ab6a412b0ea6ae77abc80309608976ec15141e146fa91ef4352400cb9051086" image: echo "..entered Makefile in /test/e2e-image" From a3bed7ae4c02a2821e1aa811ed3ede71a35ddb5d Mon Sep 17 00:00:00 2001 From: Aurelie Vache Date: Mon, 17 Oct 2022 17:39:07 +0200 Subject: [PATCH 108/166] feat: add ovhcloud (#9171) --- docs/deploy/index.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/docs/deploy/index.md b/docs/deploy/index.md index eed695ac9..4cefb7c48 100644 --- a/docs/deploy/index.md +++ b/docs/deploy/index.md @@ -30,6 +30,7 @@ ingress controller for your particular environment or cloud provider. - ... [Scaleway](#scaleway) - ... [Exoscale](#exoscale) - ... [Oracle Cloud Infrastructure](#oracle-cloud-infrastructure) + - ... [OVHcloud](#ovhcloud) - ... [Bare-metal](#bare-metal-clusters) - [Miscellaneous](#miscellaneous) @@ -336,6 +337,16 @@ A [complete list of available annotations for Oracle Cloud Infrastructure](https://github.com/oracle/oci-cloud-controller-manager/blob/master/docs/load-balancer-annotations.md) can be found in the [OCI Cloud Controller Manager](https://github.com/oracle/oci-cloud-controller-manager) documentation. +### OVHcloud + +```console +helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx +helm repo update +helm -n ingress-nginx install ingress-nginx ingress-nginx/ingress-nginx --create-namespace +``` + +You can find the [complete tutorial](https://docs.ovh.com/gb/en/kubernetes/installing-nginx-ingress/). + ### Bare metal clusters This section is applicable to Kubernetes clusters deployed on bare metal servers, as well as "raw" VMs where Kubernetes From 5e0932a88518e8160431738c98ba7f08e01e6352 Mon Sep 17 00:00:00 2001 From: Marco Ebert Date: Mon, 17 Oct 2022 17:47:08 +0200 Subject: [PATCH 109/166] GitHub Templates: Remove trailing whitespaces. (#9172) --- .github/ISSUE_TEMPLATE/cve_report.md | 2 +- .github/PULL_REQUEST_TEMPLATE.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/cve_report.md b/.github/ISSUE_TEMPLATE/cve_report.md index b5ecf7ecf..11789d479 100644 --- a/.github/ISSUE_TEMPLATE/cve_report.md +++ b/.github/ISSUE_TEMPLATE/cve_report.md @@ -8,7 +8,7 @@ assignees: - rikatz --- - diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md index a14cc7004..e3781887a 100644 --- a/.github/PULL_REQUEST_TEMPLATE.md +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -64,5 +64,5 @@ Enter your extended release note in the block below. If the PR requires addition For more information on release notes see: https://git.k8s.io/community/contributors/guide/release-notes.md --> ```release-note -PLACE RELEASE NOTES HERE +PLACE RELEASE NOTES HERE ``` From 2740ab2de7f333b2df9a7f5eaa97c510a0bd45da Mon Sep 17 00:00:00 2001 From: cskinfill Date: Tue, 18 Oct 2022 08:41:20 -0400 Subject: [PATCH 110/166] Update CHANGELOG.md (#9147) --- charts/ingress-nginx/CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/ingress-nginx/CHANGELOG.md b/charts/ingress-nginx/CHANGELOG.md index 3c3404ffd..2ec24733e 100644 --- a/charts/ingress-nginx/CHANGELOG.md +++ b/charts/ingress-nginx/CHANGELOG.md @@ -4,7 +4,7 @@ This file documents all notable changes to [ingress-nginx](https://github.com/ku ### 4.3.0 - Support for Kubernetes v.1.25.0 was added and support for endpoint slices -- Support for Kubernetes v1.20.0 was removed +- Support for Kubernetes v1.20.0 and v1.21.0 was removed - [8890](https://github.com/kubernetes/ingress-nginx/pull/8890) migrate to endpointslices - [9059](https://github.com/kubernetes/ingress-nginx/pull/9059) kubewebhookcertgen sha change after go1191 - [9046](https://github.com/kubernetes/ingress-nginx/pull/9046) Parameterize metrics port name From 3ddbba3fde1717e0324ef3f17310dff17613385e Mon Sep 17 00:00:00 2001 From: jrhunger Date: Tue, 18 Oct 2022 10:17:20 -0400 Subject: [PATCH 111/166] add troubleshooting for port listen issues (#9185) --- docs/troubleshooting.md | 114 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 114 insertions(+) diff --git a/docs/troubleshooting.md b/docs/troubleshooting.md index f2f5da47b..4b9820200 100644 --- a/docs/troubleshooting.md +++ b/docs/troubleshooting.md @@ -365,3 +365,117 @@ Warning Failed 5m5s (x4 over 6m34s) kubelet Failed to pull ima a. *.k8s.io -> To ensure you can pull any images from registry.k8s.io b. *.gcr.io -> GCP services are used for image hosting. This is part of the domains suggested by GCP to allow and ensure users can pull images from their container registry services. c. *.appspot.com -> This a Google domain. part of the domain used for GCR. + +## Unable to listen on port (80/443) +One possible reason for this error is lack of permission to bind to the port. Ports 80, 443, and any other port < 1024 are Linux privileged ports which historically could only be bound by root. The ingress-nginx-controller uses the CAP_NET_BIND_SERVICE [linux capability](https://man7.org/linux/man-pages/man7/capabilities.7.html) to allow binding these ports as a normal user (www-data / 101). This involves two components: +1. In the image, the /nginx-ingress-controller file has the cap_net_bind_service capability added (e.g. via [setcap](https://man7.org/linux/man-pages/man8/setcap.8.html)) +2. The NET_BIND_SERVICE capability is added to the container in the containerSecurityContext of the deployment. + +If encountering this on one/some node(s) and not on others, try to purge and pull a fresh copy of the image to the affected node(s), in case there has been corruption of the underlying layers to lose the capability on the executable. + +### Create a test pod +The /nginx-ingress-controller process exits/crashes when encountering this error, making it difficult to troubleshoot what is happening inside the container. To get around this, start an equivalent container running "sleep 3600", and exec into it for further troubleshooting. For example: +```yaml +apiVersion: v1 +kind: Pod +metadata: + name: ingress-nginx-sleep + namespace: default + labels: + app: nginx +spec: + containers: + - name: nginx + image: ##_CONTROLLER_IMAGE_## + resources: + requests: + memory: "512Mi" + cpu: "500m" + limits: + memory: "1Gi" + cpu: "1" + command: ["sleep"] + args: ["3600"] + ports: + - containerPort: 80 + name: http + protocol: TCP + - containerPort: 443 + name: https + protocol: TCP + securityContext: + allowPrivilegeEscalation: true + capabilities: + add: + - NET_BIND_SERVICE + drop: + - ALL + runAsUser: 101 + restartPolicy: Never + nodeSelector: + kubernetes.io/hostname: ##_NODE_NAME_## + tolerations: + - key: "node.kubernetes.io/unschedulable" + operator: "Exists" + effect: NoSchedule +``` +* update the namespace if applicable/desired +* replace `##_NODE_NAME_##` with the problematic node (or remove nodeSelector section if problem is not confined to one node) +* replace `##_CONTROLLER_IMAGE_##` with the same image as in use by your ingress-nginx deployment +* confirm the securityContext section matches what is in place for ingress-nginx-controller pods in your cluster + +Apply the YAML and open a shell into the pod. +Try to manually run the controller process: +```console +$ /nginx-ingress-controller +``` +You should get the same error as from the ingress controller pod logs. + +Confirm the capabilities are properly surfacing into the pod: +```console +$ grep CapBnd /proc/1/status +CapBnd: 0000000000000400 +``` +The above value has only net_bind_service enabled (per security context in YAML which adds that and drops all). If you get a different value, then you can decode it on another linux box (capsh not available in this container) like below, and then figure out why specified capabilities are not propagating into the pod/container. +```console +$ capsh --decode=0000000000000400 +0x0000000000000400=cap_net_bind_service +``` + +## Create a test pod as root +(Note, this may be restricted by PodSecurityPolicy, PodSecurityAdmission/Standards, OPA Gatekeeper, etc. in which case you will need to do the appropriate workaround for testing, e.g. deploy in a new namespace without the restrictions.) +To test further you may want to install additional utilities, etc. Modify the pod yaml by: +* changing runAsUser from 101 to 0 +* removing the "drop..ALL" section from the capabilities. + +Some things to try after shelling into this container: + +Try running the controller as the www-data (101) user: +```console +$ chmod 4755 /nginx-ingress-controller +$ /nginx-ingress-controller +``` +Examine the errors to see if there is still an issue listening on the port or if it passed that and moved on to other expected errors due to running out of context. + +Install the libcap package and check capabilities on the file: +```console +$ apk add libcap +(1/1) Installing libcap (2.50-r0) +Executing busybox-1.33.1-r7.trigger +OK: 26 MiB in 41 packages +$ getcap /nginx-ingress-controller +/nginx-ingress-controller cap_net_bind_service=ep +``` +(if missing, see above about purging image on the server and re-pulling) + +Strace the executable to see what system calls are being executed when it fails: +```console +$ apk add strace +(1/1) Installing strace (5.12-r0) +Executing busybox-1.33.1-r7.trigger +OK: 28 MiB in 42 packages +$ strace /nginx-ingress-controller +execve("/nginx-ingress-controller", ["/nginx-ingress-controller"], 0x7ffeb9eb3240 /* 131 vars */) = 0 +arch_prctl(ARCH_SET_FS, 0x29ea690) = 0 +... +``` From 82e454318c979feb8fec7d9247a6d13dba3201db Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 18 Oct 2022 07:19:20 -0700 Subject: [PATCH 112/166] Bump docker/setup-buildx-action from 2.0.0 to 2.1.0 (#9180) Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 2.0.0 to 2.1.0. - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](https://github.com/docker/setup-buildx-action/compare/dc7b9719a96d48369863986a06765841d7ea23f6...95cb08cb2672c73d4ffd2f422e6d11953d2a9c70) --- updated-dependencies: - dependency-name: docker/setup-buildx-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 8e8eb6631..0031e6f19 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -81,7 +81,7 @@ jobs: - name: Set up Docker Buildx id: buildx - uses: docker/setup-buildx-action@dc7b9719a96d48369863986a06765841d7ea23f6 # v2.0.0 + uses: docker/setup-buildx-action@95cb08cb2672c73d4ffd2f422e6d11953d2a9c70 # v2.0.0 with: version: latest From 92d75201af6acbc4d8b6a90c7a313824570beafa Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 18 Oct 2022 07:21:19 -0700 Subject: [PATCH 113/166] Bump dorny/paths-filter from 2.10.2 to 2.11.1 (#9183) Bumps [dorny/paths-filter](https://github.com/dorny/paths-filter) from 2.10.2 to 2.11.1. - [Release notes](https://github.com/dorny/paths-filter/releases) - [Changelog](https://github.com/dorny/paths-filter/blob/master/CHANGELOG.md) - [Commits](https://github.com/dorny/paths-filter/compare/b2feaf19c27470162a626bd6fa8438ae5b263721...4512585405083f25c027a35db413c2b3b9006d50) --- updated-dependencies: - dependency-name: dorny/paths-filter dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci.yaml | 6 +++--- .github/workflows/docs.yaml | 2 +- .github/workflows/helm.yaml | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 0031e6f19..32ced69fc 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -28,7 +28,7 @@ jobs: - name: Checkout uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.0.2 - - uses: dorny/paths-filter@b2feaf19c27470162a626bd6fa8438ae5b263721 # v2.10.2 + - uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.10.2 id: filter with: token: ${{ secrets.GITHUB_TOKEN }} @@ -328,7 +328,7 @@ jobs: - name: Checkout uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.0.2 - - uses: dorny/paths-filter@b2feaf19c27470162a626bd6fa8438ae5b263721 # v2.10.2 + - uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.10.2 id: filter-images with: token: ${{ secrets.GITHUB_TOKEN }} @@ -395,7 +395,7 @@ jobs: - name: Checkout uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.0.2 - - uses: dorny/paths-filter@b2feaf19c27470162a626bd6fa8438ae5b263721 # v2.10.2 + - uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.10.2 id: filter-images with: token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/docs.yaml b/.github/workflows/docs.yaml index cb183577a..f02f0a17e 100644 --- a/.github/workflows/docs.yaml +++ b/.github/workflows/docs.yaml @@ -26,7 +26,7 @@ jobs: - name: Checkout uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 #v3.0.2 - - uses: dorny/paths-filter@b2feaf19c27470162a626bd6fa8438ae5b263721 # v2.10.2 + - uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.10.2 id: filter with: token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/helm.yaml b/.github/workflows/helm.yaml index abfdda1c8..4dadc9349 100644 --- a/.github/workflows/helm.yaml +++ b/.github/workflows/helm.yaml @@ -27,7 +27,7 @@ jobs: - name: Checkout uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.0.2 - - uses: dorny/paths-filter@b2feaf19c27470162a626bd6fa8438ae5b263721 # v2.10.2 + - uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.10.2 id: filter with: token: ${{ secrets.GITHUB_TOKEN }} From c7fef553c0e128e3a263858aace82f1f17db9e88 Mon Sep 17 00:00:00 2001 From: James Strong Date: Wed, 19 Oct 2022 10:59:20 -0400 Subject: [PATCH 114/166] start 1.4.1 release Signed-off-by: James Strong --- TAG | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/TAG b/TAG index 0d0c52f84..66d62a800 100644 --- a/TAG +++ b/TAG @@ -1 +1 @@ -v1.4.0 +v1.4.1 From 533a79590eb81010e97868bcb73a54bf8c4f0097 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 19 Oct 2022 10:31:07 -0700 Subject: [PATCH 115/166] Bump github.com/spf13/cobra from 1.5.0 to 1.6.0 (#9173) Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.5.0 to 1.6.0. - [Release notes](https://github.com/spf13/cobra/releases) - [Commits](https://github.com/spf13/cobra/compare/v1.5.0...v1.6.0) --- updated-dependencies: - dependency-name: github.com/spf13/cobra dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 4 ++-- go.sum | 7 ++++--- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/go.mod b/go.mod index 378ef56e8..78f133077 100644 --- a/go.mod +++ b/go.mod @@ -20,7 +20,7 @@ require ( github.com/prometheus/client_golang v1.13.0 github.com/prometheus/client_model v0.2.0 github.com/prometheus/common v0.37.0 - github.com/spf13/cobra v1.5.0 + github.com/spf13/cobra v1.6.0 github.com/spf13/pflag v1.0.5 github.com/stretchr/testify v1.8.0 github.com/yudai/gojsondiff v1.0.0 @@ -82,7 +82,7 @@ require ( github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect github.com/google/uuid v1.2.0 // indirect github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7 // indirect - github.com/inconshreveable/mousetrap v1.0.0 // indirect + github.com/inconshreveable/mousetrap v1.0.1 // indirect github.com/josharian/intern v1.0.0 // indirect github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect github.com/mailru/easyjson v0.7.6 // indirect diff --git a/go.sum b/go.sum index ada03d47a..8bb651b85 100644 --- a/go.sum +++ b/go.sum @@ -351,8 +351,9 @@ github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1: github.com/imdario/mergo v0.3.5/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= github.com/imdario/mergo v0.3.13 h1:lFzP57bqS/wsqKssCGmtLAb8A0wKjLGrve2q3PPVcBk= github.com/imdario/mergo v0.3.13/go.mod h1:4lJ1jqUDcsbIECGy0RUJAXNIhg+6ocWgb1ALK2O4oXg= -github.com/inconshreveable/mousetrap v1.0.0 h1:Z8tu5sraLXCXIcARxBp/8cbvlwVa7Z1NHg9XEKhtSvM= github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= +github.com/inconshreveable/mousetrap v1.0.1 h1:U3uMjPSQEBMNp1lFxmllqCPM6P5u/Xq7Pgzkat/bFNc= +github.com/inconshreveable/mousetrap v1.0.1/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo= github.com/jonboulle/clockwork v0.2.2/go.mod h1:Pkfl5aHPm1nk2H9h0bjmnJD/BcgbGXUBGnn1kMkgxc8= github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= @@ -548,8 +549,8 @@ github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkU github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= github.com/spf13/cobra v1.1.3/go.mod h1:pGADOWyqRD/YMrPZigI/zbliZ2wVD/23d+is3pSWzOo= github.com/spf13/cobra v1.2.1/go.mod h1:ExllRjgxM/piMAM+3tAZvg8fsklGAf3tPfi+i8t68Nk= -github.com/spf13/cobra v1.5.0 h1:X+jTBEBqF0bHN+9cSMgmfuvv2VHJ9ezmFNf9Y/XstYU= -github.com/spf13/cobra v1.5.0/go.mod h1:dWXEIy2H428czQCjInthrTRUg7yKbok+2Qi/yBIJoUM= +github.com/spf13/cobra v1.6.0 h1:42a0n6jwCot1pUmomAp4T7DeMD+20LFv4Q54pxLf2LI= +github.com/spf13/cobra v1.6.0/go.mod h1:IOw/AERYS7UzyrGinqmz6HLUo219MORXGxhbaJUqzrY= github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo= github.com/spf13/jwalterweatherman v1.1.0/go.mod h1:aNWZUN0dPAAO/Ljvb5BEdw96iTZ0EXowPYD95IqWIGo= github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= From 8234954b7df1a3b39dd1f7d657ccb56afefa6a18 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 19 Oct 2022 10:33:02 -0700 Subject: [PATCH 116/166] Bump google.golang.org/grpc from 1.50.0 to 1.50.1 (#9174) Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.50.0 to 1.50.1. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](https://github.com/grpc/grpc-go/compare/v1.50.0...v1.50.1) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 78f133077..f7ce612ac 100644 --- a/go.mod +++ b/go.mod @@ -26,7 +26,7 @@ require ( github.com/yudai/gojsondiff v1.0.0 github.com/zakjan/cert-chain-resolver v0.0.0-20211122211144-c6b0b792af9a golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd - google.golang.org/grpc v1.50.0 + google.golang.org/grpc v1.50.1 gopkg.in/go-playground/pool.v3 v3.1.1 gopkg.in/mcuadros/go-syslog.v2 v2.3.0 k8s.io/api v0.25.2 diff --git a/go.sum b/go.sum index 8bb651b85..3e0f1c972 100644 --- a/go.sum +++ b/go.sum @@ -1066,8 +1066,8 @@ google.golang.org/grpc v1.39.0/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnD google.golang.org/grpc v1.39.1/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE= google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34= google.golang.org/grpc v1.46.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk= -google.golang.org/grpc v1.50.0 h1:fPVVDxY9w++VjTZsYvXWqEf9Rqar/e+9zYfxKK+W+YU= -google.golang.org/grpc v1.50.0/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCDK+GI= +google.golang.org/grpc v1.50.1 h1:DS/BukOZWp8s6p4Dt/tOaJaTQyPyOoCcrjroHuCeLzY= +google.golang.org/grpc v1.50.1/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCDK+GI= google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= From 7dd4a6eb0045e616fdc4e488d2ecb0ff2236a1dc Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 19 Oct 2022 10:35:04 -0700 Subject: [PATCH 117/166] Bump k8s.io/component-base from 0.25.2 to 0.25.3 (#9175) Bumps [k8s.io/component-base](https://github.com/kubernetes/component-base) from 0.25.2 to 0.25.3. - [Release notes](https://github.com/kubernetes/component-base/releases) - [Commits](https://github.com/kubernetes/component-base/compare/v0.25.2...v0.25.3) --- updated-dependencies: - dependency-name: k8s.io/component-base dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 8 ++++---- go.sum | 16 ++++++++-------- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/go.mod b/go.mod index f7ce612ac..912f65e0f 100644 --- a/go.mod +++ b/go.mod @@ -29,14 +29,14 @@ require ( google.golang.org/grpc v1.50.1 gopkg.in/go-playground/pool.v3 v3.1.1 gopkg.in/mcuadros/go-syslog.v2 v2.3.0 - k8s.io/api v0.25.2 + k8s.io/api v0.25.3 k8s.io/apiextensions-apiserver v0.23.5 - k8s.io/apimachinery v0.25.2 + k8s.io/apimachinery v0.25.3 k8s.io/apiserver v0.25.0 k8s.io/cli-runtime v0.25.0 - k8s.io/client-go v0.25.2 + k8s.io/client-go v0.25.3 k8s.io/code-generator v0.23.5 - k8s.io/component-base v0.25.2 + k8s.io/component-base v0.25.3 k8s.io/klog/v2 v2.80.1 pault.ag/go/sniff v0.0.0-20200207005214-cf7e4d167732 sigs.k8s.io/controller-runtime v0.11.2 diff --git a/go.sum b/go.sum index 3e0f1c972..5e1e1a335 100644 --- a/go.sum +++ b/go.sum @@ -1135,26 +1135,26 @@ honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= k8s.io/api v0.23.5/go.mod h1:Na4XuKng8PXJ2JsploYYrivXrINeTaycCGcYgF91Xm8= -k8s.io/api v0.25.2 h1:v6G8RyFcwf0HR5jQGIAYlvtRNrxMJQG1xJzaSeVnIS8= -k8s.io/api v0.25.2/go.mod h1:qP1Rn4sCVFwx/xIhe+we2cwBLTXNcheRyYXwajonhy0= +k8s.io/api v0.25.3 h1:Q1v5UFfYe87vi5H7NU0p4RXC26PPMT8KOpr1TLQbCMQ= +k8s.io/api v0.25.3/go.mod h1:o42gKscFrEVjHdQnyRenACrMtbuJsVdP+WVjqejfzmI= k8s.io/apiextensions-apiserver v0.23.5 h1:5SKzdXyvIJKu+zbfPc3kCbWpbxi+O+zdmAJBm26UJqI= k8s.io/apiextensions-apiserver v0.23.5/go.mod h1:ntcPWNXS8ZPKN+zTXuzYMeg731CP0heCTl6gYBxLcuQ= k8s.io/apimachinery v0.23.5/go.mod h1:BEuFMMBaIbcOqVIJqNZJXGFTP4W6AycEpb5+m/97hrM= -k8s.io/apimachinery v0.25.2 h1:WbxfAjCx+AeN8Ilp9joWnyJ6xu9OMeS/fsfjK/5zaQs= -k8s.io/apimachinery v0.25.2/go.mod h1:hqqA1X0bsgsxI6dXsJ4HnNTBOmJNxyPp8dw3u2fSHwA= +k8s.io/apimachinery v0.25.3 h1:7o9ium4uyUOM76t6aunP0nZuex7gDf8VGwkR5RcJnQc= +k8s.io/apimachinery v0.25.3/go.mod h1:jaF9C/iPNM1FuLl7Zuy5b9v+n35HGSh6AQ4HYRkCqwo= k8s.io/apiserver v0.23.5/go.mod h1:7wvMtGJ42VRxzgVI7jkbKvMbuCbVbgsWFT7RyXiRNTw= k8s.io/apiserver v0.25.0 h1:8kl2ifbNffD440MyvHtPaIz1mw4mGKVgWqM0nL+oyu4= k8s.io/apiserver v0.25.0/go.mod h1:BKwsE+PTC+aZK+6OJQDPr0v6uS91/HWxX7evElAH6xo= k8s.io/cli-runtime v0.25.0 h1:XBnTc2Fi+w818jcJGzhiJKQuXl8479sZ4FhtV5hVJ1Q= k8s.io/cli-runtime v0.25.0/go.mod h1:bHOI5ZZInRHhbq12OdUiYZQN8ml8aKZLwQgt9QlLINw= k8s.io/client-go v0.23.5/go.mod h1:flkeinTO1CirYgzMPRWxUCnV0G4Fbu2vLhYCObnt/r4= -k8s.io/client-go v0.25.2 h1:SUPp9p5CwM0yXGQrwYurw9LWz+YtMwhWd0GqOsSiefo= -k8s.io/client-go v0.25.2/go.mod h1:i7cNU7N+yGQmJkewcRD2+Vuj4iz7b30kI8OcL3horQ4= +k8s.io/client-go v0.25.3 h1:oB4Dyl8d6UbfDHD8Bv8evKylzs3BXzzufLiO27xuPs0= +k8s.io/client-go v0.25.3/go.mod h1:t39LPczAIMwycjcXkVc+CB+PZV69jQuNx4um5ORDjQA= k8s.io/code-generator v0.23.5 h1:xn3a6J5pUL49AoH6SPrOFtnB5cvdMl76f/bEY176R3c= k8s.io/code-generator v0.23.5/go.mod h1:S0Q1JVA+kSzTI1oUvbKAxZY/DYbA/ZUb4Uknog12ETk= k8s.io/component-base v0.23.5/go.mod h1:c5Nq44KZyt1aLl0IpHX82fhsn84Sb0jjzwjpcA42bY0= -k8s.io/component-base v0.25.2 h1:Nve/ZyHLUBHz1rqwkjXm/Re6IniNa5k7KgzxZpTfSQY= -k8s.io/component-base v0.25.2/go.mod h1:90W21YMr+Yjg7MX+DohmZLzjsBtaxQDDwaX4YxDkl60= +k8s.io/component-base v0.25.3 h1:UrsxciGdrCY03ULT1h/S/gXFCOPnLhUVwSyx+hM/zq4= +k8s.io/component-base v0.25.3/go.mod h1:WYoS8L+IlTZgU7rhAl5Ctpw0WdMxDfCC5dkxcEFa/TI= k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c h1:GohjlNKauSai7gN4wsJkeZ3WAJx4Sh+oT/b5IYn5suA= k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE= From 9f1e0fddad42887fa5c9f0ede833e75e85a93b0d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 19 Oct 2022 10:37:02 -0700 Subject: [PATCH 118/166] Bump github.com/fsnotify/fsnotify from 1.5.4 to 1.6.0 (#9176) Bumps [github.com/fsnotify/fsnotify](https://github.com/fsnotify/fsnotify) from 1.5.4 to 1.6.0. - [Release notes](https://github.com/fsnotify/fsnotify/releases) - [Changelog](https://github.com/fsnotify/fsnotify/blob/main/CHANGELOG.md) - [Commits](https://github.com/fsnotify/fsnotify/compare/v1.5.4...v1.6.0) --- updated-dependencies: - dependency-name: github.com/fsnotify/fsnotify dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 4 ++-- go.sum | 9 ++++----- 2 files changed, 6 insertions(+), 7 deletions(-) diff --git a/go.mod b/go.mod index 912f65e0f..c4bfc8062 100644 --- a/go.mod +++ b/go.mod @@ -5,7 +5,7 @@ go 1.19 require ( github.com/armon/go-proxyproto v0.0.0-20210323213023-7e956b284f0a github.com/eapache/channels v1.1.0 - github.com/fsnotify/fsnotify v1.5.4 + github.com/fsnotify/fsnotify v1.6.0 github.com/imdario/mergo v0.3.13 github.com/json-iterator/go v1.1.12 github.com/kylelemons/godebug v1.1.0 @@ -107,7 +107,7 @@ require ( golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 // indirect golang.org/x/net v0.0.0-20220906165146-f3363e06e74c // indirect golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b // indirect - golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10 // indirect + golang.org/x/sys v0.0.0-20220908164124-27713097b956 // indirect golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 // indirect golang.org/x/text v0.3.7 // indirect golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 // indirect diff --git a/go.sum b/go.sum index 5e1e1a335..8c60778dc 100644 --- a/go.sum +++ b/go.sum @@ -175,8 +175,8 @@ github.com/form3tech-oss/jwt-go v3.2.3+incompatible/go.mod h1:pbq4aXjuKjdthFRnoD github.com/frankban/quicktest v1.11.3/go.mod h1:wRf/ReqHper53s+kmmSZizM8NamnL3IM0I9ntUbOk+k= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= -github.com/fsnotify/fsnotify v1.5.4 h1:jRbGcIw6P2Meqdwuo0H1p6JVLbL5DHKAKlYndzMwVZI= -github.com/fsnotify/fsnotify v1.5.4/go.mod h1:OVB6XrOHzAwXMpEM7uPOzcehqUV2UqJxmVXmkdnm1bU= +github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY= +github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw= github.com/fullsailor/pkcs7 v0.0.0-20160414161337-2585af45975b h1:074/xhloHUBOpTZwlIzQ28rbPY8pNJvzY7Gcx5KnNOk= github.com/fullsailor/pkcs7 v0.0.0-20160414161337-2585af45975b/go.mod h1:KnogPXtdwXqoenmZCw6S+25EAm2MkxbG0deNDu4cbSA= github.com/getkin/kin-openapi v0.76.0/go.mod h1:660oXbgy5JFMKreazJaQTw7o+X00qeSyhcnluiMv+Xg= @@ -851,9 +851,8 @@ golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20211116061358-0a5406a5449c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10 h1:WIoqL4EROvwiPdUtaip4VcDdpZ4kha7wBWZrbVKCIZg= -golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220908164124-27713097b956 h1:XeJjHH1KiLpKGb6lvMiksZ9l0fVUh+AmGcm0nOMEBOY= +golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210615171337-6886f2dfbf5b/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 h1:JGgROgKl9N8DuW20oFS5gxc+lE67/N3FcwmBPMe7ArY= From c18cb467aafdcd9cf27c7bf18962a986b9d81737 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 19 Oct 2022 10:39:03 -0700 Subject: [PATCH 119/166] Bump github.com/onsi/ginkgo/v2 from 2.2.0 to 2.3.1 (#9177) Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.2.0 to 2.3.1. - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/ginkgo/compare/v2.2.0...v2.3.1) --- updated-dependencies: - dependency-name: github.com/onsi/ginkgo/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/go.mod b/go.mod index c4bfc8062..c4b4d2de2 100644 --- a/go.mod +++ b/go.mod @@ -14,7 +14,7 @@ require ( github.com/mitchellh/mapstructure v1.5.0 github.com/moul/pb v0.0.0-20220425114252-bca18df4138c github.com/ncabatoff/process-exporter v0.7.10 - github.com/onsi/ginkgo/v2 v2.2.0 + github.com/onsi/ginkgo/v2 v2.3.1 github.com/opencontainers/runc v1.1.4 github.com/pmezard/go-difflib v1.0.0 github.com/prometheus/client_golang v1.13.0 diff --git a/go.sum b/go.sum index 8c60778dc..c5b331a8f 100644 --- a/go.sum +++ b/go.sum @@ -457,12 +457,12 @@ github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+W github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk= github.com/onsi/ginkgo v1.14.0/go.mod h1:iSB4RoI2tjJc9BBv4NKIKWKya62Rps+oPG/Lv9klQyY= github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= -github.com/onsi/ginkgo/v2 v2.2.0 h1:3ZNA3L1c5FYDFTTxbFeVGGD8jYvjYauHD30YgLxVsNI= -github.com/onsi/ginkgo/v2 v2.2.0/go.mod h1:MEH45j8TBi6u9BMogfbp0stKC5cdGjumZj5Y7AG4VIk= +github.com/onsi/ginkgo/v2 v2.3.1 h1:8SbseP7qM32WcvE6VaN6vfXxv698izmsJ1UQX9ve7T8= +github.com/onsi/ginkgo/v2 v2.3.1/go.mod h1:Sv4yQXwG5VmF7tm3Q5Z+RWUpPo24LF1mpnz2crUb8Ys= github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= -github.com/onsi/gomega v1.20.1 h1:PA/3qinGoukvymdIDV8pii6tiZgC8kbmJO6Z5+b002Q= +github.com/onsi/gomega v1.22.0 h1:AIg2/OntwkBiCg5Tt1ayyiF1ArFrWFoCSMtMi/wdApk= github.com/opencontainers/runc v1.1.4 h1:nRCz/8sKg6K6jgYAFLDlXzPeITBZJyX28DBVhWD+5dg= github.com/opencontainers/runc v1.1.4/go.mod h1:1J5XiS+vdZ3wCyZybsuxXZWGrgSr8fFJHLXuG2PsnNg= github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417 h1:3snG66yBm59tKhhSPQrQ/0bCrv1LQbKt40LnUPiUxdc= From 2ebb6b9c7377f308b948206c87203be8ef0a90c1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 19 Oct 2022 10:41:01 -0700 Subject: [PATCH 120/166] Bump geekyeggo/delete-artifact from 1.0.0 to 2.0.0 (#9178) Bumps [geekyeggo/delete-artifact](https://github.com/geekyeggo/delete-artifact) from 1.0.0 to 2.0.0. - [Release notes](https://github.com/geekyeggo/delete-artifact/releases) - [Commits](https://github.com/geekyeggo/delete-artifact/compare/b73cb986740e466292a536d0e32e2666c56fdeb3...54ab544f12cdb7b71613a16a2b5a37a9ade990af) --- updated-dependencies: - dependency-name: geekyeggo/delete-artifact dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 32ced69fc..9cc4bdd9b 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -182,7 +182,7 @@ jobs: version: v0.15.0 image: kindest/node:${{ matrix.k8s }} - - uses: geekyeggo/delete-artifact@b73cb986740e466292a536d0e32e2666c56fdeb3 # v1 + - uses: geekyeggo/delete-artifact@54ab544f12cdb7b71613a16a2b5a37a9ade990af # v1 with: name: docker.tar.gz failOnError: false @@ -233,7 +233,7 @@ jobs: config: test/e2e/kind.yaml image: kindest/node:${{ matrix.k8s }} - - uses: geekyeggo/delete-artifact@b73cb986740e466292a536d0e32e2666c56fdeb3 # v1 + - uses: geekyeggo/delete-artifact@54ab544f12cdb7b71613a16a2b5a37a9ade990af # v1 with: name: docker.tar.gz failOnError: false @@ -290,7 +290,7 @@ jobs: config: test/e2e/kind.yaml image: kindest/node:${{ matrix.k8s }} - - uses: geekyeggo/delete-artifact@b73cb986740e466292a536d0e32e2666c56fdeb3 + - uses: geekyeggo/delete-artifact@54ab544f12cdb7b71613a16a2b5a37a9ade990af with: name: docker.tar.gz failOnError: false From 98505a2c198654a541e0edd2617fcb81c1b80e65 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 19 Oct 2022 10:43:02 -0700 Subject: [PATCH 121/166] Bump actions/dependency-review-action from 2.4.0 to 2.5.0 (#9179) Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 2.4.0 to 2.5.0. - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](https://github.com/actions/dependency-review-action/compare/375c5370086bfff256c37f8beec0f437e2e72ae1...fd675ced9c17f1393071e1a2e685ab527e585a0c) --- updated-dependencies: - dependency-name: actions/dependency-review-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/depreview.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/depreview.yaml b/.github/workflows/depreview.yaml index 1809c531c..18ab95a6a 100644 --- a/.github/workflows/depreview.yaml +++ b/.github/workflows/depreview.yaml @@ -11,4 +11,4 @@ jobs: - name: 'Checkout Repository' uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 #v3.0.2 - name: 'Dependency Review' - uses: actions/dependency-review-action@375c5370086bfff256c37f8beec0f437e2e72ae1 #v2.0.2 + uses: actions/dependency-review-action@fd675ced9c17f1393071e1a2e685ab527e585a0c #v2.0.2 From 8a83748d0f34b5c7f40b8f483073d1173a338fd1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 19 Oct 2022 10:45:02 -0700 Subject: [PATCH 122/166] Bump docker/setup-qemu-action from 2.0.0 to 2.1.0 (#9181) Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) from 2.0.0 to 2.1.0. - [Release notes](https://github.com/docker/setup-qemu-action/releases) - [Commits](https://github.com/docker/setup-qemu-action/compare/8b122486cedac8393e77aa9734c3528886e4a1a8...e81a89b1732b9c48d79cd809d8d81d79c4647a18) --- updated-dependencies: - dependency-name: docker/setup-qemu-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 9cc4bdd9b..49746e9a0 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -77,7 +77,7 @@ jobs: go-version: '1.19.2' - name: Set up QEMU - uses: docker/setup-qemu-action@8b122486cedac8393e77aa9734c3528886e4a1a8 #v2.0.0 + uses: docker/setup-qemu-action@e81a89b1732b9c48d79cd809d8d81d79c4647a18 #v2.0.0 - name: Set up Docker Buildx id: buildx From 5f2a79495a65c57106d8fab00bc95a029c3a8aab Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 19 Oct 2022 10:47:02 -0700 Subject: [PATCH 123/166] Bump securego/gosec from 2.13.1 to 2.14.0 (#9182) Bumps [securego/gosec](https://github.com/securego/gosec) from 2.13.1 to 2.14.0. - [Release notes](https://github.com/securego/gosec/releases) - [Changelog](https://github.com/securego/gosec/blob/master/.goreleaser.yml) - [Commits](https://github.com/securego/gosec/compare/19fa856badad483cae700ee1213dd7f1a933d6d3...1af1d5bb49259b62e45c505db397dd2ada5d74f8) --- updated-dependencies: - dependency-name: securego/gosec dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 49746e9a0..93caa3b4c 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -53,7 +53,7 @@ jobs: uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.0.2 - name: Run Gosec Security Scanner - uses: securego/gosec@19fa856badad483cae700ee1213dd7f1a933d6d3 # master + uses: securego/gosec@1af1d5bb49259b62e45c505db397dd2ada5d74f8 # master with: # G601 for zz_generated.deepcopy.go # G306 TODO: Expect WriteFile permissions to be 0600 or less From 84614b99c3ce5c7cbbe0cf0ae12c466e73f123a8 Mon Sep 17 00:00:00 2001 From: Kir Shatrov Date: Thu, 20 Oct 2022 22:57:25 +0300 Subject: [PATCH 124/166] Implement parseFloat for annotations (#9195) --- internal/ingress/annotations/parser/main.go | 22 ++++++++++ .../ingress/annotations/parser/main_test.go | 41 +++++++++++++++++++ 2 files changed, 63 insertions(+) diff --git a/internal/ingress/annotations/parser/main.go b/internal/ingress/annotations/parser/main.go index b39e409b9..107a278b0 100644 --- a/internal/ingress/annotations/parser/main.go +++ b/internal/ingress/annotations/parser/main.go @@ -80,6 +80,18 @@ func (a ingAnnotations) parseInt(name string) (int, error) { return 0, errors.ErrMissingAnnotations } +func (a ingAnnotations) parseFloat32(name string) (float32, error) { + val, ok := a[name] + if ok { + i, err := strconv.ParseFloat(val, 32) + if err != nil { + return 0, errors.NewInvalidAnnotationContent(name, val) + } + return float32(i), nil + } + return 0, errors.ErrMissingAnnotations +} + func checkAnnotation(name string, ing *networking.Ingress) error { if ing == nil || len(ing.GetAnnotations()) == 0 { return errors.ErrMissingAnnotations @@ -122,6 +134,16 @@ func GetIntAnnotation(name string, ing *networking.Ingress) (int, error) { return ingAnnotations(ing.GetAnnotations()).parseInt(v) } +// GetFloatAnnotation extracts a float32 from an Ingress annotation +func GetFloatAnnotation(name string, ing *networking.Ingress) (float32, error) { + v := GetAnnotationWithPrefix(name) + err := checkAnnotation(v, ing) + if err != nil { + return 0, err + } + return ingAnnotations(ing.GetAnnotations()).parseFloat32(v) +} + // GetAnnotationWithPrefix returns the prefix of ingress annotations func GetAnnotationWithPrefix(suffix string) string { return fmt.Sprintf("%v/%v", AnnotationsPrefix, suffix) diff --git a/internal/ingress/annotations/parser/main_test.go b/internal/ingress/annotations/parser/main_test.go index 7b01a1230..318e024d3 100644 --- a/internal/ingress/annotations/parser/main_test.go +++ b/internal/ingress/annotations/parser/main_test.go @@ -130,6 +130,47 @@ rewrite (?i)/arcgis/services/Utilities/Geometry/GeometryServer(.*)$ /arcgis/serv } } +func TestGetFloatAnnotation(t *testing.T) { + ing := buildIngress() + + _, err := GetFloatAnnotation("", nil) + if err == nil { + t.Errorf("expected error but retuned nil") + } + + tests := []struct { + name string + field string + value string + exp float32 + expErr bool + }{ + {"valid - A", "string", "1.5", 1.5, false}, + {"valid - B", "string", "2", 2, false}, + {"valid - C", "string", "100.0", 100, false}, + } + + data := map[string]string{} + ing.SetAnnotations(data) + + for _, test := range tests { + data[GetAnnotationWithPrefix(test.field)] = test.value + + s, err := GetFloatAnnotation(test.field, ing) + if test.expErr { + if err == nil { + t.Errorf("%v: expected error but retuned nil", test.name) + } + continue + } + if s != test.exp { + t.Errorf("%v: expected \"%v\" but \"%v\" was returned", test.name, test.exp, s) + } + + delete(data, test.field) + } +} + func TestGetIntAnnotation(t *testing.T) { ing := buildIngress() From f2ed5d17f672abf2dcda53811e0272357c0d02d4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 24 Oct 2022 05:10:26 -0700 Subject: [PATCH 125/166] Bump github.com/onsi/ginkgo/v2 from 2.3.1 to 2.4.0 (#9201) Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.3.1 to 2.4.0. - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/ginkgo/compare/v2.3.1...v2.4.0) --- updated-dependencies: - dependency-name: github.com/onsi/ginkgo/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 16 ++++++++-------- go.sum | 31 +++++++++++++++++-------------- 2 files changed, 25 insertions(+), 22 deletions(-) diff --git a/go.mod b/go.mod index c4b4d2de2..b320fe44b 100644 --- a/go.mod +++ b/go.mod @@ -14,7 +14,7 @@ require ( github.com/mitchellh/mapstructure v1.5.0 github.com/moul/pb v0.0.0-20220425114252-bca18df4138c github.com/ncabatoff/process-exporter v0.7.10 - github.com/onsi/ginkgo/v2 v2.3.1 + github.com/onsi/ginkgo/v2 v2.4.0 github.com/opencontainers/runc v1.1.4 github.com/pmezard/go-difflib v1.0.0 github.com/prometheus/client_golang v1.13.0 @@ -25,7 +25,7 @@ require ( github.com/stretchr/testify v1.8.0 github.com/yudai/gojsondiff v1.0.0 github.com/zakjan/cert-chain-resolver v0.0.0-20211122211144-c6b0b792af9a - golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd + golang.org/x/crypto v0.1.0 google.golang.org/grpc v1.50.1 gopkg.in/go-playground/pool.v3 v3.1.1 gopkg.in/mcuadros/go-syslog.v2 v2.3.0 @@ -104,14 +104,14 @@ require ( github.com/yudai/golcs v0.0.0-20170316035057-ecda9a501e82 // indirect github.com/yudai/pp v2.0.1+incompatible // indirect go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5 // indirect - golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 // indirect - golang.org/x/net v0.0.0-20220906165146-f3363e06e74c // indirect + golang.org/x/mod v0.6.0 // indirect + golang.org/x/net v0.1.0 // indirect golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b // indirect - golang.org/x/sys v0.0.0-20220908164124-27713097b956 // indirect - golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 // indirect - golang.org/x/text v0.3.7 // indirect + golang.org/x/sys v0.1.0 // indirect + golang.org/x/term v0.1.0 // indirect + golang.org/x/text v0.4.0 // indirect golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 // indirect - golang.org/x/tools v0.1.12 // indirect + golang.org/x/tools v0.2.0 // indirect google.golang.org/appengine v1.6.7 // indirect google.golang.org/genproto v0.0.0-20220502173005-c8bf987b8c21 // indirect google.golang.org/protobuf v1.28.1 // indirect diff --git a/go.sum b/go.sum index c5b331a8f..9ce9078e4 100644 --- a/go.sum +++ b/go.sum @@ -457,12 +457,12 @@ github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+W github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk= github.com/onsi/ginkgo v1.14.0/go.mod h1:iSB4RoI2tjJc9BBv4NKIKWKya62Rps+oPG/Lv9klQyY= github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= -github.com/onsi/ginkgo/v2 v2.3.1 h1:8SbseP7qM32WcvE6VaN6vfXxv698izmsJ1UQX9ve7T8= -github.com/onsi/ginkgo/v2 v2.3.1/go.mod h1:Sv4yQXwG5VmF7tm3Q5Z+RWUpPo24LF1mpnz2crUb8Ys= +github.com/onsi/ginkgo/v2 v2.4.0 h1:+Ig9nvqgS5OBSACXNk15PLdp0U9XPYROt9CFzVdFGIs= +github.com/onsi/ginkgo/v2 v2.4.0/go.mod h1:iHkDK1fKGcBoEHT5W7YBq4RFWaQulw+caOMkAt4OrFo= github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= -github.com/onsi/gomega v1.22.0 h1:AIg2/OntwkBiCg5Tt1ayyiF1ArFrWFoCSMtMi/wdApk= +github.com/onsi/gomega v1.22.1 h1:pY8O4lBfsHKZHM/6nrxkhVPUznOlIu3quZcKP/M20KI= github.com/opencontainers/runc v1.1.4 h1:nRCz/8sKg6K6jgYAFLDlXzPeITBZJyX28DBVhWD+5dg= github.com/opencontainers/runc v1.1.4/go.mod h1:1J5XiS+vdZ3wCyZybsuxXZWGrgSr8fFJHLXuG2PsnNg= github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417 h1:3snG66yBm59tKhhSPQrQ/0bCrv1LQbKt40LnUPiUxdc= @@ -653,8 +653,8 @@ golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e/go.mod h1:GvvjBRRGRdwPK5y golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd h1:XcWmESyNjXJMLahc3mqVQJcgSTDxFxhETVlfk9uGc38= -golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= +golang.org/x/crypto v0.1.0 h1:MDRAIl0xIo9Io2xV565hzXHw3zVseKrJKodhohM5CjU= +golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -690,8 +690,8 @@ golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 h1:6zppjxzCulZykYSLyVDYbneBfbaBIQPYMevg0bEwv2s= -golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= +golang.org/x/mod v0.6.0 h1:b9gGHsz9/HhJ3HF5DHQytPpuwocVTChQJK3AvoLRD5I= +golang.org/x/mod v0.6.0/go.mod h1:4mET923SAdbXp2ki8ey+zGs1SLqsuM2Y0uvdZR/fUNI= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -744,8 +744,8 @@ golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qx golang.org/x/net v0.0.0-20211209124913-491a49abca63/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= -golang.org/x/net v0.0.0-20220906165146-f3363e06e74c h1:yKufUcDwucU5urd+50/Opbt4AYpqthk7wHpHok8f1lo= -golang.org/x/net v0.0.0-20220906165146-f3363e06e74c/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk= +golang.org/x/net v0.1.0 h1:hZ/3BUoy5aId7sCpA/Tc5lt8DkFgdVS2onTpJsZ/fl0= +golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -851,12 +851,14 @@ golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20211116061358-0a5406a5449c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220908164124-27713097b956 h1:XeJjHH1KiLpKGb6lvMiksZ9l0fVUh+AmGcm0nOMEBOY= golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.1.0 h1:kunALQeHf1/185U1i0GOB/fy1IPRDDpuoOOqRReG57U= +golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210615171337-6886f2dfbf5b/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 h1:JGgROgKl9N8DuW20oFS5gxc+lE67/N3FcwmBPMe7ArY= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= +golang.org/x/term v0.1.0 h1:g6Z6vPFA9dYBAF7DWcH6sCcOntplXsDKcliusYijMlw= +golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -865,8 +867,9 @@ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= +golang.org/x/text v0.4.0 h1:BrVqGRd7+k1DiOgtnFvAkoQEWQvBc25ouMJM6429SFg= +golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -935,8 +938,8 @@ golang.org/x/tools v0.1.3/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.6-0.20210820212750-d4cc65f0b2ff/go.mod h1:YD9qOF0M9xpSpdWTBbzEl5e/RnCefISl8E5Noe10jFM= -golang.org/x/tools v0.1.12 h1:VveCTK38A2rkS8ZqFY25HIDFscX5X9OoEhJd3quQmXU= -golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= +golang.org/x/tools v0.2.0 h1:G6AHpWxTMGY1KyEYoAQ5WTtIekUUvDNjan3ugu60JvE= +golang.org/x/tools v0.2.0/go.mod h1:y4OqIKeOV/fWJetJ8bXPU1sEVniLMIyDAZWeHdV+NTA= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= From 68bcb3761cfeefb33fa5b6ffa5fff6ffb03eb41b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 24 Oct 2022 13:08:24 -0700 Subject: [PATCH 126/166] Bump goreleaser/goreleaser-action from 3.1.0 to 3.2.0 (#9208) Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) from 3.1.0 to 3.2.0. - [Release notes](https://github.com/goreleaser/goreleaser-action/releases) - [Commits](https://github.com/goreleaser/goreleaser-action/compare/ff11ca24a9b39f2d36796d1fbd7a4e39c182630a...b508e2e3ef3b19d4e4146d4f8fb3ba9db644a757) --- updated-dependencies: - dependency-name: goreleaser/goreleaser-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/plugin.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/plugin.yaml b/.github/workflows/plugin.yaml index ff11b713c..0e4b2671d 100644 --- a/.github/workflows/plugin.yaml +++ b/.github/workflows/plugin.yaml @@ -27,7 +27,7 @@ jobs: go-version: 1.19.2 - name: Run GoReleaser - uses: goreleaser/goreleaser-action@ff11ca24a9b39f2d36796d1fbd7a4e39c182630a # v3.0.0 + uses: goreleaser/goreleaser-action@b508e2e3ef3b19d4e4146d4f8fb3ba9db644a757 # v3.0.0 with: version: latest args: release --rm-dist From a500a1ec8f5e18b3acdb775a54d9d8c6dece355a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 24 Oct 2022 13:18:35 -0700 Subject: [PATCH 127/166] Bump github.com/stretchr/testify from 1.8.0 to 1.8.1 (#9202) Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.0 to 1.8.1. - [Release notes](https://github.com/stretchr/testify/releases) - [Commits](https://github.com/stretchr/testify/compare/v1.8.0...v1.8.1) --- updated-dependencies: - dependency-name: github.com/stretchr/testify dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 6 ++++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index b320fe44b..3ed69f652 100644 --- a/go.mod +++ b/go.mod @@ -22,7 +22,7 @@ require ( github.com/prometheus/common v0.37.0 github.com/spf13/cobra v1.6.0 github.com/spf13/pflag v1.0.5 - github.com/stretchr/testify v1.8.0 + github.com/stretchr/testify v1.8.1 github.com/yudai/gojsondiff v1.0.0 github.com/zakjan/cert-chain-resolver v0.0.0-20211122211144-c6b0b792af9a golang.org/x/crypto v0.1.0 diff --git a/go.sum b/go.sum index 9ce9078e4..1468b7617 100644 --- a/go.sum +++ b/go.sum @@ -561,8 +561,9 @@ github.com/spf13/viper v1.8.1/go.mod h1:o0Pch8wJ9BVSWGQMbra6iw0oQ5oktSIBaujf1rJH github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= -github.com/stretchr/objx v0.4.0 h1:M2gUjqZET1qApGOWNSnZ49BAIMX4F/1plDv3+l31EJ4= github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= +github.com/stretchr/objx v0.5.0 h1:1zr/of2m5FGMsad5YfcqgdqdWrIhu+EBEJRhR1U7z/c= +github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= github.com/stretchr/testify v1.1.3/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= @@ -571,8 +572,9 @@ github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/stretchr/testify v1.8.0 h1:pSgiaMZlXftHpm5L7V1+rVB+AZJydKsMxsQBIJw4PKk= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= +github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk= +github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw= github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= From f4cefedc9339b152865fd03e75f88bf05c7a6f59 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 24 Oct 2022 13:20:35 -0700 Subject: [PATCH 128/166] Bump ossf/scorecard-action from 2.0.4 to 2.0.6 (#9203) Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.0.4 to 2.0.6. - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](https://github.com/ossf/scorecard-action/compare/e363bfca00e752f91de7b7d2a77340e2e523cb18...99c53751e09b9529366343771cc321ec74e9bd3d) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/scorecards.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index c06db13ca..9fbc0480a 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -30,7 +30,7 @@ jobs: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@e363bfca00e752f91de7b7d2a77340e2e523cb18 # v1.1.1 + uses: ossf/scorecard-action@99c53751e09b9529366343771cc321ec74e9bd3d # v1.1.1 with: results_file: results.sarif results_format: sarif From 951d8196e555eb4f0701ff871e9ed25c146a0e20 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 24 Oct 2022 13:22:34 -0700 Subject: [PATCH 129/166] Bump docker/setup-buildx-action from 2.1.0 to 2.2.1 (#9204) Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 2.1.0 to 2.2.1. - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](https://github.com/docker/setup-buildx-action/compare/95cb08cb2672c73d4ffd2f422e6d11953d2a9c70...8c0edbc76e98fa90f69d9a2c020dcb50019dc325) --- updated-dependencies: - dependency-name: docker/setup-buildx-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 93caa3b4c..56569b5d8 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -81,7 +81,7 @@ jobs: - name: Set up Docker Buildx id: buildx - uses: docker/setup-buildx-action@95cb08cb2672c73d4ffd2f422e6d11953d2a9c70 # v2.0.0 + uses: docker/setup-buildx-action@8c0edbc76e98fa90f69d9a2c020dcb50019dc325 # v2.0.0 with: version: latest From 60dc84476b0be8810128b9f756d4de52f0f4d7ff Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 24 Oct 2022 13:24:34 -0700 Subject: [PATCH 130/166] Bump actions/setup-go from 3.3.0 to 3.3.1 (#9205) Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3.3.0 to 3.3.1. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](https://github.com/actions/setup-go/compare/268d8c0ca0432bb2cf416faae41297df9d262d7f...c4a742cab115ed795e34d4513e2cf7d472deb55f) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci.yaml | 6 +++--- .github/workflows/plugin.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 56569b5d8..a85165efd 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -72,7 +72,7 @@ jobs: - name: Set up Go 1.19.2 id: go - uses: actions/setup-go@268d8c0ca0432bb2cf416faae41297df9d262d7f # v3.2.0 + uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f # v3.2.0 with: go-version: '1.19.2' @@ -138,7 +138,7 @@ jobs: uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.0.2 - name: Setup Go - uses: actions/setup-go@268d8c0ca0432bb2cf416faae41297df9d262d7f # v3.2.0 + uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f # v3.2.0 with: go-version: '1.19.2' @@ -414,7 +414,7 @@ jobs: - name: Set up Go 1.19.2 id: go if: ${{ steps.filter-images.outputs.kube-webhook-certgen == 'true' }} - uses: actions/setup-go@268d8c0ca0432bb2cf416faae41297df9d262d7f # v3.2.0 + uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f # v3.2.0 with: go-version: '1.19.2' diff --git a/.github/workflows/plugin.yaml b/.github/workflows/plugin.yaml index 0e4b2671d..5da461528 100644 --- a/.github/workflows/plugin.yaml +++ b/.github/workflows/plugin.yaml @@ -22,7 +22,7 @@ jobs: fetch-depth: 0 - name: Set up Go - uses: actions/setup-go@268d8c0ca0432bb2cf416faae41297df9d262d7f # v3.2.0 + uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f # v3.2.0 with: go-version: 1.19.2 From f7c757c90b1b51522570089362cf9fab45875720 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 24 Oct 2022 13:26:36 -0700 Subject: [PATCH 131/166] Bump github/codeql-action from 2.1.27 to 2.1.28 (#9206) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.27 to 2.1.28. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/807578363a7869ca324a79039e6db9c843e0e100...cc7986c02bac29104a72998e67239bb5ee2ee110) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/scorecards.yml | 2 +- .github/workflows/vulnerability-scans.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 9fbc0480a..762634db0 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -57,6 +57,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@807578363a7869ca324a79039e6db9c843e0e100 # v2.1.14 + uses: github/codeql-action/upload-sarif@cc7986c02bac29104a72998e67239bb5ee2ee110 # v2.1.14 with: sarif_file: results.sarif diff --git a/.github/workflows/vulnerability-scans.yaml b/.github/workflows/vulnerability-scans.yaml index 0cfdb6375..34c4f1901 100644 --- a/.github/workflows/vulnerability-scans.yaml +++ b/.github/workflows/vulnerability-scans.yaml @@ -75,7 +75,7 @@ jobs: # This step checks out a copy of your repository. - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@807578363a7869ca324a79039e6db9c843e0e100 + uses: github/codeql-action/upload-sarif@cc7986c02bac29104a72998e67239bb5ee2ee110 with: token: ${{ github.token }} # Path to SARIF file relative to the root of the repository From 9216b7b0991b6c5f89c73c401a1cc4d471d4a314 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 24 Oct 2022 13:28:35 -0700 Subject: [PATCH 132/166] Bump actions/download-artifact from 3.0.0 to 3.0.1 (#9207) Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 3.0.0 to 3.0.1. - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](https://github.com/actions/download-artifact/compare/fb598a63ae348fa914e94cd0ff38f362e927b741...9782bd6a9848b53b110e712e20e42d89988822b7) --- updated-dependencies: - dependency-name: actions/download-artifact dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index a85165efd..25cc509f0 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -143,7 +143,7 @@ jobs: go-version: '1.19.2' - name: cache - uses: actions/download-artifact@fb598a63ae348fa914e94cd0ff38f362e927b741 # v3 + uses: actions/download-artifact@9782bd6a9848b53b110e712e20e42d89988822b7 # v3 with: name: docker.tar.gz @@ -221,7 +221,7 @@ jobs: uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.0.2 - name: cache - uses: actions/download-artifact@fb598a63ae348fa914e94cd0ff38f362e927b741 # v2 + uses: actions/download-artifact@9782bd6a9848b53b110e712e20e42d89988822b7 # v2 with: name: docker.tar.gz @@ -278,7 +278,7 @@ jobs: uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.0.2 - name: cache - uses: actions/download-artifact@fb598a63ae348fa914e94cd0ff38f362e927b741 + uses: actions/download-artifact@9782bd6a9848b53b110e712e20e42d89988822b7 with: name: docker.tar.gz From 397003d7ccfee5d9f74d8c1a6378caa40b53d448 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 25 Oct 2022 07:10:36 -0700 Subject: [PATCH 133/166] Bump github.com/prometheus/client_model from 0.2.0 to 0.3.0 (#9200) Bumps [github.com/prometheus/client_model](https://github.com/prometheus/client_model) from 0.2.0 to 0.3.0. - [Release notes](https://github.com/prometheus/client_model/releases) - [Commits](https://github.com/prometheus/client_model/compare/v0.2.0...v0.3.0) --- updated-dependencies: - dependency-name: github.com/prometheus/client_model dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/go.mod b/go.mod index 3ed69f652..a1b307b36 100644 --- a/go.mod +++ b/go.mod @@ -18,7 +18,7 @@ require ( github.com/opencontainers/runc v1.1.4 github.com/pmezard/go-difflib v1.0.0 github.com/prometheus/client_golang v1.13.0 - github.com/prometheus/client_model v0.2.0 + github.com/prometheus/client_model v0.3.0 github.com/prometheus/common v0.37.0 github.com/spf13/cobra v1.6.0 github.com/spf13/pflag v1.0.5 diff --git a/go.sum b/go.sum index 1468b7617..529555a3a 100644 --- a/go.sum +++ b/go.sum @@ -495,8 +495,9 @@ github.com/prometheus/client_golang v1.13.0/go.mod h1:vTeo+zgvILHsnnj/39Ou/1fPN5 github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= -github.com/prometheus/client_model v0.2.0 h1:uq5h0d+GuxiXLJLNABMgp2qUWDPiLvgCzz2dUR+/W/M= github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= +github.com/prometheus/client_model v0.3.0 h1:UBgGFHqYdG/TPFD1B1ogZywDqEkwp3fBMvqdiQ7Xew4= +github.com/prometheus/client_model v0.3.0/go.mod h1:LDGWKZIo7rky3hgvBe+caln+Dr3dPggB5dvjtD7w9+w= github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= From a383cfc55100aae3894629bea224472c578909c0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20G=C3=BCttler?= Date: Tue, 25 Oct 2022 16:14:36 +0200 Subject: [PATCH 134/166] fix typo in docs. (#9167) --- docs/deploy/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/deploy/index.md b/docs/deploy/index.md index 4cefb7c48..1ae4f22de 100644 --- a/docs/deploy/index.md +++ b/docs/deploy/index.md @@ -8,7 +8,7 @@ There are multiple ways to install the NGINX ingress controller: On most Kubernetes clusters, the ingress controller will work without requiring any extra configuration. If you want to get started as fast as possible, you can check the [quick start](#quick-start) instructions. However, in many -environments, you can improve the performance or get better logs by enabling extra features. we recommend that you +environments, you can improve the performance or get better logs by enabling extra features. We recommend that you check the [environment-specific instructions](#environment-specific-instructions) for details about optimizing the ingress controller for your particular environment or cloud provider. From ac1a3363bde234252e750845d4a9547dad997e84 Mon Sep 17 00:00:00 2001 From: Youssef Bel Mekki <38552193+ybelMekk@users.noreply.github.com> Date: Tue, 25 Oct 2022 23:14:36 +0200 Subject: [PATCH 135/166] add:(admission-webhooks) ability to set securityContext for job-containers createSecret and patchWebhook (#9186) Signed-off-by: ybelMekk Signed-off-by: ybelMekk --- charts/ingress-nginx/README.md | 2 ++ .../admission-webhooks/job-patch/job-createSecret.yaml | 5 +++-- .../admission-webhooks/job-patch/job-patchWebhook.yaml | 5 +++-- charts/ingress-nginx/values.yaml | 4 ++++ 4 files changed, 12 insertions(+), 4 deletions(-) diff --git a/charts/ingress-nginx/README.md b/charts/ingress-nginx/README.md index 06db4d991..6ce41792e 100644 --- a/charts/ingress-nginx/README.md +++ b/charts/ingress-nginx/README.md @@ -242,6 +242,7 @@ Kubernetes: `>=1.20.0-0` | controller.admissionWebhooks.annotations | object | `{}` | | | controller.admissionWebhooks.certificate | string | `"/usr/local/certificates/cert"` | | | controller.admissionWebhooks.createSecretJob.resources | object | `{}` | | +| controller.admissionWebhooks.createSecretJob.securityContext.allowPrivilegeEscalation | bool | `false` | | | controller.admissionWebhooks.enabled | bool | `true` | | | controller.admissionWebhooks.existingPsp | string | `""` | Use an existing PSP instead of creating one | | controller.admissionWebhooks.extraEnvs | list | `[]` | Additional environment variables to set | @@ -266,6 +267,7 @@ Kubernetes: `>=1.20.0-0` | controller.admissionWebhooks.patch.securityContext.runAsUser | int | `2000` | | | controller.admissionWebhooks.patch.tolerations | list | `[]` | | | controller.admissionWebhooks.patchWebhookJob.resources | object | `{}` | | +| controller.admissionWebhooks.patchWebhookJob.securityContext.allowPrivilegeEscalation | bool | `false` | | | controller.admissionWebhooks.port | int | `8443` | | | controller.admissionWebhooks.service.annotations | object | `{}` | | | controller.admissionWebhooks.service.externalIPs | list | `[]` | | diff --git a/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml b/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml index 7558e0b1a..de78f45bd 100644 --- a/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml +++ b/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml @@ -59,8 +59,9 @@ spec: {{- if .Values.controller.admissionWebhooks.extraEnvs }} {{- toYaml .Values.controller.admissionWebhooks.extraEnvs | nindent 12 }} {{- end }} - securityContext: - allowPrivilegeEscalation: false + {{- if .Values.controller.admissionWebhooks.createSecretJob.securityContext }} + securityContext: {{ toYaml .Values.controller.admissionWebhooks.createSecretJob.securityContext | nindent 12 }} + {{- end }} {{- if .Values.controller.admissionWebhooks.createSecretJob.resources }} resources: {{ toYaml .Values.controller.admissionWebhooks.createSecretJob.resources | nindent 12 }} {{- end }} diff --git a/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml b/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml index 05282150b..b670aa05a 100644 --- a/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml +++ b/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml @@ -61,8 +61,9 @@ spec: {{- if .Values.controller.admissionWebhooks.extraEnvs }} {{- toYaml .Values.controller.admissionWebhooks.extraEnvs | nindent 12 }} {{- end }} - securityContext: - allowPrivilegeEscalation: false + {{- if .Values.controller.admissionWebhooks.patchWebhookJob.securityContext }} + securityContext: {{ toYaml .Values.controller.admissionWebhooks.patchWebhookJob.securityContext | nindent 12 }} + {{- end }} {{- if .Values.controller.admissionWebhooks.patchWebhookJob.resources }} resources: {{ toYaml .Values.controller.admissionWebhooks.patchWebhookJob.resources | nindent 12 }} {{- end }} diff --git a/charts/ingress-nginx/values.yaml b/charts/ingress-nginx/values.yaml index 622244a11..9092a5de9 100644 --- a/charts/ingress-nginx/values.yaml +++ b/charts/ingress-nginx/values.yaml @@ -627,6 +627,8 @@ controller: type: ClusterIP createSecretJob: + securityContext: + allowPrivilegeEscalation: false resources: {} # limits: # cpu: 10m @@ -636,6 +638,8 @@ controller: # memory: 20Mi patchWebhookJob: + securityContext: + allowPrivilegeEscalation: false resources: {} patch: From 2488fb00649f36cc0c6d0eadbb3d38dccd12f7be Mon Sep 17 00:00:00 2001 From: Jaen Date: Tue, 25 Oct 2022 15:06:35 -0700 Subject: [PATCH 136/166] Fix Markdown header level (#9210) Cloud providers use level 4 headers. --- docs/deploy/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/deploy/index.md b/docs/deploy/index.md index 1ae4f22de..3f99c7a44 100644 --- a/docs/deploy/index.md +++ b/docs/deploy/index.md @@ -337,7 +337,7 @@ A [complete list of available annotations for Oracle Cloud Infrastructure](https://github.com/oracle/oci-cloud-controller-manager/blob/master/docs/load-balancer-annotations.md) can be found in the [OCI Cloud Controller Manager](https://github.com/oracle/oci-cloud-controller-manager) documentation. -### OVHcloud +#### OVHcloud ```console helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx From bf8362cb500b413d04d04b1312df1914b4b193f8 Mon Sep 17 00:00:00 2001 From: Jintao Zhang Date: Sat, 29 Oct 2022 07:40:39 +0800 Subject: [PATCH 137/166] chore: bump NGINX version v1.21.4 (#8889) * chore: bump NGINX version v1.21.4 Signed-off-by: Jintao Zhang * chore: bump all others Signed-off-by: Jintao Zhang * apply all patches Signed-off-by: Jintao Zhang * fix files hash Signed-off-by: Jintao Zhang * fix ajp module Signed-off-by: Jintao Zhang Signed-off-by: Jintao Zhang --- images/nginx/rootfs/build.sh | 78 ++++++++++--------- .../patches/nginx-1.19.9-no_Werror.patch | 36 --------- ...> nginx-1.21.4-balancer_status_code.patch} | 0 ... => nginx-1.21.4-cache_manager_exit.patch} | 0 ... nginx-1.21.4-delayed_posted_events.patch} | 0 ...patch => nginx-1.21.4-hash_overflow.patch} | 0 ...ginx-1.21.4-init_cycle_pool_release.patch} | 24 +++--- ...> nginx-1.21.4-larger_max_error_str.patch} | 4 +- .../patches/nginx-1.21.4-no_Werror.patch | 36 +++++++++ ...> nginx-1.21.4-proxy_host_port_vars.patch} | 4 +- ... nginx-1.21.4-resolver_conf_parsing.patch} | 0 ...x-1.21.4-reuseport_close_unused_fds.patch} | 0 ...1.21.4-single_process_graceful_exit.patch} | 0 ...atch => nginx-1.21.4-socket_cloexec.patch} | 0 ...h => nginx-1.21.4-ssl_cert_cb_yield.patch} | 0 ...h => nginx-1.21.4-ssl_sess_cb_yield.patch} | 0 ...tream_proxy_get_next_upstream_tries.patch} | 0 ...x-1.21.4-stream_ssl_preread_no_skip.patch} | 0 ...=> nginx-1.21.4-upstream_pipelining.patch} | 0 ...ginx-1.21.4-upstream_timeout_fields.patch} | 0 .../rootfs/patches/patch.2021.resolver.txt | 23 ------ 21 files changed, 92 insertions(+), 113 deletions(-) delete mode 100644 images/nginx/rootfs/patches/nginx-1.19.9-no_Werror.patch rename images/nginx/rootfs/patches/{nginx-1.19.9-balancer_status_code.patch => nginx-1.21.4-balancer_status_code.patch} (100%) rename images/nginx/rootfs/patches/{nginx-1.19.9-cache_manager_exit.patch => nginx-1.21.4-cache_manager_exit.patch} (100%) rename images/nginx/rootfs/patches/{nginx-1.19.9-delayed_posted_events.patch => nginx-1.21.4-delayed_posted_events.patch} (100%) rename images/nginx/rootfs/patches/{nginx-1.19.9-hash_overflow.patch => nginx-1.21.4-hash_overflow.patch} (100%) rename images/nginx/rootfs/patches/{nginx-1.19.9-init_cycle_pool_release.patch => nginx-1.21.4-init_cycle_pool_release.patch} (65%) rename images/nginx/rootfs/patches/{nginx-1.19.9-larger_max_error_str.patch => nginx-1.21.4-larger_max_error_str.patch} (62%) create mode 100644 images/nginx/rootfs/patches/nginx-1.21.4-no_Werror.patch rename images/nginx/rootfs/patches/{nginx-1.19.9-proxy_host_port_vars.patch => nginx-1.21.4-proxy_host_port_vars.patch} (87%) rename images/nginx/rootfs/patches/{nginx-1.19.9-resolver_conf_parsing.patch => nginx-1.21.4-resolver_conf_parsing.patch} (100%) rename images/nginx/rootfs/patches/{nginx-1.19.9-reuseport_close_unused_fds.patch => nginx-1.21.4-reuseport_close_unused_fds.patch} (100%) rename images/nginx/rootfs/patches/{nginx-1.19.9-single_process_graceful_exit.patch => nginx-1.21.4-single_process_graceful_exit.patch} (100%) rename images/nginx/rootfs/patches/{nginx-1.19.9-socket_cloexec.patch => nginx-1.21.4-socket_cloexec.patch} (100%) rename images/nginx/rootfs/patches/{nginx-1.19.9-ssl_cert_cb_yield.patch => nginx-1.21.4-ssl_cert_cb_yield.patch} (100%) rename images/nginx/rootfs/patches/{nginx-1.19.9-ssl_sess_cb_yield.patch => nginx-1.21.4-ssl_sess_cb_yield.patch} (100%) rename images/nginx/rootfs/patches/{nginx-1.19.9-stream_proxy_get_next_upstream_tries.patch => nginx-1.21.4-stream_proxy_get_next_upstream_tries.patch} (100%) rename images/nginx/rootfs/patches/{nginx-1.19.9-stream_ssl_preread_no_skip.patch => nginx-1.21.4-stream_ssl_preread_no_skip.patch} (100%) rename images/nginx/rootfs/patches/{nginx-1.19.9-upstream_pipelining.patch => nginx-1.21.4-upstream_pipelining.patch} (100%) rename images/nginx/rootfs/patches/{nginx-1.19.9-upstream_timeout_fields.patch => nginx-1.21.4-upstream_timeout_fields.patch} (100%) delete mode 100644 images/nginx/rootfs/patches/patch.2021.resolver.txt diff --git a/images/nginx/rootfs/build.sh b/images/nginx/rootfs/build.sh index 75d765e78..cfea7b7c8 100755 --- a/images/nginx/rootfs/build.sh +++ b/images/nginx/rootfs/build.sh @@ -18,13 +18,13 @@ set -o errexit set -o nounset set -o pipefail -export NGINX_VERSION=1.19.10 +export NGINX_VERSION=1.21.4 # Check for recent changes: https://github.com/vision5/ngx_devel_kit/compare/v0.3.1...master export NDK_VERSION=0.3.1 -# Check for recent changes: https://github.com/openresty/set-misc-nginx-module/compare/v0.32...master -export SETMISC_VERSION=0.32 +# Check for recent changes: https://github.com/openresty/set-misc-nginx-module/compare/v0.33...master +export SETMISC_VERSION=0.33 # Check for recent changes: https://github.com/openresty/headers-more-nginx-module/compare/v0.33...master export MORE_HEADERS_VERSION=0.33 @@ -65,28 +65,30 @@ export MODSECURITY_LIB_VERSION=v3.0.8 # Check for recent changes: https://github.com/coreruleset/coreruleset/compare/v3.3.2...v3.3/master export OWASP_MODSECURITY_CRS_VERSION=v3.3.4 -# Check for recent changes: https://github.com/openresty/lua-nginx-module/compare/v0.10.20...master -export LUA_NGX_VERSION=b721656a9127255003b696b42ccc871c7ec18d59 +# Check for recent changes: https://github.com/openresty/lua-nginx-module/compare/v0.10.21...master +export LUA_NGX_VERSION=0.10.21 -# Check for recent changes: https://github.com/openresty/stream-lua-nginx-module/compare/v0.0.10...master -export LUA_STREAM_NGX_VERSION=74f8c8bca5b95cecbf42d4e1a465bc08cd075a9b +# Check for recent changes: https://github.com/openresty/stream-lua-nginx-module/compare/v0.0.11...master +export LUA_STREAM_NGX_VERSION=0.0.11 -# Check for recent changes: https://github.com/openresty/lua-upstream-nginx-module/compare/v0.07...master +# Check for recent changes: https://github.com/openresty/lua-upstream-nginx-module/compare/8aa93ead98ba2060d4efd594ae33a35d153589bf...master export LUA_UPSTREAM_VERSION=8aa93ead98ba2060d4efd594ae33a35d153589bf -# Check for recent changes: https://github.com/openresty/lua-cjson/compare/2.1.0.8...openresty:master -export LUA_CJSON_VERSION=4b350c531de3d71008c77ae94e59275b8371b4dc +# Check for recent changes: https://github.com/openresty/lua-cjson/compare/2.1.0.10...openresty:master +export LUA_CJSON_VERSION=2.1.0.10 export NGINX_INFLUXDB_VERSION=5b09391cb7b9a889687c0aa67964c06a2d933e8b # Check for recent changes: https://github.com/leev/ngx_http_geoip2_module/compare/3.3...master export GEOIP2_VERSION=a26c6beed77e81553686852dceb6c7fdacc5970d -# Check for recent changes: https://github.com/yaoweibin/nginx_ajp_module/compare/v0.3.0...master -export NGINX_AJP_VERSION=a964a0bcc6a9f2bfb82a13752d7794a36319ffac +# Check for recent changes: https://github.com/msva/nginx_ajp_module/compare/fcbb2ccca4901d317ecd7a9dabb3fec9378ff40f...master +# This is a fork from https://github.com/yaoweibin/nginx_ajp_module +# Since it has not been updated and is not compatible with NGINX 1.21 +export NGINX_AJP_VERSION=fcbb2ccca4901d317ecd7a9dabb3fec9378ff40f -# Check for recent changes: https://github.com/openresty/luajit2/compare/v2.1-20210510...v2.1-agentzh -export LUAJIT_VERSION=2.1-20210510 +# Check for recent changes: https://github.com/openresty/luajit2/compare/v2.1-20220411...v2.1-agentzh +export LUAJIT_VERSION=2.1-20220411 # Check for recent changes: https://github.com/openresty/lua-resty-balancer/compare/v0.04...master export LUA_RESTY_BALANCER=0.04 @@ -94,8 +96,8 @@ export LUA_RESTY_BALANCER=0.04 # Check for recent changes: https://github.com/openresty/lua-resty-lrucache/compare/v0.11...master export LUA_RESTY_CACHE=0.11 -# Check for recent changes: https://github.com/openresty/lua-resty-core/compare/v0.1.22...master -export LUA_RESTY_CORE=0.1.22 +# Check for recent changes: https://github.com/openresty/lua-resty-core/compare/v0.1.23...master +export LUA_RESTY_CORE=0.1.23 # Check for recent changes: https://github.com/cloudflare/lua-resty-cookie/compare/v0.1.0...master export LUA_RESTY_COOKIE_VERSION=303e32e512defced053a6484bc0745cf9dc0d39e @@ -112,17 +114,17 @@ export LUA_RESTY_LOCK=0.08 # Check for recent changes: https://github.com/openresty/lua-resty-upload/compare/v0.10...master export LUA_RESTY_UPLOAD_VERSION=0.10 -# Check for recent changes: https://github.com/openresty/lua-resty-string/compare/v0.14...master -export LUA_RESTY_STRING_VERSION=9ace36f2dde09451c377c839117ade45eb02d460 +# Check for recent changes: https://github.com/openresty/lua-resty-string/compare/v0.15...master +export LUA_RESTY_STRING_VERSION=0.15 # Check for recent changes: https://github.com/openresty/lua-resty-memcached/compare/v0.16...master export LUA_RESTY_MEMCACHED_VERSION=0.16 -# Check for recent changes: https://github.com/openresty/lua-resty-redis/compare/v0.29...master -export LUA_RESTY_REDIS_VERSION=0.29 +# Check for recent changes: https://github.com/openresty/lua-resty-redis/compare/v0.30...master +export LUA_RESTY_REDIS_VERSION=0.30 -# Check for recent changes: https://github.com/api7/lua-resty-ipmatcher/compare/v0.6...master -export LUA_RESTY_IPMATCHER_VERSION=211e0d2eb8bbb558b79368f89948a0bafdc23654 +# Check for recent changes: https://github.com/api7/lua-resty-ipmatcher/compare/v0.6.1...master +export LUA_RESTY_IPMATCHER_VERSION=0.6.1 # Check for recent changes: https://github.com/ElvinEfendi/lua-resty-global-throttle/compare/v0.2.0...main export LUA_RESTY_GLOBAL_THROTTLE_VERSION=0.2.0 @@ -200,13 +202,13 @@ mkdir --verbose -p "$BUILD_PATH" cd "$BUILD_PATH" # download, verify and extract the source files -get_src e8d0290ff561986ad7cd6c33307e12e11b137186c4403a6a5ccdb4914c082d88 \ +get_src d1f72f474e71bcaaf465dcc7e6f7b6a4705e4b1ed95c581af31df697551f3bfe \ "https://nginx.org/download/nginx-$NGINX_VERSION.tar.gz" get_src 0e971105e210d272a497567fa2e2c256f4e39b845a5ba80d373e26ba1abfbd85 \ "https://github.com/simpl/ngx_devel_kit/archive/v$NDK_VERSION.tar.gz" -get_src f1ad2459c4ee6a61771aa84f77871f4bfe42943a4aa4c30c62ba3f981f52c201 \ +get_src cd5e2cc834bcfa30149e7511f2b5a2183baf0b70dc091af717a89a64e44a2985 \ "https://github.com/openresty/set-misc-nginx-module/archive/v$SETMISC_VERSION.tar.gz" get_src a3dcbab117a9c103bc1ea5200fc00a7b7d2af97ff7fd525f16f8ac2632e30fbf \ @@ -245,11 +247,11 @@ get_src 7d5f3439c8df56046d0564b5857fd8a30296ab1bd6df0f048aed7afb56a0a4c2 \ get_src 99c47c75c159795c9faf76bbb9fa58e5a50b75286c86565ffcec8514b1c74bf9 \ "https://github.com/openresty/stream-lua-nginx-module/archive/v$LUA_STREAM_NGX_VERSION.tar.gz" else -get_src 085a9fb2bf9c4466977595a5fe5156d76f3a2d9a2a81be3cacaff2021773393e \ - "https://github.com/openresty/lua-nginx-module/archive/$LUA_NGX_VERSION.tar.gz" +get_src 9db756000578efaecb43bea4fc6cf631aaa80988d86ffe5d3afeb9927895ffad \ + "https://github.com/openresty/lua-nginx-module/archive/v$LUA_NGX_VERSION.tar.gz" -get_src ba38c9f8e4265836ba7f2ac559ddf140693ff2f5ae33ab1e384f51f3992151ab \ - "https://github.com/openresty/stream-lua-nginx-module/archive/$LUA_STREAM_NGX_VERSION.tar.gz" +get_src c7924f28cb014a99636e747ea907724dd55f60e180cb92cde6e8ed48d2278f27 \ + "https://github.com/openresty/stream-lua-nginx-module/archive/v$LUA_STREAM_NGX_VERSION.tar.gz" fi @@ -260,7 +262,7 @@ if [[ ${ARCH} == "s390x" ]]; then get_src 266ed1abb70a9806d97cb958537a44b67db6afb33d3b32292a2d68a2acedea75 \ "https://github.com/openresty/luajit2/archive/$LUAJIT_VERSION.tar.gz" else -get_src 1ee6dad809a5bb22efb45e6dac767f7ce544ad652d353a93d7f26b605f69fe3f \ +get_src d3f2c870f8f88477b01726b32accab30f6e5d57ae59c5ec87374ff73d0794316 \ "https://github.com/openresty/luajit2/archive/v$LUAJIT_VERSION.tar.gz" fi @@ -273,14 +275,14 @@ get_src 1af5a5632dc8b00ae103d51b7bf225de3a7f0df82f5c6a401996c080106e600e \ get_src 4c1933434572226942c65b2f2b26c8a536ab76aa771a3c7f6c2629faa764976b \ "https://github.com/leev/ngx_http_geoip2_module/archive/$GEOIP2_VERSION.tar.gz" -get_src 94d1512bf0e5e6ffa4eca0489db1279d51f45386fffcb8a1d2d9f7fe93518465 \ - "https://github.com/yaoweibin/nginx_ajp_module/archive/$NGINX_AJP_VERSION.tar.gz" +get_src 778fcca851bd69dabfb382dc827d2ee07662f7eca36b5e66e67d5512bad75ef8 \ + "https://github.com/msva/nginx_ajp_module/archive/$NGINX_AJP_VERSION.tar.gz" get_src 5d16e623d17d4f42cc64ea9cfb69ca960d313e12f5d828f785dd227cc483fcbd \ "https://github.com/openresty/lua-resty-upload/archive/v$LUA_RESTY_UPLOAD_VERSION.tar.gz" -get_src 462c6b38792bab4ca8212bdfd3f2e38f6883bb45c8fb8a03474ea813e0fab853 \ - "https://github.com/openresty/lua-resty-string/archive/$LUA_RESTY_STRING_VERSION.tar.gz" +get_src bdbf271003d95aa91cab0a92f24dca129e99b33f79c13ebfcdbbcbb558129491 \ + "https://github.com/openresty/lua-resty-string/archive/v$LUA_RESTY_STRING_VERSION.tar.gz" get_src 16d72ed133f0c6df376a327386c3ef4e9406cf51003a700737c3805770ade7c5 \ "https://github.com/openresty/lua-resty-balancer/archive/v$LUA_RESTY_BALANCER.tar.gz" @@ -289,11 +291,11 @@ if [[ ${ARCH} == "s390x" ]]; then get_src 8f5f76d2689a3f6b0782f0a009c56a65e4c7a4382be86422c9b3549fe95b0dc4 \ "https://github.com/openresty/lua-resty-core/archive/v$LUA_RESTY_CORE.tar.gz" else -get_src 4d971f711fad48c097070457c128ca36053835d8a3ba25a937e9991547d55d4d \ +get_src efd6b51520429e64b1bcc10f477d370ebed1631c190f7e4dc270d959a743ad7d \ "https://github.com/openresty/lua-resty-core/archive/v$LUA_RESTY_CORE.tar.gz" fi -get_src 8d602af2669fb386931760916a39f6c9034f2363c4965f215042c086b8215238 \ +get_src 0c551d6898f89f876e48730f9b55790d0ba07d5bc0aa6c76153277f63c19489f \ "https://github.com/openresty/lua-cjson/archive/$LUA_CJSON_VERSION.tar.gz" get_src 5ed48c36231e2622b001308622d46a0077525ac2f751e8cc0c9905914254baa4 \ @@ -314,11 +316,11 @@ get_src 9fcb6db95bc37b6fce77d3b3dc740d593f9d90dce0369b405eb04844d56ac43f \ get_src 42893da0e3de4ec180c9bf02f82608d78787290a70c5644b538f29d243147396 \ "https://github.com/openresty/lua-resty-memcached/archive/v$LUA_RESTY_MEMCACHED_VERSION.tar.gz" -get_src 3f602af507aacd1f7aaeddfe7b77627fcde095fe9f115cb9d6ad8de2a52520e1 \ +get_src c15aed1a01c88a3a6387d9af67a957dff670357f5fdb4ee182beb44635eef3f1 \ "https://github.com/openresty/lua-resty-redis/archive/v$LUA_RESTY_REDIS_VERSION.tar.gz" -get_src b8dbd502751140993a852381bcd8e98a402454596bd91838c1e51268d42db261 \ - "https://github.com/api7/lua-resty-ipmatcher/archive/$LUA_RESTY_IPMATCHER_VERSION.tar.gz" +get_src efb767487ea3f6031577b9b224467ddbda2ad51a41c5867a47582d4ad85d609e \ + "https://github.com/api7/lua-resty-ipmatcher/archive/v$LUA_RESTY_IPMATCHER_VERSION.tar.gz" get_src 0fb790e394510e73fdba1492e576aaec0b8ee9ef08e3e821ce253a07719cf7ea \ "https://github.com/ElvinEfendi/lua-resty-global-throttle/archive/v$LUA_RESTY_GLOBAL_THROTTLE_VERSION.tar.gz" diff --git a/images/nginx/rootfs/patches/nginx-1.19.9-no_Werror.patch b/images/nginx/rootfs/patches/nginx-1.19.9-no_Werror.patch deleted file mode 100644 index 7bb0ac902..000000000 --- a/images/nginx/rootfs/patches/nginx-1.19.9-no_Werror.patch +++ /dev/null @@ -1,36 +0,0 @@ -diff -urp nginx-1.19.9/auto/cc/clang nginx-1.19.9-patched/auto/cc/clang ---- nginx-1.19.9/auto/cc/clang 2014-03-04 03:39:24.000000000 -0800 -+++ nginx-1.19.9-patched/auto/cc/clang 2014-03-13 20:54:26.241413360 -0700 -@@ -89,7 +89,7 @@ CFLAGS="$CFLAGS -Wconditional-uninitiali - CFLAGS="$CFLAGS -Wno-unused-parameter" - - # stop on warning --CFLAGS="$CFLAGS -Werror" -+#CFLAGS="$CFLAGS -Werror" - - # debug - CFLAGS="$CFLAGS -g" -diff -urp nginx-1.19.9/auto/cc/gcc nginx-1.19.9-patched/auto/cc/gcc ---- nginx-1.19.9/auto/cc/gcc 2014-03-04 03:39:24.000000000 -0800 -+++ nginx-1.19.9-patched/auto/cc/gcc 2014-03-13 20:54:13.301355329 -0700 -@@ -168,7 +168,7 @@ esac - - - # stop on warning --CFLAGS="$CFLAGS -Werror" -+#CFLAGS="$CFLAGS -Werror" - - # debug - CFLAGS="$CFLAGS -g" -diff -urp nginx-1.19.9/auto/cc/icc nginx-1.19.9-patched/auto/cc/icc ---- nginx-1.19.9/auto/cc/icc 2014-03-04 03:39:24.000000000 -0800 -+++ nginx-1.19.9-patched/auto/cc/icc 2014-03-13 20:54:13.301355329 -0700 -@@ -115,7 +115,7 @@ case "$NGX_ICC_VER" in - esac - - # stop on warning --CFLAGS="$CFLAGS -Werror" -+#CFLAGS="$CFLAGS -Werror" - - # debug - CFLAGS="$CFLAGS -g" diff --git a/images/nginx/rootfs/patches/nginx-1.19.9-balancer_status_code.patch b/images/nginx/rootfs/patches/nginx-1.21.4-balancer_status_code.patch similarity index 100% rename from images/nginx/rootfs/patches/nginx-1.19.9-balancer_status_code.patch rename to images/nginx/rootfs/patches/nginx-1.21.4-balancer_status_code.patch diff --git a/images/nginx/rootfs/patches/nginx-1.19.9-cache_manager_exit.patch b/images/nginx/rootfs/patches/nginx-1.21.4-cache_manager_exit.patch similarity index 100% rename from images/nginx/rootfs/patches/nginx-1.19.9-cache_manager_exit.patch rename to images/nginx/rootfs/patches/nginx-1.21.4-cache_manager_exit.patch diff --git a/images/nginx/rootfs/patches/nginx-1.19.9-delayed_posted_events.patch b/images/nginx/rootfs/patches/nginx-1.21.4-delayed_posted_events.patch similarity index 100% rename from images/nginx/rootfs/patches/nginx-1.19.9-delayed_posted_events.patch rename to images/nginx/rootfs/patches/nginx-1.21.4-delayed_posted_events.patch diff --git a/images/nginx/rootfs/patches/nginx-1.19.9-hash_overflow.patch b/images/nginx/rootfs/patches/nginx-1.21.4-hash_overflow.patch similarity index 100% rename from images/nginx/rootfs/patches/nginx-1.19.9-hash_overflow.patch rename to images/nginx/rootfs/patches/nginx-1.21.4-hash_overflow.patch diff --git a/images/nginx/rootfs/patches/nginx-1.19.9-init_cycle_pool_release.patch b/images/nginx/rootfs/patches/nginx-1.21.4-init_cycle_pool_release.patch similarity index 65% rename from images/nginx/rootfs/patches/nginx-1.19.9-init_cycle_pool_release.patch rename to images/nginx/rootfs/patches/nginx-1.21.4-init_cycle_pool_release.patch index aa2df4660..9cfa4f7cb 100644 --- a/images/nginx/rootfs/patches/nginx-1.19.9-init_cycle_pool_release.patch +++ b/images/nginx/rootfs/patches/nginx-1.21.4-init_cycle_pool_release.patch @@ -1,6 +1,6 @@ -diff -rup nginx-1.19.9/src/core/nginx.c nginx-1.19.9-patched/src/core/nginx.c ---- nginx-1.19.9/src/core/nginx.c 2017-12-17 00:00:38.136470108 -0800 -+++ nginx-1.19.9-patched/src/core/nginx.c 2017-12-16 23:59:51.680958322 -0800 +diff -rup nginx-1.21.4/src/core/nginx.c nginx-1.21.4-patched/src/core/nginx.c +--- nginx-1.21.4/src/core/nginx.c 2017-12-17 00:00:38.136470108 -0800 ++++ nginx-1.21.4-patched/src/core/nginx.c 2017-12-16 23:59:51.680958322 -0800 @@ -186,6 +186,7 @@ static u_char *ngx_prefix; static u_char *ngx_conf_file; static u_char *ngx_conf_params; @@ -18,9 +18,9 @@ diff -rup nginx-1.19.9/src/core/nginx.c nginx-1.19.9-patched/src/core/nginx.c if (ngx_save_argv(&init_cycle, argc, argv) != NGX_OK) { return 1; } -diff -rup nginx-1.19.9/src/core/ngx_core.h nginx-1.19.9-patched/src/core/ngx_core.h ---- nginx-1.19.9/src/core/ngx_core.h 2017-10-10 08:22:51.000000000 -0700 -+++ nginx-1.19.9-patched/src/core/ngx_core.h 2017-12-16 23:59:51.679958370 -0800 +diff -rup nginx-1.21.4/src/core/ngx_core.h nginx-1.21.4-patched/src/core/ngx_core.h +--- nginx-1.21.4/src/core/ngx_core.h 2017-10-10 08:22:51.000000000 -0700 ++++ nginx-1.21.4-patched/src/core/ngx_core.h 2017-12-16 23:59:51.679958370 -0800 @@ -108,4 +108,6 @@ void ngx_cpuinfo(void); #define NGX_DISABLE_SYMLINKS_NOTOWNER 2 #endif @@ -28,9 +28,9 @@ diff -rup nginx-1.19.9/src/core/ngx_core.h nginx-1.19.9-patched/src/core/ngx_cor +extern ngx_pool_t *saved_init_cycle_pool; + #endif /* _NGX_CORE_H_INCLUDED_ */ -diff -rup nginx-1.19.9/src/core/ngx_cycle.c nginx-1.19.9-patched/src/core/ngx_cycle.c ---- nginx-1.19.9/src/core/ngx_cycle.c 2017-10-10 08:22:51.000000000 -0700 -+++ nginx-1.19.9-patched/src/core/ngx_cycle.c 2017-12-16 23:59:51.678958419 -0800 +diff -rup nginx-1.21.4/src/core/ngx_cycle.c nginx-1.21.4-patched/src/core/ngx_cycle.c +--- nginx-1.21.4/src/core/ngx_cycle.c 2017-10-10 08:22:51.000000000 -0700 ++++ nginx-1.21.4-patched/src/core/ngx_cycle.c 2017-12-16 23:59:51.678958419 -0800 @@ -748,6 +748,10 @@ old_shm_zone_done: if (ngx_process == NGX_PROCESS_MASTER || ngx_is_init_cycle(old_cycle)) { @@ -42,9 +42,9 @@ diff -rup nginx-1.19.9/src/core/ngx_cycle.c nginx-1.19.9-patched/src/core/ngx_cy ngx_destroy_pool(old_cycle->pool); cycle->old_cycle = NULL; -diff -rup nginx-1.19.9/src/os/unix/ngx_process_cycle.c nginx-1.19.9-patched/src/os/unix/ngx_process_cycle.c ---- nginx-1.19.9/src/os/unix/ngx_process_cycle.c 2017-12-17 00:00:38.142469762 -0800 -+++ nginx-1.19.9-patched/src/os/unix/ngx_process_cycle.c 2017-12-16 23:59:51.691957791 -0800 +diff -rup nginx-1.21.4/src/os/unix/ngx_process_cycle.c nginx-1.21.4-patched/src/os/unix/ngx_process_cycle.c +--- nginx-1.21.4/src/os/unix/ngx_process_cycle.c 2017-12-17 00:00:38.142469762 -0800 ++++ nginx-1.21.4-patched/src/os/unix/ngx_process_cycle.c 2017-12-16 23:59:51.691957791 -0800 @@ -687,6 +692,11 @@ ngx_master_process_exit(ngx_cycle_t *cyc ngx_exit_cycle.files_n = ngx_cycle->files_n; ngx_cycle = &ngx_exit_cycle; diff --git a/images/nginx/rootfs/patches/nginx-1.19.9-larger_max_error_str.patch b/images/nginx/rootfs/patches/nginx-1.21.4-larger_max_error_str.patch similarity index 62% rename from images/nginx/rootfs/patches/nginx-1.19.9-larger_max_error_str.patch rename to images/nginx/rootfs/patches/nginx-1.21.4-larger_max_error_str.patch index 0628d3abb..c89032c9f 100644 --- a/images/nginx/rootfs/patches/nginx-1.19.9-larger_max_error_str.patch +++ b/images/nginx/rootfs/patches/nginx-1.21.4-larger_max_error_str.patch @@ -1,5 +1,5 @@ ---- nginx-1.19.9/src/core/ngx_log.h 2013-10-08 05:07:14.000000000 -0700 -+++ nginx-1.19.9-patched/src/core/ngx_log.h 2013-12-05 20:35:35.996236720 -0800 +--- nginx-1.21.4/src/core/ngx_log.h 2013-10-08 05:07:14.000000000 -0700 ++++ nginx-1.21.4-patched/src/core/ngx_log.h 2013-12-05 20:35:35.996236720 -0800 @@ -64,7 +64,9 @@ struct ngx_log_s { }; diff --git a/images/nginx/rootfs/patches/nginx-1.21.4-no_Werror.patch b/images/nginx/rootfs/patches/nginx-1.21.4-no_Werror.patch new file mode 100644 index 000000000..f4d6fd0e5 --- /dev/null +++ b/images/nginx/rootfs/patches/nginx-1.21.4-no_Werror.patch @@ -0,0 +1,36 @@ +diff -urp nginx-1.21.4/auto/cc/clang nginx-1.21.4-patched/auto/cc/clang +--- nginx-1.21.4/auto/cc/clang 2014-03-04 03:39:24.000000000 -0800 ++++ nginx-1.21.4-patched/auto/cc/clang 2014-03-13 20:54:26.241413360 -0700 +@@ -89,7 +89,7 @@ CFLAGS="$CFLAGS -Wconditional-uninitiali + CFLAGS="$CFLAGS -Wno-unused-parameter" + + # stop on warning +-CFLAGS="$CFLAGS -Werror" ++#CFLAGS="$CFLAGS -Werror" + + # debug + CFLAGS="$CFLAGS -g" +diff -urp nginx-1.21.4/auto/cc/gcc nginx-1.21.4-patched/auto/cc/gcc +--- nginx-1.21.4/auto/cc/gcc 2014-03-04 03:39:24.000000000 -0800 ++++ nginx-1.21.4-patched/auto/cc/gcc 2014-03-13 20:54:13.301355329 -0700 +@@ -168,7 +168,7 @@ esac + + + # stop on warning +-CFLAGS="$CFLAGS -Werror" ++#CFLAGS="$CFLAGS -Werror" + + # debug + CFLAGS="$CFLAGS -g" +diff -urp nginx-1.21.4/auto/cc/icc nginx-1.21.4-patched/auto/cc/icc +--- nginx-1.21.4/auto/cc/icc 2014-03-04 03:39:24.000000000 -0800 ++++ nginx-1.21.4-patched/auto/cc/icc 2014-03-13 20:54:13.301355329 -0700 +@@ -115,7 +115,7 @@ case "$NGX_ICC_VER" in + esac + + # stop on warning +-CFLAGS="$CFLAGS -Werror" ++#CFLAGS="$CFLAGS -Werror" + + # debug + CFLAGS="$CFLAGS -g" diff --git a/images/nginx/rootfs/patches/nginx-1.19.9-proxy_host_port_vars.patch b/images/nginx/rootfs/patches/nginx-1.21.4-proxy_host_port_vars.patch similarity index 87% rename from images/nginx/rootfs/patches/nginx-1.19.9-proxy_host_port_vars.patch rename to images/nginx/rootfs/patches/nginx-1.21.4-proxy_host_port_vars.patch index 25282bda3..01cebd65a 100644 --- a/images/nginx/rootfs/patches/nginx-1.19.9-proxy_host_port_vars.patch +++ b/images/nginx/rootfs/patches/nginx-1.21.4-proxy_host_port_vars.patch @@ -1,5 +1,5 @@ ---- nginx-1.19.9/src/http/modules/ngx_http_proxy_module.c 2017-07-16 14:02:51.000000000 +0800 -+++ nginx-1.19.9-patched/src/http/modules/ngx_http_proxy_module.c 2017-07-16 14:02:51.000000000 +0800 +--- nginx-1.21.4/src/http/modules/ngx_http_proxy_module.c 2017-07-16 14:02:51.000000000 +0800 ++++ nginx-1.21.4-patched/src/http/modules/ngx_http_proxy_module.c 2017-07-16 14:02:51.000000000 +0800 @@ -793,13 +793,13 @@ static ngx_keyval_t ngx_http_proxy_cach static ngx_http_variable_t ngx_http_proxy_vars[] = { diff --git a/images/nginx/rootfs/patches/nginx-1.19.9-resolver_conf_parsing.patch b/images/nginx/rootfs/patches/nginx-1.21.4-resolver_conf_parsing.patch similarity index 100% rename from images/nginx/rootfs/patches/nginx-1.19.9-resolver_conf_parsing.patch rename to images/nginx/rootfs/patches/nginx-1.21.4-resolver_conf_parsing.patch diff --git a/images/nginx/rootfs/patches/nginx-1.19.9-reuseport_close_unused_fds.patch b/images/nginx/rootfs/patches/nginx-1.21.4-reuseport_close_unused_fds.patch similarity index 100% rename from images/nginx/rootfs/patches/nginx-1.19.9-reuseport_close_unused_fds.patch rename to images/nginx/rootfs/patches/nginx-1.21.4-reuseport_close_unused_fds.patch diff --git a/images/nginx/rootfs/patches/nginx-1.19.9-single_process_graceful_exit.patch b/images/nginx/rootfs/patches/nginx-1.21.4-single_process_graceful_exit.patch similarity index 100% rename from images/nginx/rootfs/patches/nginx-1.19.9-single_process_graceful_exit.patch rename to images/nginx/rootfs/patches/nginx-1.21.4-single_process_graceful_exit.patch diff --git a/images/nginx/rootfs/patches/nginx-1.19.9-socket_cloexec.patch b/images/nginx/rootfs/patches/nginx-1.21.4-socket_cloexec.patch similarity index 100% rename from images/nginx/rootfs/patches/nginx-1.19.9-socket_cloexec.patch rename to images/nginx/rootfs/patches/nginx-1.21.4-socket_cloexec.patch diff --git a/images/nginx/rootfs/patches/nginx-1.19.9-ssl_cert_cb_yield.patch b/images/nginx/rootfs/patches/nginx-1.21.4-ssl_cert_cb_yield.patch similarity index 100% rename from images/nginx/rootfs/patches/nginx-1.19.9-ssl_cert_cb_yield.patch rename to images/nginx/rootfs/patches/nginx-1.21.4-ssl_cert_cb_yield.patch diff --git a/images/nginx/rootfs/patches/nginx-1.19.9-ssl_sess_cb_yield.patch b/images/nginx/rootfs/patches/nginx-1.21.4-ssl_sess_cb_yield.patch similarity index 100% rename from images/nginx/rootfs/patches/nginx-1.19.9-ssl_sess_cb_yield.patch rename to images/nginx/rootfs/patches/nginx-1.21.4-ssl_sess_cb_yield.patch diff --git a/images/nginx/rootfs/patches/nginx-1.19.9-stream_proxy_get_next_upstream_tries.patch b/images/nginx/rootfs/patches/nginx-1.21.4-stream_proxy_get_next_upstream_tries.patch similarity index 100% rename from images/nginx/rootfs/patches/nginx-1.19.9-stream_proxy_get_next_upstream_tries.patch rename to images/nginx/rootfs/patches/nginx-1.21.4-stream_proxy_get_next_upstream_tries.patch diff --git a/images/nginx/rootfs/patches/nginx-1.19.9-stream_ssl_preread_no_skip.patch b/images/nginx/rootfs/patches/nginx-1.21.4-stream_ssl_preread_no_skip.patch similarity index 100% rename from images/nginx/rootfs/patches/nginx-1.19.9-stream_ssl_preread_no_skip.patch rename to images/nginx/rootfs/patches/nginx-1.21.4-stream_ssl_preread_no_skip.patch diff --git a/images/nginx/rootfs/patches/nginx-1.19.9-upstream_pipelining.patch b/images/nginx/rootfs/patches/nginx-1.21.4-upstream_pipelining.patch similarity index 100% rename from images/nginx/rootfs/patches/nginx-1.19.9-upstream_pipelining.patch rename to images/nginx/rootfs/patches/nginx-1.21.4-upstream_pipelining.patch diff --git a/images/nginx/rootfs/patches/nginx-1.19.9-upstream_timeout_fields.patch b/images/nginx/rootfs/patches/nginx-1.21.4-upstream_timeout_fields.patch similarity index 100% rename from images/nginx/rootfs/patches/nginx-1.19.9-upstream_timeout_fields.patch rename to images/nginx/rootfs/patches/nginx-1.21.4-upstream_timeout_fields.patch diff --git a/images/nginx/rootfs/patches/patch.2021.resolver.txt b/images/nginx/rootfs/patches/patch.2021.resolver.txt deleted file mode 100644 index 6c895e61c..000000000 --- a/images/nginx/rootfs/patches/patch.2021.resolver.txt +++ /dev/null @@ -1,23 +0,0 @@ -diff --git src/core/ngx_resolver.c src/core/ngx_resolver.c ---- src/core/ngx_resolver.c -+++ src/core/ngx_resolver.c -@@ -4008,15 +4008,15 @@ done: - n = *src++; - - } else { -+ if (dst != name->data) { -+ *dst++ = '.'; -+ } -+ - ngx_strlow(dst, src, n); - dst += n; - src += n; - - n = *src++; -- -- if (n != 0) { -- *dst++ = '.'; -- } - } - - if (n == 0) { From 0b5e0685112e4537ee20a0bdbba451e9f6158aa3 Mon Sep 17 00:00:00 2001 From: Jintao Zhang Date: Mon, 31 Oct 2022 22:10:45 +0800 Subject: [PATCH 138/166] chore: update NGINX to 1.21.6 (#9231) Signed-off-by: Jintao Zhang Signed-off-by: Jintao Zhang --- images/nginx/rootfs/build.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/images/nginx/rootfs/build.sh b/images/nginx/rootfs/build.sh index cfea7b7c8..5a6394fd9 100755 --- a/images/nginx/rootfs/build.sh +++ b/images/nginx/rootfs/build.sh @@ -18,7 +18,7 @@ set -o errexit set -o nounset set -o pipefail -export NGINX_VERSION=1.21.4 +export NGINX_VERSION=1.21.6 # Check for recent changes: https://github.com/vision5/ngx_devel_kit/compare/v0.3.1...master export NDK_VERSION=0.3.1 @@ -202,7 +202,7 @@ mkdir --verbose -p "$BUILD_PATH" cd "$BUILD_PATH" # download, verify and extract the source files -get_src d1f72f474e71bcaaf465dcc7e6f7b6a4705e4b1ed95c581af31df697551f3bfe \ +get_src 66dc7081488811e9f925719e34d1b4504c2801c81dee2920e5452a86b11405ae \ "https://nginx.org/download/nginx-$NGINX_VERSION.tar.gz" get_src 0e971105e210d272a497567fa2e2c256f4e39b845a5ba80d373e26ba1abfbd85 \ From 8c698778a3c0a14a3c2579a451cb5aede294d8c7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 31 Oct 2022 09:24:45 -0700 Subject: [PATCH 139/166] Bump actions/dependency-review-action from 2.5.0 to 2.5.1 (#9237) Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 2.5.0 to 2.5.1. - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](https://github.com/actions/dependency-review-action/compare/fd675ced9c17f1393071e1a2e685ab527e585a0c...0efb1d1d84fc9633afcdaad14c485cbbc90ef46c) --- updated-dependencies: - dependency-name: actions/dependency-review-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/depreview.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/depreview.yaml b/.github/workflows/depreview.yaml index 18ab95a6a..85c91d664 100644 --- a/.github/workflows/depreview.yaml +++ b/.github/workflows/depreview.yaml @@ -11,4 +11,4 @@ jobs: - name: 'Checkout Repository' uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 #v3.0.2 - name: 'Dependency Review' - uses: actions/dependency-review-action@fd675ced9c17f1393071e1a2e685ab527e585a0c #v2.0.2 + uses: actions/dependency-review-action@0efb1d1d84fc9633afcdaad14c485cbbc90ef46c #v2.0.2 From 709e984ff673664996fd67b12ec195bdbfa3896c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 4 Nov 2022 09:52:15 -0700 Subject: [PATCH 140/166] Bump github/codeql-action from 2.1.28 to 2.1.29 (#9236) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.28 to 2.1.29. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/cc7986c02bac29104a72998e67239bb5ee2ee110...ec3cf9c605b848da5f1e41e8452719eb1ccfb9a6) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/scorecards.yml | 2 +- .github/workflows/vulnerability-scans.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 762634db0..90fb2d3d4 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -57,6 +57,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@cc7986c02bac29104a72998e67239bb5ee2ee110 # v2.1.14 + uses: github/codeql-action/upload-sarif@ec3cf9c605b848da5f1e41e8452719eb1ccfb9a6 # v2.1.14 with: sarif_file: results.sarif diff --git a/.github/workflows/vulnerability-scans.yaml b/.github/workflows/vulnerability-scans.yaml index 34c4f1901..004370a90 100644 --- a/.github/workflows/vulnerability-scans.yaml +++ b/.github/workflows/vulnerability-scans.yaml @@ -75,7 +75,7 @@ jobs: # This step checks out a copy of your repository. - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@cc7986c02bac29104a72998e67239bb5ee2ee110 + uses: github/codeql-action/upload-sarif@ec3cf9c605b848da5f1e41e8452719eb1ccfb9a6 with: token: ${{ github.token }} # Path to SARIF file relative to the root of the repository From 12c60288ffc829f22ba23ea53bbb9660e91fd85d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 4 Nov 2022 09:54:14 -0700 Subject: [PATCH 141/166] Bump github.com/spf13/cobra from 1.6.0 to 1.6.1 (#9233) Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.6.0 to 1.6.1. - [Release notes](https://github.com/spf13/cobra/releases) - [Commits](https://github.com/spf13/cobra/compare/v1.6.0...v1.6.1) --- updated-dependencies: - dependency-name: github.com/spf13/cobra dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index a1b307b36..58c4c58de 100644 --- a/go.mod +++ b/go.mod @@ -20,7 +20,7 @@ require ( github.com/prometheus/client_golang v1.13.0 github.com/prometheus/client_model v0.3.0 github.com/prometheus/common v0.37.0 - github.com/spf13/cobra v1.6.0 + github.com/spf13/cobra v1.6.1 github.com/spf13/pflag v1.0.5 github.com/stretchr/testify v1.8.1 github.com/yudai/gojsondiff v1.0.0 diff --git a/go.sum b/go.sum index 529555a3a..30d65e6b4 100644 --- a/go.sum +++ b/go.sum @@ -550,8 +550,8 @@ github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkU github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= github.com/spf13/cobra v1.1.3/go.mod h1:pGADOWyqRD/YMrPZigI/zbliZ2wVD/23d+is3pSWzOo= github.com/spf13/cobra v1.2.1/go.mod h1:ExllRjgxM/piMAM+3tAZvg8fsklGAf3tPfi+i8t68Nk= -github.com/spf13/cobra v1.6.0 h1:42a0n6jwCot1pUmomAp4T7DeMD+20LFv4Q54pxLf2LI= -github.com/spf13/cobra v1.6.0/go.mod h1:IOw/AERYS7UzyrGinqmz6HLUo219MORXGxhbaJUqzrY= +github.com/spf13/cobra v1.6.1 h1:o94oiPyS4KD1mPy2fmcYYHHfCxLqYjJOhGsCHFZtEzA= +github.com/spf13/cobra v1.6.1/go.mod h1:IOw/AERYS7UzyrGinqmz6HLUo219MORXGxhbaJUqzrY= github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo= github.com/spf13/jwalterweatherman v1.1.0/go.mod h1:aNWZUN0dPAAO/Ljvb5BEdw96iTZ0EXowPYD95IqWIGo= github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= From cf4fb7d8120b770abac78d28d90971266fa83449 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 4 Nov 2022 09:56:14 -0700 Subject: [PATCH 142/166] Bump actions/upload-artifact from 3.1.0 to 3.1.1 (#9234) Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 3.1.0 to 3.1.1. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/3cea5372237819ed00197afe530f5a7ea3e805c8...83fd05a356d7e2593de66fc9913b3002723633cb) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci.yaml | 2 +- .github/workflows/scorecards.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 25cc509f0..7c61d2e4a 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -114,7 +114,7 @@ jobs: | pigz > docker.tar.gz - name: cache - uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # v3.1.0 + uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb # v3.1.1 with: name: docker.tar.gz path: docker.tar.gz diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 90fb2d3d4..fae11715f 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -49,7 +49,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # v3.0.0 + uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb # v3.0.0 with: name: SARIF file path: results.sarif From 3c32413e30703383ddf32bbe9a1e531d4169e6d4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 4 Nov 2022 09:58:14 -0700 Subject: [PATCH 143/166] Bump azure/setup-helm from 3.3 to 3.4 (#9235) Bumps [azure/setup-helm](https://github.com/azure/setup-helm) from 3.3 to 3.4. - [Release notes](https://github.com/azure/setup-helm/releases) - [Commits](https://github.com/azure/setup-helm/compare/b5b231a831f96336bbfeccc1329990f0005c5bb1...f382f75448129b3be48f8121b9857be18d815a82) --- updated-dependencies: - dependency-name: azure/setup-helm dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 7c61d2e4a..3410b326b 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -239,7 +239,7 @@ jobs: failOnError: false - name: Prepare cluster for testing - uses: azure/setup-helm@b5b231a831f96336bbfeccc1329990f0005c5bb1 #v2.1 + uses: azure/setup-helm@f382f75448129b3be48f8121b9857be18d815a82 #v2.1 with: version: 'v3.8.0' id: local-path @@ -296,7 +296,7 @@ jobs: failOnError: false - name: Prepare cluster for testing - uses: azure/setup-helm@b5b231a831f96336bbfeccc1329990f0005c5bb1 #v2.1 + uses: azure/setup-helm@f382f75448129b3be48f8121b9857be18d815a82 #v2.1 with: version: 'v3.8.0' id: local-path From 490ecffc5242be8c54f8735d4af4d4ccad39acb7 Mon Sep 17 00:00:00 2001 From: Tomas Hulata Date: Sat, 5 Nov 2022 22:22:15 +0100 Subject: [PATCH 144/166] fix svc long name (#9245) Signed-off-by: tombokombo Signed-off-by: tombokombo --- .../ingress/controller/store/endpointslice.go | 15 ++++- .../controller/store/endpointslice_test.go | 39 +++++++++++++ test/e2e/e2e.go | 1 + test/e2e/endpointslices/longname.go | 55 +++++++++++++++++++ test/e2e/framework/deployment.go | 6 ++ 5 files changed, 115 insertions(+), 1 deletion(-) create mode 100644 test/e2e/endpointslices/longname.go diff --git a/internal/ingress/controller/store/endpointslice.go b/internal/ingress/controller/store/endpointslice.go index fdd7374e9..78d088695 100644 --- a/internal/ingress/controller/store/endpointslice.go +++ b/internal/ingress/controller/store/endpointslice.go @@ -21,6 +21,7 @@ import ( "strings" discoveryv1 "k8s.io/api/discovery/v1" + apiNames "k8s.io/apiserver/pkg/storage/names" "k8s.io/client-go/tools/cache" ) @@ -32,9 +33,21 @@ type EndpointSliceLister struct { // MatchByKey returns the EndpointsSlices of the Service matching key in the local Endpoint Store. func (s *EndpointSliceLister) MatchByKey(key string) ([]*discoveryv1.EndpointSlice, error) { var eps []*discoveryv1.EndpointSlice + keyNsLen := strings.Index(key, "/") + if keyNsLen < -1 { + keyNsLen = 0 + } else { + // count '/' char + keyNsLen += 1 + } // filter endpointSlices owned by svc for _, listKey := range s.ListKeys() { - if !strings.HasPrefix(listKey, key) { + if len(key) < (apiNames.MaxGeneratedNameLength+keyNsLen) && !strings.HasPrefix(listKey, key) { + continue + } + // generated endpointslices names has truncated svc name as prefix when svc name is too long, we compare only non truncated part + // https://github.com/kubernetes/ingress-nginx/issues/9240 + if len(key) >= (apiNames.MaxGeneratedNameLength+keyNsLen) && !strings.HasPrefix(listKey, key[:apiNames.MaxGeneratedNameLength+keyNsLen-1]) { continue } epss, exists, err := s.GetByKey(listKey) diff --git a/internal/ingress/controller/store/endpointslice_test.go b/internal/ingress/controller/store/endpointslice_test.go index fdc51c0e4..e12a98c2f 100644 --- a/internal/ingress/controller/store/endpointslice_test.go +++ b/internal/ingress/controller/store/endpointslice_test.go @@ -17,6 +17,7 @@ limitations under the License. package store import ( + "fmt" "testing" discoveryv1 "k8s.io/api/discovery/v1" @@ -91,4 +92,42 @@ func TestEndpointSliceLister(t *testing.T) { t.Errorf("expected %v, error, got %v", endpointSlice.GetName(), eps[0].GetName()) } }) + t.Run("svc long name", func(t *testing.T) { + el := newEndpointSliceLister(t) + ns := "namespace" + ns2 := "another-ns" + svcName := "test-backend-http-test-http-test-http-test-http-test-http-truncated" + svcName2 := "another-long-svc-name-for-test-inhttp-test-http-test-http-truncated" + key := fmt.Sprintf("%s/%s", ns, svcName) + endpointSlice := &discoveryv1.EndpointSlice{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: ns, + Name: "test-backend-http-test-http-test-http-test-http-test-http-bar88", + Labels: map[string]string{ + discoveryv1.LabelServiceName: svcName, + }, + }, + } + el.Add(endpointSlice) + endpointSlice2 := &discoveryv1.EndpointSlice{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: ns2, + Name: "another-long-svc-name-for-test-inhttp-test-http-test-http-bar88", + Labels: map[string]string{ + discoveryv1.LabelServiceName: svcName2, + }, + }, + } + el.Add(endpointSlice2) + eps, err := el.MatchByKey(key) + if err != nil { + t.Errorf("unexpeted error %v", err) + } + if len(eps) != 1 { + t.Errorf("expected one slice %v, error, got %d slices", endpointSlice, len(eps)) + } + if len(eps) == 1 && eps[0].Labels[discoveryv1.LabelServiceName] != svcName { + t.Errorf("expected slice %v, error, got %v slices", endpointSlice, eps[0]) + } + }) } diff --git a/test/e2e/e2e.go b/test/e2e/e2e.go index c7010b977..57b047230 100644 --- a/test/e2e/e2e.go +++ b/test/e2e/e2e.go @@ -34,6 +34,7 @@ import ( _ "k8s.io/ingress-nginx/test/e2e/annotations/modsecurity" _ "k8s.io/ingress-nginx/test/e2e/dbg" _ "k8s.io/ingress-nginx/test/e2e/defaultbackend" + _ "k8s.io/ingress-nginx/test/e2e/endpointslices" _ "k8s.io/ingress-nginx/test/e2e/gracefulshutdown" _ "k8s.io/ingress-nginx/test/e2e/ingress" _ "k8s.io/ingress-nginx/test/e2e/leaks" diff --git a/test/e2e/endpointslices/longname.go b/test/e2e/endpointslices/longname.go new file mode 100644 index 000000000..0adb66767 --- /dev/null +++ b/test/e2e/endpointslices/longname.go @@ -0,0 +1,55 @@ +/* +Copyright 2022 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package endpointslices + +import ( + "fmt" + "net/http" + "strings" + + "github.com/onsi/ginkgo/v2" + + "k8s.io/ingress-nginx/test/e2e/framework" +) + +var _ = framework.IngressNginxDescribe("[Endpointslices] long service name", func() { + f := framework.NewDefaultFramework("endpointslices") + host := "longsvcname.foo.com" + name := "long-name-foobar-foobar-foobar-foobar-foobar-bar-foo-bar-foobuz" + + ginkgo.BeforeEach(func() { + f.NewEchoDeployment(framework.WithName(name)) + }) + + ginkgo.It("should return 200 when service name has max allowed number of characters 63", func() { + + annotations := make(map[string]string) + ing := framework.NewSingleIngress(host, "/", host, f.Namespace, name, 80, annotations) + f.EnsureIngress(ing) + + f.WaitForNginxServer(host, func(server string) bool { + return strings.Contains(server, fmt.Sprintf("server_name %s", host)) + }) + + ginkgo.By("checking if the service is reached") + f.HTTPTestClient(). + GET("/"). + WithHeader("Host", host). + Expect(). + Status(http.StatusOK) + }) +}) diff --git a/test/e2e/framework/deployment.go b/test/e2e/framework/deployment.go index b37060af1..cb6ef9acc 100644 --- a/test/e2e/framework/deployment.go +++ b/test/e2e/framework/deployment.go @@ -67,6 +67,12 @@ func WithDeploymentReplicas(r int) func(*deploymentOptions) { } } +func WithName(n string) func(*deploymentOptions) { + return func(o *deploymentOptions) { + o.name = n + } +} + // NewEchoDeployment creates a new single replica deployment of the echo server image in a particular namespace func (f *Framework) NewEchoDeployment(opts ...func(*deploymentOptions)) { options := &deploymentOptions{ From 4bd7e176d81a8a055aeddf678626cce99190b96e Mon Sep 17 00:00:00 2001 From: James Strong Date: Sun, 6 Nov 2022 18:36:16 -0500 Subject: [PATCH 145/166] update base image of nginx to 1.21.6 (#9257) * add workflow dispatch and update nginx base Signed-off-by: James Strong * e2e were failing, added a go mod tidy Signed-off-by: James Strong * e2e were failing, added a go mod tidy Signed-off-by: James Strong * push mod and sum from main Signed-off-by: James Strong * Update NGINX_BASE Co-authored-by: Jintao Zhang Signed-off-by: James Strong Co-authored-by: Jintao Zhang --- .github/workflows/ci.yaml | 15 ++++++++++++--- NGINX_BASE | 2 +- 2 files changed, 13 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 3410b326b..695799991 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -9,6 +9,13 @@ on: branches: - main + workflow_dispatch: + inputs: + run_e2e: + description: 'Force e2e to run' + required: true + type: boolean + permissions: contents: read @@ -40,9 +47,11 @@ jobs: - 'rootfs/**/*' - 'TAG' - 'test/e2e/**/*' + - 'NGINX_BASE' charts: - 'charts/ingress-nginx/Chart.yaml' - 'charts/ingress-nginx/**/*' + - 'NGINX_BASE' security: @@ -126,7 +135,7 @@ jobs: - changes - build if: | - (needs.changes.outputs.charts == 'true') + (needs.changes.outputs.charts == 'true') || ${{ inputs.run_e2e }} strategy: matrix: @@ -209,7 +218,7 @@ jobs: - changes - build if: | - (needs.changes.outputs.go == 'true') + (needs.changes.outputs.go == 'true') || ${{ inputs.run_e2e }} strategy: matrix: @@ -266,7 +275,7 @@ jobs: - changes - build if: | - (needs.changes.outputs.go == 'true') + (needs.changes.outputs.go == 'true') || ${{ inputs.run_e2e }} strategy: matrix: diff --git a/NGINX_BASE b/NGINX_BASE index bc477308f..45654c627 100644 --- a/NGINX_BASE +++ b/NGINX_BASE @@ -1 +1 @@ -registry.k8s.io/ingress-nginx/nginx:9fdbef829c327b95a3c6d6816a301df41bda997f@sha256:46c27294e467f46d0006ad1eb5fd3f7005eb3cbd00dd43be2ed9b02edfc6e828 +registry.k8s.io/ingress-nginx/nginx:0b5e0685112e4537ee20a0bdbba451e9f6158aa3@sha256:3f5e28bb248d5170e77b77fc2a1a385724aeff41a0b34b5afad7dd9cf93de000 From 5a42ec4f35ae6d62b240f61ceb075459aaece16e Mon Sep 17 00:00:00 2001 From: Ehsan Saei <71217171+esigo@users.noreply.github.com> Date: Tue, 8 Nov 2022 00:44:17 +0100 Subject: [PATCH 146/166] Fix CVE-2022-32149 (#9258) * Fix CVE-2022-32149 * fix CI --- go.sum | 9 --------- images/ext-auth-example-authsvc/rootfs/go.sum | 7 +------ images/kube-webhook-certgen/rootfs/go.mod | 4 ++-- images/kube-webhook-certgen/rootfs/go.sum | 13 ++++--------- 4 files changed, 7 insertions(+), 26 deletions(-) diff --git a/go.sum b/go.sum index 30d65e6b4..caed22265 100644 --- a/go.sum +++ b/go.sum @@ -862,15 +862,6 @@ golang.org/x/term v0.0.0-20210615171337-6886f2dfbf5b/go.mod h1:jbD1KX2456YbFQfuX golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.1.0 h1:g6Z6vPFA9dYBAF7DWcH6sCcOntplXsDKcliusYijMlw= golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= -golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.4.0 h1:BrVqGRd7+k1DiOgtnFvAkoQEWQvBc25ouMJM6429SFg= golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= diff --git a/images/ext-auth-example-authsvc/rootfs/go.sum b/images/ext-auth-example-authsvc/rootfs/go.sum index 6e3fab295..045452c23 100644 --- a/images/ext-auth-example-authsvc/rootfs/go.sum +++ b/images/ext-auth-example-authsvc/rootfs/go.sum @@ -141,12 +141,7 @@ golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210831042530-f4d43177bf5e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= -golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= -golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= +golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= diff --git a/images/kube-webhook-certgen/rootfs/go.mod b/images/kube-webhook-certgen/rootfs/go.mod index 5ac181823..22c4424ea 100644 --- a/images/kube-webhook-certgen/rootfs/go.mod +++ b/images/kube-webhook-certgen/rootfs/go.mod @@ -31,9 +31,9 @@ require ( github.com/tidwall/gjson v1.14.0 // indirect golang.org/x/net v0.0.0-20211209124913-491a49abca63 // indirect golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d // indirect - golang.org/x/sys v0.0.0-20210616094352-59db8d763f22 // indirect + golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f // indirect golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d // indirect - golang.org/x/text v0.3.6 // indirect + golang.org/x/text v0.4.0 // indirect golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac // indirect google.golang.org/appengine v1.6.5 // indirect google.golang.org/protobuf v1.26.0 // indirect diff --git a/images/kube-webhook-certgen/rootfs/go.sum b/images/kube-webhook-certgen/rootfs/go.sum index 5889d4e49..13ce4b641 100644 --- a/images/kube-webhook-certgen/rootfs/go.sum +++ b/images/kube-webhook-certgen/rootfs/go.sum @@ -543,20 +543,15 @@ golang.org/x/sys v0.0.0-20210403161142-5e06dd20ab57/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210616094352-59db8d763f22 h1:RqytpXGR1iVNX7psjB3ff8y7sNFinVFvkx1c8SjBkio= golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f h1:v4INt8xihDGvnrfjMDVXGxw9wrfxYyCjk0KbXjhR55s= +golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d h1:SZxvLBoTP5yHO3Frd4z4vrF+DBX9vMVanchswa69toE= golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= -golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= -golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.6 h1:aRYxNxv6iGQlyVaZmk6ZgYEDa+Jg18DxebPSrd6bg1M= -golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.4.0 h1:BrVqGRd7+k1DiOgtnFvAkoQEWQvBc25ouMJM6429SFg= +golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= From 90a9d6457536158b433719ff4a9a7ed5b4356c06 Mon Sep 17 00:00:00 2001 From: Ehsan Saei <71217171+esigo@users.noreply.github.com> Date: Tue, 8 Nov 2022 00:46:17 +0100 Subject: [PATCH 147/166] Fix CVE-2022-1996 (#9244) * CVE-2022-1996 * clean * fix * fix --- go.mod | 2 +- go.sum | 6 +++--- images/kube-webhook-certgen/rootfs/go.sum | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/go.mod b/go.mod index 58c4c58de..103a74005 100644 --- a/go.mod +++ b/go.mod @@ -61,7 +61,7 @@ require ( github.com/cyphar/filepath-securejoin v0.2.3 // indirect github.com/davecgh/go-spew v1.1.1 // indirect github.com/eapache/queue v1.1.0 // indirect - github.com/emicklei/go-restful/v3 v3.8.0 // indirect + github.com/emicklei/go-restful/v3 v3.9.0 // indirect github.com/evanphx/json-patch v4.12.0+incompatible // indirect github.com/fullsailor/pkcs7 v0.0.0-20160414161337-2585af45975b // indirect github.com/go-errors/errors v1.0.1 // indirect diff --git a/go.sum b/go.sum index caed22265..010a929d0 100644 --- a/go.sum +++ b/go.sum @@ -154,9 +154,9 @@ github.com/eapache/queue v1.1.0 h1:YOEu7KNc61ntiQlcEeUIoDTJ2o8mQznoNvUhiigpIqc= github.com/eapache/queue v1.1.0/go.mod h1:6eCeP0CKFpHLu8blIFXhExK/dRa7WDZfr6jVFPTqq+I= github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc= github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= -github.com/emicklei/go-restful v2.9.5+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= -github.com/emicklei/go-restful/v3 v3.8.0 h1:eCZ8ulSerjdAiaNpF7GxXIE7ZCMo1moN1qX+S609eVw= -github.com/emicklei/go-restful/v3 v3.8.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= +github.com/emicklei/go-restful v2.16.0+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= +github.com/emicklei/go-restful/v3 v3.9.0 h1:XwGDlfxEnQZzuopoqxwSEllNcCOM9DhhFyhFIIGKwxE= +github.com/emicklei/go-restful/v3 v3.9.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= diff --git a/images/kube-webhook-certgen/rootfs/go.sum b/images/kube-webhook-certgen/rootfs/go.sum index 13ce4b641..61f5a8b34 100644 --- a/images/kube-webhook-certgen/rootfs/go.sum +++ b/images/kube-webhook-certgen/rootfs/go.sum @@ -88,7 +88,7 @@ github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3 github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc= github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= -github.com/emicklei/go-restful v2.9.5+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= +github.com/emicklei/go-restful v2.16.0+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= From 5cba77c2f9d1a6a53c21df8ec4840e36c6eea414 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 7 Nov 2022 15:48:16 -0800 Subject: [PATCH 148/166] Bump github.com/prometheus/client_golang from 1.13.0 to 1.13.1 (#9262) Bumps [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) from 1.13.0 to 1.13.1. - [Release notes](https://github.com/prometheus/client_golang/releases) - [Changelog](https://github.com/prometheus/client_golang/blob/v1.13.1/CHANGELOG.md) - [Commits](https://github.com/prometheus/client_golang/compare/v1.13.0...v1.13.1) --- updated-dependencies: - dependency-name: github.com/prometheus/client_golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 103a74005..f5bc85af1 100644 --- a/go.mod +++ b/go.mod @@ -17,7 +17,7 @@ require ( github.com/onsi/ginkgo/v2 v2.4.0 github.com/opencontainers/runc v1.1.4 github.com/pmezard/go-difflib v1.0.0 - github.com/prometheus/client_golang v1.13.0 + github.com/prometheus/client_golang v1.13.1 github.com/prometheus/client_model v0.3.0 github.com/prometheus/common v0.37.0 github.com/spf13/cobra v1.6.1 diff --git a/go.sum b/go.sum index 010a929d0..4059a3604 100644 --- a/go.sum +++ b/go.sum @@ -490,8 +490,8 @@ github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5Fsn github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M= github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0= github.com/prometheus/client_golang v1.12.1/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY= -github.com/prometheus/client_golang v1.13.0 h1:b71QUfeo5M8gq2+evJdTPfZhYMAU0uKPkyPJ7TPsloU= -github.com/prometheus/client_golang v1.13.0/go.mod h1:vTeo+zgvILHsnnj/39Ou/1fPN5nJFOEMgftOUOmlvYQ= +github.com/prometheus/client_golang v1.13.1 h1:3gMjIY2+/hzmqhtUC/aQNYldJA6DtH3CgQvwS+02K1c= +github.com/prometheus/client_golang v1.13.1/go.mod h1:vTeo+zgvILHsnnj/39Ou/1fPN5nJFOEMgftOUOmlvYQ= github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= From 6b22d5a7444ae83caba8404cd1c687f3ecffc507 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 7 Nov 2022 15:50:16 -0800 Subject: [PATCH 149/166] Bump github/codeql-action from 2.1.29 to 2.1.31 (#9263) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.29 to 2.1.31. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/ec3cf9c605b848da5f1e41e8452719eb1ccfb9a6...c3b6fce4ee2ca25bc1066aa3bf73962fda0e8898) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/scorecards.yml | 2 +- .github/workflows/vulnerability-scans.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index fae11715f..7e936c08b 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -57,6 +57,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@ec3cf9c605b848da5f1e41e8452719eb1ccfb9a6 # v2.1.14 + uses: github/codeql-action/upload-sarif@c3b6fce4ee2ca25bc1066aa3bf73962fda0e8898 # v2.1.14 with: sarif_file: results.sarif diff --git a/.github/workflows/vulnerability-scans.yaml b/.github/workflows/vulnerability-scans.yaml index 004370a90..f33a550dd 100644 --- a/.github/workflows/vulnerability-scans.yaml +++ b/.github/workflows/vulnerability-scans.yaml @@ -75,7 +75,7 @@ jobs: # This step checks out a copy of your repository. - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@ec3cf9c605b848da5f1e41e8452719eb1ccfb9a6 + uses: github/codeql-action/upload-sarif@c3b6fce4ee2ca25bc1066aa3bf73962fda0e8898 with: token: ${{ github.token }} # Path to SARIF file relative to the root of the repository From 644f05dd755fe595fb9ca7dcf4d5609b2dd3e99c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 7 Nov 2022 15:52:16 -0800 Subject: [PATCH 150/166] Bump aquasecurity/trivy-action from 0.7.1 to 0.8.0 (#9264) Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.7.1 to 0.8.0. - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/d63413b0a4a4482237085319f7f4a1ce99a8f2ac...9ab158e8597f3b310480b9a69402b419bc03dbd5) --- updated-dependencies: - dependency-name: aquasecurity/trivy-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/vulnerability-scans.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/vulnerability-scans.yaml b/.github/workflows/vulnerability-scans.yaml index f33a550dd..6cb1dada7 100644 --- a/.github/workflows/vulnerability-scans.yaml +++ b/.github/workflows/vulnerability-scans.yaml @@ -60,7 +60,7 @@ jobs: - name: Scan image with AquaSec/Trivy id: scan - uses: aquasecurity/trivy-action@d63413b0a4a4482237085319f7f4a1ce99a8f2ac #v0.5.1 + uses: aquasecurity/trivy-action@9ab158e8597f3b310480b9a69402b419bc03dbd5 #v0.5.1 with: image-ref: registry.k8s.io/ingress-nginx/controller:${{ matrix.versions }} format: 'sarif' From ae3c2464d6571ccbca7ec59b598e711127d97789 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 8 Nov 2022 00:00:34 +0000 Subject: [PATCH 151/166] Bump sigs.k8s.io/controller-runtime from 0.11.2 to 0.13.1 Bumps [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) from 0.11.2 to 0.13.1. - [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases) - [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/master/RELEASE.md) - [Commits](https://github.com/kubernetes-sigs/controller-runtime/compare/v0.11.2...v0.13.1) --- updated-dependencies: - dependency-name: sigs.k8s.io/controller-runtime dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 12 ++- go.sum | 286 ++++++--------------------------------------------------- 2 files changed, 35 insertions(+), 263 deletions(-) diff --git a/go.mod b/go.mod index f5bc85af1..3be4325f6 100644 --- a/go.mod +++ b/go.mod @@ -30,16 +30,16 @@ require ( gopkg.in/go-playground/pool.v3 v3.1.1 gopkg.in/mcuadros/go-syslog.v2 v2.3.0 k8s.io/api v0.25.3 - k8s.io/apiextensions-apiserver v0.23.5 + k8s.io/apiextensions-apiserver v0.25.0 k8s.io/apimachinery v0.25.3 k8s.io/apiserver v0.25.0 k8s.io/cli-runtime v0.25.0 k8s.io/client-go v0.25.3 - k8s.io/code-generator v0.23.5 + k8s.io/code-generator v0.25.0 k8s.io/component-base v0.25.3 k8s.io/klog/v2 v2.80.1 pault.ag/go/sniff v0.0.0-20200207005214-cf7e4d167732 - sigs.k8s.io/controller-runtime v0.11.2 + sigs.k8s.io/controller-runtime v0.13.1 sigs.k8s.io/mdtoc v1.1.0 ) @@ -63,6 +63,7 @@ require ( github.com/eapache/queue v1.1.0 // indirect github.com/emicklei/go-restful/v3 v3.9.0 // indirect github.com/evanphx/json-patch v4.12.0+incompatible // indirect + github.com/evanphx/json-patch/v5 v5.6.0 // indirect github.com/fullsailor/pkcs7 v0.0.0-20160414161337-2585af45975b // indirect github.com/go-errors/errors v1.0.1 // indirect github.com/go-logr/logr v1.2.3 // indirect @@ -86,6 +87,7 @@ require ( github.com/josharian/intern v1.0.0 // indirect github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect github.com/mailru/easyjson v0.7.6 // indirect + github.com/mattn/go-colorable v0.1.13 // indirect github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 // indirect github.com/mmarkdown/mmark v2.0.40+incompatible // indirect github.com/moby/sys/mountinfo v0.5.0 // indirect @@ -110,7 +112,7 @@ require ( golang.org/x/sys v0.1.0 // indirect golang.org/x/term v0.1.0 // indirect golang.org/x/text v0.4.0 // indirect - golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 // indirect + golang.org/x/time v0.0.0-20220609170525-579cf78fd858 // indirect golang.org/x/tools v0.2.0 // indirect google.golang.org/appengine v1.6.7 // indirect google.golang.org/genproto v0.0.0-20220502173005-c8bf987b8c21 // indirect @@ -119,7 +121,7 @@ require ( gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect - k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c // indirect + k8s.io/gengo v0.0.0-20211129171323-c02415ce4185 // indirect k8s.io/kube-openapi v0.0.0-20220803162953-67bda5d908f1 // indirect k8s.io/utils v0.0.0-20220728103510-ee6ede2d64ed // indirect sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 // indirect diff --git a/go.sum b/go.sum index 4059a3604..322c6b4aa 100644 --- a/go.sum +++ b/go.sum @@ -34,7 +34,6 @@ cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4g cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ= cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= -cloud.google.com/go/firestore v1.1.0/go.mod h1:ulACoGHTpvq5r8rxGJ4ddJZBZqakUQqClKRT5SZwBmk= cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw= cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA= @@ -45,14 +44,10 @@ cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohl cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs= cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0= dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= -github.com/Azure/go-ansiterm v0.0.0-20210608223527-2377c96fe795/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8= -github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= github.com/Azure/go-autorest v14.2.0+incompatible h1:V5VMDjClD3GiElqLWO7mz2MxNAK/vTfRHdAubSIPRgs= github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= -github.com/Azure/go-autorest/autorest v0.11.18/go.mod h1:dSiJPy22c3u0OtOKDNttNgqpNFY/GeWa7GH/Pz56QRA= github.com/Azure/go-autorest/autorest v0.11.27 h1:F3R3q42aWytozkV8ihzcgMO4OA4cuqr3bNlsEuF6//A= github.com/Azure/go-autorest/autorest v0.11.27/go.mod h1:7l8ybrIdUmGqZMTD0sRtAr8NvbHjfofbf8RSP2q7w7U= -github.com/Azure/go-autorest/autorest/adal v0.9.13/go.mod h1:W/MM4U6nLxnIskrw4UwWzlHfGjwUS50aOsc/I3yuU8M= github.com/Azure/go-autorest/autorest/adal v0.9.18/go.mod h1:XVVeme+LZwABT8K5Lc3hA4nAe8LDBVle26gTrguhhPQ= github.com/Azure/go-autorest/autorest/adal v0.9.20 h1:gJ3E98kMpFB1MFqQCvA1yFab8vthOeD4VlFRQULxahg= github.com/Azure/go-autorest/autorest/adal v0.9.20/go.mod h1:XVVeme+LZwABT8K5Lc3hA4nAe8LDBVle26gTrguhhPQ= @@ -68,8 +63,6 @@ github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBp github.com/BurntSushi/toml v0.3.1 h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB0XUf9Vl28OQ= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= -github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ= -github.com/NYTimes/gziphandler v1.1.1/go.mod h1:n/CVRwUEOgIxrgPvAQhUUr9oeUtvrhMomdKFjzJNB0c= github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= github.com/PuerkitoBio/purell v1.1.1 h1:WEQqlqaGbrPkxLJWfBwQmfEAE1Z7ONdDLqrN38tNFfI= github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= @@ -81,28 +74,15 @@ github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRF github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho= github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= -github.com/antlr/antlr4/runtime/Go/antlr v0.0.0-20210826220005-b48c857c3a0e/go.mod h1:F7bn7fEU90QkQ3tnmaTx3LTKLEDqnwWODIYppRQ5hnY= -github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o= -github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY= github.com/armon/go-proxyproto v0.0.0-20210323213023-7e956b284f0a h1:AP/vsCIvJZ129pdm9Ek7bH7yutN3hByqsMoNrWAxRQc= github.com/armon/go-proxyproto v0.0.0-20210323213023-7e956b284f0a/go.mod h1:QmP9hvJ91BbJmGVGSbutW19IC0Q9phDCLGaomwTJbgU= -github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= -github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY= -github.com/benbjohnson/clock v1.0.3/go.mod h1:bGMdMPoPVvcYyt1gHDf4J2KE153Yf9BuiUKYMaxlTDM= -github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= -github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs= -github.com/bketelsen/crypt v0.0.3-0.20200106085610-5cbc8cc4026c/go.mod h1:MKsuJmJgSg28kpZDP6UIiPt0e0Oz0kqKNGyRaWEPv84= -github.com/bketelsen/crypt v0.0.4/go.mod h1:aI6NrJ0pMGgvZKL1iVgXLnfIFJtfV+bKCoqOes/6LfM= -github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk= github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM= github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= -github.com/certifi/gocertifi v0.0.0-20191021191039-0944d244cd40/go.mod h1:sGbDF6GwGcLpkNXPUTkMRoywsNa/ol15pxFe6ERfguA= -github.com/certifi/gocertifi v0.0.0-20200922220541-2c3bb06c6054/go.mod h1:sGbDF6GwGcLpkNXPUTkMRoywsNa/ol15pxFe6ERfguA= github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/cespare/xxhash/v2 v2.1.2 h1:YRXhKfTDauu4ajMg1TPgFO5jnlC2HCbmLXMcTG5cbYE= @@ -121,40 +101,23 @@ github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWH github.com/cncf/xds/go v0.0.0-20210922020428-25de7278fc84/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cncf/xds/go v0.0.0-20211001041855-01bcc9b48dfe/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= -github.com/cockroachdb/datadriven v0.0.0-20200714090401-bf6692d28da5/go.mod h1:h6jFvWxBdQXxjopDMZyH2UVceIRfR84bdzbkoKrsWNo= -github.com/cockroachdb/errors v1.2.4/go.mod h1:rQD95gz6FARkaKkQXUksEje/d9a6wBJoCr5oaCLELYA= -github.com/cockroachdb/logtags v0.0.0-20190617123548-eb05cc24525f/go.mod h1:i/u985jwjWRlyHXQbwatDASoW0RMlZ/3i9yJHE2xLkI= github.com/containerd/console v1.0.3/go.mod h1:7LqA/THxQ86k76b8c/EMSiaJ3h1eZkMkXar0TQ1gf3U= -github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= -github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= -github.com/coreos/go-oidc v2.1.0+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc= -github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= -github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= github.com/coreos/go-systemd/v22 v22.3.2 h1:D9/bQk5vlXQFZ6Kwuu6zaiXJ9oTPe68++AzAJc1DzSI= github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= -github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= -github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= -github.com/creack/pty v1.1.11/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/cyphar/filepath-securejoin v0.2.3 h1:YX6ebbZCZP7VkM3scTTokDgBL2TY741X51MTk3ycuNI= github.com/cyphar/filepath-securejoin v0.2.3/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= -github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no= github.com/docker/go-units v0.4.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk= github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE= -github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= github.com/eapache/channels v1.1.0 h1:F1taHcn7/F0i8DYqKXJnyhJcVpp2kgFcNePxXtnyu4k= github.com/eapache/channels v1.1.0/go.mod h1:jMm2qB5Ubtg9zLd+inMZd2/NUvXgzmWXsDaLyQIGfH0= github.com/eapache/queue v1.1.0 h1:YOEu7KNc61ntiQlcEeUIoDTJ2o8mQznoNvUhiigpIqc= github.com/eapache/queue v1.1.0/go.mod h1:6eCeP0CKFpHLu8blIFXhExK/dRa7WDZfr6jVFPTqq+I= -github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc= -github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= -github.com/emicklei/go-restful v2.16.0+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= github.com/emicklei/go-restful/v3 v3.9.0 h1:XwGDlfxEnQZzuopoqxwSEllNcCOM9DhhFyhFIIGKwxE= github.com/emicklei/go-restful/v3 v3.9.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= @@ -168,19 +131,13 @@ github.com/envoyproxy/go-control-plane v0.10.2-0.20220325020618-49ff273808a1/go. github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= github.com/evanphx/json-patch v4.12.0+incompatible h1:4onqiflcdA9EOZ4RxV643DvftH5pOlLGNtQ5lPWQu84= github.com/evanphx/json-patch v4.12.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= -github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= -github.com/felixge/httpsnoop v1.0.1/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= -github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= -github.com/form3tech-oss/jwt-go v3.2.3+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= +github.com/evanphx/json-patch/v5 v5.6.0 h1:b91NhWfaz02IuVxO9faSllyAtNXHMPkC5J8sJCLunww= +github.com/evanphx/json-patch/v5 v5.6.0/go.mod h1:G79N1coSVB93tBe7j6PhzjmR3/2VvlbKOFpnXhI9Bw4= github.com/frankban/quicktest v1.11.3/go.mod h1:wRf/ReqHper53s+kmmSZizM8NamnL3IM0I9ntUbOk+k= -github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= -github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY= github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw= github.com/fullsailor/pkcs7 v0.0.0-20160414161337-2585af45975b h1:074/xhloHUBOpTZwlIzQ28rbPY8pNJvzY7Gcx5KnNOk= github.com/fullsailor/pkcs7 v0.0.0-20160414161337-2585af45975b/go.mod h1:KnogPXtdwXqoenmZCw6S+25EAm2MkxbG0deNDu4cbSA= -github.com/getkin/kin-openapi v0.76.0/go.mod h1:660oXbgy5JFMKreazJaQTw7o+X00qeSyhcnluiMv+Xg= -github.com/getsentry/raven-go v0.2.0/go.mod h1:KungGk8q33+aIAZUIVWZDr2OfAEBsO49PX4NzFV5kcQ= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= github.com/go-errors/errors v1.0.1 h1:LUHzmkK3GUKUrL/1gfBUxAHzcev3apQlezX/+O7ma6w= github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q= @@ -200,12 +157,10 @@ github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTg github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.2.3 h1:2DntVwHkVopvECVRSlL5PSo9eG+cAkDCuckLubN+rq0= github.com/go-logr/logr v1.2.3/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= -github.com/go-logr/zapr v1.2.0/go.mod h1:Qa4Bsj2Vb+FAVeAKsLD8RLQ+YRJB8YDmOAKxaBQf7Ro= github.com/go-logr/zapr v1.2.3 h1:a9vnzlIBPQBBkeaR9IuMUfmVOrQlkoC4YfPoFkX3T7A= github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= github.com/go-openapi/jsonpointer v0.19.5 h1:gZr+CIYByUqjcgeLXnQu2gHYQC9o73G2XUeOFYEICuY= github.com/go-openapi/jsonpointer v0.19.5/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= -github.com/go-openapi/jsonreference v0.19.3/go.mod h1:rjx6GuL8TTa9VaixXglHmQmIL98+wF9xc8zWvFonSJ8= github.com/go-openapi/jsonreference v0.19.5 h1:1WJP/wi4OjB4iV8KVbH73rQaoialJrqv8gitZLxGLtM= github.com/go-openapi/jsonreference v0.19.5/go.mod h1:RdybgQwPxbL4UEjuAruzK1x3nE69AqPYEJeo/TWfEeg= github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk= @@ -216,16 +171,12 @@ github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5x github.com/godbus/dbus/v5 v5.0.6 h1:mkgN1ofwASrYnJ5W6U/BxG15eXXXjirgZc7CLqkcaro= github.com/godbus/dbus/v5 v5.0.6/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= -github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4= -github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= github.com/golang-jwt/jwt/v4 v4.0.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg= github.com/golang-jwt/jwt/v4 v4.2.0 h1:besgBTC8w8HjP6NzQdxwKH9Z5oQMZ24ThTrHp3cZ8eU= github.com/golang-jwt/jwt/v4 v4.2.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= -github.com/golang/glog v1.0.0/go.mod h1:EWib/APOK0SL3dFbYqvxE3UYd8E6s1ouQ7iEp/0LWV4= -github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= @@ -265,8 +216,6 @@ github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Z github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.1 h1:gK4Kx5IaGY9CD5sPJ36FHiBJ6ZXl0kilRiiCj+jdYp4= github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9uaxA= -github.com/google/cel-go v0.9.0/go.mod h1:U7ayypeSkw23szu4GaQTPJGx66c20mx8JklMSxrmI1w= -github.com/google/cel-spec v0.6.0/go.mod h1:Nwjgxy5CbjlPrtCWjeDjUyKMl8w41YBYGjsyDdqk0xA= github.com/google/gnostic v0.5.7-v3refs h1:FhTMOKj2VhjpouxvWJAV1TL304uMlb9zcDqkl6cEI54= github.com/google/gnostic v0.5.7-v3refs/go.mod h1:73MKFl6jIHelAJNaBGFzt3SPtZULs9dYrGFt8OiIsHQ= github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= @@ -313,49 +262,18 @@ github.com/google/uuid v1.2.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+ github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= github.com/googleapis/gax-go/v2 v2.1.0/go.mod h1:Q3nei7sK6ybPYH7twZdmQpAd1MKb7pfu6SK+H1/DsU0= -github.com/googleapis/gnostic v0.5.1/go.mod h1:6U4PtQXGIEt/Z3h5MAT7FNofLnw9vXk2cUuW7uA/OeU= -github.com/googleapis/gnostic v0.5.5/go.mod h1:7+EbHbldMins07ALC74bsA81Ovc97DwqyJO1AENw9kA= -github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= -github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So= -github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7 h1:pdN6V1QBWetyv/0+wjACpqVH+eVULgEjkurDLq3goeM= github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA= -github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs= -github.com/grpc-ecosystem/go-grpc-middleware v1.3.0/go.mod h1:z0ButlSOZa5vEBq9m2m2hlwIgKw+rp3sdCBRoJY+30Y= -github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk= -github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= -github.com/hashicorp/consul/api v1.1.0/go.mod h1:VmuI/Lkw1nC05EYQWNKwWGbkg+FbDBtguAZLlVdkD9Q= -github.com/hashicorp/consul/sdk v0.1.1/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8= -github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= -github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80= -github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= -github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM= -github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk= -github.com/hashicorp/go-rootcerts v1.0.0/go.mod h1:K6zTfqpRlCUIjkwsN4Z+hiSfzSTQa6eBIzfwKfwNnHU= -github.com/hashicorp/go-sockaddr v1.0.0/go.mod h1:7Xibr9yA9JjQq1JpNB2Vw7kxv8xerXegt+ozgdvDeDU= -github.com/hashicorp/go-syslog v1.0.0/go.mod h1:qPfqrKkXGihmCqbJM2mZgkZGvKG1dFdvsLplgctolz4= -github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= -github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= -github.com/hashicorp/go.net v0.0.1/go.mod h1:hjKkEWcCURg++eb33jQU7oqQcI9XDCnUzHA0oac0k90= github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= -github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= -github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64= -github.com/hashicorp/mdns v1.0.0/go.mod h1:tL+uN++7HEJ6SQLQ2/p+z2pH24WQKWjBPkE0mNTz8vQ= -github.com/hashicorp/memberlist v0.1.3/go.mod h1:ajVTdAv/9Im8oMAAj5G31PhhMCZJV2pPBoIllUwCN7I= -github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/JwenrHc= -github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= -github.com/imdario/mergo v0.3.5/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= github.com/imdario/mergo v0.3.13 h1:lFzP57bqS/wsqKssCGmtLAb8A0wKjLGrve2q3PPVcBk= github.com/imdario/mergo v0.3.13/go.mod h1:4lJ1jqUDcsbIECGy0RUJAXNIhg+6ocWgb1ALK2O4oXg= -github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= github.com/inconshreveable/mousetrap v1.0.1 h1:U3uMjPSQEBMNp1lFxmllqCPM6P5u/Xq7Pgzkat/bFNc= github.com/inconshreveable/mousetrap v1.0.1/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= -github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo= -github.com/jonboulle/clockwork v0.2.2/go.mod h1:Pkfl5aHPm1nk2H9h0bjmnJD/BcgbGXUBGnn1kMkgxc8= +github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI= github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4= @@ -366,16 +284,12 @@ github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnr github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk= -github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU= github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM= -github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q= -github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= -github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg= github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= @@ -390,41 +304,27 @@ github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0 github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de h1:9TO3cAIGXtEhnIaL+V+BEER86oLrvS+kWobKpbJuye0= github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de/go.mod h1:zAbeS9B/r2mtpb6U+EI2rYA5OAXxsYw6wTamcNW+zcE= -github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= -github.com/magiconair/properties v1.8.5/go.mod h1:y3VJvCyxH9uVvJTWEGAELF3aiYNyPKd5NZ3oSwXrF60= github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= github.com/mailru/easyjson v0.7.6 h1:8yTIVnZgCoiM1TgqoeTl+LfU5Jg6/xL3QhGQnimLYnA= github.com/mailru/easyjson v0.7.6/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= -github.com/mattn/go-colorable v0.0.9 h1:UVL0vNpWh04HeJXV0KLcaT7r06gOH2l4OW6ddYRUIY4= -github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= -github.com/mattn/go-isatty v0.0.3 h1:ns/ykhmWi7G9O+8a448SecJU3nSMBXJfqQkl0upE1jI= -github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= +github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA= +github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg= +github.com/mattn/go-isatty v0.0.16 h1:bq3VjFmv/sOjHtdEhmkEV4x1AJtvUvOJ2PFAZ5+peKQ= +github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 h1:I0XW9+e1XWDxdcEniV4rQAIOPUGDq67JSCiRCgGCZLI= github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= -github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg= -github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc= -github.com/mitchellh/go-homedir v1.0.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= -github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= github.com/mitchellh/go-ps v1.0.0 h1:i6ampVEEF4wQFF+bkYfwYgY+F/uYJDktmvLPf7qIgjc= github.com/mitchellh/go-ps v1.0.0/go.mod h1:J4lOc8z8yJs6vUwklHw2XEIiT4z4C40KtWVN3nvg8Pg= -github.com/mitchellh/go-testing-interface v1.0.0/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI= -github.com/mitchellh/gox v0.4.0/go.mod h1:Sd9lOJ0+aimLBi73mGofS1ycjY8lL3uZM3JPS42BGNg= github.com/mitchellh/hashstructure v1.1.0 h1:P6P1hdjqAAknpY/M1CGipelZgp+4y9ja9kmUZPXP+H0= github.com/mitchellh/hashstructure v1.1.0/go.mod h1:xUDAozZz0Wmdiufv0uyhnHkUTN6/6d8ulp4AwfLKrmA= -github.com/mitchellh/iochan v1.0.0/go.mod h1:JwYml1nuB7xOzsp52dPpHFffvOCDupsG0QubkSMEySY= -github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= -github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= -github.com/mitchellh/mapstructure v1.4.1/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY= github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mmarkdown/mmark v2.0.40+incompatible h1:vMeUeDzBK3H+/mU0oMVfMuhSXJlIA+DE/DMPQNAj5C4= github.com/mmarkdown/mmark v2.0.40+incompatible/go.mod h1:Uvmoz7tvsWpr7bMVxIpqZPyN3FbOtzDmnsJDFp7ltJs= -github.com/moby/spdystream v0.2.0/go.mod h1:f7i0iNDQJ059oMTcWxx8MA/zKFIuD/lY+0GqbN2Wy8c= github.com/moby/sys/mountinfo v0.5.0 h1:2Ks8/r6lopsxWi9m58nlwjaeSzUX9iiL1vj5qB/9ObI= github.com/moby/sys/mountinfo v0.5.0/go.mod h1:3bMD3Rg+zkqx8MRYPi7Pyb0Ie97QEBmdxbhnCLlSvSU= -github.com/moby/term v0.0.0-20210610120745-9d4ed1856297/go.mod h1:vgPCkQMyxTZ7IDy8SXRufE172gr8+K/JE/7hHFxHW3A= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= @@ -437,41 +337,26 @@ github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00/go.mod github.com/moul/pb v0.0.0-20220425114252-bca18df4138c h1:1STmblv9zmHLDpru4dbnf1PNL6wrrZNf7yBH+SfQU+s= github.com/moul/pb v0.0.0-20220425114252-bca18df4138c/go.mod h1:jE2HT8eoucYyUPBFJMreiVlC3KPHkDMtN8wn+ef7Y64= github.com/mrunalp/fileutils v0.5.0/go.mod h1:M1WthSahJixYnrXQl/DFQuteStB1weuxD2QJNHXfbSQ= -github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= -github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= github.com/ncabatoff/fakescraper v0.0.0-20201102132415-4b37ba603d65/go.mod h1:Tx6UMSMyIsjLG/VU/F6xA1+0XI+/f9o1dGJnf1l+bPg= github.com/ncabatoff/go-seq v0.0.0-20180805175032-b08ef85ed833 h1:t4WWQ9I797y7QUgeEjeXnVb+oYuEDQc6gLvrZJTYo94= github.com/ncabatoff/go-seq v0.0.0-20180805175032-b08ef85ed833/go.mod h1:0CznHmXSjMEqs5Tezj/w2emQoM41wzYM9KpDKUHPYag= github.com/ncabatoff/process-exporter v0.7.10 h1:+Ere7+3se6QqP54gg7aBRagWcL8bq3u5zNi/GRSWeKQ= github.com/ncabatoff/process-exporter v0.7.10/go.mod h1:DHZRZjqxw9LCOpLlX0DjBuyn6d5plh41Jv6Tmttj7Ek= github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno= -github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A= github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE= -github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U= -github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= -github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= -github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk= -github.com/onsi/ginkgo v1.14.0/go.mod h1:iSB4RoI2tjJc9BBv4NKIKWKya62Rps+oPG/Lv9klQyY= github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= github.com/onsi/ginkgo/v2 v2.4.0 h1:+Ig9nvqgS5OBSACXNk15PLdp0U9XPYROt9CFzVdFGIs= github.com/onsi/ginkgo/v2 v2.4.0/go.mod h1:iHkDK1fKGcBoEHT5W7YBq4RFWaQulw+caOMkAt4OrFo= -github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= -github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= -github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= github.com/onsi/gomega v1.22.1 h1:pY8O4lBfsHKZHM/6nrxkhVPUznOlIu3quZcKP/M20KI= github.com/opencontainers/runc v1.1.4 h1:nRCz/8sKg6K6jgYAFLDlXzPeITBZJyX28DBVhWD+5dg= github.com/opencontainers/runc v1.1.4/go.mod h1:1J5XiS+vdZ3wCyZybsuxXZWGrgSr8fFJHLXuG2PsnNg= github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417 h1:3snG66yBm59tKhhSPQrQ/0bCrv1LQbKt40LnUPiUxdc= github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/selinux v1.10.0/go.mod h1:2i0OySw99QjzBBQByd1Gr9gSjvuho1lHsJxIJ3gGbJI= -github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= -github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= -github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= -github.com/pelletier/go-toml v1.9.3/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c= github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+vxiaj6gdUUzhl4XmI= github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU= github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA= @@ -479,13 +364,9 @@ github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINE github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= -github.com/pkg/sftp v1.10.1/go.mod h1:lYOWFsE0bwd1+KfKJaKeuokY15vzFx25BLbzYYoAxZI= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI= -github.com/pquerna/cachecontrol v0.0.0-20171018203845-0dec1b30a021/go.mod h1:prYjPmNq4d1NPVmpShWobRqXY3q7Vp+80DqgxxUrUIA= github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= -github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso= github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M= github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0= @@ -498,27 +379,21 @@ github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1: github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.3.0 h1:UBgGFHqYdG/TPFD1B1ogZywDqEkwp3fBMvqdiQ7Xew4= github.com/prometheus/client_model v0.3.0/go.mod h1:LDGWKZIo7rky3hgvBe+caln+Dr3dPggB5dvjtD7w9+w= -github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= -github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo= github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc= -github.com/prometheus/common v0.28.0/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls= github.com/prometheus/common v0.29.0/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls= github.com/prometheus/common v0.32.1/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls= github.com/prometheus/common v0.37.0 h1:ccBbHCgIiT9uSoFY0vX8H3zsNR5eLt17/RQLUvn8pXE= github.com/prometheus/common v0.37.0/go.mod h1:phzohg0JFMnBEFGxTDbfu3QyL5GI8gTQJFhYO5B3mfA= github.com/prometheus/exporter-toolkit v0.7.0/go.mod h1:ZUBIj498ePooX9t/2xtDjeQYwvRpiPP2lh5u4iblj2g= github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= -github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= github.com/prometheus/procfs v0.7.3/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= github.com/prometheus/procfs v0.8.0 h1:ODq8ZFEaYeCaZOJlZZdJA2AbQR98dSHSM1KW/You5mo= github.com/prometheus/procfs v0.8.0/go.mod h1:z7EfXMXOkbkqb9IINtpCn86r/to3BnA0uaxHdg830/4= -github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU= -github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg= github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc= @@ -526,8 +401,6 @@ github.com/rogpeppe/go-internal v1.8.0 h1:FCbCCtXNOY3UtUuHUYaghJg4y7Fd14rXifAYUA github.com/rogpeppe/go-internal v1.8.0/go.mod h1:WmiCO8CzOY8rg0OYDC4/i/2WRWAB6poM+XZ2dLUbcbE= github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= -github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= -github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc= github.com/seccomp/libseccomp-golang v0.9.2-0.20220502022130-f33da4d89646/go.mod h1:JA8cRccbGaA1s33RQf7Y1+q9gHmZX1yB/z9WDN1C6fg= github.com/sergi/go-diff v1.1.0 h1:we8PVUC3FE2uYfodKH/nBHMSetSfHDR6scGdBi+erh0= github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= @@ -535,30 +408,14 @@ github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeV github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88= -github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= github.com/sirupsen/logrus v1.8.1 h1:dJKuHgqk1NNQlqoA6BTlM1Wf9DOH3NBjQyu0h9+AZZE= github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= -github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc= -github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA= -github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM= -github.com/soheilhy/cmux v0.1.5/go.mod h1:T7TcVDs9LWfQgPlPsdngu6I6QIoyIFZDDC6sNE1GqG0= github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= -github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ= github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk= -github.com/spf13/afero v1.6.0/go.mod h1:Ai8FlHk4v/PARR026UzYexafAt9roJ7LcLMAmO6Z93I= -github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= -github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= -github.com/spf13/cobra v1.1.3/go.mod h1:pGADOWyqRD/YMrPZigI/zbliZ2wVD/23d+is3pSWzOo= -github.com/spf13/cobra v1.2.1/go.mod h1:ExllRjgxM/piMAM+3tAZvg8fsklGAf3tPfi+i8t68Nk= github.com/spf13/cobra v1.6.1 h1:o94oiPyS4KD1mPy2fmcYYHHfCxLqYjJOhGsCHFZtEzA= github.com/spf13/cobra v1.6.1/go.mod h1:IOw/AERYS7UzyrGinqmz6HLUo219MORXGxhbaJUqzrY= -github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo= -github.com/spf13/jwalterweatherman v1.1.0/go.mod h1:aNWZUN0dPAAO/Ljvb5BEdw96iTZ0EXowPYD95IqWIGo= -github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= -github.com/spf13/viper v1.7.0/go.mod h1:8WkrPz2fc9jxqZNCJI/76HCieCp4Q8HaLFoCha5qpdg= -github.com/spf13/viper v1.8.1/go.mod h1:o0Pch8wJ9BVSWGQMbra6iw0oQ5oktSIBaujf1rJH9Ns= github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= @@ -576,15 +433,11 @@ github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/ github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk= github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= -github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw= github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= -github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= -github.com/tmc/grpc-websocket-proxy v0.0.0-20201229170055-e5319fda7802/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= github.com/urfave/cli v1.17.1-0.20160602030128-01a33823596e/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA= github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYppBueQtXaqoE= github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17pCcGlemwknint6hfoeCVQrEMVwxRLRjXpq+BU= -github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU= github.com/xlab/treeprint v1.1.0 h1:G/1DjNkPpfZCFt9CSh6b5/nY4VimlbHF3Rh4obvtzDk= github.com/xlab/treeprint v1.1.0/go.mod h1:gj5Gd3gPdKtR1ikdDK6fnFLdmIS0X30kTTuNd/WEJu0= github.com/yudai/gojsondiff v1.0.0 h1:27cbfqXLVEJ1o8I6v3y9lg8Ydm53EKqHXAOMxEGlCOA= @@ -598,18 +451,8 @@ github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9de github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= -github.com/yuin/goldmark v1.4.0/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= github.com/zakjan/cert-chain-resolver v0.0.0-20211122211144-c6b0b792af9a h1:CbXWHAnmrtTKgX+yMVVANuRJP8ld88ELbAYAYnBdLJ4= github.com/zakjan/cert-chain-resolver v0.0.0-20211122211144-c6b0b792af9a/go.mod h1:/Hzu8ych2oXCs1iNI+MeASyFzWTncQ6nlu/wgqbqC2A= -go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= -go.etcd.io/bbolt v1.3.6/go.mod h1:qXsaaIqmgQH0T+OPdb99Bf+PKfBBQVAdyD6TY9G8XM4= -go.etcd.io/etcd/api/v3 v3.5.0/go.mod h1:cbVKeC6lCfl7j/8jBhAK6aIYO9XOjdptoxU/nLQcPvs= -go.etcd.io/etcd/client/pkg/v3 v3.5.0/go.mod h1:IJHfcCEKxYu1Os13ZdwCwIUTUVGYTSAM3YSwc9/Ac1g= -go.etcd.io/etcd/client/v2 v2.305.0/go.mod h1:h9puh54ZTgAKtEbut2oe9P4L/oqKCVB6xsXlzd7alYQ= -go.etcd.io/etcd/client/v3 v3.5.0/go.mod h1:AIKXXVX/DQXtfTEqBryiLTUXwON+GuvO6Z7lLS/oTh0= -go.etcd.io/etcd/pkg/v3 v3.5.0/go.mod h1:UzJGatBQ1lXChBkQF0AuAtkRQMYnHubxAEYIrC3MSsE= -go.etcd.io/etcd/raft/v3 v3.5.0/go.mod h1:UFOHSIvO/nKwd4lhkwabrTD3cqW5yVyYYf/KlD00Szc= -go.etcd.io/etcd/server/v3 v3.5.0/go.mod h1:3Ah5ruV+M+7RZr0+Y/5mNLwC+eQlni+mQmOVdCRJoS4= go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= @@ -617,43 +460,20 @@ go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk= go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E= -go.opentelemetry.io/contrib v0.20.0/go.mod h1:G/EtFaa6qaN7+LxqfIAT3GiZa7Wv5DTBUzl5H4LY0Kc= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.20.0/go.mod h1:oVGt1LRbBOBq1A5BQLlUg9UaU/54aiHw8cgjV3aWZ/E= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.20.0/go.mod h1:2AboqHi0CiIZU0qwhtUfCYD1GeUzvvIXWNkhDt7ZMG4= -go.opentelemetry.io/otel v0.20.0/go.mod h1:Y3ugLH2oa81t5QO+Lty+zXf8zC9L26ax4Nzoxm/dooo= -go.opentelemetry.io/otel/exporters/otlp v0.20.0/go.mod h1:YIieizyaN77rtLJra0buKiNBOm9XQfkPEKBeuhoMwAM= -go.opentelemetry.io/otel/metric v0.20.0/go.mod h1:598I5tYlH1vzBjn+BTuhzTCSb/9debfNp6R3s7Pr1eU= -go.opentelemetry.io/otel/oteltest v0.20.0/go.mod h1:L7bgKf9ZB7qCwT9Up7i9/pn0PWIa9FqQ2IQ8LoxiGnw= -go.opentelemetry.io/otel/sdk v0.20.0/go.mod h1:g/IcepuwNsoiX5Byy2nNV0ySUF1em498m7hBWC279Yc= -go.opentelemetry.io/otel/sdk/export/metric v0.20.0/go.mod h1:h7RBNMsDJ5pmI1zExLi+bJK+Dr8NQCh0qGhm1KDnNlE= -go.opentelemetry.io/otel/sdk/metric v0.20.0/go.mod h1:knxiS8Xd4E/N+ZqKmUPf3gTTZ4/0TjTXukfxjzSTpHE= -go.opentelemetry.io/otel/trace v0.20.0/go.mod h1:6GjCW8zgDjwGHGa6GkyeB8+/5vjT16gUEi0Nf1iBdgw= go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5 h1:+FNtrFTmVw0YZGpBGX56XDee331t6JAXeK2bcyhLOOc= go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5/go.mod h1:nmDLcffg48OtT/PSW0Hg7FvpRQsQh5OSqIylirxKC7o= -go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.7.0 h1:ADUqmZGgLDDfbSL9ZmPxKTybcoEYHgpYfELNoN+7hsw= -go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= -go.uber.org/goleak v1.1.10/go.mod h1:8a7PlsEVH3e/a/GLqe5IIrQx6GzcnRmZEufDUTk4A7A= -go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0= go.uber.org/multierr v1.6.0 h1:y6IPFStTAIT5Ytl7/XYmHvzXQ7S3g/IeZW9hyZ5thw4= -go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU= -go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= -go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo= -go.uber.org/zap v1.19.0/go.mod h1:xg/QME4nWcxGxrpdeYfq7UvYrLh66cuVKdrbD1XF/NI= -go.uber.org/zap v1.19.1 h1:ue41HOKd1vGURxrmeKIgELGb3jPW9DMUDGtsinblHwI= +go.uber.org/zap v1.21.0 h1:WefMeulhovoZ2sYXz7st6K0sLj7bBhpiFaud4r4zST8= golang.org/dl v0.0.0-20190829154251-82a15e2f2ead/go.mod h1:IUMfjQLJQd4UTqG1Z90tenwKoCX93Gn3MAQJMOSBsDQ= golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= -golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.1.0 h1:MDRAIl0xIo9Io2xV565hzXHw3zVseKrJKodhohM5CjU= @@ -697,11 +517,7 @@ golang.org/x/mod v0.6.0 h1:b9gGHsz9/HhJ3HF5DHQytPpuwocVTChQJK3AvoLRD5I= golang.org/x/mod v0.6.0/go.mod h1:4mET923SAdbXp2ki8ey+zGs1SLqsuM2Y0uvdZR/fUNI= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20181023162649-9b4f9f5ad519/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20181201002055-351d144fa1fc/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= @@ -724,7 +540,6 @@ golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/ golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= @@ -732,7 +547,6 @@ golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81R golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20201031054903-ff519b6c9102/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.0.0-20201202161906-c7110b5ffcbb/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20201209123823-ac852fbbde11/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= @@ -741,10 +555,7 @@ golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLd golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.0.0-20210825183410-e898025ed96a/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.0.0-20211209124913-491a49abca63/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/net v0.1.0 h1:hZ/3BUoy5aId7sCpA/Tc5lt8DkFgdVS2onTpJsZ/fl0= @@ -760,7 +571,6 @@ golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210220000619-9bb904979d93/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210313182246-cd4f82c27b84/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210402161424-2e8d93401602/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210628180205-a41e5a781914/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210805134026-6f1e6394065a/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= @@ -778,12 +588,8 @@ golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20181026203630-95b1ffbd15a5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -795,13 +601,10 @@ golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191002063906-3421d5a6bb1c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191115151921-52ab43148777/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200106162015-b016eb3dc98e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -816,14 +619,11 @@ golang.org/x/sys v0.0.0-20200331124033-c3d80250170d/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200519105757-fe76b779f299/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200831180312-196b9ba8737a/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200905004654-be1d3432aa8f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200923182605-d9f96fdee20d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201201145000-ef89a241ccb3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -835,7 +635,6 @@ golang.org/x/sys v0.0.0-20210305230114-8fe3ee5dd75b/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210315160823-c6e025ad8005/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210403161142-5e06dd20ab57/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210514084401-e8d321eab015/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= @@ -845,53 +644,52 @@ golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210823070655-63515b42dcdf/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210831042530-f4d43177bf5e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210906170528-6f6e22806c34/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210908233432-aa78b53d3365/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211116061358-0a5406a5449c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.1.0 h1:kunALQeHf1/185U1i0GOB/fy1IPRDDpuoOOqRReG57U= golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= -golang.org/x/term v0.0.0-20210615171337-6886f2dfbf5b/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.1.0 h1:g6Z6vPFA9dYBAF7DWcH6sCcOntplXsDKcliusYijMlw= golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= +golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= +golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.4.0 h1:BrVqGRd7+k1DiOgtnFvAkoQEWQvBc25ouMJM6429SFg= golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 h1:vVKdlvoWBphwdxWKrFZEuM0kGgGLxUOYcY4U/2Vjg44= -golang.org/x/time v0.0.0-20220210224613-90d013bbcef8/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/time v0.0.0-20220609170525-579cf78fd858 h1:Dpdu/EMxGMFgq0CeYMh4fazTD2vtlZRYE7wyynxJb9U= +golang.org/x/time v0.0.0-20220609170525-579cf78fd858/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= -golang.org/x/tools v0.0.0-20190624222133-a101b041ded4/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191108193012-7d206e10da11/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191112195655-aa38f8e97acc/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= @@ -931,7 +729,6 @@ golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.3/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= -golang.org/x/tools v0.1.6-0.20210820212750-d4cc65f0b2ff/go.mod h1:YD9qOF0M9xpSpdWTBbzEl5e/RnCefISl8E5Noe10jFM= golang.org/x/tools v0.2.0 h1:G6AHpWxTMGY1KyEYoAQ5WTtIekUUvDNjan3ugu60JvE= golang.org/x/tools v0.2.0/go.mod h1:y4OqIKeOV/fWJetJ8bXPU1sEVniLMIyDAZWeHdV+NTA= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -960,7 +757,6 @@ google.golang.org/api v0.36.0/go.mod h1:+z5ficQTmoYpPn8LCUNVpK5I7hwkpjbcgqA7I34q google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjRCQ8= google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU= google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94= -google.golang.org/api v0.44.0/go.mod h1:EBOGZqzyhtvMDoxwS97ctnh0zUmYY6CxqXsc1AvkYD8= google.golang.org/api v0.47.0/go.mod h1:Wbvgpq1HddcWVtzsVLyfLp8lDg6AA241LmgIL59tHXo= google.golang.org/api v0.48.0/go.mod h1:71Pr1vy+TAZRPkPs/xlCf5SsU8WjuAWv1Pfjbtukyy4= google.golang.org/api v0.50.0/go.mod h1:4bNT5pAuq5ji4SRZm+5QIkjny9JAyVD/3gaSihNefaw= @@ -997,7 +793,6 @@ google.golang.org/genproto v0.0.0-20200228133532-8c2c7df3a383/go.mod h1:55QSHmfG google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200312145019-da6875a35672/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200423170343-7949de9c1215/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200513103714-09dca8ec2884/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= @@ -1009,7 +804,6 @@ google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6D google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20200904004341-0bd0a958aa1d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20201019141844-1ed22bb0c154/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20201102152239-715cce707fb0/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20201109203340-2640f1f9cdfb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20201201144952-b05cb90ed32e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20201210142538-e3217bee35cc/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= @@ -1089,23 +883,15 @@ gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= -gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= gopkg.in/go-playground/assert.v1 v1.2.1 h1:xoYuJVE7KT85PYWrN730RguIQO0ePzVRfFMXadIrXTM= gopkg.in/go-playground/assert.v1 v1.2.1/go.mod h1:9RXL0bg/zibRAgZUYszZSwO/z8Y/a8bDuhia5mkpMnE= gopkg.in/go-playground/pool.v3 v3.1.1 h1:4Qcj91IsYTpIeRhe/eo6Fz+w6uKWPEghx8vHFTYMfhw= gopkg.in/go-playground/pool.v3 v3.1.1/go.mod h1:pUAGBximS/hccTTSzEop6wvvQhVa3QPDFFW+8REdutg= gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= -gopkg.in/ini.v1 v1.51.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= -gopkg.in/ini.v1 v1.62.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/mcuadros/go-syslog.v2 v2.3.0 h1:kcsiS+WsTKyIEPABJBJtoG0KkOS6yzvJ+/eZlhD79kk= gopkg.in/mcuadros/go-syslog.v2 v2.3.0/go.mod h1:l5LPIyOOyIdQquNg+oU6Z3524YwrcqEm0aKH+5zpt2U= -gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24xpD6X8LsfU/+k= -gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo= -gopkg.in/square/go-jose.v2 v2.2.2/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ= -gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= -gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74= gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= @@ -1117,12 +903,9 @@ gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.0/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -gotest.tools/v3 v3.0.2/go.mod h1:3SzNCllyD9/Y+b5r9JIKQ474KzkZyqLqEfYqMsX94Bk= -gotest.tools/v3 v3.0.3/go.mod h1:Z7Lb0S5l+klDB31fvDQX8ss/FlKDxtlFlw3Oa8Ymbl8= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= @@ -1130,39 +913,30 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -k8s.io/api v0.23.5/go.mod h1:Na4XuKng8PXJ2JsploYYrivXrINeTaycCGcYgF91Xm8= k8s.io/api v0.25.3 h1:Q1v5UFfYe87vi5H7NU0p4RXC26PPMT8KOpr1TLQbCMQ= k8s.io/api v0.25.3/go.mod h1:o42gKscFrEVjHdQnyRenACrMtbuJsVdP+WVjqejfzmI= -k8s.io/apiextensions-apiserver v0.23.5 h1:5SKzdXyvIJKu+zbfPc3kCbWpbxi+O+zdmAJBm26UJqI= -k8s.io/apiextensions-apiserver v0.23.5/go.mod h1:ntcPWNXS8ZPKN+zTXuzYMeg731CP0heCTl6gYBxLcuQ= -k8s.io/apimachinery v0.23.5/go.mod h1:BEuFMMBaIbcOqVIJqNZJXGFTP4W6AycEpb5+m/97hrM= +k8s.io/apiextensions-apiserver v0.25.0 h1:CJ9zlyXAbq0FIW8CD7HHyozCMBpDSiH7EdrSTCZcZFY= +k8s.io/apiextensions-apiserver v0.25.0/go.mod h1:3pAjZiN4zw7R8aZC5gR0y3/vCkGlAjCazcg1me8iB/E= k8s.io/apimachinery v0.25.3 h1:7o9ium4uyUOM76t6aunP0nZuex7gDf8VGwkR5RcJnQc= k8s.io/apimachinery v0.25.3/go.mod h1:jaF9C/iPNM1FuLl7Zuy5b9v+n35HGSh6AQ4HYRkCqwo= -k8s.io/apiserver v0.23.5/go.mod h1:7wvMtGJ42VRxzgVI7jkbKvMbuCbVbgsWFT7RyXiRNTw= k8s.io/apiserver v0.25.0 h1:8kl2ifbNffD440MyvHtPaIz1mw4mGKVgWqM0nL+oyu4= k8s.io/apiserver v0.25.0/go.mod h1:BKwsE+PTC+aZK+6OJQDPr0v6uS91/HWxX7evElAH6xo= k8s.io/cli-runtime v0.25.0 h1:XBnTc2Fi+w818jcJGzhiJKQuXl8479sZ4FhtV5hVJ1Q= k8s.io/cli-runtime v0.25.0/go.mod h1:bHOI5ZZInRHhbq12OdUiYZQN8ml8aKZLwQgt9QlLINw= -k8s.io/client-go v0.23.5/go.mod h1:flkeinTO1CirYgzMPRWxUCnV0G4Fbu2vLhYCObnt/r4= k8s.io/client-go v0.25.3 h1:oB4Dyl8d6UbfDHD8Bv8evKylzs3BXzzufLiO27xuPs0= k8s.io/client-go v0.25.3/go.mod h1:t39LPczAIMwycjcXkVc+CB+PZV69jQuNx4um5ORDjQA= -k8s.io/code-generator v0.23.5 h1:xn3a6J5pUL49AoH6SPrOFtnB5cvdMl76f/bEY176R3c= -k8s.io/code-generator v0.23.5/go.mod h1:S0Q1JVA+kSzTI1oUvbKAxZY/DYbA/ZUb4Uknog12ETk= -k8s.io/component-base v0.23.5/go.mod h1:c5Nq44KZyt1aLl0IpHX82fhsn84Sb0jjzwjpcA42bY0= +k8s.io/code-generator v0.25.0 h1:QP8fJuXu882ztf6dsqJsso/Btm94pMd68TAZC1rE6KI= +k8s.io/code-generator v0.25.0/go.mod h1:B6jZgI3DvDFAualltPitbYMQ74NjaCFxum3YeKZZ+3w= k8s.io/component-base v0.25.3 h1:UrsxciGdrCY03ULT1h/S/gXFCOPnLhUVwSyx+hM/zq4= k8s.io/component-base v0.25.3/go.mod h1:WYoS8L+IlTZgU7rhAl5Ctpw0WdMxDfCC5dkxcEFa/TI= -k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c h1:GohjlNKauSai7gN4wsJkeZ3WAJx4Sh+oT/b5IYn5suA= -k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= +k8s.io/gengo v0.0.0-20211129171323-c02415ce4185 h1:TT1WdmqqXareKxZ/oNXEUSwKlLiHzPMyB0t8BaFeBYI= +k8s.io/gengo v0.0.0-20211129171323-c02415ce4185/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE= k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= -k8s.io/klog/v2 v2.30.0/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= k8s.io/klog/v2 v2.80.1 h1:atnLQ121W371wYYFawwYx1aEY2eUfs4l3J72wtgAwV4= k8s.io/klog/v2 v2.80.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= -k8s.io/kube-openapi v0.0.0-20211115234752-e816edb12b65/go.mod h1:sX9MT8g7NVZM5lVL/j8QyCCJe8YSMW30QvGZWaCIDIk= k8s.io/kube-openapi v0.0.0-20220803162953-67bda5d908f1 h1:MQ8BAZPZlWk3S9K4a9NCkIFQtZShWqoha7snGixVgEA= k8s.io/kube-openapi v0.0.0-20220803162953-67bda5d908f1/go.mod h1:C/N6wCaBHeBHkHUesQOQy2/MZqGgMAFPqGsGQLdbZBU= -k8s.io/utils v0.0.0-20210802155522-efc7438f0176/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= -k8s.io/utils v0.0.0-20211116205334-6203023598ed/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= k8s.io/utils v0.0.0-20220728103510-ee6ede2d64ed h1:jAne/RjBTyawwAy0utX5eqigAwz/lQhTmy+Hr/Cpue4= k8s.io/utils v0.0.0-20220728103510-ee6ede2d64ed/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= pault.ag/go/sniff v0.0.0-20200207005214-cf7e4d167732 h1:SAElp8THCfmBdM+4lmWX5gebiSSkEr7PAYDVF91qpfg= @@ -1170,10 +944,8 @@ pault.ag/go/sniff v0.0.0-20200207005214-cf7e4d167732/go.mod h1:lpvCfhqEHNJSSpG5R rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= -sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.30/go.mod h1:fEO7lRTdivWO2qYVCVG7dEADOMo/MLDCVr8So2g88Uw= -sigs.k8s.io/controller-runtime v0.11.2 h1:H5GTxQl0Mc9UjRJhORusqfJCIjBO8UtUxGggCwL1rLA= -sigs.k8s.io/controller-runtime v0.11.2/go.mod h1:P6QCzrEjLaZGqHsfd+os7JQ+WFZhvB8MRFsn4dWF7O4= -sigs.k8s.io/json v0.0.0-20211020170558-c049b76a60c6/go.mod h1:p4QtZmO4uMYipTQNzagwnNoseA6OxSUutVw05NhYDRs= +sigs.k8s.io/controller-runtime v0.13.1 h1:tUsRCSJVM1QQOOeViGeX3GMT3dQF1eePPw6sEE3xSlg= +sigs.k8s.io/controller-runtime v0.13.1/go.mod h1:Zbz+el8Yg31jubvAEyglRZGdLAjplZl+PgtYNI6WNTI= sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 h1:iXTIw73aPyC+oRdyqqvVJuloN1p0AC/kzH07hu3NE+k= sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= sigs.k8s.io/kustomize/api v0.12.1 h1:7YM7gW3kYBwtKvoY216ZzY+8hM+lV53LUayghNRJ0vM= @@ -1182,8 +954,6 @@ sigs.k8s.io/kustomize/kyaml v0.13.9 h1:Qz53EAaFFANyNgyOEJbT/yoIHygK40/ZcvU3rgry2 sigs.k8s.io/kustomize/kyaml v0.13.9/go.mod h1:QsRbD0/KcU+wdk0/L0fIp2KLnohkVzs6fQ85/nOXac4= sigs.k8s.io/mdtoc v1.1.0 h1:q3YtqYzmC2e0hgLXRIOm7/QLuPux1CX3ZHCwlbABxZo= sigs.k8s.io/mdtoc v1.1.0/go.mod h1:QZLVEdHH2iNIR4uHAZyvFRtjloHgVItk8lo/mzCtq3w= -sigs.k8s.io/structured-merge-diff/v4 v4.0.2/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw= -sigs.k8s.io/structured-merge-diff/v4 v4.2.1/go.mod h1:j/nl6xW8vLS49O8YvXW1ocPhZawJtm+Yrr7PPRQ0Vg4= sigs.k8s.io/structured-merge-diff/v4 v4.2.3 h1:PRbqxJClWWYMNV1dhaG4NsibJbArud9kFxnAMREiWFE= sigs.k8s.io/structured-merge-diff/v4 v4.2.3/go.mod h1:qjx8mGObPmV2aSZepjQjbmb2ihdVs8cGKBraizNC69E= sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc= From 4d4358f6739af655edbdbcbe9aa6cd3ef33792f6 Mon Sep 17 00:00:00 2001 From: Njegos Railic Date: Tue, 8 Nov 2022 15:44:25 +0100 Subject: [PATCH 152/166] Adding support for disabling liveness and readiness probes in the Helm chart (#9238) --- charts/ingress-nginx/templates/controller-daemonset.yaml | 4 ++++ charts/ingress-nginx/templates/controller-deployment.yaml | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/charts/ingress-nginx/templates/controller-daemonset.yaml b/charts/ingress-nginx/templates/controller-daemonset.yaml index 805d2f209..4163e255c 100644 --- a/charts/ingress-nginx/templates/controller-daemonset.yaml +++ b/charts/ingress-nginx/templates/controller-daemonset.yaml @@ -102,8 +102,12 @@ spec: {{- if .Values.controller.startupProbe }} startupProbe: {{ toYaml .Values.controller.startupProbe | nindent 12 }} {{- end }} + {{- if .Values.controller.livenessProbe }} livenessProbe: {{ toYaml .Values.controller.livenessProbe | nindent 12 }} + {{- end }} + {{- if .Values.controller.readinessProbe }} readinessProbe: {{ toYaml .Values.controller.readinessProbe | nindent 12 }} + {{- end }} ports: {{- range $key, $value := .Values.controller.containerPort }} - name: {{ $key }} diff --git a/charts/ingress-nginx/templates/controller-deployment.yaml b/charts/ingress-nginx/templates/controller-deployment.yaml index fcbdab80d..dfe4cae92 100644 --- a/charts/ingress-nginx/templates/controller-deployment.yaml +++ b/charts/ingress-nginx/templates/controller-deployment.yaml @@ -106,8 +106,12 @@ spec: {{- if .Values.controller.startupProbe }} startupProbe: {{ toYaml .Values.controller.startupProbe | nindent 12 }} {{- end }} + {{- if .Values.controller.livenessProbe }} livenessProbe: {{ toYaml .Values.controller.livenessProbe | nindent 12 }} + {{- end }} + {{- if .Values.controller.readinessProbe }} readinessProbe: {{ toYaml .Values.controller.readinessProbe | nindent 12 }} + {{- end }} ports: {{- range $key, $value := .Values.controller.containerPort }} - name: {{ $key }} From e03f8cc0360495530dd70889ce30e56ec6f06e52 Mon Sep 17 00:00:00 2001 From: James Strong Date: Tue, 8 Nov 2022 10:24:58 -0500 Subject: [PATCH 153/166] start 1.5.0 release Signed-off-by: James Strong --- TAG | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/TAG b/TAG index 66d62a800..2e7bd9108 100644 --- a/TAG +++ b/TAG @@ -1 +1 @@ -v1.4.1 +v1.5.0 From 894937993107e1dbe6e1b28bd916b06790a07d3c Mon Sep 17 00:00:00 2001 From: Oblivion Date: Tue, 8 Nov 2022 16:46:53 +0000 Subject: [PATCH 154/166] fix CVE-2022-27664 --- go.sum | 43 ------------------ images/ext-auth-example-authsvc/rootfs/go.sum | 14 +----- images/kube-webhook-certgen/rootfs/go.mod | 6 +-- images/kube-webhook-certgen/rootfs/go.sum | 45 +++---------------- 4 files changed, 11 insertions(+), 97 deletions(-) diff --git a/go.sum b/go.sum index 322c6b4aa..e212f2972 100644 --- a/go.sum +++ b/go.sum @@ -515,49 +515,6 @@ golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0 h1:b9gGHsz9/HhJ3HF5DHQytPpuwocVTChQJK3AvoLRD5I= golang.org/x/mod v0.6.0/go.mod h1:4mET923SAdbXp2ki8ey+zGs1SLqsuM2Y0uvdZR/fUNI= -golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= -golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= -golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= -golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= -golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.0.0-20201031054903-ff519b6c9102/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.0.0-20201209123823-ac852fbbde11/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= -golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= -golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= -golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= -golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc= -golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= -golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= -golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/net v0.1.0 h1:hZ/3BUoy5aId7sCpA/Tc5lt8DkFgdVS2onTpJsZ/fl0= golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= diff --git a/images/ext-auth-example-authsvc/rootfs/go.sum b/images/ext-auth-example-authsvc/rootfs/go.sum index 045452c23..2ca056fae 100644 --- a/images/ext-auth-example-authsvc/rootfs/go.sum +++ b/images/ext-auth-example-authsvc/rootfs/go.sum @@ -105,19 +105,7 @@ golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHl golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= -golang.org/x/net v0.0.0-20211209124913-491a49abca63/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= diff --git a/images/kube-webhook-certgen/rootfs/go.mod b/images/kube-webhook-certgen/rootfs/go.mod index 22c4424ea..5e2e98f54 100644 --- a/images/kube-webhook-certgen/rootfs/go.mod +++ b/images/kube-webhook-certgen/rootfs/go.mod @@ -29,10 +29,10 @@ require ( github.com/pkg/errors v0.9.1 // indirect github.com/spf13/pflag v1.0.5 // indirect github.com/tidwall/gjson v1.14.0 // indirect - golang.org/x/net v0.0.0-20211209124913-491a49abca63 // indirect + golang.org/x/net v0.1.0 // indirect golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d // indirect - golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f // indirect - golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d // indirect + golang.org/x/sys v0.1.0 // indirect + golang.org/x/term v0.1.0 // indirect golang.org/x/text v0.4.0 // indirect golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac // indirect google.golang.org/appengine v1.6.5 // indirect diff --git a/images/kube-webhook-certgen/rootfs/go.sum b/images/kube-webhook-certgen/rootfs/go.sum index 61f5a8b34..a05f65b19 100644 --- a/images/kube-webhook-certgen/rootfs/go.sum +++ b/images/kube-webhook-certgen/rootfs/go.sum @@ -451,39 +451,8 @@ golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzB golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20181023162649-9b4f9f5ad519/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20181201002055-351d144fa1fc/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= -golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= -golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= -golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.0.0-20201202161906-c7110b5ffcbb/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= -golang.org/x/net v0.0.0-20211209124913-491a49abca63 h1:iocB37TsdFuN6IBRZ+ry36wrkoV51/tl5vOWqkcPGvY= -golang.org/x/net v0.0.0-20211209124913-491a49abca63/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.1.0 h1:hZ/3BUoy5aId7sCpA/Tc5lt8DkFgdVS2onTpJsZ/fl0= +golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -535,21 +504,21 @@ golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200831180312-196b9ba8737a/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200923182605-d9f96fdee20d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210403161142-5e06dd20ab57/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f h1:v4INt8xihDGvnrfjMDVXGxw9wrfxYyCjk0KbXjhR55s= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.1.0 h1:kunALQeHf1/185U1i0GOB/fy1IPRDDpuoOOqRReG57U= +golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= -golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d h1:SZxvLBoTP5yHO3Frd4z4vrF+DBX9vMVanchswa69toE= golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= +golang.org/x/term v0.1.0 h1:g6Z6vPFA9dYBAF7DWcH6sCcOntplXsDKcliusYijMlw= +golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/text v0.4.0 h1:BrVqGRd7+k1DiOgtnFvAkoQEWQvBc25ouMJM6429SFg= golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= From 3bca5e9c19bedfef2365a9214bd0c1675d53a725 Mon Sep 17 00:00:00 2001 From: James Strong Date: Tue, 8 Nov 2022 15:48:44 -0500 Subject: [PATCH 155/166] missed CVE-2022-27664 #9273 in 1.5.0 build Signed-off-by: James Strong --- TAG | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/TAG b/TAG index 2e7bd9108..53b5bbb12 100644 --- a/TAG +++ b/TAG @@ -1 +1 @@ -v1.5.0 +v1.5.1 From 63dbbdbb3a099417f411fbd1d684fa2a287c96cd Mon Sep 17 00:00:00 2001 From: James Strong Date: Wed, 9 Nov 2022 20:08:54 -0500 Subject: [PATCH 156/166] udate readme, charts and static deploys for release 1.5.1 (#9280) Signed-off-by: James Strong Signed-off-by: James Strong --- .github/workflows/ci.yaml | 6 +- Changelog.md | 96 ++++++++++++++++++- README.md | 46 ++++----- charts/ingress-nginx/CHANGELOG.md | 7 ++ charts/ingress-nginx/Chart.yaml | 12 +-- charts/ingress-nginx/README.md | 8 +- charts/ingress-nginx/values.yaml | 6 +- deploy/static/provider/aws/deploy.yaml | 48 +++++----- .../aws/nlb-with-tls-termination/deploy.yaml | 48 +++++----- deploy/static/provider/baremetal/deploy.yaml | 48 +++++----- deploy/static/provider/cloud/deploy.yaml | 48 +++++----- deploy/static/provider/do/deploy.yaml | 48 +++++----- deploy/static/provider/exoscale/deploy.yaml | 48 +++++----- deploy/static/provider/kind/deploy.yaml | 48 +++++----- deploy/static/provider/scw/deploy.yaml | 48 +++++----- docs/deploy/index.md | 20 ++-- 16 files changed, 342 insertions(+), 243 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 695799991..6f0c4aee2 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -139,7 +139,7 @@ jobs: strategy: matrix: - k8s: [v1.22.15, v1.23.12, v1.24.6, v1.25.2] + k8s: [v1.23.13, v1.24.7, v1.25.3] steps: @@ -222,7 +222,7 @@ jobs: strategy: matrix: - k8s: [v1.23.12, v1.24.6, v1.25.2] + k8s: [v1.23.13, v1.24.7, v1.25.3] steps: @@ -279,7 +279,7 @@ jobs: strategy: matrix: - k8s: [v1.23.12, v1.24.6, v1.25.2] + k8s: [v1.23.13, v1.24.7, v1.25.3] steps: diff --git a/Changelog.md b/Changelog.md index 34b49e28a..a7b62be50 100644 --- a/Changelog.md +++ b/Changelog.md @@ -1,5 +1,99 @@ # Changelog +### 1.5.1 + +* Upgrade NGINX to 1.21.6 +* Upgrade Golang 1.19.2 +* Fix Service Name length Bug [9245](https://github.com/kubernetes/ingress-nginx/pull/9245) +* CVE fixes CVE-2022-32149, CVE-2022-27664, CVE-2022-1996 + +Images: + +* registry.k8s.io/ingress-nginx/controller:v1.5.1@sha256:4ba73c697770664c1e00e9f968de14e08f606ff961c76e5d7033a4a9c593c629 +* registry.k8s.io/ingress-nginx/controller-chroot:v1.5.1@sha256:c1c091b88a6c936a83bd7b098662760a87868d12452529bad0d178fb36147345 + +### All Changes: + +* chore Fixed to Support Versions table by @yutachaos in https://github.com/kubernetes/ingress-nginx/pull/9117 +* Updated incorrect version number in the Installation Guide by @afro-coder in https://github.com/kubernetes/ingress-nginx/pull/9120 +* Updated the Developer guide with New Contributor information by @afro-coder in https://github.com/kubernetes/ingress-nginx/pull/9114 +* Remove deprecated net dependency by @rikatz in https://github.com/kubernetes/ingress-nginx/pull/9110 +* Fixed docs helm-docs version by @yutachaos in https://github.com/kubernetes/ingress-nginx/pull/9121 +* Fix CVE 2022 27664 by @strongjz in https://github.com/kubernetes/ingress-nginx/pull/9109 +* upgrade to golang 1.19.2 by @strongjz in https://github.com/kubernetes/ingress-nginx/pull/9124 +* fix e2e resource leak when ginkgo exit before clear resource by @loveRhythm1990 in https://github.com/kubernetes/ingress-nginx/pull/9103 +* fix: handle 401 and 403 by external auth by @johanneswuerbach in https://github.com/kubernetes/ingress-nginx/pull/9131 +* Move bowei to emeritus owner by @rikatz in https://github.com/kubernetes/ingress-nginx/pull/9150 +* fix null ports by @tombokombo in https://github.com/kubernetes/ingress-nginx/pull/9149 +* Documentation added for implemented redirection in the proxy to ensure image pulling by @Sanghamitra-PERSONAL in https://github.com/kubernetes/ingress-nginx/pull/9098 +* updating runner with golang 1.19.2 by @strongjz in https://github.com/kubernetes/ingress-nginx/pull/9158 +* Add install command for OVHcloud by @scraly in https://github.com/kubernetes/ingress-nginx/pull/9171 +* GitHub Templates: Remove trailing whitespaces. by @Gacko in https://github.com/kubernetes/ingress-nginx/pull/9172 +* Update helm chart changelog to show that kubernetes v1.21.x is no longer supported by @cskinfill in https://github.com/kubernetes/ingress-nginx/pull/9147 +* Add section to troubleshooting docs for failure to listen on port by @jrhunger in https://github.com/kubernetes/ingress-nginx/pull/9185 +* Implement parseFloat for annotations by @kirs in https://github.com/kubernetes/ingress-nginx/pull/9195 +* fix typo in docs. by @guettli in https://github.com/kubernetes/ingress-nginx/pull/9167 +* add:(admission-webhooks) ability to set securityContext by @ybelMekk in https://github.com/kubernetes/ingress-nginx/pull/9186 +* Fix Markdown header level by @jaens in https://github.com/kubernetes/ingress-nginx/pull/9210 +* chore: bump NGINX version v1.21.4 by @tao12345666333 in https://github.com/kubernetes/ingress-nginx/pull/8889 +* chore: update NGINX to 1.21.6 by @tao12345666333 in https://github.com/kubernetes/ingress-nginx/pull/9231 +* fix svc long name by @tombokombo in https://github.com/kubernetes/ingress-nginx/pull/9245 +* update base image of nginx to 1.21.6 by @strongjz in https://github.com/kubernetes/ingress-nginx/pull/9257 +* Fix CVE-2022-32149 by @esigo in https://github.com/kubernetes/ingress-nginx/pull/9258 +* Fix CVE-2022-1996 by @esigo in https://github.com/kubernetes/ingress-nginx/pull/9244 +* Adding support for disabling liveness and readiness probes to the Helm chart by @njegosrailic in https://github.com/kubernetes/ingress-nginx/pull/9238 +* fix CVE-2022-27664 by @esigo in https://github.com/kubernetes/ingress-nginx/pull/9273 +* Add CVE-2022-27664 #9273 in latest release by @strongjz in https://github.com/kubernetes/ingress-nginx/pull/9275 + +### Dependencies updates: + +* Bump docker/setup-buildx-action from 2.0.0 to 2.1.0 by @dependabot in https://github.com/kubernetes/ingress-nginx/pull/9180 +* Bump dorny/paths-filter from 2.10.2 to 2.11.1 by @dependabot in https://github.com/kubernetes/ingress-nginx/pull/9183 +* Bump helm/chart-releaser-action from 1.4.0 to 1.4.1 by @dependabot in https://github.com/kubernetes/ingress-nginx/pull/9136 +* Bump github/codeql-action from 2.1.25 to 2.1.27 by @dependabot in https://github.com/kubernetes/ingress-nginx/pull/9137 +* Bump ossf/scorecard-action from 2.0.3 to 2.0.4 by @dependabot in https://github.com/kubernetes/ingress-nginx/pull/9138 +* Bump google.golang.org/grpc from 1.49.0 to 1.50.0 by @dependabot in https://github.com/kubernetes/ingress-nginx/pull/9134 +* Bump actions/checkout from 3.0.2 to 3.1.0 by @dependabot in https://github.com/kubernetes/ingress-nginx/pull/9135 +* Bump actions/dependency-review-action from 2.5.0 to 2.5.1 by @dependabot in https://github.com/kubernetes/ingress-nginx/pull/9237 +* Bump github/codeql-action from 2.1.28 to 2.1.29 by @dependabot in https://github.com/kubernetes/ingress-nginx/pull/9236 +* Bump github.com/spf13/cobra from 1.6.0 to 1.6.1 by @dependabot in https://github.com/kubernetes/ingress-nginx/pull/9233 +* Bump actions/upload-artifact from 3.1.0 to 3.1.1 by @dependabot in https://github.com/kubernetes/ingress-nginx/pull/9234 +* Bump azure/setup-helm from 3.3 to 3.4 by @dependabot in https://github.com/kubernetes/ingress-nginx/pull/9235 +* Bump github.com/onsi/ginkgo/v2 from 2.3.1 to 2.4.0 by @dependabot in https://github.com/kubernetes/ingress-nginx/pull/9201 +* Bump goreleaser/goreleaser-action from 3.1.0 to 3.2.0 by @dependabot in https://github.com/kubernetes/ingress-nginx/pull/9208 +* Bump github.com/stretchr/testify from 1.8.0 to 1.8.1 by @dependabot in https://github.com/kubernetes/ingress-nginx/pull/9202 +* Bump ossf/scorecard-action from 2.0.4 to 2.0.6 by @dependabot in https://github.com/kubernetes/ingress-nginx/pull/9203 +* Bump docker/setup-buildx-action from 2.1.0 to 2.2.1 by @dependabot in https://github.com/kubernetes/ingress-nginx/pull/9204 +* Bump actions/setup-go from 3.3.0 to 3.3.1 by @dependabot in https://github.com/kubernetes/ingress-nginx/pull/9205 +* Bump github/codeql-action from 2.1.27 to 2.1.28 by @dependabot in https://github.com/kubernetes/ingress-nginx/pull/9206 +* Bump actions/download-artifact from 3.0.0 to 3.0.1 by @dependabot in https://github.com/kubernetes/ingress-nginx/pull/9207 +* Bump github.com/prometheus/client_model from 0.2.0 to 0.3.0 by @dependabot in https://github.com/kubernetes/ingress-nginx/pull/9200 +* Bump github.com/spf13/cobra from 1.5.0 to 1.6.0 by @dependabot in https://github.com/kubernetes/ingress-nginx/pull/9173 +* Bump google.golang.org/grpc from 1.50.0 to 1.50.1 by @dependabot in https://github.com/kubernetes/ingress-nginx/pull/9174 +* Bump k8s.io/component-base from 0.25.2 to 0.25.3 by @dependabot in https://github.com/kubernetes/ingress-nginx/pull/9175 +* Bump github.com/fsnotify/fsnotify from 1.5.4 to 1.6.0 by @dependabot in https://github.com/kubernetes/ingress-nginx/pull/9176 +* Bump github.com/onsi/ginkgo/v2 from 2.2.0 to 2.3.1 by @dependabot in https://github.com/kubernetes/ingress-nginx/pull/9177 +* Bump geekyeggo/delete-artifact from 1.0.0 to 2.0.0 by @dependabot in https://github.com/kubernetes/ingress-nginx/pull/9178 +* Bump actions/dependency-review-action from 2.4.0 to 2.5.0 by @dependabot in https://github.com/kubernetes/ingress-nginx/pull/9179 +* Bump docker/setup-qemu-action from 2.0.0 to 2.1.0 by @dependabot in https://github.com/kubernetes/ingress-nginx/pull/9181 +* Bump securego/gosec from 2.13.1 to 2.14.0 by @dependabot in https://github.com/kubernetes/ingress-nginx/pull/9182 + + +## New Contributors +* @yutachaos made their first contribution in https://github.com/kubernetes/ingress-nginx/pull/9117 +* @Gacko made their first contribution in https://github.com/kubernetes/ingress-nginx/pull/9123 +* @loveRhythm1990 made their first contribution in https://github.com/kubernetes/ingress-nginx/pull/9103 +* @johanneswuerbach made their first contribution in https://github.com/kubernetes/ingress-nginx/pull/9131 +* @FutureMatt made their first contribution in https://github.com/kubernetes/ingress-nginx/pull/9133 +* @Sanghamitra-PERSONAL made their first contribution in https://github.com/kubernetes/ingress-nginx/pull/9098 +* @scraly made their first contribution in https://github.com/kubernetes/ingress-nginx/pull/9171 +* @cskinfill made their first contribution in https://github.com/kubernetes/ingress-nginx/pull/9147 +* @jrhunger made their first contribution in https://github.com/kubernetes/ingress-nginx/pull/9185 +* @guettli made their first contribution in https://github.com/kubernetes/ingress-nginx/pull/9167 +* @ybelMekk made their first contribution in https://github.com/kubernetes/ingress-nginx/pull/9186 +* @jaens made their first contribution in https://github.com/kubernetes/ingress-nginx/pull/9210 + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-v1.4.0...controller-v1.5.1 ### 1.4.0 @@ -49,8 +143,6 @@ REMOVED Also upgraded to golang 1.19.1 - - Images: * registry.k8s.io/ingress-nginx/controller:v1.4.0@sha256:34ee929b111ffc7aa426ffd409af44da48e5a0eea1eb2207994d9e0c0882d143 diff --git a/README.md b/README.md index 1af0a6000..f8c020b68 100644 --- a/README.md +++ b/README.md @@ -6,17 +6,11 @@ [![GitHub stars](https://img.shields.io/github/stars/kubernetes/ingress-nginx.svg)](https://github.com/kubernetes/ingress-nginx/stargazers) [![GitHub stars](https://img.shields.io/badge/contributions-welcome-orange.svg)](https://github.com/kubernetes/ingress-nginx/blob/main/CONTRIBUTING.md) -### Community Update - -We will discuss the results of our Community Survey, progress on the stabilization project, and ideas going -forward with the project at [Kubecon NA 2022 in Detroit](https://events.linuxfoundation.org/kubecon-cloudnativecon-north-america/). Come join us and let us hear what you'd like to see in the -future for ingress-nginx. - -https://kccncna2022.sched.com/event/18lgl?iframe=no ## Overview -ingress-nginx is an Ingress controller for Kubernetes using [NGINX](https://www.nginx.org/) as a reverse proxy and load balancer. +ingress-nginx is an Ingress controller for Kubernetes using [NGINX](https://www.nginx.org/) as a reverse proxy and load +balancer. [Learn more about Ingress on the main Kubernetes documentation site](https://kubernetes.io/docs/concepts/services-networking/ingress/). @@ -26,18 +20,25 @@ See the [Getting Started](https://kubernetes.github.io/ingress-nginx/deploy/) do ## Troubleshooting -If you encounter issues, review the [troubleshooting docs](docs/troubleshooting.md), [file an issue](https://github.com/kubernetes/ingress-nginx/issues), or talk to us on the [#ingress-nginx channel](https://kubernetes.slack.com/messages/ingress-nginx) on the Kubernetes Slack server. +If you encounter issues, review the [troubleshooting docs](docs/troubleshooting.md), +[file an issue](https://github.com/kubernetes/ingress-nginx/issues), or talk to us on the +[#ingress-nginx channel](https://kubernetes.slack.com/messages/ingress-nginx) on the Kubernetes Slack server. ## Changelog See [the list of releases](https://github.com/kubernetes/ingress-nginx/releases) to find out about feature changes. For detailed changes for each release; please check the [Changelog.md](Changelog.md) file. -For detailed changes on the `ingress-nginx` helm chart, please check the following [CHANGELOG.md](charts/ingress-nginx/CHANGELOG.md) file. +For detailed changes on the `ingress-nginx` helm chart, please check the following +[CHANGELOG.md](charts/ingress-nginx/CHANGELOG.md) file. -### Support Versions table +### Supported Versions table + +Supported versions for the ingress-nginx project mean that we have completed E2E tests, and they are passing for +the versions listed. Ingress-Nginx versions may work on older versions but the project does not make that guarantee. | Ingress-NGINX version | k8s supported version | Alpine Version | Nginx Version | |-----------------------|------------------------------|----------------|---------------| +| v1.5.1 | 1.25, 1.24, 1.23 | 3.16.2 | 1.21.6 | | v1.4.0 | 1.25, 1.24, 1.23, 1.22 | 3.16.2 | 1.19.10† | | v1.3.1 | 1.24, 1.23, 1.22, 1.21, 1.20 | 3.16.2 | 1.19.10† | | v1.3.0 | 1.24, 1.23, 1.22, 1.21, 1.20 | 3.16.0 | 1.19.10† | @@ -54,29 +55,28 @@ For detailed changes on the `ingress-nginx` helm chart, please check the followi | v1.0.0 | 1.22, 1.21, 1.20, 1.19 | 3.13.5 | 1.20.1 | -† _This build is [patched against CVE-2021-23017](https://github.com/openresty/openresty/commit/4b5ec7edd78616f544abc194308e0cf4b788725b#diff-42ef841dc27fe0b5aa2d06bd31308bb63a59cdcddcbcddd917248349d22020a3)._ +† _This build is +[patched against CVE-2021-23017](https://github.com/openresty/openresty/commit/4b5ec7edd78616f544abc194308e0cf4b788725b#diff-42ef841dc27fe0b5aa2d06bd31308bb63a59cdcddcbcddd917248349d22020a3)._ -See [this article](https://kubernetes.io/blog/2021/07/26/update-with-ingress-nginx/) if you want upgrade to the stable Ingress API. +See [this article](https://kubernetes.io/blog/2021/07/26/update-with-ingress-nginx/) if you want upgrade to the stable +Ingress API. ## Get Involved Thanks for taking the time to join our community and start contributing! -- This project adheres to the [Kubernetes Community Code of Conduct](https://git.k8s.io/community/code-of-conduct.md). By participating in this project, you agree to abide by its terms. +- This project adheres to the [Kubernetes Community Code of Conduct](https://git.k8s.io/community/code-of-conduct.md). + By participating in this project, you agree to abide by its terms. - **Contributing**: Contributions of all kind are welcome! - - Read [`CONTRIBUTING.md`](CONTRIBUTING.md) for information about setting up your environment, the workflow that we expect, and instructions on the developer certificate of origin that we require. - + - Read [`CONTRIBUTING.md`](CONTRIBUTING.md) for information about setting up your environment, the workflow that we + expect, and instructions on the developer certificate of origin that we require. - Join our Kubernetes Slack channel for developer discussion : [#ingress-nginx-dev](https://kubernetes.slack.com/archives/C021E147ZA4). - - - Submit github issues for any feature enhancements, bugs or documentation problems. Please make sure to read the [Issue Reporting Checklist](https://github.com/kubernetes/ingress-nginx/blob/main/CONTRIBUTING.md#issue-reporting-guidelines) before opening an issue. Issues not conforming to the guidelines **may be closed immediately**. - -- **Support**: Join the [#ingress-nginx-users](https://kubernetes.slack.com/messages/CANQGM8BA/) channel inside the [Kubernetes Slack](http://slack.kubernetes.io/) to ask questions or get support from the maintainers and other users. - + - Submit GitHub issues for any feature enhancements, bugs or documentation problems. Please make sure to read the [Issue Reporting Checklist](https://github.com/kubernetes/ingress-nginx/blob/main/CONTRIBUTING.md#issue-reporting-guidelines) before opening an issue. Issues not conforming to the guidelines **may be closed immediately**. + - **Support**: Join the [#ingress-nginx-users](https://kubernetes.slack.com/messages/CANQGM8BA/) channel inside the [Kubernetes Slack](http://slack.kubernetes.io/) to ask questions or get support from the maintainers and other users. - The [GitHub issues](https://github.com/kubernetes/ingress-nginx/issues) in the repository are **exclusively** for bug reports and feature requests. - -- **Discuss**: Tweet using the `#IngressNginx` hashtag. + - **Discuss**: Tweet using the `#IngressNginx` hashtag. ## License diff --git a/charts/ingress-nginx/CHANGELOG.md b/charts/ingress-nginx/CHANGELOG.md index 2ec24733e..1b7adb25b 100644 --- a/charts/ingress-nginx/CHANGELOG.md +++ b/charts/ingress-nginx/CHANGELOG.md @@ -2,6 +2,13 @@ This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). +### 4.4.0 + +* Adding support for disabling liveness and readiness probes to the Helm chart by @njegosrailic in https://github.com/kubernetes/ingress-nginx/pull/9238 +* add:(admission-webhooks) ability to set securityContext by @ybelMekk in https://github.com/kubernetes/ingress-nginx/pull/9186 +* #7652 - Updated Helm chart to use the fullname for the electionID if not specified. by @FutureMatt in https://github.com/kubernetes/ingress-nginx/pull/9133 +* Rename controller-wehbooks-networkpolicy.yaml. by @Gacko in https://github.com/kubernetes/ingress-nginx/pull/9123 + ### 4.3.0 - Support for Kubernetes v.1.25.0 was added and support for endpoint slices - Support for Kubernetes v1.20.0 and v1.21.0 was removed diff --git a/charts/ingress-nginx/Chart.yaml b/charts/ingress-nginx/Chart.yaml index 9cf62ecf9..461601f59 100644 --- a/charts/ingress-nginx/Chart.yaml +++ b/charts/ingress-nginx/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: ingress-nginx # When the version is modified, make sure the artifacthub.io/changes list is updated # Also update CHANGELOG.md -version: 4.3.0 -appVersion: 1.4.0 +version: 4.4.0 +appVersion: 1.5.1 home: https://github.com/kubernetes/ingress-nginx description: Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer icon: https://upload.wikimedia.org/wikipedia/commons/thumb/c/c5/Nginx_logo.svg/500px-Nginx_logo.svg.png @@ -25,7 +25,7 @@ annotations: # List of changes for the release in artifacthub.io # https://artifacthub.io/packages/helm/ingress-nginx/ingress-nginx?modal=changelog artifacthub.io/changes: | - - "[8890](https://github.com/kubernetes/ingress-nginx/pull/8890) migrate to endpointslices" - - "[9059](https://github.com/kubernetes/ingress-nginx/pull/9059) kubewebhookcertgen sha change after go1191" - - "[9046](https://github.com/kubernetes/ingress-nginx/pull/9046) Parameterize metrics port name" - - "[9104](https://github.com/kubernetes/ingress-nginx/pull/9104) Fix yaml formatting error with multiple annotations" + - Adding support for disabling liveness and readiness probes to the Helm chart + - add:(admission-webhooks) ability to set securityContext + - Updated Helm chart to use the fullname for the electionID if not specified + - Rename controller-wehbooks-networkpolicy.yaml diff --git a/charts/ingress-nginx/README.md b/charts/ingress-nginx/README.md index 6ce41792e..bf4dcc8cd 100644 --- a/charts/ingress-nginx/README.md +++ b/charts/ingress-nginx/README.md @@ -2,7 +2,7 @@ [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer -![Version: 4.3.0](https://img.shields.io/badge/Version-4.3.0-informational?style=flat-square) ![AppVersion: 1.4.0](https://img.shields.io/badge/AppVersion-1.4.0-informational?style=flat-square) +![Version: 4.4.0](https://img.shields.io/badge/Version-4.4.0-informational?style=flat-square) ![AppVersion: 1.5.1](https://img.shields.io/badge/AppVersion-1.5.1-informational?style=flat-square) To use, add `ingressClassName: nginx` spec field or the `kubernetes.io/ingress.class: nginx` annotation to your Ingress resources. @@ -312,13 +312,13 @@ Kubernetes: `>=1.20.0-0` | controller.hostname | object | `{}` | Optionally customize the pod hostname. | | controller.image.allowPrivilegeEscalation | bool | `true` | | | controller.image.chroot | bool | `false` | | -| controller.image.digest | string | `"sha256:34ee929b111ffc7aa426ffd409af44da48e5a0eea1eb2207994d9e0c0882d143"` | | -| controller.image.digestChroot | string | `"sha256:b67e889f1db8692de7e41d4d9aef8de56645bf048261f31fa7f8bfc6ea2222a0"` | | +| controller.image.digest | string | `"sha256:4ba73c697770664c1e00e9f968de14e08f606ff961c76e5d7033a4a9c593c629"` | | +| controller.image.digestChroot | string | `"sha256:c1c091b88a6c936a83bd7b098662760a87868d12452529bad0d178fb36147345"` | | | controller.image.image | string | `"ingress-nginx/controller"` | | | controller.image.pullPolicy | string | `"IfNotPresent"` | | | controller.image.registry | string | `"registry.k8s.io"` | | | controller.image.runAsUser | int | `101` | | -| controller.image.tag | string | `"v1.4.0"` | | +| controller.image.tag | string | `"v1.5.1"` | | | controller.ingressClass | string | `"nginx"` | For backwards compatibility with ingress.class annotation, use ingressClass. Algorithm is as follows, first ingressClassName is considered, if not present, controller looks for ingress.class annotation | | controller.ingressClassByName | bool | `false` | Process IngressClass per name (additionally as per spec.controller). | | controller.ingressClassResource.controllerValue | string | `"k8s.io/ingress-nginx"` | Controller-value of the controller that is processing this ingressClass | diff --git a/charts/ingress-nginx/values.yaml b/charts/ingress-nginx/values.yaml index 9092a5de9..6304f2637 100644 --- a/charts/ingress-nginx/values.yaml +++ b/charts/ingress-nginx/values.yaml @@ -23,9 +23,9 @@ controller: ## for backwards compatibility consider setting the full image url via the repository value below ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail ## repository: - tag: "v1.4.0" - digest: sha256:34ee929b111ffc7aa426ffd409af44da48e5a0eea1eb2207994d9e0c0882d143 - digestChroot: sha256:b67e889f1db8692de7e41d4d9aef8de56645bf048261f31fa7f8bfc6ea2222a0 + tag: "v1.5.1" + digest: sha256:4ba73c697770664c1e00e9f968de14e08f606ff961c76e5d7033a4a9c593c629 + digestChroot: sha256:c1c091b88a6c936a83bd7b098662760a87868d12452529bad0d178fb36147345 pullPolicy: IfNotPresent # www-data -> uid 101 runAsUser: 101 diff --git a/deploy/static/provider/aws/deploy.yaml b/deploy/static/provider/aws/deploy.yaml index 5c656bfae..fbdf9486a 100644 --- a/deploy/static/provider/aws/deploy.yaml +++ b/deploy/static/provider/aws/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx namespace: ingress-nginx rules: @@ -93,7 +93,7 @@ rules: - apiGroups: - "" resourceNames: - - ingress-controller-leader + - ingress-nginx-leader resources: - configmaps verbs: @@ -108,7 +108,7 @@ rules: - apiGroups: - coordination.k8s.io resourceNames: - - ingress-controller-leader + - ingress-nginx-leader resources: - leases verbs: @@ -144,7 +144,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -163,7 +163,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx rules: - apiGroups: @@ -245,7 +245,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission rules: - apiGroups: @@ -264,7 +264,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -284,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -303,7 +303,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -322,7 +322,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -343,7 +343,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -359,7 +359,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -392,7 +392,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -415,7 +415,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -437,7 +437,7 @@ spec: - args: - /nginx-ingress-controller - --publish-service=$(POD_NAMESPACE)/ingress-nginx-controller - - --election-id=ingress-controller-leader + - --election-id=ingress-nginx-leader - --controller-class=k8s.io/ingress-nginx - --ingress-class=nginx - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller @@ -455,7 +455,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.4.0@sha256:34ee929b111ffc7aa426ffd409af44da48e5a0eea1eb2207994d9e0c0882d143 + image: registry.k8s.io/ingress-nginx/controller:v1.5.1@sha256:4ba73c697770664c1e00e9f968de14e08f606ff961c76e5d7033a4a9c593c629 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -527,7 +527,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -538,7 +538,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-create spec: containers: @@ -574,7 +574,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -585,7 +585,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-patch spec: containers: @@ -623,7 +623,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: nginx spec: controller: k8s.io/ingress-nginx @@ -636,7 +636,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml b/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml index 91886150d..73ec24286 100644 --- a/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml +++ b/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx namespace: ingress-nginx rules: @@ -93,7 +93,7 @@ rules: - apiGroups: - "" resourceNames: - - ingress-controller-leader + - ingress-nginx-leader resources: - configmaps verbs: @@ -108,7 +108,7 @@ rules: - apiGroups: - coordination.k8s.io resourceNames: - - ingress-controller-leader + - ingress-nginx-leader resources: - leases verbs: @@ -144,7 +144,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -163,7 +163,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx rules: - apiGroups: @@ -245,7 +245,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission rules: - apiGroups: @@ -264,7 +264,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -284,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -303,7 +303,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -322,7 +322,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -350,7 +350,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -368,7 +368,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -401,7 +401,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -424,7 +424,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -446,7 +446,7 @@ spec: - args: - /nginx-ingress-controller - --publish-service=$(POD_NAMESPACE)/ingress-nginx-controller - - --election-id=ingress-controller-leader + - --election-id=ingress-nginx-leader - --controller-class=k8s.io/ingress-nginx - --ingress-class=nginx - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller @@ -464,7 +464,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.4.0@sha256:34ee929b111ffc7aa426ffd409af44da48e5a0eea1eb2207994d9e0c0882d143 + image: registry.k8s.io/ingress-nginx/controller:v1.5.1@sha256:4ba73c697770664c1e00e9f968de14e08f606ff961c76e5d7033a4a9c593c629 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -539,7 +539,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -550,7 +550,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-create spec: containers: @@ -586,7 +586,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -597,7 +597,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-patch spec: containers: @@ -635,7 +635,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: nginx spec: controller: k8s.io/ingress-nginx @@ -648,7 +648,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/baremetal/deploy.yaml b/deploy/static/provider/baremetal/deploy.yaml index bb9ce026c..9e6e905bb 100644 --- a/deploy/static/provider/baremetal/deploy.yaml +++ b/deploy/static/provider/baremetal/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx namespace: ingress-nginx rules: @@ -93,7 +93,7 @@ rules: - apiGroups: - "" resourceNames: - - ingress-controller-leader + - ingress-nginx-leader resources: - configmaps verbs: @@ -108,7 +108,7 @@ rules: - apiGroups: - coordination.k8s.io resourceNames: - - ingress-controller-leader + - ingress-nginx-leader resources: - leases verbs: @@ -144,7 +144,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -163,7 +163,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx rules: - apiGroups: @@ -245,7 +245,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission rules: - apiGroups: @@ -264,7 +264,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -284,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -303,7 +303,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -322,7 +322,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -343,7 +343,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -355,7 +355,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -387,7 +387,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -410,7 +410,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -431,7 +431,7 @@ spec: containers: - args: - /nginx-ingress-controller - - --election-id=ingress-controller-leader + - --election-id=ingress-nginx-leader - --controller-class=k8s.io/ingress-nginx - --ingress-class=nginx - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller @@ -449,7 +449,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.4.0@sha256:34ee929b111ffc7aa426ffd409af44da48e5a0eea1eb2207994d9e0c0882d143 + image: registry.k8s.io/ingress-nginx/controller:v1.5.1@sha256:4ba73c697770664c1e00e9f968de14e08f606ff961c76e5d7033a4a9c593c629 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -521,7 +521,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -532,7 +532,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-create spec: containers: @@ -568,7 +568,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -579,7 +579,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-patch spec: containers: @@ -617,7 +617,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: nginx spec: controller: k8s.io/ingress-nginx @@ -630,7 +630,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/cloud/deploy.yaml b/deploy/static/provider/cloud/deploy.yaml index 372c71909..dd986a55d 100644 --- a/deploy/static/provider/cloud/deploy.yaml +++ b/deploy/static/provider/cloud/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx namespace: ingress-nginx rules: @@ -93,7 +93,7 @@ rules: - apiGroups: - "" resourceNames: - - ingress-controller-leader + - ingress-nginx-leader resources: - configmaps verbs: @@ -108,7 +108,7 @@ rules: - apiGroups: - coordination.k8s.io resourceNames: - - ingress-controller-leader + - ingress-nginx-leader resources: - leases verbs: @@ -144,7 +144,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -163,7 +163,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx rules: - apiGroups: @@ -245,7 +245,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission rules: - apiGroups: @@ -264,7 +264,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -284,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -303,7 +303,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -322,7 +322,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -343,7 +343,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -355,7 +355,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -388,7 +388,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -411,7 +411,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -433,7 +433,7 @@ spec: - args: - /nginx-ingress-controller - --publish-service=$(POD_NAMESPACE)/ingress-nginx-controller - - --election-id=ingress-controller-leader + - --election-id=ingress-nginx-leader - --controller-class=k8s.io/ingress-nginx - --ingress-class=nginx - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller @@ -451,7 +451,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.4.0@sha256:34ee929b111ffc7aa426ffd409af44da48e5a0eea1eb2207994d9e0c0882d143 + image: registry.k8s.io/ingress-nginx/controller:v1.5.1@sha256:4ba73c697770664c1e00e9f968de14e08f606ff961c76e5d7033a4a9c593c629 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -523,7 +523,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -534,7 +534,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-create spec: containers: @@ -570,7 +570,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -581,7 +581,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-patch spec: containers: @@ -619,7 +619,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: nginx spec: controller: k8s.io/ingress-nginx @@ -632,7 +632,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/do/deploy.yaml b/deploy/static/provider/do/deploy.yaml index c7da768ff..64e0366b4 100644 --- a/deploy/static/provider/do/deploy.yaml +++ b/deploy/static/provider/do/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx namespace: ingress-nginx rules: @@ -93,7 +93,7 @@ rules: - apiGroups: - "" resourceNames: - - ingress-controller-leader + - ingress-nginx-leader resources: - configmaps verbs: @@ -108,7 +108,7 @@ rules: - apiGroups: - coordination.k8s.io resourceNames: - - ingress-controller-leader + - ingress-nginx-leader resources: - leases verbs: @@ -144,7 +144,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -163,7 +163,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx rules: - apiGroups: @@ -245,7 +245,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission rules: - apiGroups: @@ -264,7 +264,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -284,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -303,7 +303,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -322,7 +322,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -344,7 +344,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -358,7 +358,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -391,7 +391,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -414,7 +414,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -436,7 +436,7 @@ spec: - args: - /nginx-ingress-controller - --publish-service=$(POD_NAMESPACE)/ingress-nginx-controller - - --election-id=ingress-controller-leader + - --election-id=ingress-nginx-leader - --controller-class=k8s.io/ingress-nginx - --ingress-class=nginx - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller @@ -454,7 +454,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.4.0@sha256:34ee929b111ffc7aa426ffd409af44da48e5a0eea1eb2207994d9e0c0882d143 + image: registry.k8s.io/ingress-nginx/controller:v1.5.1@sha256:4ba73c697770664c1e00e9f968de14e08f606ff961c76e5d7033a4a9c593c629 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -526,7 +526,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -537,7 +537,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-create spec: containers: @@ -573,7 +573,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -584,7 +584,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-patch spec: containers: @@ -622,7 +622,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: nginx spec: controller: k8s.io/ingress-nginx @@ -635,7 +635,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/exoscale/deploy.yaml b/deploy/static/provider/exoscale/deploy.yaml index dfb0e8f7d..d6a40aed9 100644 --- a/deploy/static/provider/exoscale/deploy.yaml +++ b/deploy/static/provider/exoscale/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx namespace: ingress-nginx rules: @@ -93,7 +93,7 @@ rules: - apiGroups: - "" resourceNames: - - ingress-controller-leader + - ingress-nginx-leader resources: - configmaps verbs: @@ -108,7 +108,7 @@ rules: - apiGroups: - coordination.k8s.io resourceNames: - - ingress-controller-leader + - ingress-nginx-leader resources: - leases verbs: @@ -144,7 +144,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -163,7 +163,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx rules: - apiGroups: @@ -245,7 +245,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission rules: - apiGroups: @@ -264,7 +264,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -284,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -303,7 +303,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -322,7 +322,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -343,7 +343,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -364,7 +364,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -397,7 +397,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -420,7 +420,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -442,7 +442,7 @@ spec: - args: - /nginx-ingress-controller - --publish-service=$(POD_NAMESPACE)/ingress-nginx-controller - - --election-id=ingress-controller-leader + - --election-id=ingress-nginx-leader - --controller-class=k8s.io/ingress-nginx - --ingress-class=nginx - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller @@ -460,7 +460,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.4.0@sha256:34ee929b111ffc7aa426ffd409af44da48e5a0eea1eb2207994d9e0c0882d143 + image: registry.k8s.io/ingress-nginx/controller:v1.5.1@sha256:4ba73c697770664c1e00e9f968de14e08f606ff961c76e5d7033a4a9c593c629 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -532,7 +532,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -543,7 +543,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-create spec: containers: @@ -579,7 +579,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -590,7 +590,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-patch spec: containers: @@ -628,7 +628,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: nginx spec: controller: k8s.io/ingress-nginx @@ -641,7 +641,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/kind/deploy.yaml b/deploy/static/provider/kind/deploy.yaml index cde5ece76..62ead9e34 100644 --- a/deploy/static/provider/kind/deploy.yaml +++ b/deploy/static/provider/kind/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx namespace: ingress-nginx rules: @@ -93,7 +93,7 @@ rules: - apiGroups: - "" resourceNames: - - ingress-controller-leader + - ingress-nginx-leader resources: - configmaps verbs: @@ -108,7 +108,7 @@ rules: - apiGroups: - coordination.k8s.io resourceNames: - - ingress-controller-leader + - ingress-nginx-leader resources: - leases verbs: @@ -144,7 +144,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -163,7 +163,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx rules: - apiGroups: @@ -245,7 +245,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission rules: - apiGroups: @@ -264,7 +264,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -284,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -303,7 +303,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -322,7 +322,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -343,7 +343,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -355,7 +355,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -387,7 +387,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -410,7 +410,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -435,7 +435,7 @@ spec: containers: - args: - /nginx-ingress-controller - - --election-id=ingress-controller-leader + - --election-id=ingress-nginx-leader - --controller-class=k8s.io/ingress-nginx - --ingress-class=nginx - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller @@ -455,7 +455,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.4.0@sha256:34ee929b111ffc7aa426ffd409af44da48e5a0eea1eb2207994d9e0c0882d143 + image: registry.k8s.io/ingress-nginx/controller:v1.5.1@sha256:4ba73c697770664c1e00e9f968de14e08f606ff961c76e5d7033a4a9c593c629 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -537,7 +537,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -548,7 +548,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-create spec: containers: @@ -584,7 +584,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -595,7 +595,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-patch spec: containers: @@ -633,7 +633,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: nginx spec: controller: k8s.io/ingress-nginx @@ -646,7 +646,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/scw/deploy.yaml b/deploy/static/provider/scw/deploy.yaml index 25880d180..d52f01489 100644 --- a/deploy/static/provider/scw/deploy.yaml +++ b/deploy/static/provider/scw/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx namespace: ingress-nginx rules: @@ -93,7 +93,7 @@ rules: - apiGroups: - "" resourceNames: - - ingress-controller-leader + - ingress-nginx-leader resources: - configmaps verbs: @@ -108,7 +108,7 @@ rules: - apiGroups: - coordination.k8s.io resourceNames: - - ingress-controller-leader + - ingress-nginx-leader resources: - leases verbs: @@ -144,7 +144,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -163,7 +163,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx rules: - apiGroups: @@ -245,7 +245,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission rules: - apiGroups: @@ -264,7 +264,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -284,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -303,7 +303,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -322,7 +322,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -344,7 +344,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -358,7 +358,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -391,7 +391,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -414,7 +414,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -436,7 +436,7 @@ spec: - args: - /nginx-ingress-controller - --publish-service=$(POD_NAMESPACE)/ingress-nginx-controller - - --election-id=ingress-controller-leader + - --election-id=ingress-nginx-leader - --controller-class=k8s.io/ingress-nginx - --ingress-class=nginx - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller @@ -454,7 +454,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.4.0@sha256:34ee929b111ffc7aa426ffd409af44da48e5a0eea1eb2207994d9e0c0882d143 + image: registry.k8s.io/ingress-nginx/controller:v1.5.1@sha256:4ba73c697770664c1e00e9f968de14e08f606ff961c76e5d7033a4a9c593c629 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -526,7 +526,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -537,7 +537,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-create spec: containers: @@ -573,7 +573,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -584,7 +584,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-patch spec: containers: @@ -622,7 +622,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: nginx spec: controller: k8s.io/ingress-nginx @@ -635,7 +635,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.4.0 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/docs/deploy/index.md b/docs/deploy/index.md index 3f99c7a44..29495b5c0 100644 --- a/docs/deploy/index.md +++ b/docs/deploy/index.md @@ -62,7 +62,7 @@ It will install the controller in the `ingress-nginx` namespace, creating that n **If you don't have Helm** or if you prefer to use a YAML manifest, you can run the following command instead: ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.4.0/deploy/static/provider/cloud/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.1/deploy/static/provider/cloud/deploy.yaml ``` !!! info @@ -225,7 +225,7 @@ In AWS, we use a Network load balancer (NLB) to expose the NGINX Ingress control ##### Network Load Balancer (NLB) ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.4.0/deploy/static/provider/aws/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.1/deploy/static/provider/aws/deploy.yaml ``` ##### TLS termination in AWS Load Balancer (NLB) @@ -233,10 +233,10 @@ kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/cont By default, TLS is terminated in the ingress controller. But it is also possible to terminate TLS in the Load Balancer. This section explains how to do that on AWS using an NLB. -1. Download the [deploy.yaml](https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.4.0/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml) template +1. Download the [deploy.yaml](https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.1/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml) template ```console - wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.4.0/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml + wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.1/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml ``` 2. Edit the file and change the VPC CIDR in use for the Kubernetes cluster: @@ -282,7 +282,7 @@ Then, the ingress controller can be installed like this: ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.4.0/deploy/static/provider/cloud/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.1/deploy/static/provider/cloud/deploy.yaml ``` !!! warning @@ -299,7 +299,7 @@ Proxy-protocol is supported in GCE check the [Official Documentations on how to #### Azure ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.4.0/deploy/static/provider/cloud/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.1/deploy/static/provider/cloud/deploy.yaml ``` More information with regard to Azure annotations for ingress controller can be found in the [official AKS documentation](https://docs.microsoft.com/en-us/azure/aks/ingress-internal-ip#create-an-ingress-controller). @@ -307,7 +307,7 @@ More information with regard to Azure annotations for ingress controller can be #### Digital Ocean ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.4.0/deploy/static/provider/do/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.1/deploy/static/provider/do/deploy.yaml ``` - By default the service object of the ingress-nginx-controller for Digital-Ocean, only configures one annotation. Its this one `service.beta.kubernetes.io/do-loadbalancer-enable-proxy-protocol: "true"`. While this makes the service functional, it was reported that the Digital-Ocean LoadBalancer graphs shows `no data`, unless a few other annotations are also configured. Some of these other annotations require values that can not be generic and hence not forced in a out-of-the-box installation. These annotations and a discussion on them is well documented in [this issue](https://github.com/kubernetes/ingress-nginx/issues/8965). Please refer to the issue to add annotations, with values specific to user, to get graphs of the DO-LB populated with data. @@ -315,7 +315,7 @@ kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/cont #### Scaleway ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.4.0/deploy/static/provider/scw/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.1/deploy/static/provider/scw/deploy.yaml ``` #### Exoscale @@ -330,7 +330,7 @@ The full list of annotations supported by Exoscale is available in the Exoscale #### Oracle Cloud Infrastructure ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.4.0/deploy/static/provider/cloud/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.1/deploy/static/provider/cloud/deploy.yaml ``` A @@ -357,7 +357,7 @@ For quick testing, you can use a This should work on almost every cluster, but it will typically use a port in the range 30000-32767. ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.4.0/deploy/static/provider/baremetal/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.1/deploy/static/provider/baremetal/deploy.yaml ``` For more information about bare metal deployments (and how to use port 80 instead of a random port in the 30000-32767 range), From 726d7e6239807c4cde0b6c51fe24de256b43c18e Mon Sep 17 00:00:00 2001 From: pellmont Date: Thu, 10 Nov 2022 11:38:54 +0100 Subject: [PATCH 157/166] add containerSecurityContext to extraModules init containers (kubernetes#9016) (#9242) --- charts/ingress-nginx/README.md | 2 +- ...-extra-modules-default-container-sec-context.yaml | 12 ++++++++++++ ...extra-modules-specific-container-sec-context.yaml | 12 ++++++++++++ .../templates/controller-daemonset.yaml | 6 ++++++ .../templates/controller-deployment.yaml | 3 +++ charts/ingress-nginx/values.yaml | 4 +++- 6 files changed, 37 insertions(+), 2 deletions(-) create mode 100644 charts/ingress-nginx/ci/deployment-extra-modules-default-container-sec-context.yaml create mode 100644 charts/ingress-nginx/ci/deployment-extra-modules-specific-container-sec-context.yaml diff --git a/charts/ingress-nginx/README.md b/charts/ingress-nginx/README.md index bf4dcc8cd..f34615399 100644 --- a/charts/ingress-nginx/README.md +++ b/charts/ingress-nginx/README.md @@ -300,7 +300,7 @@ Kubernetes: `>=1.20.0-0` | controller.extraContainers | list | `[]` | Additional containers to be added to the controller pod. See https://github.com/lemonldap-ng-controller/lemonldap-ng-controller as example. | | controller.extraEnvs | list | `[]` | Additional environment variables to set | | controller.extraInitContainers | list | `[]` | Containers, which are run before the app containers are started. | -| controller.extraModules | list | `[]` | | +| controller.extraModules | list | `[]` | Modules, which are mounted into the core nginx image. See values.yaml for a sample to add opentelemetry module | | controller.extraVolumeMounts | list | `[]` | Additional volumeMounts to the controller main container. | | controller.extraVolumes | list | `[]` | Additional volumes to the controller pod. | | controller.healthCheckHost | string | `""` | Address to bind the health check endpoint. It is better to set this option to the internal node address if the ingress nginx controller is running in the `hostNetwork: true` mode. | diff --git a/charts/ingress-nginx/ci/deployment-extra-modules-default-container-sec-context.yaml b/charts/ingress-nginx/ci/deployment-extra-modules-default-container-sec-context.yaml new file mode 100644 index 000000000..2310c344e --- /dev/null +++ b/charts/ingress-nginx/ci/deployment-extra-modules-default-container-sec-context.yaml @@ -0,0 +1,12 @@ +controller: + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + service: + type: ClusterIP + containerSecurityContext: + allowPrivilegeEscalation: false + extraModules: + - name: opentelemetry + image: busybox diff --git a/charts/ingress-nginx/ci/deployment-extra-modules-specific-container-sec-context.yaml b/charts/ingress-nginx/ci/deployment-extra-modules-specific-container-sec-context.yaml new file mode 100644 index 000000000..bd2f011cc --- /dev/null +++ b/charts/ingress-nginx/ci/deployment-extra-modules-specific-container-sec-context.yaml @@ -0,0 +1,12 @@ +controller: + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + service: + type: ClusterIP + extraModules: + - name: opentelemetry + image: busybox + containerSecurityContext: + allowPrivilegeEscalation: false diff --git a/charts/ingress-nginx/templates/controller-daemonset.yaml b/charts/ingress-nginx/templates/controller-daemonset.yaml index 4163e255c..802730331 100644 --- a/charts/ingress-nginx/templates/controller-daemonset.yaml +++ b/charts/ingress-nginx/templates/controller-daemonset.yaml @@ -181,6 +181,12 @@ spec: - name: {{ .Name }} image: {{ .Image }} command: ['sh', '-c', '/usr/local/bin/init_module.sh'] + {{- if (or $.Values.controller.containerSecurityContext .containerSecurityContext) }} + securityContext: {{ .containerSecurityContext | default $.Values.controller.containerSecurityContext | toYaml | nindent 14 }} + {{- end }} + volumeMounts: + - name: modules + mountPath: /modules_mount {{- end }} {{- end }} {{- end }} diff --git a/charts/ingress-nginx/templates/controller-deployment.yaml b/charts/ingress-nginx/templates/controller-deployment.yaml index dfe4cae92..9dac747ea 100644 --- a/charts/ingress-nginx/templates/controller-deployment.yaml +++ b/charts/ingress-nginx/templates/controller-deployment.yaml @@ -187,6 +187,9 @@ spec: - name: {{ .name }} image: {{ .image }} command: ['sh', '-c', '/usr/local/bin/init_module.sh'] + {{- if (or $.Values.controller.containerSecurityContext .containerSecurityContext) }} + securityContext: {{ .containerSecurityContext | default $.Values.controller.containerSecurityContext | toYaml | nindent 14 }} + {{- end }} volumeMounts: - name: modules mountPath: /modules_mount diff --git a/charts/ingress-nginx/values.yaml b/charts/ingress-nginx/values.yaml index 6304f2637..dc9980d14 100644 --- a/charts/ingress-nginx/values.yaml +++ b/charts/ingress-nginx/values.yaml @@ -577,10 +577,12 @@ controller: # image: busybox # command: ['sh', '-c', 'until nslookup myservice; do echo waiting for myservice; sleep 2; done;'] + # -- Modules, which are mounted into the core nginx image. See values.yaml for a sample to add opentelemetry module extraModules: [] - ## Modules, which are mounted into the core nginx image # - name: opentelemetry # image: registry.k8s.io/ingress-nginx/opentelemetry:v20220906-g981ce38a7@sha256:aa079daa7efd93aa830e26483a49a6343354518360929494bad1d0ad3303142e + # containerSecurityContext: + # allowPrivilegeEscalation: false # # The image must contain a `/usr/local/bin/init_module.sh` executable, which # will be executed as initContainers, to move its config files within the From 170af7be88ccbcd3a13f67811ab728d056377a26 Mon Sep 17 00:00:00 2001 From: Marco Ebert Date: Thu, 10 Nov 2022 12:20:54 +0100 Subject: [PATCH 158/166] PDB: Add `maxUnavailable`. (#9278) --- charts/ingress-nginx/README.md | 2 +- .../templates/controller-poddisruptionbudget.yaml | 4 ++++ charts/ingress-nginx/values.yaml | 3 +++ 3 files changed, 8 insertions(+), 1 deletion(-) diff --git a/charts/ingress-nginx/README.md b/charts/ingress-nginx/README.md index f34615399..f4486ac91 100644 --- a/charts/ingress-nginx/README.md +++ b/charts/ingress-nginx/README.md @@ -367,7 +367,7 @@ Kubernetes: `>=1.20.0-0` | controller.metrics.serviceMonitor.relabelings | list | `[]` | | | controller.metrics.serviceMonitor.scrapeInterval | string | `"30s"` | | | controller.metrics.serviceMonitor.targetLabels | list | `[]` | | -| controller.minAvailable | int | `1` | | +| controller.minAvailable | int | `1` | Define either 'minAvailable' or 'maxUnavailable', never both. | | controller.minReadySeconds | int | `0` | `minReadySeconds` to avoid killing pods before we are ready # | | controller.name | string | `"controller"` | | | controller.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node labels for controller pod assignment # Ref: https://kubernetes.io/docs/user-guide/node-selection/ # | diff --git a/charts/ingress-nginx/templates/controller-poddisruptionbudget.yaml b/charts/ingress-nginx/templates/controller-poddisruptionbudget.yaml index 8dfbe9891..899d3cc5d 100644 --- a/charts/ingress-nginx/templates/controller-poddisruptionbudget.yaml +++ b/charts/ingress-nginx/templates/controller-poddisruptionbudget.yaml @@ -15,5 +15,9 @@ spec: matchLabels: {{- include "ingress-nginx.selectorLabels" . | nindent 6 }} app.kubernetes.io/component: controller + {{- if .Values.controller.minAvailable }} minAvailable: {{ .Values.controller.minAvailable }} + {{- else if .Values.controller.maxUnavailable }} + maxUnavailable: {{ .Values.controller.maxUnavailable }} + {{- end }} {{- end }} diff --git a/charts/ingress-nginx/values.yaml b/charts/ingress-nginx/values.yaml index dc9980d14..c71fd2080 100644 --- a/charts/ingress-nginx/values.yaml +++ b/charts/ingress-nginx/values.yaml @@ -345,7 +345,10 @@ controller: replicaCount: 1 + # -- Define either 'minAvailable' or 'maxUnavailable', never both. minAvailable: 1 + # -- Define either 'minAvailable' or 'maxUnavailable', never both. + # maxUnavailable: 1 ## Define requests resources to avoid probe issues due to CPU utilization in busy nodes ## ref: https://github.com/kubernetes/ingress-nginx/issues/4735#issuecomment-551204903 From 69a811dde9368f0464c1e050648a979a67fad3e8 Mon Sep 17 00:00:00 2001 From: Michael Wittig <948604+Sh4kE@users.noreply.github.com> Date: Thu, 10 Nov 2022 14:48:56 +0100 Subject: [PATCH 159/166] fix broken annotation yaml (#9243) --- charts/ingress-nginx/templates/controller-serviceaccount.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/ingress-nginx/templates/controller-serviceaccount.yaml b/charts/ingress-nginx/templates/controller-serviceaccount.yaml index e31819f7c..e6e776d09 100644 --- a/charts/ingress-nginx/templates/controller-serviceaccount.yaml +++ b/charts/ingress-nginx/templates/controller-serviceaccount.yaml @@ -12,7 +12,7 @@ metadata: namespace: {{ .Release.Namespace }} {{- if .Values.serviceAccount.annotations }} annotations: - {{- toYaml .Values.serviceAccount.annotations | indent 4 }} + {{- toYaml .Values.serviceAccount.annotations | nindent 4 }} {{- end }} automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} {{- end }} From 3db3c19685a6f74859a95859ff75ca87890752c5 Mon Sep 17 00:00:00 2001 From: James Strong Date: Fri, 11 Nov 2022 10:00:10 -0500 Subject: [PATCH 160/166] run helm release on main only and when the chart/value changes only (#9290) Signed-off-by: James Strong Signed-off-by: James Strong --- .github/workflows/helm.yaml | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/.github/workflows/helm.yaml b/.github/workflows/helm.yaml index 4dadc9349..33e06bbdc 100644 --- a/.github/workflows/helm.yaml +++ b/.github/workflows/helm.yaml @@ -4,7 +4,6 @@ on: push: branches: - main - - legacy permissions: contents: read @@ -34,7 +33,7 @@ jobs: filters: | charts: - 'charts/ingress-nginx/Chart.yaml' - - 'charts/ingress-nginx/**/*' + - 'charts/ingress-nginx/values.yaml' chart: name: Release Chart @@ -52,7 +51,7 @@ jobs: steps: - name: Checkout master - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.0.2 + uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 with: # Fetch entire history. Required for chart-releaser; see https://github.com/helm/chart-releaser-action/issues/13#issuecomment-602063896 fetch-depth: 0 @@ -64,10 +63,10 @@ jobs: git config --global user.email "$GITHUB_ACTOR@users.noreply.github.com" - name: Helm Chart Releaser - uses: helm/chart-releaser-action@v1.4.1 + uses: helm/chart-releaser-action@98bccfd32b0f76149d188912ac8e45ddd3f8695f #v1.4.1 env: CR_SKIP_EXISTING: "false" CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" CR_RELEASE_NAME_TEMPLATE: "helm-chart-{{ .Version }}" with: - charts_dir: charts + charts_dir: charts \ No newline at end of file From f08369cdc6d69e5fd8f88644843c884683ae9f49 Mon Sep 17 00:00:00 2001 From: Joseph Richardson <49208786+JoeHCQ1@users.noreply.github.com> Date: Sun, 13 Nov 2022 14:29:56 -0500 Subject: [PATCH 161/166] Fixed indentation in commented-out autoscaling (#9225) --- charts/ingress-nginx/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/ingress-nginx/values.yaml b/charts/ingress-nginx/values.yaml index c71fd2080..35f922f6b 100644 --- a/charts/ingress-nginx/values.yaml +++ b/charts/ingress-nginx/values.yaml @@ -372,7 +372,7 @@ controller: behavior: {} # scaleDown: # stabilizationWindowSeconds: 300 - # policies: + # policies: # - type: Pods # value: 1 # periodSeconds: 180 From a66ee73c5adb005fc4626d2bc750e7fe7f1125ff Mon Sep 17 00:00:00 2001 From: Ehsan Saei <71217171+esigo@users.noreply.github.com> Date: Mon, 14 Nov 2022 20:50:43 +0100 Subject: [PATCH 162/166] OpenTelemetry static linking (#9286) * static otel lib * clean * nginx 1.21 --- images/opentelemetry/rootfs/CMakeLists.txt | 2 +- images/opentelemetry/rootfs/Dockerfile | 2 +- images/opentelemetry/rootfs/build.sh | 48 +--------------------- 3 files changed, 4 insertions(+), 48 deletions(-) diff --git a/images/opentelemetry/rootfs/CMakeLists.txt b/images/opentelemetry/rootfs/CMakeLists.txt index 7278016a0..e4abc7346 100644 --- a/images/opentelemetry/rootfs/CMakeLists.txt +++ b/images/opentelemetry/rootfs/CMakeLists.txt @@ -80,7 +80,7 @@ ExternalProject_Add( -DgRPC_SSL_PROVIDER=package -DOPENSSL_ROOT_DIR=OpenSSL -DgRPC_BUILD_TESTS=OFF - -DBUILD_SHARED_LIBS=ON + -DBUILD_SHARED_LIBS=OFF -DgRPC_INSTALL=ON CMAKE_CACHE_ARGS -DCMAKE_CXX_FLAGS:STRING=${CMAKE_CXX_FLAGS} TEST_AFTER_INSTALL 0 diff --git a/images/opentelemetry/rootfs/Dockerfile b/images/opentelemetry/rootfs/Dockerfile index f8fb37811..3c137dbe2 100644 --- a/images/opentelemetry/rootfs/Dockerfile +++ b/images/opentelemetry/rootfs/Dockerfile @@ -39,7 +39,7 @@ COPY --from=grpc /opt/third_party/install/ /usr COPY --from=otel-cpp /opt/third_party/install/ /usr RUN bash /opt/third_party/build.sh -n -FROM alpine:3.16.2 +FROM alpine:3.16.2 as final COPY --from=base /opt/third_party/init_module.sh /usr/local/bin/init_module.sh COPY --from=nginx /etc/nginx/modules /etc/nginx/modules COPY --from=nginx /opt/third_party/install/lib /etc/nginx/modules diff --git a/images/opentelemetry/rootfs/build.sh b/images/opentelemetry/rootfs/build.sh index 91298274d..19914932c 100755 --- a/images/opentelemetry/rootfs/build.sh +++ b/images/opentelemetry/rootfs/build.sh @@ -97,7 +97,7 @@ install_otel() -DWITH_JAEGER=OFF \ -DCMAKE_INSTALL_PREFIX=${INSTAL_DIR} \ -DBUILD_TESTING=OFF \ - -DBUILD_SHARED_LIBS=ON \ + -DBUILD_SHARED_LIBS=OFF \ -DWITH_OTLP=ON \ -DWITH_OTLP_GRPC=ON \ -DWITH_EXAMPLES=OFF \ @@ -123,7 +123,7 @@ get_src() install_nginx() { - export NGINX_VERSION=1.19.10 + export NGINX_VERSION=1.21.6 # Check for recent changes: https://github.com/open-telemetry/opentelemetry-cpp-contrib/compare/2656a4...main export OPENTELEMETRY_CONTRIB_COMMIT=6467ec2e4d67b08b44580b7eb7a298786f4eef91 @@ -153,50 +153,6 @@ install_nginx() cp ${INSTAL_DIR}/otel_ngx_module.so /etc/nginx/modules/otel_ngx_module.so mkdir -p ${INSTAL_DIR}/lib - cp /usr/lib/libopentelemetry_exporter_otlp_grpc.so* ${INSTAL_DIR}/lib - cp /usr/lib/libopentelemetry_otlp_recordable.so* ${INSTAL_DIR}/lib - cp /usr/lib/libprotobuf.so* ${INSTAL_DIR}/lib - cp /usr/lib/libopentelemetry_trace.so* ${INSTAL_DIR}/lib - cp /usr/lib/libopentelemetry_resources.so* ${INSTAL_DIR}/lib - cp /usr/lib/libopentelemetry_common.so* ${INSTAL_DIR}/lib - cp /usr/lib/libstdc++.so* ${INSTAL_DIR}/lib - - cp /usr/lib/libgrpc.so* ${INSTAL_DIR}/lib - cp /usr/lib/libgcc_s.so* ${INSTAL_DIR}/lib - cp /usr/lib/libgrpc++.so* ${INSTAL_DIR}/lib - cp /usr/lib/libabsl_bad_variant_access.so* ${INSTAL_DIR}/lib - cp /usr/lib/libabsl_synchronization.so* ${INSTAL_DIR}/lib - cp /usr/lib/libabsl_raw_hash_set.so* ${INSTAL_DIR}/lib - cp /usr/lib/libabsl_hash.so* ${INSTAL_DIR}/lib - cp /usr/lib/libabsl_statusor.so* ${INSTAL_DIR}/lib - cp /usr/lib/libgpr.so* ${INSTAL_DIR}/lib - cp /usr/lib/libupb.so* ${INSTAL_DIR}/lib - cp /usr/lib/libabsl_status.so* ${INSTAL_DIR}/lib - cp /usr/lib/libabsl_time.so* ${INSTAL_DIR}/lib - cp /usr/lib/libabsl_strings.so* ${INSTAL_DIR}/lib - cp /usr/lib/libabsl_stacktrace.so* ${INSTAL_DIR}/lib - cp /usr/lib/libabsl_symbolize.so* ${INSTAL_DIR}/lib - cp /usr/lib/libabsl_malloc_internal.so* ${INSTAL_DIR}/lib - cp /usr/lib/libabsl_base.so* ${INSTAL_DIR}/lib - cp /usr/lib/libabsl_spinlock_wait.so* ${INSTAL_DIR}/lib - cp /usr/lib/libabsl_raw_logging_internal.so* ${INSTAL_DIR}/lib - cp /usr/lib/libre2.so* ${INSTAL_DIR}/lib - cp /usr/lib/libaddress_sorting.so* ${INSTAL_DIR}/lib - cp /usr/lib/libabsl_cord.so* ${INSTAL_DIR}/lib - cp /usr/lib/libabsl_bad_optional_access.so* ${INSTAL_DIR}/lib - cp /usr/lib/libabsl_str_format_internal.so* ${INSTAL_DIR}/lib - cp /usr/lib/libabsl_throw_delegate.so* ${INSTAL_DIR}/lib - cp /usr/lib/libabsl_time_zone.so* ${INSTAL_DIR}/lib - cp /usr/lib/libabsl_city.so* ${INSTAL_DIR}/lib - cp /usr/lib/libabsl_low_level_hash.so* ${INSTAL_DIR}/lib - cp /usr/lib/libabsl_cordz_info.so* ${INSTAL_DIR}/lib - cp /usr/lib/libabsl_int128.so* ${INSTAL_DIR}/lib - cp /usr/lib/libabsl_strings_internal.so* ${INSTAL_DIR}/lib - cp /usr/lib/libabsl_debugging_internal.so* ${INSTAL_DIR}/lib - cp /usr/lib/libabsl_cord_internal.so* ${INSTAL_DIR}/lib - cp /usr/lib/libabsl_cordz_functions.so* ${INSTAL_DIR}/lib - cp /usr/lib/libabsl_cordz_handle.so* ${INSTAL_DIR}/lib - cp /usr/lib/libabsl_exponential_biased.so* ${INSTAL_DIR}/lib } while getopts ":hpng:o:" option; do From f6af3b460a262bc75278ea17e15f2c16ac69b7f3 Mon Sep 17 00:00:00 2001 From: Gabriel Gosselin <12598930+toutougabi@users.noreply.github.com> Date: Mon, 14 Nov 2022 21:58:41 -0500 Subject: [PATCH 163/166] Missing controller.ingressClass (#9304) The missing controller.ingressClass would set the deployment to the default class but the controller.ingressClassResource.name would set the creation of a new IngressClass object. For now this needs to be done twice, could be a fix in the chart later on. --- docs/index.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/docs/index.md b/docs/index.md index 5687bf5d3..fded1b2bc 100644 --- a/docs/index.md +++ b/docs/index.md @@ -223,6 +223,7 @@ If you start Ingress-Nginx B with the command line argument `--watch-ingress-wit helm install ingress-nginx-2 ingress-nginx/ingress-nginx \ --namespace ingress-nginx-2 \ --set controller.ingressClassResource.name=nginx-two \ + --set controller.ingressClass=nginx-two \ --set controller.ingressClassResource.controllerValue="example.com/ingress-nginx-2" \ --set controller.ingressClassResource.enabled=true \ --set controller.ingressClassByName=true @@ -234,7 +235,9 @@ If you start Ingress-Nginx B with the command line argument `--watch-ingress-wit --namespace kube-system \ --set controller.electionID=nginx-two-leader \ --set controller.ingressClassResource.name=nginx-two \ + --set controller.ingressClass=nginx-two \ --set controller.ingressClassResource.controllerValue="example.com/ingress-nginx-2" \ --set controller.ingressClassResource.enabled=true \ --set controller.ingressClassByName=true - ``` \ No newline at end of file + ``` + - Note, controller.ingressClassResource.name and controller.ingressClass have to be set with the value of the new class as the first is to create the IngressClass object and the other is to modify the deployment of the actuall ingress controller pod. From 1930b1467d93238bbcd96daac8e3863a91e58747 Mon Sep 17 00:00:00 2001 From: Long Wu Yuan Date: Tue, 15 Nov 2022 18:34:42 +0530 Subject: [PATCH 164/166] added SAN to cert create command (#9295) --- docs/user-guide/tls.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/user-guide/tls.md b/docs/user-guide/tls.md index 3d5234c0c..11338981b 100644 --- a/docs/user-guide/tls.md +++ b/docs/user-guide/tls.md @@ -10,7 +10,7 @@ Anytime we reference a TLS secret, we mean a PEM-encoded X.509, RSA (2048) secre You can generate a self-signed certificate and private key with: ```bash -$ openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout ${KEY_FILE} -out ${CERT_FILE} -subj "/CN=${HOST}/O=${HOST}" +$ openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout ${KEY_FILE} -out ${CERT_FILE} -subj "/CN=${HOST}/O=${HOST}" -addext "subjectAltName = DNS:${HOST}" ``` Then create the secret in the cluster via: From 2422f16c3afc4fa3d6b408126336a1c115daa326 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 15 Nov 2022 14:22:48 -0800 Subject: [PATCH 165/166] Bump k8s.io/component-base from 0.25.3 to 0.25.4 (#9300) Bumps [k8s.io/component-base](https://github.com/kubernetes/component-base) from 0.25.3 to 0.25.4. - [Release notes](https://github.com/kubernetes/component-base/releases) - [Commits](https://github.com/kubernetes/component-base/compare/v0.25.3...v0.25.4) --- updated-dependencies: - dependency-name: k8s.io/component-base dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 8 ++++---- go.sum | 59 ++++++++++++++++++++++++++++++++++++++++++++++++++-------- 2 files changed, 55 insertions(+), 12 deletions(-) diff --git a/go.mod b/go.mod index 3be4325f6..7bcc6b487 100644 --- a/go.mod +++ b/go.mod @@ -29,14 +29,14 @@ require ( google.golang.org/grpc v1.50.1 gopkg.in/go-playground/pool.v3 v3.1.1 gopkg.in/mcuadros/go-syslog.v2 v2.3.0 - k8s.io/api v0.25.3 + k8s.io/api v0.25.4 k8s.io/apiextensions-apiserver v0.25.0 - k8s.io/apimachinery v0.25.3 + k8s.io/apimachinery v0.25.4 k8s.io/apiserver v0.25.0 k8s.io/cli-runtime v0.25.0 - k8s.io/client-go v0.25.3 + k8s.io/client-go v0.25.4 k8s.io/code-generator v0.25.0 - k8s.io/component-base v0.25.3 + k8s.io/component-base v0.25.4 k8s.io/klog/v2 v2.80.1 pault.ag/go/sniff v0.0.0-20200207005214-cf7e4d167732 sigs.k8s.io/controller-runtime v0.13.1 diff --git a/go.sum b/go.sum index e212f2972..9067276db 100644 --- a/go.sum +++ b/go.sum @@ -515,6 +515,49 @@ golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0 h1:b9gGHsz9/HhJ3HF5DHQytPpuwocVTChQJK3AvoLRD5I= golang.org/x/mod v0.6.0/go.mod h1:4mET923SAdbXp2ki8ey+zGs1SLqsuM2Y0uvdZR/fUNI= +golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= +golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= +golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= +golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= +golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= +golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= +golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= +golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= +golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= +golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= +golang.org/x/net v0.0.0-20201031054903-ff519b6c9102/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= +golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= +golang.org/x/net v0.0.0-20201209123823-ac852fbbde11/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= +golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= +golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= +golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= +golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc= +golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= +golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= +golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/net v0.1.0 h1:hZ/3BUoy5aId7sCpA/Tc5lt8DkFgdVS2onTpJsZ/fl0= golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= @@ -870,22 +913,22 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -k8s.io/api v0.25.3 h1:Q1v5UFfYe87vi5H7NU0p4RXC26PPMT8KOpr1TLQbCMQ= -k8s.io/api v0.25.3/go.mod h1:o42gKscFrEVjHdQnyRenACrMtbuJsVdP+WVjqejfzmI= +k8s.io/api v0.25.4 h1:3YO8J4RtmG7elEgaWMb4HgmpS2CfY1QlaOz9nwB+ZSs= +k8s.io/api v0.25.4/go.mod h1:IG2+RzyPQLllQxnhzD8KQNEu4c4YvyDTpSMztf4A0OQ= k8s.io/apiextensions-apiserver v0.25.0 h1:CJ9zlyXAbq0FIW8CD7HHyozCMBpDSiH7EdrSTCZcZFY= k8s.io/apiextensions-apiserver v0.25.0/go.mod h1:3pAjZiN4zw7R8aZC5gR0y3/vCkGlAjCazcg1me8iB/E= -k8s.io/apimachinery v0.25.3 h1:7o9ium4uyUOM76t6aunP0nZuex7gDf8VGwkR5RcJnQc= -k8s.io/apimachinery v0.25.3/go.mod h1:jaF9C/iPNM1FuLl7Zuy5b9v+n35HGSh6AQ4HYRkCqwo= +k8s.io/apimachinery v0.25.4 h1:CtXsuaitMESSu339tfhVXhQrPET+EiWnIY1rcurKnAc= +k8s.io/apimachinery v0.25.4/go.mod h1:jaF9C/iPNM1FuLl7Zuy5b9v+n35HGSh6AQ4HYRkCqwo= k8s.io/apiserver v0.25.0 h1:8kl2ifbNffD440MyvHtPaIz1mw4mGKVgWqM0nL+oyu4= k8s.io/apiserver v0.25.0/go.mod h1:BKwsE+PTC+aZK+6OJQDPr0v6uS91/HWxX7evElAH6xo= k8s.io/cli-runtime v0.25.0 h1:XBnTc2Fi+w818jcJGzhiJKQuXl8479sZ4FhtV5hVJ1Q= k8s.io/cli-runtime v0.25.0/go.mod h1:bHOI5ZZInRHhbq12OdUiYZQN8ml8aKZLwQgt9QlLINw= -k8s.io/client-go v0.25.3 h1:oB4Dyl8d6UbfDHD8Bv8evKylzs3BXzzufLiO27xuPs0= -k8s.io/client-go v0.25.3/go.mod h1:t39LPczAIMwycjcXkVc+CB+PZV69jQuNx4um5ORDjQA= +k8s.io/client-go v0.25.4 h1:3RNRDffAkNU56M/a7gUfXaEzdhZlYhoW8dgViGy5fn8= +k8s.io/client-go v0.25.4/go.mod h1:8trHCAC83XKY0wsBIpbirZU4NTUpbuhc2JnI7OruGZw= k8s.io/code-generator v0.25.0 h1:QP8fJuXu882ztf6dsqJsso/Btm94pMd68TAZC1rE6KI= k8s.io/code-generator v0.25.0/go.mod h1:B6jZgI3DvDFAualltPitbYMQ74NjaCFxum3YeKZZ+3w= -k8s.io/component-base v0.25.3 h1:UrsxciGdrCY03ULT1h/S/gXFCOPnLhUVwSyx+hM/zq4= -k8s.io/component-base v0.25.3/go.mod h1:WYoS8L+IlTZgU7rhAl5Ctpw0WdMxDfCC5dkxcEFa/TI= +k8s.io/component-base v0.25.4 h1:n1bjg9Yt+G1C0WnIDJmg2fo6wbEU1UGMRiQSjmj7hNQ= +k8s.io/component-base v0.25.4/go.mod h1:nnZJU8OP13PJEm6/p5V2ztgX2oyteIaAGKGMYb2L2cY= k8s.io/gengo v0.0.0-20211129171323-c02415ce4185 h1:TT1WdmqqXareKxZ/oNXEUSwKlLiHzPMyB0t8BaFeBYI= k8s.io/gengo v0.0.0-20211129171323-c02415ce4185/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE= From b6c6305523ae65114dabeca347fba7ab68e1c789 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 15 Nov 2022 14:24:47 -0800 Subject: [PATCH 166/166] Bump actions/dependency-review-action from 2.5.1 to 3.0.0 (#9301) Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 2.5.1 to 3.0.0. - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](https://github.com/actions/dependency-review-action/compare/0efb1d1d84fc9633afcdaad14c485cbbc90ef46c...30d582111533d59ab793fd9f971817241654f3ec) --- updated-dependencies: - dependency-name: actions/dependency-review-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/depreview.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/depreview.yaml b/.github/workflows/depreview.yaml index 85c91d664..39125cde4 100644 --- a/.github/workflows/depreview.yaml +++ b/.github/workflows/depreview.yaml @@ -11,4 +11,4 @@ jobs: - name: 'Checkout Repository' uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 #v3.0.2 - name: 'Dependency Review' - uses: actions/dependency-review-action@0efb1d1d84fc9633afcdaad14c485cbbc90ef46c #v2.0.2 + uses: actions/dependency-review-action@30d582111533d59ab793fd9f971817241654f3ec #v2.0.2